Multi-factor User Authentication Scheme for Multi-gateway Wireless Sensor Networks

Wireless sensor networks, as a fundamental infrastructure of internet of things, have played an important role in security-critical applications, such as environmental monitoring, personas health and smart home. User authentication can guarantee that users securely access real-time data in sensor nodes, and it is the first line of defense to ensure the security of wireless sensor networks. In addition, forward security can be regarded as the last line of defense for the security of systems, which can greatly reduce the loss of information security after the system is compromised. Therefore, it has been regarded as an important security attribute by academics and industry. The design of a multi-factor user authentication for multi-gateway wireless sensor networks has attracted intensive discussions in the field of security protocols. However, confronted with a powerful adversary, resource-constrained hardware and an impressive list of attributes, it is full of challenging in designing a secure user authentication scheme for multi-gateway wireless sensor networks.Recently, many multi-factor user authentication schemes for multi-gateway wireless sensor networks are proposed, but most of them are found insecure shortly. Specifically, most of them cannot resist smart card loss attacks, insider attacks and cannot achieve user anonymity and forward secrecy. In 2018, Ali et al. proposed a multi-factor user authentication scheme for agriculture monitoring under multi-gateway wireless sensor networks. In Ali et al.'s scheme, a trusted center (base station) is required to support the authentication between users and sensor nodes that are not connected to the home gateway. In the same year, Srinivas et al.'s also presented a multi-factor authentication for multi-gateway wireless sensor networks, their scheme does not need a trusted center, and it builds a shared secret key to finish the authentication between users and foreign sensor nodes. These two schemes are typical representatives of multi-factor user authentication schemes for multi-gateway wireless sensor networks, and they represent two types of authentication methods for the authentication between different gateways: 1) based on the trusted base station; 2) based on the shared secret parameters. In this paper, we analyze these two recent typical user authentication schemes for multi-gateway wireless sensor networks, hoping to take these two schemes as study cases to identify the common weaknesses of user authentication schemes and providing corresponding specific solutions. We find that they both are vulnerable to offline-dictionary guessing attack, insider attack and fail to achieve forward secrecy and user anonymity. To overcome these weaknesses, we propose an enhanced multi-factor user authentication scheme for multi-gateway wireless sensor networks with forward secrecy. The proposed scheme adopts Srinivas et al.'s method and achieves the authentication between users and foreign sensor nodes by using a shared secret key among gateways, including two typical authentication scenarios. We prove that it achieves mutual authentication, provides secure session key agreement and can resist to know attacks via BAN logic and heuristic analysis. We compare it with several typical relevant user authentication schemes for multi-gateway wireless sensor networks from the security and performance. The results show that the proposed scheme provides better security for the applications of multi-gateway wireless sensor networks that have high security requirements, and thus it is more suitable to resource-constrained environments. © 2020, Science Press. All right reserved.