Department of Computer Science and Information Engineering, Asia University, Taichung, Taiwan (R.O.C.).
Faculty of Telecommunication and Electrical Engineering, Institut Teknologi Telkom Purwokerto, Purwokerto, Indonesia.
PLoS One. 2021 Sep 10;16(9):e0257044. doi: 10.1371/journal.pone.0257044. eCollection 2021.
The study of security and privacy in vehicular ad hoc networks (VANETs) has become a hot topic that is wide open to discussion. As the quintessence of this aspect, authentication schemes deployed in VANETs play a substantial role in providing secure communication among vehicles and the surrounding infrastructures. Many researchers have proposed a variety of schemes related to information verification and computation efficiency in VANETs. In 2018, Kazemi et al. proposed an evaluation and improvement work towards Azees et al.'s efficient anonymous authentication with conditional privacy-preserving (EAAP) scheme for VANETs. They claimed that the EAAP suffered from replaying attacks, impersonation attacks, modification attacks, and cannot provide unlinkability. However, we also found out if Kazemi et al.'s scheme suffered from the unlinkability issue that leads to a forgery attack. An adversary can link two or more messages sent by the same user by applying Euclid's algorithm and derives the user's authentication key. To remedy the issue, in this paper, we proposed an improvement by encrypting the message using a shared secret key between sender and receiver and apply a Nonce in the final message to guarantee the unlinkability between disseminated messages.
车联网中的安全和隐私研究已成为一个热门话题,广泛讨论。作为这方面的精髓,车联网中部署的认证方案在为车辆和周围基础设施之间提供安全通信方面发挥了重要作用。许多研究人员已经提出了各种与车联网中的信息验证和计算效率相关的方案。2018 年,Kazemi 等人对 Azees 等人的高效匿名认证与条件隐私保护(EAAP)方案进行了评估和改进工作。他们声称,EAAP 易受重播攻击、伪装攻击、篡改攻击的影响,并且不能提供不可链接性。然而,我们也发现 Kazemi 等人的方案是否存在导致伪造攻击的不可链接性问题。攻击者可以通过应用欧几里得算法将同一用户发送的两条或更多消息进行链接,并从用户的认证密钥中得出。为了解决这个问题,在本文中,我们提出了一种改进方案,即使用发送方和接收方之间的共享密钥对消息进行加密,并在最后一条消息中使用一个 Nonce 来保证所分发消息之间的不可链接性。
