Skip to main content
SpringerLink
Log in

A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

User authentication is one of the most important security services required for the resource-constrained wireless sensor networks (WSNs). In user authentication, for critical applications of WSNs, a legitimate user is allowed to query and collect the real-time data at any time from a sensor node of the network as and when he/she demands for it. In order to get the real-time information from the nodes, the user needs to be first authenticated by the nodes as well as the gateway node (GWN) of WSN so that illegal access to nodes do not happen in the network. Recently, Jiang et al. proposed an efficient two-factor user authentication scheme with unlinkability property in WSNs Jiang (2014). In this paper, we analyze Jiang et al.’s scheme. Unfortunately, we point out that Jiang et al.’s scheme has still several drawbacks such as (1) it fails to protect privileged insider attack, (2) inefficient registration phase for the sensor nodes, (3) it fails to provide proper authentication in login and authentication phase, (4) it fails to update properly the new changed password of a user in the password update phase, (5) it lacks of supporting dynamic sensor node addition after initial deployment of nodes in the network, and (6) it lacks the formal security verification. In order to withstand these pitfalls found in Jiang et al.’s scheme, we aim to propose a three-factor user authentication scheme for WSNs. Our scheme preserves the original merits of Jiang et al.’s scheme. Our scheme is efficient as compared to Jiang et al.’s scheme and other schemes. Furthermore, our scheme provides better security features and higher security level than other schemes. In addition, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The simulation results clearly demonstrate that our scheme is also secure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Armando A (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: 17th International conference on computer aided verification (CAV’05). (Lecture Notes in Computer Science), vol 3576. Springer, Berlin, pp 281–285

  2. AVISPA Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed on January 2013.

  3. AVISPA AVISPA web tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed on July 2014

  4. Basin D, Modersheim S, Vigano L (2005) OFMC: A symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208

    Article  Google Scholar 

  5. Burnett A, Byrne F, Dowling T, Duffy A (2007) A Biometric Identity Based Signature Scheme. Int J Inf Secur 5(3):317–326

    Google Scholar 

  6. Chen TH, Shih WK (2010) A robust mutual authentication protocol for wireless sensor networks. ETRI J 32(5):704–712

    Article  Google Scholar 

  7. Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180

    Google Scholar 

  8. Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151

    Article  Google Scholar 

  9. Das AK, Chatterjee S, Sing JK (2014) Formal security analysis and verification of a password-based user authentication scheme for hierarchical wireless sensor networks. Int J Trust Manag Comput Commun (Inderscience) 2(1):78–102

    Article  Google Scholar 

  10. Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):1–16

    Article  Google Scholar 

  11. Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf Sci 209(C):80–92

    Article  MATH  MathSciNet  Google Scholar 

  12. Das AK, Sharma P, Chatterjee S, Sing JK (2012) A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J Netw Comput Appl 35(5):1646–1656

    Article  Google Scholar 

  13. Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090

    Article  Google Scholar 

  14. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

    Article  MATH  MathSciNet  Google Scholar 

  15. Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Proceedings of the advances in cryptology (Eurocrypt’04), LNCS vol 3027. pp 523–540

  16. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MATH  MathSciNet  Google Scholar 

  17. Fan R, Ping LD, Fu JQ, Pan XZ (2010) A secure and efficient user authentication protocol for two-tieres wireless sensor networks. In: 2nd pacific-asia conference on circuits, communications and system (PACCS 2010). pp 425–428

  18. He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad hoc & sensor wireless networks 10(4)

  19. He D, Kumar N, Lee JH, Sherratt RS (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37

    Article  Google Scholar 

  20. Huang HF, Chang YF, Liu CH (2010) Enhancement of two-factor user authentication in wireless sensor networks. In: 6th international conference on intelligent information hiding and multimedia signal processing. pp 27–30

  21. Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks

  22. Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 10(3):2450–2459

    Article  Google Scholar 

  23. Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons Fractals 35(3):519–524

    Article  Google Scholar 

  24. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology - CRYPTO’99, LNCS, vol. 1666. pp 388–397

  25. Li CT, Hwang MS (2010) An efficient biometric-based remote authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  26. Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79

    Article  MATH  Google Scholar 

  27. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  28. Nyang D, Lee MK (2009) Improvement of Das’s two-factor authentication. protocol in wireless sensor networks. http://eprint.iacr.org/2009. Report 2009/631

  29. Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269(C):270–285

    Article  MathSciNet  Google Scholar 

  30. von Oheimb D (2005) The high-level protocol specification language hlpsl developed in the eu project avispa. In: Proceedings of APPSEM 2005 workshop

  31. Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126

    Article  MATH  MathSciNet  Google Scholar 

  32. Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur 13(4):33

    Article  Google Scholar 

  33. Secure Hash Standard FIPS PUB 180-1, National institute of standards and technology (nist), u.s. department of commerce, April 1995

  34. Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38(2):259–277

    Article  MATH  MathSciNet  Google Scholar 

  35. Sun DZ, Li JX, Feng ZY, Cao ZF, Xu GQ (2013) On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput 17(5):895–905

    Article  Google Scholar 

  36. Tan Z (2014) A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J Med Syst 38(3):1–9

    Article  Google Scholar 

  37. Vaidya B, Makrakis D, Mouftah HT (2010) Improved two-factor user authentication in wireless sensor networks. In: 2nd international workshop on network assurance and security services in ubiquitous environments. pp 600–606

  38. Watro R, Kong D, Cuti S, Gardiner C, Lynn C, Kruus P (2004) TinyPK: Securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, SASN 2004. USA, Washington, DC, pp 59–64

    Google Scholar 

  39. Wong K, Zheng Y, Cao J, Wang S (2006) A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international conference sensor networks, ubiquitous, trustworthy computing, IEEE Computer Society, pp 244–251

  40. Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323

    Article  Google Scholar 

  41. Yoo SG, Park KY, Kim J (2012) A security-performance-balanced user authentication scheme for wireless sensor networks. In: International journal of distributed sensor networks 2012 (2012). Article ID 382810, 11 pages. doi:10.1155/2012/382810

  42. Yuan J, Jiang C, Jiang Z (2010) A biometric-based user authentication for wireless sensor networks. Wuhan Univ J Nat Sci 15(3):272–276

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper.

Conflict of interest

The author declares that there is no conflict of interest.

Author information

Authors and Affiliations

  1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

Authors
  1. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Das, A.K. A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw. Appl. 9, 223–244 (2016). https://doi.org/10.1007/s12083-014-0324-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0324-9

Keywords

Search

Navigation