论文信息 - Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”

Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”

Multi-server technology is widely utilized due to its enormous applicability in fields such as telecare medicine information system (TMIS), online shopping, remote surveillance, online banking, etc. However, a malicious attacker can perform various security attacks in the multi-server environments because he/she can easily modify, insert, inject, delete, and intercept exchanged messages over a public channel. Thus, secure authentication and key agreement (AKA) schemes are indispensable to provide useful services in multi-server environments. In 2020, Ali et al. presented a three-factor symmetric key based secure AKA scheme for privacy and security in multi-server environments. Ali et al. claimed that their scheme can prevent various security attacks, and also ensure secure authentication. However, this comment shows that Ali et al.’s scheme suffers from many drawbacks, including session key exposure, man-in-the-middle (MITM), and masquerade attacks. Moreover, their scheme fails to ensure mutual authentication. Thus, we suggest the necessary security guidelines to resolve the security threats of Ali et al.’s scheme.

Youngho Park | Sungjin Yu | Youngho Park | Sungjin Yu

[1] Ashok Kumar Das,et al. On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for Wireless Sensor Networks , 2020, IEEE Access.

[2] Danny Dolev,et al. On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[3] Ashok Kumar Das,et al. IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment , 2020, IEEE Access.

[4] Misbah Liaqat,et al. ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments , 2020, IEEE Access.

[5] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[6] Shehzad Ashraf Chaudhry,et al. Comments on “Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment” , 2019, IEEE Internet of Things Journal.

[7] YoungHo Park,et al. A Secure Lightweight Three-Factor Authentication Scheme for IoT in Cloud Computing Environment , 2019, Sensors.