Abstract
The advent of the Internet of Things has enriched the network field with new themes, among which we find the Internet of Vehicles (IoV). IoV improved the various smart traffic applications for management or security. It makes vehicles autonomously deal with the unexpected by sharing various resources like critical information, computing resources, etc. Nonetheless and as a user of current network technologies, IoV suffers from the same vulnerabilities of these technologies, which makes it vulnerable to various kinds of attacks that affect security and privacy. To overcome these new challenges, researchers have considered different IoV authentication protocols. However, most of them are compromised and contain real security problems. Dealing with IoV authentication protocol security flaws is a real challenge. Recently, Jiang et al. (Comput Commun 173:45–55, 2021) designed a three-factor authentication protocol for IoV environment. The proposed protocol combines lightweight operations that include elliptic curve cryptography, hash function, physically unclonable function, concatenation on one side, and XOR operation on the other side. Contrariwise, it contains several flaws. In this paper, we detailed the security analysis of Jiang et al. protocol that proves the limit of security guarantees between only user and data center due to the possibility for an adversary to deduce a session key shared between vehicle sensor and data center and between vehicle sensor and user. Moreover, regarding these limitations, we propose an improvement to remedy all the said security pitfalls.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Qureshi, K.N., Din, S., Jeon, G., Piccialli, F.: Internet of vehicles: key technologies, network model, solutions and challenges with future aspects. IEEE Trans. Intell. Transp. Syst. 22(3), 1777–1786 (2021). https://doi.org/10.1109/TITS.2020.2994972
Zhou, J., Tian, D., Wang, Y., Sheng, Z., Duan, X., Leung, V.C.: Reliability-optimal cooperative communication and computing in connected vehicle systems. IEEE Trans. Mob. Comput. 19(5), 1216–1232 (2020). https://doi.org/10.1109/TMC.2019.2907491
Jiang, Q., Zhang, X., Zhang, N., Tian, Y., Ma, X., Ma, J.: Three-factor authentication protocol using physical unclonable function for IoV. Comput. Commun. 173, 45–55 (2021)
Cheng, J., Yuan, G., Zhou, M., Gao, S., Liu, C., Duan, H., Zeng, Q.: Accessibility analysis and modeling for IoV in an urban scene. IEEE Trans. Veh. Technol. 69(4), 4246–4256 (2020). https://doi.org/10.1109/TVT.2020.2970553
Wang, J., Jiang, C., Han, Z., Ren, Y., Hanzo, L.: Internet of vehicles: sensing-aided transportation information collection and diffusion. IEEE Trans. Veh. Technol. 67(5), 3813–3825 (2018). https://doi.org/10.1109/TVT.2018.2796443
Saleem, M.A., Mahmood, K., Kumari, S.: Comments on “AKM-IoV: authenticated key management protocol in fog computing-based internet of vehicles deployment”. IEEE Internet Things J. 7(5), 4671–4675 (2020). https://doi.org/10.1109/JIOT.2020.2975207
Saleem, M.A., Hamshad, S., Ahmed, S., Ghaffar, Z., Mahmood, K.: Security analysis on “A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems’’. IEEE Syst J 2, 1–3 (2021). https://doi.org/10.1109/JSYST.2021.3073537
Mahmood, K., Shamshad, S., Kumari, S., Khan, M.K., Obaidat, M.S.: Comment on “lightweight secure message broadcasting protocol for vehicle-to-vehicle communication’’. IEEE Syst. J. 15(1), 1366–1368 (2021). https://doi.org/10.1109/JSYST.2020.3029895
Akram, M.A., Mahmood, K., Kumari, S., Xiong, H.: Comments on “toward secure and provable authentication for internet of things: realizing industry 4.0. IEEE Internet Things J 7(5), 4676–4681 (2020). https://doi.org/10.1109/JIOT.2020.2977475
Shamshad, S., Mahmood, K., Kumari, S., Khan, M.K.: Comments on “Insider attack protection: Lightweight password-based authentication techniques using ECC’’. IEEE Syst. J. 15(1), 877–880 (2021). https://doi.org/10.1109/JSYST.2020.2986377
Wazid, M., Bagga, P., Das, A.K., Shetty, S., Rodrigues, J.J.P.C., Park, Y.: AKM-IoV: authenticated key management protocol in fog computing-based internet of vehicles deployment. IEEE Internet Things J. 6(5), 8804–8817 (2019). https://doi.org/10.1109/JIOT.2019.2923611
Butun, I., Österberg, P., Song, H.: Security of the internet of things: vulnerabilities, attacks, and countermeasures. IEEE Commun. Surv. Tutor. 22(1), 616–644 (2020). https://doi.org/10.1109/COMST.2019.2953364
Masood, A., Lakew, D.S., Cho, S.: Security and privacy challenges in connected vehicular cloud computing. IEEE Commun. Surv. Tutor. 22(4), 2725–2764 (2020). https://doi.org/10.1109/COMST.2020.3012961
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ahmim, I., Ghoualmi-Zine, N., Ahmim, A. et al. Security analysis on “Three-factor authentication protocol using physical unclonable function for IoV”. Int. J. Inf. Secur. 21, 1019–1026 (2022). https://doi.org/10.1007/s10207-022-00595-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-022-00595-6