Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks

Ad Hoc Networks

Volumn 20, Issue , 2014, Pages 1-15

  Wang, Ding ^a   Wang, Ping ^b  

^a PEKING UNIVERSITY   (China)

^b Ministry of Education   (China)

Author keywords

Hierarchical wireless sensor networks; Non tamper resistant; Password authentication; Smart card; User anonymity

Indexed keywords

CRYPTOGRAPHY; SENSOR NODES; SMART CARDS;

CRYPTOGRAPHIC PRIMITIVES; CRYPTOGRAPHIC PROTOCOLS; HIERARCHICAL WIRELESS SENSOR NETWORKS; NON-TAMPER RESISTANTS; PASSWORD AUTHENTICATION; TWO FACTOR AUTHENTICATION; USER ANONYMITY; USER AUTHENTICATION SCHEME;

AUTHENTICATION;

EID: 84901198272     PISSN: 15708705     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.adhoc.2014.03.003     Document Type: Article

References (87)

1. Y. Cheng, and D. Agrawal An improved key distribution mechanism for large-scale hierarchical wireless sensor networks Ad Hoc Networks 5 1 2007 35 48
2. Y. Zhao, Y. Zhang, Z. Qin, and T. Znati A co-commitment based secure data collection scheme for tiered wireless sensor networks J. Syst. Archit. 57 6 2011 655 662
3. G. Maia, D. Guidoni, A. Viana, A. Aquino, R. Mini, and A. Loureiro A distributed data storage protocol for heterogeneous wireless sensor networks with mobile sinks Ad Hoc Networks 11 5 2013 1588 1602
4. R. Fan, D. He, X. Pan, and L. Ping An efficient and dos-resistant user authentication scheme for two-tiered wireless sensor networks J. Zhejiang Univ. - Sci. C 12 7 2011 550 560
5. A.K. Das, P. Sharma, S. Chatterjee, and J.K. Sing A dynamic password-based user authentication scheme for hierarchical wireless sensor networks J. Network Comput. Appl. 35 52 2012 1646 1656
6. T.H. Chen, and W.K. Shih A robust mutual authentication protocol for wireless sensor networks ETRI J. 32 5 2010 704 712
7. M.K. Khan, and K. Alghathbar Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks Sensors 10 3 2010 2450 2459
8. D. He, Y. Gao, S. Chan, C. Chen, and J. Bu An enhanced two-factor user authentication scheme in wireless sensor networks Ad Hoc Sensor Wireless Networks 10 4 2010 361 371
9. H. Yeh, T. Chen, P. Liu, T. Kim, and H. Wei A secured authentication protocol for wireless sensor networks using elliptic curves cryptography Sensors 11 5 2011 4767 4779
10. C.-C. Lee, C.-T. Li, and S. der Chen Two attacks on a two-factor user authentication in wireless sensor networks Parallel Process. Lett. 21 1 2011 21 26
11. P. Kumar, and H. Lee Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks Wireless Advanced 2011 IEEE 241 245
12. D. Sun, J. Li, Z. Feng, Z. Cao, and G. Xu On the security and improvement of a two-factor user authentication scheme in wireless sensor networks Pers. Ubiquitous Comput. 17 5 2013 895 905
13. Q. Jiang, Z. Ma, J.F. Ma, and G. Li Security enhancement of robust user authentication framework for wireless sensor networks China Commun. 9 10 2012 103 111
14. G.M. Yang, D.S. Wong, H.X. Wang, and X.T. Deng Two-factor mutual authentication based on smart cards and passwords J. Comput. Syst. Sci. 74 7 2008 1160 1172
15. P. Kumar, A.J. Choudhury, M. Sain, S.M. Lee, and H.J. Lee Ruasn: A robust user authentication framework for wireless sensor networks Sensors 11 5 2011 5020 5046
16. P. Kumar, S.-G. Lee, and H.-J. Lee E-sap: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks Sensors 12 2 2012 1625 1647
17. K. Xue, C. Ma, P. Hong, and R. Ding A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks J. Network Comput. Appl. 36 1 2013 316 323
18. J. Shi, R. Zhang, and Y. Zhang Secure range queries in tiered sensor networks Proceedings of 28th IEEE Conference on Computer Communications (INFOCOM 2009) 2009 IEEE 945 953
19. M. Chatterjee, S.K. Das, and D. Turgut WCA: A weighted clustering algorithm for mobile ad hoc networks Cluster Comput. 5 2 2002 193 204
20. J. Ai, D. Turgut, and L. Boloni A cluster-based energy balancing scheme in heterogeneous wireless sensor networks P. Lorenz, P. Dini, International Conference on Networking (ICN 2005) LNCS vol. 3420 2005 Springer Berlin Heidelberg 467 474
21. A. Bari, S. Wazed, A. Jaekel, and S. Bandyopadhyay A genetic algorithm based approach for energy efficient routing in two-tiered sensor networks Ad Hoc Networks 7 4 2009 665 676
22. D. Wang, P. Wang, J. Liu, Improved privacy-preserving authentication scheme for roaming service in mobile networks, in: Proceedings of 15th IEEE Wireless Communications and Networking Conference (WCNC 2014), 2014, pp. 1-6. < http://wangdingg.weebly.com/uploads/2/0/3/6/20366987/wcnc2014.pdf >.
23. S.G. Yoo, K.Y. Park, and J. Kim A security-performance-balanced user authentication scheme for wireless sensor networks Int. J. Distrib. Sensor Networks 2012 10.1155/2012/38281
24. B. Vaidya, D. Makrakis, and H. Mouftah Two-factor mutual authentication with key agreement in wireless sensor networks Secur. Commun. Networks 2012 10.1002/sec.51
25. D. Wang, C.-G. Ma, On the (in)security of some Smart-card-based Password Authentication Schemes for WSN, Cryptology ePrint Archive, Report 2012/581, 2012. < http://eprint.iacr.org/2012/581.pdf >.
26. T.S. Messerges, E.A. Dabbish, and R.H. Sloan Examining smart-card security under the threat of power analysis attacks IEEE Trans. Comput. 51 5 2002 541 552
27. S. Mangard, E. Oswald, and T. Popp Power Analysis Attacks: Revealing the Secrets of Smart Cards 2007 Springer-Verlag
28. N. Veyrat-Charvillon, and F.-X. Standaert Generic side-channel distinguishers: improvements and limitations P. Rogaway, CRYPTO 2011 LNCS vol. 6841 2011 Springer Berlin/Heidelberg 354 372
29. T.H. Kim, C. Kim, and I. Park Side channel analysis attacks using AM demodulation on commercial smart cards with SEED J. Syst. Softw. 85 12 2012 2899 2908
30. X. Leroy, Smart Card Security from a Programming Language and Static Analysis Perspective, INRIA Rocquencourt & trusted logic, Tecnical Report, 2013. < http://pauillac.inria.fr/xleroy/talks/language-security-etaps03.pdf >.
31. K. Nohl, D. Evans, S. Starbug, and H. Plötz Reverse-engineering a cryptographic RFID tag Proceedings of the 17th USENIX Security symposium (USENIX Security 2008) 2008 USENIX Association 185 193
32. D. Wang, and P. Wang Offline dictionary attack on password authentication schemes using smart cards Y. Desmedt, B. Thuraisingham, K. Hamlen, Proceedings of 16th Information Security Conference (ISC 2013) Lecture Notes in Computer Science 2013 Springer-Verlag 1 16 < http://wangdingg.weebly.com/uploads/2/0/ 3/6/20366987/isc2013.pdf >
33. D. Dolev, and A. Yao On the security of public key protocols IEEE Trans. Inform. Theory 29 2 1983 198 208
34. D. Florencio, and C. Herley A large-scale study of web password habits Proceedings of the 16th international conference on World Wide Web (WWW 2007) 2007 ACM 657 666
35. J. Bonneau The science of guessing: analyzing an anonymized corpus of 70 million passwords 33th IEEE Symposium on Security and Privacy (S&P 2012) 2012 IEEE Computer Society 538 552
36. M. Dell'Amico, P. Michiardi, Y. Roudier, Password strength: an empirical analysis, in: Proceedings of 29th IEEE Conference on Computer Communications (INFOCOM 2010). IEEE Communications Society, 2010, pp. 1-9.
37. S. Komanduri, R. Shay, P.G. Kelley, and M.L. Mazurek Of passwords and people: measuring the effect of password-composition policies Proceedings of the 22th ACM SIGCHI Conference on Human Factors in Computing Systems (CHI 2011) 2011 ACM 2595 2604
38. J. Campbell, W. Ma, and D. Kleeman Impact of restrictive composition policy on user password choices Behav. Inform. Technol. 30 3 2011 379 388
39. M. Weir, S. Aggarwal, M. Collins, and H. Stern Testing metrics for password creation policies by attacking large sets of revealed passwords Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010) 2010 ACM 162 175
40. P.G. Kelley, S. Komanduri, and M.L. Mazurek Guess again (and again and again): measuring password strength by simulating password-cracking algorithms 33th IEEE Symposium on Security and Privacy (S&P 2012) 2012 IEEE Computer Society 523 537
41. J. Bonneau, M. Just, and G. Matthews Whats in a name? R. Sion, Proceedings of the 14th International Conference on Financial Cryptography and Data Security (FC 2010) LNCS vol. 6052 2010 Springer Berlin/Heidelberg 98 113
42. F. Bao, and R. Deng Privacy protection for transactions of digital goods S. Qing, T. Okamoto, J. Zhou, ICICS 2001 LNCS vol. 2229 2001 Springer Berlin/Heidelberg 202 213
43. X. Li, W. Qiu, D. Zheng, K. Chen, and J. Li Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards IEEE Trans. Indust. Electron. 57 2 2010 793 800
44. C. Tang, and D. Wu Mobile privacy in wireless networks-revisited IEEE Trans. Wireless Commun. 7 3 2008 1035 1042
45. M.L. Das, A. Saxena, and V.P. Gulati A dynamic id-based remote user authentication scheme IEEE Trans. Consumer Electron. 50 2 2004 629 631
46. R. Madhusudhan, and R.C. Mittal Dynamic id-based remote user password authentication schemes using smart cards: a review J. Network Comput. Appl. 35 4 2012 1235 1248
47. D. Wang, C.G. Ma, and P. Wu Secure password-based remote user authentication scheme with non-tamper resistant smart cards N. Cuppens-Boulahia, F. Cuppens, J. Garcia-Alfaro, Proceedings of the 26th Annual IFIP Conference on Data and Applications Security and Privacy (DBSec 2012) LNCS vol. 7371 2012 Springer Berlin/Heidelberg 114 121
48. D. He, J. Bu, S. Zhu, S. Chan, and C. Chen Distributed access control with privacy support in wireless sensor networks IEEE Trans. Wireless Commun. 10 10 2011 3472 3481
49. Y. Yu, K. Li, W. Zhou, and P. Li Trust mechanisms in wireless sensor networks: attack analysis and countermeasures J. Network Comput. Appl. 35 3 2012 867 880
50. J. Duan, D. Gao, C. Foh, and H. Zhang Tc-bac: A trust and centrality degree based access control model in wireless sensor networks Ad Hoc Networks 11 8 2013 2675 2692
51. Miracl library, Shamus Software Ltd. < http://www.shamus.ie/index.php? page=home >.
52. J. Katz, R. Ostrovsky, and M. Yung Efficient and secure authenticated key exchange using weak passwords J. ACM 57 1 2009 1 39
53. R. Shay, S. Komanduri, and P.G. Kelley Encountering stronger password requirements: user attitudes and behaviors Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS 2010) 2010 ACM New York, NY, USA 1 10
54. S. Haque, and M. Wright A study of user password strategy for multiple accounts Proceedings of the Third ACM Conference on Data and Application Security and Privacy (CODASPY 2013) 2013 ACM 173 176
55. T.H. Chen, Y.C. Chen, W.K. Shih, and H.W. Wei An efficient anonymous authentication protocol for mobile pay-tv J. Network Comput. Appl. 34 4 2011 1131 1137
56. D. He, S. Wu, and J. Chen Note on design of improved password authentication and update scheme based on elliptic curve cryptography Math. Comput. Model. 55 3 2012 1661 1664
57. B. Vaidya, D. Makrakis, and H. Mouftah Improved two-factor user authentication in wireless sensor networks Proeedings of IEEE 6th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2010) 2010 IEEE 600 606
58. M.L. Das Two-factor user authentication in wireless sensor networks IEEE Trans. Wireless Commun. 8 3 2009 1086 1090
59. S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady Security in embedded systems: design challenges ACM Trans. Embed. Comput. Syst. 3 3 2004 461 491
60. C.-T. Li, C.-Y. Weng, and C.-C. Lee An advanced temporal credential-based security scheme with mutual authentication and key agreement for WSNs Sensors 13 8 2013 9589 9603
61. P. Kumar, A. Gurtov, M. Ylianttila, S.-G. Lee, and H. Lee A strong authentication scheme with user privacy for wireless sensor networks ETRI J. 35 5 2013 889 899
62. D. Wang, and C.G. Ma Cryptanalysis of a remote user authentication scheme with provable security for mobile client-server environment based on ECC Inform. Fusion 14 4 2013 498 503
63. C.G. Ma, D. Wang, and S.D. Zhao Security flaws in two improved remote user authentication schemes using smart cards Int. J. Commun. Syst. 2012 10.1002/dac.2468
64. D. Wang, and C. Ma Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards Elsevier J. China Univ. Posts Telecommun. 19 5 2012 104 114
65. D. Wang, C.G. Ma, S. Zhao, and C. Zhou Cryptanalysis of two dynamic id-based remote user authentication schemes for multi-server architecture L. Xu, E. Bertino, Y. Mu, Proceedings of the 6th International Conference on Network and System Security (NSS 2012) LNCS vol. 7645 2012 Springer Berlin/Heidelberg 462 475
66. M.K. Khan, S. Kim, and K. Alghathbar Cryptanalysis and security enhancement of a 'more efficient and secure dynamic id-based remote user authentication scheme' Comput. Commun. 34 3 2011 305 309
67. S. Sood, A. Sarje, and K. Singh A secure dynamic identity based authentication protocol for multi-server architecture J. Network Comput. Appl. 34 2 2011 609 618
68. X. Li, Y. Xiong, J. Ma, and W. Wang An enhanced and security dynamic identity based authentication protocol for multi-server architecture using smart cards J. Network Comput. Appl. 35 2 2012 763 769
69. T.-C. Hsiao, Y.-T. Liao, J.-Y. Huang, T.-S. Chen, and G.-B. Horng An authentication scheme to healthcare security under wireless sensor networks J. Med. Syst. 36 6 2012 3649 3664
70. D.B. He, and H. Hu Cryptanalysis of a dynamic id-based remote user authentication scheme with access control for multi-server environments IEICE Trans. Inform. Syst. 96 1 2013 138 140
71. M.K. Khan, and D.B. He A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography Secur. Commun. Networks 5 11 2012 1260 1266
72. J.-J. Yuan An enhanced two-factor user authentication in wireless sensor networks Telecommun. Syst. 2013 10.1007/s11235-013-9755-5
73. A.S. Wander, N. Gura, H. Eberle, V. Gupta, and S.C. Shantz Energy analysis of public-key cryptography for wireless sensor networks Third IEEE International Conference on Pervasive Computing and Communications (PerCom 2005) 2005 IEEE 324 328
74. A. Liu, and P. Ning Tinyecc: A configurable library for elliptic curve cryptography in wireless sensor networks Proceedings of the 7th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN 2008) 2008 IEEE 245 256
75. M. Hutter, and E. Wenger Fast multi-precision multiplication for public-key cryptography on embedded microprocessors B. Preneel, T. Takagi, Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2011) LNCS vol. 6917 2011 Springer Berlin/Heidelberg 459 474
76. D.B. He An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings Ad Hoc Networks 10 6 2012 1009 1016
77. F. Zhu, D. Wong, A. Chan, and R. Ye Password authenticated key exchange based on RSA for imbalanced wireless networks Proceedings of 5th Information Security Conference (ISC 2002) LNCS vol. 2433 2002 Springer-Verlag 150 161
78. I.-E. Liao, C.-C. Lee, and M.-S. Hwang A password authentication scheme over insecure networks J. Comput. Syst. Sci. 72 4 2006 727 740
79. M. Turkanovic, and M. Holbl An improved dynamic password-based user authentication scheme for hierarchical wireless sensor networks Electron. Electr. Eng. 19 6 2013 109 116
80. X. Li, J. Niu, M.K. Khan, and J. Liao An enhanced smart card based remote user password authentication scheme J. Network Comput. Appl. 2013 10.1016/j.jnca.2013.02.034
81. R. Maharana, An Improved User Authentication Protocol for Hierarchical Wireless Sensor Networks using Elliptic Curve Cryptography, Master's Thesis, National Institute of Technology Rourkela, India, 2013.
82. D. Wang, C.G. Ma, P. Wang and Z. Chen, Robust Smart Card based Password Authentication Scheme Against Smart Card Security Breach, Cryptology ePrint Archive, Report 2012/439, 2012. < http://eprint.iacr.org/2012/439.pdf >.
83. B. Pinkas, and T. Sander Securing passwords against dictionary attacks Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002) 2002 ACM 161 170
84. W. Burr, D. Dodson, R. Perlner, W. Polk, S. Gupta, E. Nabbus, NIST 800-63-1: NIST Special Publication 800-63-1 Electronic Authentication Guideline, Tech. Rep., National Institute of Standards and Technology, Gaithersburg, MD, December 2011.
85. S.H. Wu, Y.F. Zhu, and Q. Pu Robust smart-cards-based user authentication scheme with user anonymity Secur. Commun. Networks 5 2 2012 236 248
86. M. Bellare, and P. Rogaway Entity authentication and key distribution D. Stinson, Advances in Cryptology - CRYPTO'93 LNCS vol. 773 1994 Springer Berlin/Heidelberg 232 249
87. C. Herley, and P. Van Oorschot A research agenda acknowledging the persistence of passwords IEEE Secur. Privacy 10 1 2012 28 36