Notes on “Secure authentication scheme for IoT and cloud servers”

In 2015, Kalra and Sood proposed an authentication scheme for the IoT and a Cloud server. In their paper, the authors pointed out that the embedded devices in both the IoT and the Cloud server cannot support high computational and storage abilities. For these reasons, Kalra and Sood used ECC to design a light-weight scheme. Unfortunately, we found two weaknesses in it, i.e., the failure of mutual authentication and a mistiness of the session key. In this research, we first demonstrate the weaknesses, and then we improve their scheme to make the original scheme-more complete and more secure.