A Novel Identity-Based Mutual Authentication Scheme for Vehicle Ad Hoc Networks

Di, Chaofan; Wu, Wanqing

doi:https://doi.org/10.1155/2022/7881079

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Work Preliminaries Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 7881079 | https://doi.org/10.1155/2022/7881079

A Novel Identity-Based Mutual Authentication Scheme for Vehicle Ad Hoc Networks

Chaofan Di^1,2and Wanqing Wu^1,2

Academic Editor: Daniel G. Reina

Received12 Feb 2022

Accepted30 Mar 2022

Published19 Apr 2022

Abstract

The vehicle ad hoc network (VANET) is an emerging industry that deeply integrates a new generation of network communication technology with automotive and road transportation. As the basic nodes of VANETs, vehicles can communicate and share information with other peer vehicles. However, with the rapid development of the industry, the security risks of VANETs, especially the problem of privacy leakage, have become increasingly prominent. To solve this problem, we propose a novel identity-based mutual authentication scheme (IBMA) for vehicle ad hoc networks. In this scheme, we adopt identity-based cryptography (IBC) to generate keys, which reduces the storage burden of the central authority and eliminates the need to rely on the certificate to distribute the public key. Meanwhile, the key escrow issue can be solved, which is a common problem in IBC. Then, the scheme adjusts central authority to semihonest and realizes unconditional privacy protection. In addition, our scheme achieves complete anonymity, which can prevent any other entities such as peer vehicles and central authorities from tracking vehicles. Finally, our scheme provides efficient traceability while protecting vehicle privacy. Security analysis shows that the proposed scheme satisfies a variety of security requirements such as anonymity, reliability, and nonrepudiation. Performance analysis demonstrates that our proposed scheme is efficient and requires less communication and storage cost compared with related schemes.

1. Introduction

In recent years, with the rapid development of wireless communication technology, sensor technology, and mobile computing, vehicular ad hoc network (VANET) [1] has attracted more and more attention from governments, enterprises, and scientific research institutions. VANETs are large-scale mobile self-organizing networks, which are important parts of intelligent transportation systems and autonomous driving. In VANETs, each vehicle is a basic network node that communicates with others to share or exchange data, so that the vehicle can remotely obtain the driving status and road condition information of other vehicles, thereby reducing congestion, avoiding potential traffic accidents, and improving travel efficiency and safety.

The VANET can build a network in the form of self-organization to realize self-configuration and self-management without fixed infrastructure and provide services such as access, data exchange, and resource sharing for each vehicle. Because of its numerous nodes and flexible organization, scholars have envisaged a variety of new services for VANETs, such as dynamic route planning [2] and mobile entertainment in-vehicle [3]. For example, drivers can obtain the latest traffic conditions or parking information through VANETs, and passengers can chat or exchange files through VANET, which greatly improves the travel experience of drivers and passengers.

While providing convenient services for drivers and passengers, VANETs also bring huge security challenges. The security and privacy issues [4] of VANETs have also received increasing attention. Because the VANETs are deployed in the public network area and transmit messages through a wireless network, it is vulnerable to damage by malicious attackers, such as publishing wrong road condition information and stealing user privacy. The damage directly affects the personal and property security of drivers and passengers. Therefore, the key to comprehensively promoting the VANETs is to solve the problems of information security and privacy protection first.

One of the solutions is to authorize all legal vehicles connected to the network and check whether the vehicles are legal through identity authentication before the communication. Illegal identities will be refused to provide services. At the same time, the privacy of vehicle users should be protected during identity authentication. For example, the real identity of the vehicle should be kept secret during authentication, and location information will not be obtained by authentication agencies [5].

The current research on vehicle ad hoc networks is mainly based on shared key schemes or public key systems [6, 7]. The shared key scheme relies on key management to a large extent, while the traditional public key infrastructure (PKI) puts forward strict requirements for the large-capacity storage and management of public key certificates. In recent years, many authentication schemes using ID-based encryption have been proposed [8–10]. Identity-based encryption (IBC) [11] was first proposed by Shamir in 1984. The basic idea of IBC is that the entity’s public key is directly derived from its public identity information (such as phone number and email address), and the private key is calculated and distributed by a central authority. IBC completely eliminates the need for traditional PKI to distribute public keys through certificates. However, in IBC, since the user’s private key is completely determined by TA; when the TA is maliciously attacked or the TA itself is not trusted, it will cause an incalculable risk to the system, that is, the key escrow problem [12], which makes it impossible to achieve strong nonrepudiation.

In general, traditional VANETs are composed of three components, namely the trusted authority (TA), the roadside unit (RSU), and the vehicles. TA provides various network services to vehicles through RSUs. The RSUs are fixed on both sides of the roads, which are used to connect the vehicles to the TA. There are also some models without RSU [13], where the vehicle communicates directly with the TA.

In this paper, we propose a novel identity-based mutual authentication scheme for vehicle ad hoc networks. Compared with the existing VANET authentication schemes, our scheme has many advantages:

First, the proposed scheme satisfies various security requirements in the VANET authentication model, such as anonymity, traceability, and nonrepudiation. Meanwhile, it can resist common attacks.

Second, we adopted two independent and parallel trusted authorities to reduce the trust level in TAs. We assume that and are well-known cloud platforms (e.g., IBM Cloud and Microsoft Azure) which are supervised by the government and have no incentive to collude to damage their reputation. Two TAs cooperate with each other to generate a pseudonym (PID) corresponding to the real identity (RID) for the vehicle. Therefore, our scheme maintains traceability while ensuring anonymity.

Third, we adopt ID-based encryption to calculate keys, which reduces the storage burden of TA. Besides, we solve the common key escrow problem in the IBC encryption model.

The remainder of the paper is organized as follows. Section 2 summarizes the related work of the previous literature. Section 3 introduces the parameters. The system model, attack model, and specific scheme of the proposed protocol are presented in Section 4. Section 5 analyzes the security of the proposed scheme. In Section 6, performance analysis is done in terms of communication cost, storage cost, and computational cost. Finally, Section 7 concludes the paper and suggests some future directions.

In this section, we summarize and compare the related work of the previous literature. In recent years, many scholars have researched and explored the problems in the authentication process of vehicle ad hoc networks [14–16].

In terms of the realization of privacy protection and anonymous authentication, the existing solutions can be classified into two main categories: pseudonym-based authentication protocols and group-based authentication protocols.

Pseudonym-based authentication protocols mean that users use pseudonyms to replace their real identities in the process of access authentication or communication. In 2007, Raya and Hubaux [17] proposed a signature-based authentication scheme. In this scheme, when the vehicle wants to sign a message, it first randomly selects a private key from the certificate distributed by the central authority and signs the message with the private key. The receiver verifies whether the identity of the other party is legal by checking the validity of the certificate, thereby completing identity authentication. The disadvantage of this scheme is that the computational cost is high, and the vehicle has to validate for potential revocation when selecting the certificate, which is not suitable for large-scale networks. In 2011, Studer et al. [18] proposed an anonymous authentication scheme based on temporary keys. The scheme signs messages with a short-term key certified by a central authority and provides an efficient revocation method to prevent attackers from obtaining vehicle location and other private information. However, this scheme requires a central authority to maintain the certificate and allows tracking of the current location of vehicles. Therefore, the privacy of vehicles has not been fully protected. Liu et al. [19] proposed a protocol that uses OBU to generate its own anonymous identity and temporary encryption key for identity verification.

In order to further protect the privacy of vehicles, Huang et al. [20] proposed a privacy preservation scheme, namely, the pseudonymous authentication-based conditional privacy. In this scheme, the motor vehicles division (MVD) and roadside units (RSUs) jointly generate pseudonyms for vehicles. MVD generates identification tickets for vehicles, and then, RSU generates pseudonym tickets based on identification tickets. Finally, the vehicle generates its pseudonym based on pseudonym tickets. During the pseudonym generation process, neither MVD nor RSU knows the true identity of the vehicle. The protocol proposed a revocation method; unfortunately, the calculation overhead of the revocation method is high. Wei et al. [21] proposed a random authentication protocol, which divides the central authority into registration server (RS) and verification server (VS). RS generates pseudonyms by homomorphic encryption. VS is responsible for verifying whether the pseudonyms are legal, which improves system security, and the dependence of the whole system on the central authority is reduced. However, this scheme still has the risk of leaking user privacy, and the computational cost is relatively high.

The concept of group signature was first proposed by Chaum and Heyst [22] in 1991. The basic idea is that the group manager authenticates the vehicles and divides the vehicles into different groups, so that vehicles within and between groups can realize anonymous communication. The communication party can only determine which group the other party belongs to, whether it is a valid group member, and does not know its real identity. When a dispute occurs, the group manager can reveal the suspect vehicle’s real identity. Lu et al. [23] proposed a conditional privacy protection protocol for vehicle secure communication. The RSU, as a group manager, dynamically generates a short-term group key between vehicle and RSU, achieving anonymity and traceability. In the meantime, the scheme also alleviates the storage burden of the key. However, the security of this scheme is slightly insufficient. When multiple RSUs are damaged, the scheme cannot provide unlinkability and traceability. In order to solve this problem, Jung et al. [24] proposed a robust conditional privacy protection protocol, which improves the robustness without reducing efficiency. When multiple RSUs are compromised, the scheme can also provide unlinkability and traceability. In addition, the scheme adopts multiple anonymous certificates to reduce the computational overhead of RSU. Zakarya et al. [25] proposed a password-based conditional privacy protection authentication protocol and group key agreement protocol. The scheme provides group key generation, user joining, and leaving functions, and it is lightweight in terms of computing and communication.

Other schemes are aimed at achieving identity authentication that can be roughly divided into the following three categories: public key-based authentication model, identity-based authentication model, and message authentication code- (MAC-) based authentication model. The public key-based authentication model is the traditional public key infrastructure (PKI) model. PKI provides a series of basic services that support public key cryptographic applications (such as encryption and decryption, signature, and verification signature), and its most basic component is the public key certificate. The user’s private key is kept secretly by itself, and the user’s public key is saved by the certificate which is kept by the central authority. Malik and Pandey [26] proposed a discrete event-based threat-driven authentication scheme. This scheme utilizes asymmetric cryptography, reencrypt key, and time-based arbitrary numbers to provide authentication among vehicles and between vehicles and RSUs. Besides, this scheme also provides privacy protection among vehicles and between vehicles and RSUs, which improves security and can prevent common authentication attacks in VANETs.

The main limitation of PKI is the large storage overhead and the difficulty of certificate management. Shamir first proposed the concept of identity-based encryption (IBC) in 1984. The basic idea of IBC is that the public key of the entity participating in the communication comes directly from its public identity information instead of the traditional random number-like string, and the private key is calculated and distributed by the central authority. IBC completely eliminates the need to implement public key distribution through traditional public key certificates. Li et al. [27] proposed an efficient message authentication with an enhanced privacy scheme based on ring signature and identity-based signature. This scheme achieves unconditional privacy and can resist common attacks such as full key exposure attacks and identity attacks. At the same time, this scheme has a lower computational overhead. Alazzawi et al. [28] proposed an identity-based privacy protection authentication scheme, which can meet the security and privacy requirements and can resist various common attacks. However, the identity-based authentication model has the problem of key escrow, and complete privacy protection can only be achieved when the central authority is fully trusted. Based on this problem, Asari et al. [29] proposed a hierarchical authentication protocol. In this scheme, only part of the private key generated by the authority is used as a partial-private key. The combination of the partial-private key and the random number independently selected by the user is the user’s real private key. This means that only legitimate users can obtain the partial-private key, and the key used for communication and signature is only owned by the user, which solves the key escrow problem.

Message authentication code (MAC) is a public function of message and key, and its output is a short block of fixed-length data. Asl and Samavi [30] proposed a symmetric nonrepudiation message authentication scheme. This scheme combines symmetric key encryption and digital signature, allowing RSU to verify the authenticity of the information sent by the vehicle, and achieves nonrepudiation. The weakness is that the message verification process relies too much on the RSU. Pandi et al. [31] proposed a dual authentication method based on a hash code. This method uses a hash code (HC) to generate an authentication code (AC) for authentication. However, in this method, the user’s pseudonym is randomly generated and has no calculation relationship with the real identity. Therefore, there is a risk of excessive storage burden and vulnerability to leakage. Benyamina et al. [32] proposed an efficient and lightweight authentication scheme for vehicular ad hoc networks. This scheme adopts MAC functions and XOR operations to sign and verify messages. On the premise of ensuring security and privacy protection, the scheme reduces the computation and communication costs. However, this scheme still has the disadvantage of key escrow and high storage overhead.

In addition, there are protocols based on XOR operations [33], which are very fast in the calculation, but they are not sufficiently secure.

Compared with most of the existing authentication schemes in the literature, this paper proposes a novel identity-based mutual authentication scheme, which is aimed at strengthening the protection of vehicle user privacy during authentication. In our scheme, the authentication of the vehicle and the TA is two-way, that is, the TA needs to verify the legitimacy of the vehicle’s identity, and the vehicle can also verify the legitimacy of the TA. In addition, we lowered the TA’s trust level and divided the TA into two parts. One receives the real identity information of the vehicle, and the other generates pseudonyms. We also adopt IBC to reduce the storage overhead of TA and solve the key escrow problem in IBC by generating communication keys by the vehicles themselves. Finally, our solution achieves efficient traceability while protecting vehicle privacy.

3. Preliminaries

For a better understanding, we first briefly introduce the basic knowledge required for the article.

3.1. Bilinear Pairings

Let be an additive group and be a multiplicative group of the order . Let be an arbitrary generator of . A bilinear pairing can be defined if the mapping satisfies the following properties: (i)Bilinear: for and (ii)Nondegenerate: , where is an arbitrary generator of (iii)Computable: for , there exists a polynomial time algorithm to compute

3.2. Security Assumptions

In this section, we define the following security assumptions, which are assumed to be difficult to break by any polynomial time-bounded algorithm.

3.2.1. Definition 1 (Large Integer Factoring Problem (IFP))

(1)Given two prime numbers and , and it is easy to calculate (2)Given an integer , it is difficult to find the prime factors and of satisfying

3.2.2. Definition 2 (Elliptic Curve Discrete Logarithm Problem (ECDLP))

Given a random instance , where , it is hard to find satisfying .

3.3. Notations and Explanations

The relevant notations and explanations used in our scheme are shown in Table 1.

4. Authentication Protocol

4.1. Overview of the Protocol

Vehicles and are the three components in our proposed system. It consists of a hierarchy of two layers where the vehicles are in lower layer, and and are in a higher layer. Vehicles are the entities that would like to communicate with other peer vehicles via VANETs. Two different authorities are deployed, which are denoted as and , respectively. In our proposed protocol, the and act as a high computational entity with large storage capacity but they are not absolutely trusted. The two authorities collaborate with each other to ensure privacy-preserving vehicle authentications. If one of them was compromised, none of them would be able to track the vehicle alone.

4.2. Threat Model

In our scheme, we adopt the following threat or adversary model. (i)We assume that the two trusted authorities used in our authentication system are semihonest. In other words, they follow the prescriptive procedures of the proposed protocol and do not collude with each other(ii)Vehicles in VANETs may be malicious. Malicious vehicles may impersonate other vehicles to communicate with other peer vehicles(iii)We assume that the communication channel is insecure, which means that a powerful attacker can eavesdrop and capture communication information. Besides, we consider a situation that adversaries with high computing power may reveal sensitive information by violent attacks or other methods (such as replay attack [34])

4.3. The Proposed Protocol

In this section, we explain the secure authentication scheme for VANETs. The system of the proposed scheme is composed of two independent and parallel trusted authorities , , and vehicle V, aiming at achieving secure authentication communication in vehicle ad hoc networks. We assume that the time of all entities in the system is synchronized and the communication between and uses a secure and fast dedicated channel. The proposed authentication protocol is divided into five parts: initialization, vehicle registration, V2V communication, vehicle tracing, and revocation.

4.3.1. Initialization

The initialization phase is the process of generating system parameters of the vehicle ad hoc network. The details are as follows: (i): define to be an additive group and to be a multiplicative group with . is an arbitrary generator of . Let be a cryptography hash function where . chooses a private key randomly and computes a corresponding public key:

Note that is calculated from the private key , but according to Definition 2, even if the attacker obtains and , it is hard to find satisfying .

Then publishes and keeps the private key secret. Then the public system parameters of are ,, , , ,(ii): define to be an additive group and to be a multiplicative group with . is an arbitrary generator of . The pairing . Let be a cryptography hash function where . chooses a private key randomly and computes a corresponding public key:

Then publishes and keeps the private key secret. Then the public system parameters of are , , , , , , .

4.3.2. Vehicle Registration

The vehicle registration phase is the process in which the vehicle is authenticated by two trusted authorities and obtains a pseudo identifier and private key. The registration model is shown in Figure 1. The registration phase is performed as follows: (1)The vehicle V encrypts its real identifier with ’s public key and uses to encrypt a random number which is selected by itself. Then, two ciphertexts are sent together to , summarized aswhere is the public key encryption algorithm. (2)After receiving , decrypts with its private key to obtain Then executes the following calculations:where denotes as bitwise XOR operations.

After obtaining , deletes and sends to together with received previously. Since a secure and fast dedicated channel is used between and , the does not need to be encrypted. That is (3) gets and uses its private key to decrypt the received message to learn and then calculates

is the pseudonym of the vehicle for subsequent communication. is the valid time of , and denotes the generation time of . If a vehicle’s pseudonym expires, can regenerate its pseudonym based on the current time. and are private key and the corresponding public key of the vehicle V, respectively.

It is worth noting that in order to reduce the vehicle’s calculation burden, is calculated by. takes the random number as the key of symmetric encryption, encrypts , , and with , and sends the ciphertext to . Meanwhile, stores the , , and in the database. In the pseudonym generation process, saves the real identifier , and saves the pseudo identifier (). The sending process can be expressed as where is the symmetric encryption algorithm. (4)After receiving , will forward it to vehicle V without any processing, denoted as(5)V decrypts with a random number to obtain , , and when receiving the ciphertext. Then V checks . If the equation holds, it can prove that the received message is from a valid . After the verification, vehicle V randomly selects two large prime numbers and and calculates

Note that and should satisfy and ; otherwise, V should reselect and . If the constraint is met, V computes in terms of .

and are the private key and public key of vehicle V for subsequent communication, respectively, and the private key is only owned by vehicle V, thus avoiding the problem of key escrow.

4.3.3. V2V Communication

Vehicle-to-vehicle (V2V) communication phase is the process in which vehicle and other peer vehicle complete authentication to each other and generate session key with the participation of the trusted authority . Figure 2 shows the communication model. A detailed description is as follows: (1) searches for the intended vehicle and obtains ’s pseudonym .(We can search for the intended vehicle based on the deep neural network [35]. The search process is not the focus of this paper, so the detailed search process will not be described here. Then encrypts the pseudonym and current time with ’s public key and finally sends it to to determine whether the pseudonym is legal or not. That is to say(2) searches for in the local database after receiving the message and obtaining , . If there is a matching and it is within the validity time, returns the valid message of pseudoidentifier to . Otherwise, an invalid message of pseudoidentifier is returned. Note that if is a timed-out pseudonym, it is necessary to delete the pseudonym in the database while returning a pseudonym invalid message(3) believes that is a legal vehicle and then calculates ciphertext and ’s public key :where means the communication message, is the current time, and denotes the random number selected by the vehicle . When the calculation is completed, sends ciphertext and its own pseudoidentifier to , both of which are encrypted with ’s public key . That is (4)Upon receiving the message, decrypts the message with its own private key to obtain and . Then encrypts and current time with ’s public key . Finally sends the ciphertext to for verification. That is(5)After getting and , checks whether exists in the local database and verifies whether it has expired. If it is legal and valid, returns the valid message of pseudoidentifier to . Otherwise, an invalid message pseudoidentifier is returned. (Similarly, if is a timed-out pseudonym, it should be deleted from the local database while returning a pseudonym invalid message)(6)After confirms that is legitimate, calculates ’s public key and decrypts the ciphertext to obtain , , and

First, check whether the timestamp is fresh or not. If is fresh, computes where denotes the communication message, is the current time, and means the random number selected by the vehicle . is the session key for subsequent communication. Then encrypts ciphertext with ’s public key and sends the cyphertext to . That is (7)After receiving the message, decrypts the ciphertext and obtains , , and . If is fresh, calculates the session key for subsequent communication with . Otherwise, rejects the messages

4.3.4. Vehicle Tracing

In practical application, disputes may occur from time to time due to various reasons. Sometimes, third-party law enforcement agencies may want to know the real identity of the malicious vehicle immediately. The vehicle tracking phase is a process in which and cooperate with each other and track the suspect vehicle’s real identifier according to its pseudonym. The tracing model is depicted in Figure 3. And the detailed process is as follows: (1)After receiving malicious vehicles’ from law enforcement agencies, searches the corresponding , , and computesand sends the encrypted to : (2) extracts from the receiving :

Therefore, the real identity is successfully tracked.

4.3.5. Vehicle Revocation

In the revocation phase, when the vehicle is confirmed as a malicious vehicle, or the validity period of its pseudonym expires, the central authority shall remove it from the system in time. When gets the pseudoidentifier of the vehicle to be removed, pseudonym information will be deleted from the local database. After that, the authentication request on this pseudonym will fail, because there is no matching legal pseudonym in ’s database.

5. Security Analysis

In this section, we will show that the proposed scheme is correct and secure with respect to the assumption in Section 3.2.

5.1. Formal Security Analysis

Theorem 1. The proposed mutual authentication protocol IBMA is secure assuming that (a) the large integer factoring problem (IFP) is computationally hard and (b) the elliptic curve discrete logarithm problem (ECDLP) is difficult to break by any polynomial time-bounded algorithm.

Proof. We start examining the security of the vehicle’s private and public key, and , respectively. For every probabilistic polynomial time adversary , there is a negligible such that where and are primes with size bits and .
and are two large prime numbers selected by the vehicle. In order to ensure the security, should be 2048 bits, which is generally used in RSA [36], and the size of and should be 1024 bits. There are approximately prime numbers of size less than 1024 bits according to [37], which makes it computationally hard for an adversary to find or .
Based on [38], the most famous heuristic asymptotic running time algorithm of prime number factorization runs on average in time to factor a number of size bits. Therefore, . The above analysis shows that is secure in our protocol. The same logic as for works to show that is also secure.

The above implies the security of Theorem 1 (a) and proves that the generation of vehicles’ RSA private and public keys is secure.

In the proposed protocol, the generation of some public keys (e.g., , ) is computed and deduced from the private key. The security of these public and private key pairs is based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP). At present, the best-known algorithm for solving the elliptic curve discrete logarithm problem is the distributed method [39], and the computational complexity is , where is the largest prime factor of the order of the group and denotes the number of CPUs used by the distributed algorithm. It can be seen that the elliptic curve cryptography is safe when the prime numbers and are large enough. This is the fundamental reason that the order of the elliptic curve solution point group must have a large prime factor. In an ideal situation, the order of the group itself is a large prime number.

For common security assumptions (e.g., large integer factorization and discrete logarithm problems), there are algorithms with subexponential complexity for the time being [40], but there is no subexponential algorithm for solving the intended vehicle elliptic curve discrete logarithm problem. Therefore, ECDLP is difficult to break by any polynomial time-bounded algorithm.

The above complexity analysis shows the difficulty of ECDLP and proves the security of public key generation in our protocol.

5.2. Correctness

The proposed scheme is correct and consistent because of the following reasons:

In the registration phase, the vehicle V first sends its real identity and random number to , where and are encrypted with and , respectively. Thus, the transmission of and is safe. Attackers cannot reveal and without knowing and . After receiving , calculates and then sends and the received ciphertext about to . Note that in order to further strengthen security, will not store but removes it after calculating to avoid leakage. calculates according to the received and then computes the public and private key pair and of the vehicle. Finally, sends , , and to . Since was encrypted with , cannot learn the value of random number . Therefore, , , and are secret. All can do is to forward the message to the vehicle V.

On receiving , vehicle V computes

Because the private key is only held by , no one else can generate the correct public and private key pair and that satisfies the equation. In other words, the vehicle can verify whether the sent is a legal according to the equation, thereby verifying the identity of the , realizing mutual authentication.

In the V2V communication phase, the vehicle first asks whether the assumed communication vehicle ’s pseudonym is legal. After receiving a positive reply, generates ciphertext with its own private key . After that, sends and its own pseudonym to the assumed communication vehicle .

Upon receiving the message, enquires whether is a legal pseudoidentifier. If is legal, calculates the public key of to verify ciphertext ; otherwise, it drops the message.

obtains the communication message , the timestamp , and the random number after is successfully decrypted. Note that if the timestamp is not fresh, the message will also be dropped. Then, generates ciphertext , which will be sent to together with its pseudonym . verifies the identity of in the same way. After the identity verification is passed, the session key is calculated . is part of the ciphertext . Similarly, is part of the ciphertext .

If the attacker does not have the key , it can not generate valid ciphertexts. The vehicle’s public and private key pair and are based on the difficulty of factorization of large complex numbers, so no attackers can calculate the private key according to the public key in probabilistic polynomial time. In addition, the ciphertext and pseudonym are protected by the receiver’s public key. No one else can get the ciphertext and pseudonym.

5.3. Mutual Authentication

The proposed protocol can realize mutual authentication between vehicles and . uses sent by to generate pseudonyms and public-private key pair for vehicles. Vehicles use the public-private key pair sent by to verify . If the public-private key pair are not sent by a legal , the equation will not hold. In conclusion, verifies whether vehicle V has submitted its real identity through , and vehicle V judges whether TA is legal by equation . Thus, the mutual authentication between vehicles and is achieved.

The mutual authentication between vehicles is also achieved. Before V2V communicates, vehicle needs to enquire whether the pseudonym of the communication vehicle is legal. Similarly, confirms the legitimacy of in the same way. Both the receiver vehicle and the sender vehicle need to confirm that the identity of the other party is legal before carrying out subsequent communication to avoid being attacked by attackers. Therefore, the proposed protocol realizes mutual authentication.

5.4. Reliability

In the registration phase, when the real identity () is submitted by the vehicle, the communication contents are protected by ’s public key. Since the public-private key pair of is secured based on the ECDLP assumption, no adversary can calculate the private key according to the public key in probabilistic polynomial time. Thus, the information submitted by the vehicle will not be stolen. In addition, , , and sent by are encrypted by random number , which is generated by the vehicle and discarded after being used once. No attacker including can crack it within the effective time. So the registration phase is reliable.

In the V2V communication phase, the message is protected by the public-private key pair and of the vehicle, and and are generated by RSA, which is based on the difficulty of factorization of a large complex number. No attackers can crack the private key according to the public key . Both ciphertexts and pseudonyms are well protected. Besides, the session key is generated by random numbers generated by both communication parties. The random numbers are in the ciphertexts of the sending vehicles, and the ciphertexts are encrypted by the public key of the receiving parties. No attackers can obtain the random numbers. In conclusion, the V2V communication stage is reliable.

5.5. Anonymity

During the communication, vehicle always uses pseudonym as its identity. The entity communicating with it can only judge whether the pseudonym is legal but cannot know its real identity. The real identity of the vehicle will no longer appear in the communication contents after it is submitted to in the registration phase. will remove in time to prevent leakage. calculates according to sent from . is used as communication pseudonym of registered vehicles. No one knows the correspondence between pseudonyms and real names, including and . If a vehicle’s pseudonym expires, can regenerate its pseudonym based on the current time.

In the existing schemes, most of them store the corresponding relationship between and by a single TA, which has potential safety hazards. Once the TA is compromised, or information leakage occurs in the TA, incalculable hazards will happen. In the proposed scheme, two TAs are in charge of the corresponding relationship. If it is needed to recover the real identifier, two TAs must cooperate with each other. Moreover, there is no information about the real identifier in TA’s database. Even if the information is leaked, the damage is minimal, which greatly improves the security. Therefore, communication anonymity is realized.

5.6. Unforgeability

Unforgeability aims that only the intended vehicles can make valid ciphertexts and authentication messages. Attackers cannot forge valid ciphertexts and authentication messages generated by legitimate vehicles.

In the vehicle and authentication phase, the vehicle must submit its real identity in order to obtain a pseudo identifier and become a legitimate vehicle.

In the V2V authentication, the vehicle must be able to generate a valid ciphertext . At the same time, its pseudonym should exist in the database. If an attacker wants to impersonate vehicle V for communication, he can easily obtain the pseudonym of the vehicle V, because the pseudonym is public. However, he cannot generate a legal ciphertext to pass the verification. Since the private key is generated by the vehicle itself based on the RSA algorithm, it is not feasible to calculate the private key according to the public key . Therefore, the ciphertext is unforgeable.

5.7. Traceability

Traceability means that and have the ability to reveal the real identity of a vehicle in VANETs when it is confirmed as a malicious vehicle.

At first, obtains the of malicious vehicle and calculates the corresponding , where , and then sends to . will recover the real identifier , where . Both and do not know the corresponding relationship between and . Only when they cooperate with each other can they recover vehicle’s real identity. If an attacker wants to capture the real identity corresponding to a pseudonym illegally, he needs to crack the private keys of and at the same time. Since and are random numbers in and , respectively, it is almost impossible to crack them at the same time. Thus, traceability is achieved while improving security.

5.8. Nonrepudiation

Nonrepudiation aims that after traces the real identity of a malicious vehicle, the vehicle cannot deny that it has generate the ciphertext. There is no key escrow problem in the proposed protocol, and the private key in V2V communication is generated by the vehicle itself. No attacker can calculate based on the public key . Therefore, even if and are semihonest, the private key of the vehicle is only owned by itself, and no one else can obtain the private key to make a legal ciphertext. In conclusion, the scheme is undeniable.

5.9. Related Attack

5.9.1. Replay Attack

A replay attack refers to that a malicious attacker reinjects previously received messages into the VANETs to achieve the purpose of attacking legitimate vehicles. In order to prevent the proposed scheme from replay attacks, we add a timestamp to ciphertexts. The ciphertext can only be made by the sender’s vehicle. No one else can forge a legal ciphertext, nor can it change the content of the ciphertext. This is because the attacker cannot obtain the sender’s private key. The receiving vehicle can decide whether to accept the message according to the freshness of the timestamp, and the replayed message cannot pass the verification. Therefore, the proposed scheme can effectively prevent the replay attacks.

5.9.2. Man-in-the-Middle Attack

In addition to replay attacks, the man-in-the-middle attack is also a common attack method used by attackers. Because VANETs use wireless public channel communication, they cannot completely resist attackers from eavesdropping on data packets. But all communication contents in our scheme are protected by key encryption.

In the registration phase, during the submission of the real identity, the contents of the communication are protected by the public keys of and , and attackers cannot obtain meaningful data even if the message is eavesdropped. In the process of pseudonym and public and private key distribution, the communication contents are encrypted and protected by random number as a symmetric key. The random number is generated by the vehicle and discarded after one use. Even if an attacker steals the ciphertext, he cannot infer and modify the content of the plaintext. Therefore, the registration phase can resist the man-in-the-middle attack.

In the V2V communication stage, the communication contents are protected by the public key of the receiver vehicle, and the private key of the vehicle is only owned by himself. Even and cannot know the content of the communication. If an attacker wants to crack the ciphertext, it needs to crack the RSA algorithm within a probabilistic polynomial time, which is impossible. Therefore, the communication phase can resist the man-in-the-middle attack. The security comparison is summarized in Table 2.

6. Performance Analysis

In this section, the performance of the proposed protocol will be briefly described. The proposed protocol adopts IBC and RSA encryption. IBC can greatly reduce the amount of computation and save the storage cost, considering that RSA decryption time is relatively long. The hardware decryption method based on the Montgomery algorithm [41] can help to improve the efficiency. Therefore, our protocol is efficient and does not require the vehicle to have high-performance computing equipment. We evaluate the efficiency of the whole authentication process according to communication cost, storage cost, and computational cost. The experimental environment is Intel (R) Core(TM) i7-8700 CPU @ 3.20 GHz, 8 GB RAM with 64-bit Windows 10 operating system.

6.1. Communication and Storage Cost

Communication cost refers to the number of bits of content transmitted in the channel, and storage cost is the cost of storing different parameters in the memory of each entity. The proposed scheme adopts IBC encryption technology, which eliminates the difficulty of traditional PKI key storage, and only needs to save a few parameters, greatly reducing the storage overhead compared with the existing schemes. For TA, the storage cost of only needs to store its private key secretly except for the public parameters, and there is almost no storage overhead. For , the user’s pseudonym, pseudonym generation time, and valid time need to be stored in addition to the public parameter and private key. The storage overhead is directly proportional to the number of registered vehicles. For vehicles, in addition to the two public and private key pairs and their own pseudonyms, no additional data needs to be saved, and it does not change with the number of vehicles in the network.

In different protocols, the authors used various variables. Generally speaking, the timestamp excepts 8 bytes, the real identifier requires 10 bytes, the pseudonym requires 10 bytes, the multiplication requires 10 bytes, the symmetric encryption/decryption takes 16 bytes, the random number requires 16 bytes, the hash function requires 32 bytes, and the communication message 100 bytes are required; 128 bytes are required for public key encryption and decryption , 128 bytes are required for homomorphic encryption and decryption , and 128 bytes are required for modular exponentiation ; signature algorithm 1 requires 42 bytes, signature algorithm 2 requires 192 bytes, vehicle information requires 100 bytes, and communication message requires 100 bytes. Besides, denotes the number of vehicles. The communication and storage overhead are shown in Table 3.

6.2. Computational Cost

The computational cost refers to the time required for cryptographic operations in the phases of pseudonym generation, public-private key pair generation, identity tracking, etc. Four aspects are mainly involved in the registration phase: pseudonym generation, identity-based public and private key pair generation, bilinear pair verification calculation, and RSA public and private key generation. The pseudonym generation includes two XOR operations and two hash operations. Public and private key generation includes a multiplication operation and a hash operation. When verifying the legality of the TA, a bilinear calculation is performed. The calculation of the bilinear calculation is complicated, but compared with other existing solutions, the verification process of the TA by the vehicle is provided; thus, the mutual authentication is realized, and the security in the registration phase is significantly improved. RSA decryption takes a long time, but fortunately, there are many ways to improve the efficiency of RSA decryption, such as hardware decryption.

In the V2V communication phase, in addition to the necessary communication encryption and ciphertext calculation, each vehicle needs to calculate the public key of the vehicle communicating with it. The process of calculating the public key includes a hash operation and a multiplication operation. Although the amount of calculation has been slightly increased, the difficulty of storing traditional PKI public key certificates is eliminated. Now, only needs to store the pseudonym and its validity time locally, and other required content can be calculated based on public parameters, reducing the storage cost of TA. Moreover, the vehicle has to calculate the session key, which requires only one XOR operation.

In the tracing phase, and only need to perform a hash operation and an exclusive XOR operation, respectively.

Different authors use a variety of operations in their protocols. According to our simulation results, it is measured as follows: one-way hash function operation time: ; public key encryption and decryption time: ; ; symmetric encryption and decryption time: , ; homomorphic encryption and decryption time: , ; signature time and verification signature time: =24.8351 ms, =1.8235 ms, multiplication, division, and addition operation time: , , and ; MAC calculation time: ; bilinear pairing calculation time: ; and exponential operation time: . Compared with other operations, the time of XOR operation is negligible.

It is worth noting that our scheme adopts multiple cryptographic techniques such as public key encryption, symmetric encryption, and bilinear pairing to improve security. As a result, the proposed scheme realizes multiple requirements that cannot be met by existing protocols at the same time, such as mutual authentication, key escrow, and V2V communication issues, which caused our execution running time to be a little long. Specifically, in the pseudonym generation phase, we adopt double TA to generate users’ pseudonyms, and the process of transmitting information is encrypted with public keys. Compared with existing protocols, most of the user’s identity information is transmitted through a secure channel [6, 19, 21, 32, 33], and our scheme is more suitable for real environments. This phase takes about 36.5028 ms. Then, we adopt a bilinear pair to achieve mutual authentication, which is optional. The vehicle can choose whether to verify the identity of TA. It consumes about 4.21 ms. Most of the existing protocols only carry out the identity authentication between vehicles and TA [31–33]. We use three public key encryptions to realize the authentication between vehicles and the generation of the session key. After that, the communication content of the vehicle is protected by the symmetric encryption key. No one else can know the content of the message. The authentication between vehicles consumes about 16.5739 ms. The computational cost is shown in Table 4. If the proposed protocol also adopts a secure channel for registration and only performs authentication between vehicles and TA, it only takes 0.004 ms to complete the registration. The computational cost comparison is shown in Figure 4. Note that in the process of authentication and pseudonym generation, ACPN [7] adopts multiple signature operations, and VGKM [31] uses public key encryption and decryption operations, so their execution time is extremely long compared with other protocols.

7. Conclusion

In this paper, we propose an identity-based mutual authentication model for improving the security and privacy of communication vehicles in VANETs. IBMA is an identity-based anonymous authentication scheme which adopts identity-based encryption to reduce the storage cost of the system and solves the common key escrow problems in identity-based encryption. In addition, in order to further protect the sensitive and private information of vehicles, the central authority in this scheme is semitrusted rather than completely trusted. IBMA achieves a set of desired properties, such as mutual authentication, vehicle-to-vehicle communication, identity tracing, and resistance to various attacks. In our future work, we will explore more efficient encryption algorithms and key generation algorithms to further improve the efficiency of IBMA.

Data Availability

Data is available from http://crypto.stanford.edu/pbc/.

Conflicts of Interest

The authors have no conflict of interest to declare.

References

E. R. Cavalcanti, J. A. R. de Souza, M. A. Spohn, R. C. M. Gomes, and A. F. B. F. da Costa, “VANETs’ research over the past decade,” ACM SIGCOMM Computer Communication Review, vol. 48, no. 2, pp. 31–39, 2018.
View at: Publisher Site | Google Scholar
S. Mathur, T. Jin, N. Kasturirangan, J. Chandrasekaran, M. G. Xue, and W. Trappe, “Parknet: drive-by sensing of road-side parking statistics,” in in Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services (MobiSys 2010), pp. 123–136, San Francisco, California, USA, 2010.
View at: Google Scholar
W. Viriyasitavat, F. Bai, and O. K. Tonguz, “Toward end-to-end control in vanets,” in in 2011 IEEE Vehicular Networking Conference, IEEE VNC 2011, pp. 78–85, Amsterdam, The Netherlands, 2011.
View at: Google Scholar
F. Qu, Z. Wu, F. Wang, and W. Cho, “A security and privacy review of vanets,” IEEE Transactions on Intelligent Transportation Systems, vol. 16, no. 6, pp. 2985–2996, 2015.
View at: Publisher Site | Google Scholar
B. Li, R. Liang, D. Zhu, W. Chen, and Q. Lin, “Blockchain-based trust management model for location privacy preserving in VANET,” IEEE Transactions on Intelligent Transportation Systems, vol. 22, no. 6, pp. 3765–3775, 2021.
View at: Publisher Site | Google Scholar
X. Lin, X. Sun, P. Ho, and X. Shen, “GSIS: a secure and privacy-preserving protocol for vehicular communications,” IEEE Transactions on Vehicular Technology, vol. 56, no. 6, pp. 3442–3456, 2007.
View at: Publisher Site | Google Scholar
J. Li, H. Lu, and M. Guizani, “ACPN: a novel authentication framework with conditional privacy-preservation and non-repudiation for vanets,” IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 4, pp. 938–948, 2015.
View at: Publisher Site | Google Scholar
T. Markmann, T. C. Schmidt, and M. W. Ahlisch, “Federated end-to-end authentication for the constrained internet of things using IBC and ECC,” in in Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, SIG-COMM 2015, pp. 603-604, London, United Kingdom, 2015.
View at: Google Scholar
Y. Tseng, J. Chen, and S. Huang, “A lightweight leakage-resilient identity-based mutual authentication and key exchange protocol for resource-limited devices,” Computer Networks, vol. 196, p. 108246, 2021.
View at: Publisher Site | Google Scholar
T. Ogawara, Y. Kawahara, and T. Asami, “Disaster-tolerant authentication system for NDN using hierarchical id-based encryption,” in in 2013 21st IEEE International Conference on Net-work Protocols, ICNP 2013, pp. 1-2, G’ottingen, Germany, 2013.
View at: Google Scholar
A. Shamir, “Identity-based cryptosystems and signature schemes,” in in Advances in Cryptology, Proceedings of CRYPTO’84, pp. 47–53, Santa Barbara, California, USA, 1984.
View at: Google Scholar
T. H. Yuen, W. Susilo, and Y. Mu, “How to construct identity-based signatures without the key escrow problem,” International Journal of Information Security, vol. 9, no. 4, pp. 297–311, 2010.
View at: Publisher Site | Google Scholar
Y. Huang, K. Fan, and W. Hsieh, “Message authentication scheme for vehicular ad-hoc wireless networks without RSU,” Inf. Hiding Multim. Signal Process, vol. 6, no. 1, pp. 113–122, 2015.
View at: Google Scholar
J. Zhou, Z. Cao, Z. Qin, X. Dong, and K. Ren, “LPPA: lightweight privacy-preserving authentication from efficient multi-key secure outsourced computation for location-based Services in vanets,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 420–434, 2020.
View at: Publisher Site | Google Scholar
L. Wei, J. Cui, Y. Xu, J. Cheng, and H. Zhong, “Secure and lightweight conditional privacy-preserving authentication for securing traffic emergency messages in vanets,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 1681–1695, 2021.
View at: Publisher Site | Google Scholar
X. Feng, Q. Shi, Q. Xie, and L. Liu, “An efficient privacy-preserving authentication model based on blockchain for VANETs,” Journal of Systems Architecture, vol. 117, 2021.
View at: Publisher Site | Google Scholar
M. Raya and J. Hubaux, “Securing vehicular ad hoc networks,” Journal of Computer Security, vol. 15, no. 1, pp. 39–68, 2007.
View at: Publisher Site | Google Scholar
D. Huang, S. Misra, M. Verma, and G. Xue, “PACP: an efficient pseudonymous authentication-based conditional privacy protocol for vanets,” IEEE Transactions on Intelligent Transportation Systems, vol. 12, no. 3, pp. 736–746, 2011.
View at: Publisher Site | Google Scholar
Y. Liu, Y. Wang, and G. Chang, “Efficient privacy-preserving dual authentication and key agreement scheme for secure V2V communications in an iov paradigm,” IEEE Transactions on Intelligent Transportation Systems, vol. 18, no. 10, pp. 2740–2749, 2017.
View at: Publisher Site | Google Scholar
A. Studer, E. Shi, F. Bai, and A. Perrig, “Tacking together efficient authentication, revocation, and privacy in vanets,” in in Proceedings of the Sixth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2009, pp. 1–9, Rome, Italy, 2009.
View at: Google Scholar
W. Jiang, F. Li, D. Lin, and E. Bertino, “No one can track you: randomized authentication in vehicular ad-hoc networks,” in in 2017 IEEE International Conference on Pervasive Computing and Communications, PerCom 2017, pp. 197–206, Kona, Big Island, HI, USA, 2017.
View at: Google Scholar
D. Chaum and E. van Heyst, “Group signatures,” in in Advances in Cryptology-EUROCRYPT’91, Workshop on the Theory and Application of of Cryptographic Techniques, pp. 257–265, Brighton, UK, 1991.
View at: Google Scholar
R. Lu, X. Lin, H. Zhu, P. Ho, and X. Shen, “ECPP: efficient conditional privacy preservation protocol for secure vehicular communications,” in in INFOCOM 2008. 27th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, pp. 1229–1237, Phoenix, AZ, USA, 2008.
View at: Google Scholar
C. D. Jung, C. Sur, Y. Park, and K. H. Rhee, “A robust conditional privacy-preserving authentication protocol in VANET,” in in Security and Privacy in Mobile Information and Communication Systems, First International ICST Conference, Mobi Sec, pp. 35–45, Turin, Italy, 2009.
View at: Google Scholar
S. K. H. Islam, M. S. Obaidat, P. Vijayakumar, E. Abdulhay, F. Li, and M. K. C. Reddy, “A robust and efficient password-based conditional privacy preserving authentication and group-key agreement protocol for VANETs,” Future Generation Computer Systems, vol. 84, pp. 216–227, 2018.
View at: Publisher Site | Google Scholar
A. Malik and B. Pandey, “Security analysis of discrete event based threat driven authentication approach in VANET using petri nets,” Int. J. Netw. Secur., vol. 20, no. 4, pp. 601–608, 2018.
View at: Google Scholar
J. Li, Y. Liu, Z. Zhang, B. Li, H. Liu, and J. Cheng, “Efficient id-based message authentication with enhanced privacy in wireless ad-hoc networks,” in in 2018 International Conference on Computing, Networking and Communications, ICNC 2018, pp. 322–326, Maui, HI, USA, 2018.
View at: Google Scholar
M. A. Alazzawi, H. A. H. Al-behadili, M. N. S. Almalki, A. L. Challoob, and M. A. Shareeda, “ID-PPA: robust identity-based privacy-preserving authentication scheme for a vehicular ad-hoc network,” in in Advances in Cyber Security-Second International Conference, ACeS 2020, pp. 80–94, Penang, Malaysia, 2020.
View at: Google Scholar
A. Asari, M. R. Alagheband, M. Bayat, and M. R. Asaar, “A new provable hierarchical anonymous certificateless authentication protocol with aggregate verification in ADS-B systems,” Computer Networks, vol. 185, p. 107599, 2021.
View at: Publisher Site | Google Scholar
F. R. Asl and R. Samavi, “Synorm: symmetric non repudiated message authentication in vehicular ad hoc networks,” in in 86th IEEE Vehicular Technology Conference, VTC Fall 2017, pp. 1–5, Toronto, ON, Canada, 2017.
View at: Google Scholar
P. Vijayakumar, M. Azees, A. Kannan, and L. J. Deborah, “Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks,” IEEE Transactions on Intelligent Transportation Systems, vol. 17, no. 4, pp. 1015–1028, 2016.
View at: Publisher Site | Google Scholar
Z. Benyamina, K. Benahmed, and F. Bounaama, “ANEL: A novel efficient and lightweight authentication scheme for vehicular ad hoc networks,” Computer Networks, vol. 164, p. 106899, 2019.
View at: Publisher Site | Google Scholar
H. Vasudev and D. Das, “P-SHARP: privacy preserving secure hash based authentication and revelation protocol in IoVs,” Computer Networks, vol. 191, p. 107989, 2021.
View at: Publisher Site | Google Scholar
Z. Feng, J. Ning, I. Broustis, K. Pelechrinis, S. V. Krishnamurthy, and M. Faloutsos, “Coping with packet replay attacks in wireless networks,” in in Proceedings of the 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON 2011, pp. 368–376, Salt Lake City, UT, USA, 2011.
View at: Google Scholar
A. Hottung and K. Tierney, “Neural large neighborhood search for the capacitated vehicle routing problem,” in in ECAI 2020-24th European Conference on Artificial Intelligence, pp. 443–450, Santiago de Compostela, Spain, 2020.
View at: Google Scholar
C. Hazay, G. L. Mikkelsen, T. Rabin, T. Toft, and A. A. Nicolosi, “Efficient RSA key generation and threshold paillier in the two-party setting,” Journal of Cryptology, vol. 32, no. 2, pp. 265–323, 2019.
View at: Publisher Site | Google Scholar
J. Harrison, “Formalizing an analytic proof of the prime number theorem,” Journal of Automated Reasoning, vol. 43, no. 3, pp. 243–261, 2009.
View at: Publisher Site | Google Scholar
J. Katz and Y. Lindell, Introduction to Modern Cryptography, CRC Press, Second Edition edition, 2014.
View at: Publisher Site
J. M. Pollard, “Monte Carlo methods for index computation (𝑚𝑜𝑑𝑝),” Mathematics of Computation, vol. 32, no. 143, pp. 918–924, 1978.
View at: Publisher Site | Google Scholar
P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in in 35th Annual Symposium on Foundations of Computer Science, pp. 124–134, Santa Fe, New Mexico, USA, 1994.
View at: Google Scholar
T. Wu, S. Li, and L. Liu, “Fast RSA decryption through high-radix scalable Montgomery modular multipliers,” Science China Information Sciences, vol. 58, no. 6, pp. 1–16, 2015.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Chaofan Di and Wanqing Wu. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Wireless Communications and Mobile Computing

A Novel Identity-Based Mutual Authentication Scheme for Vehicle Ad Hoc Networks

Abstract

1. Introduction

2. Related Work

3. Preliminaries

3.1. Bilinear Pairings

3.2. Security Assumptions

3.2.1. Definition 1 (Large Integer Factoring Problem (IFP))

3.2.2. Definition 2 (Elliptic Curve Discrete Logarithm Problem (ECDLP))

3.3. Notations and Explanations

4. Authentication Protocol

4.1. Overview of the Protocol

4.2. Threat Model

4.3. The Proposed Protocol

4.3.1. Initialization

4.3.2. Vehicle Registration

4.3.3. V2V Communication

4.3.4. Vehicle Tracing

4.3.5. Vehicle Revocation

5. Security Analysis

5.1. Formal Security Analysis

5.2. Correctness

5.3. Mutual Authentication

5.4. Reliability

5.5. Anonymity

5.6. Unforgeability

5.7. Traceability

5.8. Nonrepudiation

5.9. Related Attack

5.9.1. Replay Attack

5.9.2. Man-in-the-Middle Attack

6. Performance Analysis

6.1. Communication and Storage Cost

6.2. Computational Cost

7. Conclusion

Data Availability

Conflicts of Interest

References

Copyright