Int. J. Trust Management in Computing and Communications, Vol. 2, No. 3, 2014 259 Copyright © 2014 Inderscience Enterprises Ltd. A survey on user access control in wireless sensor networks with formal security verification Santanu Chatterjee Research Center Imarat, Defence Research and Development Organization, Hyderabad 500 069, India Email: santanu.chatterjee@rcilab.in Ashok Kumar Das* Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India Email: iitkgp.akdas@gmail.com Email: ashok.das@iiit.ac.in *Corresponding author Jamuna Kanta Sing Department of Computer Science and Engineering, Jadavpur University, Kolkata 700 032, India Email: jksing@ieee.org Abstract: User access control provides the permission to impose different access privileges for different types of authenticated users for accessing the sensing information directly from the sensor nodes inside a wireless sensor network (WSN). Until now, there have been ample number of user access control schemes proposed in the literature, and each scheme has its own merits and demerits. In this paper, we identify all the functionality features and security requirements, which must be satisfied for an ideal user access control scheme. We present and discuss the recently proposed important user access control schemes available so far in the literature. We critically analyse the energy, communication, computational overheads requirement, functionality and security analysis of the existing schemes. Further, we perform the formal security analysis of existing schemes using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool. All the existing schemes have some limitations. Hence, we feel that there is a strong need to design an ideal efficient user access control scheme in future, which should meet all the security requirements and achieve all the functionality features. Keywords: wireless sensor networks; WSNs; user access control; hash function; elliptic curve cryptography; ECC; security; automated validation of internet security protocols and applications; AVISPA; formal security verification.