Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks

Wireless sensor networks (WSNs) play an important role and support a variety of real time applications, such as healthcare monitoring, military surveillance, vehicular tracking and, so on. Secure and real time information accessing from the sensor nodes in these applications is very important. Because wireless sensor nodes are limited in computing and communication capabilities and data storage, it is very crucial to design an effective and secure lightweight authentication and key agreement scheme. Recently, Gope et al. proposed a realistic lightweight anonymous authentication scheme in WSNs and claimed that their scheme satisfied all security concerns in these networks. However, we show that in their scheme the adversary can obtain the session key between the user and the sensor node. In order to fix this drawback, we propose an improved three-factor authentication scheme which is more suitable than Gope et al.’s scheme and also provides more desired security properties such as three-factor authentication and access control. Through the informal analysis, we show that our scheme is secure against various known attacks including the attack found in Gope et al.’s scheme. Furthermore, we have demonstrated the validity of our proposed scheme using the BAN logic. As compared with the previous authentication schemes, the proposed scheme is not only more secure but also enough practical and competitive with existing schemes.