Comment on “An advanced blockchain-based mutual authentication technique for the Internet of vehicles environment”: cryptanalysis and security vulnerabilities

Abstract The Internet of Vehicles (IoV), in which vehicles exchange safety–critical information over open wireless channels, is characterized by large-scale, distributed operation, and stringent real-time constraints, requiring efficient and reliable communication mechanisms. Recently, Suyel et al. proposed a blockchain-based mutual authentication and key agreement protocol for IoV environments (The Journal of Supercomputing, 2025, https://doi.org/10.1007/s11227-025-07934-z ), claiming resistance against various attacks under the Dolev–Yao adversarial model. In this paper, we revisit the security of this protocol and demonstrate that its V2V authentication mechanism suffers from a fundamental design weakness. Specifically, the protocol verifies only the algebraic consistency of the received authentication tuple while accepting the verification key directly from the communication channel, without establishing a trustworthy binding between the claimed vehicle identity and the corresponding public key. As a consequence, an adversary can construct mathematically valid authentication messages using its own key pair while impersonating a legitimate vehicle. Based on this observation, we present several practical attacks, including vehicle impersonation, rogue public-key substitution, and message-substitution attacks. Furthermore, we show that the protocol relies on an auxiliary secure channel for final key confirmation, which contradicts the claimed Dolev–Yao threat model and weakens the overall security guarantees. To substantiate our findings, we provide a rigorous cryptanalytic evaluation combining algebraic validity analysis and BAN-logic reasoning. Our results reveal that the protocol fails to ensure reliable vehicle authentication and cannot securely attribute the established session key to the claimed peer identity. Consequently, the security claims of the target scheme do not hold under realistic adversarial conditions in IoV environments.