Two-phase authentication for secure vehicular digital twin communications

With the continuous development and advancement of autonomous vehicle, vehicular digital twin (VDT) has emerged as a new paradigm that facilitates real-time vehicle data analysis and enhances communication efficiency. To mitigate potential security issues in communication between vehicles and digital twins, ensuring the safety of physical vehicle operation, this paper proposes a two-phase authentication for secure VDT communication. The proposed scheme guarantees both the protection of user and vehicle identities and the security of data transmission. In the first phase, authentication is performed based on the vehicle owner’s ID, password, and biometric identifiers to verify vehicle ownership. The second phase involves the issuance of agent authorizations and signatures by the trusted authority (TA) and the generation of proxy private keys by the vehicle and its twin. Mutual authentication through the exchange of information and signatures ensures the legitimacy of both parties’ identities. The correctness of the proposed protocol is verified through BAN logic and formal security validation using the AVISPA. Finally, the performance and security evaluations demonstrate that the proposed scheme achieves strong anonymity and effectively balances computational and communication overhead. It successfully resists replay and forgery attacks, ensuring robust security. Compared to representative existing schemes, our protocol reduces computation cost in the user authentication phase by up to 36.4% and communication overhead by 67.3%. In the vehicle authentication phase, it achieves over 82% reduction in computation and 39.8%reduction in communication overhead, while preserving comprehensive security guarantees.