{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T09:36:41Z","timestamp":1774604201220,"version":"3.50.1"},"reference-count":36,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2014,6,10]],"date-time":"2014-06-10T00:00:00Z","timestamp":1402358400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.\u2019s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.\u2019s protocol. However, Shi et al.\u2019s improvement introduces other security weaknesses. In this paper, we show that Shi et al.\u2019s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.<\/jats:p>","DOI":"10.3390\/s140610081","type":"journal-article","created":{"date-parts":[[2014,6,10]],"date-time":"2014-06-10T11:50:51Z","timestamp":1402401051000},"page":"10081-10106","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":190,"title":["Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography"],"prefix":"10.3390","volume":"14","author":[{"given":"Younsung","family":"Choi","sequence":"first","affiliation":[{"name":"College of Information and Communication Engineering, Sungkyunkwan University, Jangangu, Suwonsi, Gyeonggido 440-746, Korea"}]},{"given":"Donghoon","family":"Lee","sequence":"additional","affiliation":[{"name":"College of Information and Communication Engineering, Sungkyunkwan University, Jangangu, Suwonsi, Gyeonggido 440-746, Korea"}]},{"given":"Jiye","family":"Kim","sequence":"additional","affiliation":[{"name":"College of Information and Communication Engineering, Sungkyunkwan University, Jangangu, Suwonsi, Gyeonggido 440-746, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2820-7906","authenticated-orcid":false,"given":"Jaewook","family":"Jung","sequence":"additional","affiliation":[{"name":"College of Information and Communication Engineering, Sungkyunkwan University, Jangangu, Suwonsi, Gyeonggido 440-746, Korea"}]},{"given":"Junghyun","family":"Nam","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju, Chungcheongbukdo 380-701, Korea"}]},{"given":"Dongho","family":"Won","sequence":"additional","affiliation":[{"name":"College of Information and Communication Engineering, Sungkyunkwan University, Jangangu, Suwonsi, Gyeonggido 440-746, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2014,6,10]]},"reference":[{"key":"ref_1","first-page":"61","article-title":"Authenticated reliable and semi-reliable communication in wireless sensor networks","volume":"7","author":"Dressler","year":"2008","journal-title":"Int. J. Netw. Secur."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"4767","DOI":"10.3390\/s110504767","article-title":"A secured authentication protocol for wireless sensor networks using elliptic curves cryptography","volume":"11","author":"Yeh","year":"2011","journal-title":"Sensors"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"730831","DOI":"10.1155\/2013\/730831","article-title":"A new user authentication protocol for wireless sensor networks using elliptic curves cryptography","volume":"2013","author":"Shi","year":"2013","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_4","unstructured":"Satpute, R.S., and Thakare, A.N. Survey on Security in Wireless Sensor Networks Using Elliptical Curves Cryptography. Available online: http:\/\/www.ijert.org\/view.php?id=5878&title=survey-on-security-in-wireless-sensor-networks-using-elliptical-curves-cryptography."},{"key":"ref_5","unstructured":"Watro, R., Kong, D., Cuti, S.F., Gardiner, C., Lynn, C., and Kruus, P. (2004). ACM Workshop on Security of Ad Hoc and Sensor Networks, ACM Press."},{"key":"ref_6","unstructured":"Wong, K.H., Zheng, Y., Cao, J., and Wang, S. (2006, January 5\u20137). A dynamic user authentication scheme for wireless sensor networks. Taichung, Taiwan."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Tseng, H.R., Jan, R.H., and Yang, W. (2007, January 26\u201330). An improved dynamic user authentication scheme for wireless sensor networks. Washington, DC, USA.","DOI":"10.1109\/GLOCOM.2007.190"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1086","DOI":"10.1109\/TWC.2008.080128","article-title":"Two-factor user authentication in wireless sensor networks","volume":"8","author":"Das","year":"2009","journal-title":"IEEE Trans. Wirel. Commun."},{"key":"ref_9","first-page":"361","article-title":"An enhanced two-factor user authentication scheme in wireless sensor networks","volume":"10","author":"He","year":"2010","journal-title":"Ad Hoc Sens. Wirel. Netw."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"2450","DOI":"10.3390\/s100302450","article-title":"Cryptanalysis and security improvements of \u201ctwo-factor user authentication in wireless sensor networks\u201d","volume":"10","author":"Khan","year":"2010","journal-title":"Sensors"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"704","DOI":"10.4218\/etrij.10.1510.0134","article-title":"A robust mutual authentication protocol for wireless sensor networks","volume":"32","author":"Chen","year":"2010","journal-title":"ETRI J."},{"key":"ref_12","unstructured":"Han, W. Weakness of a Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography. Available online: http:\/\/eprint.iacr.org\/2011\/293."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kocher, P., Jaffe, J., and Jun, B. (1999, January 15\u201319). Differential power analysis. Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-48405-1_25"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"541","DOI":"10.1109\/TC.2002.1004593","article-title":"Examining smart-card security under the threat of power analysis attacks","volume":"51","author":"Messerges","year":"2002","journal-title":"IEEE Trans. Comput."},{"key":"ref_15","first-page":"7","article-title":"A Survey of Elliptic Curve Cryptography Implementation Approaches for Efficient Smart Card Processing","volume":"12","author":"Muthukuru","year":"2012","journal-title":"Glob. J. Comput. Sci. Technol."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Kar, J., and Majhi, B. (2010, January 16\u201318). An efficient password security of multiparty key exchange protocol based on ECDLP. Chengdu, China.","DOI":"10.1109\/ICCET.2010.5485778"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"959","DOI":"10.1016\/j.jpdc.2006.03.006","article-title":"A distributed multi-party key agreement protocol for dynamic collaborative groups using ECC","volume":"66","author":"Venkata","year":"2006","journal-title":"J. Parall. Distrib. Comput."},{"key":"ref_18","first-page":"202","article-title":"A simple user authentication scheme for grid computing","volume":"7","author":"Lu","year":"2008","journal-title":"Int. J. Netw. Secur."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1109\/LCOMM.2009.081609","article-title":"An off-line dictionary attack on a simple three-party key exchange protocol","volume":"13","author":"Nam","year":"2009","journal-title":"IEEE Commun. Lett."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.compeleceng.2009.08.007","article-title":"Enhancement of two-factor authenticated key exchange protocols in public wireless LANs","volume":"36","author":"Lee","year":"2010","journal-title":"Comput. Electr. Eng."},{"key":"ref_21","first-page":"3244","article-title":"Dictionary attacks against password-based authenticated three-party key exchange protocols","volume":"7","author":"Nam","year":"2013","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"2505","DOI":"10.1587\/transcom.E95.B.2505","article-title":"An enhanced secure authentication scheme with anonymity for wireless environments","volume":"E95.B","author":"Jeon","year":"2012","journal-title":"IEICE Trans. Commun."},{"key":"ref_23","unstructured":"Buttyan, L., and Csik, L. (2, January 29). Security analysis of reliable transport layer protocols for wireless sensor networks. Mannheim, Germany."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Brownfield, M., Gupta, Y., and Davis, N. (2005, January 15\u201317). Wireless sensor network denial of sleep attack. West Point, NY, USA.","DOI":"10.1109\/IAW.2005.1495974"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"2358","DOI":"10.1109\/TAC.2011.2163881","article-title":"Maximum damage battery depletion attack in mobile sensor networks","volume":"56","author":"Khouzani","year":"2011","journal-title":"IEEE Trans. Autom. Control"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1347","DOI":"10.1109\/TNET.2012.2183642","article-title":"Maximum damage malware attack in mobile wireless networks","volume":"20","author":"Khouzani","year":"2012","journal-title":"ACM Trans. Netw."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1007\/s10207-006-0011-9","article-title":"Identity-based key agreement protocols from pairings","volume":"6","author":"Chen","year":"2007","journal-title":"Int. J. Inf. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"3508","DOI":"10.1109\/TVT.2009.2012389","article-title":"Identity-based anonymous remote authentication for value-added services in mobile networks","volume":"58","author":"Cao","year":"2009","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1016\/j.inffus.2011.01.001","article-title":"An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security","volume":"13","author":"He","year":"2012","journal-title":"Inf. Fusion"},{"key":"ref_30","first-page":"1845","article-title":"Weaknesses and improvement of secure hash-based strong-password authentication protocol","volume":"26","author":"Jeong","year":"2010","journal-title":"J. Inf. Sci. Eng."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"1683","DOI":"10.1109\/TIE.2006.881998","article-title":"Security enhancement on a new authentication scheme with anonymity for wireless environments","volume":"53","author":"Lee","year":"2006","journal-title":"IEEE Trans. Ind. Electron."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"299","DOI":"10.1093\/ietfec\/e90-a.1.299","article-title":"Security analysis of a nonce-based user authentication scheme using smart cards","volume":"E90-A","author":"Nam","year":"2007","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"key":"ref_33","unstructured":"Rubin, A.D., and Honeyman, P. (1994, January 14\u201316). Nonmonotonic cryptographic protocols. Franconia, NH, USA."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Das, M.L., and Narasimhan, V.L. (2008, January 7\u20139). Towards a formal verification of an authentication protocol using non-monotonic logic. Las Vegas, NV, USA.","DOI":"10.1109\/ITNG.2008.140"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Xu, Y., and Xie, X. (2008, January 12\u201314). Analysis of authentication protocols based on Rubin logic. Dalian, China.","DOI":"10.1109\/WiCom.2008.1120"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Vaidya, B., Makrakis, D., and Mouftah, H. (2012). Two-factor mutual authentication with key agreement in wireless sensor networks. Secur. Commun. Netw.","DOI":"10.1002\/sec.517"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/14\/6\/10081\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T21:12:16Z","timestamp":1760217136000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/14\/6\/10081"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,6,10]]},"references-count":36,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2014,6]]}},"alternative-id":["s140610081"],"URL":"https:\/\/doi.org\/10.3390\/s140610081","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,6,10]]}}}