Wireless Personal Communications

, Volume 77, Issue 2, pp 907–922 | Cite as

Notes on “A Temporal-Credential-Based Mutual Authentication and Key Agreement Scheme for Wireless Sensor Networks”

  • Muhamed TurkanovićEmail author
  • Marko Hölbl


Xue et al. recently proposed an innovative mutual authentication and key agreement scheme for wireless sensor networks based on temporal credential using smart cards. However, in this paper we demonstrate that their scheme is vulnerable to password guessing attacks, node capture attacks and denial-of-service attacks. Furthermore we show that their scheme has some inconsistencies which make it less secure and more computationally costly than originally presented.


Wireless sensor network Mutual authentication Temporal credential  Key agreement Smart card 



The authors are grateful to all referees for important and helpful remarks, advice and suggestions concerning the content of the paper.


  1. 1.
    Xue, K., Ma, C., Hong, P., & Ding, R. (2012). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36(1), 316–323. doi: 10.1016/j.jnca.2012.05.010.CrossRefGoogle Scholar
  2. 2.
    Yeh, H.-L., Chen, T.-H., Liu, P.-C., Kim, T.-H., & Wei, H.-W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors, 11(5), 4767–4779.CrossRefGoogle Scholar
  3. 3.
    Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656. doi: 10.1016/j.jnca.2012.03.011.CrossRefGoogle Scholar
  4. 4.
    Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10(3), 2450–2459.CrossRefGoogle Scholar
  5. 5.
    Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090. doi: 10.1109/twc.2008.080128.CrossRefGoogle Scholar
  6. 6.
    Chen, T.-H., & Shih, W.-K. (2010). A robust mutual authentication protocol for wireless sensor networks (Vol. 32, Vol. 5). Taejon, COREE, REPUBLIQUE DE: Electronics and Telecommunications Research Institute.Google Scholar
  7. 7.
    Xiang, T., Wong, K. W., & Liao, X. F. (2008). Cryptanalysis of a password authentication scheme over insecure networks. Journal of Computer and System Sciences, 74(5), 657–661. doi: 10.1016/j.jcss.2007.05.001.Google Scholar
  8. 8.
    He, D., Wu, S., & Chen, J. (2012). Note on ‘Design of improved password authentication and update scheme based on elliptic curve cryptography’. Mathematical and Computer Modelling, 55(3–4), 1661–1664. doi: 10.1016/j.mcm.2011.10.079.CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Knudsen, L., & Robshaw, M. B. (2011). Brute force attacks. In: The block cipher companion. Information Security and Cryptography (pp. 95–108). Springer, Berlin, Heidelberg.Google Scholar
  10. 10.
    Adams, C. (2011). Dictionary attack. In H. A. van Tilborg & S. Jajodia (Eds.), Encyclopedia of cryptography and security (p. 332). USA: Springer.Google Scholar
  11. 11.
    Graham, R. (2009). How hackers will crack your password. Accessed 11 Sept 2013
  12. 12.
    Bonneau, J. (2012). The science of guessing: analyzing an anonymized corpus of 70 million passwords. Paper presented at the 2012 IEEE symposium on security and privacy. San Francisco, CA, USA.Google Scholar
  13. 13.
    Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.CrossRefMathSciNetGoogle Scholar
  14. 14.
    Kocher, P. C., Jaffe, J., & Jun, B. (1999). Differential power analysis. Paper presented at the proceedings of the 19th annual international cryptology conference on advances in cryptology.Google Scholar
  15. 15.
    Newsome, J., Shi, E., Song, D., & Perrig, A. (2004). The sybil attack in sensor networks: analysis and defenses. Paper presented at the proceedings of the 3rd international symposium on information processing in sensor networks, Berkeley, California, USA.Google Scholar
  16. 16.
    Zhu, W. T., Zhou, J., Deng, R. H., & Bao, F. (2012). Detecting node replication attacks in wireless sensor networks: a survey. Journal of Network and Computer Applications, 35(3), 1022–1034. doi: 10.1016/j.jnca.2012.01.002.CrossRefGoogle Scholar
  17. 17.
    Wood, A., & Stankovic, J. A. (2002). Denial of service in sensor networks. Computer, 35(10), 54–62. doi: 10.1109/mc.2002.1039518.CrossRefGoogle Scholar
  18. 18.
    Yussoff, Y. M., Hashim, H., Rosli, R., & Baba, M. D. (2012). A review of physical attacks and trusted platforms in wireless sensor networks. Procedia Engineering, 41(0), 580–587. doi: 10.1016/j.proeng.2012.07.215.CrossRefGoogle Scholar
  19. 19.
    Nanda, R., & Krishna, P. V. (2011). Mitigating denial of service attacks in hierarchical wireless sensor networks. Network Security, 2011(10), 14–18. doi: 10.1016/S1353-4858(11)70107-6.CrossRefGoogle Scholar
  20. 20.
    Zhang, Y.-Y., Li, X.-Z., & Liu, Y.-A. (2012). The detection and defence of DoS attack for wireless sensor network. The Journal of China Universities of Posts and Telecommunications, 19(Suppl 2), 52–56. doi: 10.1016/S1005-8885(11)60444-5.Google Scholar
  21. 21.
    Raymond, D. R., & Midkiff, S. F. (2008). Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Computing, 7(1), 74–81. doi: 10.1109/mprv.2008.6.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Faculty of Electrical Engineering and Computer ScienceUniversity of MariborMariborSlovenia

Personalised recommendations