A Provably Secure Authentication and Key Exchange Protocol in Vehicular Ad Hoc Networks

Wu, Tsu-Yang; Lee, Zhiyuan; Yang, Lei; Chen, Chien-Ming

doi:https://doi.org/10.1155/2021/9944460

Security and Communication Networks

On this page

Abstract Introduction Related Work Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Special Issue

Security Hardened and Privacy Preserved Vehicle-to-Everything (V2X) Communication

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 9944460 | https://doi.org/10.1155/2021/9944460

A Provably Secure Authentication and Key Exchange Protocol in Vehicular Ad Hoc Networks

Tsu-Yang Wu,¹Zhiyuan Lee,¹Lei Yang,¹and Chien-Ming Chen¹

Academic Editor: Azeem Irshad

Received17 Mar 2021

Revised13 May 2021

Accepted12 Jun 2021

Published29 Jun 2021

Abstract

While cloud computing and Internet of Things (IoT) technologies have gradually matured, mobile intelligent transportation systems have begun to be widely used. In particular, the application of vehicular ad hoc networks (VANETs) is very convenient for real-time collection and analysis of traffic data. VANETs provide a great convenience for drivers and passengers, making it easier to choose routes. Currently, most research on VANETs obtains data through cloud servers. However, there are few studies on cloud servers obtaining vehicle information through the roadside unit (RSU). In the process of reading traffic information, there will be some private and sensitive information, which may be intercepted or tampered with in untrusted public channels. Therefore, it is necessary to propose a protocol to protect vehicle data during the information reading phase. In this paper, we propose a new provably secure authentication protocol to negotiate a session key before transmitting traffic information. This protocol can complete mutual authentication and generate a session key. Finally, security analysis and performance analysis show that our protocol is secure and efficient.

1. Introduction

Due to social and economic development, motor vehicles are rapidly spreading. At the same time, the rapid increase in the number of vehicles on the road has also made the traffic situation more complicated, and there will be many traffic problems, such as traffic accidents and road congestion. Therefore, researchers apply artificial intelligence [1–4], wireless networks, and sensor technology [5, 6] to road vehicle management, so that vehicles can share information and release relevant road information to alleviate traffic problems. This is the vehicular ad hoc network, which consists of vehicle-to-vehicle (V2V) communication and vehicle-to-infrastructure (V2I) communication. In the VANETs, the vehicle is equipped with an on-board unit (OBU), so the vehicle can be regarded as a mobile network node that can communicate. Therefore, the vehicle can obtain the corresponding road information from the cloud server through the RSU and can also send the relevant information recorded by itself to the cloud server. The main goal of VANET technology is to improve traffic efficiency and increase driving experience. With the popularity and development of VANET, it plays a key role in user travel planning and road safety.

Although VANETs have various obvious benefits, their security and privacy issues [7–9] are still the keys to whether they can be widely used. In VANETs, the network environment is open; attackers can capture various messages transmitted in the network and can forge a legitimate vehicle to send wrong information. The transmission of wrong information will mislead the driver to make the wrong decision, bringing corresponding troubles and even dangers. First, before information transmission, mutual authentication must be performed, and a corresponding session key must be generated for subsequent information transmission. Then the integrity of the message must be verified every time a message is received. In addition, anonymity is indispensable in VANET, because if the vehicle transmits its identity on the network in clear text, the attacker captures the information, and the vehicle can be faked or the vehicle can be tracked.

However, several kinds of research in VANETs mainly focus on how to ensure that vehicles obtain corresponding road information. In other aspects, vehicles can receive current traffic conditions through RSU. Based on the information received, the driver can adjust the driving decision. Because the road conditions are changing, the RSU can actively establish a communication request with the vehicle to obtain the road condition information stored by the vehicle sensor (as shown in Figure 1). Based on our best knowledge, we propose a new provably secure mutual authentication scheme for negotiating session keys before transmitting traffic information in this paper. The main contributions of this paper are summarized as follows:(1)A three-party AKE scheme is proposed, with vehicles, RSU, and cloud servers. RSU actively sends a request, completes mutual authentication with the vehicle through the cloud server, and generates a session key.(2)Due to environmental constraints, the proposed scheme only performs simple operations, such as elliptic curve (ECC), bitwise XOR, and hash functions.(3)We conduct a security analysis of the protocol, including formal analysis, informal analysis, and ProVerif simulation.(4)Finally, the performance of the proposed protocol is evaluated. Compared with the existing methods, we show that our protocol is feasible.

The remainder of this paper is organized as follows. In Section 2, the latest research results of the AKE protocol and related research on security authentication in the VANET environment are reviewed. Section 3 describes our proposed protocol in detail. Then, in Sections 4 and 5, the security analysis and performance analysis of the protocol proposed in Section 3 are carried out. Finally, the article is summarized in Section 6.

Many researchers have conducted a series of studies on authentication and key exchange protocols in VANETs. However, with the changes of various needs and scenarios, many security issues have emerged in these studies.

First of all, in terms of an authentication protocol, Lamport [10] proposed for the first time password authentication in an insecure channel. Immediately afterward, various two-party authentication schemes were proposed [11, 12]. But, for the VANETs environment, the communication between vehicles can use a two-party authentication scheme, and if the vehicle and the cloud server are authenticated, the two-party authentication will cause transmission delay, because two-party identity authentication is generally used in a single-server environment. In 2001, Li et al. [13] first proposed an authentication scheme in a multiserver environment, but their scheme is inefficient because it takes a lot of time to train neural networks. Later, to complete efficient and secure identity authentication, researchers began to introduce multifactor security. In addition to passwords, security factors such as smart cards and biological information were introduced [14–16]. Recently, Irshad et al. [17] proposed an authentication scheme under a multiserver architecture based on the chaotic mapping. But Wu et al. [18] found that Irshad et al.’s protocol cannot guarantee user anonymity and is vulnerable to attacks by privileged insiders. Therefore, Wu et al. proposed an authentication protocol for distributed cloud environments, claiming that their protocol can resist various known attacks. However, Wu et al. [19] recently proposed an authentication key exchange protocol under a multiserver architecture and found that [18] has multiple security problems, including the inability to provide perfect forward secrecy () and being vulnerable to privileged internal attacks. Also, in a multiserver environment, in 2017, Truong et al. [20] proposed an ECC-based authentication scheme. Their article discussed that Yeh et al.’s [21] protocol cannot provide mutual authentication and the key agreement phase is incorrect. In 2018, Zhao et al. [22] proposed a secure and efficient authentication protocol based on passwords and smart cards. They claimed that the scheme of Truong et al. could not achieve the security authentication requirements of multiserver authentication and could not resist offline password guessing and impersonation attacks. However, Hassan et al. [23] conducted a security analysis on the scheme proposed by Zhao et al. and found that the scheme is vulnerable to anonymity and traceability issues and is not suitable for a multiserver environment. Then, on this basis, Hassan et al. proposed an improved multiserver authentication scheme.

Currently, there are two research focuses on the VANETs environment; one is efficient authentication, and the other is privacy protection. The former appeared because of the large number of vehicles in the VANETs environment, and data transmission and processing are very challenging. In order to solve this problem, cloud computing began to be applied to the VANETs [24]. In VANETs, cloud computing-based authentication schemes have also begun to be widely proposed [25–29]. These solutions reduce the server-side service response time and improve authentication efficiency. However, due to the number of vehicles involved and management issues, network delays can also be caused. Then cloud computing began to decentralize and fog computing was used to solve the above shortcomings [15, 30–32]. The latter is because, in an open network environment, the private information of vehicle users must be protected. Therefore, the Conditional Privacy Preservation Authentication (CPPA) agreement was proposed [33]. In this protocol, the attacker cannot obtain the true identity of the vehicle user through messages intercepted on the public channel, but a trusted third party can calculate the identity of the vehicle user who sent the message. In 2008, Zhang et al. [34] proposed an identity-based verification scheme and proved that their proposed scheme can practice conditional privacy protection, trusting the authority to retrieve the true identity of the vehicle from any false identity. In 2014, Chuang and Lee [35] proposed the first authentication mechanism using transitive trust relationship. Later, Zhou et al. [36] used elliptic curve cryptography (ECC) to propose a new mutual authentication scheme based on the mechanism proposed by Chuang and Lee and mentioned in their paper that the scheme of Chang and Lee cannot resist internal attacks. However, Wu et al. [37] found that Zhou et al.’s scheme could not guarantee anonymity and was vulnerable to identity guessing and impersonation attacks. At the same time, they designed a new privacy protection authentication protocol using ECC technology. Some researchers have proposed the use of fog computing for information processing in the VANET environment. In 2019, Ma et al. [30] proposed a new AKE protocol without bilinear pairing. They believed that the proposed protocol is safe and efficient. However, Eftekhari et al. [38] found that the protocol of Ma et al. had security problems, such as internal attacks, known session-specific temporary information attacks, and stolen smart card attacks, and then they proposed a safer and more efficient protocol. In 2017, Mohit et al. [39] proposed a new vehicle communication protocol and believed that their protocol could resist attacks such as stolen smart card attacks and impersonation attacks. However, Yu et al. [40] found that Mohit et al.’s scheme could not provide security attributes such as anonymity and mutual authentication and would suffer impersonation and traceability attacks. Then Yu et al. proposed a new security authentication protocol and proved that their protocol can resist various known attacks. In 2020, Sadri and Rajabzadeh Asaar [41] proved that Yu et al.’s protocol is vulnerable to tracking attacks, impersonation attacks, sensor capture attacks, and so forth and proposed a secure protocol for application in VANETs.

Some studies have begun to design the AKE protocol for the advantages of low latency and high reliability in the 5G environment [42]; and, for some special occasions, blockchain technology [43] is also used to complete the authentication key exchange. Research similar to VANET currently has similar flying ad hoc networks (FANETs). Moreover, this environment is also vulnerable to serious security threats. Due to these security threats, many security protocols have been proposed in this environment [44–47]. Therefore, when studying VANETs, you can refer to some security solutions in FANETs. However, most of the research is carried out on the premise that the vehicle initiates a communication request. So, it is necessary to propose an authentication scheme in which a cloud server or RSU initiates a communication request to the vehicle user to meet the timely update of road condition information.

3. Proposed Scheme

In this section, we introduce in detail a new provably secure mutual authentication scheme used to negotiate session keys before transmitting traffic information. The communication entities in the proposed protocol include vehicle users, roadside units, and cloud servers. For the convenience of reading, the symbols used in the scheme are listed in Table 1. The proposed protocol has five phases, namely, the initialization phase, the vehicle registration phase, the RSU registration phase, the login phase, and the authentication phase.

3.1. Initialization Phase

(1)The cloud server selects two large prime numbers and and then constructs an elliptic curve defined about the domain for . The points on form a cyclic additive elliptic curve group , and the generator of is obtained.(2) selects two random numbers and and computes , where is the long-term key of the , is the private key, and is the public key.(3)Finally, chooses a one-way hash function .

3.2. Vehicle User Registration Phase

When the vehicle user wants to get the corresponding service, he/she must register through the cloud server . The main steps are as follows. Figure 2 describes the process of vehicle user registration in detail.(1) chooses its own and then sends it to through a secret channel.(2)On receiving , selects and computes and . Then, saves to memory and securely transmits to .(3)Finally, computes , , and and stores into OBU. Among them, is the ’s password, and is the ’s biological information.

3.3. RSU Registration Phase

Through the registration phase, can obtain the private key, as shown in Figure 3.(1) selects a random number and computes and then sends the identity and to securely.(2) selects the pseudoidentity of and the random number . Then computes and , stores in its database, and finally sends to .(3) computes and then verifies whether is equal to . If the verification is passed, the private key distribution is successful. Then is stored in memory.

3.4. Login Phase

Since the environment proposed by the scheme is to complete mutual authentication and key exchange during vehicle operation, the vehicle user login will be completed in advance. Figure 4 shows the login information of the vehicle user.

3.5. Authentication Phase

The entire authentication phase is initiated by , which wants to communicate with the running vehicle. The detailed information is shown in Figure 5.(1)First, makes a communication request and selects a random number to compute . sends and to .(2)After receives the communication request, it selects a random number and the current timestamp and computes (see equations (1)–(4)). Then it sends to .(3) verifies the validity of the timestamp (by ). computes (as shown in equations (5)–(7)). Finally, sends to .(4)After receives the message, it first verifies whether the timestamp is valid (by ). If the verification is passed, it computes and . Then it takes out from the memory through and computes . If and are equal, then perform the operation; otherwise, terminate the session. Then, computes and and then retrieves in the database through . After that, computes and completes the authentication operation. If authenticated, selects a random number and a timestamp and computes (see equations (8)–(13)). Finally, updates the values of and in memory and sends to .(5) also verifies the validity of the timestamp. Then it computes and verifies that is equal to . If authenticated, computes (see equations (14)–(16)). Then it updates the values of in memory. Finally, computes the session key and sends to .(6)After receives the message, it checks the freshness of timestamp. If it is confirmed, computes and and then verifies . If authenticated, computes a new and updates this value in the memory. Finally, computes the session key .

4. Security Analysis

In this section, we conduct a security analysis of the proposed protocol and use the ROR model and ProVerif tool to complete the formal security analysis [48, 49]; and, through informal security analysis, we verified that the proposed protocol has security features and can resist various known attacks.

4.1. Informal Security Analysis

This section is an informal security analysis of the proposed protocol. We verify the security attributes and attacks that the proposed protocol needs to have one by one.

4.1.1. Mutual Authentication

After receiving the authentication request from , computes and sends it to through . After receives the message, the computed contains the parameters . Only legitimate users can generate correct , so that can verify the identity of the user and the legitimacy of the information by verifying whether is equal to ; that is, authenticates . Similarly, the server computes , computes , and computes , respectively, indicating that has authenticated , has authenticated , and has authenticated . In summary, and can perform mutual authentication in the protocol.

4.1.2. Man-in-the-Middle Attacks

By intercepting the information in the public channel, may launch man-in-the-middle attacks. But after receives the message, it needs to verify and to authenticate the sender. Suppose that when tries to tamper with the information sent to , he needs to generate a new authentication information , but he cannot obtain the parameters , , and so forth. This means that cannot complete the verification after tampering with the information. Similarly, when tampered with the information sent to and , he could not complete the relevant authentication. This shows that the protocol can resist man-in-the-middle attacks.

4.1.3. Replay Attacks

In the protocol, when a new round of authentication is performed, new random numbers , , and will be generated; and every time the authentication is completed, the values stored in the memory such as and will be updated. The random number and the updated are used when generating the session key. Therefore, when resends the previous message, new random numbers and related parameters updated in the memory have been generated, and he cannot pass the verification and cannot compute the session key. Therefore, the proposed protocol can resist replay attacks.

4.1.4. Known Session-Specific Temporary Information Attacks

Under the CK attack model [50], can obtain the random number or generated during the authentication phase. Assuming that obtains the random number generated by ; then , , and can be calculated. However, since cannot obtain and , he still cannot compute the session key ; and when tries to use a random number to perform a man-in-the-middle attack or an impersonation attack, he cannot complete the verification by recalculating . Therefore, the proposed protocol can resist known session-specific temporary information attacks.

4.1.5. Perfect Forward Secrecy

This security feature requires that the leakage of the long-term key does not reveal the previously generated session key. in the scheme. That is, the long-term key of is not used in the calculation of the session key. Since the private key of does not change after each authentication, it is assumed that can get . Then can compute and ; that is, and , and the updated and . However, cannot obtain the random number or needed to compute , so there is no way to compute ; that is, the proposed protocol can provide perfect forward secrecy.

4.1.6. Internal Attacks

Assuming that is a internal staff, he can easily obtain the information transmitted during the registration phase, including , , , and . However, cannot compute and from this information. Therefore, the proposed protocol can resist internal attacks.

4.1.7. User Anonymity and Untraceability

During the authentication process, is used to compute and cannot obtain to guess . So, the scheme can guarantee anonymity. At the same time, due to the use of random numbers and the update of the pseudoidentity after each authentication, it is also ensured that cannot confirm the user’s identity by tracing a specific piece of information. Therefore, the protocol satisfies anonymity and untraceability.

4.1.8. Three-Factor Secrecy

The proposed protocol uses passwords, biological information, and storage devices (OBU) for security encryption, so it is a three-factor authentication protocol. For this type of protocol, it is assumed that the extreme case is that can obtain two of the three factors and can launch an attack on the protocol.

Assume that obtains , , and . It is necessary to compute when logging in, where , but is stored in OBU. In other words, cannot complete the login operation. The proposed protocol is safe in this situation. Assume that obtains , , and OBU. Since cannot be computed through , cannot compute and and cannot complete login verification. That is, the protocol is safe in this situation. Similarly, when knows and OBU, there is no way to compute because there is no password and identity. Therefore, the protocol is safe in the three situations, and the proposed protocol satisfies the three-factor security characteristics.

4.1.9. No Key Control

In this protocol, the session key can only be generated through negotiation between and ; that is, a single entity cannot generate by itself. When computing , needs to know and generated by . In the same way, needs to negotiate to obtain and during the calculation to compute . Therefore, the proposed protocol is satisfied with no key control property.

4.2. Formal Security Analysis Based on Random Oracle Model

In this section, a random oracle model (ROR model) is used to formally prove the security of our proposed protocol. This analysis model was proposed by Canetti et al. [51]. By launching different rounds of s, the ROR model can compute the probability of successfully guessing the in various situations and thus judge the security of the protocol. Assume that , , and , respectively, represent the communication of , the communication of , and the communication of . can initiate the following query, where .(i): through this query, can eavesdrop on the message transmitted on the public channel.(ii): executes the query and can get the hash value of the input parameter .(iii): executes the query, sends a message to , and can receive the corresponding response.(iv): executes this query to obtain the return result of current session key generated by .(v): by executing the query, can obtain some secret values, such as long-term private keys and temporary information.(vi): executes the query and judges the correctness of the session key by flipping coin . If the result is , will receive the correct session key returned; if the result is , will receive a random string.

Definition 1. (elliptic curve discrete logarithm problem (ECDLP)). Our proposed protocol uses elliptic curve cryptography (ECC). Here, we describe the computational difficulties and assumptions of ECC. Suppose that is an elliptic curve generation group. At the same time, given points and , where belongs to and belongs to , it is computationally infeasible to obtain . In polynomial time, the probability that solves this problem is defined as follows: . For a sufficiently small , we have .

Theorem 1. If attempts to initiate some queries in polynomial time, then the advantage that he can break through the proposed protocol is as follows: where represents the number of times to execute queries, represents the number of times to execute queries, represents the number of times to queries, represents the number of bits of the operation, and and are constants in Zipf’s law [52].

Proof. We use the game sequence to verify the above theorem. represents the probability of ’s success in game . Finally, using the query to determine , the specific description is as follows:(i) represents a real attack, and did not initiate any query at this time. Therefore, in , the probability of cracking is .(ii) adds Execute query on the basis of , and there is no difference in the others. So, .(iii) adds query on the basis of . According to Zipf’s law, we get .(iv) adds query on the basis of . According to the birthday paradox, we can get the maximum probability of hash collision as ; the maximum probability of collision in the transmitted text is ; and so .(v) In this game, we consider the security of the session key. Here, we divide the discussion into two situations. The first is to obtain a long-term private key to verify perfect forward secrecy; the second is to provide temporary information leakage to verify whether the known session-specific temporary information attacks can be resisted. Perfect forward secrecy: uses to try to get the private key of or uses or to try to get a certain secret value in the registration phase Known session-specific temporary information attacks: uses or or to try to obtain temporary information of one partyIn both cases, ECDLP needs to be solved to compute the session key . For , in the first case, even if and are calculated by , the random number is unknown. While getting through , cannot get . In the second case, even if is calculated through , the long-term private key is unknown. Similarly, for the second formula also holds, .(i) uses to query; can get the information in OBU. The user uses the password and biological information to register. wants to guess +, but the possibility of guessing the biological characteristics is , which can be almost ignored. Using Zipf’s law, we can get .(ii) the purpose of this game is to verify forgery attacks. In , if issues or query, the game is terminated. At this point, the probability of guessing is . Because the probability of success and unsuccess of is half, = 1/2.In summary, we can get the following conclusions:Thus, we can obtain

4.3. ProVerif Security Analysis

ProVerif [53] is a formal cryptographic protocol security verification tool proposed by Bruno Blanchet in 2001 and developed using the Prolog language. The tool is based on the DY model and can handle basic cryptographic operations such as symmetric encryption and decryption, public-key encryption and decryption, hash operations, and XOR operations. The security attributes that can be verified are confidentiality, authentication, consistency, and equivalence between processes. Through the use of code to achieve the registration and authentication phases of vehicle users, RSU, and cloud server, a protocol simulation experiment is created in this section. The following is the whole process:(1)The definition of the channel is and . The former is a common channel used in the login and authentication phases, and the latter is a secure channel used in the registration phase. and are the session keys generated by and . The subsequent definitions are string concatenation operations, XOR operations, hash functions, and fuzzy extractor functions. Next is to use some queries to verify the security requirements. The entire definition is shown in Figure 6.(2)The process of is shown in Figure 7.(3)The process of is shown in Figure 8.(4)The process of is shown in Figure 9.(5)In Figure 10, we show the results of the verification. We use VehicleStarted(), VehicleAuthed(), ServerAcVehicle(), ServerAcRSU(), RSUAcServer(), and VehicleAcRSU() to declare the beginning and the end of the agreement and whether the mutual authentication between the vehicle user, RSU, and CS is correct. The verification result shows that the session key we established has withstood the attack, and the mutual authentication is successful and correct. The protocol proposed in this chapter has passed the security verification of ProVerif.

5. Security and Performance Comparisons

This section will analyze the performance of the proposed protocol and verify the performance of the protocol by comparing its security, computing consumption, and communication consumption among similar protocols.

5.1. Security Comparisons

In this section, we compare the security of the proposed protocol with Ma et al.’s scheme [30], Jia et al.’s scheme [31], Eftekhari et al.’s scheme [38], and Liu et al.’s scheme [54]. The details are shown in Table 2. According to the informal security analysis above, it can be seen that the current common network attacks mainly include A1: mutual authentication; A2: man-in-the-middle attacks, A3: replay attacks, A4: known session-specific temporary information attacks, A5: perfect forward secrecy, A6: internal attacks, A7: user anonymity, A8: three-factor secrecy, A9: no key control, and A10: impersonation attacks. means that it can resist this attack or has this security feature.

5.2. Performance Comparisons

In the performance analysis of the AKE protocol, the computation cost is an important part to be considered. In the VANETs environment, due to the mobility of vehicles, the required computational time needs to be less, which reduces the time required for key establishment and makes the proposed protocol more practical. The experimental environment we used here is shown in Table 3 to test the time-consuming performance of different encryption and decryption algorithms. The algorithm was run 30 times on the device to find the average value. The results are shown in Table 4. We found that the time of the fuzzy extraction function is similar to that of the hash function during the experiment, so we use the fuzzy extraction function as a hash function.

Compared with other phases, in order to ensure the security of the session key, the authentication phase will be executed multiple times, so the calculation cost in this section only considers the calculation performed in the authentication phase. The comparison is shown in Table 5. Substitute the execution data in Table 4 to get the computation cost histogram in Figure 11.

Next, we analyze the communication consumption of the proposed protocol and compare it with related protocols. We use the number of bits specified in [11]. For example, the point of the ECC is 320 bits, the hash function is set to 256 bits, the length of the identity information is 64 bits, and the length of the random number and timestamp is 32 bits.

The protocol we propose has four transmission rounds in the authentication phase, and the transmitted information is {}. It contains 4 ECC points, 8 hash function outputs, and 4 timestamps’ information. That is, a total of 3456 bits of information are transmitted.

The protocol of Liu et al. transmits 4 rounds, and the transmitted information is , , and , including 3 hash outputs, 4 identification information, 4 timestamps’ information, 3 ECC points, and 3 symmetric encryptions’ information (calculated according to 128 bits). Therefore, a total of 2496 bits of information are transmitted.

The protocol of Jia et al. transmits 4 rounds, and the transmitted information is , , , and . It includes 6 ECC points, 9 hash function outputs, and 5 timestamps’ information. Therefore, a total of 4384 bits of information are transmitted.

The protocol of Ma et al. transmits 4 rounds, and the transmitted information is {}. It contains 7 ECC points, 3 hash function outputs, and 4 timestamps’ information. A total of 3904 bits of information are transmitted.

The protocol of Eftekhari et al. transmits 4 rounds, and the transmitted information is , , , and . It contains 6 ECC points, 14 hash function outputs, and 2 timestamps’ information. A total of 5568 bits of information are transmitted. The comparison of communication consumption is shown in Table 6. In order to see the comparison effect more clearly, we have generated Figure 12.

Combined with Tables 2, 5, and 6, we discussed the results of the performance analysis. The protocol of Eftekhari et al. has no obvious security vulnerabilities, and the computation cost is similar to that of the protocol we proposed; the main computation cost gap is on the server side. Because the server has strong computing power, it has little effect on the overall computation cost; and, from Table 6 we can see that the communication cost of Eftekhari et al.’s protocol is much higher than that of the proposed protocol. Also, the proposed protocol is similar to Jia et al.’s protocol in terms of computation cost, but Jia et al.’s protocol has security vulnerabilities. The communication cost of all the schemes participating in the comparison is slightly higher than that of the protocol of Liu et al. It can be seen from Figure 11 that the computation cost of the protocol of Liu et al. is the highest, and the security performance is very poor. The computation cost and communication cost of Ma et al.’s protocol are relatively average, but both are slightly higher than those of our proposed protocol, and their protocol is vulnerable to known session-specific temporary information attacks and internal attacks and cannot guarantee user anonymity. In general, it is more reasonable for the proposed protocol to combine security, computation cost, and communication cost analysis.

6. Conclusion

Based on ECC, this paper designs a new provably safe AKE scheme before transmitting road condition information. We first reviewed the research status of AKE protocol in the VANET environment and found that it is necessary to propose a scheme to protect vehicle data in the information reading phase. We conducted an informal security analysis of the proposed protocol from mutual authentication, anonymity, perfect forward secrecy, man-in-the-middle attacks, internal attacks, and so forth and passed strict formal security analyses, such as the ROR model and ProVerif security verification tools, indicating that the proposed protocol is secure. Through the comparison of security and performance, the proposed protocol is secure, more effective, and more reasonable than the existing protocol. The application of authentication and key exchange in the VANETs environment is the general trend of the development of the VANETs. With the continuous development of the VANETs, subsequent application scenarios are also diverse, such as social Internet of Vehicles, which involve more user privacy information, and this topic will have great research value and research space in the future. Therefore, the communication security of the VANETs environment must also be a key research topic for scholars.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that there are no conflicts of interest.

References

Z. Meng, J.-S. Pan, and K.-K. Tseng, “PaDE: an enhanced Differential Evolution algorithm with novel control parameter adaptation schemes for numerical optimization,” Knowledge-Based Systems, vol. 168, pp. 80–99, 2019.
View at: Publisher Site | Google Scholar
J.-S. Pan, N. Liu, S.-C. Chu, and T. Lai, “An efficient surrogate-assisted hybrid optimization algorithm for expensive optimization problems,” Information Sciences, vol. 561, pp. 304–325, 2021.
View at: Publisher Site | Google Scholar
X. Xue, X. Wu, C. Jiang, G. Mao, and H. Zhu, “Integrating sensor ontologies with global and local alignment extractions,” Wireless Communications and Mobile Computing, vol. 2021, Article ID 6625184, 10 pages, 2021.
View at: Publisher Site | Google Scholar
X. Xue, C. Yang, C. Jiang, P. W. Tsai, G. Mao, and H. Zhu, “Optimizing ontology alignment through linkage learning on entity correspondences,” Complexity, vol. 2021, Article ID 5574732, 12 pages, 2021.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Wu, C. Jin, and S. Kumari, “Efficient and privacy-preserving authentication protocol for heterogeneous systems in IIOT,” IEEE Internet of Things Journal, vol. 7, no. 12, Article ID 11713, 2020.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Zhao, Y. Hou et al., “Heterogeneous signcryption with equality test for IIoT environment,” IEEE Internet of Things Journal, 2020.
View at: Publisher Site | Google Scholar
J. S. Pan, X. X. Sun, S. C. Chu, A. Abraham, and B. Yan, “Digital watermarking with improved SMS applied for QR code,” Engineering Applications of Artificial Intelligence, vol. 97, Article ID 104049, 2021.
View at: Publisher Site | Google Scholar
J. M.-T. Wu, G. Srivastava, A. Jolfaei, P. Fournier-Viger, and J. C.-W. Lin, “Hiding sensitive information in eHealth datasets,” Future Generation Computer Systems, vol. 117, pp. 169–180, 2021.
View at: Publisher Site | Google Scholar
J. M. T. Wu, G. Srivastava, U. Yun, S. Tayeb, and J. C. W. Lin, “An evolutionary computation‐based privacy‐preserving data mining model under a multithreshold constraint,” Transactions on Emerging Telecommunications Technologies, vol. 32, no. 3, Article ID e4209, 2021.
View at: Publisher Site | Google Scholar
L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
View at: Publisher Site | Google Scholar
T. Y. Wu, Y. Q. Lee, C. M. Chen, Y. Tian, and N. A. Al-Nabhan, “An enhanced pairing-based authentication scheme for smart grid communications,” Journal of Ambient Intelligence and Humanized Computing, 2021.
View at: Publisher Site | Google Scholar
J. C. Hsu, Y. S. Jheng, S. M. Mizanur Rahman, and R. Tso, “Password-based authenticated key exchange from lattices for client server model,” Journal of Computer Security and Data Forensics, vol. 1, no. 1, pp. 1–17, 2021.
View at: Publisher Site | Google Scholar
L. H. Li-Hua Li, L. C. Luon-Chang Lin, and M. S. Min-Shiang Hwang, “A remote password authentication scheme for multiserver architecture using neural networks,” IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498–1504, 2001.
View at: Publisher Site | Google Scholar
C. C. Chang and J. S. Lee, “An efficient and secure multi-server password authentication scheme using smart cards,” in Proceedings of the 2004 International Conference on Cyberworlds, pp. 417–422, Tokyo, Japan, November 2004.
View at: Google Scholar
Y. Wang, Y. Liu, H. Ma, Q. Ma, and Q. Ding, “The research of identity authentication based on multiple biometrics fusion in complex interactive environment,” Journal of Network Intelligence, vol. 4, no. 4, pp. 124–139, 2019.
View at: Google Scholar
T. Y. Wu, Z. Lee, L. Yang, J. N. Luo, and R. Tso, “Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks,” The Journal of Supercomputing, vol. 77, pp. 6992–7020, 2021.
View at: Publisher Site | Google Scholar
A. Irshad, H. F. Ahmad, B. A. Alzahrani, M. Sher, and S. A. Chaudhry, “An efficient and anonymous Chaotic Map based authenticated key agreement for multi-server architecture,” KSII Transactions on Internet and Information Systems, vol. 10, no. 12, pp. 5572–5595, 2016.
View at: Publisher Site | Google Scholar
F. Wu, X. Li, L. Xu, A. K. Sangaiah, and J. J. P. C. Rodrigues, “Authentication protocol for distributed cloud computing: an explanation of the security situations for Internet-of-Things-enabled devices,” IEEE Consumer Electronics Magazine, vol. 7, no. 6, pp. 38–44, 2018.
View at: Publisher Site | Google Scholar
T.-Y. Wu, Z. Lee, M. S. Obaidat, S. Kumari, S. Kumar, and C.-M. Chen, “An authenticated key exchange protocol for multi-server architecture in 5G networks,” IEEE Access, vol. 8, Article ID 28096, 2020.
View at: Publisher Site | Google Scholar
T.-T. Truong, M.-T. Tran, A.-D. Duong, and I. Echizen, “Provable identity based user authentication scheme on ECC in multi-server environment,” Wireless Personal Communications, vol. 95, no. 3, pp. 2785–2801, 2017.
View at: Publisher Site | Google Scholar
K.-H. Yeh, “A provably secure multi-server based authentication scheme,” Wireless Personal Communications, vol. 79, no. 3, pp. 1621–1634, 2014.
View at: Publisher Site | Google Scholar
Y. Zhao, S. Li, and L. Jiang, “Secure and efficient user authentication scheme based on password and smart card for multi-server environment,” Security and Communication Networks, vol. 2018, Article ID 9178941, 13 pages, 2018.
View at: Publisher Site | Google Scholar
M. Hassan, A. Sultan, A. A. Awan, S. Tahir, and I. Ihsan, “An enhanced and secure multiserver-based user authentication protocol,” in Proceedings of the International Conference on Cyber Warfare and Security (ICCWS), pp. 1–6, Islamabad, Pakistan, October 2020.
View at: Publisher Site | Google Scholar
M. Eltoweissy, S. Olariu, and M. Younis, “Towards autonomous vehicular clouds,” Ad Hoc Networks, vol. 49, pp. 1–16, 2010.
View at: Publisher Site | Google Scholar
S. Bitam, A. Mellouk, and S. Zeadally, “VANET-cloud: a generic cloud computing model for vehicular Ad Hoc networks,” IEEE Wireless Communications, vol. 22, no. 1, pp. 96–102, 2015.
View at: Publisher Site | Google Scholar
Q. Jiang, J. Ni, J. Ma, L. Yang, and X. Shen, “Integrated authentication and key agreement framework for vehicular cloud computing,” IEEE Network, vol. 32, no. 3, pp. 28–35, 2018.
View at: Publisher Site | Google Scholar
S. K. Bhoi, S. K. Panda, S. R. Ray et al., “TSP-HVC: a novel task scheduling policy for heterogeneous vehicular cloud environment,” International Journal of Information Technology, vol. 11, no. 4, pp. 853–858, 2019.
View at: Publisher Site | Google Scholar
C.-M. Chen, B. Xiang, Y. Liu, and K.-H. Wang, “A secure authentication protocol for Internet of vehicles,” IEEE Access, vol. 7, Article ID 12047, 2019.
View at: Publisher Site | Google Scholar
J. Zhang, H. Zhong, J. Cui, and Y. Xu, “SMAKA: Secure many-to-many authentication and key agreement scheme for vehicular networks,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 1810–1824, 2020.
View at: Publisher Site | Google Scholar
M. Ma, D. He, H. Wang, N. Kumar, and K.-K. R. Choo, “An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8065–8075, 2019.
View at: Publisher Site | Google Scholar
X. Jia, D. He, N. Kumar, and K.-K. R. Choo, “Authenticated key agreement scheme for fog-driven IoT healthcare system,” Wireless Networks, vol. 25, no. 8, pp. 4737–4750, 2019.
View at: Publisher Site | Google Scholar
C. M. Chen, Y. Huang, K. H. Wang, and S. Kumari, “A secure authenticated and key exchange scheme for fog computing,” Enterprise Information Systems, 2020.
View at: Publisher Site | Google Scholar
M. Raya and J.-P. Hubaux, “Securing vehicular ad hoc networks,” Journal of Computer Security, vol. 15, no. 1, pp. 39–68, 2007.
View at: Publisher Site | Google Scholar
C. Zhang, R. Lu, X. Lin, and P. H. Ho, “An efficient identity-based batch verification scheme for vehicular sensor networks,” in Proceedings of The 27th Conference on Computer Communications, pp. 246–250, Phoenix, AZ, USA, April 2008.
View at: Publisher Site | Google Scholar
M. C. Ming-Chin Chuang and J. F. Jeng-Farn Lee, “TEAM: trust-extended authentication mechanism for vehicular ad hoc networks,” IEEE systems journal, vol. 8, no. 3, pp. 749–758, 2014.
View at: Publisher Site | Google Scholar
Y. Zhou, X. Zhao, Y. Jiang, F. Shang, S. Deng, and X. Wang, “An enhanced privacy-preserving authentication scheme for vehicle sensor networks,” Sensors, vol. 17, no. 12, p. 2854, 2017.
View at: Publisher Site | Google Scholar
L. Wu, Q. Sun, X. Wang et al., “An efficient privacy-preserving mutual authentication scheme for secure V2V communication in vehicular ad hoc network,” IEEE Access, vol. 7, Article ID 55050, 2019.
View at: Publisher Site | Google Scholar
S. A. Eftekhari, M. Nikooghadam, and M. Rafighi, “Security-enhanced three-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications,” Vehicular Communications, vol. 28, Article ID 100306, 2020.
View at: Google Scholar
P. Mohit, R. Amin, and G. P. Biswas, “Design of authentication protocol for wireless sensor network-based smart vehicular system,” Vehicular Communications, vol. 9, pp. 64–71, 2017.
View at: Publisher Site | Google Scholar
S. Yu, J. Lee, K. Lee, K. Park, and Y. Park, “Secure authentication protocol for wireless sensor networks in vehicular communications,” Sensors, vol. 18, no. 10, p. 3191, 2018.
View at: Publisher Site | Google Scholar
M. J. Sadri and M. Rajabzadeh Asaar, “A lightweight anonymous two-factor authentication protocol for wireless sensor networks in Internet of Vehicles,” International Journal of Communication Systems, vol. 33, no. 14, Article ID e4511, 2020.
View at: Publisher Site | Google Scholar
P. Wang, C.-M. Chen, S. Kumari et al., “HDMA: hybrid D2D message authentication scheme for 5G-enabled VANETs,” IEEE Transactions on Intelligent Transportation Systems, pp. 1–10, 2020.
View at: Publisher Site | Google Scholar
H. Zhu, X. Wang, C. M. Chen, and S. Kumari, “Two novel semi-quantum-reflection protocols applied in connected vehicle systems with blockchain,” Computers & Electrical Engineering, vol. 86, Article ID 106714, 2020.
View at: Publisher Site | Google Scholar
M. A. Khan, I. Ullah, N. Kumar et al., “An efficient and secure certificate-based access control and key agreement scheme for flying ad-hoc networks,” IEEE Transactions on Vehicular Technology, vol. 70, no. 5, pp. 4839–4851, 2021.
View at: Publisher Site | Google Scholar
M. A. Khan, I. Ullah, S. Nisar et al., “An efficient and provably secure certificateless key-encapsulated signcryption scheme for flying ad-hoc network,” IEEE Access, vol. 8, Article ID 36807, 2020.
View at: Publisher Site | Google Scholar
M. A. Khan, I. M. Qureshi, I. Ullah, S. Khan, and F. Khanzada, “An efficient and provably secure certificateless blind signature scheme for flying ad-hoc network based on multi-access edge computing,” Electronics, vol. 9, no. 1, p. 30, 2020.
View at: Publisher Site | Google Scholar
M. A. Khan, I. Ullah, S. Nisar et al., “Multiaccess edge computing empowered flying ad hoc networks with secure deployment using identity-based generalized signcryption,” Mobile Information Systems, vol. 2020, Article ID 8861947, 15 pages, 2020.
View at: Publisher Site | Google Scholar
T. Y. Wu, L. Yang, Z. Lee, S. C. Chu, S. Kumari, and S. Kumar, “A provably secure three-factor Authentication protocol for wireless sensor networks,” Wireless Communications and Mobile Computing, vol. 2021, Article ID 5537018, 15 pages, 2021.
View at: Publisher Site | Google Scholar
T. Y. Wu, T. Wang, Y. Q. Lee, W. Zheng, S. Kumari, and S. Kumar, “Improved authenticated key agreement scheme for fog-driven IoT healthcare system,” Security and Communication Networks, vol. 2021, Article ID 6658041, 16 pages, 2021.
View at: Publisher Site | Google Scholar
R. Canetti and H. Krawczyk, “Universally composable notions of key exchange and secure channels,” Advances in Cryptology, Springer, Berlin, Germany, 2002.
View at: Publisher Site | Google Scholar
R. Canetti, O. Goldreich, and S. Halevi, “The random oracle methodology, revisited,” Journal of the ACM, vol. 51, no. 4, pp. 557–594, 2004.
View at: Publisher Site | Google Scholar
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s law in passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
View at: Publisher Site | Google Scholar
B. Blanchet, “An efficient cryptographic protocol verifier based on prolog rules,” in Proceedings 14th IEEE Computer Security Foundations Workshop, pp. 82–96, Cape Breton, NS, Canada, June 2001.
View at: Google Scholar
Y. Liu, Y. Wang, and G. Chang, “Efficient privacy-preserving dual authentication and key agreement scheme for secure V2V communications in an IoV paradigm,” IEEE Transactions on Intelligent Transportation Systems, vol. 18, no. 10, pp. 2740–2749, 2017.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Tsu-Yang Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

772

Downloads

838

Citations

Security and Communication Networks

Security Hardened and Privacy Preserved Vehicle-to-Everything (V2X) Communication

A Provably Secure Authentication and Key Exchange Protocol in Vehicular Ad Hoc Networks

Abstract

1. Introduction

2. Related Work

3. Proposed Scheme

3.1. Initialization Phase

3.2. Vehicle User Registration Phase

3.3. RSU Registration Phase

3.4. Login Phase

3.5. Authentication Phase

4. Security Analysis

4.1. Informal Security Analysis

4.1.1. Mutual Authentication

4.1.2. Man-in-the-Middle Attacks

4.1.3. Replay Attacks

4.1.4. Known Session-Specific Temporary Information Attacks

4.1.5. Perfect Forward Secrecy

4.1.6. Internal Attacks

4.1.7. User Anonymity and Untraceability

4.1.8. Three-Factor Secrecy

4.1.9. No Key Control

4.2. Formal Security Analysis Based on Random Oracle Model

4.3. ProVerif Security Analysis

5. Security and Performance Comparisons

5.1. Security Comparisons

5.2. Performance Comparisons

6. Conclusion

Data Availability

Conflicts of Interest

References

Copyright