Internet of Things (IoT) have gained popularity in recent times. With an increase in the number of IoT devices, security and privacy vulnerabilities are also increasing. For sensitive domains like healthcare and industrial sectors, such vulnerabilities can cause havoc. Thus, authentication is an important aspect for establishing a secure communication between various participants. In this paper, we study the two recent authentication and key exchange protocols. We prove that these protocols are vulnerable to replay attack and modification attack, and also suffer from technical correctness. We then present the possible improvements to overcome the discussed vulnerabilities. The enhancement preserves performance of the original protocols.

翻译：物联网（IoT）近年来日益普及。随着物联网设备数量的增加，安全与隐私漏洞也随之增多。对于医疗健康、工业等敏感领域而言，此类漏洞可能造成严重破坏。因此，认证协议是建立各参与方之间安全通信的重要环节。本文研究了两种最新的认证与密钥交换协议，证明这些协议易受重放攻击和修改攻击，且存在技术正确性问题。随后我们提出了可行的改进方案以克服上述漏洞，该增强方案在保持原协议性能的同时提升了安全性。