IET Intelligent Transport Systems Comment
Comment on ‘SFVCC: Chaotic map-based security framework for vehicular cloud computing’
ISSN 1751-956X
Received on 30th April 2020 Accepted on 14th May 2020 E-First on 9th November 2020 doi: 10.1049/iet-its.2020.0273 www.ietdl.org
Azeem Irshad
1, Shehzad Ashraf Chaudhry
21Department of Computer and Software Engineering, International Islamic University, Islamabad, Pakistan
2Department of Computer Engineering, Faculty of Engineering and Architecture, Istanbul Gelisim University, Istanbul, Turkey E-mail: [email protected]
Abstract: This comment is presented to identify the drawbacks in a recently published scheme SFVCC by Mishra et al.
doi:10.1049/iet-its.2019.0250. In this scheme, a malicious adversary may initiate a replay attack and denial of service attack after eavesdropping the communication. These attacks render the scheme inapplicable for practical deployment.
1 Discussion
This paper is written with reference to a recently published article SFVCC by Mishra et al. [1] in IET Intelligent Transport System, that was designed to secure the communication using Chaotic map- based authentication system between vehicular-RFID-based tags and cloud server. The need for authenticity and secure communication among the entities involving sensors-embedded vehicles, intermediate devices, and cloud servers can never be underrated in emerging intelligent transport systems. The Mishra et al. designed an efficient authentication scheme for vehicular cloud computing employing lightweight Chebyshev chaotic maps crypto- primitives. However, the scheme is found to be defenseless against the replay attack and denial of service attacks if initiated by a malicious intruder A. For instance, (i) the replay attack may be launched by A after intercepting the contents M1 = {W, Q, W1, TLA1} and M2 = {M1, TLA3} on the insecure channel and replaying with modified fresh timestamps TLAa and TLab towards cloud database server (S). The RFID reader (Rj) merely relays the message by adding the timestamp. The cloud server verifies the freshness of timestamp and computes anonymous identity IDT∗ to further retrieve sni from the repository and calculate SKTS and W1∗
to verify W1? = W1. The server authenticates the fake adversary and constructs the message M3 = {W2, TLA5} for forwarding to legal entities. Although, the adversary and server might not
construct an agreed session key SKTS, yet the adversary may overburden the server with too many fake requests just in the case of denial-of-service (DoS) attack, and the latter may not be able to distinguish a legal request from a fake one. It would seriously undermine the working efficiency of the server and prevent it to perform its useful operations. Secondly, (ii) even if the authentication request is received from a genuine tag Ti and Rj, the server will have to compute anonymous IDT∗ = W ⊕ Txs Ta (sni||
IDT) by consulting its repository, which is not a scalable solution for a large number of vehicles-based tags, and might lead to denial of service on the part of a server with too many legal requests.
Finally, in the tag registration phase for Ti, the Ti constructs the registration request MR1 = {PWT, IDT, TR1} and forwards to server on a secure channel, where PWT = h(IDT||PWT||RT), IDT is identity, PWT is the password, and RT is a random integer. The timestamp serves no purpose on a secure channel other than revoking the right of the device for further usage. However, this timestamp is merely used for freshness and not serving as a revoking instrument for the usage of tag Ti in the Mishra et al.'s scheme.
Reference
[1] Mishra, D., Kumar, V., Dharminder, D., et al.: ‘SFVCC: chaotic map-based security framework for vehicular cloud computing’, IET Intell. Transp. Syst., 2020, 14, (4), pp. 241–249
IET Intell. Transp. Syst., 2020, Vol. 14 Iss. 12, pp. 1723-1723
© The Institution of Engineering and Technology 2020
1723
17519578, 2020, 12, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/iet-its.2020.0273 by CochraneUnitedArabEmirates, Wiley Online Library on [24/01/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
