Comments on “Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment”
Yükleniyor...
Tarih
2019
Yazarlar
Dergi Başlığı
Dergi ISSN
Cilt Başlığı
Yayıncı
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855-4141
Erişim Hakkı
info:eu-repo/semantics/openAccess
Attribution-NonCommercial-NoDerivs 3.0 United States
Attribution-NonCommercial-NoDerivs 3.0 United States
Özet
Very recently, Das et al. (IEEE Internet of Things Journal, pp. 4900–4913, 5(6), DOI: 10.1109/JIOT.2018.2877690, 2018) presented a biometric-based solution for security and privacy in Industrial Internet of Things architecture. Das et al. claimed that their protocol is secure against known attacks. However, this comment shows that their protocol is defenseless against stolen verifier, stolen smart device, and traceability attacks. The attacker having access to public parameters and any of the verifier and parameters stored in smart device can easily expose the session key shared among the user and the smart device. Moreover, their protocol fails to provide perfect forward secrecy. Finally, this article also provides some necessary guidelines on attack resilience for the authentication schemes based on merely the symmetric key primitives, which are overlooked by Das et al.
Açıklama
Anahtar Kelimeler
Industrial Internet of Things (IIoT), insider attack, perfect forward secrecy, secret key expose, stolen smart device, stolen verifier attack, key establishment
Kaynak
IEEE Internet of Things Journal
WoS Q Değeri
Q1
Scopus Q Değeri
Q1
Cilt
6
Sayı
6
