Abstract
User authentication is a basic security requirement during the deployment of the wireless sensor network (WSN), because it may operate in a rather hostile environment, such as a military battlefield. In 2010, Khan and Alghathbar (KA) found out that Das’s two-factor user authentication scheme for WSNs is vulnerable to the gateway node (GW-node) bypassing attack and the privileged-insider attack. They further presented an improved scheme to overcome the security flaws of Das’s scheme. However, in this paper, we show that KA’s scheme still suffers from the GW-node impersonation attack, the GW-node bypassing attack, and the privileged-insider attack. Hence, to fix the security flaws in KA’s scheme, we propose a new user authentication scheme for WSNs. The security of the user authentication session in the proposed scheme is reduced by the model of Bellare and Rogaway. The security of partial compromise of secrets in the proposed scheme is reduced and analyzed by our adversarial model. Based on the performance evaluation, the overall cost of the proposed scheme is less than that of KA’s scheme. Hence, we believe that the proposed scheme is more suitable for real security applications than KA’s scheme.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00779-012-0540-3/MediaObjects/779_2012_540_Fig1_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00779-012-0540-3/MediaObjects/779_2012_540_Fig2_HTML.gif)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs00779-012-0540-3/MediaObjects/779_2012_540_Fig3_HTML.gif)
Similar content being viewed by others
![](https://media.springernature.com/w215h120/springer-static/image/art%3Aplaceholder%2Fimages/placeholder-figure-springernature.png)
References
Chen JH, Salim MB, Matsumoto M (2011) A single mobile target tracking in Voronoi-based clustered wireless sensor network. J Inf Process Syst 7(1):17–28
Kumar D, Aseri TC, Patel RB (2011) Multi-hop communication routing (MCR) protocol for heterogeneous wireless sensor networks. Int J Inf Technol Commun Converg 1(2):130–145
Zhao G, Kumar A (2011) Lifetime-aware geographic routing under a realistic link layer model in wireless sensor networks. Int J Inf Technol Commun Converg 1(3):297–317
Jeong YS, Lee SH (2006) Secure key management protocol in the wireless sensor network. J Inf Process Syst 2(1):48–51
Ponomarchuk Y, Seo DW (2010) Intrusion detection based on traffic analysis and fuzzy inference system in wireless sensor networks. J Converg 1(1):35–42
Sarkar P, Saha A (2011) Security enhanced communication in wireless sensor networks using Reed-Muller codes and partially balanced incomplete block designs. J Converg 2(1):23–30
A Wireless Sensor Networks Bibliography, Autonomous Networks Research Group. Available at http://anrg.usc.edu/www/SensorNetBib.html#Security
Watro R, Kong D, Cuti SF, Gardiner C, Lynn C, Kruus P (2004) TinyPK: securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of Ad Hoc and sensor networks-SASN’04, ACM: New York, USA, p 59–64
Benenson Z, Gedicke N, Raivio O (2005) Realizing robust user authentication in sensor networks. In: Proceedings of workshop on real-world wireless sensor networks-REALWSN’05, Stockholm, Sweden
Moises SR, Gina GG, Gonzalo DS (2009) An authentication protocol for sensor networks using pairings. In: Proceedings of international conference on electrical, communications, and computers, IEEE Computer Society, p 168–172
Oliveira LB, Aranha DF, Gouvêa CPL, Scott M, Câmara DF, López J, Dahab R (2011) TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks. Comput Commun 34(3):485–493
Wong KHM, Zheng Y, Cao JN, Wang SW (2006) A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international conference on sensor networks, ubiquitous, and trustworthy computing-SUTC’06, IEEE Computer Society, p 244–251
Tseng HR, Jan RH, Yang W (2007) An improved dynamic user authentication scheme for wireless sensor networks. In: Proceedings of the IEEE global communications conference-GLOBECOM’07, IEEE Communications Society, p 986–990
Lee TH (2008) Simple dynamic user authentication protocols for wireless sensor networks. In: Proceedings of 2nd international conference on sensor technologies and applications-SENSORCOMM’08, IEEE Computer Society, p 657–660
Ko LC (2008) A novel dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international symposium on wireless communication systems-ISWCS’08, p 608–612
Vaidya B, Silva JS, Rodrigues JJPC (2009) Robust dynamic user authentication scheme for wireless sensor networks. In: Proceedings of the 5th ACM symposium on QoS and security for wireless and mobile networks-Q2SWinet’09, ACM, New York, USA, p 88–91
Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090
Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors 10(3):2450–2459
Kelsey J, Schneier B, Wagner D, Hall C (1998) Side channel cryptanalysis of product ciphers. In: Proceedings of 5th european symposium on research in computer security-ESORICS’98, Springer-Verlag, Berlin, Germany, LNCS 1485, p 97–110
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of 19th annual international cryptology conference: advances in cryptology-CRYPTO’99, Springer-Verlag, Berlin, Germany, LNCS 1666, p 388–397
Li G, Lomas MA, Needham RM, Saltzer JH (1993) Protecting poorly chosen secrets from guessing attacks. IEEE J Sel Areas Commun 11(5):648–656
Halevi S, Krawczyk H (1999) Public-key cryptography and password protocols. ACM Trans Inf Syst Secur 2(3):230–268
Sun DZ, Zhong JD, Sun Y (2005) Weakness and improvement on Wang-Li-Tie’s user-friendly remote authentication scheme. Appl Math Comput 170(2):1185–1193
Sun DZ, Huai JP, Sun JZ, Li JX, Zhang JW, Feng ZY (2009) Improvements of Juang et al.’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291
Sun DZ, Huai JP, Sun JZ, Cao ZF (2007) An efficient modular exponentiation algorithm against simple power analysis attacks. IEEE Trans Consum Electron 53(4):1718–1723
Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: Proceedings of 13th annual international cryptology conference: advances in cryptology-CRYPTO’93, Springer-Verlag, Berlin, Germany, LNCS 773, p 232–249
Ha J, Moon S, Zhou J, Ha J (2008) A new formal proof model for RFID location privacy. In: Proceedings of european symposium on research in computer security-ESORICS’08, Springer-Verlag, Berlin, Germany, LNCS 5283, p 267–281
Juels A, Weis SA (2009) Defining strong privacy for RFID. ACM Trans Inf Syst Secur 13(1): 7:1–7:23
Acknowledgments
The authors would like to thank the editor and the reviewers for their useful suggestions and comments. This work was supported in part by the China Postdoctoral Science Foundation Special Funded Project under Grant No. 200902043, in part by the Doctoral Program Foundation of Institutions of Higher Education of China Funded the New Teacher Project under Grant No. 200800561044, in part by the National Natural Science Foundation of China under Grant No. 61003306, and in part by the Natural Science Foundation of Tianjin under Grant No. 11JCZDJC15800.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sun, DZ., Li, JX., Feng, ZY. et al. On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput 17, 895–905 (2013). https://doi.org/10.1007/s00779-012-0540-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-012-0540-3