Comments on “Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment”
Özet
Very recently, Das et al. (IEEE Internet of Things
Journal, pp. 4900–4913, 5(6), DOI: 10.1109/JIOT.2018.2877690,
2018) presented a biometric-based solution for security and privacy in Industrial Internet of Things architecture. Das et al.
claimed that their protocol is secure against known attacks.
However, this comment shows that their protocol is defenseless against stolen verifier, stolen smart device, and traceability
attacks. The attacker having access to public parameters and any
of the verifier and parameters stored in smart device can easily
expose the session key shared among the user and the smart
device. Moreover, their protocol fails to provide perfect forward
secrecy. Finally, this article also provides some necessary guidelines on attack resilience for the authentication schemes based
on merely the symmetric key primitives, which are overlooked
by Das et al.
Cilt
6Sayı
6Bağlantı
https://hdl.handle.net/11363/6335Koleksiyonlar
Aşağıdaki lisans dosyası bu öğe ile ilişkilidir: