Received: 26 May 2020

-

Revised: 10 September 2020

-

Accepted: 19 November 2020

- IET Networks

DOI: 10.1049/ntw2.12014

C O M M E N T

Comment on ‘ElGamal cryptosystem‐based secure

authentication system for cloud‐based IoT applications’

Azeem Irshad

¹

| Shehzad Ashraf Chaudhry

²

1Department of Computer and Software Engineering, International Islamic University, Islamabad, Pakistan

2Department of Computer Engineering, Istanbul Gelisim University, Istanbul, Turkey

Correspondence

Shehzad Ashraf Chaudhry, Department of Computer Engineering, Faculty of Engineering and Architecture, Istanbul Gelisim University, Istanbul, Turkey.

Email:sashraf@gelisim.edu.tr

Abstract

This comment is presented to identify the drawbacks in a recently demonstrated scheme by Maitra et al., SAS‐Cloud: doi:10.1049/iet-net.2019.0004, which adopted an ElGamal cryptosystem‐based technique for biometric authentication in cloud‐based IoT applica- tions. In this protocol, the authors claim that their scheme provides mutual authentica- tion. However, it is demonstrated in this article that the protocol merely supports unilateral authentication, which may result in clogging attack on the server's end. This is because the latter is unable to verify the authentication request in absolute terms, which might lead to resource clogging as well as denial of service attack affecting its Quality of Service (QoS).

1 | DISCUSSION

This article is written to identify some critical flaws present in a recently published manuscript SAS‐Cloud by Maitra et al. [1].

Moreover, some counter measures are also proposed in sub- sequent parts of the article.

The significance of authenticity among the communicating parties can never be undervalued in cloud‐IoT environment.

Recently, Maitra et al. designed an efficient biometric authen- tication scheme for cloud‐IoT infrastructure by using fuzzy extractors. Nevertheless, the scheme is found to be prone to clogging attack [2] by any adversaryA, which can damage the performance of service provider.

1.1 | Clogging Attack on Maitra et al.’s Scheme

The authors claim that their scheme provides mutual authen- tication, while mutual authentication in a protocol must affirm the verification process on both ends. However, Maitra et al.

scheme provides only unilateral verification in the protocol.

For instance, the replay attack could be initiated by the ad- versary upon eavesdropping the authentication request {DIDi, Gi, Fi}, whereEi=PK^rimod q, DIDi=(IDi|| ri),Eimod q, Gi = g^rimod q, Fi = H(ri|| Ei|| Ai'),ri being a random integer. Once the above request is replayed towards service

provider, the latter only verifies the user with its private key on account of random integerriand identityIDi. In this manner, the service provider goes without verification of the user.

Cognizant of the above imperfection in the system, an ad- versary may overburden the server with too many authenti- cation requests. While the server or service provider will be constrained to maintain necessary session variables and session key in its repository under the impression that it is genuine session key and participant, that might lead to clogging attack.

In a clogging attack, an adversary may compel the service provider to process the fabricated request impersonating himself as a genuine subscriber of the system, resulting in resource clogging of the service provider, while such a threat may critically undermine the quality of service of the server, and too many such kind of simultaneous requests may lead to a massive Denial of Service (DoS) attack, unavoidably. In Maitra et al.'s scheme, both the adversaryAand service provider may share a session key. However, as a matter of fact,Acould not construct a mutually agreed session key because Adoes not have access to the parameter ri. Nevertheless, the adversary would be at an advantage to successfully launch the clogging attack resulting in massive degradation of the performance of the system. With the passage of time, the DoS attack is receiving more and more attention of the researchers, because this attack may significantly deplete the computational and memory resources of the service providers and can result in bottleneck problems [3,4].

This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

© 2021 The Authors.IET Networkspublished by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.

244

-

^{IET Netw.}2021;10:244–245. wileyonlinelibrary.com/journal/ntw2

20474962, 2021, 5, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ntw2.12014 by CochraneUnitedArabEmirates, Wiley Online Library on [10/01/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License

2 | Proposed Scheme

The flaw in Maitra et al. scheme could be remedied either (1) by using timestamp or (2) by additional round of communi- cation. For example, the timestamp may be added in Fi

parameter on the side of user. The timestamp may serve the purpose within the existing communication rounds; however, if the time synchronization is critical in the system, then an additional communication round may be added from user to service provider. In this manner, the service provider could verify its presented challenge (second communication round) in the third round of communication. Following the timestamp‐based solution, the authentication request in the protocol could be modified as {DIDi, Gi, Fi, Tu}, where other parameters may be computed as Ei = PK^ri mod q, DIDi=(IDi|| ri).Eimod q, Gi=g^rimod q, Fi=H(ri|| Ei

|| Ai' || Tu). Unlike Maitra et al., now the server may verify the authenticity of user using the timestamp Tu. If any adversary attempts occur to replay this intercepted message {DIDi, Gi, Fi, Tu}, the adversary is bound to failure as it may not be able to deceive the server. Instead, the server may drop down the request immediately after failing to verify the fabricated request. Alternatively, the user may append the Maitra et al. scheme with another round of communication by constructing Mi ={IDi|| Ski|| Ai' || yi'} and submit the same Mi towards server for final verification in the third

round. This helps to achieve mutual authentication on both ends in its entirety.

O R CI D

Azeem Irshad https://orcid.org/0000-0002-1366-2834 Shehzad Ashraf Chaudhry https://orcid.org/0000-0002- 9321-6956

R E F E R E N C E S

1. Maitra, T., et al.: ElGamal cryptosystem‐based secure authentication system for cloud‐based IoT applications. IET Netw. 8(5), 289–298 (2019)

2. Ali, Z., et al. A clogging resistant secure authentication scheme for fog computing services. Computer Networks. 185, 107731, (2021) 3. Velliangiri, S., Premalatha, J.: Intrusion detection of distributed denial of

service attack in cloud. Cluster Comput. 22(5), 10615–10623 (2019) 4. Salim, M.M., Rathore, S., Park, J.H.: Distributed denial of service attacks

and its defenses in IoT: a survey. J. Supercomput. 1–44 (2019)

How to cite this article:Irshad, A., Chaudhry, S.A.:

Comment on ‘ElGamal cryptosystem‐based secure authentication system for cloud‐based IoT applications’.

IET Netw. 10(5), 244–245 (2021).https://doi.org/10.

1049/ntw2.12014

IRSHADANDCHAUDHRY

-

²⁴⁵

20474962, 2021, 5, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ntw2.12014 by CochraneUnitedArabEmirates, Wiley Online Library on [10/01/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License