Skip to Main Content
In 2009, M. L. Das has proposed a two-factor user authentication scheme for wireless sensor networks, where each user proves his/her legitimacy using password and smart card. Later, in 2010, He et al.'s demonstrated that M. L. Das protocol suffers from insider attack, impersonation attack and users cannot change their password. Then they proposed enhanced two-factor protocol that copes to the Das's protocol weaknesses. In the same year, Khan-Alghathbar pointed out that Das's protocol is suffered from gateway-bypass attack, and no mutual authentication between the sensor node and the gateway. Then Khan-Alghathbar proposed security improvement on Das's scheme. In this paper, we show that: (1) He et al.'s scheme is susceptible to information leakage attack, and cannot preserve user anonymity, no mutual authentication between the sensor and the user, and does not establish the session key between the user and the sensor node; (2) Khan-Alghathbar scheme does not provide mutual authentication between the sensor and the user, and does not establish the session key between the user and the sensor node, and no confidentiality to their air messages.