ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments

Abstract: A variety of three-factor smart-card based schemes, specifically designed for telecare medicine information systems (TMIS) are available for remote user authentication. Most of the existing schemes for TMIS are customarily proposed for the single server-based environments and in a single-server environment. Therefore, there is a need for patients to distinctly register and login with each server to employ distinct services, so it escalates the overhead of keeping the cards and memorizing the passwords for the … Show more

“…• M A can steal the legal user's smart card and extract the stored secret credentials in memory by performing power analysis [3]- [5]. • M A can be a legitimate and privileged insider, which is able to reveal the verifier table stored in the RC database [1]. • After getting the secret credentials of the smart card, an adversary may attempt potential attacks such as "MITM", "masquerade", "off-line password guessing" attacks and so on [6]- [8].…”

“…We briefly review Ali et al's AKA scheme for multiserver environments. Ali et al's scheme [1] is composed of three processes: user registration, server registration, authentication, and key establishment. The symbols utilized in this paper are summarized in Table 1.…”

“…This comment is about "ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments", that is proposed by Ali et al [1]. They claimed that their scheme can prevent various security attacks, and also ensure secure authentication.…”

“…In 2020, Ali et al [1] designed a biometric-based secure AKA scheme to provide secure services in multi-server environments. Ali et al claimed that their scheme is able to resist various security threats such as impersonation, replay, session key exposure, and insider attacks.…”

“…However, this comment shows that their scheme is vulnerable to session key exposure, man-in-the-middle (MITM) and masquerade attacks, and also does not provide mutual authentication. Therefore, we suggest the some guidelines to resolve the security threats of Ali et al [1].…”

Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”

“…• M A can steal the legal user's smart card and extract the stored secret credentials in memory by performing power analysis [3]- [5]. • M A can be a legitimate and privileged insider, which is able to reveal the verifier table stored in the RC database [1]. • After getting the secret credentials of the smart card, an adversary may attempt potential attacks such as "MITM", "masquerade", "off-line password guessing" attacks and so on [6]- [8].…”

“…We briefly review Ali et al's AKA scheme for multiserver environments. Ali et al's scheme [1] is composed of three processes: user registration, server registration, authentication, and key establishment. The symbols utilized in this paper are summarized in Table 1.…”

“…This comment is about "ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments", that is proposed by Ali et al [1]. They claimed that their scheme can prevent various security attacks, and also ensure secure authentication.…”

“…In 2020, Ali et al [1] designed a biometric-based secure AKA scheme to provide secure services in multi-server environments. Ali et al claimed that their scheme is able to resist various security threats such as impersonation, replay, session key exposure, and insider attacks.…”

“…However, this comment shows that their scheme is vulnerable to session key exposure, man-in-the-middle (MITM) and masquerade attacks, and also does not provide mutual authentication. Therefore, we suggest the some guidelines to resolve the security threats of Ali et al [1].…”

Comments on “ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments”

EAPIOD: ECC based authentication protocol for insider attack protection in IoD scenario

Comments on a Scalable Healthcare Authentication Protocol with Attack-Resilience and Anonymous Key-Agreement