Anonymous three-factor authenticated key agreement for wireless sensor networks

Secure information exchange in wireless sensor networks (WSN) is a continuing issue since the resource-constrained sensors generally deployed over an unattended environment. To access the real-time data from the sensors, user authentication and key agreement as an important tool for secure communications in WSN plays a vital role. Recently, Das proposed an efficient biometrics based security scheme by only using lightweight symmetric-key primitives. Their scheme is efficient in computation, but we find the scheme of Das is not actually achieve the three-factor security, thus failing to prevent the user impersonation attack. Additionally, the failure of user anonymity also gives an opportunity for the adversary to mount impersonation attacks. With the purpose of mitigating all the problems in Das's scheme, we present an anonymous three-factor key agreement using Elliptic Curve Cryptography. Using the Burrows-Abadi-Needham logic to ensure the mutual authentication properties. Through the rigorous security analysis, we show that the proposed scheme withstands various attacks. In addition, Automated Validation of Internet Security Protocols and Applications (AVIPSA) tool is used to verify its security.