IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment

With the emergence of the concept of smart city and the increasing demands for a range of vehicles, Internet of Vehicles (IoV) has achieved a lot of attention by providing multiple benefits, including vehicle emergence, accidents, levels of pollution, and traffic congestion. Moreover, IoV provides various services by combining vehicular ad-hoc networks (VANET) with the Internet of Things (IoT) in smart cities. However, the communication among vehicles is susceptible to various security threats because the sensitive message is transmitted via a insecure channel in the IoV-based smart city environment. Thus, a secure message authentication protocol is indispensable to ensure various services for IoV in a smart city environment. In 2020, a secure message authentication protocol for IoV communication in smart cities has been proposed. However, we discover that the analyzed scheme suffers from various potential attacks such as impersonation, secret key disclosure, and off-line guessing attacks, and also does not ensure authentication. To solve the security threats of the analyzed scheme, we design a secure and efficient message authentication protocol for IoV in a smart city environment, called IoV-SMAP. The proposed IoV-SMAP can resist security drawbacks and provide user anonymity, and mutual authentication. We demonstrate the security of IoV-SMAP by performing informal and formal analyses such as the Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Application (AVISPA) simulations. In addition, we compare the performance of IoV-SMAP with related existing competing authentication schemes. We demonstrate that IoV-SMAP provides better security along with efficiency than related competing schemes and is suitable for the IoV-based smart city environment.


I. INTRODUCTION
A report on global road safety by the ''World Health Organization (WHO)'' in 2019 [1], shows that traffic accidents are approximately 1.25 million each year and it is the eighth leading cause of death for citizens of all ages. If certain precautions are not taken to address these problems, traffic accidents will become the fifth leading cause of death by 2030 [2]. In this regard, systematic methods for improving The associate editor coordinating the review of this manuscript and approving it for publication was Zhibo Wang . road safety and preventing vehicular accidents have been studied in the scientific communities for many years.
With the advances in ''Vehicular Ad-Hoc Networks (VANET)'', ''Internet of Things (IoT)'', and road infrastructure have made the realization of smart cities possible in the future [3]- [7]. The smart cities emerged as ''a strategy to alleviate the challenges of rapid and continuous urbanization which at the same time provide a better quality of life for citizens'' [8]. However, the significant issues in smart cities are the challenge to gather/deliver data to the deployed hundreds of thousands of actuators and sensors integrated into smart objects (e.g. vehicles, buildings, infrastructures, and so on). Internet of Vehicles (IoV) combined with VANET and IoT is considered a promising solution to resolve this problem. IoV has been rapidly evolving in the past few years due to useful features, including congestion avoidance, low operational costs, and road safety assurance features [9]. IoV refers to communication models that communicate between vehicles and other objects by utilizing ''Vehicle-to-Vehicle (V2V)'' and ''Vehicle-to-Infrastructure (V2I)'' interactions [10]. IoV is a significant part of the industrial field and enables data sharing, interaction, control, management, and gathering of big data on roads, vehicles, buildings, infrastructure, and surroundings. IoV is composed of vehicles and infrastructure as shown in Figure 1. The vehicles collect or sense traffic information about the speed, location, and transmit it to infrastructures or other vehicles. In addition, the infrastructure provides useful services and other traffic information to passengers and drivers. However, despite several advantages that IoV offers, there are some challenges and difficulties to be solved. In VANET-based IoV communication, it may cause serious privacy problems because sensitive messages are transmitted via an insecure channel. If sensitive data of the legitimate driver is exposed, a malicious attacker can cause a vehicular accident by reporting the wrong traffic information such as slippery road, and ground slippage to the vehicle. In addition, the increasing demands for applications and services in existing vehicular networks, another significant concern is lightweight property. Due to the dynamic nature of the vehicles, the OBU should perform data computation in real-time without delay. Therefore, a secure and efficient message authentication protocol for IoV in a smart city environment is essential to resolve these problems.
A ''secure and efficient message authentication protocol'' should satisfy the following security requirements: • Anonymity and untraceability: The designed protocol for IoV must be secure so that ''a malicious adversary cannot reveal and trace the real identity of the legitimate drivers''.
• Authentication: The designed protocol for IoV must mutually authenticate between entities and successfully obtain a significant message.
• Confidentiality: The messages exchanged among the participants need to be safely sent utilizing a secret data so that only authorized participating entities can validate the message.
• Resistance against well-known attacks: The designed protocol for IoV needs to be against various potential attacks, such as ''impersonation'', ''man-in-the-middle (MiTM)'', and ''off-line guessing'' attacks and so on.
• Resistance against smart card theft attack: An attacker can extract the stored secret information in the lost smart card. The knowledge of extracted information should not be sufficient for an attacker to fetch sensitive credentials in order to impersonate an authorized driver or object.
• Resistance against off-line password guessing attack: The designed protocol for IoV needs to resist the guessing of a driver's real password in the case when an adversary has the exchanged messages or the extracted smart card credentials.
• Resistance against privileged insider attack: A ''privileged insider attack'' should be prevented when an insider of the trusted authority having privileges can access the secret information as well as misuse the credentials.
In 2020, Vasudev et al. [11] designed a secure message authentication protocol for IoV communication in smart cities. Vasudev et al. claimed that their scheme is able to prevent potential attacks and ensure secure authentication, and anonymity. However, we discover that their scheme suffers from many drawbacks such as impersonation, secret key disclosure, MiTM attacks, and also does not provide mutual authentication. Therefore, we propose a secure and efficient message authentication protocol for IoV in smart city environment to resolve these observed security problems.

A. THREAT MODEL
We present the attack assumptions comprising the wellknown ''Dolev-Yao (DY) threat model'' [12] to examine the security of the proposed scheme (IoV-SMAP). The capabilities of a malicious adversary are as follows. Referring to the DY model [12], an adversary is able to eavesdrop, modify, replay, inject, or delete the transmitted messages via a public channel. An adversary is able to steal the legal driver's smart card and extract the secret credentials stored in memory by performing the power analysis attacks [13]- [15]. After getting the secret data of the smart card, an adversary may attempt potential attacks including ''offline password guessing'', ''forward secrecy'', and ''impersonation attacks'', and so on [16], [17].
In addition, we apply the current de facto ''Canetti and Krawczyk (CK)-adversary threat model'' [18], which is more powerful than the DY threat model. Under the CK-adversary can compromised the session states, secret keys and also session keys through a session-hijacking attack apart from all the capabilities of the adversary under the DY threat model. Thus, the session key generation between two entities must be dependant of both the ''short-term (temporal) secrets'' and ''long-term (permanent) secrets''.

B. MOTIVATION
As depicted in Section II, most of the related schemes fail to ensure the required security functionalities such as ''masquerade attack'', ''off-line password guessing attack'', ''MiTM attack'', ''session key exposure attack'', ''replay attack'', ''mutual authentication'', and ''anonymity'', which are considered to be major requirements in the IoV environment. In addition, most of the existing schemes are unsuitable for IoV environments as it utilizes bilinear pairing, signature, and encryption which consume high computation cost. These facts motivated us to come up with secure message authentication and key agreement scheme design which can provide security features and resolve security drawbacks and threats that exist in related authentication schemes in the IoV environment.

C. RESEARCH CONTRIBUTIONS
The main contributions of our proposed IoV-SMAP can be summarized as follows.
• We analyze that Vasudev et al.'s scheme suffers from security flaws such as impersonation, secret key disclosure, MiTM attacks. We also discover that their scheme is unable to provide secure authentication.
• We propose a secure and efficient message authentication protocol. The proposed IoV-SMAP resolves the security drawbacks of the Vasudev et al.'s scheme. Thus, IoV-SMAP not only satisfies various security properties but also prevents potential attacks.
• We perform the simulation analysis utilizing ''Automated Validation of Internet Security Protocols and Application (AVISPA) [20], [21]'' to prove that IoV-SMAP prevents against MiTM and replay attacks, which is formal security verification simulation tool.
• We provide the comparative performance study of IoV-SMAP with the existing competing schemes in terms of ''computational time'', ''communication cost'', and ''storage overhead'' through the performance evaluation. According to the ''security and performance analysis'', we present that IoV-SMAP ensures better security along with more ''security and functionality features'', and ensures efficient performances as compared with existing schemes.

D. PAPER ORGANIZATION
The outline of our paper is summarized as follows. The discussion of the related work on authentication schemes related to the IoV applications is given in Section II. Section III proves the security drawbacks of Vasudev et al.'s scheme and Section IV proposes a secure message authentication protocol for IoV in smart city environment (IoV-SMAP) to solve the security problems of the existing schemes. Section V proves the security of IoV-SMAP by performing formal and informal security analysis. In Section VI, we perform simulation of the proposed IoV-SMAP for formal security verification. Section VII presents the results of the performance evaluation of the IoV-SMAP compared with those of the existing competing authentication schemes. At the end, the paper is concluded in Section VIII.

II. RELATED WORK
In the last few decades, many authentication and key agreement schemes [22], [23], [25] have been presented for IoV in smart city environments to provide user privacy and useful services. Li et al. [24] presented ''an authentication framework with privacy-preservation and nonrepudiation'' for VANET. However, Dua et al. [25] pointed out that Li et al.'s scheme [24] is unable to prevent session key disclosure attacks and is unable to provide user anonymity. Wang et al. [26] presented a privacy-preserving two-factor based authentication scheme for VANET. Amin et al. [27] proved that Wang et al.'s scheme [26] is unable to resist off-line password guessing, impersonation, and smart card stolen attacks and cannot ensure user anonymity. Liu et al. [28] proposed ''a secure and efficient privacypreserving authentication and key agreement scheme'' utilizing bilinear pairing, signature, and encryption for V2V communication in the IoV environment. However, their scheme [28] is not suitable for IoV environment in terms of computation cost and execution time due to high-cost operations. In addition, these schemes [24]- [28] are inefficient and inapplicable for actual vehicular communication in smart city environment because they utilize public-key cryptosystems (PKC) that require high computation, communication, and storage overheads.
In recent years, many lightweight researches [29]- [31] have been designed on IoV combined with VANET and IoT to solve these problems. Ying and Nayak [29] proposed a secure and lightweight authentication scheme for IoV. However, Chen et al. [30] analyzed that Ying et al.'s scheme [29] suffers from many drawbacks such as location spoofing, replay, and off-line identity guessing attacks and also consumed considerable time for authentication. Thus, Chen and Xiang [30] presented a secure authentication scheme for IoVs to resolve the security drawbacks of Ying et al.'s scheme [29]. However, Chen et al.'s scheme [30] has the disadvantage of high total storage costs because it stores large amounts of data in memory. Kaiwartya et al. [31] presented a five-layer architecture for IoVs with coordination, perception, artificial intelligence (AI), and application as layers. These layers provide communications for IoVs, including V2V, V2I, V2R, V2P and V2S. However, Kaiwartya et al. [31] does not deal with a security protocol for registration and authentication in IoV environments. Vasudev et al. [11] presented a secure and efficient message authentication protocols for IoV communication such as V2V, V2S, V2R, V2I, and V2P to address problems of Kaiwartya et al.'s [31]. Vasudev et al. [11] claimed that their scheme is able to resist various security threats. However, we demonstrate that Vasudev et al.'s scheme [11] does not resist potential attacks such as secret key exposure, impersonation, and MiTM attacks, and also does not provide mutual authentication. Thus, we design a secure and efficient message authentication protocol for IoV in smart city environment to resolve security threats of the existing schemes.

III. CRYPTANALYSIS OF VASUDEV et al.'s SCHEME
In 2020, Vasudev et al.'s scheme [11] claimed that their protocol is able to resist various security threats. However, we demonstrate that Vasudev et al.'s scheme is unable to resists various security threats such as secret key disclosure, MiTM, and impersonation attacks and also does not ensure authentication. We analyze V2V and V2I processes in Vasudev et al.'s scheme [11]. Vasudev et al.'s scheme is comprised of three processes: setup, registration, and authentication. The symbols used in our paper are summarized in Table 1.

A. IMPERSONATION ATTACK
A malicious adversary (MA) may attempt to masquerade legal drivers through stolen smart card. Referring to Section I-A, we assume that MA is able to extract the secret data stored in the smart card. In addition, MA is able to eavesdrop, modify, replay, inject, or delete the transmitted messages via a public channel. Thus, MA can perform the impersonation as shown in the following detailed steps.

1) V2V SCENARIO
Step 1: MA first intercepts the transmitted messages via a public channel and extracts the secret data After that, the MA selects a new random nonce p MA and calculates Step 2: After reception of messages, the V E checks the timestamp Step 3: After reception of messages, the MA computes

2) V2I SCENARIO
Step 1: According to the Section I-A, the MA obtains the secret credentials through public channel and smart card.
Step 2: After reception of messages, the IS calculates Step 3: After reception of messages, the MA calculates As a result, Vasudev et al.'s scheme is fragile to the impersonation attack because the MA is able to masquerade as a legitimate driver successfully.

B. SECRET KEY DISCLOSURE ATTACK
According to Section III-A1 and III-A2, we prove that MA is able to masquerade legal driver V i and obtain the vehicle server's secret key K VS and symmetric key {C e , A e } between each entity as follows. Referring to Section I-A, the MA is able to extract secret credentials {Z a , U a , W a } stored in smart card. Then, MA can calculate vehicle server's secret key K VS = Z a ⊕ h(U a ||W a ), and random nonce p a = A a ⊕ h(K VS ||T 1 ). Consequently, the MA is able to perform the secret key disclosure attack by calculating C e = D e ⊕ K VS ⊕ p a and disguise as legitimate drivers.

C. MAN-IN-THE-MIDDLE ATTACK
The MA attempts to trick two entities in IoV communication, which means that MA is able to masquerade a legitimate driver. However, referring to Section III-A1 and III-A2, the MA is able to masquerade the legal driver and generate the symmetric key {C e , A e }, and the vehicle server's master key K VS . Consequently, Vasudev

IV. THE PROPOSED SCHEME
This section presents a secure message authentication protocol for IoV communication to solve the security threats of the existing scheme. IoV-SMAP is composed of three processes: a) initialization, b) registration, and c) authentication.

A. INITIALIZATION PROCESS
The vehicle server (VS) registers all IoV objects in the communication system. The VS selects a random nonce RN vs and calculates a secret key K VS = h(ID vs ||RN vs ). The VS stores a pre-computed master key K VS in the secure database. The VS also selects a ''collision-resistant one-way hash function h(·)'' (for example, Secure Hash Algorithm (SHA-256) [32]).

B. REGISTRATION PROCESS
The registration process includes both V2V and V2I registration, which are explained in the following subsections.

1) V2V REGISTRATION PROCESS
If a vehicle V i wants to access the traffic information with other IoV objects in the system, the V i must register within the VS using the following steps: • Step 1: V i selects its identity ID V i and a high-entropy password PW V i , and then generates a random nonce RN i . After that,  Figure 2.

2) V2I REGISTRATION PROCESS
If the infrastructure (IS) wants to exchange traffic information with the IoV objects in the system, the IS must register within the VS with the following steps: • Step 1: The IS selects the identity ID IS and sends it to the VS via a secure channel. VOLUME 8, 2020 • Step 2: Upon reception of the information, the VS generates a random nonce N VS and calculates C i = h(ID IS ||N VS ) ⊕K VS . Finally, the VS sends {C i , N VS } to the IS via a secure channel.
• Step 3: After reception of the message, the IS stores {C i , N VS } in the secure database. The V2I registration process is also summarized in Figure 3.

C. V2V AUTHENTICATION PROCESS
If a vehicle V A wants to access traffic information with the other IoV objects in the system, the V A performs the following process as shown in Figure 4. • Step 1: The V A inputs its identity ID A i and password PW A i and calculates = W e . If the condition is valid, the V E computes , and M EA = h(M response1 ||SK ||T 2 ) and sends the message   = W i . If the condition is satisfied, the V i generates a message M request2 , a random nonce B 1 , and timestamp T 3 . After that, the V i computes

• Step 1: The V i inputs its identity ID V i and password PW V i , and computes RID
||K VS ||T 3 ) and sends the message Msg V 2I 1 = {V 1 , V 2 , V VI , T 3 } to the IS over a public channel.
• Step 2: Upon reception of the message Msg V 2I 1 , the IS checks |T * 3 − T 3 | ≤ T . If it is valid, the IS calculates = V IV . If it is legitimate, the V i and the IS are mutually authenticated successfully, and also share the session key SK for their future secret communications.

V. SECURITY ANALYSIS
This section proves the security of IoV-SMAP utilizing informal and formal security analysis including ROR model, which is a well-known security analysis model. We analyze only the V2V process in IoV-SMAP. The other IoV processes are omitted because they are very similar to the V2V process.

A. FORMAL SECURITY ANALYSIS USING ROR MODEL
This section performs the ROR model [19] to demonstrate the session key (SK) security of IoV-SMAP by the passive/active adversary MA. This section briefly introduces the ROR model prior to performing SK security proof for the IoV-SMAP. In the IoV-SMAP, there are two participants the vehicle P t 1 V A and the other P t 2 V E , where P t 1 V A and P t 2 V E are instances t th 1 of V A and t th 2 of V E , respectively. We define queries such as Execute, Corrupt, Send, Test, and Reveal for the ROR model to perform formal (mathematical) analysis.
The following queries are accessed by the adversary MA: Execute is modeled that MA performs the well-known attack by eavesdropping exchanged messages between participants via a public channel.
• CorruptSC(P t 1 V A ): CorruptSC denotes the smart-card theft attack, where the MA is able to extract the secret parameters stored in the smart card.
• Send(P t , M ): Based on this query, MA is able to transmit a message M to the instance P t and also is able to receive accordingly.
• Test(P t ): Based on this query, an unbiased coin c is flipped prior to the start of the experiment. The corresponding SK is fresh between V A and V E , and then P t returns SK when c = 1 after running Test query and SK is new or a random nonce when c = 0; otherwise, it produces a ⊥ (null value).
• Reveal(P t ): Based on this query, MA reveals the current SK generated by its partner to the MA. Hash is a random oracle, which is a one-way hash function. We utilize Zipf's law [33] to demonstrate SK security of IoV-SMAP.
Theorem 1: Suppose that Adv IoV −SMAP MA is the advantage of the MA in order to break SK security for the proposed message authentication protocol (MAP). Then, where q send and q h are the number of Send and Hash queries, the range space of h(·), respectively, and Zipf's parameters [33] are C and s. Proof: We define the sequence of four games namely GM i (i ∈ [0, 3]). Let Succ MA GM i be an event that the adversary MA wins the game GM i . Then, the advantage (success probability) of MA for winning the GM i is defined by is the probability of a random event E. All the games GM i are described in detail as follows.
Game GM 0 : GM 0 denotes the real attack with respect to the ROR model. Since the bit c needs to be selected at the start of GM 0 . Hence, it follows from the semantic security that All exchanged messages are protected using hash function h(.) and also, random nonce R 1 and R 2 are utilized in the messages Msg V 2V 1 and Msg V 2V 2 . However, R 1 and R 2 are not derived from the exchanged messages due to hash function VOLUME 8, 2020 h(.). By performing the birthday paradox [34], we can get the following result: Game GM 3 : In this final active game, CorruptSC query is simulated. MA is able to extract the secret credentials {Q i , W i , E i } from memory of the smart-card utilizing power analysis attack. Note that, . GM 3 is computationally infeasible for MA to derive password PW V i of V A correctly through Send query without VS's master key K VS and random nonces R 1 , R 2 . Consequently, GM 2 and GM 3 are indistinguishable if off-line password guessing attack is not implemented. Using Zipf's law [33], we can obtain the following result: When GM 0 to GM 3 are executed successfully, MA is able to guess the exact bit c. Therefore, we can obtain the following result: Eqs. (1), (2) and (5), we obtain the following result: Using the triangular inequality and Eqs. (4), (5), and (6), we obtain the following result: Finally, multiplying both sides of Eq. (7) by a factor of 2, we obtain Adv IoV −SMAP

B. INFORMAL SECURITY ANALYSIS
This section proved that IoV-SMAP is able to prevent well-known attacks and provide user anonymity and authentication.

1) IMPERSONATION ATTACK
This attack assumes that a malicious adversary MA attempts to masquerade by generating a legitimate driver's login However, MA is unable to generate the login request message because MA does not know V i 's identity ID V i , password PW V i , random nonce R 1 , B 1 and VS's master key K VS . Thus, IoV-SMAP is able to prevent impersonation attack because MA is unable to generate correct messages of the legitimate driver.

2) REPLAY ATTACK
MA attempts to reuse any of the previously exchanged mes- and {V 3 , V IV , T 4 } over a public channel in the V2V and V2I authentication processes. If the MA intercepts the exchanged messages in the previous session, IoV-SMAP checks the freshness of the timestamp. Furthermore, all messages in the IoV-SMAP are protected with random nonces R 1 , R 2 , B 1 , B 2 and VS's master key K VS . Consequently, IoV-SMAP is able to prevent replay attack.

3) SESSION KEY DISCLOSURE ATTACK
In the IoV-SMAP, MA must obtain random nonces (short-term secrets) R 1 , R 2 , B 1 , B 2 and VS's master key (long-term secret) K VS to generate a correct session key SK = h(R 1 ||R 2 ||K VS ) and SK = h(B 1 ||B 2 ||K VS ). However, the MA is unable to compute because K VS is encrypted with VS's random nonce RN vs and identity ID vs using hash function.
In addition, R 1 , R 2 , B 1 , B 2 cannot be obtained because the MA does not know the K VS . Thus, IoV-SMAP is secure to session key disclosure attack under the CK-adversary model as discussed in our threat model in Section I-A.

4) SMART CARD THEFT ATTACK
In the IoV-SMAP, we suppose that MA is able to steal the smart card of a legitimate driver and extract the secret credential {Q i , W i , E i } in the smart card utilizing the power analysis [13]. However, MA is unable to obtain a driver's sensitive data because the secret credentials stored in the smartcard are masked utilizing XOR and hash operations. Thus, IoV-SMAP is secure to smart card theft attack.

5) MAN-IN-THE-MIDDLE (MiTM) ATTACK
We suppose that MA is able to intercept the exchanged messages over a public channel, then a MiTM attack is possible. However, MA cannot generate the authentication request messages {M AE , V VI } because MA is unable to obtain the random nonces R 1 , B 1 , and vehicle server's master key K VS . In addition, MA is unable to generate the session key SK without random nonces {R 1 , R 2 , B 1 , B 2 } and vehicle server's master key K VS . Thus, IoV-SMAP is secure against MiTM attack.

6) ANONYMITY
According to Section I-A, we suppose that MA is able to extract secret parameters stored in the smart card and is able to intercept the exchanged messages in the authentication process. However, MA cannot obtain the real identity of the IoV objects because transmitted messages are encrypted with master key K VS , password PW V i , and random nonces N vs utilizing XOR and hash operations. Therefore, IoV-SMAP provides the driver's anonymity. = V IV . If the condition is valid, the V A authenticates the V E and the IS. Consequently, all IoV objects are mutually authenticated because the MA is unable to generate exchanged messages successfully.

VI. FORMAL SECURITY VERIFICATION USING AVISPA: SIMULATION STUDY
We simulate utilizing the AVISPA tool [20], [21] to analyze the security of IoV-SMAP against MiTM and replay attacks. The AVISPA tool implemented utilizing the ''High-Level Protocol Specification Language (HLPSL)'' [35]  To prove the security of IoV-SMAP, we first express utilizing a rule-oriented HLPSL. More details for AVISPA and HLPSL specifications can be found in [20], [21]. Various roles such as the basic specification roles for the vehicles V A , V E , the infrastructure IS, and the vehicle server VS, and the mandatory roles for the environment, goal, and session are implemented in HSPSL for IoV-SMAP. Because XOR operations are not supported for both TA4SP and SATMC back-ends, simulation results for these back-ends are indecisive. Thus, we show the AVISPA simulation results using OFMC and CL-AtSe in Figure 6. As a result, we prove that IoV-SMAP prevents MiTM and replay attacks.

A. SECURITY FEATURES
In Table 2, we present the security features of IoV-SMAP compared to existing schemes [11], [24], [26]. Referring to Table 2, existing schemes [11], [24], [26] suffer from various attacks and also their schemes is unable to provide authentication and anonymity. In contrast, IoV-SMAP prevents various attacks and provides authentication and anonymity. Thus, IoV-SMAP offers essential security requirements compared with existing schemes.

B. COMPUTATION COSTS
We compare the computation cost of IoV-SMAP with related schemes [11], [24], [26] during the authentication process. We estimated the following parameters based on Vasudev et al.'s scheme [11]. T AE , T AD , T S , T SE , T SD , and T h denote the asymmetric encryption, asymmetric decryption, signing operation, symmetric encryption, symmetric decryption and hash function using SHA-256 hashing function, respectively. Referring to [11], we denote the computation time for various types of cryptographic operations in Table 3. XOR operation is negligible compared to other cryptographic operations because it requires low computation time. The configuration of the Desktop Computer is ''Windows 10, Professional with an Intel (R) Core (TM) CPU i5-7200U, 8.1 GB memory, @2.50 GHz''. In addition, the configuration  [11]. VOLUME 8, 2020 of Raspberry Pi is ''BCM 2708 System-On-Chip (SOC) with an ARMv6-compatible processor and 8 GB SD card'', and also the source code is implemented in Python 3.6.
In V2V authentication phase, the total computation costs of IoV-SMAP and Vasudev et al.'s scheme [11] are 17T h and 6T h + T SE + T SD , respectively. According to Table 4, the total computation times of IoV-SMAP are 0.034 ms and 2.958 ms, which is implemented on the Desktop Computer and Raspberry Pi platform, respectively. Consequently, IoV-SMAP provides more efficient computation times compared with related schemes [11], [24], [26].

VIII. CONCLUSION
We designed a ''secure and efficient authentication scheme for IoV in smart city environment (IoV-SMAP)'' to solve security threats of the existing authentication schemes. We showed that IoV-SMAP prevented various attacks, and ensured authentication and anonymity. We demonstrated the session key security of IoV-SMAP by performing formal security under the ROR model and also showed that IoV-SMAP was secure to MiTM and replay attacks by performing AVISPA simulation. We then compared the ''security features'', ''computation costs'', ''communication costs'' and ''storage costs'' of IoV-SMAP with related schemes. Consequently, IoV-SMAP significantly enhanced security and preserved the low computation cost and storage overhead utilizing only XOR and hash operations. Thus, IoV-SMAP is applicable for actual IoV environment because it is more secure and efficient than previous related schemes. SUNGJIN   ASHOK KUMAR DAS (Senior Member, IEEE) received the Ph.D. degree in computer science and engineering, the M.Tech. degree in computer science and data processing, and the M.Sc. degree in mathematics from IIT Kharagpur, India. He is currently an Associate Professor with the Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India. His current research interests include cryptography, wireless sensor network security, hierarchical access control, security in vehicular ad hoc networks, smart grid, the Internet of Things (IoT), cyber-physical systems (CPS) and cloud computing, and remote user authentication. He has authored over 235 papers in international journals and conferences in the above areas, including over 200 reputed journal articles. Some of his research findings are published in top cited journals, such as the IEEE TRANSACTIONS ON