Cryptology ePrint Archive: Report 2009/631

Improvement of Das's Two-Factor Authentication Protocol in Wireless Sensor Networks

DaeHun Nyang and Mun-Kyu Lee

Abstract: User authentication is essential for customized services and privileged access control in wireless sensor network. In 2009, Das proposed a novel two-factor authentication scheme for wireless sensor network, where a user must prove the possession of both a password and a smart card. His scheme is well-designed for sensor nodes which typically have limited resources in the sense that its authentication procedure requires no public key operations but it utilizes only cryptographic hash function. In this letter, we point out that Das's protocol is vulnerable to an off-line password guessing attack, and also show a countermeasure to overcome the vulnerability without sacrificing any efficiency and usability. Besides the patch, we suggest a method to protect query response messages from wireless a sensor node to a user, which is necessary in serving a user in a confidential and authentic way.

Category / Keywords: applications / Wireless sensor network, authentication, password, smart card

Date: received 21 Dec 2009

Contact author: mklee at inha ac kr

Available format(s): PDF | BibTeX Citation

Version: 20091226:165426 (All versions of this report)

Short URL: ia.cr/2009/631

Discussion forum: Show discussion | Start new discussion