A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security

The notion Internet of Things (IoT) means all things in the global network can be interconnected and accessed. Wireless sensor network (WSN) is one of the most important applications of the notion and is widely used in nearly all scopes. In 2014, Hsieh et al. presented an improved authentication scheme for WSNs. But it has several weaknesses, including no session key, lack of mutual authentication and under the insider attack, the off-line guessing attack, the user forgery attack and the sensor capture attack. To avoid the weaknesses, we present a new authentication scheme which is also for WSNs. Then we employ the random oracle model to show the formal proof, and use the protocol analyzing tool Proverif to list the formal verification process. Compared with some recent schemes for WSNs via the aspects of security properties, the proposed scheme overcomes the common problems and fits for the security properties of IoT.