Comments on CSAP-IoD: A Chaotic Map-Based Secure Authentication Protocol for Internet of Drones
Commentary  ·  Published: 19 June 2026
Issue cover
Journal of Reliable and Secure Computing
Volume 2, Issue 2, 2026: 156-160
Commentary Open Access

Comments on CSAP-IoD: A Chaotic Map-Based Secure Authentication Protocol for Internet of Drones

1 Department of Mathematics, Chaudhary Charan Singh University, Meerut 250004, Uttar Pradesh, India
* Corresponding Author: Akash Kumar, [email protected]
Volume 2, Issue 2

Article Information

Abstract

Recently, Zahednejad and Gao (2025 Journal of Information Security and Applications, Elsevier, https://doi.org/10.1016/j.jisa.2025.104083,) identified key compromise impersonation (KCI) in both, a two-factor, and a three-factor authentication protocols for IoT devices. They further proposed a lightweight authentication scheme designed to mitigate the identified KCI threats. Subsequently, Zhang et al. (2025, IEEE Transactions on Information Forensics and Security, https://doi.org/10.1109/TIFS.2025.3599678) introduced a chaotic map-based authentication protocol for the Internet of Drones, claiming that their design is resilient to a wide range of security attacks. Earlier, Kumari et al. (2019) had emphasized the significance of KCI attacks, urging the research community to devise robust countermeasures to eliminate KCI and other vulnerabilities arising from the compromise of a trusted authority’s keys. We observe that the protocol proposed by Zahednejad and Gao effectively resists KCI, even in scenarios where both the cloud server’s database and the secret key are compromised. In this comment, we demonstrate that Zhang et al.’s protocol fails to withstand KCI attacks and is further susceptible to session-specific temporary random number leakage attack. These findings highlight that, despite continuous research efforts over the years, KCI remains a persistent challenge in the design of user authentication protocols, underscoring the urgent need for future schemes that are immune to KCI.

Keywords

authentication key compromise impersonation KCI attacks Internet of Drones

Data Availability Statement

Not applicable.

Funding

This work was supported without any funding.

Conflicts of Interest

Saru Kumari served as a Co-Editor-in-Chief of the Journal of Reliable and Secure Computing at the time of manuscript submission. To ensure the integrity of the peer-review process, Saru Kumari was not involved in the editorial handling, peer review, or decision-making process for this manuscript, which was handled independently by another editor. The remaining authors declare no conflicts of interest.

AI Use Statement

The authors declare that no generative AI was used in the preparation of this manuscript.

Ethical Approval and Consent to Participate

Not applicable.

References

  1. Zahednejad, B., & Gao, C. Z. (2025). Mitigating server key compromise impersonation: a secure and efficient authentication and key agreement protocol for IoT devices using chaotic maps. Journal of Information Security and Applications, 92, 104083.
    [CrossRef] [Google Scholar]
  2. Qiu, S., Wang, D., Xu, G., & Kumari, S. (2020). Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. IEEE Transactions on Dependable and Secure Computing, 19(2), 1338-1351.
    [CrossRef] [Google Scholar]
  3. He, D., Cai, Y., Zhu, S., Zhao, Z., Chan, S., & Guizani, M. (2023). A lightweight authentication and key exchange protocol with anonymity for IoT. IEEE Transactions on Wireless Communications, 22(11), 7862-7872.
    [CrossRef] [Google Scholar]
  4. Kumari, S., Chaudhary, P., Chen, C. M., & Khan, M. K. (2019). Questioning key compromise attack on Ostad-Sharif et al.’s authentication and session key generation scheme for healthcare applications. IEEE Access, 7, 39717-39720.
    [CrossRef] [Google Scholar]
  5. Zhang, J., Cheng, Q., Chen, X., & Luo, X. (2025). CSAP-IoD: A Chaotic Map-Based Secure Authentication Protocol for Internet of Drones. IEEE Transactions on Information Forensics and Security, 20, 8848-8862.
    [CrossRef] [Google Scholar]

Cite This Article

APA Style
Kumar, A., & Kumari, S. (2026). Comments on CSAP-IoD: A Chaotic Map-Based Secure Authentication Protocol for Internet of Drones. Journal of Reliable and Secure Computing, 2(2), 156-160. https://doi.org/10.62762/JRSC.2026.503368
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
TY  - JOUR
AU  - Kumar, Akash
AU  - Kumari, Saru
PY  - 2026
DA  - 2026/06/19
TI  - Comments on CSAP-IoD: A Chaotic Map-Based Secure Authentication Protocol for Internet of Drones
JO  - Journal of Reliable and Secure Computing
T2  - Journal of Reliable and Secure Computing
JF  - Journal of Reliable and Secure Computing
VL  - 2
IS  - 2
SP  - 156
EP  - 160
DO  - 10.62762/JRSC.2026.503368
UR  - https://www.icck.org/article/abs/JRSC.2026.503368
KW  - authentication
KW  - key compromise impersonation
KW  - KCI attacks
KW  - Internet of Drones
AB  - Recently, Zahednejad and Gao (2025 Journal of Information Security and Applications, Elsevier, https://doi.org/10.1016/j.jisa.2025.104083,) identified key compromise impersonation (KCI) in both, a two-factor, and a three-factor authentication protocols for IoT devices. They further proposed a lightweight authentication scheme designed to mitigate the identified KCI threats. Subsequently, Zhang et al. (2025, IEEE Transactions on Information Forensics and Security, https://doi.org/10.1109/TIFS.2025.3599678) introduced a chaotic map-based authentication protocol for the Internet of Drones, claiming that their design is resilient to a wide range of security attacks. Earlier, Kumari et al. (2019) had emphasized the significance of KCI attacks, urging the research community to devise robust countermeasures to eliminate KCI and other vulnerabilities arising from the compromise of a trusted authority’s keys. We observe that the protocol proposed by Zahednejad and Gao effectively resists KCI, even in scenarios where both the cloud server’s database and the secret key are compromised. In this comment, we demonstrate that Zhang et al.’s protocol fails to withstand KCI attacks and is further susceptible to session-specific temporary random number leakage attack. These findings highlight that, despite continuous research efforts over the years, KCI remains a persistent challenge in the design of user authentication protocols, underscoring the urgent need for future schemes that are immune to KCI.
SN  - 3070-6424
PB  - Institute of Central Computation and Knowledge
LA  - English
ER  - 
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
@article{Kumar2026Comments,
  author = {Akash Kumar and Saru Kumari},
  title = {Comments on CSAP-IoD: A Chaotic Map-Based Secure Authentication Protocol for Internet of Drones},
  journal = {Journal of Reliable and Secure Computing},
  year = {2026},
  volume = {2},
  number = {2},
  pages = {156-160},
  doi = {10.62762/JRSC.2026.503368},
  url = {https://www.icck.org/article/abs/JRSC.2026.503368},
  abstract = {Recently, Zahednejad and Gao (2025 Journal of Information Security and Applications, Elsevier, https://doi.org/10.1016/j.jisa.2025.104083,) identified key compromise impersonation (KCI) in both, a two-factor, and a three-factor authentication protocols for IoT devices. They further proposed a lightweight authentication scheme designed to mitigate the identified KCI threats. Subsequently, Zhang et al. (2025, IEEE Transactions on Information Forensics and Security, https://doi.org/10.1109/TIFS.2025.3599678) introduced a chaotic map-based authentication protocol for the Internet of Drones, claiming that their design is resilient to a wide range of security attacks. Earlier, Kumari et al. (2019) had emphasized the significance of KCI attacks, urging the research community to devise robust countermeasures to eliminate KCI and other vulnerabilities arising from the compromise of a trusted authority’s keys. We observe that the protocol proposed by Zahednejad and Gao effectively resists KCI, even in scenarios where both the cloud server’s database and the secret key are compromised. In this comment, we demonstrate that Zhang et al.’s protocol fails to withstand KCI attacks and is further susceptible to session-specific temporary random number leakage attack. These findings highlight that, despite continuous research efforts over the years, KCI remains a persistent challenge in the design of user authentication protocols, underscoring the urgent need for future schemes that are immune to KCI.},
  keywords = {authentication, key compromise impersonation, KCI attacks, Internet of Drones},
  issn = {3070-6424},
  publisher = {Institute of Central Computation and Knowledge}
}

Article Metrics

Citations
Crossref
0
Scopus
0
Views
143
PDF Downloads
59

Publisher's Note

ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and Permissions

CC BY Copyright © 2026 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
Journal of Reliable and Secure Computing
Journal of Reliable and Secure Computing
ISSN: 3070-6424 (Online)
Portico
Preserved at
Portico