User authentication protocols are applied to provide a secure conversation between participating entities in wireless sensor networks (WSNs). To identify how to ensure security in these schemes, it is imperative to look into the security vulnerabilities of these authentication mechanisms. As a part of this study, we examine the security of four 2-factor authentication schemes for WSNs (namely, Zhang and Wen, Jangirala et al., Maurya and Sastry and Singh et al.). Security verification result shows that they are all confronted by serious security weaknesses (like sensor node capture attack, exposer of session key by gateway node attack, smart card lost attack, malicious gateway node attack, and session-specific ephemeral information loss attack) and lack of important security functionalities (like multi-factor security, perfect forward secrecy, user anonymity and untraceability, and session key security). This research concentrates on the ‘root cause of the problem. This will help in the research and development of reliable and efficient user authentication mechanisms for WSNs. Our research results point out some new challenges in building reliable multi-factor mechanisms of user authentication for WSNs. We additionally identify some significant insights from the cryptanalysis results of these mechanisms.
Read full abstract