Improved two-factor user authentication in wireless sensor networks

Wireless sensor networks (WSNs) are considered due to the ubiquitous nature, ease of deployment, and wide range of possible applications. WSNs can be deployed in unattended environments, where a registered user can login to the network and access data collected by the linked sensors. Authenticating users in resource constrained environments is one of the major security concerns. Since sensor nodes have limited resources and computation power, it is desirable that the authentication protocol is simple and efficient. In 2009, M. L. Das proposed a two-factor authentication for WSNs, where a user has to prove possession of both, a password and a smart card. Since his scheme utilizes only cryptographic one-way hash function and exclusive-OR operation, it is well-suited for resource constrained environments. However, Khan and Algahathbar pointed out that Das´s scheme has some flaws and is vulnerable to various attacks and proposed an alternative solution. In this paper, we show that both, Das´s and Khan-Algahathbar´s schemes have flaws and remain vulnerable to various attacks including stolen smart card attacks. To overcome the security weaknesses of both schemes, we propose an improved two-factor user authentication that is resilient to stolen smart card attacks as well as other common types of attacks. We provide security evaluation of the proposed protocols showing its robustness to various attacks and analyzed the scheme´s performance to determine its efficiency. Compared to the previous schemes, it is proven more robust and provides better security.