An Improved Two-Factor User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curve Cryptography

With the rapid development of wireless and mobile communication techniques, Wireless Sensor Networks (WSNs) have attracted great attention in recent years and have been widely used in practical applications, such as monitoring of ocean tsunami, detection of battlefield environment, entrance guard system, medical or science areas and even in our home life. A two-factor (password and smart card) user authentication has been widely used in WSNs to protect secure communications from unauthorized users. Recently, Yeh et al. proposed an ECC-based user authentication protocol for preventing all the security problems of the previous schemes. They claimed that their protocol preserves mutual authentication and protected from several attacks. However, in this article, we point out that Yeh et al.'s protocol cannot provide the protection against the private key disclosure attack, smart card lost problems, off-line password guessing attack, authentication key disclosure attack, session key disclosure attack and many logged-in users' attack. To remedy these security flaws, we propose an improved two-factor user authentication protocol, which covers all the identified weaknesses of Yeh et al.'s protocol and is more secure and efficient for practical WSN environments.