Cryptanalysis of an Efficient Biometric Authentication Protocol for Wireless Sensor Networks
In 2013, Althobaiti et al. proposed an efficient biometric-based user authentication scheme for wireless sensor networks. We analyze their scheme for the security against known attacks. Though their scheme is efficient in computation, in this paper we show that their scheme has some security pitfalls such as (1) it is not resilient against node capture attack, (2) it is insecure against impersonation attack, (3) it is insecure against man-in-the-middle attack, and (4) it is also insecure against privileged insider attack. Finally, we give some pointers for improving their scheme so that the designed scheme needs to be secure against various known attacks.
KeywordsWireless sensor networks User authentication Smart cards Biometrics Cryptanalysis
Unable to display preview. Download preview PDF.
- 2.Althobaiti, O., Al-Rodhaan, M., Al-Dhelaan, A.: An efficient biometric authentication protocol for wireless sensor networks. International Journal of Distributed Sensor Networks 2013, Article ID 407971, 1–13 (2013), http://dx.doi.org/10.1155/2013/407971
- 3.Chatterjee, S., Das, A.K., Sing, J.K.: Analysis and Formal Security Verification of Access Control Schemes in Wireless Sensor Networks: A Critical Survey. Journal of Information Assurance and Security 8(1), 33–57 (2013)Google Scholar
- 4.Chatterjee, S., Das, A.K., Sing, J.K.: A survey on user access control in wireless sensor networks with formal security verification. International Journal of Trust Management in Computing and Communications (in press, 2014)Google Scholar
- 6.Das, A.K.: A Survey on Analytic Studies of Key Distribution Mechanisms in Wireless Sensor Networks. Journal of Information Assurance and Security 5(5), 526–553 (2010)Google Scholar
- 7.Das, A.K., Chatterjee, S., Sing, J.K.: Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 243–254. Springer, Heidelberg (2013)CrossRefGoogle Scholar
- 8.Das, A.K., Chatterjee, S., Sing, J.K.: A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks. Ad Hoc & Sensor Wireless Networks (in press, 2014)Google Scholar
- 12.Fan, R., Ping, L.-D., Fu, J.-Q., Pan, X.-Z.: A Secure and Efficient User Authentication Protocol for Two-Tieres Wireless Sensor Networks. In: Second Pacific-Asia Conference on Circuits, Communications and System (PACCS 2010), pp. 425–428 (2010)Google Scholar
- 13.He, D., Gao, Y., Chan, S., Chen, C., Bu, J.: An Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks. Ad Hoc & Sensor Wireless Networks 10(4), 361–371 (2010)Google Scholar
- 19.Secure Hash Standard. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (April 1995)Google Scholar
- 20.Vaidya, B., Makrakis, D., Mouftah, H.T.: Improved Two-Factor User Authentication in Wireless Sensor Networks. In: Second International Workshop on Network Assurance and Security Services in Ubiquitous Environments, pp. 600–606 (2010)Google Scholar
- 21.Wang, D., Wang, P.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks (in press, 2014), http://dx.doi.org/10.1016/j.adhoc.2014.03.003
- 22.Wong, K., Zheng, Y., Cao, J., Wang, S.: A dynamic user authentication scheme for wireless sensor networks. In: Proceedings of IEEE International Conf. Sensor Networks, Ubiquitous, Trustworthy Computing, pp. 244–251. IEEE Computer Society (2006)Google Scholar