Comment on 'ElGamal cryptosystem-based secure authentication system for cloud-based IoT applications'

This comment is presented to identify the drawbacks in a recently demonstrated scheme by Maitra et al., SAS-Cloud: doi:, which adopted an ElGamal cryptosystem-based technique for biometric authentication in cloud-based IoT applications. In this protocol, the authors claim that their scheme provides mutual authentication. However, it is demonstrated in this article that the protocol merely supports unilateral authentication, which may result in clogging attack on the server's end. This is because the latter is unable to verify the authentication request in absolute terms, which might lead to resource clogging as well as denial of service attack affecting its Quality of Service (QoS).