Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

1. Introduction

Wireless Sensor Networks (WSNs) generally consist of gateways, users, and a large number of sensor nodes. The sensor node is tiny and can be easily deployed in various kinds of severe environments. However, each sensor node has limited resources, is lacking in memory, has low computational capabilities and short radio transmission range [1]. Data collected from sensor nodes in WSNs sometimes include valuable and classified information such as the environmental surrounding the wartime, a patient’s personal information, monitoring information of museums, and the power company’s voltage variation monitoring data. To ensure the confidentiality and reliability of deployed WSNs, only registered and legitimate users should be able to access them. In addition, establishing secure protocol actively requires a mutual authentication between the user and the sensor node. For these reasons, secure user authentication is one of the major issues in WSNs.

To support message confidentiality and secure authentication for sensor networks, various authentication schemes for WSNs have been proposed. However, a problem that occurs with respect to password-based authentication schemes is that a server must maintain a password table to legitimately verify a login user. Therefore, the server requires additional memory space to store the password table. For this reason, many researchers have proposed a new type of remote user authentication scheme whereby personal biological characteristics are used, such as a fingerprint or an iris. The main advantage biometrics is uniqueness. A smart card can be used as a tool to store biometric information. Since the smart card has its own calculation function, it can operate at more than one level. In 2004, Watro et al. [2] proposed a user authentication scheme using the RSA and DH algorithms for WSNs. After that, Wong et al. [3] proposed a hash-based dynamic user authentication scheme in 2006. However, Tseng et al. [4] found that Wong et al.’s authentication scheme was vulnerable to replay, stolen verifiers, and forgery attacks. In 2009, Das [5] proposed and claimed that his scheme can resist various real-time attacks. Unfortunately, He et al. [6] found that Das’s scheme was vulnerable to insider and impersonation attacks, and proposed an improved two factor scheme to solve these security problems. In the same year, Khan and Alghathbar [7] demonstrated that Das’s scheme did not provide mutual authentication, and was vulnerable to gateway bypassing and privileged insider attacks, and Chen et al. [8] also found that Das’s scheme did not provide mutual authentication between the gateway and the sensor, proposed a robust mutual authentication scheme for WSNs, and claimed that their scheme provides greater security than Das’s scheme. In 2010, Yuan et al. [9] proposed a biometric-based user authentication scheme. However, Yoon et al. demonstrated that Yuan et al.’s scheme was vulnerable to insiders, user impersonation, gateway node impersonation and sensor node impersonation attacks. To solve these problems, Yoon et al. [10] proposed an improved user authentication scheme. Unfortunately, He et al. [11] found that Yoon et al.’s scheme was still vulnerable to denial of service (DoS) and sensor impersonation attacks, and then proposed an improved scheme to overcome these security problems.

In 2013, Yoon and Kim [12] pointed out that He et al.’s scheme had various security vulnerabilities such as poor repairability, and was vulnerable to user and sensor node impersonation attacks. They then proposed an advanced biometrics-based user authentication scheme for WSNs. They claimed that their scheme was more effective and had stronger security than other related schemes. However, Choi et al. [13] found that Yoon and Kim’s scheme [12] had various security problems, including a biometric recognition error, a user verification problem, lack of anonymity, perfect forward secrecy, session key exposure by the gateway node, vulnerability to DoS attacks, and a revocation problem. To overcome these vulnerabilities, they proposed a biometric-based user authentication scheme using a fuzzy extractor, and claimed that their scheme is more secure than other authentication schemes. Unfortunately, Park et al. [14] demonstrated that Choi et al.’s scheme [13] was still insecure against user impersonation attacks, and had security weakness in the revocation/reissue phase. They then proposed an enhanced biometric-based authentication scheme for WSNs that has improved security functions. After careful analysis, however, we found that Park et al.’s scheme [14] was still insecure against impersonation attack, and also had a problem in the smart card revocation/reissue phase.

In this paper, we show how an adversary can impersonate a legitimate user or a sensor node, and perform an illegal smart card revocation/reissue. After demonstrating these problems, we propose an improved biometric authentication scheme. Finally, we analyze our proposed scheme for security properties and computational cost. The proposed scheme is more secure and efficient than other related authentication schemes.

The rest of this paper is organized as follows. In Section 2, we briefly introduce the elliptic curve cryptosystem, threat assumptions and fuzzy extractors that we adopt in our scheme. In Section 3 and Section 4, we review and analyze, respectively, Park et al.’s scheme [14]. In Section 5, we propose an improved authentication scheme for WSNs. In Section 6, we present a security analysis of the proposed scheme. Section 7 shows performance analysis comparing our scheme with previous schemes. Our conclusions are presented in Section 8.

2. Preliminaries

In this section, we briefly introduce the elliptic curve cryptosystem, threat assumptions, and fuzzy extractor.

2.1. Elliptic Curve Cryptosystem

The elliptic curve cryptosystem (ECC) was first proposed by Koblitz [15] and Miller [16] to design public key cryptosystems, and presently it is widely used in several cryptographic schemes to provide desired levels of security and performance. An elliptic curve defined over a field K of the characteristic ≠ 2 or 3 is the set of solutions , ∈ to the equation:

Cryptosystems based on GF( can be translated to systems using the group E, where E is an elliptic curve defined over a GF(q). The point multiplications = , k times) that means k times addition of point P. Given an elliptic curve E defined over a GF(q) and two points P, Q ∈ E, it finds an integer x such that if such x exists. This problem proved to be more intractable than the typically discrete logarithm problem. The details of the ECC definitions can be found in [15]. There are several computational problems based on ECC which are presented below:

The elliptic curve discrete logarithm problem () is defined as: given two elements Q, , find an integer , such that .

The computational Diffie–Hellman problem () is defined as: given three elements , , for any a, , , computation of is very hard to the group .

The elliptic curve factorization problem ( ) is defined as: given two elements P, , where and , , , then computation of and is impossible.

The decisional Diffie–Hellman problem ( ) is defined as: given four elements , , , for any , b, , , decide whether or not i.e., p or not.

The weak Diffie–Hellman problem () is defined as: for and some , from the given three elements , Q, computation of is very hard.

2.2. Threat Assumptions

We introduce the Dolev–Yao [17] and some threat model [18,19], and consider the risk of side channel attack [20] to construct the threat assumptions, which are described as follows:

An adversary can be either a user, gateway, or sensor node. Any registered user can act as an adversary.

An adversary can eavesdrop every communication in a public channel, thereby capturing any message exchanged between a user and gateway or sensor node.

An adversary has the ability to alter, delete or reroute the captured message.

Information can be extracted from the smart card by examining the power consumption of the card.

2.3. Fuzzy Extractor

In this subsection, we describe the basis for a biometric-based fuzzy extractor, which converts biometric information data into a random value. Based on [21,22,23], the fuzzy extractor is given by two procedures (, ). The mechanism of a fuzzy extractor consists of two procedures (, ), which is demonstrated as:

if is reasonably close to

The function is a probabilistic generation procedure, which on biometric input outputs an “extracted” string and an auxiliary string . is a deterministic reproduction procedure, which recovery of R from the corresponding auxiliary string P, and any vector close to . The detailed information about fuzzy extractors can be founded in the literature [24].

3. Review of Park et al.’s Authentication Scheme

In this section, we review Park et al.’s authentication scheme [14]. The notations used in the paper are listed in Table 1. The generates two master keys, x and y, and provides a long-term secret key to the sensor before the scheme is executed. Their scheme involves three parties, i.e., the user , the gateway and the sensor , to communicate with each other to perform the following three phases: registration, login/authentication, and revocation/reissue.

Table 1

Notations used in this paper.

Term	Description
U_i	user i
A	adversary
B_i	biometric template of U_i
E_k(·)/D_k(·)	encryption or decryption with key k
GW	gateway node
G_1	cyclic groups of order q
h(·)	hash function
h(SID_j||y)	long-term secret of S_j generated by GW
ID_i	actual identity of U_i
P	generator of G_1
r_i, r_1, r_2	random number generated by U_i
r_s	random number generated by S_j
S_j	sensor node j
SC_i	smart card of user U_i
SID_j	identity of S_j
T_i	time stamp
up_i	i-th update phase
x,y	two master keys of GW
RM	Response to the query message
‖	concatenation operation
⊕	bitwise XOR operation

3.1. Registration Phase

In this phase, a user chooses an identity , imprints biometric template , and then performs the following steps:

computes , and . then sends to the gateway .

Upon receiving , from , computes the authentication parameters as:

stores and the authentication parameters; , , , in the smart card . then issues to through a secure channel.

After receiving the smart card from , stores in the smart card.

3.2. Login and Authentication Phase

If a user wants to log in to the and , performs the login phase, and then , and verify each other’s authenticities. Finally, and generate a session key in this phase as follows:

enters and imprints biometric template . then computes , and using fuzzy extraction, and compares with as:

generates a random number and computes and as:

picks up and computes and as:

then sends the login request message , , , , to .

After receiving , retrieves and verifies . If this holds, computes , , and , and compares with as:

If this holds, verifies the legitimacy of .

picks up and computes , and ,

then sends the authentication message , , , to .

When receiving from , retrieves , and verifies . If this holds, verifies the validity of by comparing it with to check the legitimacy of . After that, computes , and decrypts using . then checks the validity of the received by comparing as:

generates a random number and computes , and a session key . then picks up and computes , as:

hence sends , , , to .

Upon receiving , retrieves , and checks the sameness of . then computes and as:

Only the legitimate can compute and . then accepts . Finally, and can communicate securely using the common .

3.3. Revocation or Reissue Phase

To make up for smart card loss or long term key disclosure, the smart card should be revoked and reissued in cycles.

who wants to revoke and reissue a smart card inputs the previous identity and the new identity to prevent adversaries from registering with the same identity . Then, imprints biometric template and computes , and .

computes and sends the revocation/reissue request message , , , to .

computes , and checks the legitimacy of the user as:

If this holds, revokes and records it on the revocation look-up table. Then, computes new authentication parameters , and as:

stores and the new authentication parameters; , , , in the smart card . then reissues to through a secure channel.

stores in the smart card.

4. Cryptanalysis of Park et al.’s Authentication Scheme

In this section, we analyze the security problems of Park et al.’s scheme [14]. Park et al. cryptanalyzed a scheme of Choi et al. [13] and improved it to support better security functionality. However, we found that Park et al.’s scheme [14] was still insecure against impersonation attack and had a problem with smart card revocation/reissue. The following attacks are based on the threat assumptions that a malicious adversary was completely monitored through the communication channel connecting , and in the login and authentication phases, and that the obtained the information saved in their own smart card [20]. therefore can eavesdrop, modify, insert, or delete any message transmitted over a public channel. We now reveal the details of these problems.

Let be an active adversary who is he/she legal user and owns a smart card to extract information , , , , .

then imprints one’s biometric template and computes and .

generates a random number , and selects any identity . then computes login request message as:

then sends the login request message , , , , to .

When receiving , retrieves and verifies . If this holds, computes , , , and compares with as:

If this holds and does exist in the database, the gateway continues to proceed the scheme without detected. Otherwise, selects another identity nominee and performs the same processes until he/she locates the valid identity.

picks up and computes , and :

then sends the authentication message , , , to .

Upon receiving from , retrieves and verifies . If this holds, verifies the validity of by comparing it with to check the legitimacy of . After that, computes and decrypts using . then checks the validity of the received by comparing as

generates a random number and computes , and a session key . then computes , as: where is current timestamp. then sends , , , to .

After receiving , retrieves , and checks the sameness of . Then, computes and as:

Lastly, and “successfully” agree on a session key . Unfortunately, the sensor mistakenly believes that he/she is communicating with the legitimate user .

4.2. Sensor Node Impersonation Attack

Park et al. [14] claimed that if wants to masquerade as the sensor node , is required to compute . This is because the symmetric key . However, if obtains the login request message , , , , of the legitimate user , then can easily impersonate the sensor node .

After receiving from , generates a random number and computes , , , and a session key as: where is current timestamp. then sends , , , to .

Upon receiving from , retrieves and checks the sameness of . Then, computes and as:

Lastly, and “successfully” agree on a session key . Unfortunately, the user mistakenly believes that he/she is communicating with the legitimate sensor .

4.3. Illegal Smart Card Revocation/Reissue Attack

Park et al. [14] claimed that, although could get the identity in some way,  checks the legitimacy of the user on the requested identity, and cannot compute and the revocation/reissue request message without the biometric information of . However, can modify the revocation/reissue request message. This is because cannot distinguish whether or not the user who wishes to revoke is the real user .

Suppose owns a smart card to extract information , , , , and obtains the identity of the legitimate user by using a user impersonation attack.

Next, imprints the personal biometric information at the sensor. The sensor hence sketches and extracts , from , .

computes and and sends the revocation/reissue request message , , , to .

computes , , and checks the legitimacy of the user as:

If this holds, revokes and records it on the revocation look-up table. Then, computes new authentication parameters , and as:

stores the new authentication parameters , , , in the smart card . then reissues to through a secure channel.

stores in the smart card.

Adversary can revoke the smart card of an authenticated user who does not wish the said smart card to be revoked without permission because has no proper process for checking the legitimacy of the user on the previous identity .

5. The Proposed Scheme

In this section, we will propose a new biometric-based password authentication scheme using a smart card. In our scheme, there are also three participants, the user , the gateway and the sensor . The generates two master keys x and y, and sends a long-term secret key to the sensor before the scheme is executed. After that, computes where is the public key of the gateway. The proposed scheme consists of three phases: registration, login and authentication, and revocation/reissue.

5.1. Registration Phase

In this phase, a user chooses an identity , imprints biometric template at the sensor, and then performs the following steps:

The sensor sketches , extracts , from , , and stores in the memory. then sends , to over a secure channel.

When receiving the registration request message , from , the gateway computes the authentication parameters as:

stores the authentication parameters , , , in the smart card . hence issues to via a secure channel.

Lastly, stores in the smart card.

Figure 1 illustrates the registration phase of the proposed scheme.

Figure 1

Registration phase of the proposed scheme.

5.2. Login and Authentication Phase

In this phase, performs the login phase, and hence , and verify each other’s authenticity. Finally, and generates a common session key in this phase as follows:

inserts his/her smart card into the card reader, inputs the identity , and imprints the personal biometrics at the sensor.

The sensor then sketches and extracts from , . Then, computes and using fuzzy extraction and compares with as:

generates random numbers and and hence computes where is current timestamp. Then, sends the login request message , , , , , to .

Upon receiving a login request message from , retrieves and verifies . If this is true, computes , , and and compares with and with as:

If this holds, verifies the legitimacy of .

computes , and , where is current timestamp. then sends the authentication message , , , to .

When receiving the authentication message from , retrieves and verifies . If this is true, verifies the validity of by comparing it with to check the legitimacy of . After that, computes , and decrypts using . Then, checks the validity of the received by comparing the computed as

generates a random number and computes , , , and a session key as: where is current timestamp. then sends , , , to .

After receiving response message , , , from , computes and checks whether is equal to :

The legitimate user can only compute and . and can communicate securely using the common session key .

Figure 2 illustrates the login and authentication phase of the proposed scheme.

Figure 2

Login and authentication phase of the proposed scheme.

5.3. Revocation or Reissue Phase

To make up for smart card loss or long term key disclosure, the smart card should be revoked and reissued in cycles.

If wants to revoke and reissue a smart card, he/she inserts his/her smart card into the card reader, inputs the previous identity and the new identity to prevent adversaries from registering with the same identity , and then imprints the personal biometrics at the sensor.

The sensor then sketches and extracts from , . Then, computes and using fuzzy extraction,

computes and sends the revocation/reissue request message , , , to over a secure channel.

first checks whether is the same as or not. If they are different, computes , and checks the legitimacy of the user as:

If this is true, revokes and records it on the revocation look-up table. Then, computes new authentication parameters , and as:

stores and the new authentication parameters , , , in the smart card . then reissues to through a secure channel.

stores in the smart card.

Figure 3 illustrates the revocation/reissue phase of the proposed scheme.

Figure 3

Revocation/reissue phase of proposed scheme.

6. Security Analysis

In this section, we demonstrate that the proposed scheme, which retains the merits of Park et al.’s scheme [14], can withstand several types of possible attacks; and we also show that the scheme supports several security properties. The security analysis of the proposed scheme was conducted with the threat assumptions made in the Preliminaries.

6.1. Formal Security Analysis

In this subsection, we have demonstrated that the proposed scheme is secure through a formal proof using the random oracle model [18,25]. At first, we specify a collision-free one-way hash function as follows.

The collision-resistance one-way hash function , , pick up an input as a binary string , that has a random length, produces a binary string , , and gratifies the following requirements:

Given the , it is not possible to find out computationally about such that .

Given the , it is not possible to find out computationally about another , such that .

It is not possible to find out computationally about a pair , , with , such that .

According to the assumption that if the collision-free one-way hash function

This random oracle can extract the input value x from the given hash result without fail. now executes the experimental algorithm as shown in Algorithm 1, for the proposed scheme as JHKAS, for example. Let us define the probability of success for as , where means the probability of . The advantage function for this algorithm then becomes , where the t is the execution time and is the number of queries. Discuss the algorithm as shown in Algorithm 1 for the . If has the capability to solve the hash function problem given in Definition 6, then he/she can immediately retrieve the identity , nearly random binary string and master secret key x, y of the gateway node . In that case, the will detect the complete connections between the and the ; however, the inversion of the input from a given hash value is not possible computationally, i.e., , for all . Thus, , since depends on . In conclusion, there is no way for to detect the complete connections between the and the , and the proposed scheme is distinctly secure to an adversary for retrieving (, , x, y). ☐

6.2. Simulation for Formal Security Verification Using the AVISPA Tool

In this subsection, we simulate the proposed scheme using the widely accepted AVISPA for the formal security verification. The main purpose of the simulation is to verify whether the proposed scheme is secure to replay and man-in-the middle attacks. The AVISPA tool consists of four back-ends: (i) On-the-fly Model-Checker (OFMC); (ii) Constraint-Logic-based Attack Searcher; (iii) SAT-based Model Checker; and (iv) Tree Automata based on Automatic Approximations for the Analysis of Security Protocols. In the AVISPA, the protocol is implemented in HLPSL [26], which is based on: the basic roles for representing each participant role and composition roles for representing the scenarios of the basic roles. The basic types available in the HLPSL are [27]:

agent : The agent denotes a principal name. The intruder always has the special identifier i.

symmetric_key : The symmetric_key is the key for a symmetric-key cryptosystem.

text : The text values are often used as nonces. They can also be applied for messages.

nat : The nat is used for denoting the natural numbers in non-message contexts.

const : This type represents constants.

hash_func : The base type hash_func represents cryptographic one-way hash functions.

The role of the initiator, the user is provided in Algorithm 2. The first receives the start signal and updates its state value from 0 to 1. The state value is maintained by the variable State. In a similar way, the roles of the gateway and sensor node of the proposed scheme are implemented and shown in Algorithm 3 and 4, respectively. The specifications in HLPSL language for the role of session, goal, and environment are specified in Algorithm 5. The simulation result for the formal security verification of the proposed scheme using CL-AtSe is shown in Algorithm 6. It is clear that the proposed scheme is secure to passive and active attacks including the replay and man-in-the middle attacks.

6.3. Informal Security Analysis

Table 2 compares the security features provided by the proposed scheme with other related schemes.

Table 2

Comparison of security features.

Features	Yoon and Kim	Choi et al.	Park et al.	The Proposed
	[12]	[13]	[14]
Provides user anonymity	N/A	×	◯	◯
Provides mutual authentication	◯	◯	◯	◯
Provides message confidentiality	◯	◯	◯	◯
Provides perfect forward secrecy	N/A	◯	◯	◯
Resists insider attack	◯	×	◯	◯
Resists impersonation attack	◯	×	×	◯
Resists illegal smart card revocation/reissue attack	×	×	×	◯
Resists biometric recognition error	×	◯	◯	◯
Resists session key exposure by gateway	×	◯	◯	◯
Resists denial of service attack	×	◯	◯	◯
Resists user verification problem	×	◯	◯	◯
Resists stolen verifier attack	◯	◯	◯	◯
Resists replay attack	◯	◯	◯	◯
Security factor	Two-factor	Two-factor	Two-factor	Two-factor

◯: scheme provides the property; ×: scheme does not provide the property; N/A: scheme does not consider the property.

6.3.1. User Anonymity

Suppose an adversary intercepts the login request message , , , , , of a legitimate user . However, cannot be derived from without the knowledge of a random number ; furthermore, the cannot be derived from without a hash value . The and can only compute ). The proposed scheme therefore provides user anonymity.

6.3.2. Mutual Authentication

The proposed scheme not only guarantees secrecy as the other authentication scheme, but also , and authenticate each other. authenticates by checking whether is valid or not because only a legitimate user can compute a valid using a biometric template. Then, authenticates by checking , which only can compute using the shared long-term key and the time stamp . Finally, the authenticates by checking the validity of because only and can compute the session key .

6.3.3. Message Confidentiality

Message confidentiality is an important security aspect that provides secrecy by limiting the adversary’s access to the message. Communication messages in the public channel do not affect the disclosure of secret values, such as , , , and . cannot compute important information from , , , , , , , and . Furthermore, , , and are basically public information, so they do not need to be protected.

6.3.4. Perfect Forward Secrecy

The perfect forward secrecy means that if one long-term key is compromised, a session key that is derived from these long-term keys will not be compromised in the future [28]. In our scheme, a session key between user and sensor is calculated as follows: Even if the gateway ’s long-term key (x, y) is compromised, adversary cannot retrieve and to generate the session keys between and . The session key of our proposed scheme is based on a elliptic curve discrete logarithm problem (ECDLP). An adversary cannot obtain from and . Our scheme therefore provides the perfect forward secrecy.

6.3.5. User Impersonation Attack

Suppose owns a smart card to extract information , , , , and intercepts the login request message , , , , , of legitimate user . can then try modifying a login request message. Even if guesses or obtains ’s identity , verifies whether is equal to . The cannot compute and , and then fails to impersonate a legitimate user . The proposed scheme therefore can resist user impersonation attack.

6.3.6. Gateway or Sensor Node Impersonation Attack

If wants to masquerade as the gateway node or a sensor node , the hash value is needed. However, it is computationally difficult to guess or correctly. Furthermore, even if obtains the login request message , , , , , , does not know . Thus, cannot be computed. The proposed scheme therefore can resist gateway or sensor node impersonation attack.

6.3.7. Illegal Smart Card Revocation/Reissue Attack

Even if obtains the identity of a legitimate user , cannot compute without the value . Furthermore, checks the legitimacy of the user on the request identity by computing and . Therefore, even if sends the revocation/reissue request message , , , to , fails to revoke and reissue the smart card with . The proposed scheme therefore can resist an illegal smart card revocation/reissue attack.

6.3.8. Session Key Exposure by GW

The gateway can intercept communication messages and obtain both and . However, cannot derive and and therefore cannot compute the common session key . This is because our proposed scheme based on the elliptic curve discrete logarithm problem (ECDLP).

6.3.9. Denial of Service Attack

In the proposed scheme, , and basically check for freshness of timestamp in each authentication step. Each message for verification such as , and includes the current timestamp T. Furthermore, each entity checks whether the calculated value is equal to the received value. The proposed scheme can resist denial of service attack.

6.3.10. User Verification Problem

checks for the sameness in the identity to verify the status a legitimate user by computing . Furthermore, can compute constant values including as a result of the fuzzy extractor. can authenticate a legal user even if the user inputs slightly different biometric information . Our proposed scheme therefore can prevent user verification problems.

6.3.11. Stolen Verifier Attack

In the proposed scheme, and do not store any identification, password table or user biometrics. stores only the master secret key (x, y), and stores only . The proposed scheme therefore can resist stolen verifier attacks.

6.3.12. Replay Attack

Even if the adversary obtains the communication message, and sends them again with the current timestamps , , and , cannot compute , , using the current timestamps. The proposed scheme therefore can resist replay attacks.

7. Performance Analysis

In this section, we compare the computational costs of the proposed scheme with the other related schemes [13,14,29,30]. Table 3 shows a comparison of the computational costs of the proposed scheme with the other related schemes. In the comparisons, XOR operations are not considered because these also can be ignored. Compared to Park et al.’s scheme [14], the proposed scheme performs three further hash operations and two elliptic curve computations. However, we reduce three encryption/decryption operations. Additionally, the proposed scheme provides the revocation and reissue phase, and can resist well-known attacks.

Table 3

Comparison of computational costs.

Phases		Choi et al.	Park et al.	Nam et al.	Park et al.	The Proposed
		[13]	[14]	[29]	[30]
Registration	U_i	T_H + T_F	T_H + T_F	T_H	T_H + T_F	T_H + T_F
	GWN	3T_H	2T_H + T_E	T_H + T_E + T_e	5T_H	T_e + 3T_H
	S_j	-	-	-	-	-
Login and authentication	U_i	10T_H + T_F + T_E + 2T_e	6T_H + T_F + 2T_e	3T_H + 3T_e + T_E + T_M	10T_H + T_F + 2T_e	6T_H + T_F + 3T_e
	GWN	10T_H + 2T_E	7T_H + 2T_E	T_H + 2T_E + T_e + 3T_M	11T_H	6T_H + T_e + T_E
	S_j	6T_H + T_E + 2T_e	4T_H + T_E + 2T_e	T_H + 2T_e + 2T_M	4T_H + 2T_e	4T_H + T_E + 2T_e
Revocation and reissue	U_i	T_H + T_F	T_H + T_F	-	-	T_H + T_F
	GWN	3T_H	2T_H + T_E	-	-	5T_H
	S_j	-	-	-	-	-
Total cost		34T_H + 3T_F	23T_H + 3T_F	7T_H + 4T_E	31T_H + 2T_F	26T_H + 3T_F
		+ 4T_E + 4T_e	+ 5T_E + 4T_e	+ 7T_e + 6T_M	+ 4T_e	+ 2T_E + 6T_e

: computational time for elliptic curve computation; : computational time for encryption/decryption; : computational time for fuzzy extraction; : computational time for hash function; : computational time for massage authentication code.

8. Conclusions

The various authentication schemes for WSNs have been proposed. Recently, Park et al. demonstrated the security vulnerabilities of Choi et al.’s scheme and proposed an enhanced authentication scheme. However, in this paper, we have identified vulnerabilities in Park et al.’s scheme in terms of impersonation and revocation/reissue. To overcome these vulnerabilities, we proposed a new biometric-based authentication scheme with improved security. Security and performance analysis shows that our proposed scheme is more secure and efficient than other related schemes.