Abstract
In 2013, Althobaiti et al. proposed an efficient biometric-based user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack, (2) it is insecure against impersonation attack, (3) it is insecure against man-in-the-middle attack, and (4) it is also insecure against privileged insider attack. Finally, we give some pointers for improving their scheme so that the designed scheme needs to be secure against various known attacks.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: Wireless sensor networks: A Survey. Computer Networks 38(4), 393–422 (2002)
Althobaiti, O., Al-Rodhaan, M., Al-Dhelaan, A.: An efficient biometric authentication protocol for wireless sensor networks. International Journal of Distributed Sensor Networks 2013, Article ID 407971, 1–13 (2013), http://dx.doi.org/10.1155/2013/407971
Chatterjee, S., Das, A.K., Sing, J.K.: Analysis and Formal Security Verification of Access Control Schemes in Wireless Sensor Networks: A Critical Survey. Journal of Information Assurance and Security 8(1), 33–57 (2013)
Chatterjee, S., Das, A.K., Sing, J.K.: A survey on user access control in wireless sensor networks with formal security verification. International Journal of Trust Management in Computing and Communications (in press, 2014)
Chen, T.-H., Shih, W.-K.: A Robust Mutual Authentication Protocol for Wireless Sensor Networks. ETRI Journal 32(5), 704–712 (2010)
Das, A.K.: A Survey on Analytic Studies of Key Distribution Mechanisms in Wireless Sensor Networks. Journal of Information Assurance and Security 5(5), 526–553 (2010)
Das, A.K., Chatterjee, S., Sing, J.K.: Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 243–254. Springer, Heidelberg (2013)
Das, A.K., Chatterjee, S., Sing, J.K.: A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks. Ad Hoc & Sensor Wireless Networks (in press, 2014)
Das, A.K., Sharma, P., Chatterjee, S., Sing, J.K.: A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications 35(5), 1646–1656 (2012)
Das, M.L.: Two-Factor User Authentication in Wireless Sensor Networks. IEEE Transactions on Wireless Communications 8(3), 1086–1090 (2009)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Fan, R., Ping, L.-D., Fu, J.-Q., Pan, X.-Z.: A Secure and Efficient User Authentication Protocol for Two-Tieres Wireless Sensor Networks. In: Second Pacific-Asia Conference on Circuits, Communications and System (PACCS 2010), pp. 425–428 (2010)
He, D., Gao, Y., Chan, S., Chen, C., Bu, J.: An Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks. Ad Hoc & Sensor Wireless Networks 10(4), 361–371 (2010)
Khan, M.K., Alghathbar, K.: Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’. Sensors 10, 2450–2459 (2010)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lee, C.-C., Li, C.-T., Chen, S.-D.: Two Attacks on a Two-Factor User Authentication in Wireless Sensor Networks. Parallel Processing Letters 21(1), 21–26 (2011)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. Communications of the ACM 47(6), 53–57 (2004)
Secure Hash Standard. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (April 1995)
Vaidya, B., Makrakis, D., Mouftah, H.T.: Improved Two-Factor User Authentication in Wireless Sensor Networks. In: Second International Workshop on Network Assurance and Security Services in Ubiquitous Environments, pp. 600–606 (2010)
Wang, D., Wang, P.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks (in press, 2014), http://dx.doi.org/10.1016/j.adhoc.2014.03.003
Wong, K., Zheng, Y., Cao, J., Wang, S.: A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE International Conf. Sensor Networks, Ubiquitous, Trustworthy Computing, pp. 244–251. IEEE Computer Society (2006)
Yuan, J., Jiang, C., Jiang, Z.: A Biometric-Based User Authentication for Wireless Sensor Networks. Wuhan University Journal of Natural Sciences 15(3), 272–276 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Das, A.K. (2014). Cryptanalysis of an Efficient Biometric Authentication Protocol for Wireless Sensor Networks. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-44966-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44965-3
Online ISBN: 978-3-662-44966-0
eBook Packages: Computer ScienceComputer Science (R0)