Long-range autonomous valet parking (LAVP) is a current trend, partly due to traffic congestion and parking headache. For large-scale parking demands, reservation is introduced to effectively manage valet parking. However, existing schemes focus on parking request verification and parking check-in, which aren't applicable to LAVP because they ignore identity legitimacy and communication security in the phase of picking up as well as dropping off passengers. One viable solution is authentication and key agreement (AKA) protocol. Generally, due to low entropy of passwords and dictionary attacks, three-factor (i.e. passwords, biometrics, and smart card) AKA is more secure than single- and two-factor AKA. Unfortunately, known attacks and high overheads hinder the application of three-factor AKA in real-world environments. Hence, one of the most tough tasks is to balance security and availability, especially how to address the potential threats introduced by each factor while taking full advantage of three factors. Inspired by the above challenges, we propose a provably secure three-factor AKA protocol for reservation services in LAVP, namely SecLAVP. Specifically, the passenger and the autonomous vehicle ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$AV$</tex-math></inline-formula> ) complete mutual authentication with the assistance of drop-off/pick-up point ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$DP$</tex-math></inline-formula> ). After successful authentication, the session key is generated between the passenger, <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$DP$</tex-math></inline-formula> , and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$AV$</tex-math></inline-formula> for secure communication. In the Real-Or-Random (ROR) model, we formally prove SecLAVP satisfies session-key security. Then, we apply AVISPA to simulate our proposed protocol, to demonstrate that SecLAVP can resist man-in-the-middle attacks. Additionally, informal security analysis indicates that SecLAVP satisfies our defined 16 design goals concerning security. Finally, we evaluate performance of SecLAVP in terms of communication overheads, computational overheads, and scheduling, to manifest the feasibility.
Read full abstract