A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems

The Internet of Things (IoT) enables all objects to connect to the Internet and exchange data via different emerging technologies, which makes the intelligent identification and management a reality. Wireless sensor networks (WSNs), as a crucial basis of IoT, have been applied in many fields like smart health care and smart transportation. With the development of WSNs, data security has attracted more and more attention, and user authentication is a popular mechanism to ensure the information security of WSNs. Recently, many authentication mechanisms for wireless medical sensor networks (WMSNs) have been proposed, but most of the protocols cannot achieve the features of local password change and forward secrecy while resisting stolen smart card attack. To enhance the security based on previous work, an ECC-based secure three-factor authentication protocol with forward secrecy for WMSN is proposed in this paper. It utilizes a fuzzy commitment scheme to handle the biometric information. Meanwhile, fuzzy verifier and honey_list techniques are used to solve the contradiction of local password verification and mobile device lost attack. The security of our protocol is evaluated by provable security, Proverif tool, and information analysis. Besides, the comparisons with the relevant protocols are given, and the results indicate that our protocol is robust and secure for WMSN systems.