Loading web-font TeX/Math/Italic
An Efficient Conditional Privacy-Preserving Authentication Scheme for the Prevention of Side-Channel Attacks in Vehicular Ad Hoc Networks | IEEE Journals & Magazine | IEEE Xplore

An Efficient Conditional Privacy-Preserving Authentication Scheme for the Prevention of Side-Channel Attacks in Vehicular Ad Hoc Networks


Communication costs.

Abstract:

Several group signature or identity schemes have been proposed for addressing the issues of security in a vehicular ad hoc network (VANET). Nonetheless, none of these sch...Show More

Abstract:

Several group signature or identity schemes have been proposed for addressing the issues of security in a vehicular ad hoc network (VANET). Nonetheless, none of these schemes suitably cope with the performance efficient during the signing and verifying safety-messages. Furthermore, adversaries could acquire sensitive data stored in a tamper-proof device (TPD) by utilizing side-channel attacks. An efficient conditional privacy-preserving authentication scheme is proposed for the prevention of side-channel attacks and reducing the performance efficiency of the system in this paper. Moreover, to resist side-channel attacks, critical data stored in the TPD is frequently and periodically updated. Lastly, due to our work employs the one-way hash function and the elliptic curve cryptography, its performance evaluation has lower computation and communication cost compared to other schemes.
Communication costs.
Published in: IEEE Access ( Volume: 8)
Page(s): 226624 - 226636
Date of Publication: 18 December 2020
Electronic ISSN: 2169-3536

CCBY - IEEE is not the copyright holder of this material. Please follow the instructions via https://creativecommons.org/licenses/by/4.0/ to obtain full-text articles and stipulations in the API documentation.
SECTION I.

Introduction

Each year, more than 1 million person are caused to affect by a road incident. The harm of driving environment is the ninth causing of mortality universally and afford a loss at more than 2% or 1 USD trillion of the Gross Domestic Product (GDP) world [1], [2]. Besides, congestion waste massive fuel and time amount.

Intelligent transport systems (ITSs) play a highly significant role in the movement of the new human being in the digital world recently. To enhance the traffic road of vehicular in the future, ITSs provide innovative and comprehensive applications for controlling these unpleasant events [3]. It is being constructed for building smart vehicle via the fast development of wireless communication technology [4], [5]. New vehicle telcos and manufacturers have introduced the fact that wireless tools will be an integral part of each vehicle, allowing them for communicating with other vehicles and with infrastructures of road. This vehicle forms a specific kind of ad hoc network, where the vehicle is considered the network’s node. Such networks are known as vehicular ad hoc networks (VANETs) that are a type of the mobile ad hoc networks (MANETs) that utilizes the technology of wireless for proximity and communication of vehicle for fixing infrastructures [6].

Communications of VANET are classified as either Vehicle-to-Infrastructure (V2I) or Vehicle-to-Vehicle (V2V). With these communications, each vehicle broadcasts a periodic safety-messages with their position, traffic events, speed and heading. Any vehicle within the coverage area, whether legal or not, will receive these safety-messages since the broadcasting in an openness communication of VANET. Nonetheless, this will also permit adversaries to change, alter and replay these safety-messages and broadcast them in the system. The broadcast of these changed and forged safety-messages could cause for situations such as road accidents, traffic disruption, etc., and therefore justify the call for modifies to be made for messaging security. Before they become practical, the security issues in VANETs requires to be carefully addressed. In this paper, there are some following contributions for summarizing our proposed scheme,

  • First, an efficient conditional privacy-preserving authentication scheme for securing vehicle-to-vehicle (V2V) and vehicle to infrastructure (V2I) communications. Besides, the proposed scheme shows that satisfies the requirements of security of design goal in VANETs.

  • Second, a proposed that resists side-channel attacks by regularly updating the critical data stored in the tamper-proof device (TPD) of vehicle.

  • Finally, a proposed is more efficient than existing schemes and appropriate for an area with high traffic density by using the one-way hash function and the elliptic curve cryptography (ECC).

The remainder of this paper is organized as follows: Section II deals with the security schemes regarding VANETs. Section III introduced preliminaries of the proposed scheme. Section IV shows the five phases included in the proposed scheme. Section V shows security analysis and comparison of our work in details. Section VI presents the performance evaluation. Conclusions of the proposed scheme are shown in Section VII.

SECTION II.

Related Work

In this section, we review and discuss the related schemes since VANETs have suffered from issues of mutual authentication and conditional privacy-preserving. Existing scheme regarding security and privacy is commonly classified into two main categories as follows,

A. Group-Signature Based Schemes

The core fundamental of group-signature based schemes is that each group member could be able for signing safety-message anonymously on behalf of the full group. The Chaum and van Heyst were first introduced group-signature [7]. Lin et al. [8] introduced a security scheme based on the group signature for securing V2V communication in vehicular systems. This scheme provides security and privacy without inducing the managing overhead regarding to multiple certificates at sides of the membership manager (MM). Zhang et al. [9] introduced a privacy-preserving scheme relies on a practical secure for applications of value-added. In their scheme, the vehicle only needs a member key for generating verifier-local revocation without violating the drivers’ privacy. Shao et al. [10] designed a threshold anonymous authentication approach to address issues of security and privacy in VANETs. This scheme combines between the model of decentralized group and method of threshold authentication for obtaining threshold authentication. Lim et al. [11] introduced a key distribution scheme to propose secure and scalable by utilizing the domain concept with a number of RSUs for group signature-based authentication.

However, the main limitation of group-signature based schemes is growing the Certificate revocation list (CRL) size since the multiple revoked vehicle is increased. In addition, the vehicle uses two bilinear pairing operations for checking on CRL operation, which cause increasing of the verification computation overhead.

B. Identity Based Schemes

In order to address the limitation of group-signature based schemes, many scholars have proposed identity-based schemes. The core fundamental of identity-based schemes is that the identity information extracted by the public key, while TA computes the private key. Shamir has first proposed an identity in 1984 [18]. Zhang et al. [19], [20] conducts a security and privacy scheme based on bilinear pairing by supporting batch authentication process which allowing a large number of safety-messages received by rest of components to be verified simultaneously in VANETs. Lee and Lai [21] and Chim et al. [22] indicated that the proposed schemes by [19], [20] have drawbacks due to an OBU could utilize a false identity for eliminating the requirement of traceability. Besides, [19], [20] cannot withstand impersonation attack and replay attack. Jianhong et al. [23] indicates some limitations of security in the scheme of [21], for example that it cannot satisfy the requirements of non-repudiation and traceability and cannot withstands replay attack. To address the flaws in scheme of [21], a secure identity based scheme was conducted by Jianhong et al. [23]. Bayat et al. [14] pointed out the authentication scheme of Lee and Lai [21] have insecure against the attacks of impersonation. Therefore, they proposed an enhanced authentication scheme. He et al. [15] introduced an identity-based security and privacy scheme for securing communication in vehicular systems. This scheme does not utilization a bilinear pair in the process of signature verification since it is among the finest operations of time-consuming in cryptography. Instead, in their work, elliptic curve cryptography (ECC) is based on signing and verifying safety-messages. Azees et al. [24] suggested an authentication scheme to avert attackers entering into the V2V and V2I communications. Besides, the proposed scheme supports a conditional tracking scheme to trace the malicious components in the VANETs. Zhang et al. [12] proposed an authentication with conditional Privacy-preserving scheme based on chinese remainder theorem (CRT) in VANETs. This scheme utilizing fingerprints rather than a password and genuine identity for identity verification. Cui et al. [13] proposed an authentication with conditional Privacy-preserving scheme based on the binary search and cuckoo filter methods to satisfy the top success rate in the batch verification method. Bayat et al. [25] suggested an RSU based scheme in which a private key of TA is equipped to the TPD on RSUs since the communication channels between the TAs and RSUs are more faster and secure compared to put a private key to each OBUs. Al-shareeda et al. [16] proposed lightweight security without using batch verification method (LSWBVM) scheme for making single verification has the ability a large number of safety-messages during driving broadcasting. However, this scheme is vulnerable from various security attacks such as impersonation and modification attacks due to the verifying vehicle uses only a one-way hash function for signature verification. Also, its vulnerable to replay attacks since the timestamp is not included on the safety-message tuple. Besides, this scheme is not satisfying authentication and integrity requirements in vehicular systems. Besides, it is suspect from side-channel attack due to the vehicle’s identity stored on TPD is not update for a long time. Also, Al-shareeda et al. [17] suggested a new and efficient conditional privacy-preserving authentication (NE-CPPA) scheme for securing the V2V and V2I communications in vehicular systems. This scheme computes the private key of the system by TA and preloads in the TPD that assumed not to be compromised with any adversary. Nevertheless, an adversary also could obtain some data saved in the TPD through the attack of side-channel. When the TA’s private key is obtained by the adversary, the vehicular system will be disturbed.

Table 1 summarizes the recent existing identity based schemes with their techniques applied, advantages, and limitations that proposed a mutual authentication and conditional privacy-preserving in VANETs. To overcome the aforementioned issues arising in the VANETs, we will propose an efficient conditional privacy-preserving authentication scheme for prevention of side-channel attacks, furthermore, by adding update parameter stored phase in our work for periodically changing in the TPD of the vehicle for preventing malicious adversaries from getting critical information via side-channel attacks for collapsing the VANETs system. Besides, the proposed scheme utilizes operations of ECC rather than operations of bilinear pairing; therefore, the proposed has lower performance efficiency regarding computation and communication cost compared others schemes.

TABLE 1 Summarizes the Recent Existing Identity Based Schemes With Their Techniques Applied, Advantages, and Limitations
Table 1- 
Summarizes the Recent Existing Identity Based Schemes With Their Techniques Applied, Advantages, and Limitations

SECTION III.

Preliminaries

In this section, we first define the structure of system model; this is followed by a presentation of the design goals in terms of security requirements and finally, the security attacks specified in this paper are defined. The major notations utilized in the proposed scheme are presented in Table 2.

TABLE 2 Definition of Notations in This Paper
Table 2- 
Definition of Notations in This Paper

A. System Model

The proposed scheme’s system model is included of three components, OBU, RSU and TA, as shown in Figure 1.

  • OBU:

    Vehicles in VANET are equipped with an On-Board Unit (OBU) which allow the vehicles for processing, receiving and broadcasting safety-messages. OBUs are fitted with a tamper-proof device (TPD) that using to save critical data.

  • RSU:

    Roadside unit (RSU) is a wireless device located to the road as an infrastructure node. The RSU links with the TA by wired channel and links with vehicles in the wireless channel.

  • TA:

    Trusted authority (TA) has high computation and communication resources. The responsibility of TA generates the system’s public parameters and pseudo-ID for each vehicle.

FIGURE 1. - The structure of system model in VANETs.
FIGURE 1.

The structure of system model in VANETs.

B. Design Goals

In order to fulfil the security of V2V and V2I communications in the system, the proposed scheme should be to satisfy requirements of security, as follows.

  • Integrity and authentication:

    The wireless components in VANETs must have the ability to determine any modification of the received safety-messages and must able to validate received safety-messages and authenticate nodes for ensuring the security of communications.

  • Identity privacy preservation: An adversary must able to disclose the vehicle’s identity by capturing a multiple safety-messages sent by it. Thus, the identity of the vehicle maintains anonymous to other legitimate and illegitimate vehicles for ensuring the driver’s privacy.

  • Traceability and revocation: The TA must be capable for disclosing the identity of the vehicle from its safety-messages to prevent malicious vehicles from denying their trust for the system’s disruption by sending forge safety-messages to other authenticated vehicles.

C. Security Attacks

Its easy by adversaries to be lunch certain security attacks since the nature openness of VANETs communication. In this subsection, we briefly present some vulnerabilities with the capabilities of an adversary in the VANETs.

  • Replay attacks.

    The aim of misbehaving vehicles is to replay the old issued valid signature to the receiver for creating the illusion that accidents are happening.

  • Modification attacks.

    The aim of misbehaving vehicles is to change the authentic safety-messages and send to other nodes [26]. For example, a malicious vehicle could feed forge messages to nearby vehicles. Thus, the verifying recipient cannot be executed with changed messages.

  • Impersonation attacks.

    The aim of misbehaving vehicles is to impersonate a registered vehicle and transmit a proper safety-message to other vehicles in which the attacker attempts to masquerade as a registered vehicle.

  • Man-In-The-Middle attacks.

    The aim of misbehaving vehicles is to implement information sniffing and tampering with intercept two communication sides [27], [28].

  • Side-channel attacks.

    The aim of misbehaving vehicles is to obtain sensitive data stored in the TPD by utilizing a side-channel attack. When the misbehaving vehicles get the TA’s private key, the structure of the system will collapse.

After the TA calculates the initial public parameters, it preloads them to the RSUs and OBUs in advance. Via the steps of mutual authentication, the vehicle must execute authenticating itself with the system for exchanging safety-message based on the RSU’ parameters. Thus, the attacker does not have the ability to authorize access to the coverage region. After the vehicle is considered as to be registered vehicle, it calculates its signature of the message and the verifier will then check these signature.

We propose an efficient conditional privacy-preserving authentication scheme for prevention of side-channel attacks for ensuring secure communication in VANETs. The five phases included in the proposed scheme is presented as follows: phases of system initialization, mutual authentication, signing safety-message, verifying safety-message and update parameters. The phases of the proposed scheme are visualized in Figure 2.

FIGURE 2. - Sequence diagram of the proposed scheme.
FIGURE 2.

Sequence diagram of the proposed scheme.

D. Phase of System Initialization

The phase of system initialization is included in the following subsection,

1) TA Initialization

In order to compute the initial public parameters of the system, the TA should execute the following steps.

  • Two numbers of large prime q ,p are chosen by TA, the generator P of an additive group G , which includes of each point on the non-singular with the order q by identifying elliptic curve E (y^{2} = x^{3} + ax + b mod p , where a, b \in F_{p} ).

  • A random value k \in Z_{q}^{*} are chosen by TA as TA’s private key and then calculates Pub = kP to be its corresponding public key.

  • Lastly, three functions of one-way hash h_{1}, h_{2} and h_{3} are chosen by TA, where -h_{1}:G \rightarrow Z_{q}^{*} , -h_{2}:\{0,1\}^{*}\times \{0,1\}^{*}\times G \rightarrow Z_{q}^{*} and-h_{3}:\{0,1\}^{*}\rightarrow Z_{q}^{*} .

SECTION IV.

The Proposed Scheme

2) RSU and Vehicle Registration

In order to register the RSU and the vehicles at the TA, the following steps should be executed,

  • Once the TA receives RSU’s identity ID_{RSU_{j}} , the TA verifies the RSU’s validity.

  • The private key k is stored by the TA on the RSU’s TPD.

  • Once the driver submits identity ID_{i} and password PW_{i} via secure communication, the TA checks the driver’s validity.

  • The TA generates the pseudonym Pdm = h_{3} (ID_{i} ——SP_{vi} ) after it verifies the ID_{i} validity, where V_{vi} is a short period.

  • The TA preloads <Pdm, V_{vi} > and k via a secure channel into the TPD of the vehicle and each RSU, respectively.

  • Initial public parameters of the system \psi = {p , q , a , b , P , Pub, h_{1}, h_{2}, h_{3} } are preloaded by TA in each vehicle’s OBU and RSU.

A. Phase of Mutual Authentication

The vehicle reaches in the RSU’s communication range and performs the mutual authentication before it sends safety-messages to the nearby RSU or neighbour vehicle. Once the signature key SK received by the vehicle from the RSU, the vehicle’s authenticity is considered as a registered, thus, this vehicle could broadcast safety-messages to the nearby RSU or neighbour vehicle. Figure 3 shows the top-level mutual authentication process of the proposed scheme. The following steps are utilized to perform the process of this phase.

  • OBU-TO-RSU : Once the vehicle selects random value w \in Z_{q}^{*} , it generates its pseudo-ID PsID_{i} = <PsID_{i}^{1} , PsID_{i}^{2} > as follows:

    PsID_{i}^{1} = w P

    PsID_{i}^{2} = Pdm \oplus h_{1}(w Pub)

    Then, the vehicle transmits Tuple_{1} to the RSU, where Tuple_{1} = {PsID_{i} , TS_{1}\,\,\delta _{OBU-RSU} }, \delta _{OBU-RSU} = h_{3} (PsID_{i}|| TS_{1}|| Pdm) and TS_{1} is timestamp.

  • RSU-TO-TA : Once the Tuple_{1} is received by RSU from the OBU, RSU start to check the TS_{1} freshness. Each timestamp is checks as follows. Subtract the present time TS with The TS_{1} for judging the Tuple_{1} freshness. If the result is less than the threshold of time, then TS_{1} is fresh. Otherwise, the safety-message is dropped. Then, it calculates the Pdm = PsID_{i}^{2} \oplus h_{1}(k PsID_{i}^{1}) and verifies whether \delta _{OBU-RSU}\,\,\stackrel {?}{=}\,\,h_{3} (PsID_{i}|| Pdm|| TS_{1}) . The RSU rejects the Tuple_{1} when it is not ok; otherwise, it selects random value z \in Z_{q}^{*} . It generates its pseudo-ID PsID_{RSU_{j}} = <PsID_{RSU_{j}}^{1} , PsID_{RSU_{j}}^{2} > as bellow:

    PsID_{RSU_{j}}^{1} = z P

    PsID_{RSU_{j}}^{2} = ID_{RSU_{j}} \oplus h_{1}(z Pub)

    Then, the RSU transmits Tuple_{2} to TA, where Tuple_{2} = {PsID_{i} , PsID_{RSU_{j}}, TS_{2}, \delta _{RSU-TA} } and \delta _{RSU-TA} = h_{3}(ID_{RSU_{j}}|| Pdm|| TS_{2}) .

  • TA-TO-RSU : Once the Tuple_{2} is received by TA from the RSU, it first checks the TS_{2} freshness. If TS_{2} is fresh, then the TA does not reject the safety-message. Otherwise, the Tuple_{2} is dropped. TA then calculates the ID_{i} = PsID_{i}^{2} \oplus h_{1}(k PsID_{i}^{1}) and ID_{RSU_{j}}= PsID_{RSU_{j}}^{2} \oplus h_{1}(k PsID_{RSU_{j}}^{1}) from PsID_{i} and PsID_{RSU_{j}} , respectively. Then it verifies for confirming the \delta _{RSU-TA}\,\,\stackrel {?}{=}\,\,h_{3}(Pdm|| ID_{RSU_{j}}|| TS_{2}) . If is not ok, the TA rejects the Tuple_{2} ; otherwise, it checks the identity authenticity of RSU and OBU through saved number ID_{i}, ID_{RSU_{j}} , respectively. If it is ok, then the TA does not reject safety-message and it chooses random value r \in Z_{q}^{*} , TA generates its pseudo-ID PsID_{TA} = <PsID_{TA}^{1} , PsID_{TA}^{2} > as follows:

    PsID_{TA}^{1} = r P

    PsID_{TA}^{2} = ID_{RSU_{j}}^{*} \oplus h_{1}(r Pub)

    Then, the TA transmits Tuple_{3} to RSU, where Tuple_{3} = {PsID_{TA}, TS_{3}, \delta _{TA-RSU} }, \delta _{TA-RSU} = h_{3}(ID_{RSU_{j}}^{*}||TS_{3}) and ID_{RSU_{j}}^{*} is the same RSU identity.

  • RSU-TO-OBU : Once the Tuple_{3} is received by RSU from the TA, it checks the TS_{3} freshness. If TS_{3} is fresh, then the RSU does not reject the safety-message. Otherwise, the Tuple_{3} is dropped. RSU then generates the ID_{RSU_{j}}^{*} = PsID_{TA}^{2}= \oplus h_{1}(k PsID_{TA}^{1}) and verifies whether match of the ID_{RSU_{j}}^{*} =ID_{RSU_{j}} . It verifies whether \delta _{TA-RSU} \stackrel {?}{=}\,\,h_{3}(ID_{RSU_{j}}^{*}||TS_{3}) . The TA rejects the Tuple_{3} when it is not ok; otherwise, RSU generates the signature key SK for the vehicle as follows: SK = k.h_{2}(PsID_{i}^{1}|| PsID_{i}^{2})

    Then, the RSU transmits Tuple_{4} to OBU, where Tuple_{4} = {PsID_{i}, TS_{4}, SK_{enc} , \delta _{RSU-OBU} }, SK_{enc} = SK \oplus h_{1}(Pdm) and \delta _{RSU-OBU} = h_{2}(Pdm||SK||TS_{4}) .

  • OBU : Once the Tuple_{4} is received by OBU from the RSU, it calculates the SK = SK_{enc} \oplus h_{1}(Pdm) and verifies whether \delta _{RSU-OBU}\,\,\stackrel {?}{=}\,\,h_{2}(Pdm||SK||TS_{4}) by assisting its Pdm . If it is ok, then the vehicle does not reject the PK as its corresponding signature key.

FIGURE 3. - Process of mutual authentication phase.
FIGURE 3.

Process of mutual authentication phase.

To ensure the pseudo-ID security and its corresponding signature key in the system, we advise a protocol of updating the signature key as demonstrated in [29] for our work. Over this protocol, the vehicle uses pseudo-ID and its corresponding signature key for a few periods of routing in the system.

B. Phase of Signing Safety-Message

Once the vehicle joins the communication range of the RSU during the mutual authentication process, it starts sending safety-message utilizing Sk as a signature for each safety-message. Figure 4 shows the process of signing safety-message phase.

  • The vehicle calculates the signature of safety-message; \delta _{m} = Sk + w. h_{3}(m||TS) .

  • The vehicle calculates \sigma = h_{3}(m||TS) PsID_{i}^{1} .

  • The vehicle sets \delta _{m} and \sigma are utilized to verifying safety-message for the recipient.

  • Finally, the vehicle sends the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } to neighbor vehicles and nearby RSUs.

FIGURE 4. - The process of signing and verifying messages.
FIGURE 4.

The process of signing and verifying messages.

C. Phase of Verifying Safety-Message

This section presents the single and batch verifying safety-messages, as shown in Figure 4.

1) Single Verifying Safety-Message

Each vehicle only verifies the safety-message signature utilizing this process of verification. Once the recipients receive signed safety-message, they should check its validity and authenticity. Ensuring no misbehaving vehicles can be considered to be legal vehicles before accepting the safety-message for further processing. Therefore, false safety-messages are preventing in the transmission. The single verifying safety-message method is presented in deeply as follows:

  • Once the verifier received the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma }, it verify the timestamp TS freshness first.

  • Then, the verifier utilizes \delta _{m} and \sigma of the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } to check safety-message m , where \sigma = h_{3}(m||TS) PsID_{i}^{1} and \delta _{m} = Sk + w. h_{3}(m||TS) . If Equation 1 holds, the safety-message does not reject. Otherwise, the verifier will drop the safety-message.\begin{equation*} \delta _{m}. P = h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub + \sigma\tag{1}\end{equation*}

    View SourceRight-click on figure for MathML and additional features.

Equation 1 proof is presented as follows:\begin{align*}&\hspace {-2pc} L.H.S\\&\hspace {-2pc} \delta _{m}. P\\=&Sk + w. h_{3}(m||TS).P \\=&\Big (k.h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) + w. h_{3}(m||TS) \Big).P\\=&h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) k.P + h_{3}(m||TS) w. P\\=&h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub + h_{3}(m||TS) PsID_{i}^{1}\\=&h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub + \sigma \\=&R.H.S\end{align*}

View SourceRight-click on figure for MathML and additional features.

Therefore, Equation 1 is checked to be true.

2) Batch Verifying Safety-Message

Via this batch verifying safety-message process, the recipient checks a multiple safety-messages at the same time. For reducing the time consumed, our work uses a batch verifying safety-message method. For satisfying the non-repudiation requirement in our work, we uses the technique of tiny exponent test [23]. The recipient randomly computes an integer number \eta = {\eta _{1} , \eta _{2} ,....,\eta _{n} }, where \eta = \in \,\,[1,2^{t}] and t is a tiny value, which the computation overhead is not increased. Besides, consider that a verifier receives a large number of the tuple of safety-message-signature {PsID_{i}^{1} , m^{1} , TS^{1} , \delta _{m}^{1} , \sigma ^{1} }, {PsID_{i}^{2} , m^{2} , TS^{2} , \delta _{m}^{2} , \sigma ^{2} },…, {PsID_{i}^{n} , m^{n} , TS^{n} , \delta _{m}^{n} , \sigma ^{n} }. Then, the verifier utilizes \delta _{m}^{n} of the tuple of safety-message-signature {PsID_{i}^{n} , m^{n} , TS^{n} , \delta _{m}^{n} , \sigma ^{n} } for simultaneously verifying the safety-message by utilizing Equation 1, as follows:\begin{align*} \left({\sum _{i=1}^{n}(\gamma.\delta _{m})}\right). P \!=\! \left({\sum _{i=1}^{n}(\gamma.h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub)}\right) \!+\!(\gamma.\sigma)\!\! \\\tag{2}\end{align*}

View SourceRight-click on figure for MathML and additional features.

Equation 2 proof is presented as follows:\begin{align*}&\hspace {-1.2pc} L.H.S \left({\sum _{i=1}^{n}\eta _{i}.\delta _{m} }\right). P\\=&\sum _{i=1}^{n}\eta _{i}.(Sk + w. h_{3}(m||TS)). P \\=&\sum _{i=1}^{n}\eta _{i}.(k.h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}). P + w. h_{3}(m||TS)). P \\=&\sum _{i=1}^{n}\eta _{i}.(h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) k. P + h_{3}(m||TS))w. P \\=&\sum _{i=1}^{n}\eta _{i}.(h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub + h_{3}(m||TS))PsID_{i}^{1} \\=&\sum _{i=1}^{n}\eta _{i}.(h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub + \sigma \\=&R.H.S\end{align*}

View SourceRight-click on figure for MathML and additional features.

Therefore, Equation 2 is checked to be true.

D. Phase of Update Parameters

To prevent attacks of side-channel, the sensitive data stored (pseudonym of vehicle) in the TPD must be regularly updated via an online mode and annual inspection. Nonetheless, a few period, without updating the sensitive data stored for waiting for the mode of next annul inspection, the adversary could have enough period for obtaining sensitive data that can collapse the entire VANETs. The vehicle should execute the following specific steps for updating the sensitive data stored in the TPD by utilizing the online mode are as follows:

  • The vehicle selects a random number r \in Z_{q}^{*} and computes PsID_{i}^{1}=r P and PsID_{i}^{2}= Pdm \oplus h_{1}(r.Pub) . Then, the vehicle sends message {PsID_{v}^{new} , TS_{1} , \delta _{OBU_{i}^{new}} } to the TA, where PsID_{v}^{new} = {PsID_{i}^{1} =r P , PsID_{i}^{2}= Pdm \oplus h_{1}(r.Pub) } and \delta _{OBU_{i}^{new}} = h_{3}(Pdm\|PsID_{i}^{1}\|PsID_{i}^{2}\| \,\,TS_{1}) .

  • The freshness of timestamp TS_{1} is verified, once the TA receives the message {PsID_{v}^{new} , TS_{1} , \delta _{OBU_{i}^{new}} }. If TS_{1} is valid, then TA calculates old pseudonym of authenticated vehicle Pdm=PsID_{i}^{2}\oplus h_{1}(k.Pub) . The TA checks whether \delta _{OBU_{i}^{new}} = ? h_{3}(Pdm\|PsID_{i}^{1}\|PsID_{i}^{2}\|TS_{1}) holds. TA verifies whether the tuple (ID_{i}, Pdm, SP_{vi} ) presents in the its registration list of vehicle; else TA checks the SP_{vi} freshens.

  • Once the SP_{vi} is expired, a modern short period SP_{vi}^{New} is selected by TA. Then, the TA calculates a new pseudonym of authenticated vehicle Pdm^{New}=h_{3}(ID_{i}\|SP_{vi}^{New}) . It will drop if SP_{vi} is still freshness.

  • TA encrypts message (Ps^{New},\lambda _{i}^{New}) by using the previous encryption key E_{\lambda _{i}} \in Z_{q}^{*} to the vehicle and updates the new tuple (OID_{i}, Ps^{New}, VP_{vi}^{New}, \lambda _{i}^{New} ) into the registration list of vehicles.

    K_{enc} , \delta _{RSU-OBU} }, SK_{enc}^{new} = SK \oplus h_{1}(Pdm) and \delta _{RSU-OBU} = h_{2}(Pdm||SK||TS_{4}) .

  • TA sends a message (Pdm_{enc}^{new}, SP_{vi} ) to the vehicle, where Pdm_{enc}^{new} = Pdm \oplus h_{1}(k. PsID_{i}^{1}) .

  • Lastly, the vehicle computes Pdm = Pdm_{enc}^{new} \oplus h_{1}(k. PsID_{i}^{1}) to obtain new pseudonym.

SECTION V.

Security Analysis and Comparison

In this section, we first present the structure of formal analysis in terms of random oracle model and BAN logic; this is followed by a description of security requirements and finally, the security comparison between the proposed and other schemes.

A. Formal Analysis

We use random oracle model and BAN logic to prove formal analysis of the proposed scheme as follows,

1) Random Oracle Model

This subsection lunches a game among adversary AY and challenger CR , where AY is a broker of the proposed scheme security and CR is the robustness of the proposed scheme.

Theorem 1:

This work against an adaptive chosen message attack under the random oracle model is existentially unforgeable

Proof:

Suppose CR could forge a legitimate the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } in the proposed scheme. Besides, suppose that an instance of ECDLP (P, Q = k .P) is specified for two points P, Q on E , and k \in Z_{q}^{*} . The CR then could overcome the unquestionably of ECDLP with AY like a subroutine.

Setup: CR calculates the private key and public parameters of the system \psi = {p , q , a , b , P , P_{pub}, h_{1}, h_{2}, h_{3} } and then establishes three lists, namely, LIST_{h^{1}} with form of (\alpha, \tau h_{1} ), LIST_{h^{2}} with form of (PsID_{i}^{1} , PsID_{i}^{2} , \tau h_{2} ) and LIST_{h^{3}} with form of (m , TS , \tau h_{3} ). AY is empty at first. Then, CR forwards \psi to AY .

Oracle of LIST_{h^{1}} : After CR receives message request \alpha from AY , it first tests if tuple (\alpha, \tau h_{1}) is LIST_{h^{1}} exist. If right, then, CR sends \tau h_{1} = h(\alpha) to AY . Otherwise, CR chooses \tau h_{1} \in Z_{q}^{*} random and attaches ((\alpha,\tau h_{1} ) into LIST_{h^{1}} . Then, CR forwards \tau h_{1} = h(\alpha) to AY .

Oracle of LIST_{h^{2}} : After CR receives message request PsID_{i}^{1} , PsID_{i}^{2} from AY , it first tests if tuple (PsID_{i}^{1} , PsID_{i}^{2} , \tau h_{2} ) is LIST_{h^{2}} exist. If right, then, CR sends \tau h_{2} = h(PsID_{i}^{1} ——PsID_{i}^{2} ) to AY . Otherwise, CR chooses \tau h_{2} \in Z_{q}^{*} random and attaches ((PsID_{i}^{1} , PsID_{i}^{2} , \tau h_{2} ) into LIST_{h^{2}} . Then, CR forwards \tau h_{2} = h(PsID_{i}^{1} ——PsID_{i}^{2} ) to AY .

Oracle of LIST_{h^{3}} : After CR receives message request m , TS from AY , it first tests if tuple (m , TS , \tau h_{3} ) is LIST_{h^{2}} exist. If right, then, CR sends \tau h_{3} = h(m||TS) to AY . Otherwise, CR chooses \tau h_{3} \in Z_{q}^{*} random and attaches ((PsID_{i}^{1} , PsID_{i}^{2} , \tau h_{3} ) into LIST_{h^{3}} . Then, CR forwards \tau h_{3} = h(m||TS) to AY .

Sign: When receiving an CR request of sign from AY through message m , it computes {h^{i,2} , h^{i,3} , \delta _{m} \in Z_{q}^{*}, PsID_{i}^{2} \in G }. AY generates PsID_{i}^{1}= (\delta _{m} P - h^{i,2} h^{i,3}Pub) . CR inserts the (PsID_{i}^{1}, PsID_{i}^{2}, \tau h_{2}) into LIST_{h^{2}} and (m, TS, \tau h^{3}) into LIST_{h^{3}} . Lastly, CR forwards the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } to AY . The Oracle of Sign replay is legitimate due to the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } complies with Equation (3):\begin{equation*} \delta _{m} P = h^{i,2} Pub + \sigma\end{equation*}

View SourceRight-click on figure for MathML and additional features. where \sigma = h^{i,3} PsID_{i}^{1} \begin{equation*} =h^{i,2} Pub + \sigma +(\delta _{m} P - h^{i,2} Pub + \sigma)= \delta _{m} P\tag{3}\end{equation*}
View SourceRight-click on figure for MathML and additional features.

Output: CR ends up with the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma }. CR tests this tuple utilizing Equation 4 as follows:\begin{equation*} \delta _{m} P= h^{i,2} Pub + \sigma.\tag{4}\end{equation*}

View SourceRight-click on figure for MathML and additional features.

CR continues the game when Equation 4 does not hold.

Based on the forgery lemma in [21], AY could results another valid the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma }. Hence, we obtain Equation 5 the following equation is obtained:\begin{equation*} \delta _{m}^{*}P= {h^{i,2}}^{*} Pub + \sigma.\tag{5}\end{equation*}

View SourceRight-click on figure for MathML and additional features.

From the two 4 and 5, we can obtain \begin{align*} (\delta _{m}-\delta _{m}^{*})P=&\delta _{m} P-\delta _{m}^{*}P \\=&h^{i,2} Pub + \sigma - {h^{i,2}}^{*} Pub + \sigma \\=&h^{i,2} Pub \!-\! {h^{i,2}}^{*} Pub \!= \!(h^{i,2}\! -\! {h^{i,2}}^{*}) Pub.\tag{6}\end{align*}

View SourceRight-click on figure for MathML and additional features.

Therefore, we could get (\delta _{m}-\delta _{m}^{*} )= (h^{i,2} - {h^{i,2}}^{*}) Pub mod p .

AY results s = (\delta _{m} - \delta _{m}^{*})= (h^{i,2} - {h^{i,2}}^{*})^{-1}

Hence, the proposed scheme in the random oracle model is resistant for choosing adaptive message attacks under the supposition that ECDLP is hardness.

2) BAN Logic

By using a generally formal logic as known BAN logic, the proposed scheme should achieve specific goals of security among the components in VANETs for mutual verification. The essential definition of the introduction of BAN logic is removed in this paper. We refer the reader for further details [30], [31].

Security goals

The main idea of these operations is to validate the session key among the components in the system. Thus, the proposed scheme requires for achieving the eight major goals as follows,

The proposed scheme’s goals are as follows.

  • Goal-1. TA|\equiv OBU_{i}|\equiv (Pdm) .

  • Goal-2. TA|\equiv (Pdm) .

  • Goal-3. TA|\equiv RSU_{j}|\equiv (ID_{RSU_{j}}) .

  • Goal-4. TA|\equiv (ID_{RSU_{j}}) .

  • Goal-5. RSU_{j}|\equiv TA|\equiv (\delta _{TA-RSU_{j}}) .

  • Goal-6. RSU_{j}|\equiv (\delta _{TA-RSU_{j}}) .

  • Goal-7. OBU_{i}|\equiv RSU_{j}| \equiv (SK) .

  • Goal-8. OBU_{i}|\equiv (SK) .

Phase of idealize the proposed:

  • The messages sharing between components in VANETs are idealized for the our work as follows

    M-1. OBU_{i}\to RSU_{j} : {PsID_{i} , TS_{1}\,\,\delta _{OBU-RSU} }.

    M-2. RSU_{j}\to TA: {PsID_{i} , PsID_{RSU_{j}}, TS_{2}, \delta _{RSU-TA} }.

    M-3. TA\to RSU_{j} : {PsID_{TA}, TS_{3}, \delta _{TA-RSU} }.

    M-4. RSU\to OBU_{i} : {PsID_{i}, SK_{enc} , \delta _{RSU-OBU} }.

  • The messages of proposed are idealized as follows:

    SMI-1. OBU_{i} \to TA:(ID_{i})_{Pub} .

    SMI-2. RSU_{j} \to TA: (ID_{RSU_{j}})_{Pub} .

    SMI-3. TA \to RSU_{j}: (\delta _{TA-RSU_{j}})_{Pub} .

    SMI-4. RSU_{j} \to OBU_{i}: (SK)_{h(ID_{i})} .

Assumptions.

The following assumptions regarding to the initial situation of our work are made:

  • Ass-1. TA|\equiv \#(TS_{2}) .

  • Ass-2. RSU_{j}|\equiv \#(TS_{1}, TS_{3}) .

  • Ass-3. OBU_{i}|\equiv \#(TS_{4}) .

  • Ass-4. TA|\equiv |\xrightarrow {Pub} OBU_{i} .

  • Ass-5. TA|\equiv |\xrightarrow {Pub} RSU_{j} .

  • Ass-6. OBU_{i}|\equiv OBU_{i} \leftrightarrow {ID_{i}} RSU_{j} .

  • Ass-7. TA|\equiv OBU_{i} \Rightarrow (ID_{i}) .

  • Ass-8. TA|\equiv RSU_{j} \Rightarrow (ID_{RSU_{j}}) .

  • Ass-9. OBU_{i}|\equiv RSU_{j} \Rightarrow (SK) .

  • Ass-10. RSU_{j}|\equiv |\xrightarrow {Pub} TA ).

  • Ass-11. RSU_{j}|\equiv TA \Rightarrow (\delta _{TA-RSU_{j}}) .

Proof.

In this part, the eight security goals included in the proposed scheme are accomplished.

From SMI-1., we obtain:

S-1: TA \triangleleft (ID_{i})_{Pub}

From S-1, Ass-4, and by using rule of message meaning, we obtain:

S-2: TA| \equiv OBU_{i}| \sim (ID_{i})

From S-2, Ass-1, and by using nonce-verification and freshness rules, we obtain:

S3: TA| \equiv OBU| \equiv (OID_{i})

Therefore, security Goal-1 is accomplished.

From S-3, Ass-7, and by using jurisdiction rule, we obtain:

S-4: TA| \equiv (ID_{i})

Therefore, security Goal-2 is accomplished.

From SMI-2., we obtain:

S-5: TA \triangleleft (ID_{RSU_{j}})_{Pub}

From S-5, Ass-5, and by using rule of message meaning, we obtain:

S-6: TA| \equiv RSU_{j} |\sim (ID_{RSU_{j}})

From S-6, As-1, and by using nonce-verification and freshness rules, we obtain:

S-7: TA| \equiv RSU_{j}| \equiv (ID_{RSU_{j}})

Therefore, security Goal-3 is accomplished.

From S-7, Ass-8, and by using rule of jurisdiction, we obtain:

S-8: TA| \equiv (ID_{RSU_{j}})

Therefore, security Goal-4 is accomplished.

From SMI-3., we obtain:

S-9: RSU_{j} \triangleleft (\delta _{TA-RSU_{j}})_{Pub}

From S-9, Ass-10, and by using rule of message meaning, we obtain:

S-10: RSU_{j}|\equiv TA |\sim (\delta _{TA-RSU_{j}})

From S-10, Ass-2, and by using nonce-verification and freshness rules, we obtain:

S-11: RSU_{j}|\equiv | TA| \equiv (\delta _{TA-RSU_{j}})

Therefore, security Goal-5 is accomplished.

From S-11, As-11, and by using rule of jurisdiction, we obtain:

S-12: RSU|\equiv (\sigma _{TA-RSU})

Therefore, security Goal-6 is accomplished.

From SMI-4., we obtain:

S-13: OBU_{i} \triangleleft (SK)_{h(ID_{i})}

From S-13, Ass-6, and by using rule of message meaning, we obtain:

S-14: OBU_{i}| \equiv RSU_{j} |\sim (SK)

From S-14, Ass-3, and by using nonce-verification and freshness rules, we obtain:

S-15: OBU_{i}| \equiv RSU_{j}| \equiv (SK)

Therefore, security Goal-7 is accomplished.

From S-15, Ass-9, and by using jurisdiction rule, we obtain:

S-16: OBU_{i}| \equiv (SK)

Thus, security Goal-8 is accomplished.

Consequently, the eight security goals collectively guarantee that components of the proposed scheme are mutually validated.

B. Security Requirements

This subsection analyses how our work fulfills the requirements of security as follows,

  • Message integrity and authentication:

    A receiver can check the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } sent from a vehicle regarding to authenticity of node and integrity of message by verifying whether equation \delta _{m}. P = h_{2}(PsID_{i}^{1}|| PsID_{i}^{2}) Pub + \sigma holds. For instance, once capturing the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } from authenticated vehicle AV_{j} in our work, a vehicle V_{i} changes the safety-message m_{i}^{c} and sends changed the tuple of safety-message-signature {PsID_{i} , m_{i}^{c} , TS , \delta _{m} , \sigma } into the V2V and V2I communications. The verifying vehicle VV_{v} verifies the f changed the tuple of safety-message-signature {PsID_{i} , m_{i}^{c} , TS , \delta _{m} , \sigma } validity by verifying whether Equation 1 or 2 hold. If ok, then our work is satisfied requirements of integrity and authentication.

  • Identity privacy preservation:

    In the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } of our work, a pseudo-ID PsID_{i} includes two secret values (i.e., (w, k)\in Z_{q}^{*} ), which are chosen at random by the broadcasting TA and vehicle, respectively. Its possible by an adversary to disclose the pseudonym Pdm of vehicle due to an attacker does not have the ability to compute k PsID_{i}^{1} and wkP based on the ECCDH and ECDL problems, respectively. As Pub=kP , PsID_{i}^{1} = wP and PsID_{i}^{2} = Pdm \oplus h_{1}(w Pub) . The adversary has the ability to compute kPsID_{i}^{1} , wkP from Pub=kP and PsID_{i}^{1} = wP for obtaining the pseudonym Pdm of vehicle. This process to prevent the attacker from disclosing the vehicle’s Pdm from the aforesaid computation due to it is depended on hard problems. Therefore, requirement of identity privacy preservation is satisfied by our work.

  • Traceability and revocation:

    In V2V and V2 communications, traceability and revocation are significant security requirements. If a forge safety-messages are transmitted from a malicious vehicle, the TA then can disclose the vehicle’s identity from its pseudo-ID PsID_{i} . The TA’s private key k in our work is utilized to disclose the identity ID_{i} via the following computations.\begin{align*} Pdm=&PsID_{i}^{2} \oplus h_{1}(k PsID_{i}^{1}) \\=&Pdm \oplus h_{1}(k Pub)\oplus h_{1}(k PsID_{i}^{1}) \\=&Pdm\end{align*}

    View SourceRight-click on figure for MathML and additional features.

    Then, TA research the identity ID_{i} on the registration list of the vehicle which its match with Pdm . Besides, revocation is a serious security requirement for securing V2V and V2I communications. After the process of traceability is done, the TA inserts the identity ID_{i} to the CRL and transmits the modern list of CRL. Thus, the RSU containing malicious vehicle broadcasts and updates the CRLs in the local. Hence, our work satisfies requirements of traceability and revocation due to they provide conditional anonymity

  • Resistance to replay attacks

    This proposed scheme uses the current timestamp TS in the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma }. During the process of verification by a receiver, an adversary can not alter TS in the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma }. If TS was had expired or invalid, then the safety-message would be dropped. Hence, the proposed scheme successfully resists the replay attacks.

  • Resistance to impersonation attacks

    The attacker should get a vehicle’s identity if they want to send a true the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } by impersonating the authenticated vehicle. Furthermore, based to previous knowledge, the attacker cannot discover an identity’s vehicle in the proposed scheme. The impersonation attack in our work is therefore ineffective. Hence, the proposed scheme successfully resists the impersonation attacks.

  • Resistance to modification attacks

    The signature \delta _{m} is included in the tuple of safety-message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma } of the proposed scheme and ensures the security of the safety-message from the modification attacks. During the process of authentication by a receiver, if an adversary modifies or changes the safety-message, then it would be dropped. Therefore, the proposed scheme successfully resists the modification attacks.

  • Resistance to man-in-the-middle attacks

    Mutual authentication among the signer and the receiver is executed in the proposed scheme. If the adversaries attempt a man-in-middle attack, they then should forge the signer message and receiver message for connecting with it. Nonetheless, an attacker cannot generate this attack type, based on the above analysis. Hence, our work successfully resists the man-in-the-middle attacks.

  • Resistance to side-channel attacks

    Several scholars resort to saving the private key of the system in the TPD of OBU due to it is possible by misbehaving vehicle to be compromised. Nonetheless, an adversary can easily get critical data stored in the TPD via a side-channel attack. To cope with this attack, our work regularly update the (Pdm ) in the TPD, where Pdm = h_{3} (ID_{i} ——SP_{vi} ). It is stated that the pseudonym Psm of vehicle is using frequently and repeatedly; therefore, if the Pdm is not continuously updated, it will offer ample chance for the misbehaving vehicle for disclosing and exploiting the pseudonyms regarding the safety-messages. Nonetheless, in the proposed scheme, the Pdm is already updated before an adversary can be disclosed and exploited. For example, once adversaries reach the vehicle’s TPD directly, they disclose the registered pseudonym Pdm utilized for calculating the tuple of safety message-signature {PsID_{i} , m , TS , \delta _{m} , \sigma }. In our work, the pseudonym is frequently and periodically updated (Indicate to Subsection IV-D), therefore making the adversary does not have the ability for exploiting the revealed previous pseudonym. Thus, our work successfully resists the side-channel attack.

C. Security Comparison

This section compared the design goal in terms of requirements of security between the other related schemes and proposed scheme. Table 3 indicates the comparison of security requirements. Let SR-1, SR-2, SR-3, SR-4, SR-5, SR-6 and SR-7, refer message integrity and authentication, identity privacy preservation, traceability and revocation, resistance to replay attacks, resistance to impersonation attacks, resistance to modification attacks, and resistance to side-channel attacks, respectively.

TABLE 3 Comparison Between Other Related Schemes and the Proposed Scheme
Table 3- 
Comparison Between Other Related Schemes and the Proposed Scheme

According to Table 3, neither Jianhong et al.’s [23], He et al.’s [15], Bayat et al.’s [14], Al-shareeda et al. [16] or Al-shareeda et al. [17] schemes satisfy all of the security requirements in the system. Nonetheless, the security requirements are completely satisfied in the proposed scheme.

SECTION VI.

Performance Evaluation

To overcome the issues regarding the system overhead in terms of computation cost and communication cost, we present the analysis and comparison of the performance evaluation between the proposed scheme and the schemes proposed by Jianhong et al. [23], Bayat et al. [14], He et al. [15], Al-shareeda et al. [16] and Al-shareeda et al. [17]. The cost of computation is regarding the multiple operations of cryptographic that have to be executed in the signing and verifying the messages. While the cost of communication regards to the tuple of safety-message-signature size, containing the multiple of elements in the tuple of safety-message-signature. The following subsections, we present the description of the computation cost and communication cost are described in detailed.

A. Computation Cost Analysis

A group G_{1} of additive is computed with an 80 bit level of security in a bilinear pairing. Various parameters of the ECC and bilinear pair schemes are indicated in Table 5. In this paper, we use MIRACL [32] that widely used cryptographic libraries, is utilized in our experiment due to it provides us for measuring the cost of computation regarding executing time of several cryptographic operations. Cryptography operations used in this work [16] employing in this paper- see Table 4. For simplicity, let PSSM , SVSM , and BVSM denote phase of signing safety-message; single verifying safety-message; and batch verifying safety-messages, respectively.

TABLE 4 The Running Times for Operation of Cryptographic [16]
Table 4- 
The Running Times for Operation of Cryptographic [16]
TABLE 5 Various Cryptography Operations Cost
Table 5- 
Various Cryptography Operations Cost

In He et al. [15] scheme, PSSM includes three operations of scalar multiplication and three functions of one-way hash, therefore 3 ECC_{T}^{pm} + 3 h_{T} is the whole computation overhead for PSSM . SVSM includes three operations of scalar point multiplication and two functions of one-way hash, therefore the total cost is 3 ECC_{T}^{pm} + 2 h_{T} . BVSM\,\,(n+2) operations of scalar multiplication, and (2n) functions of one-way hash, therefore (n+2) ECC_{T}^{pm} + (2n) h_{T} . is the whole computation overhead for BVSM . In the same way, we perform the computation cost of other existing schemes. In the proposed scheme [17] scheme, PSSM includes one operation of scalar multiplication and two functions of one-way hash, therefore 1 ECC_{T}^{pm} +2 h_{T} is the whole computation overhead for PSSM . SVSM includes two operations of scalar multiplications, one operation of point addition and one function of one-way hash, therefore 2 ECC_{T}^{pm} + 1 h_{T} is the whole computation overhead for SVSM . BVSM (2) operations of scalar multiplication, (\text{n}+1 ) operations of point addition, and (2n) operations of one-way hash function, therefore 2 ECC_{T}^{pm} + (n) h_{T} is the whole computation overhead for BVSM . In the same way, we perform the computation cost of other existing schemes.

As shown in Table 6, the computation cost of the proposed scheme improves by (2.0184 - 0.6738) / 2.0184~\approx ~66.7 %, (2.0236 - 1.3446) / 2.0236~\approx ~33.6 % and ((0.6718 * 100+1.3405 ) - (0.001 * 100+1.3436 )) / (0.6718 * 100+1.3405 ) \approx ~97.9 % that PSSM , SVSM and BVSM of He et al. scheme [15], respectively. The improvement of performance of the proposed scheme compared with the other schemes regarding PSSM , SVSM and BVSM are listed in Table 7.

TABLE 6 Computation Cost Comparison
Table 6- 
Computation Cost Comparison
TABLE 7 Computation Overhead Comparison Improvement
Table 7- 
Computation Overhead Comparison Improvement

B. Communication Cost Analysis

In this section, we present the performance evaluation in terms of the communication cost. In order to fulfil the same level of security in the proposed scheme and their schemes, we utilize the parameters presented in Table 5. The made of supposition in our work are consistent across the schemes: the size of the result of the timestamp is 4 bytes and the size of the result of the secure hash function is 20 bytes. Table 8 presents the cost of communication between the proposed scheme and other schemes.

TABLE 8 Communication Cost Comparison
Table 8- 
Communication Cost Comparison

The tuple of safety-message-signature in the He et al. scheme [15] is (40 * 3+ 20+4 ) = 144 bytes, where the tuple of safety-message-signature consists of three elements in \{PID_{il}^{1}, PID_{il}^{2}, R_{i} \in G\} , one element \{\sigma _{m} \in Z_{q}\} , and one timestamp. In our scheme, the vehicle sends a tuple of safety-message-signature with size (3 * 20+ 40+4 ) = 104 bytes and the content of tuple of safety-message-signature is one timestamp, one item in {PsID_{1} \in G\} and two items in \{ PsID_{2}, \delta _{m}, \sigma \in z_{q}\} . In the same way, we perform the communication cost of other existing schemes. Table 8 illustrates the whole cost of communication between the proposed scheme and other schemes, and Figure 5 illustrates the corresponding outcome

FIGURE 5. - Communication costs.
FIGURE 5.

Communication costs.

SECTION VII.

Conclusion and Future Work

In this paper, An efficient conditional privacy-preserving authentication scheme is proposed. Compare with other schemes, and our scheme can resist the side-channel attack by periodically updating the critic data stored on the TPD on OBU of vehicle. Also, the proposed scheme is shown secure during authentication according to the rule of the BAN logic. Security analysis proves that the design goals regarding the security requirements are satisfied in our work. Finally, due to the proposed scheme uses the one-way hash function and ECC, the performance evaluation of our work are the lowest compared to other existing schemes regarding computation cost and communication cost.

In future work, the experiment could be executed utilizing platforms of network simulation, such as SUMO and OMNET++, to simulate road traffic and VANET networks, respectively.

References

References is not available for this document.