In modern, wireless sensor networks (WSNs) stand for the next evolutionary and innovative development step in utilities, industrial, building, home, shipboard, and transportation systems automation. The feature of WSNs is easy to deploy and has wide range of applications. Therefore, in distributed and unattended locations, WSNs are deployed to allow a legitimated user to login to the network and access data. Consequently, the authentication between users and sensor nodes has become one of the important security issues. In 2009, M. L. Das proposed a two-factor authentication for WSNs. Based on one-way hash function and exclusive-OR operation, the scheme is well-suited for resource constrained environments. Later, Khan and Algahathbar pointed out the flaws and vulnerabilities of Das%26apos;s scheme and proposed an alternative scheme. However, Vaidya et al. found that both Das%26apos;s and Khan-Algahathbar%26apos;s schemes are vulnerable to various attacks including stolen smart card attacks. Further, Vaidya et al. proposed an improved two-factor user authentication to overcome the security weakness of both schemes. In this paper, we show that Vaidya et al.%26apos;s scheme still exposes to a malicious insider attack that seriously threatens the security of WSNs. Furthermore, we propose an improve scheme that mends those vulnerabilities.

• 出版日期2014-7