A DoS-resilient enhanced two-factor user authentication scheme in wireless sensor networks

Wireless sensor networks (WSNs) are appearing to be one of the most promising pervasive applications now. In some scenarios such as commercial building surveillance or military reconnaissance, WSNs meet a lot of challenges in security, among which, user authentication is one of the most crucial. Two-factor authentication has been used in WSNs since M. L. Das´s scheme in 2009, and has been attracting researchers´ interest because of its robustness and flexibility, which suits resource-constrained WSNs very well. However, lots of researchers pointed out diverse security flaws in two-factor authentication scheme and came up with their improved versions. In this paper, we show that few of the existing protocols are resilient to Denial of Service (DoS) attack. And under the scenario of capturing a sensor node, some security pitfalls including gateway impersonation attack and forgery attack still exist in existing protocols. Then we propose an enhanced two-factor user authentication scheme which employs two novel techniques: lightweight pre-authentication based on Merkle hash tree and personalized secret parameters for sensor nodes. Through analysis of security and performance, we show that our proposed scheme is equipped with more security features, especially protection from DoS attack launched not only by adversaries but also by greedy users, and resilience to gateway impersonation and sensor node forgery after sensor nodes are compromised. Moreover proposed scheme maintains an acceptable performance and could adapt dynamically to DoS attacking scenarios for designated applications of WSNs.