Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
4955704 | Journal of Information Security and Applications | 2017 | 9 Pages |
Abstract
In 2014, TurkanoviÄ et al. applied the Internet of Things (IoT) notion to wireless sensor networks (WSNs) and proposed a user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks with lightweight computational operations. In 2015, Chang et al. find that TurkanoviÄ et al.'s scheme possesses two drawbacks that can be overcome with simple modification. After further analyzing TurkanoviÄ et al.'s scheme, we find that their scheme suffers from two fatal security flaws. First, user anonymity is not provided as claimed. Second, an attacker can obtain the session key shared between a normal sensor node and the user who has ever connected to a compromised sensor node. In this paper, we explicitly show the found security flaws and propose an improvement by taking the following into consideration: (1) user anonymity, (2) no complex computations, (3) mutual authentication between any two of a gateway node, a sensor node, and the user, (4) user friendly, and (5) ensuring the correctness of the session key earlier.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Tai Wei-Liang, Chang Ya-Fen, Li Wei-Han,