A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT

The Internet of Things (IoT) has built an information bridge between people and the objective world, wherein wireless sensor networks (WSNs) are an important driving force. For applications based on WSN, such as environment monitoring, smart healthcare, user legitimacy authentication, and data security, are always worth exploring. In recent years, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are revealed to various vulnerabilities (e.g., password guessing attack, impersonation attack, and replay attack) due to nonuniform security evaluation criteria. Wang et al. put forward 12 pieces of widely accepted evaluation criteria by investigating quantities of relevant literature. In this paper, we first propose a lightweight multifactor authentication protocol for multigateway WSNs using hash functions and XOR operations. Further, BAN logic and BPR model are employed to formally prove the correctness and security of the proposed scheme, and the informal analysis with Wang et al.’s criteria also indicates that it can resist well-known attacks. Finally, performance analysis of the compared schemes is given, and the evaluation results show that only the proposed scheme can satisfy all 12 evaluation criteria and keep efficient among these schemes.