Design issues of ``an anonymous authentication and key agreement protocol in smart living''

Zhengjun Cao; Lihua Liu

Paper 2024/1411

Design issues of ``an anonymous authentication and key agreement protocol in smart living''

Zhengjun Cao

Lihua Liu

Abstract

The Li et al.'s scheme [Computer Communications, 186 (2022), 110-120)] uses XOR operation to realize the private transmission of sensitive information, under the assumption that if only one parameter in the expression $a = b \oplus c$ is known, an adversary cannot retrieve the other two. The assumption neglects that the operands $b$ and $c$ must be of the same bit-length, which leads to the exposure of a substring in the longer operand. The scheme wrongly treats timestamps as random strings to encrypt a confidential parameter. These misuses result in the loss of sensor node's anonymity, the loss of user anonymity and untraceability, insecurity against off-line password guessing attack, and insecurity against impersonation attack. The analysis techniques developed in this note is helpful for the future works on designing such schemes.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Authentication Anonymity Key agreement Impersonation attack
Contact author(s): liulh @ shmtu edu cn
History: 2024-09-11: approved; 2024-09-10: received; See all versions
Short URL: https://ia.cr/2024/1411
License: CC0

BibTeX

@misc{cryptoeprint:2024/1411,
      author = {Zhengjun Cao and Lihua Liu},
      title = {Design issues of ``an anonymous authentication and key agreement protocol in smart living''},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1411},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1411}
}