The advancements in the internet of things (IoT) require specialized security protocols to provide unbreakable security along with computation and communication efficiencies. Moreover, user privacy and anonymity has emerged as an integral part, along with other security requirements. Unfortunately, many recent authentication schemes to secure IoT-based systems were either proved as vulnerable to different attacks or prey of inefficiencies. Some of these schemes suffer from a faulty design that happened mainly owing to undue emphasis on privacy and anonymity alongside performance efficiency. This article aims to show the design faults by analyzing a very recent hash functions-based authentication scheme for cloud-based IoT systems with misunderstood privacy cum efficiency tradeoff owing to an unadorned design flaw, which is also present in many other such schemes. Precisely, it is proved in this article that the scheme of Wazid et al. cannot provide mutual authentication and key agreement between a user and a sensor node when there exists more than one registered user. We then proposed an improved scheme and proved its security through formal and informal methods. The proposed scheme completes the authentication cycle with a minor increase in computation cost but provides all security goals along with privacy.

中文翻译：

---

隐私背后的轮换：一种改进的基于云的物联网环境的轻量级身份验证方案

物联网 (IoT) 的进步需要专门的安全协议来提供牢不可破的安全性以及计算和通信效率。此外，用户隐私和匿名性以及其他安全要求已成为不可或缺的一部分。不幸的是，最近许多用于保护基于物联网的系统的身份验证方案要么被证明容易受到不同的攻击，要么被证明是效率低下的牺牲品。其中一些方案存在设计错误，主要是由于过分强调隐私和匿名性以及性能效率。本文旨在通过分析最近基于散列函数的基于云的物联网系统的身份验证方案来展示设计缺陷，该方案由于未经修饰的设计缺陷而被误解了隐私和效率权衡，这也存在于许多其他此类方案中。准确地说，本文证明了 Wazid 等人的方案。当存在多个注册用户时，不能提供用户和传感器节点之间的相互认证和密钥协议。然后我们提出了一个改进的方案，并通过正式和非正式的方法证明了它的安全性。所提出的方案完成了认证周期，计算成本略有增加，但提供了所有安全目标以及隐私。