Cryptanalysis of an Efficient Biometric Authentication Protocol for Wireless Sensor Networks

  • Ashok Kumar Das
Part of the Communications in Computer and Information Science book series (CCIS, volume 467)

Abstract

In 2013, Althobaiti et al. proposed an efficient biometric-based user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack, (2) it is insecure against impersonation attack, (3) it is insecure against man-in-the-middle attack, and (4) it is also insecure against privileged insider attack. Finally, we give some pointers for improving their scheme so that the designed scheme needs to be secure against various known attacks.

Keywords

Wireless sensor networks User authentication Smart cards Biometrics Cryptanalysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: Wireless sensor networks: A Survey. Computer Networks 38(4), 393–422 (2002)CrossRefGoogle Scholar
  2. 2.
    Althobaiti, O., Al-Rodhaan, M., Al-Dhelaan, A.: An efficient biometric authentication protocol for wireless sensor networks. International Journal of Distributed Sensor Networks 2013, Article ID 407971, 1–13 (2013), http://dx.doi.org/10.1155/2013/407971
  3. 3.
    Chatterjee, S., Das, A.K., Sing, J.K.: Analysis and Formal Security Verification of Access Control Schemes in Wireless Sensor Networks: A Critical Survey. Journal of Information Assurance and Security 8(1), 33–57 (2013)Google Scholar
  4. 4.
    Chatterjee, S., Das, A.K., Sing, J.K.: A survey on user access control in wireless sensor networks with formal security verification. International Journal of Trust Management in Computing and Communications (in press, 2014)Google Scholar
  5. 5.
    Chen, T.-H., Shih, W.-K.: A Robust Mutual Authentication Protocol for Wireless Sensor Networks. ETRI Journal 32(5), 704–712 (2010)CrossRefGoogle Scholar
  6. 6.
    Das, A.K.: A Survey on Analytic Studies of Key Distribution Mechanisms in Wireless Sensor Networks. Journal of Information Assurance and Security 5(5), 526–553 (2010)Google Scholar
  7. 7.
    Das, A.K., Chatterjee, S., Sing, J.K.: Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 243–254. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  8. 8.
    Das, A.K., Chatterjee, S., Sing, J.K.: A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks. Ad Hoc & Sensor Wireless Networks (in press, 2014)Google Scholar
  9. 9.
    Das, A.K., Sharma, P., Chatterjee, S., Sing, J.K.: A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications 35(5), 1646–1656 (2012)CrossRefGoogle Scholar
  10. 10.
    Das, M.L.: Two-Factor User Authentication in Wireless Sensor Networks. IEEE Transactions on Wireless Communications 8(3), 1086–1090 (2009)CrossRefGoogle Scholar
  11. 11.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)CrossRefMATHMathSciNetGoogle Scholar
  12. 12.
    Fan, R., Ping, L.-D., Fu, J.-Q., Pan, X.-Z.: A Secure and Efficient User Authentication Protocol for Two-Tieres Wireless Sensor Networks. In: Second Pacific-Asia Conference on Circuits, Communications and System (PACCS 2010), pp. 425–428 (2010)Google Scholar
  13. 13.
    He, D., Gao, Y., Chan, S., Chen, C., Bu, J.: An Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks. Ad Hoc & Sensor Wireless Networks 10(4), 361–371 (2010)Google Scholar
  14. 14.
    Khan, M.K., Alghathbar, K.: Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’. Sensors 10, 2450–2459 (2010)CrossRefGoogle Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Lee, C.-C., Li, C.-T., Chen, S.-D.: Two Attacks on a Two-Factor User Authentication in Wireless Sensor Networks. Parallel Processing Letters 21(1), 21–26 (2011)CrossRefMATHMathSciNetGoogle Scholar
  17. 17.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. Communications of the ACM 47(6), 53–57 (2004)CrossRefGoogle Scholar
  19. 19.
    Secure Hash Standard. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (April 1995)Google Scholar
  20. 20.
    Vaidya, B., Makrakis, D., Mouftah, H.T.: Improved Two-Factor User Authentication in Wireless Sensor Networks. In: Second International Workshop on Network Assurance and Security Services in Ubiquitous Environments, pp. 600–606 (2010)Google Scholar
  21. 21.
    Wang, D., Wang, P.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks (in press, 2014), http://dx.doi.org/10.1016/j.adhoc.2014.03.003
  22. 22.
    Wong, K., Zheng, Y., Cao, J., Wang, S.: A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE International Conf. Sensor Networks, Ubiquitous, Trustworthy Computing, pp. 244–251. IEEE Computer Society (2006)Google Scholar
  23. 23.
    Yuan, J., Jiang, C., Jiang, Z.: A Biometric-Based User Authentication for Wireless Sensor Networks. Wuhan University Journal of Natural Sciences 15(3), 272–276 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Ashok Kumar Das
    • 1
  1. 1.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia

Personalised recommendations