In wireless sensor networks(WSNs), the process that a legal user retrieving the information in real-time from the sensor nodes should be based on mutual authentication among the user, the sensors and the gateway. So security issues have attracted researchers. In 2014, A. K. Das proposed a new three-factor user authentication scheme for WSNs to overcome the disadvantages in Jiang et al.'s two-factor user authentication scheme. However, we find that the scheme has several weaknesses including susceptibility to the off-line guessing attack and the de-synchronization attack and destitution of strong forward security. We also find weaknesses in two three-factor user authentication schemes for WSNs presented by A. K. Das in 2015, containing under the off-line password guessing attack and the user forgery attack. Also, the two schemes lack user anonymity and strong forward security. Then we give an improved three-factor remote authentication scheme for WSNs to eliminate the above weaknesses. To illustrate the security of our scheme, we give a standard formal proof in the random oracle model, a formal verification with ProVerif and the informal analysis of security properties. The results demonstrate that our scheme is robust enough to keep away from various security vulnerabilities. Through the comparison with some other recent schemes, ours is suitable for the application.

• 出版日期2018-1
• 单位南京信息工程大学; 湖南科技大学; 厦门大学