Provably Secure Dynamic Anonymous Authentication Protocol for Wireless Sensor Networks in Internet of Things

Wireless sensor networks are a promising application of the Internet of Things in the sustainable development of smart cities, and have been afforded significant attention since first being proposed. Authentication protocols aim to protect the security and confidentiality of legitimate users when accessing and transmitting data. However, existing protocols may suffer from one or more security flaws. Recently, Butt et al. proposed an energy-efficient three-factor authentication protocol for wireless sensor networks. However, their protocol is vulnerable to several attacks, and lacks certain security properties. In this paper, the causes of these design flaws are analyzed. Furthermore, we propose a novel three-factor authentication protocol (password, smart card, and biometric information) for wireless sensor networks in Internet of Things contexts. A dynamic anonymous strategy is designed to prevent privacy disclosure and to resist sensor node capture attacks, tracking attacks, and desynchronization attacks. The Find-Guess model and random oracle model are combined to prove the security of the proposed protocol. A comparative analysis with related schemes shows that the proposed protocol has higher security and is able to maintain a low computational overhead.