Forward Secrecy Attack on Privacy Preserving Machine Authenticated Key Agreement for Internet of Things

Abstract

Internet of things (IoT) is to connect billions of devices and machines via Internet and to have a smart system. Sensors and devices in IoT environment are connected and communicated together. Connecting such a huge number of devices requires high level of security and privacy. A crucial characteristic of ubiquitous IoT devices is their limited resources. In recent times, a scheme for privacy-preserving machine authenticated key agreement scheme (PPMAKA) has been introduced for the IoT environment. It was argued that PPMAKA provides security and privacy at the same time including forward secrecy. Nevertheless, this paper will demonstrate that PPMAKA lacks forward secrecy, a crucial security and privacy feature in the IoT environment. We use Cannetti and Krawzyck threat model for the detailed analysis of PPMAKA. Furthermore, we provide remarks for the future research as it is recommendable to design any security and privacy schemes over IoT environments with lightweight operation and communication property, authenticated key agreement with forward secrecy, anonymity and unlinkability.

Received: 24 October 2023 | Revised: 14 November 2023 | Accepted: 1 December 2023

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.