Provably secure user authentication and key agreement scheme for wireless sensor networks

In recent years, user authentication has emerged as an interesting field of research in wireless sensor networks. Most recently, in 2016, Chang and Le presented a scheme to authenticate the users in wireless sensor network using a password and smart card. They proposed two protocols P-1 and P-2. P-1 is based on exclusive or (XOR) and hash functions, while P-2 deploys elliptic curve cryptography in addition to the two functions used in P-1. Although their protocols are efficient, we point out that both P-1 and P-2 are vulnerable to session specific temporary information attack and offline password guessing attack, while P-1 is also vulnerable to session key breach attack. In addition, we show that both the protocols P-1 and P-2 are inefficient in authentication and password change phases. To withstand these weaknesses found in their protocols, we aim to design a new authentication and key agreement scheme using elliptic curve cryptography. Rigorous formal security proofs using the broadly accepted, the random oracle models, and the Burrows-Abadi-Needham logic and verification using the well-known Automated Validation of Internet Security Protocols and Applications tool are preformed on our scheme. The analysis shows that our designed scheme has the ability to resist a number of known attacks comprising those found in both Chang-Le's protocols. Copyright (C) 2016 John Wiley & Sons, Ltd.