Session-Dependent Token-Based Payload Enciphering Scheme for Integrity Enhancements in Wireless Networks

: Wireless networks have continued to evolve to offer connectivity between users and smart devices such as drones and wireless sensor nodes. In this environment, insecure public channels are deployed to link the users to their remote smart devices. Some of the application areas of these smart devices include military surveillance and healthcare monitoring. Since the data collected and transmitted to the users are highly sensitive and private, any leakages can have adverse effects. As such, strong entity authentication should be implemented before any access is granted in these wireless networks. Although numerous protocols have been developed for this purpose, the simultaneous attainment of robust security and privacy at low latencies, execution time and bandwidth remains a mirage. In this paper, a session-dependent token-based payload enciphering scheme for integrity enhancements in wireless networks is presented. This protocol amalgamates fuzzy extraction with extended Chebyshev chaotic maps to boost the integrity of the exchanged payload. The security analysis shows that this scheme offers entity anonymity and backward and forward key secrecy. In addition, it is demonstrated to be robust against secret ephemeral leakage, side-channeling, man-in-the-middle and impersonation attacks, among other security threats. From the performance perspective, the proposed scheme requires the least communication overheads and a relatively low execution time during the authentication process.


Introduction
Many wireless network technologies have been developed to facilitate data dissemination and the remote monitoring of physical phenomena. Among these technologies are Wireless Sensor Networks (WSNs), which comprise miniature and low-power devices referred to as sensor nodes [1]. These networks find applications in numerous fields such as in agriculture, disaster relief, military surveillance, transportation, industrial automation, wildlife and safety monitoring. In these environments, WSNs offer infrastructure-free data exchanges over shared network channels devoid of centralized access points [2]. A typical WSN comprises dynamic cooperating nodes that employ multi-hop information transfer [3]. According to [4], WSNs are robust networks that have self-managing and healing capabilities. As explained in [5], a WSN is basically made up of sensors, a gateway node (GWN) and the users. Compared with sensors, GWNs have high computation power,

•
Fuzzy extraction is amalgamated with extended Chebyshev chaotic maps to generate authentication tokens that are shown to be session-specific for integrity enhancement. • Symmetric encryption is deployed to generate temporary keys that are utilized during the authentication and key agreement phase to protect against backward and forward key secrecy compromise attacks.

•
The mobile terminal and the gateway node negotiate a session key to encipher the payload exchanged over the public wireless channels. • Extensive security analysis is carried out and shows that the proposed scheme offers strong mutual authentication and anonymity. In addition, our scheme is shown to be resilient against impersonation, side-channel, man-in-the-middle (MITM), secret ephemeral leakage and packet replay attacks. • Performance evaluation is executed to show that the proposed scheme offers the best security features at relatively low execution time and communication costs.
The rest of this article is organized as follows: Section 2 presents related work regarding wireless network authentication and key agreement while Section 3 details the system model of the proposed scheme. On the other hand, Section 4 presents the comparative and evaluation results, while Section 5 concludes the paper.

Related Work
Numerous security and privacy-preserving techniques have been presented in the literature. However, most of these schemes still have security and privacy issues or have high overheads that render them unsuitable for WSN sensors. For instance, the remote user authentication protocol in [14] is susceptible to denial of service (DoS), off-line password guessing, sensor node capture and user impersonation attacks [15,16]. Similarly, the WSN security schemes in [17,18] cannot withstand off-line guessing attacks. On the other hand, the three-factor authentication in [19] does not offer sensor node anonymity and is vulnerable to de-synchronization attacks. The Chebyshev-chaotic-maps-based scheme is presented in [20], while cloud-centric authentication protocol is developed in [21]. Unfortunately, the scheme in [20,21] cannot withstand side-channeling attacks through power analysis. The same security challenges are inherent in the chaotic-mapbased protocol presented in [22]. As such, the passwords and identities stored in the smart card can be leaked. In addition, the protocol in [21] cannot offer perfect backward and forward key secrecy.
To protect data exchanged over WSNs, authors in [23] have presented a novel authentication scheme. However, as demonstrated by [24], this protocol is vulnerable to both de-synchronization and user forgery attacks. Similarly, the authentication and key agreement protocol introduced in [25] has security flaws [26,27]. Other sets of authentication protocols are based on three factors such as smart cards (SC), passwords and biometrics. In this regard, authors in [28][29][30] have introduced three-factor authentication (3FA) for enhancing security in wireless networks. However, the protocol in [30] cannot withstand user forgery and off-line password guessing attacks [31]. On the other hand, the schemes in [28,29] fail to offer both strong forward key security and offer anonymity [31]. To address these issues, an improved lightweight 3FA protocol is developed in [32]. Unfortunately, this scheme is still vulnerable to both user tracking and off-line guessing attacks [33]. Another 3FA protocol based on bio-hashing is introduced in [15]. However, this approach cannot uphold user anonymity and is vulnerable to both privileged insider and sensor node capture attacks [28]. To address the security challenges in 3FA schemes, other protocols based on techniques such as elliptic curve cryptography (ECC), exclusive-or (XOR), hash functions and biometric and machine learning, have been introduced. For instance, an ECC-based authentication protocol is presented in [34]. However, this protocol is not resilient against ephemeral secret leakage (ESL) attacks.
Apart from security and privacy issues, most of the conventional WSN authentication techniques have high false positives, long latencies or very high communication and computation costs. For instance, the scheme developed in [35] for malicious behavior detection in WSNs generates excessive false positives. On the other hand, the schemes in [36,37] enhance security but at the expense of increased latencies. On their part, the machine-learning-based protocols in [38][39][40][41] improve anomaly detection in networks. However, these schemes have high computational overheads and hence are not suitable for WSN sensors. On the other hand, the scheme developed in [42] upholds confidentiality, non-repudiation, authentication and integrity. Unfortunately, this protocol deploys bilinear pairing operations, which makes it computationally expensive [1,43] and hence not ideal for WSN environment. On their part, authors in [44] have developed a dynamic key management and authentication protocol based on bilinear pairing operations. Although this approach boosts security in hierarchical sensor networks, the deployed pairing operations inadvertently increase its computational complexity [45].
It is clear from the discussions above that the attainment of robust security and privacy at low computation, latency and communication costs is still an open challenge. In this paper, we leverage fuzzy extraction and extended Chebyshev chaotic maps to develop a scheme that is demonstrated to achieve robust security at the lowest communication costs and relatively lower computation overheads.

System Model
In this section, the mathematical primitives of the proposed scheme are discussed followed by the step-by-step discussion of the proposed scheme.

Mathematical Primitives
As already alluded to above, fuzzy extraction and extended Chebyshev chaotic maps are among the main building blocks of the proposed scheme. The mathematical formulations of these two concepts are elaborated upon in the sub-sections below.

Fuzzy Extraction
In biometric-based authentication systems, a fuzzy extractor is commonly deployed. This extractor has two functions, which include Gen and Rep. Given biometric information βio, the operations of these two functions are as follows: 1.
x 1 = Rep(β io * , y 1 ) implies that on receiving a noise biometrics β io * that is fairly similar to β io and auxiliary string y 1 of β io , function Rep(.) reproduces random string x 1 .

Chaotic Maps
The proposed scheme is hinged on an extended Chebyshev polynomial (ECP), from which two computationally complex problems are derived. This ECP is based on the extended Chebyshev chaotic map. The two problems derived from ECP include the chaoticmaps-based Diffie-Hellman problem (CMDHP) and chaotic-maps-based discrete logarithm problem (CMDLP). Takingń as a large prime number and λ1 and λ2 as positive integers, the ECP is defined as follows: On the other hand, the ECP satisfies the following condition: During the security analysis of the authentication protocols, the ECP's CMDHP and CMDLP form the theoretical basis for guaranteeing the security of these protocols. These ECP problems are defined as follows:

Proposed Scheme
Wireless networks make it possible for users to interact with their smart devices in order to access and process data collected from sensors. To accomplish this, mobile terminals such as smart-phones are deployed. As such, in the proposed scheme, the mobile terminal (MT), sensor node (SN), gateway node (GWN) and the trusted authority (TA) are the main components, as shown in Figure 1. The communication between the sensor nodes and their gateway nodes is assumed to be secure. In addition, during the registration phase, the communication between the gateway node and the trusted authority is assumed to be through secure transmission channels. Similarly, the communication between the mobile terminal and the trusted authority during the registration phase is thought to be through secure channels.
In this architecture, the SN perceives the physical environment and forwards the collected data to the GWN for onward transmission to the remote user. On the other hand, the TA executes the registration of all GWNs and MTs before the commencement of data exchanges. Table 1 presents the symbols used in this paper.
The proposed scheme executes in five main phases, which include system initialization, device registration, authentication, key agreement and data exchange. The description of these phases is presented in the sub-sections below. In this architecture, the SN perceives the physical environment and forwards the collected data to the GWN for onward transmission to the remote user. On the other hand, the TA executes the registration of all GWNs and MTs before the commencement of data exchanges. Table 1 presents the symbols used in this paper. The proposed scheme executes in five main phases, which include system initialization, device registration, authentication, key agreement and data exchange. The description of these phases is presented in the sub-sections below.

System Initialization and Registration Phase
In this phase, the trusted authority (TA) initializes the system parameters, after which both the operator's MT and the GWN are registered at the TA. To accomplish MT registration, the operator identity, biometrics and password are input to this terminal. Afterwards, the MT submits its pseudonym PSN to the TA through some secure channels. The TA then validates the supplied PSN before storing the MT's security parameters in its database. The specific steps during initialization and registration are detailed below.
Step 1: The TA chooses a large prime number ń and random nonce Ȓ1 as Chebyshev chaotic map parameters. Next, the trusted authority TA generates nonce ΩTA as its private key before computing its public key ƤTA = Ω TA (Ȓ1) mod ń, where ń is a large prime number. Taking m as the privacy message length, the TA selects two one-way hashing  In this phase, the trusted authority (TA) initializes the system parameters, after which both the operator's MT and the GWN are registered at the TA. To accomplish MT registration, the operator identity, biometrics and password are input to this terminal. Afterwards, the MT submits its pseudonym P SN to the TA through some secure channels. The TA then validates the supplied P SN before storing the MT's security parameters in its database. The specific steps during initialization and registration are detailed below.
Step 1: The TA chooses a large prime numberń and random nonce " R 1 as Chebyshev chaotic map parameters. Next, the trusted authority TA generates nonce ΩTA as its private key before computing its public key P TA = C Ω TA ( " R 1 ) modń, whereń is a large prime number. Taking m as the privacy message length, the TA selects two one-way hashing functions h 1 : {0,1}* → {0,1} m and h 2 : {0,1}* → Z * n before publishing parameter set {ń, " R 1 , P TA , h 1 , h 2 }.
Step 2: The operator inputs identity ID OP and secret code SC OP to the mobile terminal MT before imprinting biometrics β OP on the MT sensor. Thereafter, the MT chooses nonce " R 2 ∈ Z * n as its secret key before deriving security parameters MT S1 = C " (P TA ) modń, A 1 = ID OP ⊕P SN and MT S3 = h 1 (MT S2 )⊕A 1 . The MT then sends registration request MReg Req to the TA accompanied by security parameters set {MT S3 , MT S1 }.
Step 3: After receiving the MT's registration request, the TA derives security parameters MT S2 * = C Ω TA (MT S1 ) modń and A 1 * = h 1 (MT S2 * )⊕MT S3 . It then extracts the operator inputs identity ID OP * and P SN * from A 1 before validating pseudonym P SN * by confirming whether P SN to its database. Finally, it transmits a registration successful TReg SU message to the MT, as shown in Figure 2.
Step 6: On receiving GRegReq from the GWN, the TA computes B2 * = Ω TA (B1) mod ń and B3 * = h1(B2 * )⊕B4. Next, it retrieves IDG * and PSN from B3 before verifying PSN * by confirming whether PSN * ≟ PSN. Provided that this validation is successful, the TA stores security parameter set {IDG * , B2 * } in its database. This is followed by the transmission of a registration successful GRegSU message back to the GWN. Step 4: On receiving TReg SU from the TA, the MT generates nonce " R 3 ∈ Z * n followed by the computation of (x 1 , y 1 ) = Gen (β OP ), A 2 = h 2 (SC OP , x 1 , " R 3 ⊕h 2 (ID OP , SC OP , x 1 ) and A 5 = h 2 (ID OP , A 2 ). Thereafter, it stores {A 4 , A 5 , A 3 , y 1 } to its memory.
Step 5: During GWN registration, it generates identity ID G , secret code SC G and nonce Ω G as its private key. It then chooses nonce " R 4 ∈ Z * n before computing B 1 = C " R 4 ( " R 1 ) mod n, B 2 = C " R 4 (P TA ) modń, B 3 = (ID G ||P SN ) and B 4 = h 1 (B 2 )⊕B 3 . Finally, the GWN sends registration request GReg Req to the TA together with parameter set {B 1 , B 4 }.
Step 6: On receiving GReg Req from the GWN, the TA computes B 2 * = C Ω TA (B 1 ) mod n and B 3 * = h 1 (B 2 * )⊕B 4 . Next, it retrieves ID G * and P SN from B 3 before verifying P SN * by confirming whether P SN * J. Sens P SN . Provided that this validation is successful, the TA stores security parameter set {ID G * , B 2 * } in its database. This is followed by the transmission of a registration successful GReg SU message back to the GWN.
These two phases can be summarized in the pseudo-code below:

Mutual Authentication and Key Agreement Phase
During this phase, the operator supplies the valid identity, secret code and biometrics to the MT, after which a valid signature is generated. This signature is then validated by the TA, after which it derives a temporary key for the GWN. Next, the MT and GWN utilize the TA-generated temporary key to authenticate each other, as described in the steps below.
Step 5: Once the GWN obtains MAuthRes, it re-computes the session key ɸ * = h2(E2, Ψ * ) and confirms whether MACNew ≟ h2(ɸ * , A1 * ). Provided that this verification is successful, the MT and GWN establish a secure channel between them and can now proceed to exchange network traffic. The mutual authentication and key agreement phase can be summarized in the following pseudo-code.  Step 4: After obtaining GAuth Res , the MT derives E 2 * = C " h 2 (A 1 New , Ψ New , D 5 ). If this verification is successful, the MT derives session key F= h 2 (E 2 * , Ψ New ) to be utilized with the GWN for traffic enciphering. Lastly, it derives MAC New = h 2 (F, A 1 New ) before sending it to the GWN together with authentication response message MAuth Res .
Step 5: Once the GWN obtains MAuth Res , it re-computes the session key F * = h 2 (E 2 , Ψ * ) and confirms whether MAC New h 2 (F * , A 1 * ). Provided that this verification is successful, the MT and GWN establish a secure channel between them and can now proceed to exchange network traffic. The mutual authentication and key agreement phase can be summarized in the following pseudo-code.

WSN Node-MT Communication Phase
This phase is triggered whenever the operator through the MT wants to access some data from the wireless sensor network nodes. To accomplish this, the operator supplies valid identity ID OP , secret code SC OP and biometrics β OP on the MT sensor. This is followed by the generation of a legitimate signature for the operator, which is then transmitted to the TA for validation. After this, the TA stores some required information in its database. The steps followed during this phase are elaborated upon below.
Step 1: The operator inputs ID OP and SC OP to the MT before imprinting β OP on the MT sensor. This invokes local authentication, in which the MT derives and validates whether A 5 h 2 (ID OP , A 2 ), as described in Step 1 of the mutual authentication and key agreement phase. If this local authentication is successful, the MT sends service access request MServ Req to the GWN.
Step 3: Upon receiving GServ Req , the SN derives F 1 * = C Ω TA (D 5 ) modń and A 1 * = h 1 (F 1 * )⊕F 2 . It then retrieves ID G * from its memory and searches for B 2 * . It then checks whether F 3  h 2 (F 1 * , A 1 * ). If this verification is successful, the SN temporarily stores parameters {A 1 * , D 5 } in its memory for any subsequent verification with this particular GWN. Finally, the SN packages the requested data and enciphers it using Fbefore forwarding it to the GWN, which delivers it to the operator via the MT. This communication phase is summarized in the pseudo-code below. Derive x 2 , " R 5 and B 5 . 7) ELSE: terminate session.

18)
Package and encipher requested data using F.

Comparative Analysis and Evaluation Results
In this section, the first part presents the security analysis of the proposed scheme. In the second part, the performance evaluation of the proposed scheme is given, together with a comparative evaluation of other related protocols.

Security Analysis
To show that the proposed scheme offers salient security and privacy features, seven hypotheses are formulated and proved as discussed below.

Hypothesis 1. The proposed scheme offers both backward and forward key secrecy.
Proof. Suppose that an adversary Å has obtained the secret parameters {D 5 , E 3 , MAC G } and MAC New exchanged between the MT and GWN. Here, D 5 = C " , MAC G = h 2 (A 1 * , Ψ * , D 5 ) and MAC New = h 2 (F, A 1 New ). The aim is to use these security parameters to compute session key F= h 2 (E 2 * , Ψ New ), where E 2 * = C " R 6 (D 5 ) modń and Ψ New = h 2 (D 2 , A 1 , MT S2 , ID G * , D 5 ). However, without a knowledge of secret parameters ID G * , " R 6 , D 2 , A 1 , MT S2 and " R 7 , this session key can never be computed. In addition, an adversary is unable to derive (C " R 7 ( " R 1 )) or C " R 7 (( " R 1 )) devoid of " R 6 or " R 7 . This is because these parameters are never transmitted over the network. Proof. In the proposed scheme, session key F= h 2 (E 2 * , Ψ New ) incorporates secret tokens Ψ and C " h 2 (F * , A 1 * ). Consequently, strong mutual authentication between the MT and GWN, the MT and TA and the TA and GWN is attained.

Hypothesis 4.
Side-channeling attacks are prevented in the proposed scheme.
Proof. Suppose that an adversary Å manages to capture parameter set {A 4 , A 5 , B 6 , y 1 } stored in the MT through power analysis. The goal of Å is to use these security tokens to derive ID OP , SC OP and β OP by performing the following: A 4 = " R 3 ⊕h 2 (ID OP , SC OP , x 1 ), A 2 = h 2 (SC OP , x 1 , " R 3 ) and A 5 = h 2 (ID OP , A 2 ). It is evident that all these computations require either the operator identity ID OP , secret code SC OP or biometric β OP , which are unavailable in the MT's memory. Similarly, even if an adversary Å uses power analysis to obtain {B 7 , F 1 , B 6 , y 2 } stored in GWN, all operator details cannot be obtained. ( " R 1 )) from D 1 and D 5 is equivalent solving the chaotic-maps-based Diffie-Hellman problem or chaotic-maps-based discrete logarithm problem. Since this is computationally infeasible, adversary Å is unable to derive the generated session key.

Hypothesis 6.
The proposed scheme is resilient against packet replay and MITM attacks.
Proof. In the proposed scheme, we deploy nonces " R 6 and " R 7 in each session as elaborated upon in Hypothesis 5. Based on Hypothesis 3, the MT, TA and GWN execute strong mutual authentication before commencing packet exchanges. As such, adversary Å is unable to masquerade as the legitimate MT, GWN or TA so as to mount MITM attacks.

Hypothesis 7. The proposed scheme upholds MT anonymity.
Proof. In the proposed scheme, the MT identity ID OP is masked in A 1 , where A 1 = ID OP ⊕ P SN . On the other hand, ID OP is hashed in A 4, A 5 and " R 3 , where A 4 = " R 3 ⊕h 2 (ID OP , SC OP , x 1 ), A 5 = h 2 (ID OP , A 2 ) and " R 3 = A 4 ⊕h 2 (ID OP , SC OP , x 1 ). Since A 1 is never transmitted over the communication channels, adversary Å cannot capture it. On the other hand, the attacker needs to reverse the one-way hashing functions A 4, A 5 and " R 3 to obtain this identity. Since this is computationally infeasible, the anonymity of the operator is upheld.

Performance Analysis
In this sub-section, the cryptographic execution time, communication costs and resilience to attacks are used as the main metrics in the appraisal of the proposed scheme.

Execution Time
In this analysis, consideration is given to the cryptographic operations that are executed only during the mutual authentication and key agreement phase. During this phase, the fuzzy extraction T F , elliptic curve point multiplication T E , one-way hashing T H and Chebyshev map T C operations are executed. Based on the values in [46], T E = 63.08 ms, T C = 21.02 ms, T F = 63.08 ms and T H = 0.5 ms, as shown in Table 2.
For other related schemes, symmetric encryption and decryption T ED , the Chinese remainder theorem (CRT) T CR and elliptic curve modular exponential T EE operations are required. Based on [46], T ED = 8.70 ms, the execution time for T CR = 11 ms and for T EE = 30 ms. During the mutual authentication and key agreement phase, the 1T F , 6T C and 23 T H operations are executed. Table 3 gives the derivation of the execution times for the proposed scheme as well as other related schemes.  Table 3. Execution time comparison.

Scheme Operations Runtime (ms)
Abbasinezhad-Mood et al. [20] 10T C + 1T ED + 40T H 238.9 Li et al. [34] 1T F + 6T E + 22T H 452.56 Srinivas et al. [21] 1T EE +1T CR + 37T H 59.5 Wang et al. [22] 1T F + 6T C + 22T H 200.2 Proposed 1T F + 6T C + 23T H 200.7 As shown in Table 3, the protocol in [34] has the highest runtime of 452.56 ms followed by the schemes in [20] with a runtime of 238.9 ms. On the other hand, the proposed scheme has the third highest execution time of 200.7 ms, while the protocol in [22] has the second lowest execution time of 200.2 ms. On the other hand, the scheme in [21] has the lowest runtime of only 59.5 ms.
Although the protocol in [21] has excellent execution time, it cannot withstand sidechanneling attacks through power analysis and cannot offer both perfect backward and forward key secrecy. In addition, this scheme has extremely high communication costs. On the other hand, the scheme in [22] cannot withstand side-channeling attacks and has very high communication costs. As such, although the proposed scheme has a slightly high execution time, it offers most of the security features required in wireless networks.

Communication Costs
In this analysis, the size of the exchanged messages during mutual authentication and key agreement are taken into consideration. Here, the outputs of nonces, ECC, symmetric encryption and decryption, integer factorization cryptography, hashing, timestamp and Chebyshev chaotic map are 128 bits, 256 bits, 128 bits, 3072 bits, 128 bits, 32 bits and 128 bits, respectively, as shown in Table 4. During the mutual authentication and key agreement phase, the following four messages are exchanged: {D 1  Based on the computations above, the total size of the four exchanged messages is 1280 bits. On the other hand, the schemes in [20][21][22]34] are 2048 bits, 3200 bits, 4448 bits and 1664 bits, respectively. Table 5 presents the derivation of these message sizes for the various schemes. As shown in Table 5, the protocol in [21] has the highest communication costs of 4448 bits, followed by the protocol in [34] with communication costs of 3200 bits. The scheme in [20] has the third highest communication costs of 2048 bits, while the protocol in [22] has the highest communication costs of 1664 bits.
On the other hand, the proposed scheme has the lowest communication costs of 1280 bits. Consequently, the proposed scheme is the most ideal for sensor nodes which are limited in terms of computation, energy, memory and communication capabilities.

Attacks Resilience
To show that the proposed scheme offers resilience against most of the typical attacks in wireless networks, its security and privacy features are compared against those provided by the protocols in [20][21][22]34]. Table 6 presents this comparison using backward and forward key secrecy, secret ephemeral leakage, mutual authentication, side-channeling, session key agreement, packet replay, MITM and anonymity as key metrics.
Y Key Y = Security feature supported N = Security feature not supported Based on the results in Table 6, the scheme in [21] supports the least security and privacy features, followed by the schemes in [20,22,34], which lack one security feature. On the other hand, the proposed scheme offers support for all the security and privacy features. As such, it offers robust integrity protection in wireless networks.

Complexity Level Comparisons
In the performance evaluation of network security protocols, computation and communication complexities are frequently utilized. Here, the computation complexities indicate the duration it takes for various cryptographic operations to be executed. On the other hand, communication complexity denotes the number or length of the messages exchanged in these protocols. In this paper, computation complexity is measured using the execution time, while communication complexity is measured using the communication costs. These complexities are then compared with those obtained in other related schemes developed in [20][21][22]34].
In terms of computation complexity, it has been shown that the proposed scheme incurs the third highest execution time of 200.7 ms. However, the proposed scheme incurs the lowest communication complexity of only 1280 bits. On the other hand, the scheme developed in [34] has the highest computation complexity of 452.56 ms. Similarly, the scheme presented in [21] has the highest communication complexity of 4448 bits. Among the related schemes, the one developed in [22] has the lowest communication complexity of 1664 bits. As such, the proposed protocol offers a 23.08% improvement in the communication complexity.

Conclusions
The literature reviewed has pointed to the existence of many security schemes for the protection of the information exchanged over wireless sensor networks. It has been observed that these protocols are based on techniques such as machine learning, bilinear pairing operations, elliptic curve cryptography, chaotic maps, biometrics and smart cards, among other methods. However, it has been shown that long authentication latencies and execution times, as well as high communication overheads, are major performance issues in these protocols. Although these schemes improve some aspects of WSN security and privacy, the majority of them have been shown to be weak against common attacks in typical wireless networks. To address these issues, the developed scheme incorporates biometrics and extended Chebyshev chaotic maps during the authentication and key agreement process. Thus, the proposed scheme has the lowest execution time of 200.7 milliseconds and the highest security aspect compared to the related methods. In detail, the results show that this effectively renders the developed scheme resilient against numerous attacks such as packet replays, side-channeling and entity impersonations. In terms of performance evaluation, the deployed cryptographic operations are relatively lightweight and hence the execution time as well as the communication overheads of the proposed protocol are relatively low. Compared with other related schemes, the proposed protocol offers the best security features at the lowest communication overheads and a relatively low execution time. Future work could push towards decentralization in authentication, access and authorization. This may facilitate distributed and decentralized security provisioning that could enable direct integration into client end-point devices.