Robust Multi-Factor Authentication for WSNs With Dynamic Password Recovery

Multi-factor authentication (MFA) is crucial for Wireless Sensor Networks (WSNs) to ensure secure communication in security-critical applications such as smart homes, industrial control, and military defense due to the open nature of WSNs. Considerable efforts have been made to propose various MFA schemes with varied security goals and desirable properties. However, little attention has been given to the property of dynamic password recovery, and it still remains a question of how to construct a robust MFA scheme with the desirable property of dynamic password recovery for WSNs. In this paper, we first review two representative multi-factor authentication schemes proposed by Li-Tian (at IEEE Syst J'22) and Fatima et al. (at ACM TOSN'23) as case studies, and reveal that these two schemes fail to resist some known attacks and pay little attention to password forgetting and leakage issues. Accordingly, we employ the techniques of the honeywords method, fuzzy-verifier technique, and public key cryptosystem to construct a novel MFA scheme. Particularly, we propose the first dynamic password recovery method for MFA to address password forgetting and leakage issues. Key rotation is implemented to ensure the security of the long-term secret key. Our scheme is provably secure under the Random Oracle Model. Comparison results show the superiority of our new scheme.