Comments on “A Multi-factor User Authentication and Key Agreement Protocol Based on Bilinear Pairing for the Internet of Things”

Abstract

The Internet of Things (IoT) introduces a novel model for the future internet that aims to offer communication between numerous interactive objects via heterogeneous networks. The concept of IoT is that everything within the global network is interconnected and accessible. Although, the increasing use of IoT offers a lot of benefits but it also entails different privacy and security encounters which needs to be considered. One of the major security concerns is authentication of the user, which means that if a user wants to access IoT node then the user and IoT node must authenticate each other. Therefore, to ensure the security of the IoT paradigm, a number of multi-factor user authentication schemes have been proposed by many researchers. Very recently, Nikravan-Reza (Wirel Pers Commun, 2019. https://doi.org/10.1007/s11277-019-06869-y) proposed multi-factor user authentication and key agreement protocol for IoT environments. In their scheme, firstly the gateway authenticates the legitimacy of the user and then the user is authenticated by IoT node. In this comments paper, we reviewed their scheme and noticed that their scheme fails to withstand user and IoT node impersonation attacks. Moreover, their scheme does not offer security features that they have claimed in their paper. Since their scheme is vulnerable to various considerable security attacks, so it is not suitable for practical implementation.