PONE-D-23-13861ECA-VFog: An Efficient Certificateless Authentication Scheme for 5G-Assisted Vehicular Fog ComputingPLOS ONE

Dear Dr. Al-Shareeda‬‏,

Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process.

Please submit your revised manuscript by Jul 05 2023 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

Please include the following items when submitting your revised manuscript:

• A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols. Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols.

We look forward to receiving your revised manuscript.

Kind regards,

AbdulRahman A. ALsewari, Ph.D.

Academic Editor

PLOS ONE

Journal Requirements:

When submitting your revision, we need you to address these additional requirements.

1. Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at 

https://journals.plos.org/plosone/s/file?id=wjVg/PLOSOne_formatting_sample_main_body.pdf and 

https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf

2. Thank you for stating the following financial disclosure: 

   "The authors extend their appreciation to the Deputyship for Research \\&  Innovation, Ministry of Education in Saudi Arabia for funding this research work through project number MoE-IF-UJ-22-04100409-X"

Please state what role the funders took in the study.  If the funders had no role, please state: "The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript." 

If this statement is not correct you must amend it as needed. 

Please include this amended Role of Funder statement in your cover letter; we will change the online submission form on your behalf.

3. Thank you for stating the following in the Acknowledgments Section of your manuscript: 

    "The authors extend their appreciation to the Deputyship for Research & Innovation, Ministry of Education in Saudi Arabia for funding this research work through project number MoE-IF-UJ-22-04100409-X"

We note that you have provided funding information that is not currently declared in your Funding Statement. However, funding information should not appear in the Acknowledgments section or other areas of your manuscript. We will only publish funding information present in the Funding Statement section of the online submission form. 

Please remove any funding-related text from the manuscript and let us know how you would like to update your Funding Statement. Currently, your Funding Statement reads as follows: 

   "The authors extend their appreciation to the Deputyship for Research \\&  Innovation, Ministry of Education in Saudi Arabia for funding this research work through project number MoE-IF-UJ-22-04100409-X"

Please include your amended statements within your cover letter; we will change the online submission form on your behalf.

4. In your Data Availability statement, you have not specified where the minimal data set underlying the results described in your manuscript can be found. PLOS defines a study's minimal data set as the underlying data used to reach the conclusions drawn in the manuscript and any additional data required to replicate the reported study findings in their entirety. All PLOS journals require that the minimal data set be made fully available. For more information about our data policy, please see http://journals.plos.org/plosone/s/data-availability.

"Upon re-submitting your revised manuscript, please upload your study’s minimal underlying data set as either Supporting Information files or to a stable, public repository and include the relevant URLs, DOIs, or accession numbers within your revised cover letter. For a list of acceptable repositories, please see http://journals.plos.org/plosone/s/data-availability#loc-recommended-repositories. Any potentially identifying patient information must be fully anonymized.

Important: If there are ethical or legal restrictions to sharing your data publicly, please explain these restrictions in detail. Please see our guidelines for more information on what we consider unacceptable restrictions to publicly sharing data: http://journals.plos.org/plosone/s/data-availability#loc-unacceptable-data-access-restrictions. Note that it is not acceptable for the authors to be the sole named individuals responsible for ensuring data access.

We will update your Data Availability statement to reflect the information you provide in your cover letter.

Additional Editor Comments:

The paper proposts an efficient certificateless authentication scheme for 5G-assisted vehicular fog computing. I recommend the paper for acceptance for the following reasons. The structure of the paper is good. The paper is well written. The authors have done formal security analysis and informal security analysis. Moreover, the novelty presented in the paper is acceptable. However the paper required enhancement as suggested by the reviewer comments.

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: Yes

Reviewer #2: Yes

Reviewer #3: Yes

**********

2. Has the statistical analysis been performed appropriately and rigorously?

Reviewer #1: Yes

Reviewer #2: No

Reviewer #3: Yes

**********

3. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.

Reviewer #1: Yes

Reviewer #2: Yes

Reviewer #3: Yes

**********

4. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: No

Reviewer #2: No

Reviewer #3: Yes

**********

5. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)

Reviewer #1: In this work, the authors have proposed an efficient certificateless authentication scheme for 5G-assisted vehicular fog computing. I recommend the paper for acceptance for the following reasons.

� The structure of the paper is good.

� The paper is well written.

� The authors have done formal security analysis and informal security analysis.

� Moreover, the novelty of the paper is good.

I have found some minor problems in this paper which must be corrected in the revised version.

1) Section number must be given for all the sections and sub sections.

2) Why have the authors focused on 5G? Because nowadays many researches have started on 6G.

3) There are few typographical mistakes. For example, in the Introduction section, “this study is” must be “This study is”. In the same section, “Section reviews some related work” must be “Section 2 reviews some related work”. Modify the entire paragraph.

4) The authors must give expansion for all the abbreviations. For example check ECA.

5) Use unique symbols in the entire paper. For example, P is not italic in one place and it is italic in another place under the subheading Elliptic Curve Cryptography (ECC).

6) Related work section is weak. Because Some important and recent references are missing, the following references must be totally added in the Section "References" (otherwise, the reference is not enough, then it must be revised again until it is enough):

Efficient certificateless designated verifier proxy signature scheme using UAV network for sustainable smart city

Efficient certificateless conditional privacy-preserving authentication for VANETs

Secure and Efficient Authenticated Key Management Scheme for UAV-Assisted Infrastructure-Less IoVs

RAKI: A Robust ECC Based Three-party Authentication and Key Agreement Scheme for Medical IoT

A robust mutual and batch authentication scheme based on ECC for online learning in Industry 4.0

Reviewer #2: Aiming at the security and privacy requirements of 5g assisted vehicle network, this paper proposes a certificateless authentication scheme based on ECC under the vehicular fog computing architecture. In addition, security analysis and experimental evaluation are carried out. However, as a whole, this paper is not innovative enough. In addition, there are the following problems.

1. There are many errors in the abbreviation format of words in the article, for example, the full name of VANET is not explained for the first time. In addition, the full names of PKI and ID also appear several times. Therefore, it is necessary to correct the abbreviation errors that appear in the paper as a whole.

2. The literature annotation in this paper is quite arbitrary. For example, references [1-11] are not very relevant to the tagged sentences. However, in the third and fourth paragraphs of the introduction, there is a lack of literature sources when presenting related work. Therefore, it is very necessary to carefully review the appropriateness of each cited paper. In addition, the missing references need to be supplemented.

3. In the introduction section, the main contributions of the paper are introduced without elaborating on the innovative ideas of the paper. In particular, in the main contribution section, the differences with existing work are not reflected, and the innovative work of the paper is not described.

4. In the related work, the author lists the current work, but the analysis of its shortcomings is too few. In addition, there are few related works on certificateless authentication schemes that are most relevant to the proposed scheme, and only three papers cannot fully reflect the current research progress.

5. In the system model section, TRA,KGC,FS and 5G-BS are assumed to be fully trusted, which is obviously completely impossible in the real scenario. Thus, it makes sense to at least assume that the third party is semi-trusted.

6. In the section of the ECA-VFog scheme, there is no detailed innovative explanation. Neither based on innovation theory nor using new technologies.

7. It is suggested to prove the security of the proposed scheme in the standard model or the random oracle model.

8. In the whole article, the integration of 5G technology and Internet of vehicles is not reflected.

Therefore, although the performance evaluation of the experiments is good, the effectiveness of the proposed scheme needs to be considered in more realistic attack scenarios.

Reviewer #3: This manuscript has proposed an efficient certificateless authentication called the ECA-VFog scheme for fog computing with 5G-assisted vehicular systems by applying efficient operations based on elliptic curve cryptography that is supported by a fog server through a 5G-base station. The topic of manuscript is really interested and timed. The paper is written well, there are research voice in these sections. However, the paper required the following comments and concerns to improve the quality of the presentation.

1-In abstract part, the outcome (in numerical) of this proposed have been missing, please add them.

2-In related work, the paper strongly required to add some relevant researches such as (An efficient conditional privacy-preserving authentication scheme for the prevention of side-channel attacks in vehicular ad hoc networks)

3- What are the benefit from 5G and fog computing? This needs to be clarified in the paper

4- page 2, line 50-55 >> double checking, there is missing number/name of sections

5- Table 2, need to align the text

6- Please add future work in conclusion part

**********

6. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy.

Reviewer #1: No

Reviewer #2: No

Reviewer #3: Yes

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/. PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org. Please note that Supporting Information files do not need this step.

ECA-VFog: An Efficient Certificateless Authentication Scheme for 5G-Assisted Vehicular Fog Computing

PONE-D-23-13861R1

Dear Dr. Al-Shareeda‬‏,

We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements.

Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication.

An invoice for payment will follow shortly after the formal acceptance. To ensure an efficient process, please log into Editorial Manager at http://www.editorialmanager.com/pone/, click the 'Update My Information' link at the top of the page, and double check that your user information is up-to-date. If you have any billing related questions, please contact our Author Billing department directly at authorbilling@plos.org.

If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org.

Kind regards,

AbdulRahman A. ALsewari, Ph.D.

Academic Editor

PLOS ONE

Additional Editor Comments (optional):

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. If the authors have adequately addressed your comments raised in a previous round of review and you feel that this manuscript is now acceptable for publication, you may indicate that here to bypass the “Comments to the Author” section, enter your conflict of interest statement in the “Confidential to Editor” section, and submit your "Accept" recommendation.

Reviewer #1: All comments have been addressed

Reviewer #3: All comments have been addressed

**********

2. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: Yes

Reviewer #3: Yes

**********

3. Has the statistical analysis been performed appropriately and rigorously?

Reviewer #1: Yes

Reviewer #3: Yes

**********

4. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.

Reviewer #1: Yes

Reviewer #3: Yes

**********

5. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: Yes

Reviewer #3: Yes

**********

6. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)

Reviewer #1: The authors have done all the corrections given by me in the previous round and hence the paper can be accepted in the present format.

Reviewer #3: The authors have addressed all the comments. I recommend to accept the paper in its current format.

**********

7. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy.

Reviewer #1: No

Reviewer #3: No

**********