RSEAP is a recently proposed RFID based authentication protocol for vehicular cloud computing whose authors claimed to be secure and efficient. In this article, we challenge these claims. More precisely, we show that RSEAP does not provide the desired security, and it is possible to conduct both tag and reader impersonation attacks efficiently. Besides, despite the use of timestamps, we show how this protocol also suffers from a range of relay attacks. The complexity of any of the proposed attacks is negligible while the success probability is maximum (i.e., the adversary's success probability is ‘1’ since all the proposed attacks are deterministic). To improve the security of RSEAP scheme, we suggest the required patches for fixing the security vulnerabilities mentioned above. We show that the improved protocol, called RSEAP2, is more efficient (computation and communication costs) than the original RSEAP, while provides a higher security level. The security of RSEAP2 is evaluated informally and also formally using the Scyther tool, which is a well-known and automated tool to assess the security of cryptographic protocols. Additionally, we have formally verified the security of the proposed scheme under the Real-or-Random oracle model.

RSEAP是最近提出的用于车辆云计算的基于RFID的身份验证协议，其作者声称是安全且高效的。在本文中，我们挑战这些主张。更准确地说，我们表明RSEAP不能提供所需的安全性，并且可以有效地进行标签和读取器模拟攻击。此外，尽管使用了时间戳，但我们仍展示了该协议如何也遭受一系列中继攻击。在成功概率最大的情况下，任何提议的攻击的复杂性都可以忽略不计（即，由于所有提议的攻击都是确定性的，因此对手的成功概率为“ 1”）。为了提高RSEAP方案的安全性，我们建议修复上述安全漏洞所需的补丁程序。我们展示了改进的协议，称为RSEAP2，比原始的RSEAP更高效（计算和通信成本），同时提供更高的安全级别。RSEAP2的安全性通过Scyther工具进行了非正式和正式的评估，Scyther工具是一种众所周知的自动化工具，用于评估密码协议的安全性。此外，我们已经在Real-or-Random oracle模型下正式验证了该方案的安全性。