Formal security analysis and verification of a password-based user authentication scheme for hierarchical wireless sensor networks

Abstract

In 2012, Das et al. proposed a new password-based remote user authentication scheme in hierarchical wireless sensor networks (HWSNs). The proposed scheme achieves better security and efficiency as compared to those for other existing password-based schemes proposed in HWSNs. In this paper, we first analyse Das et al.’s scheme for formal security under the random oracle models to show their scheme is secure. Furthermore, we simulate this proposed scheme for formal security verification using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool. Using the AVISPA model checkers, we show that Das et al.’s scheme is also secure against possible passive and active attacks, including the replay and man-in-the-middle attacks. In addition, we also simulate the existing password-based schemes for formal security verification using AVISPA tool and provide a comparison among Das et al.’s scheme and other schemes. It is shown that Das et al.’s scheme outperforms other existing approaches.