TWO ATTACKS ON A TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS

Recently, a secure two-factor user authentication scheme for wireless sensor networks (WSN) was proposed by Das. The proposed scheme can resist many logged in users with the same login identity, stolen-verifier, guessing, impersonation and replay threats. In this paper we study the two-factor user authentication scheme for WSN and find that the scheme is insecure against the masquerade attacks. With our masquerade attacks, an attacker can masquerade as any legal user to login the gateway node without knowing the user's password or can masquerade as a gateway node to communicate with the legal user at anytime.