SLMAS: A Secure and Light Weight Mutual Authentication Scheme for the Smart Wheelchair

Abstract

The modern innovation called the Internet of Things (IoT) empowers individuals to connect to anybody and anything at any point, wherever. The application of the IoT in smart cities concerning smart healthcare management can improve patient welfare, user acceptance, the standard of living, and accurate illness monitoring. Powered wheelchairs (PW) with sensors, computers, and other connected assistive technologies are called smart wheelchairs. Smart wheelchairs with sensing abilities are intended to offer universal connectivity using cloud and edge computing technology. Numerous outstanding people were impacted by paralyzing phenomena, including Stephen Hawking and Max Brito. The issue of legitimacy is one of the most important difficulties in e-health applications, because of how sensitive the technology is, and this needs to be appropriately handled. To safeguard the data transport, usage, and interchange between sensor nodes/smart wheelchairs and servers, e-health applications require an authentication method. As all conversations use wireless channels, e-health apps are exposed to various vulnerabilities. Additionally, the IoT has limited computational and power capacity limitations. To combat the various security risks, the present research offers a user authentication technique that is efficient and ensures anonymity. The suggested method creates a safe connection for the authorized entity and forbids unauthorized entities from accessing the Internet of Things sensor nodes. The suggested approach has lower communication and computation overheads than the traditional techniques, making it more effective. In addition, the security verification of the presented protocol is scrutinized through AVISPA. The proposed scheme, on average, requires only 12.4% more computation cost to execute. Compared to the existing approaches, the suggested protocol’s extra computational cost can be compensated for by its enhanced security, while the suggested method’s communication cost is 46.3% smaller.

1. Introduction

Human life is marvelous. By creating safer equipment with intelligent technologies, technology and science are crucial for ensuring people’s security. In the last few years, technology has made significant progress. Rather than being called by their names, many products in our homes and everyday life are now prefixed with the word “smart” [1]. For example, the terminology used to describe modern “Smart Wheelchairs” and the hardware and software needed to make traditional wheelchairs, smart homes, smart TVs, and smartphones have influenced this. The very first motorized wheelchair was created by George Klein fifteen years ago [2,3]; and since then, there have been several initiatives in this area, leading to entirely robotic wheelchairs and intelligent wheelchairs [4]. Various advancements, especially artificial intelligence (AI) [5], Internet of Things (IoT) [6,7], and edge and cloud computing technology [8] have indeed been successfully applied to smart wheelchairs, to assist users in getting around and moving safely without assistance. This research presents another effort to provide safety to mobility impaired humans during the Hajj and Umrah services [9].

The term “Internet of Things” (IoT) refers to enormous networks that combine the Internet with a variety of sensing technologies, to achieve the connection of people, machines, and things at whichever time and at any location, which has become crucial in the age of information. Wireless sensor systems are managed by connecting small nodes [10] or devices through Zigbee, Bluetooth, or WiFi. The IoT in smart cities can have various futuristic applications, especially in healthcare and assistive technology. One such application is the development of intelligent wheelchairs that utilize WSNs for tracking and monitoring the location and movements of the wheelchair user. This can aid in providing better assistance and care for people with mobility impairments, as presented in Figure 1. Smart wheelchairs with sensing abilities are intended to offer universal connectivity using cloud and edge computing technology.

Another application can be using WSNs for asset tracking in industry, such as tracking the movement and location of goods and products within a warehouse or during transportation. This can improve inventory management and logistics. WSNs can also be used in agriculture for tracking the movement and location of livestock, crops, and equipment. This can aid in improving the overall efficiency and productivity of farms and enable better management of resources. In smart cities, WSNs can be used for traffic management, monitoring air quality, and detecting environmental hazards. This can make cities more sustainable, efficient, and safer for citizens.

Overall, the potential applications of WSN-based tracking technology are vast and may significantly impact various fields and industries in the future. Moreover, wireless sensor networks (WSN) have additional security concerns over traditional networks, since the data gathered by nodes is relayed across open channels; these nodes are frequently installed in hostile or unsupervised areas, where they are easy targets for destruction or capture [11]. Undoubtedly, a security compromise might have severe and far-reaching repercussions if private data such as user names or crucial node information were to be revealed. It is crucial to create a secure authentication mechanism, to protect the integrity of the data communicated in WSN and the legitimacy of each entity. Additionally, perhaps a scheme might utilize numerous security measures, such as mutual authentication, user anonymity, unlinkability, password updates, two-factor security, secure session key agreement, perfect forward secrecy, and known session key security, and it should resist other well-known attacks [12]. Moreover, the subsequent section provides definitions and explanations for key terms and concepts used throughout this document.

1.1. Key Terms Explanation

This section is designed to help readers better understand the language and terminology used in this article and to ensure that everyone uses the same definitions for essential concepts.

1.1.1. XOR Operation

The XOR (exclusive or) operation is a fundamental building block for encryption and decryption techniques in cryptography. A logical operation called XOR produces a binary output from two binary inputs. This is how the XOR operation is described: If both input bits are the same, the output bit is 0. The output value is 1 if the input bits are different.

1.1.2. Cryptographic Hash Mechanism

A mathematical operation called a cryptographic hash function converts arbitrary sized input data into a fixed-size output presented as a hash value or a message digest. The hash value is a singular presentation of the input data; hence, any modification to the input data will result in a non-identical hash value. Cryptographic hash functions are frequently utilized for many tasks in cryptography, such as digital signatures, message authentication codes (MACs), and password storage.

1.1.3. Elliptic Curve Cryptography (ECC)

The algebraic behavior of elliptic curves over finite fields provides the basis for the public-key encryption known as elliptic curve cryptography (ECC). ECC is a relatively new and potent cryptographic approach, with various benefits compared to more established public-key encryption technologies such as RSA and Diffie–Hellman.

1.1.4. Symmetric Cryptography

Data may be encrypted and decrypted employing a single secret key with symmetric cryptography. Therefore, this means the sending party and the person who receives the encrypted data must have access to the private key. Other terms used for symmetric cryptography include shared-secret and secret-key.

1.1.5. Asymmetric Cryptography

Information is encrypted via a public key and decrypted via a private key in asymmetric cryptography. This makes it possible for two people to communicate securely without revealing the secret key. Asymmetric cryptography is frequently used in various applications, such as secure email, online banking, and e-commerce, as well as for digital signatures, key exchange, and encryption.

1.1.6. Hajj and Umrah Services

Islam’s two most significant pilgrimages, the Hajj and Umrah, both require visits to the Saudi Arabian holy city of Mecca. Every able-bodied Muslim with the financial means must perform the Hajj, one of Islam’s five pillars, whereas Umrah is an optional trip that can be made any time of the year.

1.2. Adversarial Model

This paper considers the widely recognized Dolev–Yao (DY) adversarial model [13], which was applied in [14,15,16]. In an adversarial model, the adversary ($\mathcal{A}$) is assumed to possess the following capabilities:

• The communication between two parties occurs via a public channel, and neither endpoint is deemed trustworthy.
• The $\mathcal{A}$ possesses complete owning authority over the public communication channel.
• The $\mathcal{A}$ can improve or edit the message being transmitted through the public channel and create a fraudulent message.
• It is impossible to compromise the secret/private key of the trusted authority ($TA$)/ central authority ($CA$).

1.3. Motivations and Contributions

SLMAS aims to address the security and privacy issues that smart wheelchairs encounter. These challenges include unlawful access, data manipulation, and privacy violations, which may jeopardize the wheelchair user’s security and privacy. With sensors and communication tools, smart wheelchairs can connect with other hardware and software, including smartphones, Internet of Things (IoT) devices, and cloud services. Nevertheless, because these products are susceptible to cyberattacks such as eavesdropping, impersonation, and data theft, their connection also brings new security dangers. By lowering the computational and communication overheads, SLMAS aims to provide a safe and effective communication system for intelligent wheelchairs, which secures them against these security threats. SLMAS mutual authentication (MA) mechanism will ensure that only permitted devices can communicate with the wheelchair and that all communications are secured against tampering or unauthorized access.

The rest of the article is designed as follows: a review of the literature examines the prior literature and research on the subject of the planned project in Section 2. The proposed scheme and the methodology are provided in Section 3. Section 4 offers a rigorous security assessment of the suggested research project and highlights potential weaknesses. A computation, communication, and feature comparison is given in Section 5. The article’s main conclusions are outlined in the last section, along with the article’s contributions and potential directions for further study.

2. Literature Review

Numerous authentication mechanisms have been researched in the literature since Lamport [17] introduced the first authentication mechanism in 1981. Das et al. [18] presented an efficient two-factor authentication system for WSN in 2009. Afterwards, Khan et al. [19] and Chen et al. [20] observed that Das et al.’s technique is prone to impersonation, offline password-guessing, and insider attacks. Later, they also suggested a different plan to address the security challenges with the Das et al. scheme.

Suh et al. [21]’s physical unclonable functions (PUF) design uses logic circuits’ built-in latency to verify the authenticity of integrated circuits. A PUF circuit that provides privacy-protected verification among a server and limited devices was created by Aysu et al. [22]. On the verification side, Majzoobi et al. suggested a technique replicating a PUF circuit [23,24]. Regarding passive devices such as radio-frequency identification (RFID), this study combines the authentication procedures presented in [25,26,27,28,29,30,31,32]. Although the suggested techniques offer physical-level protection, they are frequently challenging to apply in an IoT environment, because an authentication server stores many challenge-response pairs (CRPs).

The technique proposed by Challa et al. [33] that used an ECC-based user authentication scheme was deemed insecure against impersonation assaults by Jia et al. [34]. Additionally, [33] has large communication and computational overheads. An approach centered on IoT-based cloud systems was presented by Zhou et al. [35]. This method is, unfortunately, susceptible to man-in-the-middle (MITM), impersonation, privileged insider, and replay attacks [36].

User authentication and key agreement mechanisms for various WSN and IoT networks were proposed by Farash et al. [37]. Amin et al. [38] found some flaws with this method and exposure to impersonation attacks and offline password-guessing attacks. In the meantime, Sharma and Kalra used a lightweight user authentication scheme, whereas Canetti and Krawczyk [39] demonstrated this as unsafe against privileged insider attacks. In addition, another novel technique for user authentication and key agreement was suggested by Turkanovi’c et al. [40]. This technique was discovered to be susceptible to various attacks, including offline password guessing, user impersonation, and attacks on sensor nodes [41]. A minimalist key management authentication technique ideal for Internet of Things deployment was developed by Wazid et al. [42]. This method offers faster and more efficient connection using the xor operation and a one-way cryptographic hash mechanism.

Different authentication methods were studied by Hussain et al. [43] with two different classifications. Additionally, they investigated the various authentication strategies and outlined the benefits, drawbacks, obstacles, efficiency evaluations, and resilience versus various security attacks. The security assessment and performance assessment were unfortunately incomplete. Regarding the security component, the researchers only highlighted a few of the discovered threats. Only a portion of the computational costs was covered in the efficiency section, and no discussion of communication, energy, and storage costs was included.

The existing security solutions are exposed to numerous attacks, such as impersonation, MITM, and replay, as shown by the relevant schemes covered in this literature survey; most of the solutions offered failed to solve these anonymity and untraceability problems. Therefore, the current schemes are inappropriate for resource-constrained deployments of IoT-based smart wheelchairs, due to poor security and pricey features; these drawbacks are displayed in

Table 1. An overview of the shortcomings/drawbacks of earlier user authentication methods for wireless sensor networks.

Scheme	Year	Drawbacks
Shreya et al. [44]	2022	Using IoMT devices entails new security and privacy problems, such as unwanted access to private medical information or the danger of data breaches because of device or communication channel flaws.
Masud et al. [36]	2021	It is prone to session key leakage, offline password guessing, and traceability attacks.
Zhou et al. [35]	2019	It is open to man-in-the-middle, privileged insider, impersonation and replay attacks. Moreover, its computation cost is very high
Sharma et al. [45]	2019	It is open to privileged insider and password guessing attacks
Wazid et al. [42]	2019	It is open to impersonation and lacks anonymity property attacks
Chang et al. [46]	2017	Its disadvantage is that the user ID and OTP are not secured throughout the login and authentication process
Wu et al. [47]	2018	It is not secure against user impersonation attacks and can also not provide user anonymity

.

3. Proposed Scheme

User authentication for a smart wheelchair is highlighted in this section. The sensor node (SN) gathers real-time data and transmits it to the server ($Ss$). In this case, $SN$ and $Ss$ registration is performed by a trusted authority ($TA$). Before the data is sent, the validity of $SN$ and $Ss$ is checked. After mutual authentication, the parties engaged in communication create a shared session key for secure communication. Moreover, the different notations employed in this study are provided in

Table 2. Notation Guide.

Symbols	Representations
$S{N}_n,S{N}_{I{D}_n},P{R}_{I{D}_n}$	nth sensor node, its personal identity, pseudo-random identity
$S_s,S_{I{D}_s},P{R}_{I{D}_s}$	sth server, its personal identity, pseudo-random identity
$TA,MSK$	Trusted Authority and its secret master-key
$\delta T,TC$	Maximum admissible transmission-delay and present-time
$S{K}_{ns}(=S{K}_{sn})$	Shared session key between $S{N}_n$ and $S_s$
$SKE{Y}_{TA,n}$	Shared-secret-key among the $TA$ and $SN$
$SKE{Y}_{TA,s}$	Shared-secret-key among the $TA$ and server
$T_{TA},T_n,T_s$	Current timestamps of $TA$, $S{N}_n$, and $S_s$
$RN{D}_i$	ith random value of 160 bits
$i\stackrel{?}{=}j$	Verify if i equals to j
$H(.)$	Cryptographic one way hash function
$\mathcal{A},U_{\mathcal{A}}$	An adversary and privileged insider
$\oplus ,\left|\right|$	Bitwise exclusive or and concatenation-operators

. Furthermore, a block diagram is given in Figure 2, which represents the system and process and shows the proposed scheme’s major component interrelationships.

3.1. Initialization Process

In this procedure, the trusted authority ($TA$) chooses a publicly available one-way hash function $\left\{H\right(.)\}$ and $MSK\in {\mathcal{Z}}_p$ a private master key.

3.2. Server Registration Process

This phase covers the process of enrolling the servers, with the $TA$ as depicted in

Table 3. Proposed server registration process.

Server $({\mathit{S}}_{\mathit{s}})$	Trusted Authority $(\mathit{TA})$
Select an identity $S_{I{D}_s}$
$\underset{(S_s\to TA)}{\overset{S_{I{D}_s}}{\to }}$
	Picks arbitrary number $RN{D}_1\in {\mathcal{Z}}_p$
	and Pseudo-random identity $P{R}_{I{D}_s}$
	COMPUTE:
	$X_s=H(S_{I{D}_s}\left|\right|RN{D}_1)$
	$SKE{Y}_{TA,s}=H(X_s\left|\right|MSK)$
	Store $\{P{R}_{I{D}_s},EN{C}_{MSK}[S_{I{D}_s},X_s]\}$
	tuple in the database
	$\underset{(S_s\leftarrow TA)}{\overset{\langle P{R}_{I{D}_s},SKE{Y}_{TA,s}\rangle }{\leftarrow }}$
Save $\{P{R}_{I{D}_s},S_{I{D}_s},SKE{Y}_{TA,s}\}$

:

• Server ($S_s$) picks an identity $S_{I{D}_s}$, and sends it through a protected link to the $(TA)$.
• $TA$ obtains the registration request from $S_s$, opts for a random number $RN{D}_1\in {\mathcal{Z}}_p^{*}$, a temporary identity $P{R}_{I{D}_s}\in {\mathcal{Z}}_p^{*}$, and computes $X_s=H(S_{I{D}_s}\left|\right|RN{D}_1),SKE{Y}_{TA,s}=H(X_s\left|\right|MSK)$. $TA$ sends the message that contains $\{P{R}_{I{D}_s},SKE{Y}_{TA,s}\}$ to $S_s$ over the trusted channel. $TA$ further save the parameter $\{P{R}_{I{D}_s},EN{C}_{MSK}[S_{I{D}_s},X_s]\}$ in the database.
• Upon receiving the response from $TA$, $S_s$ saves the parameters $\{P{R}_{I{D}_s},S_{I{D}_s},SKE{Y}_{TA,s}\}$.

3.3. Sensor Node Registration Process

The steps taken to enrol a sensor node with the system presented in

Table 4. Proposed SN registration process.

Sensor Node $(\mathit{SN})$	Trusted Authority $(\mathit{TA})$
Select an identity $S{N}_{I{D}_n}$
$\underset{(SN\to TA)}{\overset{S{N}_{I{D}_l}}{\to }}$
	Picks arbitrary number $RN{D}_2\in {\mathcal{Z}}_p$
	and Pseudo-random identity $P{R}_{I{D}_n}$
	COMPUTE:
	$X_n=H(S{N}_{I{D}_n}\left|\right|RN{D}_2)$
	$SKE{Y}_{TA,n}=H(X_n\left|\right|MSK)$
	Store $\{P{R}_{I{D}_n},EN{C}_{MSK}[S{N}_{I{D}_n},X_n]\}$
	tuple in the database
	$\underset{(SN\leftarrow TA)}{\overset{\langle P{R}_{I{D}_n},SKE{Y}_{TA,n}\rangle }{\leftarrow }}$
Save $\{P{R}_{I{D}_n},S{N}_{I{D}_n},SKE{Y}_{TA,n}\}$

include the following:

• Sensor Node ($S{N}_n$) catches an identity $S{N}_{I{D}_n}$, and sends it through a protected route to the $(TA)$.
• $TA$ is contacted by the registration request from $S{N}_n$, decides a random values $RN{D}_2\in {\mathcal{Z}}_p^{*}$, a temporary identity $P{R}_{I{D}_n}\in {\mathcal{Z}}_p^{*}$, and computes $X_n=H(S{N}_{I{D}_n}\left|\right|RN{D}_2),$ $SKE{Y}_{TA,n}=H(X_n\left|\right|MSK)$. $TA$ communicates the message that contains $\{P{R}_{I{D}_n},$ $SKE{Y}_{TA,n}\}$ to $S{N}_n$ over the protected medium. $TA$ also saves the value $\{P{R}_{I{D}_n},$ $EN{C}_{MSK}[S{N}_{I{D}_n},X_n]\}$ in the database.
• Upon receiving the response from $TA$, $S{N}_n$ saves the parameters $\{P{R}_{I{D}_n},S{N}_{I{D}_n},SKE{Y}_{TA,n}\}$, as presented in Table 7.

3.4. Authentication and Key-Agreement Process

Below are the steps that are performed by $S{N}_n$ and $S_s$ to build a session key with the assistance of a $TA$, to secure the communication and mutually authenticate each other:

• $S{N}_N$ selects an arbitrary number $RN{D}_3$ and timestamp $T_{SN}$ and computes $V_{temp1}=H(SKE{Y}_{TA,n}\left|\right|S{N}_{I{D}_n}),RN{D}_3^{{}^{\prime }}=RN{D}_3\oplus V_{temp1},AUT{H}_n=H(R_3\left|\right|V_{temp1}\left|\right|T_{SN})$. Finally, $S{N}_n$ transmits the message to the $TA$ containing $\langle RN{D}_3^{{}^{\prime }},AUT{H}_n,P{R}_{I{D}_n},T_{SN}\rangle$ over the public channel.
• Upon obtaining the message from $S{N}_n$, $TA$ first verifies the message freshness by examining the condition $|TC-T_{SN}\le \delta T|$ and check if $P{R}_{I{D}_n}$ exists in DB.
• If true, $TA$ further computes $[S{N}_{I{D}_n},X_n]=DE{C}_{MSK}[S{N}_{I{D}_n},X_n],SKE{Y}_{TA,n}=H(X_n\left|\right|MSK),V_{temp2}=H(SKE{Y}_{TA,n}\left|\right|S{N}_{I{D}_n}),RN{D}_3=RN{D}_3^{{}^{\prime }}\oplus V_{temp2}$. $TA$ verifies the authenticity of the $S{N}_n$ by examining the condition $AUT{H}_n\stackrel{?}{=}H(RN{D}_3\left|\right|V_{temp2}\left|\right|T_{SN}).$
• If true, $TA$ further computes $[S_{I{D}_s},X_s]=DE{C}_{MSK}\left[X_s\right],SKE{Y}_{TA,s}=H(X_s\left|\right|MSK),V_{temp3}=H(SKE{Y}_{TA,s}\left|\right|S_{I{D}_s}\left|\right|T_{TA})$. $TA$ picks two arbitrary numbers $RN{D}_4,RN{D}_5$ and further computes $AUT{H}_{TA,s}=H(RN{D}_4\left|\right|V_{temp3}\left|\right|T_{TA}),RN{D}_4^{{}^{\prime }}=RN{D}_4\oplus V_{temp3},Y_{TA,s}=H(RN{D}_5\left|\right|V_{temp2})$. Finally, $TA$ sends the message containing $\langle P{R}_{I{D}_s},RN{D}_4^{{}^{\prime }},AUT{H}_{TA,s},Z_{TA,s},T_{TA}\rangle$ to the $S_s$ over the insecure channel.
• Upon obtaining the message from $TA$, $S_s$ first verifies the messages freshness by examining the condition $|TC-T_{TA}\le \delta T|$. Next $S_s$ computes $V_{temp4}=H(SKE{Y}_{TA,s}\left|\right|S_{I{D}_s}\left|\right|T_{TA}),RN{D}_4=RN{D}_4^{{}^{\prime }}\oplus V_{temp4}$ and confirms the legitimacy of the $TA$ by assessing the scenario $AUT{H}_{TA,s}\stackrel{?}{=}H(RN{D}_4\left|\right|V_{temp4}\left|\right|T_{TA})$.
• If true, $S_m$ picks two arbitrary numbers $RN{D}_6,RN{D}_7,$ and presents timestamp $T_s$, and further computes $S{K}_{s,n}=H(RN{D}_6\left|\right|Z_{TA,s}\oplus V_{temp4}\left|\right|T_s),RN{D}_6^{{}^{\prime }}=RN{D}_6\oplus V_{temp4},RN{D}_7^{{}^{\prime }}=RN{D}_7\oplus V_{temp4},AUT{H}_s=H(RN{D}_7\left|\right|V_{temp4}\left|\right|T_s)$. Finally, $S_s$ sends the message containing $\langle S{K}_{sn},RN{D}_6^{{}^{\prime }},RN{D}_7^{{}^{\prime }},AUT{H}_s,T_s\rangle$ to the $TA$ via an open channel.
• When the message arrives from $S_s$ to $TA$, $TA$ first assesses the message freshness by validating the condition $|TC-T_S\le \delta T|$. If true, $TA$ further computes pick $RN{D}_6=RN{D}_6^{{}^{\prime }}\oplus V_{temp3},RN{D}_7=RN{D}_7^{{}^{\prime }}\oplus V_{temp3}$, and corroborates the validity of the $S_s$ by checking the condition $AUT{H}_s\stackrel{?}{=}H(RN{D}_7\left|\right|V_{temp3}\left|\right|T_s)$.
• If true $TA$, picks a current timestamp $T_{TA}^{+}$ and further computes $Z_{TA,n}=Z_{TA,s}\oplus V_{temp2}\oplus V_{temp3},AUT{H}_{TA,n}=H(RN{D}_3\left|\right|V_{temp2}\left|\right|T_{TA}^{+}),RN{D}_6^{{}^{\prime }}=RN{D}_6\oplus V_{temp2}\oplus V_{temp3}$. $TA$ finally transmits the message containing $\langle RN{D}_6^{{}^{\prime }},Z_{TA,n},AUT{H}_{TA,n},T_s,T_{TA}^{+}\rangle$ to the $S{N}_n$ via an open channel.
• Upon the arrival of messages from the $TA$, $S{N}_n$ firstly checks the message’s timeliness by inspecting the condition $|TC-T_{TA}^{+}\le \delta T|$.
• If true, $SN$ further checks the condition $AUT{H}_{TA,n}\stackrel{?}{=}H(RN{D}_3\left|\right|V_{temp1}\left|\right|T_{TA}^{+})$ to authenticate the $TA$.
• If the condition is validated successfully $S{N}_n$ will compute $Z_{TA,s}=Z_{TA,n}\oplus V_{temp1},$ $S{K}_{ns}\stackrel{?}{=}H(RN{D}_6\left|\right|Z_{TA,s}\oplus T_s)$. If $S{K}_{ns}=S{K}_{sn}$, this key safeguards communication among the $S{N}_n$ and $S_s$.

4. Security Evaluation of the Proposed Methodology

4.1. Informal Analysis

The resilience of the proposed method is examined in this section using the adversarial model described in Section 1.2. This analysis identified potential attacks that could be carried out against the protocol and possible countermeasures that could be implemented to mitigate these risks. The informal analysis section describes the protocol’s security and identifies areas where further improvements or modifications may be needed, to enhance its security properties. In the subsections that follows, it is demonstrated that our system is safe against well-known threats.

4.1.1. Mutual Authentication (MA)

We can justify the domination that $\mathcal{A}$ has over a legitimate login response, and reply authentication response is significant. Thus, by checking the validity of the sent communications, $S{N}_n$ and $S_s$ may authenticate one another using $TA$. Consequently, mutual authentication may be accomplished using the suggested approach.

4.1.2. Untraceability

Randomized nonces $(RN{D}_1,....,RN{D}_7)$ and the current time-stamp are selected arbitrarily throughout the authentication process, to ensure each candidate’s messages $(MS{G}_1,...,MS{G}_4)$ are unique. An attacker cannot identify any connections between the messages delivered by $SN$ and cannot identify the source. Additionally, genuine identities or pseudonyms are carried out in a protected one-way collision-resistant hash function, rather than being used openly in communications. The suggested approach can thereby attain untraceability.

4.1.3. Anonymity

In our proposed system, $V_{temp1}=H(SKE{Y}_{TA,n}\left|\right|S{N}_{I{D}_n}),RN{D}_3^{{}^{\prime }}=RN{D}_3\oplus V_{temp1},AUT{H}_n=H(R_3\left|\right|V_{temp1}\left|\right|T_{SN})$ the sensor’s node identification $S{N}_{I{D}_n}$ is communicated in a masked form rather than directly in plain text. Additionally, $S{N}_{I{D}_n}$ is included in $M1=\langle RN{D}_3^{{}^{\prime }},AUT{H}_n,P{R}_{I{D}_n},T_{SN}\rangle$. Due to the difficulty of predicting a 160-bit random integer, it is simply not possible for the attacker $\mathcal{A}$ to determine the true identity of the $SN$ without knowing the mask key $MSK$. The suggested technique can consequently ensure anonymity.

4.1.4. Session Key Agreement

$SN$ authenticates $TA$ by evaluating the authenticity of $AUT{H}_{TA,n}$, $TA$ authenticates $S_s$ by evaluating the authenticity of $AUT{H}_{TA,s}$, and $TA$ authenticates the $SN$ by evaluating the authenticity of $AUT{H}_n$; thus, $SN$, $TA$, and $S_s$ ensure they are entitled to random nonce $RN{D}_3$, $RN{D}_4$, $RN{D}_5$, $RN{D}_6$ and $RN{D}_7$. To generate the session key, $SK=S{K}_{ns}=S{K}_{s,n}=H(RN{D}_6\left|\right|Z_{TA,s}\oplus V_{temp4}\left|\right|T_s)$ and employ the session key when communicating. The presented approach can thus offer a robust session key agreement, as shown in

Table 5. Authentication and key-agreement process.

Sensor Node ($\mathit{SN}$)	Trusted Authority ($\mathit{TA}$)	Server (${\mathit{S}}_{\mathit{s}}$)
Select $RN{D}_3$ and $T_{SN}$
COMPUTE:
$V_{temp1}=H(SKE{Y}_{TA,n}\left|\right|S{N}_{I{D}_n})$
$RN{D}_3^{{}^{\prime }}=RN{D}_3\oplus V_{temp1}$
$AUT{H}_n=H(R_3\left|\right|V_{temp1}\left|\right|T_{SN})$
$\underset{(SN\to TA)}{\overset{MS{G}_1=\langle RN{D}_3^{{}^{\prime }},AUT{H}_n,P{R}_{I{D}_n},T_{SN}\rangle }{\to }}$
	$|TC-T_{SN}\le \delta T|$ and check if $P{R}_{I{D}_n}$ exists in DB.
	IF TRUE:
	$[S{N}_{I{D}_n},X_n]=DE{C}_{MSK}[S{N}_{I{D}_n},X_n]$
	$SKE{Y}_{TA,n}=H(X_n\left|\right|MSK)$
	$V_{temp2}=H(SKE{Y}_{TA,n}\left|\right|S{N}_{I{D}_n})$
	$RN{D}_3=RN{D}_3^{{}^{\prime }}\oplus V_{temp2}$
	$AUT{H}_n\stackrel{?}{=}H(RN{D}_3\left|\right|V_{temp2}\left|\right|T_{SN})$
	IF TRUE:
	$[S_{I{D}_s},X_s]=DE{C}_{MSK}\left[X_s\right]$
	$SKE{Y}_{TA,s}=H(X_s\left|\right|MSK)$
	$V_{temp3}=H(SKE{Y}_{TA,s}\left|\right|S_{I{D}_s}\left|\right|T_{TA})$
	Pick $RN{D}_4,RN{D}_5$ and $T_{TA}$
	$AUT{H}_{TA,s}=H(RN{D}_4\left|\right|V_{temp3}\left|\right|T_{TA})$
	$RN{D}_4^{{}^{\prime }}=RN{D}_4\oplus V_{temp3}$
	$Y_{TA,s}=H(RN{D}_5\left|\right|V_{temp2})$
	$Z_{TA,s}=H(SKE{Y}_{TA,s}\left|\right|RN{D}_3\left|\right|RN{D}_5\left|\right|Y_{TA,s}\left|\right|MSk)\oplus V_{temp3}$
	$\underset{(TA\to S_s)}{\overset{MS{G}_2=\langle P{R}_{I{D}_s},RN{D}_4^{{}^{\prime }},AUT{H}_{TA,s},Z_{TA,s},T_{TA}\rangle }{\to }}$
		$|TC-T_{TA}\le \delta T|$ and
		IF TRUE:
		$V_{temp4}=H(SKE{Y}_{TA,s}\left|\right|S_{I{D}_s}\left|\right|T_{TA})$
		$RN{D}_4=RN{D}_4^{{}^{\prime }}\oplus V_{temp4}$
		$AUT{H}_{TA,s}\stackrel{?}{=}H(RN{D}_4\left|\right|V_{temp4}\left|\right|T_{TA})$
		IF TRUE:
		Pick $RN{D}_6,RN{D}_7,$ and $T_s$
		$S{K}_{s,n}=H(RN{D}_6\left|\right|Z_{TA,s}\oplus V_{temp4}\left|\right|T_s)$
		$RN{D}_6^{{}^{\prime }}=RN{D}_6\oplus V_{temp4}$
		$RN{D}_7^{{}^{\prime }}=RN{D}_7\oplus V_{temp4}$
		$AUT{H}_s=H(RN{D}_7\left|\right|V_{temp4}\left|\right|T_s)$
		$\underset{(TA\leftarrow S_n)}{\overset{MS{G}_3=\langle S{K}_{sn},RN{D}_6^{{}^{\prime }},RN{D}_7^{{}^{\prime }},AUT{H}_s,T_s\rangle }{\leftarrow }}$
	$|TC-T_S\le \delta T|$
	IF TRUE:
	Pick $T_{TA}^{+}$
	$RN{D}_6=RN{D}_6^{{}^{\prime }}\oplus V_{temp3}$
	$RN{D}_7=RN{D}_7^{{}^{\prime }}\oplus V_{temp3}$
	$AUT{H}_s\stackrel{?}{=}H(RN{D}_7\left|\right|V_{temp3}\left|\right|T_s)$
	$Z_{TA,n}=Z_{TA,s}\oplus V_{temp2}\oplus V_{temp3}$
	$AUT{H}_{TA,n}=H(RN{D}_3\left|\right|V_{temp2}\left|\right|T_{TA}^{+})$
	$RN{D}_6^{{}^{\prime }}=RN{D}_6\oplus V_{temp2}\oplus V_{temp3}$
	$\underset{(SN\leftarrow TA)}{\overset{MS{G}_4=\langle RN{D}_6^{{}^{\prime }},Z_{TA,n},AUT{H}_{TA,n},T_s,T_{TA}^{+}\rangle }{\leftarrow }}$
$|TC-T_{TA}^{+}\le \delta T|$
IF TRUE:
$AUT{H}_{TA,n}\stackrel{?}{=}H(RN{D}_3\left|\right|V_{temp1}\left|\right|T_{TA}^{+})$
$RN{D}_6=RN{D}_6^{{}^{\prime }}\oplus V_{temp1}$
$Z_{TA,s}=Z_{TA,n}\oplus V_{temp1}$
$S{K}_{ns}\stackrel{?}{=}H(RN{D}_6\left|\right|Z_{TA,s}\oplus T_s)$
	$\underset{(S{N}_n\&S_s\mathrm{both}\mathrm{save}\mathrm{the}\mathrm{same}\mathrm{session-key})}{\overset{S{K}_{ns}(=S{K}_{sn})}{\leftrightarrow }}$

.

4.1.5. Sensor Node Impersonation Attack (IA)

Suppose an attacker $\mathcal{A}$ appears to be trying to portray a communication on behalf of a $SN$ to a trusted authority $TA$. $\mathcal{A}$ attains $\{P{R}_{I{D}_n},S{N}_{I{D}_n},SKE{Y}_{TA,n}\}$ from the sensor node memory and $\langle RN{D}_3^{{}^{\prime }},AUT{H}_n,P{R}_{I{D}_n},T_{SN}\rangle$ while communicating. At this instant, $\mathcal{A}$ attempts to create a response but cannot, since it is unaware of these variables $V_{temp1},R_3$, and $RN{D}_3$; therefore, it is difficult for the adversary to manufacture them. Similarly, trusted authority and server impersonation are impossible due to the secret parameters.

4.1.6. Smart Node Capture Attack

Assume $\mathcal{A}$ has successfully seized a smart node and has obtained its saved and additional data: $\{P{R}_{I{D}_n},S{N}_{I{D}_n},SKE{Y}_{TA,n}\}$. The proper master key $MSK$ and cover-up key $X_n$ cannot be calculated by $\mathcal{A}$, irrespective of whether it receives information, because the master key $MSK$ and mask key $X_n$ are encoded to be resilient to collisions with the one-way hash function. $\mathcal{A}$ cannot construct a further communication session, as the session key is required for further sessions, and the session key is made up of random numbers and pseudonyms. As a result, the proposed approach can withstand attempts to capture smart nodes.

4.1.7. Replay Attack (RA)

The three entities use the random integers $RN{D}_3$, $RN{D}_4$, $RN{D}_5$, and $RN{D}_6$, together with the timestamps $T_{S}N$, $T_{T}A$, and $T_S$, to construct the login messages $MS{G}_1$ and $MS{G}_2$, as well as the response messages $MS{G}_3$ and $MS{G}_4$. Owing to their recentness, $SN$, $TA$, and $Ss$ can distinguish between the acquired and replayed communication, owing to the validity of random nonces and timestamps. As a result, the suggested method can thwart a RA.

4.1.8. Man-in-the-Middle Attack (MITM)

According to Section 3.4, the three participants authenticate each other. As a result, everyone involved can verify one another. As a result, the suggested system can withstand a MITM attack.

4.1.9. Known Session Key Attack

Attacker $\mathcal{A}$ is aware of the $SK$ for an individual session. As is well known, the hash value of the session key $SK$ is created from random numbers and pseudonyms by the parties involved. The robust, resilient to collisions one-way hash function prevents $\mathcal{A}$ from deriving the random integers from $SK$. However, lacking knowledge of the most recent random values, $\mathcal{A}$ cannot determine the correct $SK$ for all the other sessions. The suggested approach can thus defend against known session key attacks.

4.2. Automated Security Analysis Performed Formally with the AVISPA Tool

AVISPA virtual environment program from [48] is used in this section to formally verify the suggested technique and test its resistance to RA and MITM attacks. The following are the AVISPA simulation phases: (1) The role framework for the role-oriented execution of the protocol processes in a high-level language is provided by the HLPSL (high-level protocol specification language), after which it is interpreted into intermediate format (IF) by its converter HLPSL2IF. (2) The security check is subsequently carried out by the OF (output format) utilizing the translated IF.

The role specifications for the sensor node ($SN$), server (S), trusted authority ($TA$), goal, environment, and session are depicted in Figure 3 and Figure 4, accordingly. The AVISPA results, as depicted in Figure 5a,b, demonstrate the presented architecture’s resilience against RA and MITM attacks. While the CL-AtSe back end analyzed 244 states in under $0.51$ s, the OFMC back end evaluated 4816 nodes with a search time of $58.27$ s and a heap depth of 9.

5. Comparative Analysis

This section comprehensively compares different security protocols that can address security requirements and challenges. The analysis compares the schemes with respect to their security and performance characteristics. This section also compares the potential risks of each protocol, such as susceptibility to attacks or other security vulnerabilities. A comparative analysis is an important part of any security document, as it provides decision-makers with a clear understanding of the advantages and disadvantages of different security protocols and helps them make informed decisions about which protocol best suits their needs. Comparisons between the new SLMAS and previously established protocols [49,50,51,52] are provided in this study.

5.1. Functionality Comparison

Table 6. Functionality characteristic comparison.

	[49]	[50]	[51]	[52]	Our
Sensor node anonymity	✓	✓	✓	✓	✓
Ephemeral Secret Leakage (ESL)	✓	✗	✓	✗	✓
Protection against RA	✓	✓	✓	✓	✓
Efficient protocol design	✗	✓	✓	✗	✓
Stolen verifier attack	✗	✓	✗	✗	✓
Stolen $SN$ attack	✓	✓	✓	✓	✓
Untraceability	✓	✓	✓	✓	✓
Parallel $SK$ attack	✗	✓	✓	✓	✓
Reply Attack	✓	✗	✗	✓	✓
Sensor nodes $IA$	✗	✓	✓	✓	✓
Server $IA$	✓	✓	✓	✓	✓
MITM attack	✓	✓	✗	✓	✓
Insider attack	✓	✓	✗	✗	✓
Mutual Authentication	✓	✓	✗	✓	✓
Formal automated security verification	✓	✓	✓	✗	✓

shows a functional comparison of the introduced and comparable protocols. Table 6 makes it clear that the new protocol provides higher security in comparison to the existing relevant protocols and also provides more advanced security features. Here, ✓ indicates whether a certain feature is present or if a protocol can withstand an attack, and ✗ indicates whether a specific feature is absent or whether a protocol cannot withstand an attack.

5.2. Communication Analysis

The estimated cost of communication is shown in

Table 7. Cost comparison for communication.

Protocols	# of Messages	# of Bytes
Banerjee et al. [49]	4	$(68+40+56+72)=236$
Fakroon et al. [50]	4	$(100+52+52+84)=288$
Nikooghadam et al. [51]	4	$(132+64+40+68)=304$
Moghadam et al. [52]	4	$(60++64+44+40)=208$
Our	4	$(60+80+84+68)=292$

. For comparison, the size of the identities is assumed to be 16 bytes long, timestamps to be 4 bytes long, SHA-1 hash outputs to be 20 bytes long [53], the cost for an ECC point is $(20+20)=40$ bytes, random numbers to be 20 bytes long, and the symmetric encryption/decryption block size is 16 bytes [54,55]. Figure 6 also displays the communication costs of the various protocols.

The communication cost of $MS{G}_1=\langle RN{D}_3^{{}^{\prime }},AUT{H}_n,P{R}_{I{D}_n},T_{SN}\rangle$ is $\langle 20+20+16+4=60\rangle$ bytes, $MS{G}_2=\langle P{R}_{I{D}_s},RN{D}_4^{{}^{\prime }},AUT{H}_{TA,s},Z_{TA,s},T_{TA}\rangle$ is $\langle 16+20+20+20+4=80\rangle$ bytes, $MS{G}_3=\langle S{K}_{sn},RN{D}_6^{{}^{\prime }},RN{D}_7^{{}^{\prime }},AUT{H}_s,T_s\rangle$ is $\langle 20+20+20+20+4=84\rangle$ bytes, and $MS{G}_4=\langle RN{D}_6^{{}^{\prime }},Z_{TA,n},AUT{H}_{TA,n},T_s,T_{TA}^{+}\rangle$ is $\langle 20+20+20+4+4=68\rangle$ bytes, respectively.

Adding together all these results, 292 bytes is the overall communication expense of the newly implemented protocol during the login and authentication process. Table 7 denotes that the presented protocol’s communication cost is minimized as compared to the protocol in [51], and somewhat greater than that in [49,50,52], but this is acceptable because the presented protocol offers greater security than all previously compared protocols, as shown in the Table 6. Figure 6 also illustrates the new protocol’s communication costs.

5.3. Computation Analysis

This part evaluates the cost of computation for the various schemes. The computation times for the ECC multiplication, symmetric encryption/decryption, fuzzy extractor, bilinear pairing, and hash are $13.405$, $1.657$, $13.405$, $32.713$, and $0.056$ ms, respectively, where $T_{fe}\approx T_{ecm}$ as explained in [49].

Table 8. Approximated computation costs for different procedures.

Notations	Explanation	≈ Computation Time
$T_H$	Hash function	$0.056$ ms
$T_{SM}$	Scalar multiplication	$13.405$ ms
$T_{SED}$	Symmetric enc/dec	$1.657$ ms
$T_{FE}$	Fuzzy extractor	$13.405$ ms
	function
$T_{BP}$	Bilinear pairing	$32.713$ ms

also demonstrates the estimated time frames required for specific cryptographic operations and associated notations.

The computing cost of the presented work is a little higher than [50], as seen in

Table 9. Computation cost comparison.

Protocol	$\mathit{User/Mobile}\mathit{Device}$	$\mathit{TA/RA/Server}$	$\mathit{Gateway}$	$\mathit{SD/SN}$	Total Cost
Banerjee et al. [49]	$10T_H+1T_{FE}$	−	$10T_h$	$4T_h$	≈$14.749$ ms
	≈$13.965$ ms	−	≈$0.56$ ms	≈$0.224$ ms
Fakroon et al. [50]	$4T_h$	−	$5T_h$	$24T_H$	≈$1.848$ ms
	≈$0.224$ ms	−	≈$0.28$ ms	≈$1.344$ ms
Nikooghadam et al. [51]	$9T_h+2T_{SM}$	$2T_H+1T_{SM}$	−	$3T_H+2T_{SM}$	≈$67.64$ ms
	≈$27.314$ ms	≈$13.517$ ms	−	≈$26.81$ ms
Moghadam et al. [52]	$5T_H+3T_{SM}+2T_{SED}$	−	$5T_H+3T_{SM}+2T_{SED}$	$3T_H+1T_{SM}$	≈$101.303$ ms
	≈$43.809$ ms	−	≈$43.809$ ms	≈$13.685$ ms
Our	−	$14T_H+2T_{SEC}$	−	$4T_H$	≈$4.322$ ms
	−	≈$4.098$ ms	−	≈$0.224$ ms

. However, the fact that these studies lack some security features in comparison to the security offered by the new scheme, as indicated in Table 6, justifies this difference. The computing cost of the newly implemented protocol is also shown in Figure 7.

6. Limitations and Challenges

This section presents the limitations and challenges encountered while developing this authentication protocol for WSNs. It critically assesses the proposed approach and identifies issues or challenges that may limit its effectiveness.

• Limited Resources: WSNs have resource constraints regarding memory, processing power, and battery life. Therefore, security protocols must be designed with these limitations in mind, to ensure they do not consume too much energy or memory.
• Limited Physical Security: Sensor nodes are often deployed in unattended environments vulnerable to physical attacks. Security protocols should be designed to withstand physical attacks, such as tampering, destruction, or theft of the nodes.
• Communication Overhead: Security protocols often introduce additional communication overheads, leading to increased latency, energy consumption, and reduced network performance. Therefore, it is essential to design security protocols that minimize communication overheads, while providing sufficient security.

7. Conclusions

This article reviewed the current state-of-the-art user authentication mechanisms for WSNs and briefly discussed their benefits and drawbacks. We presented a user authentication scheme for an intelligent wheelchair, which protects wheelchair-transmitted data privacy, while enhancing data protection and effectiveness. Since symmetric keys are used, the suggested approach has minimal communication and computational overheads. Using the well-known AVISPA simulation platform, it was also demonstrated that the offered scheme is resilient against passive and active attacks. The suggested approach is suitable for various intelligent wheelchair scenarios, such as Hajj and Umrah pilgrims [9], since it has low communication and computation running costs and provides robust security. The communication cost of the proposed scheme is 23.97%, 1.39%, and 40.41% higher than the Banerjee et al. [49], Fakroon et al. [50], and Moghadam et al. [52], respectively; and 4.12% less than Nikooghadam et al. [51]. Similarly, the computation cost is 120.67%, 1366.57%, and 2142.97% less than Banerjee et al. [49], Nikooghadam et al. [51], and Moghadam et al. [52], and 85.35% higher than Fakroon et al. [50], respectively.