An efficient user authentication and key agreement scheme for wireless sensor networks using physically unclonable function

Nowadays, smart card and password-based user authentication and key agreement schemes have become an integral mechanism to ensure only legitimate users get access to the data of wireless sensor networks (WSNs). In the recent past, lots of password-based multi-factor user authentication schemes have been developed by the researchers. However, most of them are not secure against various known attacks. Recently, two user authentication and key agreement schemes for WSNs are suggested by Chen and Chen (J Supercomput 77(12):13653–13675, 2021) and Qi and Chen (J Supercomput 77(12):13897–13910, 2021). They claim that their schemes are secure against all known attacks. We analyze the security of these schemes and demonstrate that these schemes are not secure against some common attacks (such as smart card lost attack) and do not provide common security features such as user untraceability and forward secrecy. By keeping all the merits of these schemes, we suggest a new provably secure user authentication and key agreement scheme using physically unclonable functions and elliptic curve cryptography. To verify the security and authentication properties of the suggested scheme, we use the well-known Proverif tool for formal security verification. We further prove its security informally. Finally, performance comparison with some recent schemes in terms of security features and computational cost is performed. Performance comparison results show the superiority of the suggested scheme over the existing schemes.