Abstract
User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.
Highlights
A wireless sensor network (WSN) is composed of a number of sensors that are deployed to collect data in a target area [1,2]
In 2012, Vaidya et al [12] pointed out that the schemes proposed by Das [3], Kan and Alghathbar [4] and Chen and Shih [11] are all insecure against stolen smart card attacks and sensor node impersonation attacks with node capture attacks and do not provide key agreement [12]
We present that gateway node bypassing attacks and user impersonation attacks are possible using secret data stored in a sensor or an attacker’s own smart card in Vaidya et al.’s scheme
Summary
A wireless sensor network (WSN) is composed of a number of sensors (tens to thousands) that are deployed to collect data in a target area [1,2]. In 2012, Vaidya et al [12] pointed out that the schemes proposed by Das [3], Kan and Alghathbar [4] and Chen and Shih [11] are all insecure against stolen smart card attacks and sensor node impersonation attacks with node capture attacks and do not provide key agreement [12]. They proposed a novel two-factor mutual authentication and key agreement scheme to prevent these attacks. In the password change phase, the user side does not have to communicate with other parties
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have