Comments on "EAKE-WC: Efficient and Anonymous Authenticated Key Exchange Scheme for Wearable Computing"

被引：0

作者：

Wang, Weizheng ^{[1
]}

Han, Zhaoyang ^{[2
]}

Su, Chunhua ^{[3
]}

机构：

[1] City Univ Hong Kong, Dept Comp Sci, Hong Kong, Peoples R China

[2] Nanjing Forestry Univ, Coll Informat Sci & Technol & Artificial Intellige, Nanjing 210037, Peoples R China

[3] Univ Aizu, Div Comp Sci, Fukushima 9658580, Japan

来源：

IEEE TRANSACTIONS ON MOBILE COMPUTING | 2024年 / 23卷 / 12期

关键词：

Authentication Key Exchange (AKE); replay attacks; security and privacy; wearable computing;

D O I：

10.1109/TMC.2024.3417181

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In the above paper, Tu et al. proposed an efficient and anonymous authenticated key exchange scheme optimized for wearable computing environments, utilizing lightweight cryptographic primitives like XOR, ASCON, and hash functions. They claimed the employed Authenticated Key Exchange (AKE) scheme is robust against prevalent security threats. However, our analysis reveal a critical vulnerability to replay attacks that could undermine the protocol's security; specifically, an attacker could intercept messages and induce unauthorized server-side password updates, effectively blocking further legitimate user communications. Upon dissecting the root causes of this vulnerability, we offer targeted recommendations to mitigate such attacks and reinforce the protocol's defenses.

引用

页码：12793 / 12794

页数：2

共 2 条

[1] Wearable Computing for Defence Automation: Opportunities and Challenges in 5G Network
Sharma, Pradip Kumar
Park, Jisun
Park, Jong Hyuk
Cho, Kyungeun
[J]. IEEE ACCESS, 2020, 8 : 65993 - 66002
[2] EAKE-WC: Efficient and Anonymous Authenticated Key Exchange Scheme for Wearable Computing
Tu, Shanshan
Badshah, Akhtar
Alasmary, Hisham
Waqas, Muhammad
[J]. IEEE TRANSACTIONS ON MOBILE COMPUTING, 2024, 23 (05) : 4752 - 4763

← 1 →