ON the security and improvement of a two-factor user authentication scheme in wireless sensor networks

User authentication is a basic security requirement during the deployment of the wireless sensor network (WSN), because it may operate in a rather hostile environment, such as a military battlefield. In 2010, Khan and Alghathbar (KA) found out that Das's two-factor user authentication scheme for WSNs is vulnerable to the gateway node (GW-node) bypassing attack and the privileged-insider attack. They further presented an improved scheme to overcome the security flaws of Das's scheme. However, in this paper, we show that KA's scheme still suffers from the GW-node impersonation attack, the GW-node bypassing attack, and the privileged-insider attack. Hence, to fix the security flaws in KA's scheme, we propose a new user authentication scheme for WSNs. The security of the user authentication session in the proposed scheme is reduced by the model of Bellare and Rogaway. The security of partial compromise of secrets in the proposed scheme is reduced and analyzed by our adversarial model. Based on the performance evaluation, the overall cost of the proposed scheme is less than that of KA's scheme. Hence, we believe that the proposed scheme is more suitable for real security applications than KA's scheme.