Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks

Qi Jiang, Sherali Zeadally, Jianfeng Ma, Debiao He

Research output: Contribution to journalArticlepeer-review

270 Scopus citations


Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.

Original languageEnglish
Article number7870585
Pages (from-to)3376-3392
Number of pages17
JournalIEEE Access
StatePublished - 2017

Bibliographical note

Publisher Copyright:
© 2013 IEEE.


  • Authentication
  • Rabin cryptosystem
  • biometrics
  • key management
  • privacy
  • smart card
  • wireless sensor networks

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering


Dive into the research topics of 'Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks'. Together they form a unique fingerprint.

Cite this