Security-enhanced three-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications
Introduction
Vehicular ad-hoc networks (VANET) are a progressing branch of mobile ad-hoc networks (MANET), which has been emerged to facilitate different domains of transportation, such as cost and reliability [1]. In other words, by utilization of VANET infrastructure, we can better manage the whole transportation system to gain less total cost and most reliability. More importantly, proper deployment of VANET makes the transportation system intelligent. As an example, in such networks, subsequent places and movements of vehicles are predictable [2], which leads to better control of the traffic congestion. As another example, taking the advantage of VANET, we can model the traffic flow and hence, predict proper parking stations. Doing so, searching for scarce parking locations will be diminished and less fuel will be consumed resulting to less pollution [3].
Apart from the inherent features of VANET, so many other distinguished features can be achieved by its integration with cloud and fog-based computing paradigms. This integration becomes more important in case of delivering real-time services [4]. The fog-based solutions can meet the demand of VANET for resources by providing them in its proximity. To put it in other words, the escalating number of vehicles in VANET and the increasing number of services and applications highly require more computation and storage resources. The fog can ideally fulfil these requirements by providing resources at the edge of network and communicating with upper cloud servers [5]. There are several other important advantages that this combination can bring; for example, the efficiency in heterogenous VANETs can be highly improved using the fog computing [6].
Even though the fog-based VANET is envisioned to prepare a more pleasant driving environment and transportation system for us, it is subjected to miscellaneous challenges. These challenges can be in routing, clustering, or data communications. For example, authors in [7] addressed the routing challenges in VANET communications or to address the immense size of a VANET, authors in [8] employed a stable clustering technique considering different criteria, such as link lifetime, position, and direction of vehicles. The presented survey in [9], besides presenting a taxonomy of VANET applications, properly discussed the data communication challenges. Because of the high mobility nature and insecure wireless communications of VANET, they are exposed to different types of active and passive attacks [10]. As a result, how to implement and deploy an efficient and secure VANET infrastructure demands much more attentions [11].
Shared secret key agreement protocols are one of well-known, widely-used, and commonly-accepted methods for generation of a common key between entities. Next, the messages on transit can be ciphered by utilization of “symmetric-key encryption” methods and the generated shared key as the key input of method [12]. A considerable number of shared secret key agreement protocols have been put forward during the past years. Nevertheless, they mostly failed to reach the all required security metrics besides a desirable performance. Newly, Ma et al. [13] have proposed a three-party authentication protocol between driver, fog server, and cloud server in a fog-based vehicular network. Their scheme has several strong points. For example, in their scheme, the cloud server does not store any verifier table. Therefore, their protocol is inherently free from the “stolen verifier attack.” However, besides the strong points of their protocol, it also has some challenges. In 2018, Jia et al. [14] presented a fog-based protocol for similar application, i.e., Internet of things healthcare. The aim of the presented protocol in [13] was to improve the efficiency of Jia et al.'s protocol [14]. This is because Jia et al. used the costly “bilinear pairing” operation in their protocol design. Although Ma et al. [13] successfully reduced the cost to 17 “scalar point multiplication” operations, their scheme is still vulnerable to some attacks. Therefore, in this paper, we propose a security-enhanced three-party protocol for fog-based vehicular network that not only is secure in the “CK adversarial model” [15], but also it only requires 9 “scalar point multiplication” operations for the pairwise key agreement. That is to say, ours outperforms both Ma et al.'s protocol [13] and Jia et al.'s protocol [14]. The key contributions of this article are:
- 1-
Presenting a succinct review of the proposed protocol by Ma et al. [13] and indicating the susceptibilities of their protocol to some attacks.
- 2-
Presenting a security and efficiency enhanced three-party protocol for fog-based vehicular communications.
- 3-
Presenting Informal justifications on security goals in conjunction with formal justification by “ProVerif.”
- 4-
Presenting comparative evaluations in terms of security metrics and performance to demonstrate the appropriateness and betterment of the proposed protocol in case of simultaneous consideration of security and efficiency.
After reviewing of literature in the next section, we discuss the network model and threat model in Section 2. In Section 3, succinct review of the proposed protocol by Ma et al. [13] is presented and its security vulnerabilities indicated. Following, in Section 4, a security and efficiency enhanced three-party protocol for fog-based vehicular communications is proposed. Section 5 presents informal justifications on security goals and Section 6 presents formal security justifications by “ProVerif.” Comparative evaluations in terms of security metrics and performance are presented in Section 7 and the conclusive remarks are stated in Section 8.
Session secret key agreement techniques become known as a commonly-accepted security solutions for making the exchanging messages in public channels free from any manipulation or eavesdropping. In the context of vehicular communication networks, the session secret key agreement protocols have also employed a lot. In the following, a succinct overview of the literature from 2007 up to now is presented. Raya and Hubaux [16], in 2007, introduced a model for communication in VANET besides threats of such networks. A year later, Lu et al. [17] introduced a secure scheme for VANET with privacy protection and traceability. Sun et al. [18], recommended a certificate-based secure scheme in 2010 that has some unique features, like the certificate revocation. Yet another secure scheme suggested by Zhang et al. [19] in 2010, which also addressed the certificate revocation property. In their scheme, the “road side unit” maintains a group of vehicles. The main required security goals in VANET communications, such as “non-repudiation,” “confidentiality,” “authentication,” and “integrity” were properly addressed in a proposed security solution by Sun et al. [20] in 2010. In their solution, they further considered how we can handle the misbehavior in such networks. Three years later, a delay-sensitive and efficient authentication scheme presented by Lin and Li [21] for VANET. In their scheme, the trust center involves very few. He et al. [22], in 2015, introduced a security scheme that not only is free from the costly “bilinear pairing” operations, but also can reach most of important security goals. In addition to [22], Li et al. [23] introduced a framework to reach the main security requirements with privacy consideration. In their framework, they took the advantage of “public key cryptosystem.” At the same year, Bayat et al. [24] enhanced the security by presenting an improved authentication protocol that can cover the previous challenges. Finally, in year 2015, Liu et al. [25], by means of a distributed proxy-based security solution, reduced the load on road-side units. Sánchez-García et al. [26] and Wang et al. [27] introduced two security protocols for the authentication in VANET in 2016. Yet another efficient scheme proposed in this year by Lim and Manivannan [28] for fast publication of authenticated messages when an accident happens. In [26], by means of hash function, the authors reached a lightweight authentication protocol. Nevertheless, their scheme suffers from some security attacks. A year later, Zhang et al. [29], by means of signature, presented another authentication scheme for VANET. In their scheme, they have considered that vehicles are equipped with tamper-proof chip. Additionally, in 2017, Liu et al. [30] introduced a “dual authentication” technique for the vehicles that are working in the Internet network, i.e., Internet of vehicles. Cirne et al. [31], by addressing both routing and authenticity challenges, introduced a security scheme for VANET in 2018. In their scheme, all of cryptographic values are stored in a central unit. For the Internet of vehicles, yet another anonymous authentication scheme introduced by Liu et al. [32]. Moreover, in 2018, Jia et al. [14] took the advantage of fog in order to present a secure key agreement protocol for healthcare. Nevertheless, as their protocol relies on costly operations like the “bilinear pairing,” it cannot be performed efficiently on resource-constrained devices of the network. Recently, some other researchers have tried to improve the efficiency of previous security schemes without missing the security goals. As an example, by suggesting an “identity-based” security protocol, Asaar et al. [33], have tried to cover the impersonation and modification attacks of the previous protocol. Some other protocols have been recommended recently by putting forward new concepts. For example, “wireless pilot authentication” protocol introduced by Xu et al. [34] or Yao et al. [35] have integrated fog into the vehicular network and recommended a blockchain-based anonymous security scheme. Furthermore, a secure and lightweight authentication scheme based on modular square root technique has been recommended by Yang et al. [36]. Quite recently, to enhance the efficiency of Jia et al. [14], Ma et al. [13] have introduced a three-party bilinear pairing free protocol for fog-based vehicular communications. Although Ma et al. [13] successfully reduced the cost to 17 “scalar point multiplication” operations, their scheme is still vulnerable to some attacks. The security challenges of Ma et al. [13] are discussed in Section 3.
Section snippets
Network model
Our considered network model is like the proposed one by Ma et al. [13]. As illustrated in Fig. 1, in a fog-based VANET network, there are four groups of entities. The first group are vehicles, which have an “on-board unit” for communications with the other entities in the network. The second group are “road side units,” which provide charging services for the electrical vehicles and link vehicles to fog servers. The third and fourth groups are, respectively, the fog and cloud servers that
Brief review and security assessment of Ma et al.'s protocol
In this section, we first give a brief explanation of Ma et al.'s protocol [13] and then, we indicate the security vulnerabilities of their scheme.
Proposed three-party pairwise secret key agreement protocol
Three phases of “initialization and registration,” “session secret key agreement,” and “password change” compose the proposed protocol of this paper. Just the first phase needs secure channel for communications and the two other phases can be accomplished via insecure public channel. The following subsections introduce the steps required for each phase. List of key terms is shown in Table 1.
Resisting the “impersonation” and “modification” attacks
In the proposed protocol, messages , , and are transmitted to fog server, cloud server, and vehicle, respectively. If an attacker wants to impersonate either vehicle, fog server, or cloud server, he/she must be able to fabricate a message with a valid verifier. Otherwise, as soon as the recipient checks the equality of sent verifier with its own computed one, the fabrication is revealed. In other words, for
Formal security assessment by means of “ProVerif”
Automatic verifier tools like “ProVerif” [38] have options for simulating different attack scenarios. Although most related studies just employ such tools to corroborate the basic security goals, in this section, we take the most out of the “ProVerif” to simulate advanced attack scenarios. Doing so, the resiliency of the proposed protocol can be confirmed under the simulated cases. To be more specific, initially, we model the proposed protocol so that it gives us the results for common security
Comparative analyses
To get an insight of the stage of the proposed scheme in the literature, this section presents a comparative study based on performance and features. Same benchmarks, as in Ma et al.'s paper [13], have been used to keep the conformity. Table 2, Table 3 show the comparisons.
In Table 2, we have compared our suggested protocol with the most related works in terms of computational and communication costs. Similar to Ma et al. [13], we have considered the size of hash output 160 bits, random
Conclusion
After the security assessment of a recently-proposed protocol by Ma et al. and demonstrating its challenges, we have put forward a three-party security-enhanced protocol for vehicular ad-hoc networks. We have shown that the proposed protocol by Ma et al., although reduced the computational cost of its previously-proposed one, fails to fulfil the all required security features and is susceptible to some attacks. Following, a security-enhanced three-party pairwise secret key agreement protocol
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (40)
- et al.
A game theory based trust model for vehicular ad hoc networks (VANETs)
Comput. Netw.
(2017) - et al.
Prediction-based protocols for vehicular ad hoc networks: survey and taxonomy
Comput. Netw.
(2018) - et al.
SVPS: cloud-based smart vehicle parking system over ubiquitous VANETs
Comput. Netw.
(2018) - et al.
Geographic routing protocols for vehicular ad hoc networks (VANETs): a survey
Veh. Commun.
(2018) - et al.
A mobility-based scheme for dynamic clustering in vehicular ad-hoc networks (VANETs)
Veh. Commun.
(2017) - et al.
Data communication in VANETs: protocols, applications and challenges
Ad Hoc Netw.
(2016) - et al.
Distributed collaborative intrusion detection system for vehicular ad hoc networks based on invariant
Comput. Netw.
(2020) - et al.
VANET security challenges and solutions: a survey
Veh. Commun.
(2017) - et al.
On-siteDriverID: a secure authentication scheme based on Spanish eID cards for vehicular ad hoc networks
Future Gener. Comput. Syst.
(2016) - et al.
An efficient protocol for authenticated and secure message delivery in vehicular ad hoc networks
Veh. Commun.
(2016)
TROPHY: trustworthy VANET routing with group authentication keys
Ad Hoc Netw.
An efficient anonymous authentication scheme for Internet of vehicles
A lightweight authentication scheme for vehicular ad hoc networks based on MSR
Veh. Commun.
Design of an enhanced message authentication scheme for smart grid and its performance analysis on an ARM Cortex-M3 microcontroller
J. Inf. Secur. Appl.
Real-time VANET applications using fog computing
Integrating fog computing with VANETs: a consumer perspective
IEEE Commun. Stand. Mag.
Efficient fog-assisted heterogeneous data services in software defined VANETs
J. Ambient Intell. Humaniz. Comput.
An anonymous ECC-based self-certified key distribution scheme for the smart grid
IEEE Trans. Ind. Electron.
An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks
IEEE Int. Things J.
Authenticated key agreement scheme for fog-driven IoT healthcare system
Wirel. Netw.
Cited by (28)
LAAKA: Lightweight Anonymous Authentication and Key Agreement Scheme for Secure Fog-Driven IoT Systems
2024, Computers and SecurityA key-insulated secure multi-server authenticated key agreement protocol for edge computing-based VANETs
2023, Internet of Things (Netherlands)A provably secure key transfer protocol for the fog-enabled Social Internet of Vehicles based on a confidential computing environment
2023, Vehicular CommunicationsCitation Excerpt :The protocol of [23] may also suffer from impersonation attacks and cannot be resisted. The protocol of [24] does not guarantee perfect forward secrecy. Our protocol can resist various kinds of attacks.
Blockchain-Assisted Authentication and Key Agreement Protocol for Cloud-Edge Collaboration
2024, Communications in Computer and Information ScienceDecentralized Lattice-Based Device-to-Device Authentication for the Edge-Enabled IoT
2023, IEEE Systems Journal