An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks

详细信息    查看全文

• 作者：Qi Jiang^a ; ^{jiangqixdu@gmail.com" class="auth_mail" title="E-mail the corresponding author} ; Jianfeng Ma^a ; Fushan Wei^a ; Youliang Tian^b ; ^{youliangtian@163.com" class="auth_mail" title="E-mail the corresponding author} ; Jian Shen^c ; ^{s_shenjian@126.com" class="auth_mail" title="E-mail the corresponding author} ; Yuanyuan Yang^d ; ^{yangyy@mctc.org.cn" class="auth_mail" title="E-mail the corresponding author}
• 关键词：Wireless sensor network ; Authentication ; Key agreement ; Privacy ; Untraceability ; Elliptic curve cryptography ; Smart card
• 刊名：Journal of Network and Computer Applications
• 出版年：2016
• 出版时间：December 2016
• 年：2016
• 卷：76
• 期：Complete
• 页码：37-48
• 全文大小：1094 K

文摘

Recently, He et al. proposed an anonymous two-factor authentication scheme following the concept of temporal-credential for wireless sensor networks (WSNs), which is claimed to be secure and capable of withstanding various attacks. However, we reveal that the authentication phase of their scheme has several pitfalls. Firstly, their scheme is susceptible to malicious user impersonation attack, in which a legal but malicious user can impersonate as other registered users. In addition, their scheme is also vulnerable to stolen smart card attack. Furthermore, the scheme cannot provide untraceability and is prone to tracking attack. Then we put forward an untraceable two-factor authentication scheme based on elliptic curve cryptography (ECC) for WSNs. Our new scheme makes up for the missing security features necessary for real-life applications while maintaining the desired features of the original scheme. We prove that the scheme fulfills mutual authentication in the Burrows-Abadi-Needham (BAN) logic. Moreover, by way of informal security analysis, we show that the proposed scheme can resist a variety of attacks and provide more security features than He et al.’s scheme.