This paper looks at security problems with current systems that use multiple servers and Internet-connected devices.
Authors
N V S S Prabhakar, Department of Mathematics GIS, GITAM Deemed to be University, Visakhapatnam, Andhra Pradesh, India
Surendra Talari, Department of Mathematics GIS, GITAM Deemed to be University, Visakhapatnam, Andhra Pradesh, India
Srinivas Jangirala, Associate Professor, Jindal Global Business School, O.P. Jindal Global University, Sonipat, Haryana, India
Prasad Vangapa, Department of Mathematics GIS, GITAM Deemed to be University, Visakhapatnam, Andhra Pradesh, India
Summary
This paper delves into the critical security and privacy challenges associated with the integration of Multi-Server architecture with IoT devices to enhance authentication solutions. Our focus revolves around the examination of protocols proposed by Kumar and Om and Haq et al. Through an in-depth cryptanalysis of these schemes, we uncover vulnerabilities and limitations, elucidating their susceptibility to various security failures.
Kumar and Om’s scheme is revealed to be susceptible to issues such as incorrect login features, vulnerability to traceability attacks, and a lack of forward secrecy, along with the potential leakage of temporary information. In the case of Haq et al.’s scheme, identified weaknesses include compromises in user privacy and susceptibility to key compromise impersonation attacks.
The paper underscores the paramount importance of mutual authentication between users and application servers, coupled with the negotiation of session keys to thwart key compromise impersonation attacks. In light of these findings, the paper advocates for the development of a novel, efficient, and secure multi-server authenticated key agreement scheme. Such a scheme should not only address existing security concerns but also be adaptable to diverse environments, including multi-application server scenarios and practical applications such as the Internet of Things, medical IoT, and smart homes.
Published in: 2024 4th International Conference on Intelligent Technologies (CONIT)
To read the full article, please click here.
