Browse > Article
http://dx.doi.org/10.7236/JIIBC.2015.15.4.63

Analysis on Security Vulnerabilities of a Password-based User Authentication Scheme for Hierarchical Wireless Sensor Networks  

Joo, Young-Do (Dept. of Computer & Media Information, Kangnam University)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.15, no.4, 2015 , pp. 63-70 More about this Journal
Abstract
The numerous improved schemes of user authentication based on password have been proposed in order to prevent the data access from the unauthorized person. The importance of user authentication has been remarkably growing in the expanding application areas of wireless sensor networks. Recently, emerging wireless sensor networks possesses a hierarchy among the nodes which are divided into cluster heads and sensor nodes. Such hierarchical wireless sensor networks have more operational advantages by reducing the energy consumption and traffic load. In 2012, Das et al. proposed a user authentication scheme to be applicable for the hierarchical wireless sensor networks. Das et al. claimed that their scheme is effectively secure against the various security flaws. In this paper, author will prove that Das et al.'s scheme is still vulnerable to man-in-the-middle attack, password guessing/change attack and does not support mutual authentication between the user and the cluster heads.
Keywords
Hierarchical Wireless Sensor Network; Man-in-the-middle Attack; Mutual Authentication;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 A. K. Das, "An Unconditionally Secure Key Management Scheme for Large-scale Wireless Sensor Networks", IEEE International Conference on Communication systems and Networks, pp. 1-10, 2009.
2 A. K. Das, P. Sharma, S. Chatterjee, and J. K. Sing, "A Dynamic Password-based User Authentication Scheme for Hierarchical Wireless Sensor Networks", Journal of Network and Computer Applications, Vol. 35, No, 5, pp. 1646-1656, 2012.   DOI
3 L. Lamport, "Password Authentication with Insecure Communication", Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981.   DOI
4 R. Watro, and D. Kong, et al., "Securing Sensor Network with Public Key Technology", ACM Workshop Security of Ad Hoc Sensor Network, pp. 59-64, 2004.
5 K. Wong, Y. Zheng, and J. Cao, et al., "A Dynamic User Authentication Scheme for Wireless Sensor Networks", IEEE International Conference Sensor Networks, Ubiquitous and Trustworthy Computing, IEEE Computing Society, pp. 244-251, 2006.
6 M. L. Das, "Two-factor User Authentication Scheme in Wireless Sensor Network", IEEE Transactions on Wireless Communications, Vol. 8, No. 3, pp. 1086-1090, 2009.   DOI   ScienceOn
7 M. K. Khan, and K. Alghathbar, "Cryptanalysis and Security Improvements of Two-factor User Authentication in Wireless Sensor Networks", Sensors, Vol. 10, No. 3, pp. 2450-2459, 2010.   DOI   ScienceOn
8 D. He, Y. Gao, S. Chan, C. Chen, and J. Bu, "An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks", Ad Hoc & Sensor Wireless Networks, Vol. 10, No. 4, pp. 361-371, 2010.
9 H. L. Yeh, T. H. Chen, P. C. Liu, T. H. Kim, and H. W. Wei, "A Secure Authentication Protocol for Wireless Sensor Network Using Elliptic Curve Cryptography", Sensors, Vol. 11, No. 5, pp. 4767-4779, 2011.   DOI
10 C. T. Li, C. Y. Weng, and C. C. Lee, et al., "Security Flaws of a Password Authentication Scheme for Hierarchical WSNs", Journal of Advances in Computer Networks, Vol. 1, No. 2, pp. 121-124, 2013.
11 J. Yuan, C. Jiang, and Z. Jiang, "A Biometric-Based User Authentication for Wireless Sensor Networks", Wuhan University Journal of Natural Science, Vol. 15, No. 3, pp. 272-276, 2010.   DOI
12 H. Lee, and Y. Park, "A Design and Implementation of User Authentication System using Biometric Information", Journal of the Korea Academia-Industrial Cooperation Society(JKAIS), Vol. 11, No. 9, pp. 3548-3557, 2010.   DOI
13 Y. Joo, "Analysis on Security Vulnerabilities of a Biometric-based User Authentication Scheme for Wireless Sensor Networks", Journal of the Institute of Internet, Broadcasting and Communication(JIIBC), Vol. 14, No. 2, pp. 147-153, 2014.   DOI
14 P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology, pp. 388-397, 1999.
15 T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks", IEEE Transactions on Computers, Vol. 51, No. 5, pp. 541-552, 2002   DOI