A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security

Original Research


The notion Internet of Things (IoT) means all things in the global network can be interconnected and accessed. Wireless sensor network (WSN) is one of the most important applications of the notion and is widely used in nearly all scopes. In 2014, Hsieh et al. presented an improved authentication scheme for WSNs. But it has several weaknesses, including no session key, lack of mutual authentication and under the insider attack, the off-line guessing attack, the user forgery attack and the sensor capture attack. To avoid the weaknesses, we present a new authentication scheme which is also for WSNs. Then we employ the random oracle model to show the formal proof, and use the protocol analyzing tool Proverif to list the formal verification process. Compared with some recent schemes for WSNs via the aspects of security properties, the proposed scheme overcomes the common problems and fits for the security properties of IoT.


Internet of Things Wireless sensor network Mutual authentication Formal proof Smart card 



The authors thank the anonymous reviewers for their valuable comments. This research is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET.


  1. Bresson E, Chevassut O, Pointcheval D (2003) Security proofs for an efficient password-based key exchange. In: Proceedings of the 10th ACM conference on Computer and communications security, ACM, p 241–250Google Scholar
  2. Chang CC, Le HD (2015) A provably secure, efficient and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun. doi: 10.1109/TWC.2015.2473165
  3. Chen TH, Shih WK (2010) A robust mutual authentication protocol for wireless sensor networks. Etri J 32(5):704–712CrossRefGoogle Scholar
  4. Choi Y, Lee D, Kim J, Jung J, Nam J, Won D (2014) ecurity enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 14(6):10,081–10,106CrossRefGoogle Scholar
  5. Das ML (2009) Two-factor user authentication in wireless sensor networks. Wirel Commun IEEE Trans 8(3):1086–1090CrossRefGoogle Scholar
  6. Fan R, Dj He, Xz Pan (2011) An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks. J Zhejiang Univ Sci C 12(7):550–560CrossRefGoogle Scholar
  7. Fantacci R, Pecorella T, Viti R, Carlini C (2014) A network architecture solution for efficient iot wsn backhauling: challenges and opportunities. IEEE Trans Wirel Commun 21(4):113–119CrossRefGoogle Scholar
  8. Farash MS, Turkanović M, Kumari S, Hölbl M (2015) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw. doi: 10.1016/j.adhoc.2015.05.014
  9. Guo P, Wang J, Geng XH, Kim CS, Kim JU (2014) A variable threshold-value authentication architecture for wireless mesh networks. J Internet Technol 15(6):929–935Google Scholar
  10. Han W (2011) Weakness of a secured authentication protocol for wireless sensor networks using elliptic curves cryptography. IACR Cryptol ePrint Arch 2011:293Google Scholar
  11. Hankerson D, Vanstone S, Menezes AJ (2004) Guide to elliptic curve cryptography. Springer Science & Business MediaGoogle Scholar
  12. Hayouni H, Hamdi M, Kim TH (2014) A survey on encryption schemes in wireless sensor networks. In: Advanced Software Engineering and Its Applications (ASEA), 2014 7th International Conference on, p 39–43Google Scholar
  13. He D, Gao Y, Chan S, Chen C, Bu J (2010) An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens Wirel Netw 10(4):361–371Google Scholar
  14. He D, Kumar N, Chen J, Lee CC, Chilamkurti N, Yeo SS (2015) Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed Syst 21(1):49–60. doi: 10.1007/s00530-013-0346-9 CrossRefGoogle Scholar
  15. Hsieh WB, Leu JS (2014) A robust user authentication scheme using dynamic identity in wireless sensor networks. Wirel Pers Commun 77(2):979–989CrossRefGoogle Scholar
  16. Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 10(3):2450–2459CrossRefGoogle Scholar
  17. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in Cryptology-CRYPTO 99, Springer, p 388–397Google Scholar
  18. Kumar P, Lee HJ (2011) Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks. In: Wireless Advanced (WiAd), IEEE, p 241–245Google Scholar
  19. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013a) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math Comput Model 58(1):85–95CrossRefGoogle Scholar
  20. Li X, Niu J, Khan MK, Liao J (2013b) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371CrossRefGoogle Scholar
  21. Liu Z, Wenger E, Gro\(\beta \) schä dl J (2014) Mote-ecc: energy-scalable elliptic curve cryptography for wireless-sensor-networks. In: Boureanu I, Owesarski P, Vaudenay S (eds) Applied Cryptography and Network Security, Lecture Notes in Computer Science, vol 8479, Springer International Publishing, p 361–379, DOI 10.1007/978-3-319-07536-5\_22Google Scholar
  22. Nguyen KT, Laurent M, Oualha N (2015) Survey on secure communication protocols for the internet of things. Ad Hoc Netw 32:17–31Google Scholar
  23. Ren Y, Shen J, Wang J, Han J, Lee S (2015) Mutual verifiable provable data auditing in public cloud storage. J Internet Technol 16(2):317–323Google Scholar
  24. Shi W, Gong P (2013) A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int J Distrib Sens Netw 2013:730831. doi: 10.1155/2013/730831
  25. Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw 20:96–112CrossRefGoogle Scholar
  26. Vaidya B, Makrakis D, Mouftah HT (2010) Improved two-factor user authentication in wireless sensor networks. In: Wireless and Mobile Computing, Networking and Communications (WiMob), 2010 IEEE 6th International Conference on, IEEE, p 600–606Google Scholar
  27. Wang D, Wang P (2014) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20:1–15CrossRefGoogle Scholar
  28. Watro R, Kong D, Cuti Sf, Gardiner C, Lynn C, Kruus P (2004) Tinypk: securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, ACM, p 59–64Google Scholar
  29. Wu F, Xu L (2015) An improved and provable self-certified digital signature scheme with message recovery. Int J Commun Syst 28(2):344–357CrossRefGoogle Scholar
  30. Wu F, Xu L, Kumari S, Li X (2015a) A new and secure authentication scheme for wireless sensor networks with formal proof. Peer-to-Peer Netw Appl. doi: 10.1007/s12083-015-0404-5
  31. Wu F, Xu L, Kumari S, Li X (2015b) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput Electr Eng 45:274–285CrossRefGoogle Scholar
  32. Wu F, Xu L, Kumari S, Li X, Alelaiwi A (2015c) A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof. Secur Commun Netw 8(18):3847–3863CrossRefGoogle Scholar
  33. Xu L, Wu F (2015a) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 39(2):1–9CrossRefGoogle Scholar
  34. Xu L, Wu F (2015b) An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur Commun Netw 8(2):245–260MathSciNetCrossRefGoogle Scholar
  35. Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323CrossRefGoogle Scholar
  36. Yeh HL, Chen TH, Liu PC, Kim TH, Wei HW (2011) A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5):4767–4779CrossRefGoogle Scholar
  37. Yoo SG, Park KY, Kim J (2012) A security-performance-balanced user authentication scheme for wireless sensor networks. Int J Distrib Sens Netw 2012:382810. doi: 10.1155/2012/382810

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringXiamen Institute of TechnologyXiamenChina
  2. 2.School of Information Science and TechnologyXiamen UniversityXiamenChina
  3. 3.Department of MathematicsCh. Charan Singh UniversityMeerutIndia
  4. 4.School of Computer Science and EngineeringHunan University of Science and TechnologyXiangtanChina
  5. 5.Nanjing University of Information Science and TechnologyNanjingChina

Personalised recommendations