A dynamic identity user authentication scheme in wireless sensor networks

Wireless sensor networks (WSNs) represent the next evolutionary development step in utilities, industrial, building, home, shipboard, and transportation systems automation. WSNs are easy to deploy and have wide range of applications. Therefore, in distributed and unattended locations, WSNs are deployed to allow a legitimated user to login to the network and access data. Consequently, the authentication between users and sensor nodes has become one of the important security issues. In 2009, M. L. Das proposed a two-factor authentication for WSNs. Based on one-way hash function and exclusive-OR operation, the scheme is well-suited for resource constrained environments. Later, Khan and Algahathbar pointed out the flaws and vulnerabilities of Das´s scheme and proposed an alternative scheme. However, Vaidya et al. found that both Das´s and Khan-Algahathbar´s schemes are vulnerable to various attacks including stolen smart card attacks. Further, Vaidya et al. proposed an improved two-factor user authentication to overcome the security weakness of both schemes. In this paper, we show that Vaidya et al.´s scheme still exposes to a malicious insider attack that seriously threatens the security of WSNs. We hope that by identifying this vulnerability, similar schemes can avoid these weaknesses.