Abstract
Authenticating remote users in wireless sensor networks (WSN) is an important security issue due to their un-attended and hostile deployments. Usually, sensor nodes are equipped with limited computing power, storage, and communication module, thus authenticating remote users in such resource-constrained environment is a critical security concern. Recently, M.L Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kind of attacks. However, in this paper, we prove that M.L Das-scheme has some critical security pitfalls and is not recommended for real application. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chiara, B., Andrea, C., Davide, D., Roberto, V.: An Overview on Wireless Sensor Networks Technology and Evolution. Sensors 9, 6869–6896 (2009)
Callaway, E.H.: Wireless Sensor Networks, Architectures and Protocols. Auerbach Publications, Taylor & Francis Group, USA (2003)
Chong, C.Y., Kumar, S.: Sensor Networks: Evolution, Opportunities, and Challenges. Proceedings of the IEEE 91, 1247–1256 (2003)
Benenson, Z., Felix, C.G., Dogan, K.: User Authentication in Sensor Networks. In: Proceedings of Workshop Sensor Networks, Germany, pp. 385–389 (2004)
Watro, R., Derrick, K., Sue-fen, C., Charles, G., Charles, L., Peter, K.: TinyPK: Securing Sensor Networks with Public Key Technology. In: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, USA, pp. 59–64 (2004)
Wong, K.H.M., Yuan, Z., Jiannong, C., Shengwei, W.: A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, pp. 244–251 (2006)
Tseng, H.R., Jan, R.H., Yang, W.: An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks. In: Proceedings of IEEE Globecom, pp. 986–990 (2007)
Tsern, H.L.: Simple Dynamic User Authentication Protocols for Wireless Sensor Networks. In: Proceedings of 2nd International Conference on Sensor Technologies and Applications, pp. 657–660 (2008)
Ko, L.C.: A Novel Dynamic User Authentication Scheme for Wireless Sensor Networks. In: Proceedings of IEEE ISWCS, pp. 608–612 (2008)
Binod, V., Jorge, S.S., Joel, J.P.C.R.: Robust Dynamic User Authentication Scheme for Wireless Sensor Networks. In: Proceedings of ACM Q2SWinet, Spain, pp. 88–91 (2009)
Das, M.L.: Two-Factor User Authentication in Wireless Sensor Networks. IEEE Transactions on Wireless Communications 8, 1086–1090 (2009)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smartcard Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51, 541–552 (2002)
Khan, M.K., Zhang, J.: Improving the Security of A Flexible Biometrics Remote User Authentication Scheme. Computer Standards & Interfaces, Elsevier Science 29, 82–85 (2007)
Ku, W.C., Chen, S.M.: Weaknesses and Improvements of An Efficient Password based Remote user Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics (50), 204–207 (2004)
Wang, X., Zhang, W., Zhang, J., Khan, M.K.: Cryptanalysis and Improvement on Two Efficient Remote User Authentication Scheme using Smart Cards. Computer Standards & Interfaces, Elsevier Science 29, 507–512 (2007)
Khan, M.K.: Fingerprint Biometric-based Self and Deniable Authentication Schemes for the Electronic World. IETE Technical Review 26, 191–195 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khan, M.K., Alghathbar, K. (2010). Security Analysis of ‘Two–Factor User Authentication in Wireless Sensor Networks’. In: Kim, Th., Adeli, H. (eds) Advances in Computer Science and Information Technology. AST ACN 2010 2010. Lecture Notes in Computer Science, vol 6059. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13577-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-13577-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13576-7
Online ISBN: 978-3-642-13577-4
eBook Packages: Computer ScienceComputer Science (R0)