Comments on 'ITSSAKA-MS: An Improved Three-Factor Symmetric-Key Based Secure AKA Scheme for Multi-Server Environments'

Abstract

Multi-server technology is widely utilized due to its enormous applicability in fields such as telecare medicine information system (TMIS), online shopping, remote surveillance, online banking, etc. However, a malicious attacker can perform various security attacks in the multi-server environments because he/she can easily modify, insert, inject, delete, and intercept exchanged messages over a public channel. Thus, secure authentication and key agreement (AKA) schemes are indispensable to provide useful services in multi-server environments. In 2020, Ali et al. presented a three-factor symmetric key based secure AKA scheme for privacy and security in multi-server environments. Ali et al. claimed that their scheme can prevent various security attacks, and also ensure secure authentication. However, this comment shows that Ali et al.'s scheme suffers from many drawbacks, including session key exposure, man-in-the-middle (MITM), and masquerade attacks. Moreover, their scheme fails to ensure mutual authentication. Thus, we suggest the necessary security guidelines to resolve the security threats of Ali et al.'s scheme.