Abstract
User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.
Highlights
With the recent advances in communication technologies, wireless sensor networks (WSN) have emerged as a very active research avenue
Each sensor node has some level of computing power, limited storage, and a small communication module to communicate with the outside world over an ad hoc wireless network [2]
We suggest that the Gateway node (GW)-node should only share with and there should be another secret parameter, which should only be known to the Gateway node (GW-node) and sensor nodes, and can be stored in sensor nodes before their deployment in the field
Summary
With the recent advances in communication technologies, wireless sensor networks (WSN) have emerged as a very active research avenue. Tseng et al [7] identified some security weaknesses in the scheme of Wong et al, which prevent it from being implemented in real-life environments They showed that Wong et al.’s scheme is not protected from replay and forgery attacks, passwords can be revealed by any of the sensor nodes, and users cannot freely change their passwords. M.L. Das [11] proposed a two-factor user authentication scheme in WSNs. M.L. Das identified that Wong et al.’s protocol is vulnerable to many logged-in users with the same login-id threat, that is, who has a valid user’s password can login to the sensor network [11]. Das, which is divided into two phases, namely the registration phase and the authentication phase
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
