In recent years, wireless sensor networks (WSNs), widely used in many fields, have attracted much attention due to the features of remote monitoring and wireless data transferring. Because the sensors of a WSN are deployed in an unattended area, user authentication schemes are significantly important. In 2010, Khan and Alghathbar took advantages of smart cards to enhance security for user authentication of WSNs. However, in this paper, we will show that Khan-Alghathbar’s scheme is vulnerable to offline password guessing attacks and denial of service attacks. Moreover, it does not provide user anonymity and it cannot achieve mutual authentication between users and sensor nodes. We then propose a novel scheme based on the quadratic residue theorem to overcome these security weaknesses. The proposed scheme not only preserves user ano-nymity, but also provides session key exchange.
Proceedings of 2011 Cross-Strait Conference on Information Science and Technology and iCube (CSCIST 2011 and iCube 2011)