Cryptanalysis of Vaidya et al.'s User Authentication Scheme with Key Agreement in Wireless Sensor Networks

Abstract

User authentication in wireless sensor networks (WSN) is critical due to their unattended and even hostile deployment in the field. The open environment of WSN requires mechanisms which prevent unauthorized user from accessing the information from WSN. Recently, M.L.Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kinds of attack. However, Khan et. al. and Vaidya et. al. show that the M.L.Das's scheme does not provide mutual authentication between the gateway node and sensor nodes and is vulnerable to gateway node bypassing attack and privileged-insider attack. Chen-Shih point out that Das's scheme cannot resist parallel session attack. Moreover, they proposed improved schemes based on Das's user authentication scheme. Among the three improved schemes, Vaidya et. al.'s scheme is the most secure against different kinds of attack. Though Vaidya et. al. claim that their scheme is robust to various attacks, unfortunately, we find that their scheme still suffers from user impersonation attack, forgery attack with node capture and sensor node impersonation attack.