TFPPASV: A Three-Factor Privacy Preserving Authentication Scheme for VANETs

Duan, Zongtao; Mahmood, Jabar; Yang, Yun; Berwo, Michael Abebe; Yassin, Abd al Kader Ahmed; Mumtaz Bhutta, Muhammad Nasir; Chaudhry, Shehzad Ashraf

doi:https://doi.org/10.1155/2022/8259927

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Related Work Conclusion Data Availability Conflicts of Interest Authors’ Contributions Acknowledgments References Copyright Related Articles

Special Issue

Security and Privacy Challenges for Intelligent Internet of Things Devices 2022

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 8259927 | https://doi.org/10.1155/2022/8259927

TFPPASV: A Three-Factor Privacy Preserving Authentication Scheme for VANETs

Zongtao Duan,¹Jabar Mahmood,¹Yun Yang,¹Michael Abebe Berwo,¹Abd al Kader Ahmed Yassin,²Muhammad Nasir Mumtaz Bhutta,³and Shehzad Ashraf Chaudhry^3,4

Academic Editor: AnMin Fu

Received25 May 2022

Revised06 Aug 2022

Accepted12 Aug 2022

Published30 Sept 2022

Abstract

A vehicular ad hoc network (VANET) is essential for the autonomous vehicle industry, and with the advancement in VANET technology, security threats are increasing rapidly. Mitigation of these threats needs an intelligent security protocol that provides unbreakable security. In recent times, various three-factor authentication solutions for VANET were introduced that adopt the centralized Trusted Authority , which is responsible for assigning authentication parameters during vehicle registration, and the authentication process depends on these parameters. This article first explains the vulnerabilities of the recent three-factor (3F) authentication scheme presented by Xu et al. Our analysis proves that if an is dishonest, it can easily bypass the and can create a session with . Furthermore, this paper puts forward a new scheme that provides the 3F authentication for VANETs (TFPPASV) to resist from bypassing the and to offer user privacy. The proposed scheme fulfills the security and performance requirements of the VANET. We use BAN-Logic analysis to perform a formal security analysis of the proposed scheme, in addition to the informal security feature discussion. Finally, we compare the security and performance of the proposed TFPPASV with some recent and related schemes.

1. Introduction

Due to its dynamic structure and related advantages including the realization of autonomous cars, increased road safety, congestion avoidance, and so on, the vehicular ad hoc networks (VANETs) are getting more popularity and are being considered as the only vehicular network structure of the future. In recent years, the road travel safety is also being considered as most important factor for transportation industry and accordingly several technologies are being developed. A general model of vehicular ad hoc network (VANET) [1–3] is given in Figure 1. VANET is a subbranch of MANETs; intelligent transportation system (ITS) [4] provides support to manage transportation efficiently on roads. VANET consists of three parts [5]. (i) On-board unit [6]: is installed inside the vehicle at the time of manufacture from the company side. The stores the information related to vehicle identity, vehicle password, and other parameters necessary for registration and communication; without this confidential information, the vehicle cannot communicate to other or road side unit [2]. OBU communicates to other OBUs or RSUs on the road using the dedicated short range communication (DSRC) protocol [7–9]. (ii) is fixed alongside the road; has more computational and communication power than . provides the facilities to s to communicate with other or to communicate with via DSRC. In addition, wants to communicate with Trusted Authority [2]. acts as a mediator between and , where the communication among and is carried over some wired or wireless channel. (iii) provides authentication parameters to facilitate communication among various entities in a VANET. is responsible for completing all node authentication. VANETs provide more comfortable and reliable facilities to passengers and drivers on the road, such as infotainment, weather conditions, location information, traffic congestion, and so on. These services aim to provide a safe drive and secure human life on the road and proper energy resource utilization. Due to VANET’s openness characteristics, many security threats are faced during communication. Avoiding these security threats needs a secure authentication scheme that provides resilience against all such threats.

1.1. Motivation

In recent past, many researchers proposed various authentication schemes for VANETs, but many of these schemes do not fulfill the security requirements and are having insecurities against various threats. In addition, some of these schemes have high computational and communication costs. Due to these limitations, we propose a three-factor authentication scheme and key agreement for VANETs. In our scheme, and perform authentication processes. reduces the computational and communication cost and performs the authentication. In the proposed scheme, hands over a smart card (SC) to each registering vehicle. Inside the SC, stores confidential information such as the biological information of the vehicle to provide better security. The proposed scheme provides the facilities to identify malicious vehicle in a multi-drive environment.

1.2. Contributions

The contributions of this study are as follows:(1)Firstly, we reviewed and revealed that Xu et al.’s authentication scheme for IoV is insecure against TA bypassing attack. Additionally, an improved scheme titled “TFPPASV: A Three-Factor Privacy Preserving Authentication Scheme for VANETs” is proposed.(2)Secondly, the security of the proposed TFPPASV scheme is proved using BAN-Logic in addition to the informal discussion on critical security feature provision of the proposed TFPPASV scheme.(3)We also provided a comparative security and performance analysis of the proposed TFPPASV with some related and recent authentication schemes.

1.3. Organization

The remaining structure of the paper is organized as follows. Section 2 describes the preliminaries such as elliptic curve cryptography, fuzzy extractor, network model, and attack model. Section 3 provides the summary of the related work, and Section 4 details the previously published Xu et al.’s scheme [10]. Section 5 summarizes the weaknesses of Xu et al.’s scheme. In Section 6, the proposed TFPPASV is explained briefly. Section 7 analyzes the BAN-Logic-based security proof of the proposed TFPPASV, in addition to the security feature discussion under various attacks. In Section 8, we conduct security and performance comparisons with related schemes. Finally, a conclusion is provided in Section 9.

2. Preliminaries

This section describes the elliptic curve cryptography (ECC), fuzzy extraction, network model, and attack model used in the proposed TFPPASV. Moreover, Table 1 provides the notation used in this paper.

2.1. Elliptic Curve Cryptography

The concept of elliptic curve cryptography (ECC) was presented by Miller and Koblitz in 1985 [11]. ECC is an asymmetric cryptography technique and the following are details related to ECC.

Characteristics of ECC:(i)In ECC, the key generation time is faster than other cryptographic techniques.(ii)The size of the ECC key is small and provides the same security, for example, RSA key size is 1024-bit and ECC key size is 160-bit.

Currently, ECC is used in various authentication schemes, devices, and applications such as VANETs, wireless sensor networks, mobiles, RFID devices, bitcoin, and safe web browsers through SSL/TLS due to its small key size. In this paper, we also used the ECC for a secure scheme. Here, we describe the basics of ECC.

The ECC equation is used to describe the mathematical operations, where and such that is a large prime number . Here, we discuss two computationally intensive problems along with a trapdoor function (TF) role in ECC.(i)TF is defined as a function that is a one-way function easy to compute in one direction but if computing in the reverse direction is computationally difficult, every public key cryptography has its TF.(ii)Elliptic curve discrete logarithm problem (ECDLP): Let and , if and are known, can be computed easily, whereas, it is computationally difficult to compute such that , if and are known.(iii)Elliptic curve computational Diffie–Hellman problem (ECCDHP): let and be two points on and . It is computationally hard to calculate the point, provided that , are unknown.

2.2. Fuzzy Extractor

Authentication through complex passwords is not a better idea for secure registration on an insecure channel. A good technique for secure registration is biometric template, for example, heartbeat, fingerprint, and iris templates are usually used for authentication.

The characteristics of the biometric key are given below:(i)Biometric keys are unique and these are not easy to replicate.(ii)No need to store or memorize because it comes from the user’s body.(iii)No duplicate keys are generated.(iv)Cannot be estimated or guessed.(v)Challenging to reprint and distribute.

Biometrics using raw data are not safe, and thus the biometric data must be stored safely in the system. Various security methods are developed to save the biometric information, such as fuzzy extractor and bio-hash function. They mostly used the fuzzy extractor because the bio-hash function faces the denial of service attack.

The fuzzy extractor has been widely used in an authentication scheme for extracting the biometric key.

The fuzzy extractor has two processes with the following parameters where is the input string.(i)Gen(.) is a probability generation procedure. In this procedure, input is the biometric information from the user, is a random secret key of the length of , and is a public string extracted from the input , and (1) describes the procedure of generation key.(ii)Rep (.) is the process of reproduction and in this procedure, and R can be retrieved as per biometric information close to and . (2) describes the procedure of reproduction key. For all , , if , there is (2) under precondition (1), where represent the distance between and which should not be greater than . Here, we define the fuzzy extractor.(iii)In (3), there is a high probability that the distance between two biometric values and generated from the same entity is low, which can be described as where is the predetermined tolerance threshold and “false negative” probability is .(iv)There is a high probability that the distance between two biometric values, , , for two entities is high, which is described in the following equation: where < and is the probability of “false positive.”

2.3. Network Model

The network model of the proposed security scheme is presented in Figure 2.

: is an autonomous or fully trusted entity in VANET responsible for system initialization and registration of a vehicle or a user. has more resources in the shape of communication and computational cost. It knows about all locations and identities. It issues the parameters to the nodes in VANET and transmits via a secure channel to each node.

: is fixed alongside the road and is equipped with temper proof device. is responsible for storing data and performing encryption operations on data. communicates with via wired or wireless channels and via DSCR protocol. holds information about all registered vehicles in the range of . In addition, shares information with authenticated vehicles via a session key created during authentication.

: each vehicle has its device fixed inside it and stores all confidential information integral for to prove its authenticity. links to via DSRC protocol. Before communication, proves their authenticity; if proves that it is authenticated, then it communicates with RSU; otherwise, it stops the session key generation.

2.4. Attack Model

In this paper, we consider the common DY adversarial model with following description:(1)An adversary plays the role of an eavesdropper, who easily eavesdrops on the insecure communication link and can modify/change or replay the message or send a new message on the link. can also stop/remove a message from the communication link.(2)If gets the vehicle smart card (SC), he can quickly get all the confidential information stored in SC.(3) is assumed to be secure. Precisely, except the private key of the , rest of the parameters stored on could be exposed to .(4) is an important temper proof device because the authenticated data of are stored inside the . Suppose captures the ; it cannot extract the data from the .

Due to dynamicity of VANETs environment, communication process deviates from other networks. VANET communication in smart cities faces various security threats such as eavesdropping, tracking, and positioning. Security and anonymity provisions are required to avoid these issues. Zheng et al. [12] proposed a VANETs authentication scheme for smart cities. Zhang et al.'s scheme uses certificateless group signature and the Elliptic curve scalar multiplication operations. Zheng et al. [12] proved that overhead cost of their scheme is less than Chen et al. 's [13] and Zhao et al.'s [14] schemes. However, they failed to provide the security analysis of the proposed scheme.

Two-factor security authentication protocols in VANETs are mainly accepted and used for authentication between and on the insecure communication channel. In recent years, various two-factor authentication schemes were proposed, but most of these schemes are vulnerable to one or more weaknesses including SC loss, impersonation assaults, and offline password guessing assaults. Qu and Tan. [15] proposed a password based remote user authentication with key agreement scheme using ECC. Qu and Tan [15] proved that their proposed scheme provides security against various known security threats, but they did not provide the communication cost, running time, and overhead cost of their scheme.

Nandy et al. [16] proposed an authentication scheme using ECC. Nandy et al. [16] proved through security analysis that the proposed scheme provides security against several VANET security attacks. Nevertheless, Chaudhry [17] proved that the ECC techniques used by Nandy et al. involve a faulty operation and their scheme cannot compute the private key of the vehicles. Therefore, their scheme cannot complete the authentication process in their described manner.

Chuang and Lee [18] proposed a security scheme called TEAM in 2013 for V2V secure communication. In TEAM, is only for initialization and vehicle registration, which reduces the computational cost of . However, Zhou et al. [19] in 2017 highlighted the weakness of the Chuang and Lee’s scheme [18] and proved that it cannot perform against inside assaults such as impersonation assaults. Thus, Zhou et al. [19] proposed an authentication scheme that removes the weakness of Chuang and Lee’s scheme [18]. In 2019, Wu et al. [20] revealed the weakness of Zhou et al.’s scheme [19] and proved that it cannot perform against impersonation assault, identity guessing assault, and vehicle anonymity. Wu et al. [20] proposed a scheme for secure communication through mutual authentication.

In 2020, Vasudev et al. [21] proposed a security scheme related to mutual authentication between of and proved that it worked against various VANET attacks through informal security analysis. However, they did not provide a formal security analysis of the scheme. In 2021, Mahmood et al. [22] highlighted its weakness and proved that it does not work in dense environments if more than one vehicle is registered. Thus, Mahmood et al. [22] proposed a new scheme that removes the weakness of Vasudev et al. [21] and proved it through formal analysis and informal analysis.

The main issue faced in VANETs is the provision of security to the user on the road because the nature of VANETs is different from the other communication networks. Therefore, more focus on the secure and authentication process is mandatory to avoid the VANET threats. In 2016, Jiang et al. [23] proposed a scheme related to WSN and implemented the three-factor authentication mechanism and proved that it works better than other schemes. However, in 2017, Li et al. [24] pointed out the functional and security flaws in Jiang et al.’s [23] scheme and proposed a new scheme for WSN. Li et al. [24] removed the flaws of the Jiang et al.'s scheme and proved through formal and informal security analysis that their proposed scheme provides correctness and incures less computation and communication cost than other schemes. However, they did not provide the running time of the proposed scheme.

Wang et al. [25] proposed a two-factor authentication scheme for vehicular ad hoc networks. The scheme aims to provide lightweight authentication and parallel security against various security threats such as denial of service attacks that cause traffic jamming. Wang et al.’s [25] scheme provides biometric security to vehicles; thus, adversaries cannot track and trace the vehicle’s location and identity. However, the authors [25] did not provide a formal security analysis of the scheme.

In 2010, Paruchuri and Durresi [26] proposed a protocol called PAAVE. In that protocol, the smart card generated a key for authentication between the vehicle and RSU. Paruchuri and Durresi [26] provided security comparison but did not provide formal and informal security analysis.

In 2017, Ying and Nayak [27] proposed lightweight authentication for VANETs; the authors [27] focused on efficiency and anonymity. The proposed protocol reduces computation and communication cost compared to other protocols. The sceheme of Ying and Nayak [27] provides password change feature without involvment of TA. In 2019, Chen et al. [28] discovered some weaknesses in Ying and Nayak’s scheme and proved that the scheme does not perform securely against location spoofing, offline identity guessing, and replay attack. In addition, it takes more time for authentication; after that, Chen et al. [28] also proposed a protocol to remove these vulnerabilities from the scheme presented in [27]. Table 2 provides the bird’s eye view of the previous related works such as cryptography techniques, and their advantages and disadvantages are listed in the table.

4. Summary of Xu Et Al.’s Scheme

This section provides a detailed review of Xu et al.’s scheme [10]. The scheme is divided into six phases and three entities are participating in this scheme. First of all, we explain the entities and then phases of the scheme. User or acts as a vehicle or node that wants to communicate with other or . The second entity is which plays the role of an intermediate node between and . communicates with via DSRC protocol and communicates with via a wired or wireless channel. The last entity of this scheme is , and it is responsible for user authentication and making sure users have been authenticated. These three entities perform activities in six phases such as (1) system initialization, (2) registration, (3) user login, (4) user authentication, (5) malicious user tacking, and (6) password and biometric key exchange phase.

4.1. System Initialization

In system initialization phase, performs the following steps:(i) selects , which is a cyclic additive group having order and where . The further generates as the primary/private key and computes the as the public key; after generation, the public key is published by . Through secure channel, loads the private key in the and .

4.2. User Registration

Under this phase, approaches the for the completion of the registration process. The following are the steps involved in user registration phase:(i) puts (his biometric information) on the reader to get via FE and provides his original identity and password to the . generates randomly for each . Moreover, computes , , , , . After that, forwards the SC to with engraved information of the tuple and stores the tuple in a verifier table.

4.3. User Login

For user login, the checks and verifies the legitimacy of users via execution of the following steps:(i)User inserts the into and enters the and and imprints biometric information . The SC extracts . The computes . The verifies . If the information is true, login is successful. The computes ; after that, user attenuation will start. Otherwise, terminates the registration process. If repeatedly enters wrong information and exceeds the threshold value, it will not accept inputs from .

4.4. User Authentication

Under this phase, and perform mutual authentication and produce secret key for data communication through authentication process. Figure 3 describes the whole process of user authentication of Xu et al.’s scheme, and the following steps are involved: Step 1. : .(i) generates a random number and computes . After that, computes the dynamic identity and (timestamp). Now, computes and . sends to through insecure channel. Step 2. : .(ii)After receiving the message from the , the checks the freshness of and verifies whether the message has expired or not. If , immediately stops the process; otherwise, continue. computes . computes , . computes . Now, sends the message to the . Step 3. : .(iii)When receives the message form the , it checks the freshness of and verifies whether the message has expired or not. On success, computes . searches the legitimate table of based on . If table is not found, stops the process; otherwise, it continues the process. computes . After computing , sends message to . Step 4. : .(iv)When receives the message from the side, check the freshness of and verify whether the received message has expired. On success, the computes and verifies ; if finds these parameters correct and satisfies the originality, the process continues; otherwise, it stops. After that, computes , . Now stores data tuple . sends the message to . Step 5. The reacts by executing the following steps.(v)When the receives the message from the , it checks the freshness of , and on success, the computes and verifies . On successful verification, the considers as session key and as authenticated user.

4.5. Malicious User Tracking

If the malicious vehicle/node tries to authenticate itself, then the following steps will be performed to identify and track the malicious node:(i)When gets the message from and computes the , , then gets the value of from database (stored tuple) . computes the . After that, sends message to trusted authority. When receives a message from the , checks and verifies the freshness of message and stops the process if freshness is not validated. The computes the and . The checks and verifies the . If it holds, the process continues.(ii)The searches the verifier table; if the table contains , the process continues. The checks and verifies ; if this parameter holds, the process continues. After the confirmation of the malicious vehicle, computes the and sends a message to . deletes the entry from the legal user table and declares that malicious user is not a legitimate user. After receiving the message from , the computes the message again and checks its originality such as . Now, broadcasts the malicious node identity to inform other nodes or vehicles.

4.6. Password and Biometric Change

Under this phase, the user changes his password or gives the vehicle to another user. The user changes his biometric key using the following step:(i)The inserts into and enters the identity and password and imprints the biometric information . The FE extracts . The computes . The checks and verifies ; if equation carries these parameters, is granted permission to change his/her password and biometric key; otherwise, it stops the process. In case wants to change his/her password, the computes the . The replaces the values of with and stores these into memory.(ii)If wants to hand over the vehicle temporarily to another user, he/she must change biometric key. puts his own biometric information in the special device to get via fuzzy extractor. computes the and . computes , and . replaces in memory with to complete the process of biometric key exchange.

5. Weaknesses of Xu Et Al.’s Scheme

This section describes the ability of a dishonest to bypass and construct a session key with requesting .

5.1. TA Bypassing

If an RSU is dishonest, it can easily by pass TA and create a session key directly with OBU, and for this, RSU can skip sending message . In this case, the RSU will calculate , , and . Now RSU just skips some of the remaining steps and goes directly on the step which computes and and sends to OBU. The OBU checks validity of and then computes . Finally, the OBU checks . As the computation of involves , , and and the RSU has access to all these parameters, it does not require any information from the TA. Therefore, it can easily compute without any verification by the TA. Hence, in the scheme of Xu et al. [10], a dishonest RSU can bypass the TA.

6. Proposed Scheme

The following subsections explain the main phases of the proposed scheme.

6.1. System Initialization

Under this phase, performs the following steps for registration:(i) selects the cyclic additive group with order of and a generator .(ii) selects an where .(iii) generates a primary key as a random number and then computes the as the public key.(iv)Through secure channel, uploads the primary key into s and .

6.2. User Registration

Under this phase, user and interact through following steps for the completion of registration process, where approaches the to complete the process:(i)The puts his biometric information on the reader to get via FE and provides his original identity and password to the .(ii) generates a random number for each , and computes , , , , .(iii) forwards the SC to , which is engraved with the following tuple: . The now stores the tuple ( in the verification table.

6.3. User Login

Under the user login phase, checks and verifies ’s legitimacy via the following steps:(i)User inserts the into and enters the and and imprints biometric information . The FE extracts .(ii)The computes .(iii)The verifies . If this information is true, the user login succeeds and computes . After that, user attenuation will start. Otherwise, terminates the registration process and sets an error threshold to increase the security. If tries repeatedly through entering wrong information and attempts exceed the threshold value, is blocked.

6.4. User Authentication

Under the user authentication phase, and perform mutual authentication and produce a session key for data/information communication. Figure 4 describes the complete process of user authentication phase of the proposed scheme. Step 1. : .(i)The generates a random number and computes .(ii)The computes the dynamic identity and (timestamp).(iii)The computes and .(iv)The sends to through insecure channel. Step 2. : .(v)After receiving the message from the , the checks the freshness of and verifies whether the message has expired or not. If the message is fresh, the process continues; otherwise, stops the process.(vi)The computes , , and .(vii)The computes .(viii)Now, the sends the message to the . Step 3. : .(ix)When receives the message form the , it checks the freshness of and verifies whether message timeliness has expired or not. On successful validation of timeliness, the process continues; otherwise, the process is stopped.(x)Now, computes . searches the verifier table for . If corresponding entry in the table is not found, the stops the process; otherwise, the process continues.(xi) computes the . After computing the , sends message to . Step 4. : .(xii)When receives the message from the side, check the freshness of and verify whether the received message has expired.(xiii)On successful validation of timeliness, the computes .(xiv) verifies and on success executes the next steps.(xv)The computes , .(xvi)The stores the data tuple .(xvii)The sends the message to Step 5. The performs following steps.(xviii)When the receives the message from the , it checks the freshness of .(xix)On successful validation of timeliness, the computes the .(xx)Now, verifies the , and if it is proved, the process of mutual authentication is assumed to be successfully completed. Furthermore, the will be kept for further use.

6.5. Malicious User Tracking

Following is the malicious user tracking phase of the proposed scheme:(i) gets the message from , computes the , , and gets stored tuple . computes the . After that, sends message to the trusted authority. When receives message from the , checks and verifies the freshness of message. On successful validation of timeliness, the computes the . The then checks and verifies the . On successful validation, the process continues; otherwise, the process is stopped by .(ii)The searches the user verifier table for ; if these values are found in the table, rest of the process continues; otherwise, the process is stopped. The checks and verifies ; if this equation holds, the malicious vehicle is identified. After the confirmation of the malicious vehicle, computes and sends a message to . The selects the entry from the legal user table and declares that vehicle is malicious. After receiving the message from , the computes the message again and checks its originality . broadcasts the malicious node identity to inform other nodes or vehicles about the malicious node and warns that malicious node is no more allowed to communicate with system entities including the s.

6.6. Password and Biometric Change

Under this phase, the user changes his password or hands over his vehicle to some other user, and it needs to change his own biometric key. We consider the same process as that used by Xu et al.’s scheme. Therefore, it is not reproduced here.

7. Security Analysis

Under this section, we have performed the formal security analysis using BAN-Logic [29–31] in addition to the security discussion of the proposed scheme.

7.1. Formal Security Analysis

This section provides the detailed formal security analysis of the proposed security scheme using the BAN-Logic. It first describes the basic notations of BAN-Logic that are used to analyze the proposed scheme’s secure authentication and correctness. Here, is used for the formula, and and are used as participants.(i): is fresh.(ii) believes that is trustworthy.(iii)said once.(iv) sees .(v) has jurisdiction over .(vi): between and , is the shared key.(vii): is used to encrypt and .(viii): and are combined.

Following are the rules of BAN-Logic: Rule 1: message meaning rule. If N sees and believes that is encrypted by shared key among and, then then believes said once. Rule 2: nonce verification rule. If believes that the statement is updated and also believes that once said , then believes is the statement of . Rule 3: jurisdiction rule. If believes has jurisdiction over the statement and believes the statement , then believes the statement of . Rule 4: session key rule. Ifbelieves the freshness of, and believes on, thenbelieves that a key is shared between and . Rule 5: freshness rule. If a part of is believed by as updated, then is also believed by as updated. Rule 6: belief rule. If believes that believes in the statement of , then believes that believes in the part of statement .

The goals of our TFPPASV protocol are proved through BAN-Logic as under:(i)(ii)(iii)(iv)(v)(vi)(vii)

In the proposed TFPPASV scheme, the messages are sent over the public channel. The details of these messages are mentioned below:(i)(ii)(iii)(iv)

Furthermore, the following assumptions are used for analyzing the proposed scheme using BAN-Logic.(i)(ii)(iii)(iv)(v)(vi)(vii)(viii)(ix)(x)(xi)(xii)(xiii)(xiv)(xv)(xvi)(xvii)(xviii)(xix)(xx)(xxi)(xxii)(xxiii)(xxiv)(xxv)(xxvi)

7.1.1. BAN-Logic Proof

The proof of proposed scheme through BAN-Logic analysis is as follows.

can be acquired from .

.

. Based on , , and rule 3, we can obtain . According to , it implies that . By , , and rule 1, it implies that .By , , and rule 2, we can obtain . According to , and rule 3, it implies that . According to , we have acquired . By , , and rule 1, it implies that . By , and rule 2, we can obtain . According to , and rule 3, it implies that .

By , we can obtain and further . Based on , and rule 3, we can obtain . By , and rule 4, it implies that . According to , we have . Based on , and rule 1, it implies that . By , and rule 2, we can obtain . According to , and rule 3, it implies that . Based on , and rule 4, we have . According to , we have . By , and rule 1, it implies that . By , and rule 2, we can obtain . Based on , and rule 3, it implies that . . is obtained. (G2). According to , and rule 4, we can obtain . (G5).

By , we have and further . Based on , and rule 1, we can obtain . By , and rule 2, it implies that . Based on , and rule 3, we can obtain . According to , and , it implies that . (G3). Based on , and rule 4, we can obtain . (G6). According to , and rule 4, it implies that . (G7).

By , we have . Based on , and rule 4, we can obtain . According to , we have . Based on , and rule 1, it implies that . By , and rule 2, we can obtain . According to , and rule 3, it implies that .

We have . Based on , and rule 1, it implies that . By , and rule 2, we can obtain . Based on , and rule 3, it implies that . According to and , we can obtain . (G1). According to and , we can obtain . (G4).

7.2. Security Discussion

The security feature provision and resistance of the proposed scheme against various attacks are explained in the following subsection.

7.2.1. Anonymity and Untraceability

In the proposed TFPPASV protocol, the identity of the user is secure, because in TFPPASV, the vehicle sends a pseudo identity instead of its original identity IDi over the communication channel. The attacker can intercept , but it cannot extract because it is concealed in a oneway hash function along with a random number and other parameters. The only method to get the identity is to break the hash function and get knowledge of random numbers involved in the computation of . Thus, the protocol provides user anonymity. In addition, the proposed protocol provides untraceability for the user because when the message is transmitted on a communication channel, it uses a random number during the authentication process. Thus, the attacker is not able to track the user.

7.2.2. Perfect Forward Secrecy

The proposed TFPPASV protocol provides ultimate forward secrecy because it uses various random numbers during the message transmission. Three parameters and are used to construct the session key . If an attacker wants to launch an attack on the basis of a compromised session key, the attacker is not able to obtain the previous and subsequent session keys. Thus, the proposed protocol provides forward secrecy.

7.2.3. Replay Attack

The proposed TFPPASV protocol provides resistance against the replay attack. Three entities , , and are involved in the authentication phase of the proposed TFPPASV protocol. These entities send the messages to each other such as , , and . In each of these messages, random numbers and timestamps are used and these are session specific. If an attacker wants to launch a replay attack, the replayed message cannot pass the verification process and the recipient can easily identify the replay attack.

7.2.4. Offline Password Guessing Attack

Our TFPPASV protocol provides resistance against offline password guessing attack. During registration phase, some parameters are stored into SC such as , . The is masked with generated randomly and the biometric key . Thus, attacker is not able to guess the password.

7.2.5. Impersonation Attack

Our TFPPASV protocol provides resistance against impersonation assaults such as impersonation assault, impersonation assault, and impersonation assault.

impersonation attack: if an attacker tries to impersonate the , it requires to construct the original login request message: , , , and with updated random number and timestamp . However, it is computationally difficult to recover , , and for constructing , , , . Thus, the proposed protocol provides security against impersonation.

impersonation attack: for the execution of a impersonation attack, the attacker tries to instigate a forgery to on behalf of the . The attacker needs to construct the with updated timestamp. In addition, it requires more confidential parameters such as and . It is computationally hard to calculate these parameters from . Thus, the proposed TFPPASV scheme provides security against impersonation.

impersonation attack: in the case of impersonation, the attacker needs to construct with an updated timestamp, and in addition, it requires the private key , where . However, the attacker is not able to form the message until it gets the private key and . Thus, the attacker is not able to launch impersonation attack.

7.2.6. Smart Card Stolen

The proposed protocol provides security against SC stolen. If an attacker captures the SC and gets the information from the SC and it wants to login via SC, the attacker also needs the user , , and the biometric key in polynomial time, which is not possible for the attacker. Thus, the attacker is not able to complete a successful login.

7.2.7. Man-in-the-Middle Attack

If the attackers want to launch attack as a man-in-the-middle, it needs to capture the messages , , , and from the public communication channel. The attacker must change or replace the message and forward it on the channel to get authenticated from both sides. However, due to the inability of construction of legal messages, the attacker may not be able to get authenticated from any side without getting and and private key of the .

7.2.8. Insider Attack

The proposed TFPPASV protocol protects from insider attacks because at the time of registration, user registers itself with on a secure channel. In addition, stored user passwords are in the ciphertext. It is computationally difficult for any dishonest insider to get information related to passwords and keys.

8. Security and Performance Analysis

This section describes the security features and computational and communication cost of the proposed TFPPASV scheme in relation to other schemes [10, 32–34].

8.1. Security Feature

Table 3 provides the complete bird’s eye view of the security feature comparison of our TFPPASV scheme with related schemes [10, 32–34]. Through BAN-Logic analysis, we prove that our proposed scheme is correct. Section 5.1 discusses Xu et al.’s scheme [10] which has bypassing issue, and if is dishonest, it can easily bypass the and establish a connection directly with . Ma et al.’s [32] scheme does not provide security against malicious user tracking, offline password attack, and smart card stolen attack. Cui et al.’s [33] scheme is also insecure against the man-in-the-middle attack, offline password, and smart card stolen attacks. Zhong et al.’s [34] scheme failed to provide security against the man-in-the-middle attack, offline password attack, and smart card stolen attack. The proposed scheme provides better security features compared to other related schemes [10, 32–34].

8.2. Computational Cost

In this section, we calculate the computational cost (CC) of the proposed TFPPASV scheme and compare it with the related schemes. Before calculating CC, we denote some symbols as follows: operation is denoted by , the execution time for scale multiplication on is denoted by , and the execution time for hash function is represented by . For calculating the CC, the real-time hardware platform with the following specifications: CPU:Intel I7-6700, with 4.00 GHz RAM 16 GB OS windows , is adopted from [35]. furnishes in , and the running time of is 0.0001, while takes negligible time to complete the execution. Thus, is being ignored in the comparisons. We used with 256 bit hash digest and the size of identity and random numbers are fixed at 64 bits. The proposed scheme executes operations with the running time of . Referring to Table 4, computational cost of the proposed TFPPASV scheme is low as compared to Ma et al.’s scheme [32] and a bit high as compared to Cui et al. and Zhong et al.’s schemes [33, 34], respectively. However, the proposed TFPPASV scheme offers more security features as compared with related schemes.

8.3. Communication Cost

To calculate the communication cost of the proposed TFPPASV scheme and to compare it with related schemes, we adopted SHA-256 with 256 bit size. We also adopted 256 bit ECC parameters. In addition, identities and timestamps are taken as 64 bit length. In the proposed TFPPASV scheme, total four messages are exchanged for a successful authentication process completion. In message 1, bits are sent from to . In message 2, bits are sent from to . In message 3, bits are sent from to . In message 4, bits are sent from to . Total communication cost of the proposed TFPPASV scheme is bits. Referring to Table 2, the TFPPASV scheme has low communication as compared to other related schemes [32–34].

8.4. Storage Cost

The proposed TFPPASV stores four authentication related parameters in addition to function and system parameters . The system parameters and functions take marginal memory and are stored in the smart card in all competing authentication schemes. Therefore, for analysis and comparison purposes, we focus on the authentication related parameters. The storage cost of the proposed TFPPASV bits. The storage cost of Xu et al.’s scheme is also same (i.e., 1024 bits). The storage cost of Ma et al. [32], Cui et al. [33], and Zhong et al. [34] is 832, 512, and 320, respectively.

9. Conclusion

In this study, we analyzed a recent authentication scheme and proved that the scheme of Xu et al. can become a victim of bypassing attack by a dishonest . We then introduced an improved and bypassing free authentication scheme (TFPPASV) for VANETs. We used the lightweight ECC and symmetric key based functions to design our proposed TFPPASV scheme. In addition to a comprehensive discussion on the security feature provision of TFPPASV, we utilized the BAN-Logic analysis to prove the formal security of the TFPPASV. We also compared the security and performance of the TFPPASV with related schemes and showed that the proposed TFPPASV offers a good trade-off between the security and performance criterion. Therefore, it can be concluded that the TFPPASV is best suitable in practical VANET scenarios.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Authors’ Contributions

J.M. and Z.D. were responsible for conceptualization. Y.Y., M.N.M.B., and M.A.B. were responsible for investigation. J.M. and Z.D. were responsible for original draft preparation. J.M., Y.Y., A.K.A.Y., and S.A.C. were responsible for review and editing. Z.D. and S.A.C. were responsible for supervision. Z.D. was responsible for funding acquisition. All authors have read and agreed to the published version of the manuscript.

Acknowledgments

This study was supported by funds for Key Research and Development Plan Project of Shaanxi Province, China (grant nos. 2019ZDLGY17-08, 2019ZDLGY03-09-01, 2020ZDLGY09-02, and 2020GY-013), and funds for Science and Technology Innovation Leading Talent of Shaanxi Province, China (grant no. TZ0336).

References

Y. Wang, H. Zhong, Y. Xu, J. Cui, and G Wu, “Enhanced security identity-based privacy-preserving authentication scheme supporting revocation for vanets,” IEEE Systems Journal, vol. 14, no. 4, pp. 5373–5383, 2020.
View at: Publisher Site | Google Scholar
J. Mahmood, Z. Duan, Y. Yang, Q. Wang, J. Nebhen, and M. N Mumtaz Bhutta, “Security in Vehicular Ad Hoc Networks: Challenges and Countermeasures,” Security and Communication Networks, vol. 2021, no. 3, pp. 1–20, 2021.
View at: Publisher Site | Google Scholar
F. Ahmed, L. Wei, Y. Niu et al., “Toward fine-grained access control and privacy protection for video sharing in media convergence environment,” International Journal of Intelligent Systems, vol. 37, no. 5, pp. 3025–3049, 2022.
View at: Publisher Site | Google Scholar
F.-Y. Wang, D. Zeng, and L. Yang, “Smart cars on smart roads: an ieee intelligent transportation systems society update,” IEEE Pervasive Computing, vol. 5, no. 4, pp. 68-69, 2006.
View at: Publisher Site | Google Scholar
Y. Ming and X. Shen, “Pcpa: a practical certificateless conditional privacy preserving authentication scheme for vehicular ad hoc networks,” Sensors, vol. 18, no. 5, p. 1573, 2018.
View at: Publisher Site | Google Scholar
J. J. Cheng, J. L. Cheng, M. C. Zhou, F. Q. Liu, S. C. Gao, and C. Liu, “Routing in internet of vehicles: a review,” IEEE Transactions on Intelligent Transportation Systems, vol. 16, no. 5, pp. 2339–2352, 2015.
View at: Publisher Site | Google Scholar
S. Bao, W. Hathal, H. Cruickshank, Z. Sun, P. Asuquo, and A Lei, “A lightweight authentication and privacy-preserving scheme for vanets using tesla and bloom filters,” ICT Express, vol. 4, no. 4, pp. 221–227, 2018.
View at: Publisher Site | Google Scholar
H. Oh, C. Yae, D. Ahn, and H. Cho, “5.8 ghz dsrc packet communication system for its services,” Gateway to 21st Century Communications Village. VTC 1999-Fall. IEEE VTS 50th Vehicular Technology Conference (Cat. No. 99CH36324), vol. 4, pp. 2223–2227, 1999.
View at: Google Scholar
S. S. Manvi and S. Tangade, “A survey on authentication schemes in vanets for secured communication,” Vehicular Communications, vol. 9, pp. 19–30, 2017.
View at: Publisher Site | Google Scholar
T. Xu, C. Xu, and Z. Xu, “An efficient three-factor privacy-preserving authentication and key agreement protocol for vehicular ad-hoc network,” China Communications, vol. 18, no. 12, pp. 315–331, 2021.
View at: Publisher Site | Google Scholar
V. S. Miller, “Use of elliptic curves in cryptography,” Conference on the Theory and Application of Cryptographic Techniques, Springer, Berlin, Heidelberg, vol. 218, pp. 417–426, 1985.
View at: Google Scholar
Y. Zheng, G. Chen, and L. Guo, “An anonymous authentication scheme in vanets of smart city based on certificateless group signature,” Complexity, vol. 2020, pp. 1–7, 2020.
View at: Publisher Site | Google Scholar
Y. Chen, X. Cheng, S. Wang, and M. Gao, “Research on certificateless group signature scheme based on bilinear pairings,” Netinfo Security, vol. 3, pp. 53–58, 2017.
View at: Google Scholar
N. Zhao, G. Zhang, and X. Gu, “Certificateless aggregate signature scheme for privacy protection in vanet,” Computer Engineering, vol. 46, no. 1, pp. 114–128, 2020.
View at: Google Scholar
J. Qu and X.-L. Tan, “Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem,” Journal of Electrical and Computer Engineering, vol. 2014, pp. 1–6, 2014.
View at: Publisher Site | Google Scholar
T. Nandy, M. Y. I. Idris, R. M. Noor et al., “A secure, privacy-preserving, and lightweight authentication scheme for vanets,” IEEE Sensors Journal, vol. 21, no. 18, pp. 20998–21011, 2021.
View at: Publisher Site | Google Scholar
S. A. Chaudhry, “Comments on ”a secure, privacy-preserving, and lightweight authentication scheme for vanets,” IEEE Sensors Journal, vol. 22, no. 13, pp. 13763–13766, 2022.
View at: Publisher Site | Google Scholar
M.-C. Chuang and J. F. Lee, “Team: Trust-extended authentication mechanism for vehicular ad hoc networks,” IEEE Systems Journal, vol. 8, no. 3, pp. 749–758, 2013.
View at: Google Scholar
Y. Zhou, X. Zhao, Y Jiang, F. Shang, S. Deng, and X. Wang, “An enhanced privacy-preserving authentication scheme for vehicle sensor networks,” Sensors, vol. 17, no. 12, p. 2854, 2017.
View at: Publisher Site | Google Scholar
L. Wu, Q. Sun, X. Wang et al., “An efficient privacy-preserving mutual authentication scheme for secure v2v communication in vehicular ad hoc network,” IEEE Access, vol. 7, pp. 55050–55063, 2019.
View at: Publisher Site | Google Scholar
H. Vasudev, V. Deshpande, D. Das, and S. K. Das, “A lightweight mutual authentication protocol for v2v communication in internet of vehicles,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 6709–6717, 2020.
View at: Publisher Site | Google Scholar
J. Mahmood, Z. Duan, H. Xue et al., “Secure message transmission for v2v based on mutual authentication for vanets,” Wireless Communications and Mobile Computing, vol. 2021, pp. 2021–2116, 2021.
View at: Publisher Site | Google Scholar
Q Jiang, J. Ma, F. Wei, Y. Tian, J. Shen, and Y. Yang, “An untraceable temporal-credential-based two-factor authentication scheme using ecc for wireless sensor networks,” Journal of Network and Computer Applications, vol. 76, pp. 37–48, 2016.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, S. Kumari et al., “A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments,” Journal of Network and Computer Applications, vol. 103, pp. 194–204, 2018.
View at: Publisher Site | Google Scholar
F. Wang, Y. Xu, H. Zhang, Y. Zhang, and L. Zhu, “2flip: a two-factor lightweight privacy-preserving authentication scheme for vanet,” IEEE Transactions on Vehicular Technology, vol. 65, no. 2, pp. 896–911, 2016.
View at: Publisher Site | Google Scholar
V. Paruchuri and A. Durresi, “Paave: protocol for anonymous authentication in vehicular networks using smart cards,” in Proceedings of the 2010 IEEE global telecommunications conference GLOBECOM 2010, pp. 1–5, IEEE, Manhattan, New York, USA, 2010.
View at: Google Scholar
B. Ying and A. Nayak, “Anonymous and lightweight authentication for secure vehicular networks,” IEEE Transactions on Vehicular Technology, vol. 66, no. 12, pp. 10626–10636, 2017.
View at: Publisher Site | Google Scholar
C.-M. Chen, B. Xiang, Y. Liu, and K.-H. Wang, “A secure authentication protocol for internet of vehicles,” IEEE Access, vol. 7, pp. 12047–12057, 2019.
View at: Publisher Site | Google Scholar
A. C Shehzad, “Designing an Efficient and Secure Message Exchange Protocol for Internet of Vehicles,” Security and Communication Networks, vol. 2021, pp. 1–9, 2021.
View at: Publisher Site | Google Scholar
T. Maitra, M. S. Obaidat, R. Amin, S. K. H. Islam, S. A. Chaudhry, and D. Giri, “A robust elgamal-based password-authentication protocol using smart card for client-server communication,” International Journal of Communication Systems, vol. 30, no. 11, Article ID e3242, 2017.
View at: Publisher Site | Google Scholar
T.-Y. Wu, L. Yang, Z. Lee, S.-C. Chu, S. Kumari, and S. Kumar, “A provably secure three-factor authentication protocol for wireless sensor networks,” Wireless Communications and Mobile Computing, vol. 2021, 15 pages, 2021.
View at: Publisher Site | Google Scholar
M. Ma, D. He, H. Wang, N. Kumar, K. K. R Choo, and R. C Kwang, “An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8065–8075, 2019.
View at: Publisher Site | Google Scholar
J. Cui, J. Zhang, H. Zhong, and Y. Xu, “Spacf: a secure privacy-preserving authentication scheme for vanet with cuckoo filter,” IEEE Transactions on Vehicular Technology, vol. 66, no. 11, pp. 10283–10295, 2017.
View at: Publisher Site | Google Scholar
H. Zhong, B Huang, J. Cui, Y. Xu, and L Liu, “Conditional privacy-preserving authentication using registration list in vehicular ad hoc networks,” IEEE Access, vol. 6, pp. 2241–2250, 2018.
View at: Publisher Site | Google Scholar
D. He, S. Zeadally, B. Xu, and X. Huang, “An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 12, pp. 2681–2691, 2015.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Zongtao Duan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

668

Downloads

453

Citations

Security and Communication Networks

Security and Privacy Challenges for Intelligent Internet of Things Devices 2022

TFPPASV: A Three-Factor Privacy Preserving Authentication Scheme for VANETs

Abstract

1. Introduction

1.1. Motivation

1.2. Contributions

1.3. Organization

2. Preliminaries

2.1. Elliptic Curve Cryptography

2.2. Fuzzy Extractor

2.3. Network Model

2.4. Attack Model

3. Related Work

4. Summary of Xu Et Al.’s Scheme

4.1. System Initialization

4.2. User Registration

4.3. User Login

4.4. User Authentication

4.5. Malicious User Tracking

4.6. Password and Biometric Change

5. Weaknesses of Xu Et Al.’s Scheme

5.1. TA Bypassing

6. Proposed Scheme

6.1. System Initialization

6.2. User Registration

6.3. User Login

6.4. User Authentication

6.5. Malicious User Tracking

6.6. Password and Biometric Change

7. Security Analysis

7.1. Formal Security Analysis

7.1.1. BAN-Logic Proof

7.2. Security Discussion

7.2.1. Anonymity and Untraceability

7.2.2. Perfect Forward Secrecy

7.2.3. Replay Attack

7.2.4. Offline Password Guessing Attack

7.2.5. Impersonation Attack

7.2.6. Smart Card Stolen

7.2.7. Man-in-the-Middle Attack

7.2.8. Insider Attack

8. Security and Performance Analysis

8.1. Security Feature

8.2. Computational Cost

8.3. Communication Cost

8.4. Storage Cost

9. Conclusion

Data Availability

Conflicts of Interest

Authors’ Contributions

Acknowledgments

References

Copyright