Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

[1]  Andrea Conti,et al.  An Overview on Wireless Sensor Networks Technology and Evolution , 2009, Sensors.

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[4]  Chee-Yee Chong,et al.  Sensor networks: evolution, opportunities, and challenges , 2003, Proc. IEEE.

[5]  Felix C. Freiling,et al.  User Authentication in Sensor Networks , 2004, GI Jahrestagung.

[6]  Tsern-Huei Lee,et al.  Simple Dynamic User Authentication Protocols for Wireless Sensor Networks , 2008, 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008).

[7]  Mun-Kyu Lee,et al.  Improvement of Das's Two-Factor Authentication Protocol in Wireless Sensor Networks , 2009, IACR Cryptol. ePrint Arch..

[8]  Lee-Chun Ko,et al.  A novel dynamic user authentication scheme for wireless sensor networks , 2008, 2008 IEEE International Symposium on Wireless Communication Systems.

[9]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[10]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[11]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[12]  Jorge Sá Silva,et al.  Robust dynamic user authentication scheme for wireless sensor networks , 2009, Q2SWinet '09.

[13]  Edgar H. Callaway,et al.  Wireless Sensor Networks: Architectures and Protocols , 2003 .

[14]  Wuu Yang,et al.  An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[15]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[16]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[17]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.