Files and links (1)
Published VersionCC BY V4.0, Open Access
Journal article
Cryptanalysis and Improvement of the SMEP-IoV Protocol: A Secure and Lightweight Protocol for Message Exchange in IoV Paradigm
IoT, Vol.7(2), pp.1-30
2026
Abstract
The Internet of Vehicles (IoV) is a rapidly evolving technology that provides real-time connectivity, enhanced road safety, and reduced traffic congestion; however, its inherently open communication channels expose it to serious security and privacy threats. In 2021, Chaudhry proposed SMEP-IoV, a lightweight message authentication protocol designed to satisfy essential security requirements. This paper presents a comprehensive security analysis of SMEP-IoV and reveals several serious vulnerabilities. Specifically, sensitive credentials are stored in plaintext without tamper-resistant protection, and both authentication and session key derivation depend directly on these credentials. These structural flaws allow an adversary to extract the stored secrets, generate valid authentication messages, and derive the established session key, enabling vehicle impersonation and session key disclosure attacks. Moreover, compromise of long-term secrets facilitates key compromise impersonation attacks. It also fails to ensure anonymity and perfect forward secrecy. To address these issues, we propose an enhanced authentication protocol for resource-constrained IoV environments, leveraging a three-factor authentication mechanism combined with lightweight cryptographic primitives. Formal security analyses using BAN logic, Tamarin, and ProVerif confirm its resilience against known attacks, while NS-3 simulations validate its scalability, high throughput, and low End-to-End Delay (E2ED). The results highlight the protocol as a robust, efficient, and scalable solution for large-scale IoV deployments.
Details
- Title
- Cryptanalysis and Improvement of the SMEP-IoV Protocol: A Secure and Lightweight Protocol for Message Exchange in IoV Paradigm
- Authors
- Gelare Oudi Ghadim - Isfahan University of TechnologyParvin Rastegari - Isfahan University of TechnologyMohammad Dakhilalian - Isfahan University of TechnologyFaramarz Hendessi - Isfahan University of TechnologyShahrzad Saremi (Corresponding Author) - University of the Sunshine CoastRania Shibl - University of the Sunshine CoastYassine Himeur - University of DubaiShadi Atalla - University of DubaiWathiq Mansoor - American University of Iraq Baghdad
- Publication details
- IoT, Vol.7(2), pp.1-30
- Publisher
- MDPI AG
- Date published
- 2026
- DOI
- 10.3390/iot7020031
- ISSN
- 2624-831X
- Copyright note
- © 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license.
- Data Availability
- This is a theoretical and analytical study. The main contribution of the paper is the security analysis, cryptanalysis, and improvement of an existing cryptographic protocol. All evaluations are performed through formal security proofs, complexity analysis, and protocol design techniques. No experimental, observational, or user-related data were collected, processed, or analyzed in this study.
- Organisation Unit
- School of Science, Technology and Engineering
- Language
- English
- Record Identifier
- 991219627902621
- Output Type
- Journal article
Metrics
1 Record Views