The Internet of Vehicles (IoV) is a rapidly evolving technology that provides real-time connectivity, enhanced road safety, and reduced traffic congestion; however, its inherently open communication channels expose it to serious security and privacy threats. In 2021, Chaudhry proposed SMEP-IoV, a lightweight message authentication protocol designed to satisfy essential security requirements. This paper presents a comprehensive security analysis of SMEP-IoV and reveals several serious vulnerabilities. Specifically, sensitive credentials are stored in plaintext without tamper-resistant protection, and both authentication and session key derivation depend directly on these credentials. These structural flaws allow an adversary to extract the stored secrets, generate valid authentication messages, and derive the established session key, enabling vehicle impersonation and session key disclosure attacks. Moreover, compromise of long-term secrets facilitates key compromise impersonation attacks. It also fails to ensure anonymity and perfect forward secrecy. To address these issues, we propose an enhanced authentication protocol for resource-constrained IoV environments, leveraging a three-factor authentication mechanism combined with lightweight cryptographic primitives. Formal security analyses using BAN logic, Tamarin, and ProVerif confirm its resilience against known attacks, while NS-3 simulations validate its scalability, high throughput, and low End-to-End Delay (E2ED). The results highlight the protocol as a robust, efficient, and scalable solution for large-scale IoV deployments.
Ghadim et al. (Tue,) studied this question.