Provably secure user authentication and key agreement scheme for wireless sensor networks.

In recent years, user authentication has emerged as an interesting field of research in wireless sensor networks. Most recently, in 2016, Chang and Le presented a scheme to authenticate the users in wireless sensor network using a password and smart card. They proposed two protocols P1 and P2. P1 is based on exclusive or XOR and hash functions, while P2 deploys elliptic curve cryptography in addition to the two functions used in P1. Although their protocols are efficient, we point out that both P1 and P2 are vulnerable to session specific temporary information attack and offline password guessing attack, while P1 is also vulnerable to session key breach attack. In addition, we show that both the protocols P1 and P2 are inefficient in authentication and password change phases. To withstand these weaknesses found in their protocols, we aim to design a new authentication and key agreement scheme using elliptic curve cryptography. Rigorous formal security proofs using the broadly accepted, the random oracle models, and the Burrows-Abadi-Needham logic and verification using the well-known Automated Validation of Internet Security Protocols and Applications tool are preformed on our scheme. The analysis shows that our designed scheme has the ability to resist a number of known attacks comprising those found in both Chang-Le's protocols. Copyright © 2016 John Wiley & Sons, Ltd.