Secure Lightweight User Authentication and Key Agreement Scheme for Wireless Sensor Networks Tailored for the Internet of Things Environment

Abstract

In a wireless sensor networks (WSNs), there is a need of constant information access from the nodes, as the real-time data might never again be accessed. Thus, users are allowed to access the nodes in the real-time as and when required. The user authentication plays an indispensable part in this communication. Recently, Farash et al. proposed an efficient user authentication scheme for WSNs. Though their scheme is very efficient, we identify that their scheme is vulnerable to off-line password guessing attack, off-line identity guessing attack, stolen smart card attack and user impersonation attack. As a result, we feel that there is a great need to improve Farash et al.’s scheme to present a secure communication protocol. In this paper, we propose a secure and lightweight user authentication and key agreement scheme for distributed WSN, which will also be handy in taking care of the Internet of Things (IoT). The lightweight property of our proposed scheme can be useful in resource-constrained architecture of WSNs. In addition, our scheme has merit to change dynamically the user’s password locally without the help of the base station or gateway node. Furthermore, our scheme supports dynamic nodes addition, after the initial deployment of nodes in the existing sensor network. We prove the authentication property of our scheme using Burrows-Abadi-Needham (BAN) logic. The simulation results using the automated validation of internet security protocols and applications (AVISPA) tool shows the security of the proposed scheme against replay and man-in-the middle attacks.