# Privacy-Preserving ECC-Based AKA for Resource-Constrained IoT Sensor Networks with Forgotten Password Reset

**Authors:** Yicheng Yu, Kai Wei, Kun Qi, Wangyu Wu

PMC · DOI: 10.3390/e28020185 · Entropy · 2026-02-06

## TL;DR

This paper introduces a secure and efficient authentication protocol for IoT sensor networks that protects user privacy and allows password reset without re-registration.

## Contribution

The novel contribution is a PUF-based ECC AKA protocol with a secure password update mechanism for resource-constrained IoT sensor networks.

## Key findings

- The protocol is secure against common attacks according to formal analysis using BAN logic and ProVerif.
- Dynamic pseudonyms and session randomness reduce identity-related information leakage.
- The protocol has lower computational and communication overhead compared to existing solutions.

## Abstract

Wireless sensor networks (WSNs) are extensively used in IoT applications. Secure access control and data protection are essential. Nonetheless, the wireless environment has an open nature. The limited resources of sensor devices render WSNs susceptible to a variety of security attacks, causing significant difficulties in the design phase of efficient authentication and key agreement (AKA) protocols. This study proposes a physically unclonable function (PUF)-based lightweight and secure AKA protocol for WSNs based on elliptic curve cryptography (ECC). A secure password update scheme is offered, which would allow legitimate users to reset forgotten passwords without re-registration. According to formal security analysis using BAN logic and ProVerif, the proposed protocol is secure against common attacks. Moreover, from an entropy perspective, the use of dynamic pseudonyms and fresh session randomness increase an adversary’s uncertainty about user identities, thereby limiting identity-related information leakage. Performance evaluation shows that the proposed protocol achieves lower computational and communication overhead than the existing ones, making it suitable for WSNs with resource constraints.

## Full-text entities

- **Diseases:** injury to (MESH:D014947)
- **Chemicals:** BAN (MESH:C007326), AKA (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12938885/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12938885/full.md

## References

26 references — full list in the complete paper: https://tomesphere.com/paper/PMC12938885/full.md

---
Source: https://tomesphere.com/paper/PMC12938885