Cryptanalysis of a Biometric-based Anonymous Authentication Approach for IoT Environment

---

Abstract

Network-based services place significant emphasis on user authentication as a critical security concern. Li et al. have proposed a user authentication method for wireless sensor networks in IoT environments, utilising a three-factor authentication approach. They claimed that their approach has numerous advantages and is capable of enduring different types of attacks. However, this study examines the weaknesses of the aforesaid technique and identifies many types of the attacks, including sensor node capture assault, user impersonation attack, sensor node impersonation attack, session key leak attack, and gateway node impersonation attack. Hence, it is demonstrated that the suggested method is unsuitable for applications based on wireless sensor networks in an IoT environment. In addition, a reliable multimodal biometric system using face and speech modality, is suggested as a solution to tackle with the aforesaid vulnerable authentication scheme.

---

Keywords

Cryptographic attacks; Cryptanalysis; Internet of Things (IoT); Biometrics; Security; Wireless Sensor Networks (WSN)