On the Security of a Lightweight and Secure Access Authentication Scheme for Both UE and mMTC Devices in 5G Networks

The Internet of Things (IoT) and 5G networks play important roles in the latest systems fomanaging and monitoring various types of data. These 5G based IoT environments collect varioudata in real-time using micro-sensors as IoT things devices and sends the collected data to a servefor further processing. In this scenario, a secure authentication and key agreement scheme is needeto ensure privacy when exchanging data between IoT nodes and the server. Recently, Cao et al. i“LSAA: A lightweight and secure access authentication scheme for both UE and mMTC devices in 5networks” presented a new authentication scheme to protect user privacy. They contend that thescheme not only prevents various protocol attacks, but also achieves mutual authentication, sessiokey security, unlinkability, and perfect forward/backward secrecy. This paper demonstrates criticsecurity weaknesses of their scheme using informal and formal (mathemati) analysis: it does noprevent a single point of failure and impersonation attacks. Further, their proposed scheme does noachieve mutual authentication and correctness of security assumptions, and we perform simulatioanalysis using a formal verification tool to its security flaws. To ensure attack resilience, we puforward some solutions that can assist constructing more secure and efficient access authenticatioscheme for 5G networks.