SummaryInternet of Vehicles (IoV), as the next generation of transportation systems, tries to make highway and public transportation more secure than used to be. In this system, users use public channels for their communication so they can be the victims of passive or active attacks. Therefore, a secure authentication protocol is essential for IoV; consequently, many protocols are presented to provide secure authentication for IoV. In 2018, Yu et al proposed a secure authentication protocol for WSNs in vehicular communications and claimed that their protocol could satisfy all crucial security features of a secure authentication protocol. Unfortunately, we found that their protocol is susceptible to sensor capture attack, user traceability attack, user impersonation attack, and offline sink node's secret key guessing attack. In this paper, we propose a new authentication protocol for IoV which can solve the weaknesses of Yu et al's protocol. Our protocol not only provides anonymous user registration phase and revocation smart card phase but also uses the biometric template in place of the password. We use both Burrow‐Abadi‐Needham (BAN) logic and real‐or‐random (ROR) model to present the formal analysis of our protocol. Finally, we compare our protocol with other existing related protocols in terms of security features and computation overhead. The results prove that our protocol can provide more security features and it is usable for IoV system.
Wireless sensor networks (WSNs) play an influential role in the advancement of Internet of Things (IoT) because the infrastructure of WSNs consists of lots of sensors, which can be used to collect online data by the users or service providers; however, in the process of collecting the data, the users and service providers have to communicate with the sensors through an unprotected channel, so the confidentiality and integrity of the transmitted messages might be threatened by an adversary. Consequently, several authentication protocols have been proposed to provide a secure authentication process for IoT-based WSNs. In this paper, we analyze Ghani et al.'s protocol and demonstrate that their protocol is vulnerable to user impersonation attack, malicious gateway attack, and traceability attack. Furthermore, it suffers from some design weaknesses. To fix these drawbacks, we propose a new hash-based authentication protocol for IoT-based WSNs. We analyze our protocol with both formal and informal methods to show that our protocol is secure against various known attacks such as sensor and user trace, sensor capture, off-line password guessing, and replay attacks. Finally, we evaluate our protocol in terms of security features and communication and computation costs. The results show that not only the proposed protocol is more secure than other existing protocols but also reduces 60% of the execution time of the user authentication process in comparison with Ghani et al.'s protocol.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.