Improvement of a User Authentication Scheme for Wireless Sensor Networks Based on Internet of Things Security

The internet of things (IoT) is the network of physical devices embedded with types of equipment which enables them to connect and exchange data. The IoT will provide an excellent chance for the integration of the physical world into computer-based systems. Wireless sensor networks (WSNs) are considered as a critical component of IoT networks, and user authentication is a cardinal issue in WSNs. Recently, Wu et al. (J Ambient Intell Humaniz Comput 8(1):101-116, 2017) proposed a new user authentication scheme for wireless sensor networks based on the Internet of Things security. This scheme is more valuable. Because it does not uses timestamps. Also, it provides strong forward security, it can resist the de-synchronization problem, and it is efficient. Unfortunately, in this paper, we will prove that Wu et al.'s scheme is vulnerable to user impersonation attack, gateway impersonation attack, man-in-the-middle attack, and sensor impersonation attack. Furthermore, we show that this scheme can not guarantee user anonymity. It is much worth to design a new security protocol with the same advantages as those of Wu et al.'s scheme. Therefore, we have put forward some improvements to dominate the weaknesses of Wu et al.'s protocol. We use the random oracle model to demonstrate the formal proof, and the security verification tool Proverif to demonstrate that the proposal can satisfy security and authentication features. The performance analysis and simulation results by NS2 indicate that the proposed protocol is efficient.