A privacy‐aware two‐factor authentication protocol based on elliptic curve cryptography for wireless sensor networks

Summary As one of the enabling components of Internet of things (IoT), wireless sensor networks (WSNs) have found applications in a wide range of fields, in which outside users need to directly interact with sensors to obtain sensed data. However, WSNs are vulnerable to various attacks over wireless links, such as eavesdropping and tampering. How to ensure that sensitive or critical information is only available to legal users becomes a challenging issue. Two‐factor authentication combining password and smart card perfectly matches this requirement because of its practicality. However, a dozen of two‐factor authentication protocols have been suggested in recent years. Owing to the challenging mission of reconciling efficiency and security requirements, it is still challenging to propose a privacy‐aware two‐factor protocol that is capable of providing various security features while maintaining acceptable efficiency. In this paper, we put forward a privacy‐aware two‐factor authentication protocol based on elliptic curve cryptography for WSNs. Our new protocol accomplishes various security features necessary for real‐life application environments while maintaining acceptable efficiency. We prove that the new protocol fulfills mutual authentication in the Burrows–Abadi–Needham logic. Additionally, by way of informal security analysis, we show that the new protocol can withstand a variety of attacks and provide desirable security features. Copyright © 2016 John Wiley & Sons, Ltd.