TY - GEN
T1 - A Security Analysis of "A Privacy-Preserving Three-Factor Authentication System for IoT-Enabled Wireless Sensor Networks"
AU - Son, Seunghwan
AU - Kwon, Deok Kyu
AU - Park, Youngho
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Wireless sensor network (WSN) is a main component of the internet of things (IoT) technology, it can be predicted to apply in various areas including smart city, smart home, healthcare, vehicular network, and so on. However, in WSN environments, sensors and data users communicate wirelessly and it can be prone to malicious attacks such as forgery, impersonation, denial-of-service. Therefore, many researchers have proposed to establish a session key securely in WSN environments. In 2024, Thakur et al. designed a three-factor based authentication protocol for IoT-enabled WSNs. They indicated that Sahoo et al.'s protocol has weaknesses, and therefore, they suggested an enhanced scheme that resolved the previous security weaknesses. Nevertheless, we reviewed Thakur et al.'s scheme and we analyze that their scheme fails to support mutual authentication and does not provide perfert forward secrecy. Furthermore, their scheme is also prone to DoS attack because of lack of mutual authentication. We provide a detailed analysis of Thakur et al.'s scheme and propose countermeasures to address them.
AB - Wireless sensor network (WSN) is a main component of the internet of things (IoT) technology, it can be predicted to apply in various areas including smart city, smart home, healthcare, vehicular network, and so on. However, in WSN environments, sensors and data users communicate wirelessly and it can be prone to malicious attacks such as forgery, impersonation, denial-of-service. Therefore, many researchers have proposed to establish a session key securely in WSN environments. In 2024, Thakur et al. designed a three-factor based authentication protocol for IoT-enabled WSNs. They indicated that Sahoo et al.'s protocol has weaknesses, and therefore, they suggested an enhanced scheme that resolved the previous security weaknesses. Nevertheless, we reviewed Thakur et al.'s scheme and we analyze that their scheme fails to support mutual authentication and does not provide perfert forward secrecy. Furthermore, their scheme is also prone to DoS attack because of lack of mutual authentication. We provide a detailed analysis of Thakur et al.'s scheme and propose countermeasures to address them.
KW - Internet of Things (IoT)
KW - mutual authentication
KW - security
KW - sensor
KW - wireless sensors networks (WSNs)
UR - https://www.scopus.com/pages/publications/105005714542
U2 - 10.1109/ICOIN63865.2025.10993149
DO - 10.1109/ICOIN63865.2025.10993149
M3 - Conference contribution
AN - SCOPUS:105005714542
T3 - International Conference on Information Networking
SP - 291
EP - 295
BT - 39th International Conference on Information Networking, ICOIN 2025
PB - IEEE Computer Society
T2 - 39th International Conference on Information Networking, ICOIN 2025
Y2 - 15 January 2025 through 17 January 2025
ER -
