Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.’s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users’ attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.’s authentication scheme are left unchanged.
References
[1]
Asadi, M.; Zimmerman, C.; Agah, A. A game-theoretic approach to security and power conservation in wireless sensor networks. Int. J. Netw. Secur. 2013, 15, 50–58.
[2]
Das, A.K. Improving Identity-based Random Key Establishment Scheme for Large-scale hierarchical wireless sensor networks. Int. J. Netw. Secur. 2012, 14, 1–21.
[3]
Li, C.T. Secure smart card based password authentication scheme with user anonymity. Inform. Technol. Contr. 2011, 40, 157–162.
[4]
Mi, Q.; Stankovic, J.A.; Stoleru, R. Practical and secure localization and key distribution for wireless sensor networks. Ad Hoc Netw. 2012, 10, 946–961.
[5]
Jie, H.; Guohua, O. A public key polynomial-based key pre-distribution scheme for large-scale wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2012, 16, 45–64.
[6]
Poornima, A.S.; Amberker, B.B. Secure end-to-end data aggregation (seeda) protocols for wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2013, 17, 193–219.
[7]
Delgado-Mohatar, O.; Fuster-Sabater, A.; Sierra, J.M. A light-weight authentication scheme for wireless sensor networks. Ad Hoc Netw. 2011, 9, 727–735.
[8]
Han, K.; Kim, K.; Choi, W.; Choi, H.H.; Seo, J.; Shon, T. Efficient authenticated key agreement protocols for dynamic wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2012, 14, 251–269.
[9]
Li, C.T.; Hwang, M.S. An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 2010, 33, 1–5.
[10]
Li, C.T.; Hwang, M.S. A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks. Inform. Sci. 2011, 181, 5333–5347.
[11]
Li, Z.; Gong, G. Computationally efficient mutual entity authentication in wireless sensor networks. Ad Hoc Netw. 2011, 9, 204–215.
[12]
Li, C.T.; Lee, C.C. A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Math. Comput. Model. 2012, 55, 35–44.
[13]
Li, C.T. A more secure and efficient authentication scheme with roaming service and user anonymity for mobile communications. Inform. Technol. Contr. 2012, 41, 69–76.
[14]
Ramasamy, R.; Muniyandi, A.P. An efficient password authentication scheme for smart card. Int. J. Netw. Secur. 2012, 14, 180–186.
[15]
Barsocchi, P.; Chessa, S.; Martinovic, I.; Oligeri, G. A cyber-physical approach to secret key generation in smart environments. J. Amb. Intell. Human. Comput. 2013, 4, 1–16.
Das, M.L. Two-factor user authentication scheme in wireless sensor networks. IEEE Trans. Wirel. Commun. 2009, 8, 1086–1090.
[18]
Han, K.; Kim, K.; Choi, W. An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2010, 10, 361–371.
[19]
Khan, M.K.; Alghathbar, K. Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 2010, 10, 2450–2459.
[20]
Li, C.T.; Lee, C.C.; Wang, L.J.; Liu, C.J. A secure billing service with two-factor user authentication in wireless sensor networks. Int. J. Innov. Comput. Inform. Contr. 2011, 7, 4821–4831.
[21]
Yeh, H.L.; Chen, T.H.; Liu, P.C.; Kim, T.H.; Wei, H.W. A secure authentication protocol for wireless sensor networks using elliptic curves cryptography. Sens. J. 2011, 11, 4767–4779.
[22]
Das, A.K.; Sharma, P.; Chatterjee, S.; Sing, J.K. A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J. Netw. Comput. Appl. 2012, 35, 1646–1656.
[23]
Li, C.T.; Lee, C.C.; Lee, C.W. An improved two-factor user authentication protocol for wireless sensor networks using elliptic curve cryptography. Sens. Lett. 2013. in press.
[24]
Xue, K.; Ma, C.; Hong, P.; Ding, R. A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J. Netw. Comput. Appl. 2013, 36, 316–323.
[25]
Chen, T.H.; Shih, W.K. A robust mutual authentication protocol for wireless sensor networks. ETRI J. 2010, 32, 704–712.
[26]
Li, C.T.; Lee, C.C.; Weng, C.Y.; Fan, C.I. An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans. Int. Inform. Syst. 2013, 7, 119–131.
[27]
Li, C.T. A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inform. Secur. 2013, 7, 3–10.
