|
Scheme | Description | Weakness |
|
Khan and Zhang [80] | Enhancing the security of a biometric authentication scheme. | Does not provide mutual authentication, and it is vulnerable to server spoofing attacks. |
de Meulenaer et al. [81] | Providing comparison on the cost of two key agreement protocols as Kerberos and the Elliptic Curve Diffie–Hellman key exchange with authentication delivered by the elliptic curve digital signature algorithm (ECDH-ECDSA). | It can be applied only where a trusted third party is available. Furthermore, the energy cost of listening increases communication costs. |
Li and Hwang [82] | Proposing an authentication scheme based on a biometric and smart card that delivers less computational cost. | Lack of security enhancement. |
He et al. [83] | Presenting user authentication and key agreement schemes for WSN. | There is no mutual authentication, and it is not robust against attacks. |
Yao et al. [84] | Proposing an electrocardiogram-signal-based protocol using biometric encryption to provide mutual authentication. | An insufficient balance between safety and security. |
Huang et al. [85] | Providing an authentication framework considering password, smart card, and biometrics. | Lack of threat identification in the provided framework. |
An [86] | Improvement of an effective biometric-based authentication scheme employing smart cards and its analysis in terms of security. | Susceptible to impersonation and gateway node bypassing attack. |
Kothmayr et al. [87] | Proposing two-way IoT security architecture in which authentication is provided by datagram transport Layer security handshake. | Supporting just it, DTCT, SSR, and PP partly. |
Liu et al. [88] | Presenting an authentication and access control in the IoT. | The high cost of message exchange and inadequate security. |
Li et al. [89] | Proposing a multifactor scheme employing biometric, password, and random nonce generated by the user and server. | Insufficient security advancement. |
Liao and Hsiao [90] | Developing an RFID scheme by ID-verifier transfer protocol combination. | Does not provide tag authentication, privacy, server, and mutual authentication. Moreover, it is vulnerable to tag masquerade, server spoofing, location tracking, and tag cloning attacks. |
Xue et al. [91] | Proposing user authentication and key agreement schemes for WSN. | Susceptible to denial-of-service, man-in-the-middle, password guessing, and parallel session attack. |
Ndibanje et al. [92] | The protocol provides user anonymity, mutual authentication, and secure session key establishment. | |
Saied et al. [93] | Presenting a lightweight collaborative key establishment scheme for the IoT. | |
Turkanović et al. [39] | Proposing a user authentication and key agreement scheme for heterogeneous ad hoc WSN. | Vulnerable to offline password guessing and offline identity guessing. |
Chen et al. [94] | Developing a two-factor user authentication scheme for WSN with high security. | Vulnerable to replay, impersonation, denial-of-service, and man-in-the-middle attack. |
Das and Goswami [95] | Proposing an anonymous biometric-based authentication scheme employing smart cards. | Does not support user anonymity, and it is susceptible to impersonation, password change, parallel session, smart card or device stolen, and gateway node bypassing attack. |
|