A Secure Biometric-Based User Authentication Scheme for Heterogeneous WSN

The advancement of research on the Internet of Things (IoT) results in WSN to become an integral part of it, which results in, the users can access the sensor data from an insecure public communication channel. Remote user authentication and mutual authentication among the communicating entities are the critical requirements in WSN. Lots of researchers have proposed 2-factor and 3-factor authentication protocols to authenticate the user trying to access the sensor data. Recently A. K Das et al., proposed a biometric-based remote user authentication scheme using smart card, and claimed that their protocol achieves mutual authentication and resists all major cryptographic attacks. In this paper we will show that their scheme requires high computation cost for resource constrained sensor nodes and has several vulnerabilities, which includes failure to resist replay attack, user impersonation attack, failure to achieve mutual authentication and failure to provide data privacy. As a part of our contribution, we propose an improved authentication scheme which resists all major cryptographic attacks, with less computation cost compared to A. K Das et al., and other similar schemes.