A wireless sensor network (WSN) is used for a smart home system’s backbone that monitors home environment and controls smart home devices to manage lighting, heating, security and surveillance. However, despite its convenience and potential benefits, there are concerns about various security threats that may infringe on privacy and threaten our home life. For protecting WSNs for smart homes from those threats, authentication and key agreement are basic security requirements. There have been a large number of proposed authentication and key agreement scheme for WSNs. In 2017, Jung et al. proposed an efficient and security enhanced anonymous authentication with key agreement scheme by employing biometrics information as the third authentication factor. They claimed that their scheme resists on various security attacks and satisfies basic security requirements. However, we have discovered that Jung et al.’s scheme possesses some security weaknesses. Their scheme cannot guarantee security of the secret key of gateway node and security of session key and protection against user tracking attack, information leakage attack, and user impersonation attack. In this paper, we describe how those security weaknesses occur and propose a lightweight three-factor authentication and key agreement scheme in WSNs for smart homes, as an improved version of Jung et al.’s scheme. We then present a detailed analysis of the security and performance of the proposed scheme and compare the analysis results with other related schemes.
Wireless sensor networks (WSNs) have played an important role in the Internet of Things (IoT), and the 5G network is being considered as a major candidate for IoT's communication network with the advent of 5G commercialization. The potential of integrating WSNs and 5G in the IoT is expected to allow IoT to penetrate deeply into our daily lives and to provide various services that are convenient, but at the same time, it also brings new security threats. From this aspect, user authentication and key agreement are essential for secure end-to-end communication. As IoT devices, including sensors, collect and process more and more personal information, both anonymous authentication and authorization are also required to protect the privacy and to prevent anyone without privileges from accessing private data. Recently, Adavoudi-Jolfaei et al. proposed an anonymous three-factor authentication and access control scheme for real-time applications in WSNs. However, we found that this scheme does not provide sensor-node anonymity and suffers from user collusion and desynchronization attacks. In this paper, we introduce a system architecture by considering the integration of WSNs and 5G for IoT. Based on a cryptanalysis of Adavoudi-Jolfaei et al.'s scheme and the system architecture, we propose an elliptic curve cryptography (ECC)-based privacy-preserving authentication, authorization, and key agreement scheme for WSNs in 5G-integrated IoT. We conduct a formal and informal security analysis in order to demonstrate that the proposed scheme withstands various security attacks and guarantees all desired security features, overcoming the drawbacks of Adavoudi-Jolfaei et al.'s scheme. Finally, a performance and comparative analysis with the related schemes indicate that the proposed scheme is both efficient and more secure.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.