Cryptanalysis of the IoT notion-based Authentication and Key Agreement Scheme for Wireless Sensor Networks

In WSNs (Wireless Sensor Networks) that can be deployed for IoT (Internet of Things) applications,
secure and reliable user authentication and key agreement is an operational challenge and active research
area. Most recently, Tai et al. showed that the Turcanovi´c et al.’s scheme suffers from two
fatal security flaws; user anonymity violation and session key leakage using the compromised sensor
node. They then proposed an improvement of Turcanovi´c et al.’s scheme based on the IoT notion for
heterogeneous ad hoc WSNs by taking the following five factors into consideration: user anonymity,
no complex computations, mutual authentication, user friendly, and ensuring the correctness of the
session key earlier. However, we find that the Tai et al.’s scheme achieves user anonymity but does
not provide sensor node anonymity and mutual authentication between a user and a sensor node and
still has security problems. In this paper, we show the security problems of Tai et al.’s scheme in
details. We also briefly present the solutions of those problems.