Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.
Digital Object Identifier (DOI)
This work was supported in part by the National Science Foundation of China under Grant 61672413, Grant 61572379, Grant 61501333,Grant U1405255, Grant 61372075, and Grant U1536202, in part by the Natural Science Basic Research Plan in Shaanxi Province of China under Grant 2016JM6005, in part by Fundamental Research Funds for the Central Universities under Grant JB161501 and Grant JBG161511, in part by the National High Technology Research and Development Program (863 Program) of China under Grant 2015AA016007, and in part by the China 111 Project under Grant B16037.
Jiang, Qi; Zeadally, Sherali; Ma, Jianfeng; and He, Debiao, "Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks" (2017). Information Science Faculty Publications. 48.