Security analysis on Three-factor authentication protocol using physical unclonable function for IoV

The advent of the Internet of Things has enriched the network field with new themes, among which we find the Internet of Vehicles (IoV). IoV improved the various smart traffic applications for management or security. It makes vehicles autonomously deal with the unexpected by sharing various resources like critical information, computing resources, etc. Nonetheless and as a user of current network technologies, IoV suffers from the same vulnerabilities of these technologies, which makes it vulnerable to various kinds of attacks that affect security and privacy. To overcome these new challenges, researchers have considered different IoV authentication protocols. However, most of them are compromised and contain real security problems. Dealing with IoV authentication protocol security flaws is a real challenge. Recently, Jiang et al. (Comput Commun 173:45-55, 2021) designed a three-factor authentication protocol for IoV environment. The proposed protocol combines lightweight operations that include elliptic curve cryptography, hash function, physically unclonable function, concatenation on one side, and XOR operation on the other side. Contrariwise, it contains several flaws. In this paper, we detailed the security analysis of Jiang et al. protocol that proves the limit of security guarantees between only user and data center due to the possibility for an adversary to deduce a session key shared between vehicle sensor and data center and between vehicle sensor and user. Moreover, regarding these limitations, we propose an improvement to remedy all the said security pitfalls.

Automated summary

The emergence of the Internet of Things has brought about new themes in the field of networking, including the Internet of Vehicles (IoV). However, IoV faces security and privacy vulnerabilities similar to other network technologies. Researchers have proposed different IoV authentication protocols, but many of them have security flaws. A recent study designed a three-factor authentication protocol for IoV but it also contains weaknesses. This paper provides a security analysis of the protocol and proposes improvements to overcome the identified security issues.