Abstract
User authentication with unlinkability is one of the corner stone services for many security and privacy services which are required to secure communications in wireless sensor networks (WSNs). Recently, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs, and claimed that their scheme achieves identity and password protection, and the resiliency of stolen smart card attacks. However, we observe that Xue et al.’s scheme is subject to identity guessing attack, tracking attack, privileged insider attack and weak stolen smart card attack. In order to fix the drawbacks, we propose an enhanced authentication scheme with unlinkability. Additionally, the proposed scheme further cuts the computational cost. Therefore, the proposed scheme not only remedies its security flaws but also improves its performance. It is more suitable for practical applications of WSNs than Xue et al.’s scheme.
Similar content being viewed by others
References
Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E (2002) Wireless sensor networks: a survey. Comput Netw 38(4):393–422
He S, Chen J, Cheng P, Gu J, He T, Sun Y (2012) Maintaining quality of sensing with actors in wireless sensor network. IEEE Trans Parallel Distrib Syst 23(9):1657–1667
He S, Chen J, Yau D, Sun Y (2012) Cross-layer optimization of correlated data gathering in wireless sensor networks. IEEE Trans Mob Comput 11(11):1678–1691
He S, Chen J, Li X, Shen X, Sun Y (2012) Leveraging prediction to improve the coverage of wireless sensor networks. IEEE Trans Parallel Distrib Syst 23(4):701–712
Li H, Lin X, Yang H, Liang X, Lu R, Shen X (2013) EPPDR: an efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Trans Parallel Distrib Syst. doi:10.1109/TPDS.2013.124
Zhu H, Du S, Gao Z, Dong M, Cao Z (2014) A probabilistic misbehavior detection scheme toward efficient trust establishment in delay-tolerant networks. IEEE Trans Parallel Distrib Syst 25(1):22–32
Gao Z, Zhu H, Li S, Du S, Li X (2012) Security and privacy of collaborative spectrum sensing in cognitive radio networks. IEEE Wirel Commun 19(6):106–112
Li H, Lu R, Zhou L, Yang B, Shen X (2013) An efficient Merkle tree based authentication scheme for smart grid. IEEE Syst J. doi:10.1109/JSYST.2013.2271537
Vaidya B, Rodrigues J, Park JH (2010) User authentication schemes with pseudonymity for ubiquitous sensor network in NGN. Int J Commun Syst 23(9–10):1201–1222
Das M (2009) Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 8(3):1086–1090
Nyang D, Lee M (2009) Improvement of Das’s two-factor authentication protocol in wireless sensor networks, http://eprint.iacr.org/2009/631.pdf
Khan M, Alghathbar K (2010) Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors 10(3):2450–2459
Chen TH, Shih WK (2010) A robust mutual authentication protocol for wireless sensor networks. ETRI J 32(5):704–712
Yeh H-L, Chen TH, Liu PC, Kim TH, Wei HW (2011) A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11(5):4767–4779
Kumar P et al (2011) RUASN: a robust user authentication framework for wireless sensor networks. Sensors 11(5):5020–5046
Jiang Q, Ma Z, Ma J, Li G (2012) Security enhancement of robust user authentication framework for wireless sensor networks. China Commun 9(10):103–111
Vaidya B, Makrakis D, Mouftah H (2012) Two-factor mutual authentication with key agreement in wireless sensor networks. Secur Commun Netw. doi:10.1002/sec.517
Das AK, Sharma P, Chatterjee S, Sing JK (2012) A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. J Netw Comput Appl 35(5):1646–1656
Yoo S G, Park K Y, Kim J (2012) A security-performance-balanced user authentication scheme for wireless sensor networks. Int J Distrib Sens Netw, Article ID 382810, 11 pages
Sun D, Li J, Feng Z, Cao Z, Xu G (2012) On the security and improvement of a two-factor user authentication scheme in wireless sensor networks. Pers Ubiquit Comput. doi:10.1007/s00779-012-0540-3
Xue K, Ma C, Hong P, Ding R (2013) A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J Netw Comput Appl 36(1):316–323
Kocher P, Jaffe J, Jun B (1999) Differential power analysis, In proceedings of 19th international advances in cryptology conference CRYPTO, Santa Barbara, CA, USA, pp 388–397
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Jiang Q, Ma J, Li G et al (2013) An enhanced authentication scheme with anonymity for roaming service in global mobility networks. Wirel Pers Commun 68(4):1477–1491
Wang Y (2012) Password protected smart card and memory stick authentication against off-line dictionary attacks. In: Gritzalis D, Furnell S, Theoharidou M (eds) SEC 2012, IFIP AICT, vol 376., pp 489–500
Wu S, Zhu Y, Pu Q (2012) Robust smart-cards-based user authentication scheme with user anonymity. Secur Commun Netw 5(2):236–248
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429
He D, Chen J, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995
Li X, Qiu W, Zheng D, Chen K, Li J (2010) Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 57(2):793–800
Ma CG, Wang D, Zhao SD (2012) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst. doi:10.1002/dac.2468
Yang G, Wong D, Wang H, Deng X (2008) Two-factor mutual authentication based on smart cards and passwords. J Comput Syst Sci 74(7):1160–1172
Juang W, Chen S, Liaw H (2008) Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans Ind Electron 55(6):2551–2556
Lee CC, Li CT, Chang RX (2012) A simple and efficient authentication scheme for mobile satellite communication systems. Int J Satell Commun Netw 30(1):29–38
Wu S, Pu Q, Kang F (2013) Practical authentication scheme for SIP. Peer-to-Peer Netw Appl 6(1):61–74
Pu Q, Wang J, Wu S, Fu J (2013) Secure verifier-based three-party password-authenticated key exchange. Peer-to-Peer Netw Appl 6(1):15–25
Acknowledgments
This work is supported by Supported by Program for Changjiang Scholars and Innovative Research Team in University (Program No. IRT1078), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (Program No. U1135002, 61100230, 61100233, 61202389, 61202390, 61372075), Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2012JQ8043, 2012JM8030), Fundamental Research Funds for the Central Universities (Program No. JB140302, K5051203015). The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, Q., Ma, J., Lu, X. et al. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 8, 1070–1081 (2015). https://doi.org/10.1007/s12083-014-0285-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-014-0285-z