Research On Three-factor Authentication Protocols In Wireless Sensor Networks

Wireless Sensor Networks(WSNs),as the main component of the Internet of Things(IoTs),plays an important role in many applications,such as medical treatment,traffic monitoring,environmental monitoring and so on.However,many inherent characteristics of WSNs,such as the openness of communication channels,the limited storage space of sensor nodes and unattended,make them vulnerable to a variety of security attacks.Cryptography technology is the most effective means of WSNs to resist attacks,and authentication protocol is the most common cryptographic mechanism.This paper analyses the security problems existing in the four recent protocols,proposes improved protocols and gives formal verification and security analysis.In particular,several common problems are analyzed and summarized,and improvement measures are put forward to solve these problems.Moreover,the improved protocol has relatively better performance by comparing and counting the computational load.Specific research contents and results are as follows:(1)Analysis and improvement of a three-factor authentication protocol in wireless sensor networks proposed by Li et al.in 2018: propose an offline guessing attack resistance against the protocol,and support it does not meet forward security.While retaining the advantages of the original scheme,an improved protocol is proposed to solve these problems.The formal verification tool ProVerif based on Pi calculus is used to verify the security of the improved protocol.(2)The remote user authentication protocol proposed by Moon et al.in 2017 was analyzed and improved.It was pointed out that the protocol could not resist temporary key leakage attacks and could not provide security issues such as user traceability.Compared with the original protocol,the performance of the improved protocol is almost the same,but it has almost all the important security attributes.(3)Authentication protocols proposed by Maurya et al.and Wu et al.are analyzed and improved respectively: aiming at the common problem of imperfect forward security,which can not resist off-line password guessing attacks and temporary key leaking attacks,specific improvement measures are proposed for such security problems.