Comments on “A Secure, Privacy-Preserving, and Lightweight Authentication Scheme for VANETs”

Abstract

Very recently in 2021, Nandy et al. proposed an authentication scheme (IEEE Sensors Journal, 21(18), pp. 20998-21011, DOI: 10.1109/JSEN.2021.3097172, 2021) using elliptic curve cryptography and symmetric key-based hash functions and claimed it to provide privacy-preserving security for the VANETs. Nandy et al. further claimed that their designed method outperforms some of the existing schemes. Despite, the claim that their scheme can be deployed in real-world VANETs scenarios, this study mentions a critical design flaw in the computation of the key pair of each of the vehicles participating in the vehicular networks. Specifically, it is shown that a vehicle in Nandy et al.’s scheme cannot generate its private key. As a result, the public key of the vehicle is also void. Furthermore, it is also argued in this paper that Nandy et al.’s scheme does not provide vehicle privacy and during communication, two vehicles exchange useless pseudo numbers without any open or hidden identification information. Moreover, owing to the non-verification of the credentials of the process initiating vehicle, the scheme of Nandy et al. can become a prey to clogging attack.