Authenticating remote users in wireless sensor networks (WSN) is an important security issue due to their un-attended and hostile deployments. Usually, sensor nodes are equipped with limited computing power, storage, and communication module, thus authenticating remote users in such resource-constrained environment is a critical security concern. Recently, M.L Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kind of attacks. However, in this paper, we prove that M.L Das-scheme has some critical security pitfalls and is not recommended for real application. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack.
展开▼