Research Article
A Robust IoT-Based Three-Factor Authentication Scheme for Cloud Computing Resistant to Session Key Exposure
Table 1
Related authentication schemes for cloud computing.
| | Category | Schemes | Authentication factors | Cryptographic primitive | Security limitations |
| | Public key cryptosystem-based schemes | Tsai and Lo [18] | Three-factor | Bilinear pairing | Server impersonation attack | | He et al. [19] | Two-factor | Bilinear pairing | Inefficient typo detection | | Kumari et al. [20] | Three-factor | Elliptic curve cryptosystem | Known session-specific temporary information attack
Fails to preserve three-factor secrecy | | Mo et al. [25] | Two-factor | Elliptic curve cryptosystem | Stolen-verifier attack
Forgery attack
Replay attack
Known session-specific temporary information attack |
| | Hash-based schemes | Amin et al. [21] | Two-factor | Hash function | Off-line guessing attack
Session key disclosure attack
Fails to preserve forward secrecy
Known session-specific temporary information attack | | Xue et al. [22] | Two-factor | Hash function | User anonymity
Privileged insider attack
Off-line password guessing attack
Fails to preserve forward secrecy | | Chuang and Chen [23] | Three-factor | Hash function | User impersonation attack
Session key discloser attack
Fails to preserve forward secrecy | | Zhou et al. [26] | Two-factor | Hash function | Forgery attack
Replay attack
Fails to preserve forward secrecy
Known session-specific temporary information attack |
|
|
