Cryptanalysis on Privacy-aware two-factor Authentication Protocol for Wireless Sensor Networks
<span>Das first proposed two-factor authentication combining the smart card and password to resolve the security problems of wireless sensor networks (WSNs). After that, various researchers studied two-factor authentication suitable for WSNs. In user authentication protocols based on the symmetric key approach, a number of elliptic curve cryptography (ECC)-based authentication protocols have been proposed. To resolve the security and efficiency problems of ECC-based two-factor authentication protocols, Jiang <em>et al</em>. proposed a privacy-aware two-factor authentication protocol based on ECC for WSNs. However, this paper performs a vulnerability analysis on Jiang <em>et al</em>.’s authentication protocol and shows that it has security problems, such as a lack of mutual authentication, a risk of SID modification and DoS attacks, a lack of sensor anonymity, and weak ID anonymity.</span>