Highly Efficient Bidirectional Multi-factor Authentication and Key Agreement for Real-time Access to Sensor Data

This paper presents an authentication and key agreement protocol for users who want to have access to constrained sensor nodes deployed in the field, e.g. doctor with healthcare nodes of patient. Both sensor and user device provide direct multi-factor authentication relying on physical unclonable functions and biometrics respectively. In addition, our scheme offers protection against the presence of a semi-trusted third party, perfect forward secrecy, anonymity, untraceability and protection against session specific data loss attacks. The combination of all these security features is unique. Moreover, it is shown that the resulting scheme outperforms most state-of-the art schemes with respect to computation and communication costs.