Cryptanalysis of Kim Jiye et al.'s Two-Factor Mutual Authentication with Key Agreement in WSNs

—User authentication and key management play an important role in the security of WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from dedicated sensors. For this case, several user authentication schemes have been proposed in recent years. Among these schemes, Kim Jiye et. al’s scheme is very novel. However, in the current work, we find that Kim Jiye et. al’s scheme is still vulnerable to some attacks such as offline password guessing attack, user impersonation attack using his/her own smart card, sensor node impersonation attack and gateway node bypassing attack. In this paper, we give detailed cryptanalysis of Kim Jiye et. al’s two-factor mutual authentication with key agreement in WSNs.

[1]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[2]  Donghoon Lee,et al.  Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks , 2014, Sensors.

[3]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[4]  Biswanath Mukherjee,et al.  Wireless sensor network survey , 2008, Comput. Networks.

[5]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[6]  H. T. Mouftah,et al.  Two-factor mutual authentication with key agreement in wireless sensor networks , 2016, Secur. Commun. Networks.

[7]  Eun-Jun Yoon,et al.  Cryptanalysis of robust mutual authentication protocol for wireless sensor networks , 2011, IEEE 10th International Conference on Cognitive Informatics and Cognitive Computing (ICCI-CC'11).

[8]  Warren S. Sandberg,et al.  Combining the ASA Physical Classification System and Continuous Intraoperative Surgical Apgar Score Measurement in Predicting Postoperative Risk , 2015, Journal of Medical Systems.

[9]  Cheng-Chi Lee,et al.  An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks , 2013, Sensors.

[10]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[11]  Dheerendra Mishra On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[12]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[13]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[14]  Sourav Mukhopadhyay,et al.  A secure password-based authentication and key agreement scheme using smart cards , 2015, J. Inf. Secur. Appl..

[15]  Mun-Kyu Lee,et al.  Improvement of Das's Two-Factor Authentication Protocol in Wireless Sensor Networks , 2009, IACR Cryptol. ePrint Arch..

[16]  Marko Hölbl,et al.  An Improved Dynamic Password-based User Authentication Scheme for Hierarchical Wireless Sensor Networks , 2013 .

[17]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[18]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[19]  Juho Kim,et al.  A Performance and Usability Aware Secure Two-Factor User Authentication Scheme for Wireless Sensor Networks , 2013, Int. J. Distributed Sens. Networks.

[20]  Dheerendra Mishra Understanding Security Failures of Two Authentication and Key Agreement Schemes for Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[21]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..