Security analysis on "Three-factor authentication protocol using physical unclonable function for IoV"

The advent of the Internet of Things has enriched the network field with new themes, among which we find the Internet of Vehicles (IoV). IoV improved the various smart traffic applications for management or security. It makes vehicles autonomously deal with the unexpected by sharing various resources like critical information, computing resources, etc. Nonetheless and as a user of current network technologies, IoV suffers from the same vulnerabilities of these technologies, which makes it vulnerable to various kinds of attacks that affect security and privacy. To overcome these new challenges, researchers have considered different IoV authentication protocols. However, most of them are compromised and contain real security problems. Dealing with IoV authentication protocol security flaws is a real challenge. Recently, Jiang et al. (Comput Commun 173:45-55, 2021) designed a three-factor authentication protocol for IoV environment. The proposed protocol combines lightweight operations that include elliptic curve cryptography, hash function, physically unclonable function, concatenation on one side, and XOR operation on the other side. Contrariwise, it contains several flaws. In this paper, we detailed the security analysis of Jiang et al. protocol that proves the limit of security guarantees between only user and data center due to the possibility for an adversary to deduce a session key shared between vehicle sensor and data center and between vehicle sensor and user. Moreover, regarding these limitations, we propose an improvement to remedy all the said security pitfalls.