| Summary: | Wireless sensor networks (WSNs) have played an important role in the Internet of Things (IoT), and the 5G network is being considered as a major candidate for IoT's communication network with the advent of 5G commercialization. The potential of integrating WSNs and 5G in the IoT is expected to allow IoT to penetrate deeply into our daily lives and to provide various services that are convenient, but at the same time, it also brings new security threats. From this aspect, user authentication and key agreement are essential for secure end-to-end communication. As IoT devices, including sensors, collect and process more and more personal information, both anonymous authentication and authorization are also required to protect the privacy and to prevent anyone without privileges from accessing private data. Recently, Adavoudi-Jolfaei et al. proposed an anonymous three-factor authentication and access control scheme for real-time applications in WSNs. However, we found that this scheme does not provide sensor-node anonymity and suffers from user collusion and desynchronization attacks. In this paper, we introduce a system architecture by considering the integration of WSNs and 5G for IoT. Based on a cryptanalysis of Adavoudi-Jolfaei et al.'s scheme and the system architecture, we propose an elliptic curve cryptography (ECC)-based privacy-preserving authentication, authorization, and key agreement scheme for WSNs in 5G-integrated IoT. We conduct a formal and informal security analysis in order to demonstrate that the proposed scheme withstands various security attacks and guarantees all desired security features, overcoming the drawbacks of Adavoudi-Jolfaei et al.'s scheme. Finally, a performance and comparative analysis with the related schemes indicate that the proposed scheme is both efficient and more secure.
|
|---|
