Security Analysis and Improvement of Lighweight VANET Authentication Protocol (Case Study : Zhao et al. LVAP)

Sepha Siswantyo

doi:10.47709/cnahpc.v3i2.979

Authors

Sepha Siswantyo Politeknik Siber dan Sandi Negara

DOI:

10.47709/cnahpc.v3i2.979

Keywords:

VANET, authentication, formal methods, Scyther, confidentiality, man-in-the-middle

Dimension Badge Record

Abstract

VANET is an ad-hoc network implemented on vehicle communication to ensure traffic safety and traffic management efficiency. VANET security is a concern because of various vulnerabilities, especially from authentication criteria that the attacker can exploit. VANET is vulnerable to Sybil attack, entity impersonation, message modification, and identity falsification. Several mechanisms and protocols have been developed to address these vulnerabilities. The design of the VANET authentication protocol also needs to be proven using formal methods to ensure that the protocol meets the required security criteria. In this research, the security of VANET authentication protocol developed by Zhao et al. was analyzed using the Datta et al. security protocol analysis method. Instead of BAN Logic, the Scyther tool was used to verify security claims and find possible attacks. Our Security analysis results show that Zhao et al.'s protocol does not meet confidentiality and entity authentication criteria. Scyther tool can find attacks on nonce confidentiality and man-in-the-middle attack. Therefore, we modify Zhao et al. protocol by adding signature and session key confirmation to improve its security. Based on analysis results, our modified Zhao et al. authentication protocol met confidentiality and entity authentication criteria. The use of signature and session key confirmation prevents man-in-the-middle attack and protects nonce confidentiality. Therefore, our research concludes that modified Zhao et al. authentication protocol more secure than the original protocol in terms of nonce and session key confidentiality, aliveness, weak agreement, non-injective agreement, and non-injective synchronization.

Downloads

Download data is not yet available.

Google Scholar Cite Analysis
Abstract viewed = 401 times

References

Abdellah, A. R., Muthanna, A., & Koucheryavy, A. (2019). Robust Estimation of VANET Performance-Based Robust Neural Networks Learning. In O. Galinina, S. Andreev, S. Balandin, & Y. Koucheryavy (Eds.), Internet of Things, Smart Spaces, and Next Generation Networks and Systems (Vol. 11660, pp. 402–414). Springer International Publishing. https://doi.org/10.1007/978-3-030-30859-9_34

Agustina, E. R., Christine, M., & Fitriani, I. (2019). Analisis Protokol CryptO-0N2 dengan Menggunakan Scyther Tool. Jurnal Teknologi Informasi dan Ilmu Komputer, 6(1), 107. https://doi.org/10.25126/jtiik.2019611303

Alharbi, E., Alsulami, N., & Batarfi, O. (2015). An Enhanced Dragonfly Key Exchange Protocol against Offline Dictionary Attack. Journal of Information Security, 06(02), 69–81. https://doi.org/10.4236/jis.2015.62008

Bayat, M., Pournaghi, M., Rahimi, M., & Barmshoory, M. (2020). NERA: A new and efficient RSU based authentication scheme for VANETs. Wireless Networks, 26(5), 3083–3098. https://doi.org/10.1007/s11276-019-02039-x

Cremers, C. (2014). Scyther User Manual. https://github.com/cascremers/scyther/blob/master/gui/scyther-manual.pdf

Cremers, C., & Mauw, S. (2012). Operational Semantics and Verification of Security Protocols. Springer Berlin Heidelberg. http://link.springer.com/10.1007/978-3-540-78636-8

Datta, A., Jha, S., Li, N., Melski, D., & Reps, T. (2010). Analysis Techniques for Information Security. Synthesis Lectures on Information Security, Privacy, and Trust, 2(1), 1–164. https://doi.org/10.2200/S00260ED1V01Y201003SPT002

Do, Q., Martini, B., & Choo, K.-K. R. (2019). The role of the adversary model in applied security research. Computers & Security, 81, 156–181. https://doi.org/10.1016/j.cose.2018.12.002

Hasrouny, H., Samhat, A. E., Bassil, C., & Laouiti, A. (2017). VANet security challenges and solutions: A survey. Vehicular Communications, 7, 7–20. https://doi.org/10.1016/j.vehcom.2017.01.002

Kanchan, S., Singh, G., & Chaudhari, N. S. (2019). SAPSC: SignRecrypting authentication protocol using shareable clouds in VANET groups. IET Intelligent Transport Systems, 13(9), 1447–1460. https://doi.org/10.1049/iet-its.2018.5474

Kumar, V., Ahmad, M., Mishra, D., Kumari, S., & Khan, M. K. (2020). RSEAP: RFID based secure and efficient authentication protocol for vehicular cloud computing. Vehicular Communications, 22, 100213. https://doi.org/10.1016/j.vehcom.2019.100213

Lauser, T., Zelle, D., & Krauß, C. (2020). Security Analysis of Automotive Protocols. Computer Science in Cars Symposium, 1–12. https://doi.org/10.1145/3385958.3430482

Liu, Y., Guo, W., Zhong, Q., & Yao, G. (2017). LVAP: Lightweight V2I authentication protocol using group communication in VANETs. International Journal of Communication Systems, 30(16), e3317. https://doi.org/10.1002/dac.3317

Patel, R., Borisaniya, B., Patel, A., Patel, D., Rajarajan, M., & Zisman, A. (2010). Comparative Analysis of Formal Model Checking Tools for Security Protocol Verification. In N. Meghanathan, S. Boumerdassi, N. Chaki, & D. Nagamalai (Eds.), Recent Trends in Network Security and Applications (Vol. 89, pp. 152–163). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-14478-3_16

Pournaghi, S. M., Zahednejad, B., Bayat, M., & Farjami, Y. (2018). NECPPA: A novel and efficient conditional privacy-preserving authentication scheme for VANET. Computer Networks, 134, 78–92. https://doi.org/10.1016/j.comnet.2018.01.015

Rasheed, A., Gillani, S., Ajmal, S., & Qayyum, A. (2017). Vehicular Ad Hoc Network (VANET): A Survey, Challenges, and Applications. In A. Laouiti, A. Qayyum, & M. N. Mohamad Saad (Eds.), Vehicular Ad-Hoc Networks for Smart Cities (Vol. 548, pp. 39–51). Springer Singapore. https://doi.org/10.1007/978-981-10-3503-6_4

Safkhani, M., Camara, C., Peris-Lopez, P., & Bagheri, N. (2021). RSEAP2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications, 28, 100311. https://doi.org/10.1016/j.vehcom.2020.100311

Sheikh, M. S., & Liang, J. (2019). A Comprehensive Survey on VANET Security Services in Traffic Management System. Wireless Communications and Mobile Computing, 2019, 1–23. https://doi.org/10.1155/2019/2423915

Zhao, G., Wang, R., Wang, X., & Zhu, X. (2018). Design and Formal Verification of a VANET Lightweight Authentication Protocol. 2018 IEEE 18th International Conference on Communication Technology (ICCT), 513–517. https://doi.org/10.1109/ICCT.2018.8600064

Zhou, J., Cao, Z., Qin, Z., Dong, X., & Ren, K. (2020). LPPA: Lightweight Privacy-Preserving Authentication From Efficient Multi-Key Secure Outsourced Computation for Location-Based Services in VANETs. IEEE Transactions on Information Forensics and Security, 15, 420–434. https://doi.org/10.1109/TIFS.2019.2923156