Cryptanalysis of an Efficient Biometric Authentication Protocol for Wireless Sensor Networks

In 2013, Althobaiti et al. proposed an efficient biometric-based user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack, (2) it is insecure against impersonation attack, (3) it is insecure against man-in-the-middle attack, and (4) it is also insecure against privileged insider attack. Finally, we give some pointers for improving their scheme so that the designed scheme needs to be secure against various known attacks.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  David A. Wagner,et al.  Security in wireless sensor networks , 2004, SASN '04.

[3]  Cheng-Chi Lee,et al.  Two Attacks on a Two-Factor User Authentication in Wireless Sensor Networks , 2011, Parallel Process. Lett..

[4]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[5]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[6]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[7]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[8]  Changjun Jiang,et al.  A biometric-based user authentication for wireless sensor networks , 2010, Wuhan University Journal of Natural Sciences.

[9]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[10]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Ashok Kumar Das,et al.  A survey on user access control in wireless sensor networks with formal security verification , 2014, Int. J. Trust. Manag. Comput. Commun..

[13]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[14]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[15]  Mznah Al-Rodhaan,et al.  An Efficient Biometric Authentication Protocol for Wireless Sensor Networks , 2013, Int. J. Distributed Sens. Networks.

[16]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[17]  Rong Fan,et al.  A secure and efficient user authentication protocol for two-tiered wireless sensor networks , 2010, 2010 Second Pacific-Asia Conference on Circuits, Communications and System.

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[19]  H. T. Mouftah,et al.  Improved two-factor user authentication in wireless sensor networks , 2010, 2010 IEEE 6th International Conference on Wireless and Mobile Computing, Networking and Communications.

[20]  Ashok Kumar Das,et al.  A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks , 2015, Ad Hoc Sens. Wirel. Networks.

[21]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[22]  Ashok Kumar Das,et al.  Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks , 2013, SSCC.

[23]  Jose M. Alcaraz Calero,et al.  Security in Computing and Communications , 2016, Communications in Computer and Information Science.