Skip to main content
SpringerLink
Log in

On the security and improvement of a two-factor user authentication scheme in wireless sensor networks

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

User authentication is a basic security requirement during the deployment of the wireless sensor network (WSN), because it may operate in a rather hostile environment, such as a military battlefield. In 2010, Khan and Alghathbar (KA) found out that Das’s two-factor user authentication scheme for WSNs is vulnerable to the gateway node (GW-node) bypassing attack and the privileged-insider attack. They further presented an improved scheme to overcome the security flaws of Das’s scheme. However, in this paper, we show that KA’s scheme still suffers from the GW-node impersonation attack, the GW-node bypassing attack, and the privileged-insider attack. Hence, to fix the security flaws in KA’s scheme, we propose a new user authentication scheme for WSNs. The security of the user authentication session in the proposed scheme is reduced by the model of Bellare and Rogaway. The security of partial compromise of secrets in the proposed scheme is reduced and analyzed by our adversarial model. Based on the performance evaluation, the overall cost of the proposed scheme is less than that of KA’s scheme. Hence, we believe that the proposed scheme is more suitable for real security applications than KA’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Chen JH, Salim MB, Matsumoto M (2011) A single mobile target tracking in Voronoi-based clustered wireless sensor network. J Inf Process Syst 7(1):17–28

    Google Scholar 

  2. Kumar D, Aseri TC, Patel RB (2011) Multi-hop communication routing (MCR) protocol for heterogeneous wireless sensor networks. Int J Inf Technol Commun Converg 1(2):130–145

    Google Scholar 

  3. Zhao G, Kumar A (2011) Lifetime-aware geographic routing under a realistic link layer model in wireless sensor networks. Int J Inf Technol Commun Converg 1(3):297–317

    Google Scholar 

  4. Jeong YS, Lee SH (2006) Secure key management protocol in the wireless sensor network. J Inf Process Syst 2(1):48–51

    Google Scholar 

  5. Ponomarchuk Y, Seo DW (2010) Intrusion detection based on traffic analysis and fuzzy inference system in wireless sensor networks. J Converg 1(1):35–42

    Google Scholar 

  6. Sarkar P, Saha A (2011) Security enhanced communication in wireless sensor networks using Reed-Muller codes and partially balanced incomplete block designs. J Converg 2(1):23–30

    Google Scholar 

  7. A Wireless Sensor Networks Bibliography, Autonomous Networks Research Group. Available at http://anrg.usc.edu/www/SensorNetBib.html#Security

  8. Watro R, Kong D, Cuti SF, Gardiner C, Lynn C, Kruus P (2004) TinyPK: securing sensor networks with public key technology. In: Proceedings of the 2nd ACM workshop on security of Ad Hoc and sensor networks-SASN’04, ACM: New York, USA, p 59–64

  9. Benenson Z, Gedicke N, Raivio O (2005) Realizing robust user authentication in sensor networks. In: Proceedings of workshop on real-world wireless sensor networks-REALWSN’05, Stockholm, Sweden

  10. Moises SR, Gina GG, Gonzalo DS (2009) An authentication protocol for sensor networks using pairings. In: Proceedings of international conference on electrical, communications, and computers, IEEE Computer Society, p 168–172

  11. Oliveira LB, Aranha DF, Gouvêa CPL, Scott M, Câmara DF, López J, Dahab R (2011) TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks. Comput Commun 34(3):485–493

    Article  Google Scholar 

  12. Wong KHM, Zheng Y, Cao JN, Wang SW (2006) A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international conference on sensor networks, ubiquitous, and trustworthy computing-SUTC’06, IEEE Computer Society, p 244–251

  13. Tseng HR, Jan RH, Yang W (2007) An improved dynamic user authentication scheme for wireless sensor networks. In: Proceedings of the IEEE global communications conference-GLOBECOM’07, IEEE Communications Society, p 986–990

  14. Lee TH (2008) Simple dynamic user authentication protocols for wireless sensor networks. In: Proceedings of 2nd international conference on sensor technologies and applications-SENSORCOMM’08, IEEE Computer Society, p 657–660

  15. Ko LC (2008) A novel dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE international symposium on wireless communication systems-ISWCS’08, p 608–612

  16. Vaidya B, Silva JS, Rodrigues JJPC (2009) Robust dynamic user authentication scheme for wireless sensor networks. In: Proceedings of the 5th ACM symposium on QoS and security for wireless and mobile networks-Q2SWinet’09, ACM, New York, USA, p 88–91

  17. Das ML (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090

    Article  Google Scholar 

  18. Khan MK, Alghathbar K (2010) Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors 10(3):2450–2459

    Article  Google Scholar 

  19. Kelsey J, Schneier B, Wagner D, Hall C (1998) Side channel cryptanalysis of product ciphers. In: Proceedings of 5th european symposium on research in computer security-ESORICS’98, Springer-Verlag, Berlin, Germany, LNCS 1485, p 97–110

  20. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of 19th annual international cryptology conference: advances in cryptology-CRYPTO’99, Springer-Verlag, Berlin, Germany, LNCS 1666, p 388–397

  21. Li G, Lomas MA, Needham RM, Saltzer JH (1993) Protecting poorly chosen secrets from guessing attacks. IEEE J Sel Areas Commun 11(5):648–656

    Article  Google Scholar 

  22. Halevi S, Krawczyk H (1999) Public-key cryptography and password protocols. ACM Trans Inf Syst Secur 2(3):230–268

    Article  Google Scholar 

  23. Sun DZ, Zhong JD, Sun Y (2005) Weakness and improvement on Wang-Li-Tie’s user-friendly remote authentication scheme. Appl Math Comput 170(2):1185–1193

    Article  MathSciNet  MATH  Google Scholar 

  24. Sun DZ, Huai JP, Sun JZ, Li JX, Zhang JW, Feng ZY (2009) Improvements of Juang et al.’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291

    Article  Google Scholar 

  25. Sun DZ, Huai JP, Sun JZ, Cao ZF (2007) An efficient modular exponentiation algorithm against simple power analysis attacks. IEEE Trans Consum Electron 53(4):1718–1723

    Article  MATH  Google Scholar 

  26. Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: Proceedings of 13th annual international cryptology conference: advances in cryptology-CRYPTO’93, Springer-Verlag, Berlin, Germany, LNCS 773, p 232–249

  27. Ha J, Moon S, Zhou J, Ha J (2008) A new formal proof model for RFID location privacy. In: Proceedings of european symposium on research in computer security-ESORICS’08, Springer-Verlag, Berlin, Germany, LNCS 5283, p 267–281

  28. Juels A, Weis SA (2009) Defining strong privacy for RFID. ACM Trans Inf Syst Secur 13(1): 7:1–7:23

    Google Scholar 

Download references

Acknowledgments

The authors would like to thank the editor and the reviewers for their useful suggestions and comments. This work was supported in part by the China Postdoctoral Science Foundation Special Funded Project under Grant No. 200902043, in part by the Doctoral Program Foundation of Institutions of Higher Education of China Funded the New Teacher Project under Grant No. 200800561044, in part by the National Natural Science Foundation of China under Grant No. 61003306, and in part by the Natural Science Foundation of Tianjin under Grant No. 11JCZDJC15800.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Tianjin University, No. 92 Weijin Road, Nankai District, Tianjin, 300072, People’s Republic of China

    Da-Zhi Sun, Zhi-Yong Feng & Guang-Quan Xu

  2. School of Computer Science and Engineering, Beihang University, No. 37 Xueyuan Road, Haidian District, Beijing, 100191, People’s Republic of China

    Jian-Xin Li

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 800 Dongchuan Road, Minhang District, Shanghai, 200240, People’s Republic of China

    Zhen-Fu Cao

Authors
  1. Da-Zhi Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian-Xin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhi-Yong Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhen-Fu Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guang-Quan Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Da-Zhi Sun.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sun, DZ., Li, JX., Feng, ZY. et al. On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput 17, 895–905 (2013). https://doi.org/10.1007/s00779-012-0540-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-012-0540-3

Keywords

Search

Navigation