A two-factor security authentication scheme for wireless sensor networks in IoT environments

Abstract

As an important part of the Internet of Things, wireless sensor networks have been widely used in all aspects of people's lives. Identity authentication in wireless sensor networks guarantees security for users to safely access real-time data in sensor nodes. In the literature, numerous research works have been done on designing an efficient and secure authentication scheme for wireless sensor networks, but most of them suffer from various security flaws. In 2019, Sharif et al. proposed an efficient user authentication scheme, which was later found insecure by Chen et al. who then proposed an enhanced scheme. However, we find that Chen et al.’s scheme is vulnerable to off-line password guessing attack, impersonation attack and fails to achieve perfect forward secrecy, user anonymity, and unlinkability. To overcome those weaknesses, we propose a two-factor authentication scheme based on elliptic curve cryptosystem, and prove its security by formal verification tool ProVerif. Compared with related schemes, our scheme provides higher level of security, meanwhile achieves acceptable efficiency in computational cost. To the best of our knowledge, this is the first scheme fulfilling both two-factor security and user anonymity under sensor node captured attack.