In vehicular ad-hoc networks (VANETs), road traffic efficiency and road safety can be improved through message interaction and sharing between vehicle users, which inevitably depends on secure identity authentication and message credibility verification. However, security and privacy of message are the critical factors restricting VANETs’ development. Most existing protocols rely on the trusted third-party to achieve identity authentication and message, which are prone to system single points of failure and low efficiency. To address these challenges, in 2021, Vasudev and Das proposed a privacy preserving secure hash based authentication and revelation protocol. They claimed that their protocol can resist various known attacks, e.g. modification, man-in-the-middle, TPD stolen attack, et al. Unfortunately, in this paper, we found that their protocol does not address above-mentioned problems and has other devastating security bugs. Attacker can easily obtain vehicle’s original/real identity, pseudo-identity and password, which are the cornerstone of their protocol security. In other words, the attacker successfully can launch any attacks including those mentioned above to destroy the whole system. Then, a novel secure privacy-preserving traceable authentication protocol (abbreviated to PTAP) is proposed. The PTAP not only mitigates the weaknesses, but has other advantages. First, the PTAP uses semi-honest RSUs to realize interaction between stakeholders without the help of trusted third-party in extremely low computational cost (reducing 32.75% in vehicle side). Second, the PTAP can enable vehicles to enjoy the remote services with identity anonymity protection and location privacy (traceability when needed). Finally, the PTAP is proven to be safe against passive and active attacks under CDHP assumption and CL-eCK model. Hence, these features make the PTAP very suitable for high safety coefficient and computation-limited mobile devices (such as TPD) compared with other related existing protocols.
Read full abstract