A Lightweight Authenticated Key Agreement Protocol Using Fog Nodes in Social Internet of Vehicles

Wu, Tsu-Yang; Guo, Xinglan; Yang, Lei; Meng, Qian; Chen, Chien-Ming

doi:https://doi.org/10.1155/2021/3277113

Mobile Information Systems

On this page

Abstract Introduction Related Work Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security Threats of Fog and Edge Computing Based Social Internet of Vehicles

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 3277113 | https://doi.org/10.1155/2021/3277113

A Lightweight Authenticated Key Agreement Protocol Using Fog Nodes in Social Internet of Vehicles

Tsu-Yang Wu,¹Xinglan Guo,¹Lei Yang,¹Qian Meng,¹and Chien-Ming Chen²

Academic Editor: Ke Gu

Received02 Sept 2021

Accepted27 Oct 2021

Published17 Nov 2021

Abstract

Recently, there has been rapid growth in the Internet of things, the Internet of vehicles, fog computing, and social Internet of vehicles , which can generate large amounts of real-time data. Now, researchers have begun applying fog computing to the to reduce the computing pressure on cloud servers. However, there are still security challenges in . In this paper, we propose a lightweight and authenticated key agreement protocol based on fog nodes in . The protocol completes the mutual authentication between entities and generates the session key for subsequent communication. Through a formal analysis of the Burrows–Abadi–Needham (BAN) logic, real-oracle random (ROR) model, and ProVerif, the security, validity, and correctness of the proposed protocol are demonstrated. In addition, informal security analysis shows that our proposed protocol can resist known security attacks. We also evaluate the performance of the proposed protocol and show that it achieves better performance in terms of computing power and communication cost.

1. Introduction

With the popularization and development of the world wide web, the Internet of things [1–3], which is a network of Internet extension and expansion, has emerged. With the continuous development of applications, a “social network of intelligent objects” called social Internet of things [4] has been formed. Internet of vehicles [5] is an extension of the concept of . can realize network connections between the vehicle and vehicle , vehicle and infrastructure , and vehicle and pedestrian and collect and share the key road information. With the rapid development of network and sensor technology, social connection in urban transportation systems is necessary, so social Internet of vehicles is produced [6–8]. is an application of in the field of vehicles and is a combination of vehicular ad hoc networks (VANET) and mobile networks, and it can generate a large amount of real-time data. In , intelligent vehicles can establish social relationships with other objects and form a specific social network.

For cloud computing processing of road real-time data, there are some problems associated with network delays, transmission efficiency, and others. Because the distance between the cloud computing server and vehicles is far, and the number of vehicles is increasing, the cloud server needs to process more real-time data, which increases the computing burden. Therefore, researchers have introduced fog computing to reduce the computational burden on cloud servers. The data, processing, and application of fog computing are stored on scattered and weak devices, almost outside the cloud, so the computing power is not strong. It can help the cloud server process some data that are not necessary or urgent at that moment. If it encounters data that it cannot process, it reports to the cloud server. Fog nodes can detect unsafe driving behavior in time, issue early warnings for the behavior, and provide the corresponding punishment when necessary. The application of fog node in and environments was mentioned in the articles [9–13]. In 2016, Azimi et al. [11] proposed a medical warning system in based on fog computing. In 2019, Ismail et al. [12] proposed an implication of fog computing on the . In 2019, Ma et al. [10] proposed a protocol for fog-based networks, which realized authenticated key agreement. In 2021, Eftekhari et al. [9] proposed a pairwise secret key agreement protocol using fog-based , which was a three-part authentication protocol. The typical architecture based on fog nodes is shown in Figure 1.

However, in the environment based on fog nodes, there are still great risks related to security issues. For example, it is very challenging to ensure the confidentiality and privacy of data transmission based on ensuring the security of devices deployed on the network edge. The data transmitted through the public channel usually includes sensitive information such as the personal information of vehicle users, which needs to be kept secret. Recently, Ahmed et al. [6] researched a key agreement protocol for V2G in the environment, which was a two-party authentication protocol. The protocol [6] was based on an elliptic-curve (ECC) point multiplication and had a large computational cost. This shortcoming leads us to propose a more effective protocol.

We propose a lightweight and authenticated key agreement protocol based on three parties using fog nodes in an environment. In this protocol, vehicles and fog nodes authenticate each other with the help of a cloud server and establish a secure session key. Owing to the weak computing power of fog nodes, our protocol only uses lightweight primitives, such as hash function and XOR operation. Through formal analysis of the Burrows–Abadi–Needham (BAN) logic, real-oracle random (ROR) model, and ProVerif, the security, validity, and correctness of the proposed protocol are demonstrated. In addition, informal security analysis shows that our proposed protocol can resist known security attacks. We also evaluate the performance of the proposed protocol and show that it has better performance in terms of computing power and communication cost.

The rest of the paper is structured as follows: in Section 2, we review recent research results. The details of our proposed agreement are in Section 3. In Section 4, we use BAN, ROR, and ProVerif to verify the security, validity, and correctness of the proposed protocol. In addition, we conduct an informal security analysis. In Section 5, we compare our method with other protocols in terms of performance and security. Finally, we summarize this paper in Section 6.

is an open network environment, so this feature may threaten the identity information and relevant sensitive data of vehicle users. For many years, researchers have proposed many protocols to protect the privacy of vehicle users in environments. In 2006, Raya et al. [14] proposed a vehicle communication protocol that stored multiple public and private key pairs and protected the privacy of vehicle users through the certificates stored in OBU. However, in 2008, Lu et al. [15] determined that the protocol [14] had high computing and storage cost because the key was changing at times and proposed a privacy protection protocol for vehicle communication. That same year, Zhang et al. [16] proposed an identity verification protocol for . The protocol [16] realized privacy protection by the tamper-proof device to generate a random pseudoidentity. In 2020, Cui et al. [17] researched a privacy-preserving scheme. The protocol [17] was based on edge computing and used lightweight primitives, such as elliptic-curve cryptography, instead of bilinear pairing-based primitives with high computational cost. Later, Hu et al. [18] proposed a privacy-preserving authentication scheme for .

The protocols proposed by some researchers have high computing power. In 2014, Li et al. [19] proposed a protocol that provided PKC-based privacy protection for and claimed that their protocol could resist replay and stolen smart card attacks. However, Amit et al. [20] revealed that Li et al.’s protocol [19] was susceptible to key compromise impersonation attacks and could not provide user anonymity. To reduce high computing cost caused by the use of PCK in the above protocol, the Trust-Extended Authentication Mechanism (TEAM) protocol was proposed [21]. In 2016, Kumari et al. [22] proposed an authentication protocol that also used TEAM. In 2017, Ying and Nayak [23] proposed an effective and lightweight protocol for an environment, which could provide user anonymity. Chen et al. [5] demonstrated that [23] was vulnerable to replay and offline identity guessing attacks. Therefore, to solve the vulnerability of Ying and Nayak’s protocol [23], Chen et al. [5] proposed a secure authentication scheme for . However, the protocol [5] stored extensive data in the database, so it had high storage cost. In the same year, Mohit et al. [24] proposed an efficient authentication protocol for vehicular systems and deemed their protocol safe. However, Yu et al. [25] pointed out that the protocol [24] of Mohit et al. was susceptible to impersonation attacks and could not provide anonymity, traceability, and mutual authentication. Then, Yu et al. [25] proposed an authenticated protocol in vehicular communications. In 2020, Sadri et al. [26] demonstrated that Yu et al.’s protocol [25] was susceptible to sensor capture attacks and impersonation attacks and could not provide traceability. Additionally, Sadri and Rajabzadeh Asaar [26] proposed a protocol in the environment, which was based on lightweight primitives. In 2021, Wu et al. [27] proposed a protocol in , and the protocol realized authentication key exchange (AKE).

There are increasingly more vehicles in the environment, and data processing and transmission have become an inevitable challenge. Therefore, researchers began to apply cloud computing to to solve the problem of processing a large amount of data to improve authentication efficiency. In an environment, an authentication scheme based on cloud computing had been widely mentioned and applied in articles [28–31]. For an environment using cloud computing, problems such as network delay and transmission efficiency would exist, and the cloud server would need to process more data, which would increase the computing burden of the cloud server. Therefore, researchers have begun to introduce fog nodes for fog computing to share the pressure of cloud servers. In these papers [10–13], fog computing technology was applied. Ma et al.’s protocol [10] applied fog computing to and proposed an authenticated key agreement protocol. They claimed that the protocol [10] was secure and efficient, but Eftekhari et al. [9] pointed out that Ma et al.’s protocol [10] was vulnerable to internal attacks, stolen smart card attacks, and known session-specific temporary information attacks. Therefore, Eftekhari et al. [9] proposed a more efficient authentication protocol. In 2021, Wu et al. [32] proposed a secure scheme using fog nodes in , and the protocol realized AKE. In the same year, Maria et al. [33] proposed a blockchain-based anonymous authentication scheme, which used bilinear pairing. Some important related works are summarized in Table 1.

3. The Proposed Protocol

In this part, we introduce a lightweight and authenticated key agreement protocol using fog nodes in . Our protocol is based on the architecture of Figure 1. The protocol includes three entities: vehicle , fog node , and . The symbols used in the protocol are shown in Table 2. The protocol has three phases: vehicle registration phase, fog node registration phase, and login authentication phase.

3.1. Registration Phase

In the registration phase, registers with . The phase is shown in Figure 2, and the specific steps are as follows:(1)First, selects its identity , password , and a random number , calculates its pseudoidentity , and then transmits the to through the secure channel.(2)After receiving the message from , calculates the value of , initializes the value of to 0, and stores in its database. Finally, sends to .(3)After receiving the message from , calculates the value , replaces with the value of , and stores the in its smart card.

3.2. Registration Phase

In registration phase, registers with . The phase is shown in Figure 3, and the specific steps are as follows:(1)First, selects its identity and a random number , calculates its pseudoidentity , and then transmits to through the secure channel.(2)After receiving the message from , first selects a random number , calculates the value of , and stores in its database. Finally, sends to .(3)After receiving the message from , calculates the value , and stores the in its database.

3.3. Login and Authentication Phase

In the login and authentication phase, , , and realize authentication and establish session key . This phase is shown in Figure 4, and the specific steps are as follows:(1)First, inserts the smart card into the reader terminal, inputs its identity , password , calculates the login authentication value , and then compares . If equal, logs in successfully. Otherwise, the login fails. After successful login, selects a random number and calculates , , . Finally, sends the login request to through the common channel.(2)After receiving the message from , first selects a random number and then calculates , , and finally transmits the message to .(3)After receiving message from , first indexes according to , then calculates , , , and compares . If it is equal, believes that is legal. Otherwise, the authentication process is terminated. calculates and compares . If it is equal, it means that believes that is legal. Otherwise, the authentication process is terminated. After authenticating and , calculates , , , selects a random number , and calculates Then, it updates , and finally, sends message to .(4)After receiving message from , calculates , and compares . If it is equal, it means that believes that is legal. Otherwise, the authentication process is terminated. Finally, sends message to .(5)After receiving message from , calculates , and compares . If equal, it means that believes that and are legal. Otherwise, the authentication process is terminated. Finally, updates .

4. Security Analysis

4.1. BAN Logic

BAN logic is a formal security analysis method [35]. In this part, we use BAN logic to prove that vehicles, fog nodes, and cloud servers share a session key and further prove the correctness of our protocol. The rules used in BAN logic are shown in the references.

4.1.1. BAN Logic Rules

(1)Message-meaning rule: (2)Freshness rule: (3)Nonce-verification rule: (4)Jurisdiction rule: (5)Belief rule: (6)Session key rule:

4.1.2. Goals

G1 G2 G3 G4 G5 G6 G7

4.1.3. Idealizing Communication

M1 : M2: M3: M4:

4.1.4. Initial State Assumptions

A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16 A17 A18 A19 A20 A21 A22 A23

4.1.5. Detailed Steps

By considering the message M1 and using the seeing rule, we get

Using S1, we get

Under the premise of assuming A4, using S2, and the message-meaning rule, we get

In the case of conclusion S3, using assumption A5, the freshness rule, and the nonce-verification (N-V) rule, we get

In the case of conclusion S4, using assumption A6, and the jurisdiction rule, we get

In addition, considering the message M2, we get

Using S6, we get

Under the premise of assuming A7, using S7, and the message-meaning rule, we get

In the case of conclusion S8, using assumption A8, the freshness rule, and the nonce-verification (N-V) rule, we get

In the case of conclusion S9, using assumption A9, and the jurisdiction rule, we get

Because , according to the conclusions A10, A11, S10, and S5 and the belief rule, we get

Using A5, S11, and the SK rule, we get

Using A8, S11, and the SK rule, we get

By considering the message M3 and using the seeing rule, we get

Using S14, we get

Under the premise of assuming A12, using S15, and the message-meaning rule, we get

In the case of conclusion S16, using assumptions A13 and A14, the freshness rule, and the nonce-verification (N-V) rule, we get

Applying this for each component, we get

In the case of conclusion S18, using assumption A15, and the jurisdiction rule, we get

In the case of conclusion S22, using assumption A16, and the jurisdiction rule, we get

In the case of conclusion S23, using assumption A17, and the jurisdiction rule, we get

Because , according to the conclusions S21, S22, and S23 and the belief rule, we get

Using A15, S24, and the SK rule, we get

By considering the message M4 and using the seeing rule, we get

Using S26, we get

Under the premise of assuming A18, using S27, and the message-meaning rule, we get

In the case of conclusion S28, using assumption A19 and A20, the freshness rule, and the nonce-verification (N-V) rule, we get

Applying this for each component, we get

In the case of conclusion S30, using assumptions A21, and the jurisdiction rule, we get

In the case of conclusion S31, using assumptions A22, and the jurisdiction rule, we get

In the case of conclusion S32, using assumptions A23, and the jurisdiction rule, we get

Because , according to the conclusions S31, S32, and S33 and the belief rule, we get

Using A21, S34, and the SK rule, we get

4.2. Formal Security Analysis

In this part, we use the ROR model to formally prove the security of our proposed protocol. The ROR model judges the security of the protocol by calculating the session key probability of an ordinary situation [36, 37].

4.2.1. ROR Model

The protocol consists of three entities: vehicle, fog node, and cloud server. In the ROR model, we use , , and to represent the x-th communication of the , the y-th communication of the , and the z-th communication of the , respectively. We also define that the attacker can have the following query capabilities, where . : by performing this query operation, can intercept the messages transmitted on the public channel. : by performing this query operation, can obtain the hash value of the input string. : by performing this query operation, can send message to and receive the response from . : by performing this query operation, can obtain a party’s secret values, such as some values in the smart card, long-term key, or temporary information. : by performing this query operation, flips a coin . If , can obtain an accurate session key; if , can obtain a random string of the same length as the session key.

4.2.2. Theorem

In the ROR model, assume can perform execute, hash, send, corrupt, and test queries. Then, the probability that can break the proposed protocol in polynomial time is , where represents the number of times hash queries are executed, represents the number of times send queries are executed, represents the number of times execute queries are executed, represents the bits of biological information, and and are constants in Zipf’s law.

4.2.3. Proof

We played five rounds of games, which were expressed as follows: to . represents the event that can win in the game . represents the advantage of A for winning . is the probability of event . represents the advantage has in breaking the security of for protocol . The specific steps of are as follows: : is the first-round game in the ROR model and a real attack. We choose a coin to start the round. Therefore, in , we can obtain the probability that can successfully break as : adds an execute query to . In , can only obtain the messages transmitted on the public channel. After , will query the session key through the test, but cannot obtain five values , so the probability that is equal to that of is : adds a send query to . According to Zipf’s law [38], we obtain : adds the hash query to . The maximum probability of text collision in transmission is , and we can obtain : in this round, we verify the security of the session key using two events. One is to obtain the long-term key of to verify the perfect forward security, and the other is to obtain temporary information to verify that the protocol can resist the known session-specific temporary information attacks.(1)Perfect forward security: using , attempts to obtain the private key of , or uses or to obtain some secret values in the registration phase.(2)Known session-specific temporary information attacks: uses one of or or to attempt to obtain temporary information. For the first event, if obtains the private key of , or the secret value of and in the registration phase, but cannot get the random number , it cannot calculate session key , where . For the second event, if can obtain , but the values of and are confidential, the cannot be calculated. Similarly, if and are leaked, cannot be calculated by . Therefore, the probability of this round is : in this round of the game, uses the corrupt query to obtain the parameter stored in the smart card, so wants to conduct the offline key guessing attacks. uses random numbers and passwords for registration, so must guess , but the probability of guessing a random number is , which can be ignored. Using Zipf’s law [38], we can obtain : this round of the game is to verify that protocol can resist the impersonation attacks, uses to query, and the game is terminated. Therefore, the probability that can guess is Because the probability of success and failure of the is , Finally, we can obtain

4.3. ProVerif

ProVerif is a formal automatic verification tool, which can verify confidentiality, identity, anonymity, and so on [39, 40]. In this paper, we use the ProVerif code to achieve vehicle registration, fog node registration, and authentication between the two parties and the and verify the security and effectiveness of our proposed protocol through ProVerif.

ProVerif demonstrates that the specific operation works as follows. Our protocol includes three entities: vehicle, fog node, and cloud server. The symbols and operation definitions used in ProVerif are shown in Figure 5.

The proof contains six events, as shown in Figure 6. The six events are veclestarted (), vecleauthored (), cloudserveracvehicle (), cloudserveracfognode (), fognodeaccloudserver (), and vecleaccloudserver (), indicating that the vehicle starts certification, the vehicle completes certification, the cloud server completes the vehicle certification, and the cloud server completes the fog node certification, respectively. The fog node completed the certification of the cloud server, and the vehicle completed the certification of the cloud server.

Then, we use ProVerif to query whether can calculate the session key through the data transmitted on the common channel. The query operation is shown in Figure 7.

Finally, we get the verification result using the ProVerif tool, as shown in Figure 8. The result shows that cannot calculate the session key of the , , and .

4.4. Informal Security Analysis

This part is an informal security analysis of our proposed agreement. We have proved that the protocol can meet common security requirements. The specific proof is as follows.

4.4.1. Mutual Authentication

In the authentication phase, with the help of , mutual authentication between and is realized. in message is the value uses to authenticate , in message is the value uses to authenticate , and and in message are the values uses to authenticate and , respectively. Therefore, the mutual authentication among , , and is realized in the authentication phase.

4.4.2. Replay Attacks

In this protocol, we use cumulative value to resist replay attacks. In the registration phase, we initialize to 0. As the session progresses, it carries out operation on the value , saves it to its database after authenticates , , and carries out the necessary calculation. After authenticates and generates the session key, it also carries out the operation on the value and saves it to the smart card. In this manner, on both sides is synchronous and equal, and the session process is completed smoothly. If repeatedly sends message intercepted in the public channel, continues to calculate the value in the authentication phase. Value generated using is not equal to value calculated by using stored in its smart card, because the value in the smart card of cannot keep up with the update speed, so the authentication fails. Thus, our protocol can resist replay attacks.

4.4.3. Man-in-the-Middle Attacks

Suppose that can intercept the message transmitted on the public channel between and . Since cannot obtain the information in the smart card and the identity of , cannot calculate the values required for , where . Therefore, after tampers with , it cannot pass the authentication of . Similarly, because the privacy value is unknown, cannot calculate the authentication value , , or and cannot complete the verification after intercepting the information , , or . Therefore, our protocol can resist man-in-the-middle attacks.

4.4.4. User Anonymity

The real identities of and are transmitted on the secure channel and are protected by pseudoidentity and in the authentication phase. The anonymity of and is ensured. Therefore, our protocol can provide user anonymity.

4.4.5. Untraceability

If wants to trace the , it intercepts the messages transmitted on the common channel. Since the random numbers are used, this means that messages are different during each session. In addition, cannot obtain the random numbers , so cannot be traced back to . Therefore, our protocol can provide untraceability.

5. Security and Performance Comparisons

In this part, we compare our protocol with those of Ma et al. [10], Wazid et al. [34], Eftekhari et al. [9], and Wu et al. [32] in terms of security, computational cost, and communication cost.

5.1. Security Comparisons

When comparing protocol security, we use ✔ to indicate that the protocol can resist the attacks and to indicate that the protocol cannot resist the attacks. The results of comparing protocol security are shown in Table 3. It can be seen that our protocol can resist known attacks and have better security. Ma et al.’s protocol [10] cannot provide user anonymity and untraceability and is vulnerable to impersonation attacks and known session-specific temporary information attacks. The protocols in [9, 32, 34] and our protocol are secure.

5.2. Performance Comparison

Performance analysis is conducted from the aspects of computational cost and communication cost. We analyze and compare the computational cost from the login authentication phase of each protocol. The computational cost of XOR and join operations is negligible. The computational cost comparison is shown in Table 4. It is obvious that the protocols of Ma et al. [10], Wazid et al. [34], Eftekhari et al. [9], and Wu et al. [32] perform point multiplication, Wazid et al. [34] and Wu et al. [32] perform fuzzy extraction, and Wazid et al.’s protocol [34] and Eftekhari et al. [9] also perform ECC point addition. Only our proposed protocol performs the hash operation, so its computational cost is less.

Here, represents the time taken to perform a point multiplication operation, represents the time taken to execute an ECC point addition, represents the time taken to execute a fuzzy extraction function, and represents the time taken to execute a hash operation.

In the comparison of communication cost, we assume that the length of the identity and the random number are 160 bits, the length of the timestamp is 32 bits, the length of the one-way hash function is 256 bits, and the length of ECC point is 320 bits. Therefore, based on our assumption, the communication costs of the protocols of Ma et al. [10], Wazid et al. [34], Eftekhari et al. [9], and Wu et al. [32] are 4512 bits, 3488 bits, 4416 bits, and 4448 bits. Here, we illustrate our protocol as an example to show the specific analysis. In our protocol, the messages transmitted in the login authentication phase are , , , and , where are random strings, is an identity, and are hash values. Therefore, the total communication cost of our proposed protocol is 2336 bits. The comparison of communication cost is shown in Table 5. Obviously, the communication cost of our proposed protocol is less.

In the security comparison, we found that Ma et al.’s protocol [10] cannot provide user anonymity and untraceability and is vulnerable to impersonation attacks and known session-specific temporary information attacks. Although the protocols of [9, 32, 34] can resist known security attacks, the overhead in the aspect of computational cost and communication cost is much more than that of our proposed protocol. Therefore, our protocol is better in terms of security and performance.

6. Conclusions

In this paper, we first review the AKE protocol in and , and then, we propose a lightweight and authenticated key agreement protocol using fog nodes. The security analysis of the protocol is conducted by using BAN, ROR, and ProVerif. The comparison of security and performance shows that the protocol achieves higher performance in terms of computing power and communication cost compared with other protocols. In future research, we will focus on improving the security and performance of the protocol in .

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

Acknowledgments

This article was supported by the Guangxi Key Laboratory of Trusted Software (no. KX202033).

References

S. Arasteh, S. F. Aghili, and M. Hamid, “A new lightweight authentication and key agreement protocol for internet of things,” in Proceedings of the 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 52–59, IEEE, Tehran, Iran, September 2016.
View at: Publisher Site | Google Scholar
M. Azrour, J. Mabrouki, A. Guezzaz, and Y. Farhaoui, “New enhanced authentication protocol for internet of things,” Big Data Mining and Analytics, vol. 4, no. 1, pp. 1–9, 2021.
View at: Publisher Site | Google Scholar
X. Hu, Y. Wu, C. Jin, and S. Kumari, “Efficient and privacy-preserving authentication protocol for heterogeneous systems in iiot,” IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11713–11724, 2020.
View at: Publisher Site | Google Scholar
K. Park, Y. Park, A. K. Das, S. Yu, J. Lee, and Y. Park, “A dynamic privacy-preserving key management protocol for v2g in social internet of things,” IEEE Access, vol. 7, pp. 76812–76832, 2019.
View at: Publisher Site | Google Scholar
C.-M. Chen, B. Xiang, Y. Liu, and K.-H. Wang, “A secure authentication protocol for internet of vehicles,” IEEE Access, vol. 7, pp. 12047–12057, 2019.
View at: Publisher Site | Google Scholar
S. Ahmed, S. Kumari, M. A. Saleem, K. Agarwal, K. Mahmood, and M.-H. Yang, “Anonymous key-agreement protocol for v2g environment within social internet of vehicles,” IEEE Access, vol. 8, pp. 119829–119839, 2020.
View at: Publisher Site | Google Scholar
T. A. Butt, R. Iqbal, K. Salah, M. Aloqaily, and Y. Jararweh, “Privacy management in social internet of vehicles: review, challenges and blockchain based solutions,” IEEE Access, vol. 7, pp. 79694–79713, 2019.
View at: Publisher Site | Google Scholar
L. Zhang, Z. Zhao, Q. Wu, H. Zhao, H. Xu, and X. Wu, “Energy-aware dynamic resource allocation in uav assisted mobile edge computing over social internet of vehicles,” IEEE Access, vol. 6, pp. 56700–56715, 2018.
View at: Publisher Site | Google Scholar
S. A. Eftekhari, M. Nikooghadam, and M. Rafighi, “Security-enhanced three-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications,” Vehicular Communications, vol. 28, Article ID 100306, 2021.
View at: Publisher Site | Google Scholar
M. Ma, D. He, H. Wang, N. Kumar, and K.-K. R. Choo, “An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8065–8075, 2019.
View at: Publisher Site | Google Scholar
I. Azimi, A. Anzanpour, A. M. Rahmani, P. Liljeberg, and T. Salakoski, “Medical warning system based on internet of things using fog computing,” in Proceedings of the 2016 international workshop on big data and information security (IWBIS), pp. 19–24, IEEE, Jakarta, Indonesia, October 2016.
View at: Publisher Site | Google Scholar
B. Ismail, A. Sari, and P. Österberg, “Security implications of fog computing on the internet of things,” in Proceedings of the 2019 IEEE International Conference on Consumer Electronics (ICCE), pp. 1–6, IEEE, Las Vegas, NV, USA, January 2019.
View at: Google Scholar
X. Jia, D. He, N. Kumar, and K.-K. R. Choo, “Authenticated key agreement scheme for fog-driven iot healthcare system,” Wireless Networks, vol. 25, no. 8, pp. 4737–4750, 2019.
View at: Publisher Site | Google Scholar
M. Raya, P. Papadimitratos, and J.-P. Hubaux, “Securing vehicular communications,” IEEE wireless communications, vol. 13, no. 5, pp. 8–15, 2006.
View at: Publisher Site | Google Scholar
R. Lu, X. Lin, H. Zhu, P.-H. Ho, and X. Shen, “ECPP: efficient conditional privacy preservation protocol for secure vehicular communications,” in Proceedings of the IEEE INFOCOM 2008-The 27th Conference on Computer Communications, pp. 1229–1237, IEEE, Phoenix, AZ, USA, April 2008.
View at: Publisher Site | Google Scholar
C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen, “An efficient identity-based batch verification scheme for vehicular sensor networks,” in Proceedings of the IEEE INFOCOM 2008-The 27th Conference on Computer Communications, pp. 246–250, IEEE, Phoenix, AZ, USA, April 2008.
View at: Publisher Site | Google Scholar
J. Cui, L. Wei, H. Zhong, J. Zhang, Y. Xu, and L. Liu, “Edge computing in vanets-an efficient and privacy-preserving cooperative downloading scheme,” IEEE Journal on Selected Areas in Communications, vol. 38, no. 6, pp. 1191–1204, 2020.
View at: Publisher Site | Google Scholar
X. Hu, J. Chen, M. Qian, and Y. Zhao, “Conditional privacy-preserving authentication protocol with dynamic membership updating for vanets,” IEEE Transactions on Dependable and Secure Computing, 2020.
View at: Publisher Site | Google Scholar
J. Li, H. Lu, and M. Guizani, “Acpn: a novel authentication framework with conditional privacy-preservation and non-repudiation for vanets,” IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 4, pp. 938–948, 2014.
View at: Google Scholar
D. Amit, N. Kumar, A. K. Das, and W. Susilo, “Secure message communication protocol among vehicles in smart city,” IEEE Transactions on Vehicular Technology, vol. 67, no. 5, pp. 4359–4373, 2017.
View at: Publisher Site | Google Scholar
M.-C. Chuang and J.-F. Lee, “Team: trust-extended authentication mechanism for vehicular ad hoc networks,” IEEE Systems Journal, vol. 8, no. 3, pp. 749–758, 2013.
View at: Publisher Site | Google Scholar
S. Kumari, M. Karuppiah, X. Li, F. Wu, A. K. Das, and V. Odelu, “An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks,” Security and Communication Networks, vol. 9, no. 17, pp. 4255–4271, 2016.
View at: Publisher Site | Google Scholar
B. Ying and A. Nayak, “Anonymous and lightweight authentication for secure vehicular networks,” IEEE Transactions on Vehicular Technology, vol. 66, no. 12, pp. 10626–10636, 2017.
View at: Publisher Site | Google Scholar
P. Mohit, R. Amin, and G. P. Biswas, “Design of authentication protocol for wireless sensor network-based smart vehicular system,” Vehicular Communications, vol. 9, pp. 64–71, 2017.
View at: Publisher Site | Google Scholar
S. Yu, J. Lee, K. Lee, K. Park, and Y. Park, “Secure authentication protocol for wireless sensor networks in vehicular communications,” Sensors, vol. 18, no. 10, p. 3191, 2018.
View at: Publisher Site | Google Scholar
M. J. Sadri and M. Rajabzadeh Asaar, “A lightweight anonymous two-factor authentication protocol for wireless sensor networks in internet of vehicles,” International Journal of Communication Systems, vol. 33, no. 14, Article ID e4511, 2020.
View at: Publisher Site | Google Scholar
T.-Y. Wu, Z. Lee, L. Yang, and C.-M. Chen, “A provably secure authentication and key exchange protocol in vehicular ad hoc networks,” Security and Communication Networks, vol. 2021, Article ID 9944460, 17 pages, 2021.
View at: Publisher Site | Google Scholar
S. Bitam, A. Mellouk, and S. Zeadally, “Vanet-cloud: a generic cloud computing model for vehicular ad hoc networks,” IEEE Wireless Communications, vol. 22, no. 1, pp. 96–102, 2015.
View at: Publisher Site | Google Scholar
Q. Jiang, J. Ni, J. Ma, L. Yang, and X. Shen, “Integrated authentication and key agreement framework for vehicular cloud computing,” IEEE Network, vol. 32, no. 3, pp. 28–35, 2018.
View at: Publisher Site | Google Scholar
M. A. Salahuddin, A. Al-Fuqaha, M. Guizani, and S. Cherkaoui, “RSU cloud and its resource management in support of enhanced vehicular applications,” in Proceedings of the 2014 IEEE Globecom Workshops (GC Wkshps), pp. 127–132, IEEE, Austin, TX, USA, December 2014.
View at: Publisher Site | Google Scholar
Y. Rong, X. Huang, J. Kang et al., “Cooperative resource management in cloud-enabled vehicular networks,” IEEE Transactions on Industrial Electronics, vol. 62, no. 12, pp. 7938–7951, 2015.
View at: Google Scholar
T.-Y. Wu, Z. Lee, L. Yang, J.-N. Luo, and R. Tso, “Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks,” The Journal of Supercomputing, vol. 77, no. 7, pp. 6992–7020, 2021.
View at: Publisher Site | Google Scholar
A. Maria, V. Pandi, J. Deborah Lazarus, M. Karuppiah, and M. S. Christo, “BBAAS: blockchain-based anonymous authentication scheme for providing secure communication in vanets,” Security and Communication Networks, vol. 2021, Article ID 6679882, 11 pages, 2021.
View at: Publisher Site | Google Scholar
M. Wazid, P. Bagga, A. K. Das, S. Shetty, J. J. P. C. Rodrigues, and Y. Park, “AKM-IOV: authenticated key management protocol in fog computing-based internet of vehicles deployment,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8804–8817, 2019.
View at: Publisher Site | Google Scholar
R. M. Needham, M. Burrows, and M. Abadi, “A logic of authentication,” Proceedings of the Royal Society of London. Mathematical and physical sciences Series, vol. 426, no. 1871, pp. 233–271, 1989.
View at: Google Scholar
C. Ran, O. Goldreich, and S. Halevi, “The random oracle methodology, revisited,” Journal of the ACM, vol. 51, no. 4, pp. 557–594, 2004.
View at: Google Scholar
T.-Y. Wu, L. Yang, Z. Lee, C.-M. Chen, J.-S. Pan, and S. K. Hafizul Islam, “Improved ECC-based three-factor multiserver authentication scheme,” Security and Communication Networks, vol. 2021, Article ID 6627956, 14 pages, 2021.
View at: Publisher Site | Google Scholar
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s law in passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
View at: Publisher Site | Google Scholar
B. Blanchet, V. Cheval, X. Allamigeon, and B. Smyth, “Proverif: cryptographic protocol verifier in the formal model; 2012,” 2019, https://prosecco.gforge.inria.fr/personal/bblanche/proverif/.
View at: Google Scholar
Y. Luo, W. M. Zheng, and Y.-C. Chen, “An anonymous authentication and key exchange protocol in smart grid,” Journal of Network Intelligence, vol. 6, no. 2, pp. 206–215, 2021.
View at: Google Scholar

Copyright

Copyright © 2021 Tsu-Yang Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

480

Downloads

767

Citations

Mobile Information Systems

Security Threats of Fog and Edge Computing Based Social Internet of Vehicles

A Lightweight Authenticated Key Agreement Protocol Using Fog Nodes in Social Internet of Vehicles

Abstract

1. Introduction

2. Related Work

3. The Proposed Protocol

3.1. Registration Phase

3.2. Registration Phase

3.3. Login and Authentication Phase

4. Security Analysis

4.1. BAN Logic

4.1.1. BAN Logic Rules

4.1.2. Goals

4.1.3. Idealizing Communication

4.1.4. Initial State Assumptions

4.1.5. Detailed Steps

4.2. Formal Security Analysis

4.2.1. ROR Model

4.2.2. Theorem

4.2.3. Proof

4.3. ProVerif

4.4. Informal Security Analysis

4.4.1. Mutual Authentication

4.4.2. Replay Attacks

4.4.3. Man-in-the-Middle Attacks

4.4.4. User Anonymity

4.4.5. Untraceability

5. Security and Performance Comparisons

5.1. Security Comparisons

5.2. Performance Comparison

6. Conclusions

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright