Symmetry | |
Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT | |
Da-Zhi Sun1  | |
[1] Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing, Tianjin University, Tianjin 300350, China; | |
关键词: IoT; sensing networks; authentication; key agreement; impersonation attack; replay attack; | |
DOI : 10.3390/sym13101952 | |
来源: DOAJ |
【 摘 要 】
Vinoth et al. proposed an authenticated key agreement scheme for industrial IoT (Internet of Things) applications. Vinoth et al.’s scheme aimed to protect the remote sensing data of industrial IoT devices under hostile environments. The scheme is interesting because the authorized user is allowed simultaneously to access the multiple IoT sensing devices. Therefore, we carefully analyzed the security and privacy implications of Vinoth et al.’s scheme. Our findings are summarized as follows. One, Vinoth et al.’s scheme failed to defeat user impersonation attacks. Second, Vinoth et al.’s scheme did not prevent IoT sensing device impersonation attacks. Third, Vinoth et al.’s scheme suffered from replay attacks. Fourth, Vinoth et al.’s scheme was vulnerable to desynchronization attacks. Fifth, Vinoth et al.’s scheme could not maintain user privacy. As a case study, our analysis results enlighten researchers and engineers on the design of robust and efficient authenticated key agreement schemes for IoT applications.
【 授权许可】
Unknown