An efficient mutual authentication and key agreement scheme without password for wireless sensor networks

Wireless sensor networks (WSNs) are usually deployed in hostile or unattended areas, and users need to obtain real-time data from WSNs. The data collected by sensor nodes are usually relatively private and sensitive, so users must pass the identity authentication before obtaining the information perceived by sensor nodes. In order to enhance the security of wireless sensor networks and prevent illegal users from accessing sensor nodes, this paper designs an efficient and secure identity authentication protocol for wireless sensor networks. The proposed protocol makes full use of the advantages of lightweight cryptographic primitives such as physical unclonable function, one-way hash function and bitwise exclusive operation. Moreover, users only need to use biometrics (such as fingerprints, iris) to access the remote systems and do not need to rely on any password, which avoids the trouble of memorizing and losing password. To prove the scheme's security, the well-known formal security proof with random oracle model and traditional heuristic discussion are given. Additionally, the performance comparison results show that our scheme has less communication overhead and computation complexity, and is effective for the resource constrained sensor devices in WSNs.