User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.
References
[1]
Chiara, B.; Andrea, C.; Davide, D.; Roberto, V. An Overview on Wireless Sensor Networks Technology and Evolution. Sensors?2009, 9, 6869–6896, doi:10.3390/s90906869. 22423202
[2]
Callaway, E.H. Wireless Sensor Networks, Architectures and Protocols; Auerbach Publications, Taylor & Francis Group: Boca Raton, FL, USA, 2003.
[3]
Chong, C.Y.; Kumar, S. Sensor Networks: Evolution, Opportunities, and Challenges. Proc. IEEE?2003, 91, 1247–1256, doi:10.1109/JPROC.2003.814918.
[4]
Benenson, Z.; Felix, C.G.; Dogan, K. User Authentication in Sensor Networks. Proceedings of Workshop Sensor Networks, Ulm, Germany; 2004; pp. 385–389.
[5]
Watro, R.; Derrick, K.; Sue-fen, C.; Charles, G.; Charles, L.; Peter, K. TinyPK: Securing Sensor Networks with Public Key Technology. Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, Washington, DC, USA; 2004; pp. 59–64.
[6]
Wong, K.H.M; Yuan, Z.; Jiannong, C.; Shengwei, W. A dynamic user authentication scheme for wireless sensor networks. Proceedings of Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, Taiwan; 2006; pp. 244–251.
[7]
Tseng, H.R.; Jan, R.H.; Yang, W. An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks. Proceedings of IEEE Globecom, Washington, DC, USA; 2007; pp. 986–990.
[8]
Tsern, H.L. Simple Dynamic User Authentication Protocols for Wireless Sensor Networks. Proceedings of 2nd International Conference on Sensor Technologies and Applications, Cap Esterel, France; 2008; pp. 657–660.
[9]
Ko, L.C. A Novel Dynamic User Authentication Scheme for Wireless Sensor Networks. Proceedings of IEEE ISWCS, Reykjavik, Iceland; 2008; pp. 608–612.
[10]
Binod, V.; Jorge, S.S.; Joel, J.P.C.R. Robust Dynamic User Authentication Scheme for Wireless Sensor Networks. Proceedings of ACM Q2SWinet, Canary Islands, Spain; 2009; pp. 88–91.
[11]
Das, M.L. Two-Factor User Authentication in Wireless Sensor Networks. IEEE Trans. Wireless Comm?2009, 8, 1086–1090, doi:10.1109/TWC.2008.080128.
[12]
Kocher, P.; Jaffe, J.; Jun, B. Differential Power Analysis. Proceedings of 19th International Advances in Cryptology Conference CRYPTO, Santa Barbara, CA, USA; 1999; pp. 388–397.
[13]
Messerges, T.S.; Dabbish, E.A.; Sloan, R.H. Examining Smartcard Security under the Threat of Power Analysis Attacks. IEEE Trans. Comp?2002, 51, 541–552, doi:10.1109/TC.2002.1004593.
[14]
Khan, M.K.; Zhang, J. Improving the Security of ‘A Flexible Biometrics Remote User Authentication Scheme’. Comp. Stand. Interf. Elsevier Sci?2007, 29, 82–85, doi:10.1016/j.csi.2006.01.002.
[15]
Ku, W.C.; Chen, S.M. Weaknesses and Improvements of An Efficient Password based Remote user Authentication Scheme using Smart Cards. IEEE Trans. Cons. Elec?2004, 50, 204–207, doi:10.1109/TCE.2004.1277863.
[16]
Wang, X.; Zhang, W.; Zhang, J.; Khan, M.K. Cryptanalysis and Improvement on Two Efficient Remote User Authentication Scheme using Smart Cards. Comp. Stand. Intefr. Elsevier Sci?2007, 29, 507–512.
[17]
Nyang, DH.; Lee, M.K. Improvement of Das’s Two-Factor Authentication Protocol in Wireless Sensor Networks. Cryptology, ePrint Archive 2009/631. Online PDF: http://eprint.iacr.org/2009/631.pdf (accessed on 28 February 2010).
