SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing
Abstract
:1. Introduction
- 1.
- Case 1: The RSU judges that the vehicle communicates with itself for the first time and then sends a data request to the CS. The CS sends a response to the RSU accordingly and simultaneously sends the data response to the fog node. Thereafter, the vehicle and RSU realize their communication with the assistance of the fog node. The four entities involved in this communication process are the vehicle, RSU, fog node, and CS.
- 2.
- Case 2: This extends from Case 1. Only the fog node (without the participation of the CS) can help the vehicle and RSU to realize communication. Here, this architecture effectively realizes the function of the fog node sharing the computational burden of the CS.
- (1)
- We first propose a four-layer architecture in the IoV environment as shown in Figure 1. Adopting such an architecture reduces the computational pressure of the CS.
- (2)
- We apply SGX to store the private value of the fog node and RSU in SGX so that even if the attacker obtains the data in the authentication table, he or she cannot obtain the private values in SGX. In other words, SGX can make the proposed protocol resist privileged insider attacks and enhance the security of the protocol.
- (3)
- We prove the security of the proposed protocol through the Real-Or-Random model (ROR) and informal analysis. Furthermore, we compare the performance of the proposed protocol with recent protocols, with the results showing better security and a lower computational cost.
2. Related Work
3. The Proposed Protocol: SGXAP
3.1. System Model
- (1)
- Vehicle: This refers to the vehicle or vehicle user who selects the appropriate speed or driving route by acquiring the relevant real-time road information collected by the RSU.
- (2)
- RSU: This is a semi-trusted device that collects real-time road condition information. It is arranged on both sides of the road and has weak computing power and storage capacity. The RSU judges whether the vehicle is communicating with itself for the first time.
- (3)
- Fog node: This is a semi-trusted entity with certain computing power. It quickly processes the road condition information collected by the RSU and can store data. As a third party, the fog node participates in communicating between the vehicle and RSU.
- (4)
- CS: This is a semi-trusted entity which can realize the calculation or storage of a large amount of data. Here, the CS is the registration center, which participates in registering vehicle, RSU, and fog node. For Case 1, it is also the data transmitter.
- 1.
- Case 1 is shown in Figure 2. The RSU judges that the vehicle communicates with itself for the first time and sends a data request to the CS. Then, the CS transmits the private value of the vehicle to the fog node and RSU. Here, the RSU stores the private data of the vehicle to judge whether the communication between the vehicle and itself is happening for the first time. The fog node stores information about the vehicle to realize the authentication process. Finally, the vehicle and RSU realize communication through the fog node.
- 2.
- Case 2 is shown in Figure 3. This case extends Case 1. Therefore, only the fog node (without the participation of the CS) can help the vehicle and RSU to realize communication. This is because in the first communication, the fog node and RSU know the private information of the vehicle. Here, this architecture dramatically reduces the computational burden of the CS.
3.2. The Proposed SGXAP
3.2.1. Registration Phase
- (1)
- First, selects the , password , biometrics , and random number , computes , and finally transmits to the .
- (2)
- After receives the message , it selects , computes and , and then saves the pseudo identity in the database before finally transmitting to .
- (3)
- After receives the message , it computes , , and . Finally, stores in the smart card (SC).
- (1)
- First, selects the and random number and then transmits to the .
- (2)
- After the receives the message , it selects , computes and , saves in the database, transmits to , and sends to .
- (3)
- After receives the message , it stores in the database.
- (4)
- After receives the message , it stores in SGX and stores in the database.
- (1)
- First, selects the identity and random number and then transmits to the .
- (2)
- After the receives the message , it selects , computes and , saves in the database, and transmits to .
- (3)
- After receives the message , it stores in the database.
3.2.2. Login and Authentication Phase
- 1.
- Case 1. communicates with under for the first time. The authentication process needs the assistance of and the participation of the . When receives the message sent by , it cannot retrieve the private value of through the pseudo-identity . Then, enters the data transmission phase and sends a data request to the . After the successfully verifies , it sends the private value of to and , and then and store the private value. Finally, , , and continue to realize relevant authentication. The entire process includes the authentication phase of Figure 7 and the data transmission phase of Figure 8.
- 2.
- Case 2. has communicated with under . Therefore, the private value of is stored in and , and the entire authentication process can be realized without the participating. The process is the login authentication phase, as shown in Figure 7.
- (1)
- first enters its own , , and , and the SC computes , , and and compares . If they are equal, then the login is successful. Otherwise, the login fails. After successfully logging in to the SC, selects a random number and timestamp and computes , , , and . Finally, sends the message to .
- (2)
- After receives from , it first checks the freshness of the timestamp . If the limit is exceeded, then the authentication is suspended. Otherwise, the authentication continues. Then, indexes stored in SGX according to . If it cannot be indexed, then it indicates that is communicating with for the first time. Here, sends a data request to the , requesting the to send the private value of to itself and , as shown in Figure 8, and then continue to realize the authentication process. If it can be indexed, is not communicating with for the first time, and the authentication process continues. Later, selects , and computes , , and . Finally, sends the message to .
- (3)
- After receives from , it checks the freshness of and then sends to the security interface of SGX. SGX matches the secret value according to , computes , and outputs the secret value from the secure interface after the computation is completed. Then, computes and and compares . If they are equal, this indicates that is legal. Otherwise, the authentication is suspended. finds the identity according to and then sends to the security interface of SGX. SGX matches the secret value according to , computes , and outputs the secret value from the secure interface. Then, computes , and compares . If they are equal, is legal. Otherwise, the authentication is suspended. After authenticating and , selects timestamp , computes , , and finally sends the message to .
- (4)
- After receives the message from , it checks the freshness of and computes , , and . Then, compares . If they are equal, is legal. Otherwise, the authentication fails. After the authentication is successful, selects the timestamp and computes and . Finally, the message is sent to .
- (5)
- After receives from , it first checks the freshness of and then computes , , and . Then, compares . If they are equal, is legal. Otherwise, the authentication fails.
3.2.3. Data Transmission Phase
- (1)
- generates a data request , selects and , and computes and . Finally, the message is sent to the .
- (2)
- After the receives from , it checks the freshness of . After finding according to , the computes , , and and compares . If they are equal, is legal. Otherwise, the authentication is suspended. Then, selects and and computes , , and . The finds according to and computes , , and . Finally, the message is sent to , and is sent to .
- (3)
- After receives from the , it checks the freshness of , computes and , and compares . If they are equal, then is legal. Otherwise, the authentication is suspended. Finally, stores in SGX.
- (4)
- After receives the message from the , it checks the freshness of , computes and , and compares . If they are equal, then the is legal. Otherwise, the authentication is suspended. Finally, stores in SGX.
4. Security Analysis
4.1. Formal Security Analysis
4.1.1. Adversary Model
- (1)
- A can intercept, interrupt, forge, and replay the information transmitted on the common channel.
- (2)
- A can act as malicious insiders of the fog nodes and CS to obtain internal information.
- (3)
- A can guess the identities or passwords of vehicles by violent cracking.
- (4)
- A can obtain the values in the vehicle’s smart card.
- (5)
- A can obtain the private key of the CS and a random number of four entities.
- (1)
- : A intercepts messages transmitted on the common channel;
- (2)
- : A sends message M to entity Y and receives a response;
- (3)
- : A enters a character string of any length and returns the corresponding hash value;
- (4)
- : A can obtain the private value of an entity;
- (5)
- : A flips a coin C. If , then A can obtain . If , A can obtain any string of the same length as the .
4.1.2. Security Requirements
- 1.
- User anonymity and untraceability: A can neither obtain the real identity of the communication entity nor trace the session key of the communication process through the data transmitted on the public channel.
- 2.
- Resistance of common attacks: The secure AKA protocol should be able to resist the following attacks:
- (1)
- Privileged insider attacks: As an A, the insiders of the communication entity spy on the private data stored in the database to disguise as a legal entity or obtain the session key;
- (2)
- Impersonation attacks: A intercepts and decrypts the data transmitted on the public channel, disguises as a legal entity, communicates with other entities, and establishes a session key;
- (3)
- Known temporary information disclosure attacks: A calculates the session key in the communication process by obtaining the random number of an entity and the data transmitted on the public channel;
- (4)
- Man-in-the-middle attacks: A intercepts the data transmitted on the public channel, tampers with the data, and establishes the session key with the legal entity without the knowledge of both parties of the communication entity;
- (5)
- Offline password guessing attacks: A intercepts the verification value containing the password stored on the public channel or in the smart device, repeatedly guesses the password, calculates the verification value in the offline state, and compares it with the intercepted verification value until the two values are equal;
- (6)
- Replay attacks: A repeatedly sends the message transmitted on the public channel to the communication entity so as to deceive the entity and interfere with normal communication;
- (7)
- Stolen smart card attacks: After A steals the smart card and obtains the parameters about the entity identity before using the parameters to launch camouflage attacks or malicious acts.
4.2. Informal Security Analysis
4.2.1. Mutual Authentication
4.2.2. Replay Attacks
4.2.3. Privileged Insider Attacks
4.2.4. Man-in-the-Middle Attacks
4.2.5. User Anonymity and Untraceability
5. Comparisons and Discussions
5.1. Security Comparisons
5.2. Performance Comparison
5.3. Discussions
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Abbreviations
IoT | Internet of Things |
IoV | Internet of Vehicles |
SGX | Software guard extensions |
PRM | Preserved random memory |
EPC | Enclave page cache |
ROR | Real-or-Random |
V2V | Vehicle-to-vehicle |
V2P | Vehicles-to-pedestrians |
V2I | Vehicle-to-infrastructure |
AKA | Authenticated key agreement |
RSU | Roadside unit |
PKI | Public key infrastructure |
ECC | Elliptic curve cryptography |
AKM | Authentication key management |
PUF | Physical unclonable function |
References
- Khan, M.A.; Salah, K. IoT security: Review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 2018, 82, 395–411. [Google Scholar] [CrossRef]
- Chegini, H.; Naha, R.K.; Mahanti, A.; Thulasiraman, P. Process automation in an IoT–fog–cloud ecosystem: A survey and taxonomy. IoT 2021, 2, 92–118. [Google Scholar] [CrossRef]
- Yang, F.; Wang, S.; Li, J.; Liu, Z.; Sun, Q. An overview of internet of vehicles. China Commun. 2014, 11, 1–15. [Google Scholar] [CrossRef]
- Contreras-Castillo, J.; Zeadally, S.; Guerrero-Ibañez, J.A. Internet of vehicles: Architecture, protocols, and security. IEEE Internet Things J. 2017, 5, 3701–3709. [Google Scholar] [CrossRef]
- Zhou, H.; Xu, W.; Chen, J.; Wang, W. Evolutionary V2X technologies toward the Internet of vehicles: Challenges and opportunities. Proc. IEEE 2020, 108, 308–323. [Google Scholar] [CrossRef]
- Stojmenovic, I.; Wen, S.; Huang, X.; Luan, H. An overview of fog computing and its security issues. Concurr. Comput. Pract. Exp. 2016, 28, 2991–3005. [Google Scholar] [CrossRef]
- Chen, S.; Zhang, T.; Shi, W. Fog computing. IEEE Internet Comput. 2017, 21, 4–6. [Google Scholar] [CrossRef]
- Dastjerdi, A.V.; Gupta, H.; Calheiros, R.N.; Ghosh, S.K.; Buyya, R. Fog computing: Principles, architectures, and applications. In Internet of things; Elsevier: Amsterdam, The Netherlands, 2016; pp. 61–75. [Google Scholar] [CrossRef] [Green Version]
- Ma, M.; He, D.; Wang, H.; Kumar, N.; Choo, K.K.R. An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks. IEEE Internet Things J. 2019, 6, 8065–8075. [Google Scholar] [CrossRef]
- Eftekhari, S.A.; Nikooghadam, M.; Rafighi, M. Security-enhanced three-party pairwise secret key agreement protocol for fog-based vehicular ad-hoc communications. Veh. Commun. 2021, 28, 100306. [Google Scholar] [CrossRef]
- Wu, T.Y.; Lee, Z.; Yang, L.; Luo, J.N.; Tso, R. Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks. J. Supercomput. 2021, 77, 6992–7020. [Google Scholar] [CrossRef]
- Wu, T.Y.; Guo, X.; Yang, L.; Meng, Q.; Chen, C.M. A Lightweight Authenticated Key Agreement Protocol Using Fog Nodes in Social Internet of Vehicles. Mob. Inf. Syst. 2021, 2021, 3277113. [Google Scholar] [CrossRef]
- Ying, B.; Nayak, A. Anonymous and lightweight authentication for secure vehicular networks. IEEE Trans. Veh. Technol. 2017, 66, 10626–10636. [Google Scholar] [CrossRef]
- Mohit, P.; Amin, R.; Biswas, G. Design of authentication protocol for wireless sensor network-based smart vehicular system. Veh. Commun. 2017, 9, 64–71. [Google Scholar] [CrossRef]
- Yu, S.; Lee, J.; Lee, K.; Park, K.; Park, Y. Secure authentication protocol for wireless sensor networks in vehicular communications. Sensors 2018, 18, 3191. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Li, J.; Lu, H.; Guizani, M. ACPN: A novel authentication framework with conditional privacy-preservation and non-repudiation for VANETs. IEEE Trans. Parallel Distrib. Syst. 2014, 26, 938–948. [Google Scholar] [CrossRef]
- Liu, X.; Guo, Z.; Ma, J.; Song, Y. A Secure Authentication Scheme for Wireless Sensor Networks Based on DAC and Intel SGX. IEEE Internet Things J. 2021, 9, 3533–3547. [Google Scholar] [CrossRef]
- Condé, R.C.; Maziero, C.A.; Will, N.C. Using Intel SGX to protect authentication credentials in an untrusted operating system. In Proceedings of the 2018 IEEE Symposium on Computers and Communications (ISCC), Natal, Brazil, 25–28 June 2018; pp. 158–163. [Google Scholar]
- Wang, J.; Hao, S.; Li, Y.; Fan, C.; Wang, J.; Han, L.; Hong, Z.; Hu, H. Challenges towards protecting vnf with sgx. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Tempe, AZ, USA, 21 March 2018; pp. 39–42. [Google Scholar] [CrossRef]
- Chaudhry, S.A. Combating identity de-synchronization: An improved lightweight symmetric key based authentication scheme for IoV. J. Netw. Intell. 2021, 6, 12. [Google Scholar]
- Xiong, H.; Chen, J.; Mei, Q.; Zhao, Y. Conditional privacy-preserving authentication protocol with dynamic membership updating for VANETs. IEEE Trans. Dependable Secur. Comput. 2022, 19, 2089–2104. [Google Scholar] [CrossRef]
- Raya, M.; Hubaux, J.P. Securing vehicular ad hoc networks. J. Comput. Secur. 2007, 15, 39–68. [Google Scholar] [CrossRef] [Green Version]
- Huang, J.L.; Yeh, L.Y.; Chien, H.Y. ABAKA: An anonymous batch authenticated and key agreement scheme for value-added services in vehicular ad hoc networks. IEEE Trans. Veh. Technol. 2010, 60, 248–262. [Google Scholar] [CrossRef]
- Sadri, M.J.; Rajabzadeh Asaar, M. A lightweight anonymous two-factor authentication protocol for wireless sensor networks in Internet of Vehicles. Int. J. Commun. Syst. 2020, 33, e4511. [Google Scholar] [CrossRef]
- Jiang, Q.; Zhang, X.; Zhang, N.; Tian, Y.; Ma, X.; Ma, J. Three-factor authentication protocol using physical unclonable function for IoV. Comput. Commun. 2021, 173, 45–55. [Google Scholar] [CrossRef]
- Kumar, S.; Banka, H.; Kaushik, B.; Sharma, S. A review and analysis of secure and lightweight ECC-based RFID authentication protocol for Internet of Vehicles. Trans. Emerg. Telecommun. Technol. 2021, 32, e4354. [Google Scholar] [CrossRef]
- Wu, T.Y.; Meng, Q.; Yang, L.; Guo, X.; Kumari, S. A provably secure lightweight authentication protocol in mobile edge computing environments. J. Supercomput. 2022, 1–22. [Google Scholar] [CrossRef]
- Huang, X.; Xiong, H.; Chen, J.; Yang, M. Efficient Revocable Storage Attribute-based Encryption with Arithmetic Span Programs in Cloud-assisted Internet of Things. IEEE Trans. Cloud Comput. 2021. [Google Scholar] [CrossRef]
- Wazid, M.; Bagga, P.; Das, A.K.; Shetty, S.; Rodrigues, J.J.; Park, Y. AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment. IEEE Internet Things J. 2019, 6, 8804–8817. [Google Scholar] [CrossRef]
- Han, M.; Liu, S.; Ma, S.; Wan, A. Anonymous-authentication scheme based on fog computing for VANET. PLoS ONE 2020, 15, e0228319. [Google Scholar] [CrossRef]
- Soleymani, S.A.; Goudarzi, S.; Anisi, M.H.; Zareei, M.; Abdullah, A.H.; Kama, N. A security and privacy scheme based on node and message authentication and trust in fog-enabled VANET. Veh. Commun. 2021, 29, 100335. [Google Scholar] [CrossRef]
- Canetti, R.; Goldreich, O.; Halevi, S. The random oracle methodology, revisited. J. ACM (JACM) 2004, 51, 557–594. [Google Scholar] [CrossRef] [Green Version]
- Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
- Canetti, R.; Krawczyk, H. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Innsbruck, Austria, 6–10 May 2001; Springer: Berlin/Heidelberg, Germany, 2001; pp. 453–474. [Google Scholar]
- Wang, D.; Cheng, H.; Wang, P.; Huang, X.; Jian, G. Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 2017, 12, 2776–2791. [Google Scholar] [CrossRef]
- He, D.; Kumar, N.; Lee, J.H.; Sherratt, R.S. Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 2014, 60, 30–37. [Google Scholar]
Protocols | Cryptographic Techniques and Properties | Limitations |
---|---|---|
Ying et al. [13] | (1) One-way hash function (2) Anonymity | (1) Does not resist replay attacks (2) Does not resist offline identity guessing attacks (3) Does not resist stolen smart card attacks |
Mohit et al. [14] | (1) One-way hash function (2) Based on smart card | (1) Does not resist impersonation attacks (2) Does not provide mutual authentication |
Yu et al. [15] | One-way hash function | (1) Does not resist user impersonation attacks (2) Does not resist sensor capture attacks |
Ma et al. [9] | (1) ECC (2) Based on smart card | (1) Does not resist internal attacks (2) Does not resist stolen smart card attacks (3) Does not resist known session-specific temporary information attacks |
Wazid et al. [29] | (1) ECC (2) Anonymity | − |
Eftekhari et al. [10] | (1) ECC (2) Anonymity | − |
Wu et al. [11] | (1) One-way hash function (2) ECC | − |
Wu et al. [12] | (1) One-way hash function (2) Three-factor (3) Based on smart card | − |
Symbol | Description |
---|---|
The i-th vehicle | |
The j-th RSU | |
The m-th fog node | |
Cloud server | |
Identities of , , and | |
Secret key of | |
Session key | |
and | Symmetric encryption and decryption algortihm |
Query | Description |
---|---|
On a query , we assume is a normal state. selects and computes , , , and . Then, returns . | |
On a query , computes , and checks . If the verification holds, continue to calculate and check . If it is equal, select and compute . Then, returns . | |
On a query , computes , and and checks . If holds, selects and computes . Then, returns . | |
On a query ), computes , and and checks . If it is not equal, then the query process is terminated. Otherwise, accepts and terminates. | |
On an query, we continue with the query simulation as follows: ⟵, ⟵, ⟵, ⟵. The query returns , and . | |
On a query, if is accepted, then it returns the private information of vehicle V. | |
On a query, to flip a coin C, if , A can obtain . If , A can obtain any string of the same length as . |
Security Properties | [9] | [29] | [10] | [11] | Ours |
---|---|---|---|---|---|
Privileged insider attacks | × | ✓ | − | ✓ | ✓ |
Impersonation attacks | ✓ | × | ✓ | ✓ | ✓ |
Known temporary information disclosure attacks | × | − | ✓ | ✓ | ✓ |
Stolen smart card attacks | × | ✓ | − | − | ✓ |
User anonymity | × | ✓ | ✓ | ✓ | ✓ |
Man-in-the-middle attacks | ✓ | − | − | ✓ | ✓ |
Untraceability | × | ✓ | ✓ | ✓ | ✓ |
Offline password guessing attacks | − | ✓ | − | ✓ | ✓ |
Replay attacks | ✓ | ✓ | ✓ | ✓ | ✓ |
MI 8 | Lenovo Desktop Computer | Lenovo Laptop | |
---|---|---|---|
Operating System | Android system | Windows 10 | Windows 10 |
CPU | Qualcomm Snapdragon 845 | Intel(R) Core(TM) i5-9500 CPU @ 3.00 GHz | Intel(R) Core(TM) i7-6700HQ CPU @ 2.60 GHz |
Memory | 6 GB | 8 GB RAM | 16 GB RAM |
Operations | (ms) | / (ms) | CS (ms) |
---|---|---|---|
ECC scalar multiplication | 20 | 18 | 12 |
ECC point addition | 0.1556 | 0.0731 | 0.0500 |
Symmetric key encryption and decryption | 0.2263 | 0.1648 | 0.1384 |
Hash function | 0.0042 | 0.0030 | 0.0024 |
Protocol | (ms) | (ms) | (ms) | CS (ms) |
---|---|---|---|---|
Ma et al. [9] | - | |||
Wazid et al. [29] | - | |||
Eftekhari et al. [10] | - | |||
Wu et al. [11] | - | |||
Ours, Case 1 | ||||
Ours, Case 2 | - |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Wu, T.-Y.; Guo, X.; Chen, Y.-C.; Kumari, S.; Chen, C.-M. SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing. Symmetry 2022, 14, 1393. https://doi.org/10.3390/sym14071393
Wu T-Y, Guo X, Chen Y-C, Kumari S, Chen C-M. SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing. Symmetry. 2022; 14(7):1393. https://doi.org/10.3390/sym14071393
Chicago/Turabian StyleWu, Tsu-Yang, Xinglan Guo, Yeh-Cheng Chen, Saru Kumari, and Chien-Ming Chen. 2022. "SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing" Symmetry 14, no. 7: 1393. https://doi.org/10.3390/sym14071393
APA StyleWu, T. -Y., Guo, X., Chen, Y. -C., Kumari, S., & Chen, C. -M. (2022). SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing. Symmetry, 14(7), 1393. https://doi.org/10.3390/sym14071393