Two-factor user authentication is an important research issue for providing security and privacy in hierarchical wireless sensor networks (HWSNs). In 2012, Das, Sharma, Chatterjee and Sing proposed a dynamic password-based user authentication scheme for HWSNs. In this paper, we show weaknesses of Das et al.'s scheme such as failing to prevent user clone and disclosing of base station's secret key. Therefore, we suggest a simple countermeasure to prevent proposed attacks while the merits of Das, et al.'s authentication scheme are left unchanged.
International Journal of Security and its Applications,7(3),249-257.