Research Article
Open Access
Cryptanalysis of an Authentication Protocol for Edge-Centric Maritime Transportation Systems
1
DISSec, College of Cyber Science, Nankai University, Tianjin 300071, China
2
Faculty of Electrical Engineering and Computer Science, University of Maribor, Maribor 2000, Slovenia
3
College of Engineering, Southern Luzon State University, Lucban 4328, Quezon, Philippines
4
Department of CSE, Green University of Bangladesh, Dhaka, Bangladesh
* Corresponding Author:
Shuangshuang Liu,
[email protected]
Volume 2, Issue 2
2026
Received: 19 May 2026
Accepted: 09 June 2026
Published: 14 June 2026
Article Information
Published in
Journal of Reliable and Secure Computing
Volume/Issue
Volume 2, Issue 2, 2026
Pages
104-110
Abstract
With the rapid development of edge computing and intelligent maritime transportation systems, secure authentication and key agreement protocols have become essential for protecting communications among maritime entities and edge devices. Recently, Mahmood et al. proposed an authentication protocol for edge-centric maritime transportation systems, claiming that their scheme can resist various security attacks while ensuring efficient communication. However, practical maritime environments still face many security threats. In addition, edge infrastructures usually have limited resources. Therefore, authentication protocols require rigorous security evaluation. In this paper, we perform a cryptanalysis of Mahmood et al.'s protocol and reveal several critical security weaknesses. We demonstrate that the protocol is vulnerable to temporary random-number leakage attacks and privileged insider attacks, which may enable adversaries to compromise authentication information and session security. Moreover, we show that the protocol fails to provide perfect forward secrecy, meaning that previously established session keys may be exposed once long-term secret credentials are compromised. These vulnerabilities reduce the security reliability and practical applicability of the original scheme in real-world maritime transportation environments. To address these issues, we discuss several measures for improvement and provide recommendations to strengthen the protocol's security. Our analysis provides useful guidance for the future design of secure authentication protocols in edge-centric maritime transportation systems.
Keywords
edge computing
intelligent maritime transportation systems
authentication protocol
temporary random number leakage attack
privileged insider attack
perfect forward secrecy
Data Availability Statement
Data will be made available on request.
Funding
This work was supported without any funding.
Conflicts of Interest
Marko Hölbl served as an Associate Editor of the Journal of Reliable and Secure Computing at the time of manuscript submission. To ensure the integrity of the peer-review process, Marko Hölbl was not involved in the editorial handling, peer review, or decision-making process for this manuscript, which was handled independently by another editor. The remaining authors declare no conflicts of interest.
AI Use Statement
The authors declare that no generative AI was used in the preparation of this manuscript.
Ethical Approval and Consent to Participate
Not applicable.
References
- Mahmood, K., Shamshad, S., Ayub, M. F., Ghaffar, Z., Khan, M. K., & Das, A. K. (2023). Design of provably secure authentication protocol for edge-centric maritime transportation system. IEEE Transactions on Intelligent Transportation Systems, 24(12), 14536-14545.
[CrossRef] [Google Scholar] - Liu, J., Li, C., Bai, J., Luo, Y., Lv, H., & Lv, Z. (2021). Security in IoT-enabled digital twins of maritime transportation systems. IEEE Transactions on Intelligent Transportation Systems, 24(2), 2359-2367.
[CrossRef] [Google Scholar] - Gyamfi, E., Ansere, J. A., Kamal, M., Tariq, M., & Jurcut, A. (2022). An adaptive network security system for iot-enabled maritime transportation. IEEE transactions on intelligent transportation systems, 24(2), 2538-2547.
[CrossRef] [Google Scholar] - Jakob, M., Vanĕk, O., & Pĕchouček, M. (2011). Using agents to improve international maritime transport security. IEEE Intelligent Systems, 26(1), 90-96.
[CrossRef] [Google Scholar] - Gupta, B. B., Gaurav, A., Hsu, C. H., & Jiao, B. (2021). Identity-based authentication mechanism for secure information sharing in the maritime transport system. IEEE Transactions on Intelligent Transportation Systems, 24(2), 2422-2430.
[CrossRef] [Google Scholar] - Chen, C. M., Hao, Y., Kumari, S., & Amoon, M. (2025). An intelligent blockchain-enabled authentication protocol for transportation cyber-physical systems. IEEE Transactions on Intelligent Transportation Systems, 26(9), 14053-14066.
[CrossRef] [Google Scholar] - Wu, T. Y., Wu, H., Kumari, S., & Chen, C. M. (2025). An enhanced three-factor based authentication and key agreement protocol using PUF in IoMT. Peer-to-Peer Networking and Applications, 18(2), 83.
[CrossRef] [Google Scholar] - Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on information theory, 29(2), 198-208.
[CrossRef] [Google Scholar] - Canetti, R., & Krawczyk, H. (2001, April). Analysis of key-exchange protocols and their use for building secure channels. In International conference on the theory and applications of cryptographic techniques (pp. 453-474). Berlin, Heidelberg: Springer Berlin Heidelberg.
[CrossRef] [Google Scholar] - Chen, C. M., Liu, S., Li, X., Islam, S. H., & Das, A. K. (2023). A provably-secure authenticated key agreement protocol for remote patient monitoring IoMT. Journal of Systems Architecture, 136, 102831.
[CrossRef] [Google Scholar] - Thakur, G., Prajapat, S., Kumar, P., & Chen, C. M. (2024). A privacy-preserving three-factor authentication system for IoT-enabled wireless sensor networks. Journal of Systems Architecture, 154, 103245.
[CrossRef] [Google Scholar] - Kumar, P., Pal, A. K., & Islam, S. H. (2024). 2F-MASK-VSS: Two-factor mutual authentication and session key agreement scheme for video surveillance system. Journal of Systems Architecture, 153, 103196.
[CrossRef] [Google Scholar] - Xu, M., & Wang, D. (2025). Practical two-factor authentication protocol for real-time data access in WSNs. IEEE Transactions on Dependable and Secure Computing, 22(5), 5215-5230.
[CrossRef] [Google Scholar] - Zhang, Y., He, D., Vijayakumar, P., Luo, M., & Huang, X. (2023). SAPFS: An efficient symmetric-key authentication key agreement scheme with perfect forward secrecy for industrial Internet of Things. IEEE Internet of Things Journal, 10(11), 9716-9726.
[CrossRef] [Google Scholar] - Wang, D., Li, W., & Wang, P. (2018). Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 14(9), 4081-4092.
[CrossRef] [Google Scholar] - Wang, C., Wang, D., Tu, Y., Xu, G., & Wang, H. (2020). Understanding node capture attacks in user authentication schemes for wireless sensor networks. IEEE Transactions on Dependable and Secure Computing, 19(1), 507-523.
[CrossRef] [Google Scholar] - Wang, D., Wang, N., Wang, P., & Qing, S. (2015). Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Information Sciences, 321, 162-178.
[CrossRef] [Google Scholar] - Liu, S., & Wang, Z. (2025). Security analysis on a two-factor privacy-preserving protocol for efficient authentication in Internet of Vehicles networks. IEEE Internet of Things Journal, 12(16), 34623-34632.
[CrossRef] [Google Scholar] - Moghadam, M. F., Nikooghadam, M., Al Jabban, M. A. B., Alishahi, M., Mortazavi, L., & Mohajerzadeh, A. (2020). An efficient authentication and key agreement scheme based on ECDH for wireless sensor network. IEEE Access, 8, 73182-73192.
[CrossRef] [Google Scholar] - Kwon, D. K., Yu, S. J., Lee, J. Y., Son, S. H., & Park, Y. H. (2021). WSN-SLAP: Secure and lightweight mutual authentication protocol for wireless sensor networks. Sensors, 21(3), 936.
[CrossRef] [Google Scholar]
Cite This Article
APA Style
Liu, S., Hölbl, M., Maaliw III, R. R., & Mia, M. S. (2026). Cryptanalysis of an Authentication Protocol for Edge-Centric Maritime Transportation Systems. Journal of Reliable and Secure Computing, 2(2), 104-110. https://doi.org/10.62762/JRSC.2026.765456
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
TY - JOUR AU - Liu, Shuangshuang AU - Hölbl, Marko AU - III, Renato R. Maaliw AU - Mia, Md. Solaiman PY - 2026 DA - 2026/06/14 TI - Cryptanalysis of an Authentication Protocol for Edge-Centric Maritime Transportation Systems JO - Journal of Reliable and Secure Computing T2 - Journal of Reliable and Secure Computing JF - Journal of Reliable and Secure Computing VL - 2 IS - 2 SP - 104 EP - 110 DO - 10.62762/JRSC.2026.765456 UR - https://www.icck.org/article/abs/JRSC.2026.765456 KW - edge computing KW - intelligent maritime transportation systems KW - authentication protocol KW - temporary random number leakage attack KW - privileged insider attack KW - perfect forward secrecy AB - With the rapid development of edge computing and intelligent maritime transportation systems, secure authentication and key agreement protocols have become essential for protecting communications among maritime entities and edge devices. Recently, Mahmood et al. proposed an authentication protocol for edge-centric maritime transportation systems, claiming that their scheme can resist various security attacks while ensuring efficient communication. However, practical maritime environments still face many security threats. In addition, edge infrastructures usually have limited resources. Therefore, authentication protocols require rigorous security evaluation. In this paper, we perform a cryptanalysis of Mahmood et al.'s protocol and reveal several critical security weaknesses. We demonstrate that the protocol is vulnerable to temporary random-number leakage attacks and privileged insider attacks, which may enable adversaries to compromise authentication information and session security. Moreover, we show that the protocol fails to provide perfect forward secrecy, meaning that previously established session keys may be exposed once long-term secret credentials are compromised. These vulnerabilities reduce the security reliability and practical applicability of the original scheme in real-world maritime transportation environments. To address these issues, we discuss several measures for improvement and provide recommendations to strengthen the protocol's security. Our analysis provides useful guidance for the future design of secure authentication protocols in edge-centric maritime transportation systems. SN - 3070-6424 PB - Institute of Central Computation and Knowledge LA - English ER -
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
@article{Liu2026Cryptanaly,
author = {Shuangshuang Liu and Marko Hölbl and Renato R. Maaliw III and Md. Solaiman Mia},
title = {Cryptanalysis of an Authentication Protocol for Edge-Centric Maritime Transportation Systems},
journal = {Journal of Reliable and Secure Computing},
year = {2026},
volume = {2},
number = {2},
pages = {104-110},
doi = {10.62762/JRSC.2026.765456},
url = {https://www.icck.org/article/abs/JRSC.2026.765456},
abstract = {With the rapid development of edge computing and intelligent maritime transportation systems, secure authentication and key agreement protocols have become essential for protecting communications among maritime entities and edge devices. Recently, Mahmood et al. proposed an authentication protocol for edge-centric maritime transportation systems, claiming that their scheme can resist various security attacks while ensuring efficient communication. However, practical maritime environments still face many security threats. In addition, edge infrastructures usually have limited resources. Therefore, authentication protocols require rigorous security evaluation. In this paper, we perform a cryptanalysis of Mahmood et al.'s protocol and reveal several critical security weaknesses. We demonstrate that the protocol is vulnerable to temporary random-number leakage attacks and privileged insider attacks, which may enable adversaries to compromise authentication information and session security. Moreover, we show that the protocol fails to provide perfect forward secrecy, meaning that previously established session keys may be exposed once long-term secret credentials are compromised. These vulnerabilities reduce the security reliability and practical applicability of the original scheme in real-world maritime transportation environments. To address these issues, we discuss several measures for improvement and provide recommendations to strengthen the protocol's security. Our analysis provides useful guidance for the future design of secure authentication protocols in edge-centric maritime transportation systems.},
keywords = {edge computing, intelligent maritime transportation systems, authentication protocol, temporary random number leakage attack, privileged insider attack, perfect forward secrecy},
issn = {3070-6424},
publisher = {Institute of Central Computation and Knowledge}
}
Article Metrics
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
Copyright © 2026 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
Preserved at
Portico
Portico
Scan to read this article