Article thumbnail

Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks

By Ding Wang and Ping Wang

Abstract

Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. In this work, we investigate two recent proposals in the area of smart-card-based password authentication for security-critical real-time data access applications in hierarchical wireless sensor networks (HWSN). Firstly, we analyze an efficient and DoS-resistant user authentication scheme introduced by Fan et al. in 2011. This protocol is the first attempt to address the problems of user authentication in HWSN and only involves lightweight cryptographic primitives, such as one-way hash function and XOR operations, and thus it is claimed to be suitable for the resource-constrained HWSN environments. However, it actually has several security loopholes being overlooked, and we show it is vulnerable to user anonymity violation attack, smart card security breach attack, sensor node capture attack and privileged insider attack, as well as its other practical pitfalls. Then, A.K. Das et al.'s protocol is scrutinized, and we point out that it cannot achieve the claimed security goals: (1) It is prone to smart card security breach attack; (2) it fails to withstand privileged insider attack; and (3) it suffers from the defect of server master key disclosure. Our cryptanalysis results discourage any practical use of these two schemes and reveal some subtleties and challenges in designing this type of schemes. Furthermore, using the above two foremost schemes as case studies, we take a first step towards investigating the underlying rationale of the identified security failures, putting forward three basic principles which we believe will be valuable to protocol designers for advancing more robust two-factor authentication schemes for HWSN in the future. (C) 2014 Elsevier B.V. All rights reserved.http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000337869200001&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=8e1609b174ce4e31116a60747a720701Computer Science, Information SystemsTelecommunicationsSCI(E)EI22ARTICLEwangdingg@mail.nankai.edu.cn1-152

Topics: Password authentication, Hierarchical wireless sensor networks, User anonymity, Smart card, Non-tamper resistant, REMOTE USER AUTHENTICATION, CLIENT-SERVER ENVIRONMENT, SMART-CARDS, PASSWORD AUTHENTICATION, MUTUAL AUTHENTICATION, KEY AGREEMENT, ANALYSIS ATTACKS, ACCESS-CONTROL, EFFICIENT, PROTOCOL
Year: 2014
DOI identifier: 10.1016/j.adhoc.2014.03.003
OAI identifier: oai:localhost:20.500.11897/209352
Journal:
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://hdl.handle.net/20.500.1... (external link)
  • http://gateway.webofknowledge.... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.