Nowadays, as one of the key applications of Internet of Things, Industry IoT (IIoT) has recently received significant attention and has facilitated our life. In IIoT environments, an amount of data generally requires to be transmitted between the user and sensing devices in an open channel. In order to ensure safe transmission of these data, it is necessary for the user and sensing devices to authenticate each other and establish a secure channel between them. Recently, a multifactor authenticated key agreement scheme for IIoT was proposed, which aims to tackle this problem and provide solutions for user multiple sensing devices’ access. This work claims that the proposed scheme is secure against vario us attacks and has less communication and computational costs than other existing related schemes. Unfortunately, we find that this scheme cannot resist smart card attack and sensing device capture attack. Furthermore, we show that this scheme fails to provide forward secrecy, which is essential for a secure multifactor authentication scheme.

中文翻译：

---

重新审视工业物联网中的多因素身份验证方案

如今，作为物联网的关键应用之一，工业物联网（IIoT）最近受到了极大的关注，并为我们的生活带来了便利。在 IIoT 环境中，通常需要在开放通道中在用户和传感设备之间传输大量数据。为了保证这些数据的安全传输，用户和传感设备需要相互认证，并在它们之间建立安全通道。最近，提出了一种用于工业物联网的多因素认证密钥协商方案，旨在解决这一问题，并为用户多个传感设备的接入提供解决方案。这项工作声称所提出的方案对各种攻击是安全的，并且比其他现有的相关方案具有更少的通信和计算成本。很遗憾，我们发现该方案无法抵抗智能卡攻击和传感设备捕获攻击。此外，我们表明该方案无法提供前向保密，这对于安全的多因素身份验证方案至关重要。