Formal Security Verification of a Dynamic Password-Based User Authentication Scheme for Hierarchical Wireless Sensor Networks

Abstract

In 2012, Das et al. proposed a new password-based user authentication scheme in hierarchical wireless sensor networks [Journal of Network and Computer Applications 35(5) (2012) 1646-1656]. The proposed scheme achieves better security and efficiency as compared to those for other existing password-based user authentication schemes proposed in the literature. This scheme supports to change dynamically the user's password locally at any time without contacting the base station or gateway node. This scheme also supports dynamic node addition after the initial deployment of nodes in the existing sensor network. In this paper, we simulate this proposed scheme for formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. AVISPA tool ensures that whether a protocol is insecure against possible passive and active attacks, including the replay and man-in-the-middle attacks. Using the AVISPA model checkers, we show that Das et al.'s scheme is secure against possible passive and active attacks. © Springer-Verlag Berlin Heidelberg 2013.