Security-enhanced three-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications

https://doi.org/10.1016/j.vehcom.2020.100306Get rights and content

Abstract

The notion of fog-based vehicular ad-hoc network has been introduced by the integration of fog-based computing paradigm into the conventional vehicular ad-hoc networks. This integration is envisioned to bring a more enjoyable driving environment with an enhanced level of safety. Evidently, one of the most challenging steps in reaching this goal is how to make these immense communications secure. Shared secret key agreement protocols are one of the approved techniques for this purpose if implemented and used properly. A considerable number of such techniques proposed thus far; nevertheless, they have mostly failed to reach all required security metrics besides a desirable performance. Therefore, to address this influential demand, in this article, after the cryptanalysis of a state-of-the-art and distinguished protocol, we put forward a security-enhanced three-party pairwise shared key agreement protocol for fog-based vehicular communications with 23.65% improvement in computational cost. In addition to informal justifications, the proposed protocol is also verified formally by utilization of reputable “ProVerif” tool. In particular, comparative evaluations are presented in terms of security metrics and performance to demonstrate the appropriateness and betterment of the proposed protocol in case of simultaneous consideration of security and efficiency.

Introduction

Vehicular ad-hoc networks (VANET) are a progressing branch of mobile ad-hoc networks (MANET), which has been emerged to facilitate different domains of transportation, such as cost and reliability [1]. In other words, by utilization of VANET infrastructure, we can better manage the whole transportation system to gain less total cost and most reliability. More importantly, proper deployment of VANET makes the transportation system intelligent. As an example, in such networks, subsequent places and movements of vehicles are predictable [2], which leads to better control of the traffic congestion. As another example, taking the advantage of VANET, we can model the traffic flow and hence, predict proper parking stations. Doing so, searching for scarce parking locations will be diminished and less fuel will be consumed resulting to less pollution [3].

Apart from the inherent features of VANET, so many other distinguished features can be achieved by its integration with cloud and fog-based computing paradigms. This integration becomes more important in case of delivering real-time services [4]. The fog-based solutions can meet the demand of VANET for resources by providing them in its proximity. To put it in other words, the escalating number of vehicles in VANET and the increasing number of services and applications highly require more computation and storage resources. The fog can ideally fulfil these requirements by providing resources at the edge of network and communicating with upper cloud servers [5]. There are several other important advantages that this combination can bring; for example, the efficiency in heterogenous VANETs can be highly improved using the fog computing [6].

Even though the fog-based VANET is envisioned to prepare a more pleasant driving environment and transportation system for us, it is subjected to miscellaneous challenges. These challenges can be in routing, clustering, or data communications. For example, authors in [7] addressed the routing challenges in VANET communications or to address the immense size of a VANET, authors in [8] employed a stable clustering technique considering different criteria, such as link lifetime, position, and direction of vehicles. The presented survey in [9], besides presenting a taxonomy of VANET applications, properly discussed the data communication challenges. Because of the high mobility nature and insecure wireless communications of VANET, they are exposed to different types of active and passive attacks [10]. As a result, how to implement and deploy an efficient and secure VANET infrastructure demands much more attentions [11].

Shared secret key agreement protocols are one of well-known, widely-used, and commonly-accepted methods for generation of a common key between entities. Next, the messages on transit can be ciphered by utilization of “symmetric-key encryption” methods and the generated shared key as the key input of method [12]. A considerable number of shared secret key agreement protocols have been put forward during the past years. Nevertheless, they mostly failed to reach the all required security metrics besides a desirable performance. Newly, Ma et al. [13] have proposed a three-party authentication protocol between driver, fog server, and cloud server in a fog-based vehicular network. Their scheme has several strong points. For example, in their scheme, the cloud server does not store any verifier table. Therefore, their protocol is inherently free from the “stolen verifier attack.” However, besides the strong points of their protocol, it also has some challenges. In 2018, Jia et al. [14] presented a fog-based protocol for similar application, i.e., Internet of things healthcare. The aim of the presented protocol in [13] was to improve the efficiency of Jia et al.'s protocol [14]. This is because Jia et al. used the costly “bilinear pairing” operation in their protocol design. Although Ma et al. [13] successfully reduced the cost to 17 “scalar point multiplication” operations, their scheme is still vulnerable to some attacks. Therefore, in this paper, we propose a security-enhanced three-party protocol for fog-based vehicular network that not only is secure in the “CK adversarial model” [15], but also it only requires 9 “scalar point multiplication” operations for the pairwise key agreement. That is to say, ours outperforms both Ma et al.'s protocol [13] and Jia et al.'s protocol [14]. The key contributions of this article are:

  • 1-

    Presenting a succinct review of the proposed protocol by Ma et al. [13] and indicating the susceptibilities of their protocol to some attacks.

  • 2-

    Presenting a security and efficiency enhanced three-party protocol for fog-based vehicular communications.

  • 3-

    Presenting Informal justifications on security goals in conjunction with formal justification by “ProVerif.”

  • 4-

    Presenting comparative evaluations in terms of security metrics and performance to demonstrate the appropriateness and betterment of the proposed protocol in case of simultaneous consideration of security and efficiency.

After reviewing of literature in the next section, we discuss the network model and threat model in Section 2. In Section 3, succinct review of the proposed protocol by Ma et al. [13] is presented and its security vulnerabilities indicated. Following, in Section 4, a security and efficiency enhanced three-party protocol for fog-based vehicular communications is proposed. Section 5 presents informal justifications on security goals and Section 6 presents formal security justifications by “ProVerif.” Comparative evaluations in terms of security metrics and performance are presented in Section 7 and the conclusive remarks are stated in Section 8.

Session secret key agreement techniques become known as a commonly-accepted security solutions for making the exchanging messages in public channels free from any manipulation or eavesdropping. In the context of vehicular communication networks, the session secret key agreement protocols have also employed a lot. In the following, a succinct overview of the literature from 2007 up to now is presented. Raya and Hubaux [16], in 2007, introduced a model for communication in VANET besides threats of such networks. A year later, Lu et al. [17] introduced a secure scheme for VANET with privacy protection and traceability. Sun et al. [18], recommended a certificate-based secure scheme in 2010 that has some unique features, like the certificate revocation. Yet another secure scheme suggested by Zhang et al. [19] in 2010, which also addressed the certificate revocation property. In their scheme, the “road side unit” maintains a group of vehicles. The main required security goals in VANET communications, such as “non-repudiation,” “confidentiality,” “authentication,” and “integrity” were properly addressed in a proposed security solution by Sun et al. [20] in 2010. In their solution, they further considered how we can handle the misbehavior in such networks. Three years later, a delay-sensitive and efficient authentication scheme presented by Lin and Li [21] for VANET. In their scheme, the trust center involves very few. He et al. [22], in 2015, introduced a security scheme that not only is free from the costly “bilinear pairing” operations, but also can reach most of important security goals. In addition to [22], Li et al. [23] introduced a framework to reach the main security requirements with privacy consideration. In their framework, they took the advantage of “public key cryptosystem.” At the same year, Bayat et al. [24] enhanced the security by presenting an improved authentication protocol that can cover the previous challenges. Finally, in year 2015, Liu et al. [25], by means of a distributed proxy-based security solution, reduced the load on road-side units. Sánchez-García et al. [26] and Wang et al. [27] introduced two security protocols for the authentication in VANET in 2016. Yet another efficient scheme proposed in this year by Lim and Manivannan [28] for fast publication of authenticated messages when an accident happens. In [26], by means of hash function, the authors reached a lightweight authentication protocol. Nevertheless, their scheme suffers from some security attacks. A year later, Zhang et al. [29], by means of signature, presented another authentication scheme for VANET. In their scheme, they have considered that vehicles are equipped with tamper-proof chip. Additionally, in 2017, Liu et al. [30] introduced a “dual authentication” technique for the vehicles that are working in the Internet network, i.e., Internet of vehicles. Cirne et al. [31], by addressing both routing and authenticity challenges, introduced a security scheme for VANET in 2018. In their scheme, all of cryptographic values are stored in a central unit. For the Internet of vehicles, yet another anonymous authentication scheme introduced by Liu et al. [32]. Moreover, in 2018, Jia et al. [14] took the advantage of fog in order to present a secure key agreement protocol for healthcare. Nevertheless, as their protocol relies on costly operations like the “bilinear pairing,” it cannot be performed efficiently on resource-constrained devices of the network. Recently, some other researchers have tried to improve the efficiency of previous security schemes without missing the security goals. As an example, by suggesting an “identity-based” security protocol, Asaar et al. [33], have tried to cover the impersonation and modification attacks of the previous protocol. Some other protocols have been recommended recently by putting forward new concepts. For example, “wireless pilot authentication” protocol introduced by Xu et al. [34] or Yao et al. [35] have integrated fog into the vehicular network and recommended a blockchain-based anonymous security scheme. Furthermore, a secure and lightweight authentication scheme based on modular square root technique has been recommended by Yang et al. [36]. Quite recently, to enhance the efficiency of Jia et al. [14], Ma et al. [13] have introduced a three-party bilinear pairing free protocol for fog-based vehicular communications. Although Ma et al. [13] successfully reduced the cost to 17 “scalar point multiplication” operations, their scheme is still vulnerable to some attacks. The security challenges of Ma et al. [13] are discussed in Section 3.

Section snippets

Network model

Our considered network model is like the proposed one by Ma et al. [13]. As illustrated in Fig. 1, in a fog-based VANET network, there are four groups of entities. The first group are vehicles, which have an “on-board unit” for communications with the other entities in the network. The second group are “road side units,” which provide charging services for the electrical vehicles and link vehicles to fog servers. The third and fourth groups are, respectively, the fog and cloud servers that

Brief review and security assessment of Ma et al.'s protocol

In this section, we first give a brief explanation of Ma et al.'s protocol [13] and then, we indicate the security vulnerabilities of their scheme.

Proposed three-party pairwise secret key agreement protocol

Three phases of “initialization and registration,” “session secret key agreement,” and “password change” compose the proposed protocol of this paper. Just the first phase needs secure channel for communications and the two other phases can be accomplished via insecure public channel. The following subsections introduce the steps required for each phase. List of key terms is shown in Table 1.

Resisting the “impersonation” and “modification” attacks

In the proposed protocol, messages {RIdDR,XVE,yVE,hVECS,T}, {RIdFS,RIdDR,XFS,XVE,yFS,yVE,hFSCS,T}, and {mRIdCSDRnew,XFS,XCS,hFSVE} are transmitted to fog server, cloud server, and vehicle, respectively. If an attacker wants to impersonate either vehicle, fog server, or cloud server, he/she must be able to fabricate a message with a valid verifier. Otherwise, as soon as the recipient checks the equality of sent verifier with its own computed one, the fabrication is revealed. In other words, for

Formal security assessment by means of “ProVerif”

Automatic verifier tools like “ProVerif” [38] have options for simulating different attack scenarios. Although most related studies just employ such tools to corroborate the basic security goals, in this section, we take the most out of the “ProVerif” to simulate advanced attack scenarios. Doing so, the resiliency of the proposed protocol can be confirmed under the simulated cases. To be more specific, initially, we model the proposed protocol so that it gives us the results for common security

Comparative analyses

To get an insight of the stage of the proposed scheme in the literature, this section presents a comparative study based on performance and features. Same benchmarks, as in Ma et al.'s paper [13], have been used to keep the conformity. Table 2, Table 3 show the comparisons.

In Table 2, we have compared our suggested protocol with the most related works in terms of computational and communication costs. Similar to Ma et al. [13], we have considered the size of hash output 160 bits, random

Conclusion

After the security assessment of a recently-proposed protocol by Ma et al. and demonstrating its challenges, we have put forward a three-party security-enhanced protocol for vehicular ad-hoc networks. We have shown that the proposed protocol by Ma et al., although reduced the computational cost of its previously-proposed one, fails to fulfil the all required security features and is susceptible to some attacks. Following, a security-enhanced three-party pairwise secret key agreement protocol

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (40)

  • P. Cirne et al.

    TROPHY: trustworthy VANET routing with group authentication keys

    Ad Hoc Netw.

    (2018)
  • J. Liu et al.

    An efficient anonymous authentication scheme for Internet of vehicles

  • X. Yang et al.

    A lightweight authentication scheme for vehicular ad hoc networks based on MSR

    Veh. Commun.

    (2019)
  • D. Abbasinezhad-mood et al.

    Design of an enhanced message authentication scheme for smart grid and its performance analysis on an ARM Cortex-M3 microcontroller

    J. Inf. Secur. Appl.

    (2018)
  • J. Grover et al.

    Real-time VANET applications using fog computing

  • H.A. Khattak et al.

    Integrating fog computing with VANETs: a consumer perspective

    IEEE Commun. Stand. Mag.

    (2019)
  • K. Xiao et al.

    Efficient fog-assisted heterogeneous data services in software defined VANETs

    J. Ambient Intell. Humaniz. Comput.

    (2019)
  • D. Abbasinezhad-Mood et al.

    An anonymous ECC-based self-certified key distribution scheme for the smart grid

    IEEE Trans. Ind. Electron.

    (2018)
  • M. Ma et al.

    An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks

    IEEE Int. Things J.

    (2019)
  • X. Jia et al.

    Authenticated key agreement scheme for fog-driven IoT healthcare system

    Wirel. Netw.

    (2019)
  • Cited by (28)

    • A provably secure key transfer protocol for the fog-enabled Social Internet of Vehicles based on a confidential computing environment

      2023, Vehicular Communications
      Citation Excerpt :

      The protocol of [23] may also suffer from impersonation attacks and cannot be resisted. The protocol of [24] does not guarantee perfect forward secrecy. Our protocol can resist various kinds of attacks.

    View all citing articles on Scopus
    View full text