Advertisement

Security Analysis of ‘Two–Factor User Authentication in Wireless Sensor Networks’

  • Muhammad Khurram Khan
  • Khaled Alghathbar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6059)

Abstract

Authenticating remote users in wireless sensor networks (WSN) is an important security issue due to their un-attended and hostile deployments. Usually, sensor nodes are equipped with limited computing power, storage, and communication module, thus authenticating remote users in such resource-constrained environment is a critical security concern. Recently, M.L Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kind of attacks. However, in this paper, we prove that M.L Das-scheme has some critical security pitfalls and is not recommended for real application. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack.

Keywords

Sensor Node Wireless Sensor Network Smart Card User Authentication Authentication Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chiara, B., Andrea, C., Davide, D., Roberto, V.: An Overview on Wireless Sensor Networks Technology and Evolution. Sensors 9, 6869–6896 (2009)CrossRefGoogle Scholar
  2. 2.
    Callaway, E.H.: Wireless Sensor Networks, Architectures and Protocols. Auerbach Publications, Taylor & Francis Group, USA (2003)Google Scholar
  3. 3.
    Chong, C.Y., Kumar, S.: Sensor Networks: Evolution, Opportunities, and Challenges. Proceedings of the IEEE 91, 1247–1256 (2003)CrossRefGoogle Scholar
  4. 4.
    Benenson, Z., Felix, C.G., Dogan, K.: User Authentication in Sensor Networks. In: Proceedings of Workshop Sensor Networks, Germany, pp. 385–389 (2004)Google Scholar
  5. 5.
    Watro, R., Derrick, K., Sue-fen, C., Charles, G., Charles, L., Peter, K.: TinyPK: Securing Sensor Networks with Public Key Technology. In: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, USA, pp. 59–64 (2004)Google Scholar
  6. 6.
    Wong, K.H.M., Yuan, Z., Jiannong, C., Shengwei, W.: A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, pp. 244–251 (2006)Google Scholar
  7. 7.
    Tseng, H.R., Jan, R.H., Yang, W.: An Improved Dynamic User Authentication Scheme for Wireless Sensor Networks. In: Proceedings of IEEE Globecom, pp. 986–990 (2007)Google Scholar
  8. 8.
    Tsern, H.L.: Simple Dynamic User Authentication Protocols for Wireless Sensor Networks. In: Proceedings of 2nd International Conference on Sensor Technologies and Applications, pp. 657–660 (2008)Google Scholar
  9. 9.
    Ko, L.C.: A Novel Dynamic User Authentication Scheme for Wireless Sensor Networks. In: Proceedings of IEEE ISWCS, pp. 608–612 (2008)Google Scholar
  10. 10.
    Binod, V., Jorge, S.S., Joel, J.P.C.R.: Robust Dynamic User Authentication Scheme for Wireless Sensor Networks. In: Proceedings of ACM Q2SWinet, Spain, pp. 88–91 (2009)Google Scholar
  11. 11.
    Das, M.L.: Two-Factor User Authentication in Wireless Sensor Networks. IEEE Transactions on Wireless Communications 8, 1086–1090 (2009)CrossRefGoogle Scholar
  12. 12.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  13. 13.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smartcard Security under the Threat of Power Analysis Attacks. IEEE Transactions on Computers 51, 541–552 (2002)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Khan, M.K., Zhang, J.: Improving the Security of A Flexible Biometrics Remote User Authentication Scheme. Computer Standards & Interfaces, Elsevier Science 29, 82–85 (2007)CrossRefGoogle Scholar
  15. 15.
    Ku, W.C., Chen, S.M.: Weaknesses and Improvements of An Efficient Password based Remote user Authentication Scheme using Smart Cards. IEEE Transactions on Consumer Electronics (50), 204–207 (2004)Google Scholar
  16. 16.
    Wang, X., Zhang, W., Zhang, J., Khan, M.K.: Cryptanalysis and Improvement on Two Efficient Remote User Authentication Scheme using Smart Cards. Computer Standards & Interfaces, Elsevier Science 29, 507–512 (2007)CrossRefGoogle Scholar
  17. 17.
    Khan, M.K.: Fingerprint Biometric-based Self and Deniable Authentication Schemes for the Electronic World. IETE Technical Review 26, 191–195 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Muhammad Khurram Khan
    • 1
  • Khaled Alghathbar
    • 2
  1. 1.Center of Excellence in Information AssuranceKing Saud UniversitySaudi Arabia
  2. 2.Information Systems Department, College of Computer and Information SciencesKing Saud UniversitySaudi Arabia

Personalised recommendations