A Note on ``Three-Factor Anonymous Authentication and Key Agreement Based on Fuzzy Biological Extraction for Industrial Internet of Things''

Zhengjun Cao; Lihua Liu

Paper 2024/1244

A Note on ``Three-Factor Anonymous Authentication and Key Agreement Based on Fuzzy Biological Extraction for Industrial Internet of Things''

Zhengjun Cao

Lihua Liu

Abstract

We show that the key agreement scheme [IEEE Trans. Serv. Comput. 16(4): 3000-3013, 2023] fails to keep user anonymity, not as claimed. The scheme simply acknowledges that user anonymity is equivalent to preventing user's identity from being recovered. But the true anonymity means that the adversary cannot attribute different sessions to target users. It relates to entity-distinguishable, not just identity-revealable. To the best of our knowledge, it is the first time to clarify the explicit signification of user anonymity.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Key agreement anonymity mutual authentication entity-distinguishable identity-revealable
Contact author(s): liulh @ shmtu edu cn
History: 2024-08-07: approved; 2024-08-06: received; See all versions
Short URL: https://ia.cr/2024/1244
License: CC0

BibTeX

@misc{cryptoeprint:2024/1244,
      author = {Zhengjun Cao and Lihua Liu},
      title = {A Note on ``Three-Factor Anonymous Authentication and Key Agreement Based on Fuzzy Biological Extraction for Industrial Internet of Things''},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1244},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1244}
}