Cryptanalysis and Improvement in User Authentication and Key Agreement Scheme for Wireless Sensor Network

Turkanovic et al. (Ad Hoc Netw 20:96-112, 2014) proposed a user authentication and key agreement scheme based on the notion of the 'internet of things' for wireless sensor network. Authors claimed that their scheme is safe against various attacks. We found that this scheme fails against session key recovery attack. If an attacker has stolen the smartcard, he can easily obtain the session key generated between user and sensor node. In this paper, we shows that the attacker is able to compute the secret parameter , which is the used by a gateway during communication with others. Now the attacker can modify the first message that was send by the user to the sensor node. Finally, he breaks the complete system. We also provide few other insecurities and vulnerability to many attacks like offline password guessing attack, replay attack and impersonate attack etc. To remedy this, an enhanced scheme is also proposed to remove the flaws of the Turkanovic et al. scheme. The result and performance analysis of our proposed scheme shows that the new enhanced scheme provides high security with low computation, communication and storage overhead.