Abstract
Xue et al. recently proposed an innovative mutual authentication and key agreement scheme for wireless sensor networks based on temporal credential using smart cards. However, in this paper we demonstrate that their scheme is vulnerable to password guessing attacks, node capture attacks and denial-of-service attacks. Furthermore we show that their scheme has some inconsistencies which make it less secure and more computationally costly than originally presented.
Similar content being viewed by others
References
Xue, K., Ma, C., Hong, P., & Ding, R. (2012). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36(1), 316–323. doi:10.1016/j.jnca.2012.05.010.
Yeh, H.-L., Chen, T.-H., Liu, P.-C., Kim, T.-H., & Wei, H.-W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors, 11(5), 4767–4779.
Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656. doi:10.1016/j.jnca.2012.03.011.
Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10(3), 2450–2459.
Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090. doi:10.1109/twc.2008.080128.
Chen, T.-H., & Shih, W.-K. (2010). A robust mutual authentication protocol for wireless sensor networks (Vol. 32, Vol. 5). Taejon, COREE, REPUBLIQUE DE: Electronics and Telecommunications Research Institute.
Xiang, T., Wong, K. W., & Liao, X. F. (2008). Cryptanalysis of a password authentication scheme over insecure networks. Journal of Computer and System Sciences, 74(5), 657–661. doi:10.1016/j.jcss.2007.05.001.
He, D., Wu, S., & Chen, J. (2012). Note on ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’. Mathematical and Computer Modelling, 55(3–4), 1661–1664. doi:10.1016/j.mcm.2011.10.079.
Knudsen, L., & Robshaw, M. B. (2011). Brute force attacks. In: The block cipher companion. Information Security and Cryptography (pp. 95–108). Springer, Berlin, Heidelberg.
Adams, C. (2011). Dictionary attack. In H. A. van Tilborg & S. Jajodia (Eds.), Encyclopedia of cryptography and security (p. 332). USA: Springer.
Graham, R. (2009). How hackers will crack your password. http://www.darkreading.com/hacked-off/how-hackers-will-crack-your-password/227700892. Accessed 11 Sept 2013
Bonneau, J. (2012). The science of guessing: analyzing an anonymized corpus of 70 million passwords. Paper presented at the 2012 IEEE symposium on security and privacy. San Francisco, CA, USA.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Kocher, P. C., Jaffe, J., & Jun, B. (1999). Differential power analysis. Paper presented at the proceedings of the 19th annual international cryptology conference on advances in cryptology.
Newsome, J., Shi, E., Song, D., & Perrig, A. (2004). The sybil attack in sensor networks: analysis and defenses. Paper presented at the proceedings of the 3rd international symposium on information processing in sensor networks, Berkeley, California, USA.
Zhu, W. T., Zhou, J., Deng, R. H., & Bao, F. (2012). Detecting node replication attacks in wireless sensor networks: a survey. Journal of Network and Computer Applications, 35(3), 1022–1034. doi:10.1016/j.jnca.2012.01.002.
Wood, A., & Stankovic, J. A. (2002). Denial of service in sensor networks. Computer, 35(10), 54–62. doi:10.1109/mc.2002.1039518.
Yussoff, Y. M., Hashim, H., Rosli, R., & Baba, M. D. (2012). A review of physical attacks and trusted platforms in wireless sensor networks. Procedia Engineering, 41(0), 580–587. doi:10.1016/j.proeng.2012.07.215.
Nanda, R., & Krishna, P. V. (2011). Mitigating denial of service attacks in hierarchical wireless sensor networks. Network Security, 2011(10), 14–18. doi:10.1016/S1353-4858(11)70107-6.
Zhang, Y.-Y., Li, X.-Z., & Liu, Y.-A. (2012). The detection and defence of DoS attack for wireless sensor network. The Journal of China Universities of Posts and Telecommunications, 19(Suppl 2), 52–56. doi:10.1016/S1005-8885(11)60444-5.
Raymond, D. R., & Midkiff, S. F. (2008). Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Computing, 7(1), 74–81. doi:10.1109/mprv.2008.6.
Acknowledgments
The authors are grateful to all referees for important and helpful remarks, advice and suggestions concerning the content of the paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Turkanović, M., Hölbl, M. Notes on “A Temporal-Credential-Based Mutual Authentication and Key Agreement Scheme for Wireless Sensor Networks”. Wireless Pers Commun 77, 907–922 (2014). https://doi.org/10.1007/s11277-013-1543-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-013-1543-8