- Contents lists available at ScienceDirect
Ad Hoc Networks - ADHOC 1019 No. of Pages 15, Model 3G
27 March 2014 - Ding Wang, ,Ping Wang
a b s t r a c t
Understanding security failures of cryptographic protocols is the key to both patching
existing protocols and designing future schemes. In this work, we investigate two recent
proposals in the area of smart-card-based password authentication for security-critical
real-time data access applications in hierarchical wireless sensor networks (HWSN). Firstly,
we analyze an efficient and DoS-resistant user authentication scheme introduced by Fan
et al. in 2011. This protocol is the first attempt to address the problems of user authenti-
cation in HWSN and only involves lightweight cryptographic primitives, such as one-
way hash function and XOR operations, and thus it is claimed to be suitable for the
resource-constrained HWSN environments. However, it actually has several security loop-
holes being overlooked, and we show it is vulnerable to user anonymity violation attack,
smart card security breach attack, sensor node capture attack and privileged insider attack,
as well as its other practical pitfalls. Then, A.K. Das et al.’s protocol is scrutinized, and we
point out that it cannot achieve the claimed security goals: (1) It is prone to smart card
security breach attack; (2) it fails to withstand privileged insider attack; and (3) it suffers
from the defect of server master key disclosure. Our cryptanalysis results discourage any
practical use of these two schemes and reveal some subtleties and challenges in designing
this type of schemes. Furthermore, using the above two foremost schemes as case studies,
we take a first step towards investigating the underlying rationale of the identified security
failures, putting forward three basic principles which we believe will be valuable to proto-
col designers for advancing more robust two-factor authentication schemes for HWSN in
the future.
دانلود مقاله Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks - انتشار 2014
