Comments on “A Secure, Privacy-Preserving, and Lightweight Authentication Scheme for VANETs”
Shehzad Ashraf Chaudhry
Abstract
Very recently in 2021, Nandy <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed an authentication scheme (IEEE Sensors Journal, 21(18), pp. 20998-21011, DOI: 10.1109/JSEN.2021.3097172, 2021) using elliptic curve cryptography and symmetric key-based hash functions and claimed it to provide privacy-preserving security for the VANETs. Nandy <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> further claimed that their designed method outperforms some of the existing schemes. Despite, the claim that their scheme can be deployed in real-world VANETs scenarios, this study mentions a critical design flaw in the computation of the key pair of each of the vehicles participating in the vehicular networks. Specifically, it is shown that a vehicle in Nandy <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s scheme cannot generate its private key. As a result, the public key of the vehicle is also void. Furthermore, it is also argued in this paper that Nandy <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s scheme does not provide vehicle privacy and during communication, two vehicles exchange useless pseudo numbers without any open or hidden identification information. Moreover, owing to the non-verification of the credentials of the process initiating vehicle, the scheme of Nandy <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> can become a prey to clogging attack.