Cryptanalysis of An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks
This work addresses security flaws in a scheme for wireless sensor networks, which are critical for applications like military and forest monitoring, but it is incremental as it critiques an existing method.
The paper identifies vulnerabilities in Li et al.'s 2013 temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks, showing it is susceptible to attacks such as offline password guessing and stolen smart card, and fails to ensure data privacy.
With the rapid advancement of wireless network technology, usage of WSN in real time applications like military, forest monitoring etc. found increasing. Generally WSN operate in an unattended environment and handles critical data. Authenticating the user trying to access the sensor memory is one of the critical requirements. Many researchers have proposed remote user authentication schemes focusing on various parameters. In 2013, Li et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. Li et al. claimed that their scheme is secure against all major cryptographic attacks and requires less computation cost due to usage of hash function instead encryption operations. Unfortunately, in this paper we will show that their scheme is vulnerable to offline password guessing attack, stolen smart card attack, leakage of password etc. and failure to provide data privacy.