Efficient and provably secure privacy-preserving two-factor authentication and key-agreement using blockchain and TEE for IoV environments

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-04-25 DOI:10.1016/j.sysarc.2025.103422

Qihang Hou , Chingfang Hsu , Man Ho Au , Honglang Hu , Zhuo Zhao , Zeyu Wu

{"title":"Efficient and provably secure privacy-preserving two-factor authentication and key-agreement using blockchain and TEE for IoV environments","authors":"Qihang Hou , Chingfang Hsu , Man Ho Au , Honglang Hu , Zhuo Zhao , Zeyu Wu","doi":"10.1016/j.sysarc.2025.103422","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid advancement of wireless communication and cloud computing technologies, the Internet of Vehicles (IoV), which enables information sharing between vehicles, cloud servers, and infrastructure to support intelligent driving and road safety functionalities, has seen widespread adoption. However, transmitting information through public channels in IoV introduces significant privacy and security risks. For example, vehicle location trajectories and road users’ identity information are vulnerable to leakage, and the communication process may be subject to various forms of attacks. To address these issues, extensive research has focused on authentication and key agreement (AKA) protocols for intelligent vehicles and cloud servers in IoV. However, existing solutions have several drawbacks, including excessive reliance on third-party entities, such as registration authorities, high computational overhead, inadequate security features, and multiple interactions, all of which fail to meet the resource constraints and real-time communication requirements of IoV. To overcome these limitations, this paper introduces, for the first time, the Trusted Execution Environment (TEE) into IoV authentication and proposes an efficient and provably secure privacy-preserving two-factor authentication and key agreement scheme based on blockchain and TEE, called BPAKA. Compared to existing methods, BPAKA offers several significant improvements: First, it leverages TEE to eliminate the need for trusted third parties, enabling mutual anonymous authentication between intelligent vehicles and cloud servers in IoV scenarios, while ensuring a comprehensive set of security properties. Second, BPAKA incorporates a blockchain-based data-sharing framework, ensuring lightweight computational overhead. The AKA process requires only a single round of interaction, thereby fulfilling IoV’s real-time requirements and mitigating the impact of network fluctuations. Third, the security of BPAKA is formally proven using provable security techniques, demonstrating its robustness against various potential threats. Furthermore, performance evaluations show that, compared to existing IoV schemes, BPAKA achieves lower overall computational overhead. In addition, when compared with the state-of-the-art TEE-based scheme, the computation overhead in TEE of BPAKA is only 50.1% of that of the latter, while maintaining feasible communication and storage costs.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"164 ","pages":"Article 103422"},"PeriodicalIF":3.7000,"publicationDate":"2025-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125000943","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the rapid advancement of wireless communication and cloud computing technologies, the Internet of Vehicles (IoV), which enables information sharing between vehicles, cloud servers, and infrastructure to support intelligent driving and road safety functionalities, has seen widespread adoption. However, transmitting information through public channels in IoV introduces significant privacy and security risks. For example, vehicle location trajectories and road users’ identity information are vulnerable to leakage, and the communication process may be subject to various forms of attacks. To address these issues, extensive research has focused on authentication and key agreement (AKA) protocols for intelligent vehicles and cloud servers in IoV. However, existing solutions have several drawbacks, including excessive reliance on third-party entities, such as registration authorities, high computational overhead, inadequate security features, and multiple interactions, all of which fail to meet the resource constraints and real-time communication requirements of IoV. To overcome these limitations, this paper introduces, for the first time, the Trusted Execution Environment (TEE) into IoV authentication and proposes an efficient and provably secure privacy-preserving two-factor authentication and key agreement scheme based on blockchain and TEE, called BPAKA. Compared to existing methods, BPAKA offers several significant improvements: First, it leverages TEE to eliminate the need for trusted third parties, enabling mutual anonymous authentication between intelligent vehicles and cloud servers in IoV scenarios, while ensuring a comprehensive set of security properties. Second, BPAKA incorporates a blockchain-based data-sharing framework, ensuring lightweight computational overhead. The AKA process requires only a single round of interaction, thereby fulfilling IoV’s real-time requirements and mitigating the impact of network fluctuations. Third, the security of BPAKA is formally proven using provable security techniques, demonstrating its robustness against various potential threats. Furthermore, performance evaluations show that, compared to existing IoV schemes, BPAKA achieves lower overall computational overhead. In addition, when compared with the state-of-the-art TEE-based scheme, the computation overhead in TEE of BPAKA is only 50.1% of that of the latter, while maintaining feasible communication and storage costs.

查看原文本刊更多论文

在IoV环境中使用区块链和TEE的高效且可证明安全的保护隐私的双因素身份验证和密钥协议

随着无线通信和云计算技术的快速发展，车辆、云服务器、基础设施之间的信息共享，以支持智能驾驶和道路安全功能的车联网（IoV）得到了广泛的应用。然而，在车联网中，通过公共渠道传输信息会带来重大的隐私和安全风险。例如，车辆位置轨迹和道路使用者的身份信息容易泄露，通信过程可能受到各种形式的攻击。为了解决这些问题，广泛的研究集中在智能车辆和物联网云服务器的身份验证和密钥协议（AKA）协议上。然而，现有的解决方案存在着对注册机构等第三方实体的过度依赖、计算开销大、安全特性不足、交互方式多等缺点，无法满足车联网的资源限制和实时通信需求。为了克服这些限制，本文首次将可信执行环境（TEE）引入到车联网身份验证中，并提出了一种高效且可证明安全的基于区块链和TEE的双因素身份验证和密钥协议方案，称为BPAKA。与现有方法相比，BPAKA提供了几个重大改进：首先，它利用TEE消除了对可信第三方的需求，在车联网场景中实现智能车辆和云服务器之间的相互匿名认证，同时确保一套全面的安全属性。其次，BPAKA结合了基于区块链的数据共享框架，确保了轻量级的计算开销。AKA流程只需单轮交互，既满足了车联网的实时性要求，又减轻了网络波动的影响。第三，使用可证明的安全技术正式证明了BPAKA的安全性，证明了其对各种潜在威胁的鲁棒性。此外，性能评估表明，与现有的车联网方案相比，BPAKA实现了更低的总体计算开销。此外，与最先进的基于TEE的方案相比，BPAKA的TEE计算开销仅为后者的50.1%，同时保持了可行的通信和存储成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.