Abstract
Since wireless sensor networks (WSN) are often deployed in an unattended environment and sensor nodes are equipped with limited computing power modules, user authentication is a critical issue when a user wants to access data from sensor nodes. Recently, M.L. Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kinds of attack. Later, Khan and Alghathbar (K-A) pointed out that Das’ scheme has some security pitfalls and showed several improvements to overcome these weaknesses. However, we demonstrate that in the K-A-scheme, there is no provision of non-repudiation, it is susceptible to the attack due to a lost smart card, and mutual authentication between the user and the GW-node does not attained. Moreover, the GW-node cannot prove that the first message comes from the user. To overcome these security weaknesses of the K-A-scheme, we propose security patches and prove our scheme.
Similar content being viewed by others
References
Chong, C. Y., & Kumar, S. (2003). Sensor networks: evolution, opportunities and challenges. Proceedings of the IEEE, 91(8), 1247–1256.
Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090.
Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. D. (2001). SPINS: security protocols for sensor networks. In Proceedings of ACM MobiCom’01, Rome, Italy (pp. 189–199).
Sastry, N., & Wagner, D. (2004). Security considerations for IEEE 802.15.4 networks. In Proceedings of ACM workshop wireless security, Philadelphia, USA (pp. 32–42).
Tobarra, L., Cazorla, D., & Cuartero, F. (2009). Model checking wireless sensor network security protocols: TinySec plus LEAP plus TinyPK. Telecommunications Systems, 40(3–4), 91–99.
Benenson, Z., Felix, C. G., & Dogan, K. (2004). User authentication in sensor networks. In Proceedings of workshop sensor networks, Ulm, Germany (pp. 385–389).
Benenson, Z., Gedicke, N., & Raivio, O. (2005). Realizing robust user authentication in sensor networks. In Proceedings of workshop on real-world wireless sensor networks, Stockholm, Sweden.
Binod, V., Jorge, S. S., & Joel, J. P. C. R. (2010). User authentication schemes with pseudonymity for ubiquitous sensor network in NGN. International Journal of Communication Systems, 23(9), 1201–1222.
Watro, R., Derrick, K., Sue-fen, C., Charles, G., Charles, L., Peter, K., & Tiny, P.K. (2004). Securing sensor networks with public key technology. In Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, Washington, DC, USA (pp. 59–64).
Wong, K. H. M., Yuan, Z., Jiannong, C., & Shengwei, W. (2006). A dynamic user authentication scheme for wireless sensor networks. In Proceedings of sensor networks, ubiquitous, and trustworthy computing, Taichung, Taiwan (pp. 244–251).
Tseng, H. R., Jan, R. H., & Yang, W. (2007). An improved dynamic user authentication scheme for wireless sensor networks. In Proceedings of IEEE Globecom, Washington, DC, USA (pp. 986–990).
Tsern, H. L. (2008). Simple dynamic user authentication protocols for wireless sensor networks. In Proceedings of 2nd international conference on sensor technologies and applications, Cap Esterel, France (pp. 657–660).
Ko, L. C. (2008). A novel dynamic user authentication scheme for wireless sensor networks. In Proceedings of IEEE ISWCS, Reykjavik, Iceland (pp. 608–612).
Binod, V., Jorge, S. S., & Joel, J. P. C. R. (2009). Robust dynamic user authentication scheme for wireless sensor networks. In Proceedings of ACM Q2SWinet, Canary Islands, Spain (pp. 88–91).
Nyang, D. H., & Lee, M. K. (2009). Improvement of Das’s two-factor authentication protocol in wireless sensor networks. Cryptology, ePrint archive. http://eprint.iacr.org/2009/631.pdf. Accessed 28 February 2010.
Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10(3), 2450–2459.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th international advances in cryptology conference (CRYPTO), Santa Barbara, CA, USA (pp. 388–397).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smartcard security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Khan, M. K., & Zhang, J. (2007). Improving the security of ‘a flexible biometrics remote user authentication scheme’. Computer Standards & Interfaces, 29(1), 82–85.
Khan, M. K., Zhang, J., & Wang, X. (2008). Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons and Fractals, 35(3), 519–524.
Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.
Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.
Khan, M. K., Alghathbar, K., & Zhang, J. (2011). Privacy-preserving and tokenless chaotic revocable face authentication scheme. Telecommunications Systems, 47(3–4), 227–234.
Lee, H., Teoh, A. B. J., & Kim, J. (2011). Biometric bits extraction through phase quantization based on feature level fusion. Telecommunications Systems, 47(3–4), 255–273.
Broemme, A. (2006). A risk analysis approach for biometric authentication technology. International Journal of Network Security & Its Applications, 2(1), 52–63.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 1–13.
Nessett, D. M. (1990). A critique of the Burrows, Abadi, and Needham logic. Operating Systems Review, 24(2), 35–38.
Gong, L., Needham, R., & Yahalom, R. (1990). Reasoning about belief in cryptographic protocols. In Proceedings of 1990 IEEE computer society symposium research in security and privacy (pp. 234–246).
Acknowledgements
This research was partially supported by Program for Changjiang Scholars and Innovative Research Team in University, the National High Technology Research and Development Program of China (863 Program) (2009AA01Z401, 2009AA01Z141) and the National Natural Science Foundation of China (90718012, 90818023).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yuan, JJ. An enhanced two-factor user authentication in wireless sensor networks. Telecommun Syst 55, 105–113 (2014). https://doi.org/10.1007/s11235-013-9755-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-013-9755-5