Revisiting a Multifactor Authentication Scheme in Industrial IoT

Nowadays, as one of the key applications of Internet of Things, Industry IoT (IIoT) has recently received significant attention and has facilitated our life. In IIoT environments, an amount of data generally requires to be transmitted between the user and sensing devices in an open channel. In order to ensure safe transmission of these data, it is necessary for the user and sensing devices to authenticate each other and establish a secure channel between them. Recently, a multifactor authenticated key agreement scheme for IIoT was proposed, which aims to tackle this problem and provide solutions for user multiple sensing devices’ access. This work claims that the proposed scheme is secure against vario us attacks and has less communication and computational costs than other existing related schemes. Unfortunately, we find that this scheme cannot resist smart card attack and sensing device capture attack. Furthermore, we show that this scheme fails to provide forward secrecy, which is essential for a secure multifactor authentication scheme.

Download Full-text

An anonymous SIP authenticated key agreement protocol based on elliptic curve cryptography

Mathematical Biosciences and Engineering ◽

10.3934/mbe.2022003 ◽

2021 ◽

Vol 19 (1) ◽

pp. 66-85

Author(s):

Yanrong Lu ◽

◽

Dawei Zhao ◽

Keyword(s):

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Key Agreement ◽

Internet Protocol ◽

Authentication Scheme ◽

Simulation Tool ◽

Authenticated Key Agreement ◽

Key Agreement Protocol ◽

Secure Authentication ◽

Key Compromise Impersonation

<abstract><p>Designing a secure authentication scheme for session initial protocol (SIP) over internet protocol (VoIP) networks remains challenging. In this paper, we revisit the protocol of Zhang, Tang and Zhu (2015) and reveal that the protocol is vulnerable to key-compromise impersonation attacks. We then propose a SIP authenticated key agreement protocol (AKAP) using elliptic curve cryptography (ECC). We demonstrate the correctness of the protocol using Burrows-Abadi-Needham (BAN), and its security using the AVISPA simulation tool. We also evaluate its performance against those of Zhang, Tang and Zhu, and others.</p></abstract>

Download Full-text

Remote User Authentication Scheme with Key Agreement Providing Forward Secrecy

Journal of Security Engineering ◽

10.14257/jse.2015.02.01 ◽

2015 ◽

Vol 12 (1) ◽

pp. 1-12

Author(s):

Hyunsung Kim

Keyword(s):

Key Agreement ◽

User Authentication ◽

Authentication Scheme ◽

Forward Secrecy ◽

Remote User Authentication ◽

User Authentication Scheme ◽

Remote User

Download Full-text

AN IMPROVEMENT OF REMOTE AUTHENTICATION AND KEY AGREEMENT SCHEMES

Journal of Circuits System and Computers ◽

10.1142/s0218126611007554 ◽

2011 ◽

Vol 20 (04) ◽

pp. 697-707 ◽

Cited By ~ 5

Author(s):

CHENG-CHI LEE ◽

CHUN-TA LI ◽

KUO-YOU HUANG ◽

SHIOW-YUAN HUANG

Keyword(s):

Key Agreement ◽

Authentication Scheme ◽

Authenticated Key Agreement ◽

Authentication And Key Agreement ◽

Remote Authentication

Recently, Shieh et al. have pointed out that Juang's password authenticated key agreement scheme and Chien et al.'s remote authentication scheme are vulnerable to some attacks. Therefore, they presented a modified protocol to avoid those attacks. However, the authors of this article shall show that Shieh et al.'s scheme and Juang's scheme have two weaknesses, respectively. Therefore, we shall improve the weaknesses of their schemes.

Download Full-text

An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication

IEEE Wireless Communications and Networking Conference, 2005 ◽

10.1109/wcnc.2005.1424840 ◽

2005 ◽

Cited By ~ 5

Author(s):

Ai-fen Sui ◽

L.C.K. Hui ◽

S.M. Yiu ◽

K.P. Chow ◽

W.W. Tsang ◽

...

Keyword(s):

Mobile Communication ◽

Key Agreement ◽

Forward Secrecy ◽

Authenticated Key Agreement ◽

Key Agreement Protocol ◽

Perfect Forward Secrecy ◽

Wireless Mobile Communication ◽

Wireless Mobile

Download Full-text

Secure Multi-factor Authenticated Key Agreement Scheme for Industrial IoT

IEEE Internet of Things Journal ◽

10.1109/jiot.2020.3024703 ◽

2020 ◽

pp. 1-1 ◽

Cited By ~ 1

Author(s):

R. Vinoth ◽

Lazarus Jegatha Deborah ◽

Pandi Vijayakumar ◽

Neeraj Kumar

Keyword(s):

Key Agreement ◽

Authenticated Key Agreement ◽

Industrial Iot

Download Full-text

Faster Authenticated Key Agreement With Perfect Forward Secrecy for Industrial Internet-of-Things

IEEE Transactions on Industrial Informatics ◽

10.1109/tii.2019.2963328 ◽

2020 ◽

Vol 16 (10) ◽

pp. 6584-6596 ◽

Cited By ~ 1

Author(s):

Zheng Yang ◽

Jun He ◽

Yangguang Tian ◽

Jianying Zhou

Keyword(s):

Internet Of Things ◽

Key Agreement ◽

Industrial Internet Of Things ◽

Forward Secrecy ◽

Authenticated Key Agreement ◽

Industrial Internet ◽

Perfect Forward Secrecy

Download Full-text

Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT

Symmetry ◽

10.3390/sym13101952 ◽

2021 ◽

Vol 13 (10) ◽

pp. 1952

Author(s):

Da-Zhi Sun

Keyword(s):

Key Agreement ◽

Remote Sensing Data ◽

Security And Privacy ◽

User Privacy ◽

Authenticated Key Agreement ◽

Authorized User ◽

Industrial Iot ◽

Iot Devices ◽

Hostile Environments

Vinoth et al. proposed an authenticated key agreement scheme for industrial IoT (Internet of Things) applications. Vinoth et al.’s scheme aimed to protect the remote sensing data of industrial IoT devices under hostile environments. The scheme is interesting because the authorized user is allowed simultaneously to access the multiple IoT sensing devices. Therefore, we carefully analyzed the security and privacy implications of Vinoth et al.’s scheme. Our findings are summarized as follows. One, Vinoth et al.’s scheme failed to defeat user impersonation attacks. Second, Vinoth et al.’s scheme did not prevent IoT sensing device impersonation attacks. Third, Vinoth et al.’s scheme suffered from replay attacks. Fourth, Vinoth et al.’s scheme was vulnerable to desynchronization attacks. Fifth, Vinoth et al.’s scheme could not maintain user privacy. As a case study, our analysis results enlighten researchers and engineers on the design of robust and efficient authenticated key agreement schemes for IoT applications.

Download Full-text