Cryptanalysis and Improvement of an Enhanced Two-Factor User Authentication Scheme in Wireless Sensor Networks
In order to address the scenario in which the user wants to access the real-time data directly from the sensor node in wireless sensor networks (WSNs), Das proposed a two-factor authentication scheme. In 2010, Khan et al. pointed out that Das's scheme has some security flaws and proposed an improved scheme. Recently, Yuan demonstrated that Khan et at.'s improvement is still insure against several attacks. Yuan also proposed an enhanced two-factor user authentication scheme using user's biometrics to fix the security flaws in Khan et al.'s scheme. In this paper, we show that Yuan's scheme still suffers from the stolen smart card attack and the GW-node impersonation attack. Moreover, biometric keys are misused in Yuan's scheme such that even the valid user cannot pass the biometric verification. To remedy these problems, we propose an improved two-factor authenticated key distribution scheme based on fuzzy extractors. Security and performance analysis demonstrates that our scheme is more secure and efficient thanprevious schemes.