The Security of "2FLIP" Authentication Scheme for VANETs: Attacks and Rectifications

Wireless broadcast transmission enables Inter-vehicle or Vehicle-to-Vehicle (V2V) communication among nearby vehicles and with nearby fixed equipment, referred to as Road Side Units (RSUs). The vehicles and RSUs within transmission range establish a self-organizing network called Vehicular Ad-hoc Network (VANET). The V2V communication in VANETs is vulnerable to cyber-attacks involving message manipulation. Thus, mechanisms should be applied to ensure both the authenticity and integrity of the data broadcast. However, due to privacy concerns, it is important to avoid the use of identifiers that may aid tracking and surveillance of drivers. This is a serious constraint on authentication mechanisms. Recently, Wang et al. [1] proposed A Two-Factor Lightweight Privacy Preserving Authentication Scheme for VANET named 2FLIP. They claim that their scheme includes a secure systemkey update protocol to restore the whole system when necessary. In this paper, we show that this is incorrect: 2FLIP does not provide perfect forward secrecy. This results in a known-key attack, as well as message forgery attack by an external adversary who may be an unregistered vehicle user. This external adversary can generate valid anonymous messages and further, they cannot be traced. The 2FLIP scheme is efficient, so we propose a modification to improve the security. We provide a formal security proof to show that our proposal is indeed provably secure. We demonstrate the efficiency of our proposal by conducting extensive performance analysis. We believe the enhanced system-key update protocol will be useful for application by researchers and designers in current and future VANET authentication schemes.