Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.
Advertisement
Scientific Reports volume 15, Article number: 9974 (2025)
Metrics details
Internet of Things (IoT) enabled Wireless Sensor Networks (WSNs) are spatially distributed sensor devices that monitor physical or environmental conditions, collect data, and transmit it to a central location for analysis. Ensuring integrity and privacy of data while transmitting it from sensors to the data analytics servers is crucial in open network. Numerous mutual authentication schemes have been proposed to address this challenge. Each scheme comes with its own set of advantages and drawbacks. To address the drawbacks in the prevailing schemes, this work presents a strong Two-Factor authentication (2FA) technique designed using Elliptic Curve Cryptography (ECC) and Fuzzy verifier. This approach combines the flexibility of the fuzzy verifier with the cryptographic strength of ECC to create a secure and user-friendly password authentication system to address the long-standing security-usability conflict with computational efficiency. Instead of storing a deterministic hash of the password, the system derives a fuzzy verifier password that includes randomness, makes computationally infeasible to derive. Also, the design tackles the inherent constraints of WSNs, such as their constrained processing resources and susceptibility to different types of attacks. To substantiate the efficacy of our approach, we formally validate its security using the Real-or-Random model. The comparative analysis demonstrates that the proposed scheme achieves a computational cost of 8.9569 ms, which is significantly lower than that of existing schemes. Furthermore, security and functional requirements comparative assessment demonstrates the efficacy and feasibility of our strategy for safeguarding IoT-enabled WSN applications, rendering it a promising solution for implementation in real-world scenario with limited resources.
The integration of Internet of Things (IoT) with Wireless Sensor Networks (WSNs) has led to the development of intelligent, interconnected systems for various applications like smart cities, healthcare, industrial automation and environmental monitoring. IoT-enabled WSN facilitates seamless connectivity between distributed sensor nodes and the internet, gathering data and enabling remote monitoring, control and data exchange1. This inter-connectivity allows for real-time decision-making and advanced analytics based on the data collected by sensors, and also allows users to adjust system parameters, activate or deactivate devices and receive alerts based on predefined thresholds2. Additionally, IoT-enabled WSNs can leverage cloud computing and edge computing platforms to process and analyze data closer to source, reducing latency and computational overhead on resource-constrained sensor nodes3. Several studies have explored the role of blockchain in enhancing security and authentication in IoT networks4,5,6. Studies highlight the importance of decentralized frameworks in limited connectivity areas, demonstrating how Ethereum-based architectures enhance resilience and efficiency in securing IoT networks7,8 and a decentralised blockchain network to mitigate side-channel attacks in mobility-based IoT, reinforcing authentication through multi-layered security mechanisms9. Blockchain-Enhanced Sensor-as-a-Service (SEaaS) model, which leverages decentralized authentication and encryption mechanisms to ensure secure sensing data transactions while maintaining data integrity10,11.
Security challenges related to authentication in IoT-enabled WSNs encompass issues such as weak authentication mechanisms leading to the use of default or easily guessable credentials, difficulty in managing device identities, inadequate key management practices. These systems are particularly susceptible to man-in-the-middle attacks, unauthorized access to devices or networks, and denial-of-service attacks targeting authentication servers. Additionally, insufficient authorization controls increase security risks, while the limited resources of sensor nodes make implementing robust authentication mechanisms particularly challenging12. These challenges highlight the importance of adopting strong authentication mechanisms, effective identity and key management practices, and access controls to mitigate security risks and ensure the integrity, confidentiality, and availability of data in IoT-enabled WSNs13. Despite the advancement of authentication mechanisms in IoT systems, many existing schemes fail to balance security and resource efficiency, which is critical for the deployment of secure and scalable IoT-enabled WSNs.
In the context of IoT-enabled WSNs, where resource constraints are prevalent, implementing strong two-factor authentication (2FA) may be more practical and efficient compared to multi-factor authentication (MFA)14. While MFA offers an additional layer of security by incorporating multiple authentication factors (e.g., something you know, something you have, something you are), it may introduce complexity and resource overhead that could be challenging to manage in resource-constrained IoT environments15. In contrast, lightweight 2FA methods, such as password-based authentication combined with a physical token or time-based one-time password (OTP), can provide reasonable security and efficiency16. These methods enhance security beyond traditional single-factor authentication while remaining relatively lightweight and suitable for IoT deployments where energy, bandwidth, and processing power are limited. Additionally, 2FA can be implemented efficiently without requiring additional hardware or complex authentication protocols, making it a practical choice for securing IoT-enabled WSNs while minimizing resource consumption and operational complexity.
In this paper, we present an improved two-factor authentication (2FA) scheme for IoT-enabled WSNs, leveraging Elliptic Curve Cryptography (ECC) and a Fuzzy Verifier to enhance security while minimizing computational overhead. As ECC provides robust security with a smaller key size, it is well-suited for resource-constrained environments like IoT-enabled wireless sensor networks. Besides, our design incorporates a fuzzy-verifier17 to ensures that even if an attacker attempts a dictionary attack, the reconstruction process of the cryptographic key remains resilient due to the inherent entropy in fuzzy verification. Additionally, our method reduces the effectiveness of side-channel attacks by introducing controlled randomness in password verification.
This section provides a comprehensive overview of various existing user authentication schemes related to IoT-enabled WSNs with their limitations.
Traditional authentication schemes, such as password-based or two-factor authentication, are vulnerable to various cyber threats, including phishing, man-in-the-middle attacks, and replay attacks18,19. To address these concerns, Cho et al.20 introduced three-factor authentication (3FA) schemes incorporating passwords, biometrics, and smart tokens are emerging as a promising solution. Additionally, multiserver environments introduce complexities in authentication management, requiring robust protocols to ensure security and efficiency. Cho et al.20 identified that Sudhakar et al.21’s scheme does not offer protection against server spoofing attacks, leaving the communication vulnerable to malicious entities impersonating legitimate servers. Furthermore, the scheme does not address the threat of man-in-the-middle attacks, which can compromise the confidentiality and integrity of the transmitted data. These vulnerabilities indicate shortcomings in Sudhakar et al.21’s scheme, emphasizing the need for enhancements to ensure robust security against various cyber threats. However, the proposed protocol face challenges such as high computational overhead, biometric data privacy concerns, and potential synchronization issues in multiserver environments.
Zang et al.22 proposed a privacy-preserving three-factor authentication scheme designed for IoT-enabled healthcare systems. This scheme facilitates mutual authentication and session agreement between the user (patient) and the medical server through a trusted server. The design utilizes smart cards, biometrics, and symmetric key encryption algorithms, allowing patients to establish secure communication with the medical server. Shao et al.23 introduced an anonymous authentication system for wireless medical sensor networks, utilizing physically unclonable functions (PUF) and fuzzy extractor-based biometric keys. Their approach involves authentication between the user and the sensor node facilitated through the gateway node. Praveen et al.24 presented a lightweight authentication system designed for Internet of Medical Things (IoMT) applications. Their method employs a fuzzy embedder, incorporating randomness alongside biometric input to generate biometric keys. A notable advantage of this design is its ability to achieve user revocation. However, this scheme is vulnerable to insider attacks and server spoofing attacks, and also the limitation lies in the practical implementation of the fuzzy embedder-based system. Xiong et al.25 introduced a privacy-preserving authentication scheme tailored for Industrial Internet of Things (IIoT) systems based on WSN. Their approach incorporates password and smartcard elements, utilizing ECC. The primary emphasis of their design lies in user revocation, complementing the authentication and key agreement processes between the user and the WSN.
Meanwhile, Shivangi et al.26 proposed a multi-factor authentication system for a multi-server cloud architecture, integrating ECC and biometrics. Notably, their approach does not address the potential vulnerability of known session-specific temporary information attacks. Furthermore, during the server registration phase, the protocol randomly assumes information about the number of cloud servers that can register in the future, yet this assumption is not utilized anywhere in the protocol. The smart card is exclusively issued to pre-registered servers. In the event of a lost smartcard, there is no established procedure to alter the user’s active status, thus exposing vulnerabilities in revocation and susceptibility to smartcard loss attacks.
Li et al.27 introduce an improved protocol PSAP-WSN, incorporating a secure hash function, fuzzy extractor, symmetric encryption, and XOR operation to mitigate temporary information disclosure and sensor capture attacks. The security evaluation of the scheme was conducted comprehensively using the ROR model, BAN logic, and the ProVerif tool to ensure clarity for manuscript submission. However, the protocol fails to withstand ephemeral secret leakage, modification attacks, multiple logged-in executive attacks, DoS attacks, Sensor node capture attacks, Temporary information disclosure attacks, Impersonation attacks, and many more are demonstrated. However, their model does not improve the efficiency of communication and computational overloads.
Han et al.28 proposed a multifactor authentication protocol for the industrial Internet of Things environment, to provide robust securityleveraging symmetric cryptography, hash functions, and XOR operations. The security of the protocol was evaluated using the Real-Or-Random (ROR) model. Both formal security analysis and informal discussions demonstrated its resilience against various known attacks. However, the protocol remains susceptible to replay attacks, Distributed Denial-of-Service (DDoS) attacks, man-in-the-middle attacks, and lacks backward secrecy. Their design is computationally expensive, as biometrics is involved. keshta et al.29 proposed a lightweight Cyclic Redundancy Check (CRC) model for error detection and a robust ECC based message authentication protocol. The CRC model is designed in such a way that the message size is reduced by 22 characters while maintaining integrity and efficiency. The protocol is analyzed using the Burrows-Abadi-Needham (BAN) logic framework. The protocol demonstrates resilience against various security threats, including replay attacks, DoS attacks, impersonation attacks, man-in-the-middle attacks, ESL attacks, and insider threats. Additionally, it ensures perfect forward secrecy, perfect backward secrecy, anonymity, and session key confidentiality. While the CRC method is used, it may not provide the same level of security as other complex cryptographic methods.
Chen et al.30 introduced a privacy-preserving multi-factor authentication scheme with post-quantum security for cloud-assisted IoMT. The scheme employs hash operations and error reconciliation techniques to ensure robust and adaptable authentication suitable for cloud environments. It follows a reconciliation-based authentication approach, offering quantum resistance, entity anonymity, unlinkability, mutual authentication, and protection against various attacks, including replay and impersonation attacks. Furthermore, the scheme achieves an optimal balance between security and computational overhead while maintaining its lightweight nature. Its security is formally validated using the ROR model. Ahmad et al.31 introduced a multi-factor authentication protocol aimed at enhancing the integrity of cloud-assisted Medical Internet of Things (MIoT) systems by integrating post-quantum security measures. The proposed protocol employs a post-quantum fuzzy commitment (PQFC) scheme based on the shortest vector problem in lattices to reinforce security. Its security is formally analyzed using the Random Oracle Model and verified through simulations using the ProVerif tool. The protocol ensures resistance against memoryless operations, preserves user anonymity, enables mutual authentication, and safeguards against various threats, including biometric tampering, stolen-verifier attacks, and insider attacks.
The Table 1 summarizes the related works with the techniques used and its limitations. The inference from the table is only 3FA schemes are proposed to IoT-WSN networks over 2FA to withstand the advisory attacks in recent times. But, IoT devices typically have limited processing power, memory, and battery life. While 3FA adds an additional layer of security, it increases computational complexity due to biometric verification or smart card processing. Storing biometric templates or managing cryptographic keys in 3FA requires additional storage and power resources, which are scarce in WSN nodes. 2FA avoids these limitations by reducing the number of authentication factors, making it more practical for constrained devices. 2FA is often better suited for IoT-WSN networks due to lower computational cost, reduced communication overhead, energy efficiency, and faster authentication, which motivate us to design a robust 2FA scheme alternate to exiting 3FA schemes.
The proposed method integrates ECC32 and fuzzy verifiers17 in a two-factor authentication mechanism to provide a powerful combination of strong security guarantees, improved usability, resistance to guessing attacks, and efficiency, making it an attractive solution for securing sensitive systems and applications.
A fuzzy verifier is a concept used in user authentication to allow for slight variations in input data (such as biometric features) while still verifying the user’s identity securely. It is particularly useful when the input data is not exactly reproducible, as in the case of fingerprints, iris scans, or other biometric identifiers. When combined with Elliptic Curve Cryptography (ECC) in user authentication, the fuzzy verifier plays a crucial role in enhancing security while ensuring flexibility for imprecise inputs.
Instead of storing a deterministic hash of the password, the system derives a fuzzy password verifier that includes some level of randomness. This makes it computationally infeasible for an attacker to derive the password even if they access the stored verifier.
Incorporating Salt and a Secret Key:
The system uses a random salt (S) and a secret key (K) during password processing.
Instead of storing a direct hash (H(P)) of the password (P), the fuzzy verifier is computed as:
Here, (oplus) denotes bitwise XOR, and (H) is a secure hash function.
This ensures that even if an attacker retrieves (FV), they cannot reverse-engineer (P) without knowing both (S) and (K).
Verification Process:
When a user inputs their password (P’), the system computes:
If (FV’) matches the stored fuzzy verifier (FV), authentication is successful.
Minor variations in the password (due to small typos or different capitalizations) can still pass verification within predefined tolerances.
The stored verifier does not directly reveal the password or allow simple brute-force attacks. The introduction of fuzziness makes password verification more flexible, reducing false negatives while maintaining security. Even if an attacker compromises the verifier, they cannot directly obtain (P) without knowing the secret key (SK). The use of XOR operations and salt ensures uniqueness for each user, mitigating the risk of rainbow table attacks.
The notations used in this article are listed in Table 2. The system model used for the proposed scheme consists of a set of sensor Nodes ((S_{j})), a set of users ((U_{i})), and a Gateway Node (GWN), as illustrated in Fig. 1. The role of the GWN is to act as a trusted third party during the authentication process. In a secure or closed channel setting, each server registers with the GWN and receives some security parameters. Similarly, each user must register with the GWN and receive a smart card with security parameters. Following registration, both users ((U_i)) and sensor nodes ((S_j)) engage in a mutually authenticated key agreement process using a public channel with the GWN.
IoT enabled WSN system authentication model.
The authentication process of the proposed design consists of five parts. Part 1 is an initialization, in which GWN generates the required system parameters. Part 2 is registration, where users and sensor Nodes get registered with GWN in secure channel. At the time of registration, the user gets the smart card containing security parameters and the server gets some security parameters from GWN. Part 3 is login, where the user can use the smart card and his/her credentials (Identity and password) to login into the system. Part 4 is authentication and key agreement, where user and server are mutually authenticated through GWN and compute a session key. A fuzzy verifier is used to accept authentication attempts that are close enough to the expected input, even if they are not an exact match. This can be useful in scenarios where authentication attempts may be prone to acceptable errors, such as in biometric authentication systems. Using the session key, the user can enjoy the services of the server securely. Part 5 is password change, where the user can change his/her password whenever it is required without the involvement of GWN. The details of the proposed scheme are outlined in Tables 3, 4 and 5.
GWN chooses a Elliptic curve (E_p(a,b)) with equation (y^2=x^3+ax+b) over finite field (Z_p) or GF(p) where p is large prime. Let G be the elliptic curve group. GWN chooses a base point or generator point (Pin G), long-term master secret k and computes its public key (Q=kP). Then GWN publishes the parameters ({E_p(a,b),P,Q,h(cdot )}) in public and k is kept secret.
This phase entails the registration of all sensor Nodes and users with the GWN.
As given in Table 3, Sensor (S_j) sends its identity (SID_j) to GWN through a secure channel. Then GWN generates a random number (r_j) and computes (k_j=h(SID_jVert r_jVert k)), (s_j=h(kVert SID_jVert k_jVert r_j)), and stores ((h(SID_jVert k_j), r_j)) in its database. Then GWN transmits (k_j) and (s_j) to (S_j) via a closed channel. Then (S_j) keeps (k_j) as a secret and publishes (s_j) to the public along with its identity (SID_j).
Step R1: As in Table 4, (U_i) decides its (ID_i), (PW_i) and random number b. Then it computes (PPW_i=h(PW_iVert b)) and sends (ID_i), (PPW_i) to GWN via a closed channel.
Step R2: After getting (ID_i) and (PPW_i) from (U_i), GWN computes (FV_i=h(h(ID_i)oplus PPW_i)mod n_0) and checks whether (U_i) is already registered. If not, it stores ((h(ID_iVert k), r_i)) in its database where (r_i) is a random number generated by GWN for (U_i). The range of parameter (n_0) is (2^4 le n_0 le 2^8) as specified in17. If (U_i) is already registered, then GWN generates new (r_i) and substitutes it for old (r_i).
Step R3: GWN computes (k_i=h(r_iVert kVert ID_i)), (z_i=ID_ioplus PPW_i oplus k_i) and issues smart card with parameters ({FV_i,P,Q,z_i,n_0,h(cdot )}) to (U_i).
Step R4: (U_i) saves a random number b into the smart card after receiving SC from GWN.
As in Table 5, to access a sensor nodes securely, (U_i) logins a system as follows.
Step L1: After swiping a smart card into the device, (U_i) enters his/her (ID_i) and (PW_i).
Step L2:The smart card computes (FV_i^{*}=h(h(ID_i) oplus h(PW_iVert b)) mod n_0), confirms the user credentials by matching (FV_i^{*}) with (FV_i). If they do not match, then the smart card rejects the session.
Step L3: If they match, the smart card generates two random numbers (x_i) and (n_1), and computes
(k_i=ID_ioplus PPW_i oplus z_i)
(x=h(k_iVert x_iVert n_1))
(X=xP), (K_1=xQ)
(C_1=ID_ioplus h(K_1Vert SID_jVert s_jVert n_1))
(h_1=h(ID_iVert k_iVert SID_jVert s_jVert XVert n_1Vert K_1)).
Step L4: (U_i) sends (M_1={C_1,X,h_1,n_1}) to (S_j) via insecure channel.
User and the sensor node are mutually authenticated through GWN and they agreed a session key as follows.
Step AK1: Upon reception of message (M_1), (S_j) generates (n_2) and computes
(h_2=h(SID_jVert C_1Vert h_1Vert n_1Vert n_2Vert k_jVert s_jVert X)). Then (S_j) sends the message (M_2={C_1,X,h_1,h_2,n_1,n_2,SID_j}) to GWN.
Step AK2: After receiving (M_2) from (S_j), GWN searches the table to verify sensor’s identity (SID_j) and takes corresponding (r_j), computes (k_j=h(SID_jVert r_jVert k)), (s_j=h(kVert SID_jVert k_jVert r_j)), (h_2^{*}=h(SID_jVert C_1Vert h_1Vert n_1Vert n_2Vert k_jVert s_jVert X)). If (h_2^{*}==h_2) then server is authenticated by GWN. GWN computes (K_2=kX) which is equal to (K_1), (ID_i=C_1oplus h(K_2Vert SID_jVert s_jVert n_1)), GWN searches the validity of (ID_i), and takes corresponding (r_i), and computes (k_i=h(r_iVert kVert ID_i)), (h_1^{*}=h(ID_iVert k_iVert SID_jVert s_jVert XVert n_1Vert K_2)). If (h_1^{*}==h_1), then user is authenticated by GWN.
Step AK3: After verification of identities of both (U_i) and (S_j), GWN Computes (k_{ij}=h(k_iVert K_2Vert n_1)), (C_3=h(SID_jVert k_jVert s_j)oplus k_{ij}), (h_3=h(C_3Vert k_jVert h_2Vert n_2Vert SID_jVert k_{ij}Vert X)). Then GWN sends (M_3={C_3,h_3}) to server (S_j).
Step AK4: Sensor (S_j) computes (k_{ij}=h(SID_jVert k_jVert s_j)oplus C_3) and (h_3^{*}=h(C_3Vert k_jVert h_2Vert n_2Vert SID_jVert k_{ij}Vert X)). If (h_3^{*}==h_3), then (S_j) chooses a nonce y and computes (Y=yP), (SK=h(yXVert k_{ij}Vert s_j)), (h4=h(SID_jVert s_jVert h_1Vert k_{ij}Vert XVert YVert SK)). Then (S_j) sends (M_4={Y,h_4}) to user (U_i).
Step AK5: User computes (k_{ij}=h(k_iVert K_1Vert n_1)), checks the validity of (h_4) by computing
(h_4=h(SID_jVert s_jVert h_1Vert k_{ij}Vert XVert YVert SK)) and computes the session key (SK=h(xYVert k_{ij}Vert s_j)).
The user (U_i) changes the password, if needed, as follows.
Step P1: (U_i) logins the system and inputs the new password (PW_{ni}) and a new random number (b_n)
Step P2: Then the smart card computes
(A_{ni}=h(h(ID_i) oplus h(PW_{ni}Vert b_{n})) mod n_0)
(z_{ni}=k_i oplus A_{ni})
Note that the value of (k_i) is calculated using old values of (z_i) and (FV_i).
Step P4: At last, smart card substitutes (A_{ni}), (z_{ni}) and (b_{n}) for (FV_i), (z_i) and b respectively.
We formally prove the semantic security of the proposed protocol using ROR model. Further, we provide an informal analysis of the proposed design to illustrate the resistance of various possible attacks and meets important security criteria.
Here we show the proposed protocol is secure according to the ROR model by assuming that the hash function as random oracle and intractability of Elliptic curve Discrete logarithmic (ECDLP) problem. The formal security proof of the proposed protocol (mathcal {P}) is based on the following theorem.
Let (mathcal {A}) is a probabilistic polynomial-time (PPT) adversary against the semantic security of the proposed protocol (mathcal {P}) within time-bound t by performing oracle queries. Let an (mathcal {A}) can make at most (q_h) hash queries, (q_s) send queries and (q_e) execute queries to the corresponding oracles. We can say that the proposed protocol (mathcal {P}) is secure against PPT adversary if the following inequality holds:
where (l_h) is the output size of the hash query in bits, (|mathcal {D}|) is the size of the password dictionary under Zipf distribution rather than uniform distribution, since the user generated passwords closely follows Zipf distribution33,34, (C^{‘}) and (s^{‘}) are Zipf parameters, and p is a prime number used in ECC which is approximately equal to the number of points on the elliptic curve.
We define a sequence of games to prove the theorem, for each game i, the event (Succ_i) is defined and the advantage of the adversary is defined as (pr[Succ_i]). The adversary has to guess the correct bit b for each game using a test query to win the game. Equivalently, the adversary has to distinguish the advantages obtained from two successive games with a non-negligible probability to win the game.
(Game_0) This is the initial game which is initialized as real proposed protocol P, the advantage of the adversary for this game is by definition:
(Game_1) In this game, the adversary performs to execute a query to spoof messages communicated between valid participants. Then the adversary performs the test query to distinguish that whether the obtained SK is correct session key or a random number. The information gained from the execute query is useful to distinguish then we say the adversary wins otherwise we say that
To prove the claim in eq.(3), let us use the following simulation of (Game_1)
Simulation of (Game_1) This game simulates the passive attack. Adversary gets the following messages through executing the query.
M1: (U_i) to (S_j) : ((X=xP, C_1=ID_ioplus h(K_1Vert SID_jVert s_jVert n_1), h_1=h(ID_iVert k_iVert SID_jVert s_jVert XVert n_1Vert K_1), n_1))
M2: (S_j) to GWN : ((C_1,X,h_1,h_2=h(SID_jVert C_1Vert h_1Vert n_1Vert n_2Vert k_jVert s_jVert X),n_1,n_2,SID_j))
M3: GWN to (S_j) :((C_3=h(SID_jVert k_jVert s_j)oplus k_{ij}, h_3=h(C_3Vert k_jVert h_2Vert n_2Vert SID_jVert k_{ij}Vert X)))
M4: (S_j) to (U_i) : ((Y, h_4=h(SID_jVert s_jVert h_1Vert k_{ij}Vert XVert YVert SK) ))
The session key is computed as (SK=h(xyPVert k_{ij}Vert s_j)) which involves the random numbers x and y generated by user and server respectively and (K_{ij}) which are all unknown to the adversary. Therefore the probability of winning the game does not increase and hence the Eq. (3) is proved, that is (|pr[Succ_1]-pr[Succ_0]|=0). The probabilities of (Game_0) and (Game_1) are indistinguishable by the adversary.
(Game_2) This game simulates the active attacks using hash and send queries, in addition, to execute queries in (Game_1). The adversary can able to get the responses from valid protocol participants for modified messages too. In this game, Adversary tries to find collision on the Hash outputs in the messages M1, M2, M3, and M4 and elliptic curve scalar multiplication(ECSM) outputs X and Y involved in M1 and M4, and tries to solve ECDLP. These messages are different and unique in each session, it is not possible to find collisions even after using Send queries. The probability for a collision of Hash oracle output and ECSM output is both bounded by the birthday paradox and ECDLP. Therefore the additional advantage of the adversary in this game is at most (frac{q_h^{2}}{2^{l_h}} + frac{(q_s+q_e)^2}{2p} + 2q_h Adv^{ECDLP}(t)). Hence we have
(Game_3) In this game the adversary uses a Corrupt query to get information stored in the smart card to mount a password-guessing attack. Using the send query, the adversary can do an online dictionary attack with obtained smart card parameters. However, the allowed number of Send queries is (q_s). If (|mathcal {D}|) is the Zipf’s law based distributed password dictionary, then the additional advantage of the adversary from this game is almost (C^{‘}.{q_{send}^{s^{‘}}}). Thus, we have
The adversary has simulated all the oracle queries, but no non-negligible advantage is obtained to recover the session key after completion of the game (Game_0) to (Game_3). Then the adversary tries the last option of guessing the bit b using the Test query to win the game. Therefore the success of (Game_3) is equal to the successful guess of bit b. Hence we have
From (1) and (2), we write
We can rewrite the (7), by multiplying both sides with 1/2.
From (6) and (8), we have
Using the triangular inequality, we write
From (4), (5) and (9), therefore we have
All the right-hand side quantities in Eq. (11) are negligible. Hence the advantage of the adversary in breaking the semantic security of the proposed protocol is negligible. (square)
The informal security analysis and features of the proposed scheme are described in this section.
Assume that an adversary extracts the smart card parameters ({FV_i, P, z_i, h(.), n_0, b}) using power analysis attack35 when card is stolen/lost. Additionally, we suppose that the attacker intercepts one of the prior valid login request messages ({C_1, X, h_1, n_1}) to (S_j). Further assume that an adversary can enumerate all pairs ((ID_i, PW_i)) from a Cartesian product (D_{id}*D_{pw}) in off-line. To do this attack, adversary first guesses ((ID_i^{*},PW_i^{*})), computes (PPW_i^{*}=h(PW_i^{*}Vert b)), (FV_i^{*}=h(h(ID_i^{*}) oplus PPW_i^{*}) mod n_0) and (FV_i^{*}) is compared to (FV_i). If they are not match, then adversary predicts the next (ID, PW) pair and iterates these operations until they are identical. Once they coincide, adversary believes that current ((ID_i^{*},PW_i^{*})) combination is the proper (ID, PW) pair. This work used Fuzzy verifier17 to compute (FV_i). Hence, (dfrac{|D_{id}|*|D_{pw}|}{n_0} approx 2^{32}) candidates for (ID, PW) pairs that to satisfy the parameter (FV_i) when (|D_{id}|=|D_{pw}|=10^6) and (n_0=2^8)33,34, where (|D_{id}|) and (|D_{pw}|) are identity and password space respectively. If the identity is already known, still there are (dfrac{|D_{pw}|}{n_0} approx 2^{12}) passwords. Hence, the scheme effectively mitigates adversarial attempts to identify correct (ID,PW) pair. Then, only way to check (2^{12}) passwords is online guessing attack, which is prevented with very few attempts. Hence, our scheme is very strong against off-line password guessing attack.
The user’s identity (ID_i) is concealed with (PID_i) using a one-way hash function. If the login request message ({C_1, X, h_1, n_1}) to (S_j) is intercepted by adversary, non-invertible property of hash function and difficulty of solving ECDLP causes identity untraceable and ensures user anonymity.
The adversary captures the login request message ({C_1, X, h_1, n_1}) from user and resend to the sensor. Then the sensor sends (M_4={Y, h_4}) to adversary after communicating with GWN. With reception of (M_4), adversary will try to compute SK, which is not possible because adversary is not aware of (k_i) and (K_1). Therefore replaying a message makes no sense and so it is very strong against replay attack.
The attacks mounted by an adversary with help of a stolen/lost smart card are generally called as Smart-card-lost Attack. Assume Suppose that a smart card of the user (U_i) is stolen by an adversary, extracts the smart card parameters using power analysis attack35. Then, an adversary tries to change the password or try the offline password guessing attack. Our above analysis shows that the proposed design provides good conflict against offline password guessing attack. Moreover, the adversary cannot change a user’s (PW_i), as password change phase requires the correct (ID_i) and (PW_i) of the user. Therefore, Smart-card-lost Attack is strongly resisted by our proposed scheme.
In the user registration phase of our proposed scheme, password is hashed with random number b, and (PPW_i=h(PW_iVert b)) is sent to the GWN. Without knowing b and the non-invertible property of hash function, it is computationally infeasible to the insider to obtain the original (PW_i). Therefore our design is safe from insider attack.
We assume that an adversary unexpectedly knows the current session’s temporary information (x_i) and (n_1) then intercepts current login request ({C_1, X, h_1, n_1}). But no way to check whether the temporary information belongs to the current session because the computation of (C_1, X) and (h_1) are not possible only with temporary information (x_i) and (n_1) and without knowing (K_1) and (k_i). Even adversaries cannot try replay attack and find (k_{ij}) which also requires (K_1) and (k_i). Hence our scheme withstands this attack.
Impersonating the sensor to the user or the GWN is known as server spoofing attack. To mount this attack, an adversary must have the security credentials of sensor (S_j). In our scheme, an adversary needs to have (k_j) and (s_j) for corresponding (SID_j) which is not possible to compute since it requires the master secret key k of GWN. To impersonate a sensor to the user, the adversary has to generate (k_{ij}) which also requires (k_j) and (s_j). Therefore our proposed scheme provides sound resistance against server spoofing attacks.
To impersonate a user, the attacker needs to generate a valid login request, which is not possible because no security credentials such as (ID_i), (PW_i) and corresponding (k_i) can be found by adversary. Similarly to impersonate a server, adversary needs to be authenticated by GWN which is also not possible as adversary does not have sensor’s secret key (k_j). Without knowing the random number (r_j) corresponding (S_j) and master secret key k of GWN, (k_j) cannot be computed. Therefore, adversary cannot do an impersonation attack on our proposed scheme.
Due to the significant resistance, proposed design provides to off-line password guessing and smart card loss attacks, the adversary cannot recover the password, replay it, or masquerade using simply a smart card, even if the smart card parameters are exposed. As a result, our system is two-factor secure.
(U_i) and (S_j) create fresh random numbers (x_i), (n_1) and y respectively for each session to compute the session key SK in the proposed scheme. Even if secret keys of entities are compromised, without knowing (x_i), (n_1) and y, the session key SK cannot be computed by adversary due to the complexity of solving ECDLP and one-way hash function. Therefore, our scheme ensures secrecy of previous session keys called as perfect forward secrecy.
If the scheme offers smart card revocation using old identity of the user, then it supports sound repairability. To achieve this property, our scheme stores (h(ID_iVert k)) and random number (r_i) in the GWN’s database during user registration. Whenever the user wants to revoke/re-register the smart card without changing the identity, GWN generates a new (r_i) and replaces the old (r_i) value in its database with the new value. The parameter (k_i) is computed using new (r_i) and so (z_i). Then new smart card with old identity is issued to the user. Hence, our scheme provides good revocation property.
Performance of the proposed protocols is assessed in terms of computation and communication costs, and this section presents the performance comparison of proposed scheme against notable existing schemes namely Amin et al.18, Ali et al.19, Shao et al.23, Praveen et al.24, Xiong et al.25, Shivangi et al.26, Li et al.27, Han et al.28, Keshta et al.29, Chen et al.30 and Arman et al.31.
The communication cost of an authentication scheme is typically measured as number of bits transmitted between entities while authentication process. It includes the size of the messages exchanged between the parties involved, such as login credentials, challenge-response messages, authentication tokens, etc. Reducing communication cost is essential for improving the efficiency of the authentication scheme, as it minimizes network bandwidth usage, transmission delays, and overall resource consumption. However, it’s important to balance communication cost reduction with security requirements to ensure the scheme remains robust against various attacks.
Total communication cost comparison.
We considered the standard size as (n_0) is 32-bits, and size of (ID_i), (PW_i), (h(cdot )), output of symmetric encryption and random numbers be 128-bits, Elliptic curve points are 160 bits. Since the registration is a one-time activity, Only the login and authentication operations are considered for the comparison. The number of bits transmitted in message (M_1={C_1,X,h_1,n_1}) of login in our scheme is 128+320+128+128=704 bits. Similarly, message (M_2={C_1,X,h_1,h_2,n_1,n_2,SID_j}) is 128+ 320+ 128+ 128+ 128+ 128+ 128 = 1088 bits, message (M_3) is 256 bits, message (M_4) is 448 bits. So the total communication cost of proposed scheme is 2496 bits. All the other schemes’ communication cost is calculated the same way and Table 6 shows the communication cost comparison.
The Proposed Scheme significantly reduces communication costs compared to several existing authentication schemes as shown in Fig. 2. It achieves a 75.07% reduction over Chen et al.30 and a 70.46% reduction over Arman et al.31, indicating a substantial improvement in efficiency. Compared to Shao et al.23 and Amin et al.18, the proposed approach lowers the cost by 34.94% and 28.42%, respectively, demonstrating optimization in data transmission. A similar 28.42% reduction is observed against Han et al.28 and 15.23% over Ali et al.19. The scheme is nearly identical to Keshta et al.29, showing just a 1.26% improvement. However, the Proposed Scheme matches Li et al.27, meaning no gain in efficiency. Interestingly, it incurs 13.02% more cost than Xiong et al.25 and 62.16% more than Praveen et al.24, suggesting that while it optimizes security and efficiency over most schemes, some approaches still achieve lower communication overhead. However, as detailed in Table 8, The computational time of Praveen et al.24’s scheme is approximately 605.1% higher than the proposed scheme, making it 6.05 times slower. Similarly, Xiong et al.25’s scheme has an authentication time 124.4% higher than the proposed scheme, making it 1.24 times slower. Hence, the proposed scheme is a well-balanced method for the IoT-WSN networks.
Computational cost is calculated with number of cryptography primitive operations involved in the protocol design and execution time for each operation. The computational cost of the authentication protocol provides valuable insights into its efficiency and scalability. A protocol with lower computational cost generally requires fewer computational resources, leading to faster authentication processes, reduced energy consumption, and better scalability, particularly in resource-constrained environments such as IoT enabled WSNs or mobile platforms. The Table 7 summarizes the execution times of various operations as reported in reference36. Each operation is associated with its corresponding execution time in milliseconds. The operations involved in proposed protocol design include Hash Function ((T_H)), Elliptic Curve Scalar Multiplication ((T_M)), Elliptic Curve Addition ((T_A)), Symmetric Encryption ((T_S)), Modular Exponentiation ((T_E)), Modular Multiplication ((T_{MM})), Biometric Key Processing ((T_{Bio})), Extracting a Random Number ((T_{ExR})), Vector Addition Modulo ((T_{am})) and Matrix Multiplication Modulo ((T_{mm})).
The computational cost comparison presented in Table 8 shows the performance metrics of various authentication schemes. Among the evaluated methods, the proposed scheme stands out for its significantly lower execution cost compared to most others. Notably, the proposed scheme achieves an execution cost of 8.9569 milliseconds, which is substantially lower than the execution costs of the other schemes. The proposed authentication scheme showcases a notable reduction in computational cost compared to prior works.
Computational cost comparison.
Scalability analysis of computational costs.
The proposed scheme demonstrates significant computational cost reduction compared to existing schemes as shown in Fig. 3. Specifically, it reduces computational cost by 33.58% compared to Amin et al.18, which has a cost of 13.49 ms, whereas the proposed scheme achieves 8.9569 ms. Compared to Ali et al.19, which incurs a high cost of 78.7272 ms, the proposed scheme improves efficiency by 88.62%, demonstrating a substantial reduction in processing overhead. Similarly, Shao et al.23’s scheme, which requires 189.3147 ms, experiences an impressive 95.27% reduction, highlighting the superior performance of the proposed method. For Praveen et al.24, which has a computational cost of 63.1279 ms, the proposed scheme achieves an 85.81% improvement. In the case of Xiong et al.25, which requires 20.0869 ms, the proposed scheme is 55.41% more efficient. Compared to Shivangi et al.26, which incurs 76.4701 ms, the proposed scheme offers an 88.29% reduction in computational cost. The improvement against Li et al.27, which has a cost of 15.2475 ms, is 41.27%, making the proposed scheme notably better in efficiency. Further, Han et al.28’s scheme, which operates at 63.1785 ms, sees an 85.82% reduction, emphasizing the computational efficiency of the proposed method. Keshta et al.29, requiring 27.269 ms, experiences a 67.14% improvement. Similarly, Chen et al.30’s approach, which incurs 48.0414 ms, is outperformed by 81.35%. Finally, compared to Arman et al.31, which has a computational cost of 20.0437 ms, the proposed scheme provides a 55.32% improvement. These reductions confirm that the proposed scheme significantly optimizes computational performance while maintaining security and efficiency. On average, the proposed scheme achieves (approx)74–85% reduction in computational cost across various schemes.
To analyze the significant impact of performance of the proposed scheme, we depicted Fig. 4 with large number of computations for the five schemes18,25,27,29,31 which are closest computational cost to the proposed scheme. It is observed that the proposed scheme exhibits significantly lower computational values compared to most of the existing schemes across varying numbers of computations. For lower computational loads (e.g., 100 computations), the proposed scheme exhibits the lowest computational overhead at approximately 895.69 ms, whereas the closest competitor, Amin et al., requires 1349 ms, which is about 50.7% higher. This performance gap widens as the number of computations increases; at 2000 computations, the proposed scheme requires only 17,913.8 ms, while Xiong et al.25 and Keshta et al.29 demand approximately 40,173.8 ms and 54,540 ms, respectively, making them 2.24 times and 3.04 times more expensive in computational cost. The linear scalability of the proposed scheme ensures that even under high authentication loads, the computational overhead remains significantly lower than its counterparts. In contrast, schemes such as Keshta et al.29 and Xiong et al.25 exhibit steeper growth in computational cost, leading to substantial processing delays and reduced efficiency in large-scale deployments. The proposed scheme’s optimized operations, minimal expensive computations, and lightweight cryptographic primitives contribute to its superior scalability, making it an ideal candidate for resource-constrained and high-traffic environments.
The holistic informal assessment (detailed in the Sect. 4.2) provided insights into how well a proposed protocol satisfies both security and functionality requirements. The comparison Table 9 highlights several weaknesses in the existing schemes and strengths in the proposed authentication scheme. The proposed scheme achieves password-friendly as it allows the minor deviation from its original one using the fuzzy verifier mechanism, meanwhile all other schemes are failed to achieve it. The analyzed authentication schemes exhibit various security shortcomings. Amin et al.18 and Ali et al.19 lack user anonymity and password-friendly mechanisms, making them vulnerable to password guessing and stolen verifier attacks38. Shao et al.23 fails to ensure forward secrecy and is susceptible to replay attacks and stolen verifier attacks24,39. Similarly, Praveen et al.24 does not provide password-friendly features and remains weak against insider and stolen smart card attacks. Xiong et al.25 and Shivangi et al.26 suffer from replay attacks and session-specific attack vulnerabilities, with the latter also lacking sound repairability. Li et al.27 and Han et al.28 struggle with stolen verifier and session-specific attack resistance40. Keshta et al.29 and Chen et al.30 exhibit weaknesses in resisting replay and session-specific attacks. Arman et al.31 lacks password-friendly mechanisms and is prone to insider and stolen verifier attacks. In contrast, the proposed scheme effectively mitigates all identified vulnerabilities while ensuring strong security features, offering superior protection against potential threats.
In this work, a robust two-factor authentication protocol using ECC and fuzzy verifier for IoT-enabled WSN systems has been proposed to mitigate the short-comes identified in existing schemes. As fuzzy verifier introduced fuzziness in password verification, it provided error tolerance, enhanced security, and resistance against password-related attacks like offline password guessing, dictionary and brute-force. Formal security analysis of our proposed protocol has been conducted utilizing the ROR model. Additionally, an extensive informal assessment confirm its resilience against known IoT-enabled WSN attacks and security concerns. Through the comparative evaluation, our scheme demonstrates significant reductions in both communication and computation costs compared to existing alternative schemes. The comparative analysis demonstrates that the proposed scheme achieved a computational cost of 8.9569 ms, which is significantly lower than that of existing schemes. On average, the proposed scheme achieves (approx)74–85% reduction in computational cost across various schemes. Therefore, our proposed scheme is well suited for resource constrained environments like IoT enabled wireless sensor networks with robust security.
In the future, the authentication strategy may be enhanced by incorporating a machine learning-based error tolerance method into the fuzzy verifier to design an intelligent mechanism that dynamically adjusts the fuzzy threshold based on contextual factors such as user behavior or device risk level, so it further improve the password usability without compromising security. The proposed scheme can be further modified and implement for the ultra-low-power sensor nodes based real-time network applications. The additional gateway nodes can be adopted in a hierarchical structure to implement the larger network. Also, the scheme can be extend by integrating post-quantum cryptographic techniques to ensure resistance against quantum attacks.
All data generated or analyzed during this study are included in this article.
Kumar, R., Singh, S., Singh, D., Kumar, M. & Gill, S. S. A robust and secure user authentication scheme based on multifactor and multi-gateway in IoT enabled sensor networks. Security Privacy. 7(1), e335 (2024).
Article MATH Google Scholar
Khan, B. U. I., Goh, K. W., Khan, A. R., Zuhairi, M. F. & Chaimanee, M. Integrating AI and Blockchain for Enhanced Data Security in IoT-Driven Smart Cities. Processes.12(9) (2024).
Priya, J. C., Praveen, R., Nivitha, K. & Sudhakar, T. Improved blockchain-based user authentication protocol with ring signature for internet of medical things. Peer-to-Peer Netw. Appl. 17(4), 2415–2434. https://doi.org/10.1007/s12083-024-01716-9 (2024).
Sharmin, A., Olanrewaju, R.F., Khan, B.U.I., Anwar, F., Motakabber, S., Rosely, N.F.L.M., et al. Secure IoT Routing through Manifold Criterion Trust Evaluation using Ant Colony Optimization. Int. J. Adv. Comput. Sci. Appl. 14(11) (2023).
Khan, B. U. I. et al. Blockchain-Enhanced Sensor-as-a-Service (SEaaS) in IoT: Leveraging Blockchain for Efficient and Secure Sensing Data Transactions. Information 15(4), 212 (2024).
Article MATH Google Scholar
Olanrewaju, R. F., Khan, B. U. I., Kiah, M. L. M., Abdullah, N. A. & Goh, K. W. Decentralized Blockchain Network for Resisting Side-Channel Attacks in Mobility-Based IoT. Electronics 11(23), 3982 (2022).
Article Google Scholar
Khan, B. U. I., Olanrewaju, R. F., Anwar, F., Mir, R. N. & Najeeb, A. R. A critical insight into the effectiveness of research methods evolved to secure IoT ecosystem. Int. J. Inf. Comput. Secur. 11(4–5), 332–354 (2019).
MATH Google Scholar
Olanrewaju, R. F. et al. The Internet of Things vision: A comprehensive review of architecture, enabling technologies, adoption challenges, research open issues and contemporary applications. J. Adv. Res. Appl. Sci. Eng. Technol. 26(1), 51–77 (2022).
Article MATH Google Scholar
Khan, B. U. I. et al. Decentralized payment framework for low-connectivity areas using ethereum blockchains. Eng. Technol. Appl. Sci. Res. 14(6), 17798–17810 (2024).
Article Google Scholar
Praveen, R. & Pabitha, P. Improved Gentry-Halevi’s fully homomorphic encryption-based lightweight privacy preserving scheme for securing medical Internet of Things. Trans. Emerging Telecommun. Technol. 34(4), e4732 (2023).
Article Google Scholar
Pabitha, P. et al. ModChain: A hybridized secure and scaling blockchain framework for IoT environment. Int. J. Inf. Tecnol. 15, 1741–1754. https://doi.org/10.1007/s41870-023-01218-6 (2023).
Arasan, A. et al. Computationally efficient and secure anonymous authentication scheme for cloud users. Personal Ubiquitous Comput. 28(1), 111–121 (2024).
Article Google Scholar
Rajasekaran, P. & Duraipandian, M. Secure cloud storage for IoT based distributed healthcare environment using blockchain orchestrated and deep learning model. J. Intell. Fuzzy Syst. 46(1), 1069–1084 (2024).
Article Google Scholar
Ramalingam, P. & Pabitha, P. Ask-ram-imot: Autonomous shared keys based remote authentication method for internet of medical things applications. Wireless Pers. Commun. 131(1), 273–293 (2023).
Article Google Scholar
Wang, C., Wang, D., Duan, Y. & Tao, X. Secure and lightweight user authentication scheme for cloud-assisted internet of things. IEEE Trans. Inf. Forensics Secur. 18, 2961–2976 (2023).
Article MATH Google Scholar
Paul, R., Rai, S., Banerjee, S. & Meher, P. A Robust Smart Card based Authentication and Key Agreement Scheme for WSN using Fuzzy Extractor. Peer-to-Peer Network. Appl. 17(1), 432–450 (2024).
Article MATH Google Scholar
Wang, D. & Wang, P. Two birds with one stone: Two-factor authentication with security beyond conventional bounds. IEEE Trans. Dependable Secure Comput. 15(4), 708–722 (2016).
ADS MATH Google Scholar
Amin, R., Kunal, S., Saha, A., Das, D. & Alamri, A. CFSec: Password based secure communication protocol in cloud-fog environment. J. Parallel Distributed Comput. 140, 52–62 (2020).
Article MATH Google Scholar
Ali, Z. et al. A clogging resistant secure authentication scheme for fog computing services. Comput. Netw. 185, 107731 (2021).
Article MATH Google Scholar
Cho, Y. et al. A secure three-factor authentication protocol for e-governance system based on multiserver environments. IEEE Access. 10, 74351–74365 (2022).
Article Google Scholar
Sudhakar, T., Natarajan, V., Gopinath, M. & Saranyadevi, J. An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card. Wireless Pers. Commun. 115(4), 2779–2803 (2020).
Article Google Scholar
Zhang, L., Zhu, Y., Ren, W., Zhang, Y. & Choo, K. K. R. Privacy-preserving fast authentication and key agreement for e-health systems in iot, based on three-factor authentication. IEEE Trans. Serv. Comput. 16(1), 1324–1333 (2022).
MATH Google Scholar
Shao, X., Guo, Y. & Guo, Y. A PUF-based anonymous authentication protocol for wireless medical sensor networks. Wireless Netw. 28(8), 3753–3770 (2022).
Article MATH Google Scholar
Praveen, R. & Pabitha, P. A secure lightweight fuzzy embedder based user authentication scheme for internet of medical things applications. J. Intell. Fuzzy Syst. 44(5), 7523–7542 (2023).
Article MATH Google Scholar
Xiong, L., Peng, T., Li, F., Zeng, S. & Wu, H. Privacy-Preserving Authentication Scheme With Revocability for Multi-WSN in Industrial IoT. IEEE Syst. J. 17(1), 38–49 (2023).
Article ADS MATH Google Scholar
Shivangi, S. & Patel, S. J. A design of provably secure multi-factor ECC-based authentication protocol in multi-server cloud architecture. Clust. Comput. 27(2), 1559–1580 (2024).
Article MATH Google Scholar
Li, X., Liu, S., Kumari, S. & Chen, C. M. PSAP-WSN: a provably secure authentication protocol for 5g-based wireless sensor networks. CMES-Comput. Model. Eng. Sci. 135(1), 711 (2023).
MATH Google Scholar
Han, Y. et al. An Enhanced Multifactor Authentication and Key Agreement Protocol in Industrial Internet of Things. IEEE Internet Things J. 11(9), 16243–16254 (2024).
Article Google Scholar
Keshta, I. A CRC-Based Authentication Model and ECC-Based Authentication Protocol for Resource-Constrained IoT Applications. IEEE Access. 12, 156765–156784 (2024).
Article Google Scholar
Chen, X., Wang, B. & Li, H. A privacy-preserving multi-factor authentication scheme for cloud-assisted IoMT with post-quantum security. J. Inform. Security Appl. 81, 103708 (2024).
MATH Google Scholar
Ahmad, A. & Jagatheswari, S. Quantum Safe Multi-Factor User Authentication Protocol for Cloud-Assisted Medical IoT. IEEE Access. 13, 3532–3545 (2025).
Article MATH Google Scholar
Ullah, S. et al. Elliptic Curve Cryptography; Applications, challenges, recent advances, and future trends: A comprehensive survey. Comput. Sci. Rev. 47, 100530 (2023).
Article MathSciNet MATH Google Scholar
Wang, D., Zhang, Z., Wang, P., Yan, J. & Huang, X. Targeted online password guessing: An underestimated threat. In Proc. ACM CCS 2016, 1242–1254 (2016).
MATH Google Scholar
Wang, D., Cheng, H., Wang, P., Huang, X. & Jian, G. Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017).
Article MATH Google Scholar
Messergers, T. S., Dabbish, E. A. & Sloan, R. H. Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 541–552 (2002).
Article MathSciNet MATH Google Scholar
Kilinc, H. H. & Yanik, T. A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tuts. 16(2), 1005–1023 (2014).
Article MATH Google Scholar
Chatterjee, U., Ray, S., Adhikari, S., Khan, M. K. & Dasgupta, M. An improved authentication and key management scheme in context of IoT-based wireless sensor network using ECC. Comput. Commun. 209, 47–62 (2023).
Article Google Scholar
Chatterjee, U., Ray, S., Adhikari, S., Khan, M. K. & Dasgupta, M. An improved authentication and key management scheme in context of IoT-based wireless sensor network using ECC. Comput. Commun. 209, 47–62 (2023).
Article Google Scholar
Paul, R., Rai, S., Banerjee, S. & Meher, P. A robust smart card based authentication and key agreement scheme for wsn using fuzzy Extractor. Peer-to-Peer Network. Appl. 17(1), 432–450 (2024).
Article MATH Google Scholar
Kumar, C. M. et al. REPACA: Robust ECC based privacy-controlled mutual authentication and session key sharing protocol in coalmines application with provable security. Peer-to-Peer Network. Appl. 17(6), 4264–4285 (2024).
Article MATH Google Scholar
Download references
Not applicable.
T. Sudhakar, R. Praveen and V. Natarajan These have contributed equally to this work.
Department of Computer Technology, Anna University, MIT Campus, Chennai, Tamil Nadu, 600044, India
T. Sudhakar
Department of Computer Science and Engineering, National Institute of Technology Puducherry, Karaikal, Puducherry, 609609, India
R. Praveen
Department of Instrumentation Engineering, Anna University, MIT Campus, Chennai, Tamil Nadu, 600044, India
V. Natarajan
PubMed Google Scholar
PubMed Google Scholar
PubMed Google Scholar
All the authors are equally contributed to the paper.
Correspondence to T. Sudhakar or R. Praveen.
The authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
Reprints and permissions
Sudhakar, T., Praveen, R. & Natarajan, V. An efficient ECC and fuzzy verifier based user authentication protocol for IoT enabled WSNs. Sci Rep 15, 9974 (2025). https://doi.org/10.1038/s41598-025-94550-9
Download citation
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-025-94550-9
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
Advertisement
© 2025 Springer Nature Limited
Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.
About The Author
More Stories
Solving Crime Without Breaking Encryption
Community Snapshot—May
From Refugee to Digital Leader: How Justin Is Helping to Connect Rhino Camp