Skip to main content
SpringerLink
Log in

An enhanced two-factor user authentication in wireless sensor networks

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Since wireless sensor networks (WSN) are often deployed in an unattended environment and sensor nodes are equipped with limited computing power modules, user authentication is a critical issue when a user wants to access data from sensor nodes. Recently, M.L. Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kinds of attack. Later, Khan and Alghathbar (K-A) pointed out that Das’ scheme has some security pitfalls and showed several improvements to overcome these weaknesses. However, we demonstrate that in the K-A-scheme, there is no provision of non-repudiation, it is susceptible to the attack due to a lost smart card, and mutual authentication between the user and the GW-node does not attained. Moreover, the GW-node cannot prove that the first message comes from the user. To overcome these security weaknesses of the K-A-scheme, we propose security patches and prove our scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Chong, C. Y., & Kumar, S. (2003). Sensor networks: evolution, opportunities and challenges. Proceedings of the IEEE, 91(8), 1247–1256.

    Article  Google Scholar 

  2. Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090.

    Article  Google Scholar 

  3. Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. D. (2001). SPINS: security protocols for sensor networks. In Proceedings of ACM MobiCom’01, Rome, Italy (pp. 189–199).

    Google Scholar 

  4. Sastry, N., & Wagner, D. (2004). Security considerations for IEEE 802.15.4 networks. In Proceedings of ACM workshop wireless security, Philadelphia, USA (pp. 32–42).

    Google Scholar 

  5. Tobarra, L., Cazorla, D., & Cuartero, F. (2009). Model checking wireless sensor network security protocols: TinySec plus LEAP plus TinyPK. Telecommunications Systems, 40(3–4), 91–99.

    Article  Google Scholar 

  6. Benenson, Z., Felix, C. G., & Dogan, K. (2004). User authentication in sensor networks. In Proceedings of workshop sensor networks, Ulm, Germany (pp. 385–389).

    Google Scholar 

  7. Benenson, Z., Gedicke, N., & Raivio, O. (2005). Realizing robust user authentication in sensor networks. In Proceedings of workshop on real-world wireless sensor networks, Stockholm, Sweden.

    Google Scholar 

  8. Binod, V., Jorge, S. S., & Joel, J. P. C. R. (2010). User authentication schemes with pseudonymity for ubiquitous sensor network in NGN. International Journal of Communication Systems, 23(9), 1201–1222.

    Google Scholar 

  9. Watro, R., Derrick, K., Sue-fen, C., Charles, G., Charles, L., Peter, K., & Tiny, P.K. (2004). Securing sensor networks with public key technology. In Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks, Washington, DC, USA (pp. 59–64).

    Chapter  Google Scholar 

  10. Wong, K. H. M., Yuan, Z., Jiannong, C., & Shengwei, W. (2006). A dynamic user authentication scheme for wireless sensor networks. In Proceedings of sensor networks, ubiquitous, and trustworthy computing, Taichung, Taiwan (pp. 244–251).

    Google Scholar 

  11. Tseng, H. R., Jan, R. H., & Yang, W. (2007). An improved dynamic user authentication scheme for wireless sensor networks. In Proceedings of IEEE Globecom, Washington, DC, USA (pp. 986–990).

    Google Scholar 

  12. Tsern, H. L. (2008). Simple dynamic user authentication protocols for wireless sensor networks. In Proceedings of 2nd international conference on sensor technologies and applications, Cap Esterel, France (pp. 657–660).

    Google Scholar 

  13. Ko, L. C. (2008). A novel dynamic user authentication scheme for wireless sensor networks. In Proceedings of IEEE ISWCS, Reykjavik, Iceland (pp. 608–612).

    Google Scholar 

  14. Binod, V., Jorge, S. S., & Joel, J. P. C. R. (2009). Robust dynamic user authentication scheme for wireless sensor networks. In Proceedings of ACM Q2SWinet, Canary Islands, Spain (pp. 88–91).

    Google Scholar 

  15. Nyang, D. H., & Lee, M. K. (2009). Improvement of Das’s two-factor authentication protocol in wireless sensor networks. Cryptology, ePrint archive. http://eprint.iacr.org/2009/631.pdf. Accessed 28 February 2010.

  16. Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10(3), 2450–2459.

    Article  Google Scholar 

  17. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th international advances in cryptology conference (CRYPTO), Santa Barbara, CA, USA (pp. 388–397).

    Google Scholar 

  18. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smartcard security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  Google Scholar 

  19. Khan, M. K., & Zhang, J. (2007). Improving the security of ‘a flexible biometrics remote user authentication scheme’. Computer Standards & Interfaces, 29(1), 82–85.

    Article  Google Scholar 

  20. Khan, M. K., Zhang, J., & Wang, X. (2008). Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons and Fractals, 35(3), 519–524.

    Article  Google Scholar 

  21. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  22. Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.

    Article  Google Scholar 

  23. Khan, M. K., Alghathbar, K., & Zhang, J. (2011). Privacy-preserving and tokenless chaotic revocable face authentication scheme. Telecommunications Systems, 47(3–4), 227–234.

    Article  Google Scholar 

  24. Lee, H., Teoh, A. B. J., & Kim, J. (2011). Biometric bits extraction through phase quantization based on feature level fusion. Telecommunications Systems, 47(3–4), 255–273.

    Article  Google Scholar 

  25. Broemme, A. (2006). A risk analysis approach for biometric authentication technology. International Journal of Network Security & Its Applications, 2(1), 52–63.

    Google Scholar 

  26. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 1–13.

    Article  Google Scholar 

  27. Nessett, D. M. (1990). A critique of the Burrows, Abadi, and Needham logic. Operating Systems Review, 24(2), 35–38.

    Article  Google Scholar 

  28. Gong, L., Needham, R., & Yahalom, R. (1990). Reasoning about belief in cryptographic protocols. In Proceedings of 1990 IEEE computer society symposium research in security and privacy (pp. 234–246).

    Chapter  Google Scholar 

Download references

Acknowledgements

This research was partially supported by Program for Changjiang Scholars and Innovative Research Team in University, the National High Technology Research and Development Program of China (863 Program) (2009AA01Z401, 2009AA01Z141) and the National Natural Science Foundation of China (90718012, 90818023).

Author information

Authors and Affiliations

  1. Key Laboratory of Embedded System and Service Computing of Ministry of Education, Tongji University, Shanghai, 201804, China

    Jian-Jun Yuan

Authors
  1. Jian-Jun Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian-Jun Yuan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yuan, JJ. An enhanced two-factor user authentication in wireless sensor networks. Telecommun Syst 55, 105–113 (2014). https://doi.org/10.1007/s11235-013-9755-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-013-9755-5

Keywords

Search

Navigation