Secure Certificateless Authentication and Road Message ...

Research ArticleSecure Certificateless Authentication and Road MessageDissemination Protocol in VANETs

Haowen Tan 1 Dongmin Choi 2 Pankoo Kim 1

Sungbum Pan 3 and Ilyong Chung 1

1Department of Computer Engineering Chosun University 309 Pilmun-daero Seonam-dong Dong-guGwangju 61452 Republic of Korea2Division of Undeclared Majors Chosun University 309 Pilmun-daero Seonam-dong Dong-gu Gwangju 61452 Republic of Korea3Department of Electronic Engineering Chosun University 309 Pilmun-daero Seonam-dong Dong-guGwangju 61452 Republic of Korea

Correspondence should be addressed to Ilyong Chung iycchosunackr

Received 17 January 2018 Revised 21 March 2018 Accepted 10 April 2018 Published 20 May 2018

Academic Editor Ding Wang

Copyright copy 2018 Haowen Tan et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

As a crucial component of Internet-of-Thing (IoT) vehicular ad hoc networks (VANETs) have attracted increasing attentionsfrom both academia and industry fields in recent years With the extensive VANETs deployment in transportation systems ofmore and more countries driversrsquo driving experience can be drastically improved In this case the real-time road informationneeds to be disseminated to the correlated vehicles However due to inherent wireless communicating characteristics of VANETsauthentication and group key management strategies are indispensable for security assurance Furthermore effective roadmessage dissemination mechanism is of significance In this paper we address the above problems by developing a certificatelessauthentication and road message dissemination protocol In our design certificateless signature and the relevant feedbackmechanism are adopted for authentication and group key distribution Subsequently message evaluating and ranking strategyis introduced Security analysis shows that our protocol achieves desirable security properties Additionally performance analysisdemonstrates that the proposed protocol is efficient compared with the state of the art

1 Introduction

Vehicular ad hoc networks (VANETs) are distributedself-organized wireless networks constructed by vehicles andnearby road-side units (RSUs) The real-time dynamic com-munication enables efficient and durative informationexchange between vehicles and RSUs Hence intelligenttransportation system (ITS) is achievable with the widelyimplementation of VANETs [1 2] A variety of VANET-basedapplications which can be mainly classified into safety-related applications and commercial-oriented applica-tions not only enhance the driving safety but also pro-vide better driving experience Typical safety-related appli-cations include emergency vehicle warnings traffic con-gestion report road accident informing and speed moni-toring [3 4] Commercial-oriented applications provideconvenience service and entertainment applications such as

weather forecast information broadcasting of nearby petrolstations and restaurants navigation and Internet access

In general a basic VANET consists of three importantcomponents the trusted authority (TA) road-side units(RSUs) and vehicles [5ndash7] Considered as both the applica-tion provider and key server TA is responsible for providingvarious services to vehicles through RSUs Moreover pivotalsecret key assignment along with the user managementfor correlated vehicles is conducted by TA The RSUs aredeployed by the road sides one after another CommonlyRSUs are built aside the road in every kilometer Thus theeffective range ofVANET system can cover each section of theroad In this case RSUs are considered as the communicationbridge connecting TA and vehicles which provides timelytransmission of vital personal data To a certain degreeRSUs have the capability of conducting computation andstoring essential information in its memories [8] The vehicle

HindawiWireless Communications and Mobile ComputingVolume 2018 Article ID 7978027 13 pageshttpsdoiorg10115520187978027

2 Wireless Communications and Mobile Computing

performs as both terminal customer and information col-lector In other words useful information including trafficcongestion and emergency road condition is forwarded tothe corresponded RSU Each vehicle is equipped with anonboard unit (OBU) which conducts all the computationand communication [9 10] Compared with regular wirelesssensor networks [11] vehiclersquos high mobility is the uniquecharacteristic of VANETs

In VANETs the data exchange between TA and RSUsare via secure wired connection where the adopted crypto-graphic strategies guarantee transmission security and mes-sage confidentiality Meanwhile vehicle-to-vehicle (V2V)communication and vehicle-to-RSU (V2R) communicationare conducted through openwireless channel which employsthe dedicated short-range communications (DSRC) [12ndash14]On the one hand themoving vehicle can carry out interactivedata exchange with specific RSU through V2R communica-tion On the other hand one vehicle is capable of sharingessential messages with other vehicles in its vicinity throughV2V communication In this way a VANET with highconnectivity can be built accordingly [15]

As a particular variant of wireless sensor networks appar-ently theVANETs suffer frommultiple charted andunchartedsecurity attacks [9 14] In V2V and V2R communicationsthe transmitted messages may be eavesdropped blocked oreven forged by malicious devices Hence significant userinformation is revealed to the attacker accordingly whichcompromises the whole VANET and brings severe user pri-vacy disclosure issue [1 13] Under this circumstance properauthentication strategies are required so as to provide securityand privacy assurance Moreover highmobility feature of thevehicles brings uncertainty to the communication processwhich should also be taken into consideration

Among the aforementioned safety-related applicationsroad message dissemination is one of the essential functionsfor VANET [16] With the assistance of RSUs and remoteserver the vehicles of the sameVANET could share necessarydriving-related informationwith each other By analyzing theacquired traffic information of current areas the driver is ableto make better driving decisions such as choosing the bestnavigation route ahead of time Furthermore occurrences ofroad accidents and traffic jams can be drastically reduced [9]Thus the driversrsquo driving experience is improved

In VANETs typical road message management strategiesare mainly composed of information collection and dissem-ination First the road messages are reported by the partici-pating vehicles through OBUs [17] Afterwards the acquiredmessages will be processed and then disseminated to thelegitimate vehicles In some VANETs scenarios TA arrangesall the road messages collected from RSUs via wired trans-mission [18]Meanwhile in decentralizedVANETs scenariosmost of the computation and storing are done in the RSUside [7] while TA performs as the key generation center(KGC) Consequently in particular dense scenarios withlarge amounts of emerging vehicles the decentralized archi-tecture could reduce the computation overload and storagecomplexity in TA

As described above authentication strategies are neces-sary during roadmessage dissemination [4 19] Furthermore

the characteristic group communication between RSU andvehicles is indispensable which enables convenient dataexchange In this case the group key shared betweenRSU andall the legitimate vehicles is required Note that the group keydistribution should be conducted aftermutual authentication[6 20]

As for message dissemination in practical VANETs occa-sions two channels are required [21] namely the officialchannel and normal channel Official channel is provided bygovernmental agencies where the broadcast road informa-tion is precise and trustworthy Note that this channel isassumed to be based on real-time monitoring with satellitesand road cameras Thus it is precise and trustworthy Mean-while normal channel is the more ordinary way where theroad information is gathered from normal vehicles In thiscase some of the vehicles are assumed to be benign deviceswhich transmit precise messages while the rest are negativevehicles [22] Note that the negative vehicles may reporttrivial or even false information to the VANET system Forthis consideration with the purpose of guaranteeing thedissemination exactitude impartial and effective messageevaluation mechanism is necessary [23] For instance inextreme scenarios with massive road messages to be dissem-inated before dissemination it is necessary for the RSUs toaggregate and evaluate the acquired road messages beforedissemination Hence the RSUs could broadcast in a particu-lar sequence according to the significance and reliability ofeach message Urgent and authentic road messages can bebroadcast in the first place

During the message dissemination of the entire VANETsthe accuracy and efficiency of message dissemination closelydepend on the participating vehicles [15 24] Hence it is vitalto deploy appropriate rewarding strategy so as to motivatethe driversrsquo enthusiasm on reporting [20 25] For examplecoupons or discounts on certain commodities can be grantedto the trustworthy drivers with timely and precise reportingrecords In other words the drivers are encouraged withincentives which is of great benefit to the entire VANET

In this paper we propose a secure certificateless authenti-cation and road message dissemination protocol in vehicularad hoc networks Our nontrivial efforts can be summarizedas follows

(i) Secure Certificateless Authentication Scheme for Group KeyDistribution With the purpose of enhancing transmissionsecurity we adopt the bilinear pairing based on elliptic curveinto our authentication scheme Hence the active vehicleswithin the effective range can be identified and then allocatedwith the group key The proposed scheme yields desirablesecurity properties

(ii) Road Message Priority Management and DisseminationMechanismTheencrypted roadmessages are delivered to thecorresponding RSU The received road message is evaluatedbased on both the vehicle priority and the assessment Inthis way accuracy and efficiency of the messages dissemi-nation process are provided Hence the drivers can timelyarrange their routes according to the delivered road informa-tion

Wireless Communications and Mobile Computing 3

(iii) Security and Performance Analysis The formal securityanalysis is provided involving some necessary proofs onresistance to the existing malicious attacks Furthermoreperformance analysis emphasizing the transmission overloadand computation cost is hereby presented

The remainder of this paper is organized as followsSection 2 provides brief description of the related researchachievements Section 3 introduces some necessary prelim-inary works and the designed system model in order for thereader to obtain better understanding of this topic Section 4presents the proposed secure certificateless authenticationscheme in detail Section 5 describes the proposed roadmessage dissemination scheme Section 6 demonstrates thesecurity analysis Section 7 displays the performance analysisThe conclusion is drawn in Section 8

2 Related Work

In order to provide enhanced authentication and securetransmission in VANETs various cryptographic techniqueshave been deployed in existing researches [2 3 6 16 26ndash28] In 2009 Studer et al [3] developed a hybrid VANETauthenticationmechanism (VAST) based on the elliptic curvedigital signature algorithm (ECDSA) [29] and TESLA [30]with the purpose of providing fast and extensible authentica-tion and nonrepudiation Subsequently emphasizing groupauthentication and conditional privacy Zhang et al [26] pro-posed a scalable decentralized group authentication protocolwhere certain vehicle is able to verify anonymous messagesfrom neighboring vehicles Motivated by chameleon hashsignature based on elliptic curve in 2011 Huang et al [27]designed pseudonymous authentication-based conditionalprivacy protocol (PACP) which adopts the pseudonymsfor anonymous communication Similarly ABAKA [6] withbatch verification was proposed by Huang et al After that Luet al [28] presented a dynamic privacy-preserving key man-agement scheme (DIKE) enabling both vehicle anonymousauthentication and double-registration detection Guo et al[2] designed a privacy-preserving anonymous authenticationprotocol with vehicle unlinkability and authority trackabilityin 2014 where high efficiency and desired security propertiescan be achieved accordingly Afterwards multiple authenti-cation and group keymanagement protocols inVANETs havebeen designed recently [8 31]

Specifically identity-based encryption which was firstpresented by Shamir [33] for certificate management of KGChas been widely implemented in VANETs authenticationprotocols In 2007 Lin et al [34] combined group signaturewith identity-based cryptography in the proposed GSIS pro-tocol Hence appropriate traceability toward specific vehicleis achieved After that Zhang et al [15] designed an identity-based batch signature verification scheme in VANETs wheremultiple signatures can be simultaneously verified in oneRSU Nevertheless this scheme suffers from replay attack[35] Subsequently Sun et al [5] constructed an identity-based security framework in order to address themisbehaviorissue in VANET system In 2012 Shim [9] developed anidentity-based conditional privacy-preserving authenticationscheme (CPAS) supporting fast batch verification However

the proposed protocol is vulnerable to modification attack[36] Another signature scheme for VANETs named EIBS[37] was proposed in 2015 where the RSUs perform as thecertificate verifiers in order to decrease the computation over-load in TA side Moreover the anonymity of the legitimatevehicle is provided by using pseudo identity instead of realidentity Hence the vehicle privacy is preserved Aimingto decrease the computational complexity He et al [10]designed an identity-based conditional privacy-preservingauthentication scheme in VANETs With relatively limitedcomputation and communication requirements the pro-posed protocol is suitable for practical VANETs applications

With the purpose of addressing the key escrow issue inidentity-based public key cryptography system (ID-PKC)certificateless public key cryptography (CL-PKC) was firstintroduced by Al-Riyami and Paterson [38] in 2003 In CL-PKC design the private partial keys are respectively gener-ated by the semitrusted key generation center (KGC) and theuser itself Multiple certificateless authentication protocolswere proposed afterwards [25 39] Thereafter Li and Wang[17] presented a fast certificateless authentication scheme(RCS) employing bilinear pairing where particular vehiclesare selected as the assistance to the relevant RSUs In thiscase the transmission overload can be alleviated AfterwardsXiong and Qin proposed a certificateless encryption schemeand another certificateless signature scheme with efficientrevocation against short-term key exposure in [40] In 2016Peng [1] designed an anonymous authentication protocolbased on certificateless signature scheme which providesconditional privacy and mutual authentication

Furthermore as the crucial and unique feature ofVANETs message dissemination has been studied due to itspromising advantages in both safety-related and commercial-oriented applications Focusing on commercial advertise-ments dissemination Tseng et al [7] adopted Reed-SolomonCode in the incentive scheme through interactions betweenvehicles Similarly a cooperative message authenticationscheme [18] is developed to alleviate the verification overloadin the RSU side where the legitimate vehicles are responsiblefor message verification in the vicinity Thereafter in orderto achieve high reliability and low dissemination delay at thesame time density-aware emergency message extension pro-tocol (DEEP) [22] is constructed As illustrated emergencywarning messages can be timely delivered to all the vehicleswithin the operating range which could drastically improvedriving safety As one of the significant services offered byVANETs RSU-assisted navigation is studied by Chim et alin [20] In the assumption the real-time road conditions areused to compute a better route for the requesting vehiclesTheprivacy of the drivers can be protected with the advantagesof anonymous credential In [23] Milojevic and Rakocevicdeveloped a location-aware data aggregation mechanism forreal-time observation and efficient message disseminationThe communication cost is minimized with the use of in-telligent passive clustering and adaptive broadcasting Forimproving the accuracy of the delivered message the aggre-gated information is arranged by real-time spatiotemporaldatabase refreshing Recently Liu et al presented a cloud-assisted message downlink dissemination scheme (CMDS)


TA

RSU

RSU

V2R communication

V2V communication

Figure 1 System Model

under a developed VANET-cellular heterogeneous frame-work combining cloud computing [21 41]

3 Model Definition and Preliminaries

In this section some necessary preliminaries are introducedwith the purpose of facilitating the readersrsquo understandingincluding the definition of bilinear pairing and hash func-tion Subsequently the corresponding notations the systemmodel and network assumptions are illustrated

31 Bilinear Pairing Let GO and GN be two additive cyclicgroups of a large prime order P A map function 119890 GO timesGO rarr GN is a bilinear pairing if it satisfies the threeproperties below

(1) Bilinear for forall119872119873 isin GO and forall119886 119887 isin ZlowastP there is119890(119886119872 119887119873) = 119890(119872119873)119886119887 In addition for forall119872119873 119884 isinGO there are 119890(119872 + 119873119884) = 119890(119872119884)119890(119873 119884) and119890(119872119873 + 119884) = 119890(119872119873)119890(119872 119884)

(2) Nondegeneracy for exist119872119873 isin GO there is 119890(119872119873) =1(3) Computability for forall119872119873 isin GO there is an efficient

algorithm to compute 119890(119872119873)In order to prove the security of our schemes the follow-

ing intractable problems are briefly presented as(1) discrete logarithm problem (DLP) for forall119872119873 isin GO

it is difficult to find an integer 119886 isin ZlowastP such that119872 =119886119873 holds(2) computational Diffie-Hellman problem (CDHP) forforall119872 119886119872 119887119872 isin GO it is difficult to compute 119886119887119872(3) decisional Diffie-Hellman problem (DDHP) forforall119872 119886119872 119887119872 119888119872 isin GO and forall119886 119887 119888 isin ZlowastP it is

difficult to decide whether 119888 = 119886119887modP holds(4) pairing inversion problem (PIP) for a pairing 119890 andforall119888 isin ZlowastP it is difficult to find119872119873 isin GO such that119890(119872119873) = 119888 holds

32 Hash Function A one-way hash function is consideredto be secure if the following properties can be satisfied [42]

(1) Inputting a message 119909 of arbitrary length it is easyto compute a message digest of a fixed length outputℎ(119909)

(2) Given 119910 it is difficult to compute 119909 = ℎminus1(119910)(3) Given 119909 it is computationally infeasible to find 1199091015840 = 119909

such that ℎ(1199091015840) = ℎ(119909) holds33 Notations The notations and the brief description arelisted in Notations

34 System Model The structure of VANET system of ourdesign is shown in Figure 1 where the whole VANET systemis composed of three entities the trusted authority (TA)the road-side units (RSUs) and the vehicles Descriptions ofthese entities are respectively illustrated below

Trusted Authority (TA) is a trustworthy managementcenter in charge of all the involving RSUs and vehicles Thevital systemoperations including vehicle registration assign-ment and secret key generation are all conducted by TAAdditionally TA stores the significant user data in its mem-ory Hence TA is assumed to have adequate storage and com-puting capabilityMoreover performing as both the trustwor-thy verifier and key generation center TA is infeasible to becompromised by the adversariesThus various services can besecurely presented to the designated vehicles In this case thegroup key is necessary for secure message exchange

Road-side units (RSUs) are vital VANET infrastructureimplemented at the roadside which perform as the soleintermediaries between TA and vehicles RSUs are respon-sible for verifying the vehicles Furthermore the group keyissued by TA will also be delivered by RSUs Note that RSUsare assumed to have adequate storage in order to managethe acquired data Hence in our scheme the gathered roadmessages are stored and managed in RSUs In general RSUsare connected with TA in a secure wired way However since


the RSUs are placed along the roadside far from TA it ispossible that these RSUs may be physically compromisedIn this case the stored user information may be illegallyacquired [20] For this consideration the RSUs are assumedto be semitrusted devices

Vehicles are referred to as terminal users of the VANETsystem It is designed to be both service receiver and infor-mation collector In other words with the implementedOBUeach vehicle is able to receive the broadcasting messagesMeanwhile the vehicle reports real-time road information toRSU wirelessly In this case it is essential to adopt effectivecryptographic strategies in order to guarantee the securetransmission Furthermore each vehicle is equipped with atamper-proof device (TPD) where the corresponding secretsand derived group key are stored In our system model eachdriver is relevant to certain vehicles during the registration toTA Every time when the driver activates the vehicles hisherfingerprint and the assigned certification card are verifiedThis way the driver and the correlative vehicle are closelyconnected Consequently for better description the driverthe OBU and the vehicle are considered the same entity inthis paper

35 Network Assumption As illustrated in Figure 1 TAman-ages all the operative RSUs of the VANET system throughwired communication Various safe strategies deployed forTA-RSU communication guarantee the security of the keydata exchange Therefore the vehicle secret keys can besecurely delivered to the correlative RSUs However it ispossible that some RSUs are compromised physically sincethey are far from the TA In this way the distributed vehiclesecret keys are illegally acquired by the adversaries whichcould damage both the VANET system and the user privacyConsidered as semitrusted devices it is not appropriate forthe RSUs to manage all the vehicle-related secret keys As aresult we assume in this paper the TA-RSU communicationchannel is safe for data transmission while the RSU itself maybe damaged which results in vehicle information disclosure

Two types of wireless communication are displayed inthe proposed system model including the vehicle-to-vehiclecommunication (V2V) and the vehicle-to-RSU communi-cation (V2R) Due to the inherent wireless transmissioncharacteristics both V2V and V2R communication sufferfrom charted and uncharted attacks In a nutshell the V2Vcommunication is used for information sharing and coopera-tive data processing between the neighboring vehicles Whilethe V2R communication emphasizes longitudinal messageacquisition and feedback between vehicle and RSU Note thatin our scheme the operative vehicles safely exchangemessageswith RSUs on road condition using the derived group key

4 Proposed Secure CertificatelessAuthentication Scheme

In a nutshell two principal factors are taken into consid-eration in this paper the secure authentication and roadmessage management mechanism which will be respec-tively discussed in two sections In this section we describethe proposed secure certificateless authentication scheme

between RSU and vehicles The proposed scheme can beclarified into three different phases including initializationphase authentication phase and group key distribution phaseAccordingly some nontrivial preparations are made in theinitialization phase Subsequently verification on the vehiclesis conducted in the following authentication phase Finallythe generated group key is allocated to the legitimate vehicle

Our design adopts the certificateless encryption strategybased on elliptic curve cryptography (ECC) Note that thecorresponding public keys have been previously revealedto the devices Meanwhile the confidential information isassigned to vehicle during registration Based on this theadopted cryptographic techniques are available which couldprovide adequate security assurance for the VANET systemEmphasizing the authentication between RSU and vehiclewe describe our scheme in the scenario involving single RSUand single vehicle Note that the scheme for regular VANETscenarios with multiple RSUs and vehicles is similar

41 Initialization Phase Necessary preliminary works areconducted in the initialization phase which can be generallyclassified into user registration and key information alloca-tion It is desirable that each vehicle should register to TAfirst After that TA assigns the secret information to thecorresponding vehicle Moreover TA stores the driversrsquo per-sonal information such as the car plate number the contactinformation and the address Let 119876H be the generator ofa cyclic additive group GH and 119894119889 be the unique identifierfor vehicle Additionally TA adopts secure hash functionsℎ 0 1lowasttimesGH rarr ZlowastP whereZ

lowastP is defined as a nonnegative

integer set less than the large prime number P Hence TAgenerates the secret key 119877119894119889 for each vehicle illustrated as

119877119894119889 = ℎ (119894119889 119876H) (1)

which is allocated to the relevant vehicle after user registra-tion Note that the secret keys of all the registered vehicles aresecurely stored in TArsquos database At the same time TA choosesa random integer 119904RSU isin ZlowastP as the RSU private key Let G1be the cyclic additive group generated by 119875 with the order 119902Hence the RSU public key can be computed according to

119876RSU = 119904RSU119875 (2)

It is worth noting that the RSU public key119876RSU the generator119875 the hash function ℎ and G1 will be published to all thedevices while the private key 119904RSU is kept secret during theentire process

Now we assume that the registered vehicle approachesthe working range of a fixed RSU If certain vehicle wantsto receive services from the VANET system identificationand key assignment are essential In this assumption thevehicle chooses 119904V isin ZlowastP as its partial private key Then thecorresponding partial public key 119876V is defined as

119876V = 119904V119875 (3)

where 119875 is the system parameter as mentioned above Subse-quently ⟨119877119890119902119906119890119904119905 119876V 119894119889⟩ are delivered to RSU

After deriving the partial public key119876V RSU requests TAfor the secret key 119877119894119889 of vehicle 119894119889 Let119867 0 1lowast timesG1 rarr G1


denote the secure hash function Related computations canbe conducted for partial key generation as follows

119876119894119889 = 119867 (119894119889 119876RSU)119862 = 119877119894119889119904RSU119876119894119889 (4)

Thereafter the generated 119862 is delivered to vehicle Hence thevehicle derives the partial private key 119904119906 according to

119904119906 = 119877minus1119894119889 119862 = 119904RSU119876119894119889 (5)

At this point the public key set for vehicle can bedisplayed as ⟨119876V 119894119889⟩ Meanwhile the relevant private key setis defined as ⟨119904V 119904119906⟩ Note that the two partial private keysare respectively decided by RSU and vehicle In other wordsRSU has no access to 119904V so that the privacy protection basedon certificateless cryptography is achieved even if RSU iscompromised by attackers

42 Authentication Phase After initialization RSU conductsauthentication on the requesting vehicle In certain timepoint119905 we assume that vehicle starts to use the road messageservice Then the following computation is conducted

1198761 = 119905119876V = 119905119904V119875 (6)

which combines the current time with the partial public keyIn addition let G2 be the cyclic group of prime order 119904 and119890 G1 timesG1 rarr G2 be the bilinear pairing operator Hence thevehicle gets the intermediate value 119876119894119889 by

119876119894119889 = 119867 (119894119889 119876RSU) (7)

where the vehicle identity 119894119889 and RSU public key 119876RSU areknown to vehicle Subsequently two necessary parameters 119903and V are generated as

119903 = 119890 (119876RSU 119876119894119889)V = ℎ (119905 119903 119877119894119889) (8)

where 119877119894119889 is the secret key previously allocated to vehicle inthe initialization Accordingly the signature 119880 is generatedbased on

119880 = 119905V119904V119876119894119889 + 119904119906 (9)

At this point vehicle sends ⟨119894119889 119905 V 119880⟩ to the RSU In theRSU side the validity of the received 119905 and V will be verifiedfirst Then RSU computes whether

119903 = 119890 (119875 119880)119890 (1198761 119876119894119889)V (10)

holds The correctness is elaborated as follows

119890 (119875 119880)119890 (1198761 119876119894119889)V =119890 (119875 119905V119904V119876119894119889 + 119904119906)119890 (119905119876V 119876119894119889)V

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119876V 119905119876119894119889)ℎ(119905119903119877119894119889)

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119904V119875 119905119876119894119889)ℎ(119905119903119877119894119889)= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119875 119905119904V119876119894119889)ℎ(119905119903119877119894119889)= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889) 119890 (119875 119904RSU119876119894119889)119890 (119875 119905119904V119876119894119889)ℎ(119905119903119877119894119889)= 119890 (119875 119905119904V119876119894119889)ℎ(119905119903119877119894119889) 119890 (119875 119904RSU119876119894119889)119890 (119875 119905119904V119876119894119889)ℎ(119905119903119877119894119889)= 119890 (119875 119904RSU119876119894119889) = 119890 (119904RSU119875119876119894119889) = 119890 (119876RSU 119876119894119889)

(11)

If the delivered signature 119880 passes the above verificationthe validity of the requesting vehicle can be guaranteedThereafter the authentication phase is completed

43 Group Key Distribution Phase After the authenticationphase the generated group key is distributed to the legitimatevehicle It is worth emphasizing that the group key is assumedto be chosen by TA Meanwhile the key is delivered to RSUsin a secure way In this way when a certain vehicle travelsfrom the effective range of one RSU to the next the groupkey is always effective and can be continuously used

We assume that the secretK isin ZlowastP is randomly chosen byTA and then delivered to RSU In certain time point 119879 RSUcomputes

119882 =K119879119876V

119865 = ℎ (119882 V 119904119906) (12)

and sends ⟨119882 119865 119879⟩ to vehicle Note that the RSU could gen-erate the partial private key 119904119906 using the known informationIn this way the secretK is combinedwith current time stamp119879 and previously acquired intermediate value V

Similarly the vehicle first compares the received value 119865with the stored one If 119865 is valid vehicle derives the secret bycomputing

119873 = 119879minus1119904minus1V 119882 = 119879minus1119904minus1V K119879119876V = 119879minus1119879119904minus1V 119904VK119875=K119875 (13)

At this point the final group key119892119896 can be acquired accordingto

119892119896 = ℎ (119873) = ℎ (K119875) (14)

Therefore the group key 119892119896 is successfully allocated to thelegitimate vehicle Note that 119892119896will be used in the subsequentcommunication such as road message dissemination report-ing and evaluationThe delivered packet format is as follows

⟨119905119910119901119890 119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878) 119879119878⟩ (15)

where the transmittedmessage119898 is symmetrically encryptedusing both 119877119894119889 and the group key 119892119896 Similarly the current


time stamp denoted as 119879119878 is adopted in the encryption Notethat 119864119909(119910) represents the symmetric encryption on 119910 usingsecret key 119909 Additionally type indicates the type of 119898 Forsecurity consideration the communication between vehicleand RSU adopts the assigned group key 119892119896 for encryption5 Proposed Road MessageDissemination Scheme

In this section we describe the corresponding road messagedissemination scheme in detail Meanwhile the messageevaluation and award mechanism are presented

51 Road Message Reporting We assume the scenario that aspecific vehicle with identity 119894119889 is within the effective rangeof a RSU Note that the vehicle has successfully passed theauthentication and acquired the group key 119892119896 Subsequentlyin a certain time point 119879119878 the vehicle passes through aparticular spot where road event occurs For example whenthe vehicle passes through the road accident scene the drivercould consider this accident as a roadmessage and report it tothe RSU According to (15) in previous section the RSU getsthe packet involving the encrypted message and the detailedtime point 119879119878 The decryption process is as follows

First the decryption with group key 119892119896 is conducted inthe RSU side according to

119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)

Next RSU checks the time stamp119879119878with the derived onein order to ensure that the received message is timely andeffective Additionally 119894119889 of the vehicle is derived Accordingto the aforementioned design the RSU acquires the relevantsecret 119877119894119889 in its storage so that the transmitted road message119898 can be acquired according to

119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)

At this point the RSU is aware of the identity informationof the reporting vehicle Hence according to 119894119889 RSU requestsTA for the vehicle priority parameter which is consideredas the initial element in the message management processIn practical scenario with multiple vehicles existing in oneRSUrsquos effective range it is possible thatmore than one vehiclesreport the same road message to TA For example twovehicles 1198811 and 1198812 may successively pass through a certainaccident scene Hence both of them report this event to RSUIn this case the RSU stores this road message119898 in its storageand assigns the broadcast priority br(119898) for119898 which can becalculated using the priority of the two reporting vehicles asfollows

br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)

where the identifiers of 1198811 and 1198812 are denoted as 1198941198891 and1198941198892 respectively Meanwhile the priorities of the two vehiclesare pr(1198941198891) and pr(1198941198892) The calculated br(119898) here representsthe broadcast priority right after the two vehicles report themessage Moreover among all the vehicles it is assumed that

only 1198811 and 1198812 report 119898 to RSU such that br(119898) is achievedas the average value of all the reporting vehiclesrsquo priority

In a nutshell we assume that the vehicle set 119881 = 119881119894 |119894 isin [1 119899] 119899 isin Nlowast denotes the 119899 legitimate vehicles that havealready passed the authentication process conducted by theeffective RSU Among these 119899 vehicles the vehicle subset119877119875119898 = 119881119895 | 119895 isin [1 119892] 119892 isin Nlowast and 119892 le 119899 consists of all the 119892vehicles that report road message119898 Note that the identity of119881119895 is denoted as 119894119889119895 Hence the broadcast priority is pr(119894119889119895)and 119877119875119898 sube 119881 holds It is assumed that the 119892 vehicles reportmessage following the sequence of 1198811 119881119892 Moreover theroad event 119864V119890119899119905119897119900119888119898 is denoted as follows

119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)

which indicates that 119864V119890119899119905119897119900119888119898 happened in location 119897119900119888 andthe detailed information is showed in 119888119900119899119905 Moreover theevent type is defined as 119905119910119901119890 In this way the road message119898 contains the essential elements of 119864V119890119899119905119897119900119888119898

In our assumption after119864V119890119899119905119897119900119888119898 occurred within certaintime interval 119892 vehicles will report the event to the RSUHence after RSU receives the road report from1198811 for the firsttime the broadcast priority is computed as br(119898) = pr(1198941198891)Similarly the broadcast priority after RSU receives the roadreport for 119896 (1 le 119896 le 119892) times and br(119898) can be computed as

br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)

which is defined as the average vehicle priorities of all thereporting vehicles Hence after Δ119905 the broadcast priority for119898 is

br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)

Practically one RSUhandlesmultiple different roadmessagessimultaneously Therefore each message will be assigned abroadcast priority and then stored in the storage In ourdesign the creditability and accuracy of the road messageare highly related to the reporterrsquos previous records Andthe vehicle priority is able to reflect this property properlyConsequently RSU sorts all thesemessages so that the reliablemessages will be broadcast first

52 Road Message Dissemination As illustrated in the abovesection the RSU manages all the road information withinits effective range Periodically RSU broadcasts the messagesin certain sequence Note that all the road messages areencrypted using the distributed group key 119892119896 Hence onlythe registered vehicles can get access to this service Theaforementioned broadcast priority br(119898) is roughly decidedby reliability of the reporting vehicles In this way a prede-fined parameter W is set as the minimum requirement formessage dissemination That is to say the messages119898 will bebroadcast only if br(119898) geW Otherwise it will be consideredas unreliable information and then temporarily disabled fromthe broadcast list In this case in future if other vehicles


report the same message br(119898) will be compared with Wagain After a predefined time interval if br(119898) lt W RSUpermanently deletes the message in its storage Following theabove procedure vehicles could acquire road messages in anaccurate wayThus the driving security can be improved withthis service

53 Evaluation and Priority Management For practical con-sideration an appropriate evaluationmechanism towards theroadmessages is necessary In this subsection we describe theproposed evaluation and priority management scheme Thevalue of the stored road message is decided by not only thereputation of the reporter but also the message itself In orderto achieve this we assume that the vehicles have the capabilityof evaluating the received roadmessages Following the aboveassumptions the vehicle subset 119877119881119898 = 119881119897 | 119897 isin [1 119891] 119891 isinNlowast denotes 119891 vehicles who receive the road message 119898within time interval Δ119905119877119862 After 119881119897 isin 119877119881119898 approaches thelocation 119897119900119888where the road event 119864V119890119899119905119897119900119888119898 happened119881119897 couldevaluate whether the received road information is correctwhich helps improve the road report accuracy The format ofthe evaluation message is as follows

⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)

where the message type denoted as 119905119910119901119890 here indicates thatit is an evaluation message 119894119891119873119874 denotes the assignedinformation number for message 119898 In addition 119879119878119890V is thecurrent time stampNote that this evaluationwill be sent backto RSU According to

119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)

RSU checks the time stamp119879119878119890V with the derived one in orderto ensure that the message is timely and effective Addition-ally 119894119889 of the vehicle is derived RSU acquires the relevantsecret 119904119906 in its storage so that the transmitted evaluation onmessage119898 can be acquired according to

119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)

In this way the evaluation can be combined to 119898according to 119894119891119873119874 As a result for road message 119898 theRSU could receive ℎ119898 evaluation messages where ℎ119898 le 119891For practical consideration the 119886119904119904119890119904119904 can be analyzed usingdifferent state parameters such as 119904119901 isin minus2 minus1 0 1 2 where119904119901 = 2 means that 119886119904119904119890119904119904 is totally accurate and helpfulwhile 119904119901 = minus2 means that 119886119904119904119890119904119904 is of no help and thus isconsidered as the fake message The ℎ119898 state parameters are119904119901119906 | 119906 isin [1 ℎ119898] 119906 isin Nlowast During every certain periodΔ119905119877119863 RSU analyzes all the received evaluation messages andupdates the broadcast priority following the steps below

(i) Screening firstly RSU checks whether

119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)

holds where 119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] denotes the propor-tion of the received 119886119904119904119890119904119904 whose 119904119901119906 gt 0 amongall the ℎ119898 evaluation on 119898 Furthermore V is thepredefined system parameter according to differentpractical scenarios In this case if most of the usersgive negative assessments 119898 is considered as invalidinformation and must be discarded from the storageimmediately

(ii) Updating secondly the updating on broadcast prior-ity is conducted as

br1015840 (119898) = br (119898) + sumℎ119898119906=1 [pr (119894119889119906) times 119904119901119906]ℎ119898= sum119892119894=1 pr (119894119889119894)119892 + sumℎ119898119906=1 [pr (119894119889119906) times 119904119901119906]ℎ119898

(26)

where [pr(119894119889119906)]119906isin[1ℎ119898] denotes the priority of ℎ119898vehicles

At this point the updating process for Δ119905119877119863 is completedSimilarly after 119899 time periods 119899Δ119905119877119863 the broadcast priorityfor119898 is

br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)

where ℎ119894119898 pr(119894119889119894119906) and 119904119901119894119906 are the parameters in 119894th time peri-ods 119894Δ119905119877119863 Note that the above process should be conductedfor each stored road message in RSU Hence the broadcastsequence is updated In future after 119909Δ119905119877119863119898 will be deletedif 119887119903119909Δ119905119877119863(119898) ltN whereN is the preset system parameter

54 Vehicle Priority Management As illustrated above thevehicle priority on vehicle 119894119889 is pr(119894119889) which is a significantuser property in both the broadcast priority computingand updating processes As a matter of fact the reportingvehicle plays a crucial role in the message disseminationscheme Hence appropriate rewarding strategy is essential tomotivate driversrsquo enthusiasm on road situation reportingTheincentives will be given according to the vehicle priority Toachieve this pr(119894119889) will be updated according to the value ofhis reporting road message

We assume that road message 119898 is reported by severalvehicles in 119861 = V119901119894 | 1 le 119894 le 119899 119894 isin Nlowast After asufficient time period for example twenty-four hours oneroad message 119898 has been evaluated by multiple vehiclesAccording to (25) in the previous section119898 is valid if

119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)

holds In this way pr(V119901119894) of all V119901119894 isin 119861 are updated as

pr (V119901119894) = pr (V119901119894) + 1 (29)


In contrast if 119898 is evaluated to be invalid and discarded byRSU pr(V119901119894) of all V119901119894 isin 119861 are updated as

pr (V119901119894) = pr (V119901119894) minus 1 (30)

Note that the driver could change it into incentives such ascoupons of cooperative stores or scorecard in the road servicearea

6 Security Analysis

In this section we analyze the security properties of the pro-posed authentication scheme The security theorems as wellas the corresponding proofs are given below

61 Unforgeability against Chosen Message Attack We ana-lyze the unforgeability against chosen message attack in theproposed protocol

Theorem 1 Theproposed certificateless authentication schemeis existentially unforgeable against adaptive chosen messageattack under the assumption of random oracle model if andonly if the CDHP is hard

Proof The security of unforgeability is formally definedthrough gameG1 LetA1 be a probabilistic polynomial timeadversaryC1 denotes the challenger ℎ and119867 denote the ran-dom oracles In order to solve CDHP problem it is assumedthat C1 is able to simulate all the related oracles In G1 A1can conduct the following corresponding queries toC1

h Query We assume that the adversary A1 itself does nothave the ability to directly compute the hash function ℎ(sdot)Hence the response to h Query is simulated by maintaininga list 119871119894119904119905ℎ initialized to be empty That is to say when theoracle is queried with the input values ⟨119905 119903 119877119894119889⟩ if the query⟨119905 119903 119877119894119889⟩ already exists in 119871119894119904119905ℎ C1 outputs V = ℎ(119905 119903 119877119894119889)toA1 OtherwiseC1 chooses a random number V isin Zlowast andforwards it toA1 After that ⟨119905 119903 119877119894119889 V⟩will be subsequentlyadded to 119871119894119904119905ℎExtract Query The adversary A1 is able to query the partialprivate key of any given key set ⟨119876V 119894119889⟩ According to 119894119889C1outputs the partial private key 119904119906 toA1HQueryA1 can query the random oracle119867 at any timeTheresponse toHQuery is simulated by maintaining a list 119871119894119904119905119867Note that 119871119894119904119905119867 is initialized to be empty When the oracle119867is queriedwith input values ⟨119894119889 119876RSU⟩ if the query ⟨119894119889 119876RSU⟩already exists in 119871119894119904119905119867 C1 outputs 119876119894119889 = 119867(119894119889 119876RSU) toA1 Otherwise C1 chooses a random number 119876119894119889 isin Zlowast

and forwards it to A1 After that ⟨119894119889 119876RSU 119876119894119889⟩ will besubsequently added to 119871119894119904119905119867Authenticating QueryC1 simulates the authenticating oracleby responding to the authenticating query as follows

(i) C1 randomly chooses 119880 isin G1 as the certificate andV isin Zlowast as the intermediate parameter

(ii) C1 computes 119903 = 119890(119875 119880)119890(1198761 119876119894119889)V If ⟨119905 119903 119877119894119889 V⟩already exists in 119871119894119904119905ℎ C1 chooses other values andtries again

(iii) C1 adds the above ⟨119905 119903 119877119894119889 V⟩ to 119871119894119904119905ℎ(iv) C1 outputs ⟨119894119889 119905 V 119880⟩ as the certificateAccording to the Forking Lemma [43] A1 produces two

valid certificates ⟨119894119889 119905 V 119880⟩ and ⟨119894119889 119905 V1015840 1198801015840⟩ (V = V1015840) In thiscase

119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)

hold Hence we can get

119904V119876119894119889 = (V minus V1015840)minus1 (119880 minus 1198801015840)119905 (32)

In this way we show that the CDHP problem can besolved In other words the attacker needs to solve the CDHPproblem in order to forge the certificate However thiscontradicts the hardness of the CDHP problem [44 45] Inconclusion an attacker cannot forge the certificate in theauthentication process [46 47]

62 Resistance to Replay Attack The replay attack is achievedby reusing the previous generatedmessage to pass the currentauthentication process The security property against replayattack is discussed in this section

Theorem 2 During the certificateless authentication processreplay attack can be prevented That is the previous messagesof the past authentication sessions cannot pass the currentauthentication process in RSU side

Proof We discuss the resistance to replay attack throughgame G2 Similarly let A2 be a probabilistic polynomialtime adversary It is assumed that in time point T1 A2has access to all the published system parameters as wellas the transmitted messages from T0 to T1 (T0 lt T1)RandomlyA2 chooses themessage ⟨119894119889T119903 VT119903 119880T119903⟩ at timeT119903 isin [T0T1] At T1 A2 sends ⟨119894119889T1 VT119903 119880T119903⟩ as thereplaying message Note that 119880T119903 = T119903V

T119903119904V119876119894119889 + 119904119906 In thisway 119903 = 119890(119876RSU 119876119894119889) Hence the previous message cannotpass the current authentication

63 Forward Security In this section we analyze the forwardsecurity property of the proposed protocol

Theorem 3 The proposed authentication scheme providesforward security against adversary That is the adversarycannot pass the authentication with the acquired vehicle secretkey from the compromised RSU

Proof We assume that the RSU has already been compro-mised by brute-force attack and all the stored key informationis leaked to the adversary A3 The secret key set 119904119894119906 | 119894 isin[1 119899] denotes the private keys of all the 119899 vehicles In thiscase A3 is able to use the derived partial private key 119904119906 for


Table 1 Comparison of storage overhead

Protocol ICPA [10] DAKM [4] ABAP [8] SAAP [32] Our protocolStorage (Vehicle) 2112 bits 2712 bits 3432 bits 2904 bits 2520 bitsStorage (RSU) 1440119899 + 1056 bits 1676119899 + 1144 bits 1936119899 + 1048 bits 2008119899 + 2392 bits 1592119899 + 768 bitscertificate generation However the private key contains both119904119906 and 119904V while 119904V is chosen by the vehicle itself Due to thehardness of the aforementionedDLPproblem the probabilitythat119880 = 119905V119904V119876119894119889 + 119904119906 can be correctly computed is illustratedas 12120603 where120603 is the size of 119904V In general the certificatelessauthentication property guarantees the forward security ofthe proposed scheme

64 Session Key Establishment In the system model of thispaper it is necessary to generate a shared session key betweentheRSUand vehicle so as to guarantee the data confidentialityand transmission security which is analyzed as follows

Theorem 4 In the proposed protocol the shared session key isestablished after successfully authentication between RSU andvehicle

Proof According to the protocol design K along with thecurrent time stamp and the previously acquired intermediatevalue V is transmitted to the vehicle In the vehicle side thebelow derivation of K is conducted as 119873 = 119879minus1119904minus1V 119882 =K119875 where 119904V is stored in vehicle already Note that thesecurity assurance of the message transmission is based onthe hardness ofDLPproblemThefinal group key is generatedand adopted to the following message transmission

65 Mutual Authentication In this section we analyze themutual authentication property in the proposed authentica-tion protocol

Theorem 5 The proposed protocol can provide mutualauthentication between RSU and vehicle if the DLP problemis intractable

Proof During the authentication process the RSU-to-vehiclesecurity is preserved by the aforementioned certificate⟨119894119889 119905 V 119880⟩ which has been discussed in the proof ofTheorem 1 On the other hand the vehicle-to-RSU securityis based on the hardness of DLP problem Specifically 119865 =ℎ(119882 V 119904119906) is contained in the delivered ⟨119882 119865 119879⟩ andwill be verified by the RSU with the known key informationTherefore we could conclude that the proposed authentica-tion scheme provides mutual authentication property

7 Performance Analysis

In this section we present the performance analysis towardsthe proposed protocol Our analysis on the performancemainly emphasizes the storage overhead the computationcost and the communication cost which are the dominantfactors in the proposed protocol

71 StorageOverhead In the proposed protocol storage over-head is a crucial parameter for VANETs especially for

vehicles Due to the inherent resource restriction it isimpractical for the vehicle to store massive key messagesand communication data in its own memory Moreover theRSU is designed to handle both the key distribution androad message management simultaneously As a result thestorage overhead in both the vehicle and RSU sides shouldbe considered

As for the vehicle in the proposed protocol some essentialkey information is previously stored during the registrationincluding ⟨119894119889 119877119894119889 119876V 119904V 119904119906⟩ The published public key ofRSU namely119876RSU as well as the intermediate value ⟨119876119894119889 119862⟩is also stored in vehicle Moreover the transmitted message⟨119903 V 119880⟩ and the necessary group key distribution valueare stored respectively in the group key distribution phaseAccording to [48] we assume that the length of elements inGH and G1 is 256 bits The lengths of relevant vehicle secretkeys such as 119904V 119904119906 and119892119896 are 160 bitsMoreover it is assumedthan the lengths of the adopted time stamps and the identityof vehicle 119894119889 are 32 bits and 24 bits each In this way thestorage overhead for each vehicle is 24 + 256 times 5 + 160 times 7 +32 times 3 = 2520 bits Similarly we assume that the numberof vehicles in the RSU range is 119899 Consequently the storageoverhead in RSU side includes key information of RSU itselfand secret messages of all the 119899 vehicles In this way thestorage overhead for the RSU is 256+160times3+32+119899(24+256times4+160times3+32times2) = 1592119899+768 bitsThe comparisonwith thestate-of-the-art VANETs authentication protocols ICPA [10]DAKM [4] ABAP [8] and SAAP [32] is illustrated in Table 1

72 Computation Cost In this section we analyze the com-putation cost of the proposed protocol The computationcost is defined as the time consumption for the groupkey distribution process The comparison result with ICPADAKM ABAP and SAAP is given in Table 2 We denotemodulo operation as mod exponential operation as 119864119909and bilinear pairing as 119890 119864119899119888 and 119863119890119888 refer to encryptionand decryption Additionally 119867 119872 119863 and 119860 representone-way hash function multiplication operation divisionoperation and addition operation respectively Finally thepoint multiplication operation is dented as 11990173 Communication Cost The communication cost refersto the time consumption for message transmission In thissubsection we consider the required communication passesfor RSU to successfully authenticate vehiclesThe comparisonresult on communication cost is given in Table 3

8 Conclusion

Emphasizing the secure authentication and roadmessage dis-semination inVANETs a secure certificateless authenticationand road message dissemination protocol is proposed in thispaper In our design certificateless cryptographic technique


Table 2 Comparison of computation cost

Protocol ICPA [10] DAKM [4] ABAP [8] SAAP [32] Our protocolComputationcost (vehicle)

3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872

Computationcost (RSU)

3119899119872 + (2119899 +2)119901 + 2119860 3119864119899119888 + 2119899119872 +119899119863 + (119899 minus 1)119860 2119899119867 + 2119899119901 +2119899119872 + 3119899119890 + 119899119860 4119899119867 + (8119899 +1)119901 + 119899119872 + 3119899119860 2119899119867 + 2119899119901 +2119899119872+2119899119890+119899119864119909Table 3 Comparison of communication cost

Protocol ICPA [10] DAKM [4] ABAP [8] SAAP [32] Our protocolComputation rounds 4119899 + 2 4119899 + 1 4119899 + 1 4119899 + 4 4119899is employed for authentication and key distribution Subse-quently an appropriate road message dissemination mech-anism is designed The security analysis and performanceevaluation are given accordingly The proposed protocol issuitable for practical VANET scenarios and is capable ofproviding timely road information services which improvesboth the user safety and the driving experience

Notations

TA RSU Trustworthy authority road-side unitsGH Cyclic additive group119876H Generator of GH119894119889 Unique identifier of vehicleℎ Secure hash functionℎ 0 1lowast times GH rarr ZlowastP119877119894119889 Secret key for vehicle119904RSU RSU private key119875 Generator of cyclic additive group G1119876RSU RSU public key119904V Vehicle partial private key119876V Vehicle partial public key119867 Secure hash function119867 0 1lowast times G1 rarr G1119904119906 Vehicle partial private key119876119894119889 Intermediate authenticating valueK Secret key generated by TA119892119896 Group key119864119909(119910)119863119909(119910) Symmetric encryption and decryption on119910 with 119909119898 The disseminated messagebr(119898) Broadcast priority of119898pr(119894119889) Vehicle priority119864V119890119899119905119897119900119888119898 Road event119892 Number of reporting vehiclesWVN Predefined system parameters

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This work was supported in part by the National ResearchFoundation of Korea (NRF) grants funded by the Korean

government (MSIP) (nos NRF-2016R1A2B4012638 andNRF-2017R1D1A3B03034005) and by the MIST (Ministryof Science amp ICT) Korea under the National Programfor Excellence in SW supervised by the IITP (Institutefor Information amp Communication Technology Promotion)(2017-0-00137)

References

[1] X Peng ldquoA novel authentication protocol for vehicle networkrdquoin Proceedings of the 2016 3rd International Conference onSystems and Informatics ICSAI 2016 pp 664ndash668 ShanghaiChina November 2016

[2] S Guo D Zeng and Y Xiang ldquoChameleon hashing for secureand privacy-preserving vehicular communicationsrdquo IEEETransactions on Parallel and Distributed Systems vol 25 no 11pp 2794ndash2803 2014

[3] A Studer F Bai B Bellur and A Perrig ldquoFlexible extensibleand efficient VANET authenticationrdquo Journal of Communica-tions and Networks vol 11 no 6 pp 574ndash588 2009

[4] P Vijayakumar M Azees A Kannan and L J Deborah ldquoDualAuthentication and Key Management Techniques for SecureData Transmission inVehicularAdHocNetworksrdquo IEEETrans-actions on Intelligent Transportation Systems vol 17 no 4 pp1015ndash1028 2015

[5] J Sun C Zhang Y Zhang and Y Fang ldquoAn identity-basedsecurity system for user privacy in vehicular ad hoc networksrdquoIEEE Transactions on Parallel and Distributed Systems vol 21no 9 pp 1227ndash1239 2010

[6] J-L Huang L-Y Yeh and H-Y Chien ldquoABAKA An anony-mous batch authenticated and key agreement scheme for value-added services in vehicular ad hoc networksrdquo IEEETransactionson Vehicular Technology vol 60 no 1 pp 248ndash262 2011

[7] F-K Tseng Y-H Liu J-S Hwu and R-J Chen ldquoA secure reed-solomon code incentive scheme for commercial Ad dissemina-tion over VANETsrdquo IEEE Transactions on Vehicular Technologyvol 60 no 9 pp 4598ndash4608 2011

[8] S Jiang X Zhu and L Wang ldquoAn efficient anonymous batchauthentication scheme based on HMAC for VANETsrdquo IEEETransactions on Intelligent Transportation Systems vol 17 no 8pp 2193ndash2204 2016

[9] K-A Shim ldquoCPAS An efficient conditional privacy-preservingauthentication scheme for vehicular sensor networksrdquo IEEETransactions on Vehicular Technology vol 61 no 4 pp 1874ndash1883 2012

[10] D He S Zeadally B Xu and X Huang ldquoAn Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme


forVehicularAdHocNetworksrdquo IEEETransactions on Informa-tion Forensics and Security vol 10 no 12 pp 2681ndash2691 2015

[11] J Shen H Tan Y Zhang X Sun and Y Xiang ldquoA new light-weight RFID grouping authentication protocol formultiple tagsinmobile environmentrdquoMultimedia Tools andApplications vol76 no 21 pp 22761ndash22783 2017

[12] X Sun X Lin and P-HHo ldquoSecure vehicular communicationsbased on group signature and ID-based signature schemerdquoin Proceedings of the 2007 IEEE International Conference onCommunications ICCrsquo07 pp 1539ndash1545 Glasgow UK June2007

[13] K Ansari C Wang L Wang and Y Feng ldquoVehicle-to-vehiclereal-time relative positioning using 59ndashGHZ DSRC mediardquo inProceedings of the IEEE 78th Vehicular Technology Conference(VTC Fallrsquo 13) pp 1ndash7 September 2013

[14] X Cheng L Yang and X Shen ldquoD2D for intelligent trans-portation systems A feasibility studyrdquo IEEE Transactions onIntelligent Transportation Systems vol 16 no 4 pp 1784ndash17932015

[15] C Zhang R Lu X Lin P-H Ho and X Shen ldquoAn efficientidentity-based batch verification scheme for vehicular sensornetworksrdquo in Proceedings of the 27th IEEE CommunicationsSociety Conference on Computer Communications (INFOCOMrsquo08) pp 816ndash824 Phoenix AZ USA April 2008

[16] FWang Y Xu H Zhang Y Zhang and L Zhu ldquo2FLIP A two-factor lightweight privacy-preserving authentication schemefor VANETrdquo IEEE Transactions onVehicular Technology vol 65no 2 pp 896ndash911 2016

[17] X Li and L Wang ldquoA rapid certification protocol from bilinearpairings for vehicular ad hoc networksrdquo in Proceedings ofthe 11th IEEE International Conference on Trust Security andPrivacy inComputing andCommunications TrustCom-2012 pp890ndash895 Liverpool UK June 2012

[18] Y Hao Y Cheng C Zhou and W Song ldquoA distributed keymanagement framework with cooperative message authentica-tion in VANETsrdquo IEEE Journal on Selected Areas in Communi-cations vol 29 no 3 pp 616ndash629 2011

[19] H Tan D Choi P Kim S Pan and I Chung ldquoCommentson rdquoDual Authentication and Key Management Techniques forSecure Data Transmission in Vehicular Ad Hoc NetworksrdquordquoIEEE Transactions on Intelligent Transportation Systems no 99pp 1ndash3 2017

[20] T W Chim S M Yiu L C Hui and V Li ldquoVSPN VANET-based secure and privacy-preserving navigationrdquo Institute ofElectrical and Electronics Engineers Transactions on Computersvol 63 no 2 pp 510ndash524 2014

[21] B Liu D Jia J Wang K Lu and L Wu ldquoCloud-assisted safetymessage dissemination in VANET-cellular heterogeneous wire-less networkrdquo IEEE Systems Journal vol 11 no 1 pp 128ndash1392017

[22] M-C Chuang and M C Chen ldquoDEEP density-aware emer-gency message extension protocol for VANETsrdquo IEEE Transac-tions onWireless Communications vol 12 no 10 pp 4983ndash49932013

[23] M Milojevic and V Rakocevic ldquoLocation aware data aggre-gation for efficient message dissemination in vehicular ad hocnetworksrdquo IEEE Transactions on Vehicular Technology vol 64no 12 pp 5575ndash5583 2015

[24] J Shen T Zhou X Chen J Li and W Susilo ldquoAnonymousand Traceable Group Data Sharing in Cloud Computingrdquo IEEETransactions on Information Forensics and Security vol 13 no4 pp 912ndash925 2018

[25] J Song C He L Zhang S Tang and H Zhang ldquoTowardan RSU-unavailable lightweight certificateless key agreementscheme for VANETsrdquo China Communications vol 11 no 9 pp93ndash103 2014

[26] L Zhang QWu A Solanas and J Domingo-Ferrer ldquoA scalablerobust authentication protocol for secure vehicular communi-cationsrdquo IEEE Transactions on Vehicular Technology vol 59 no4 pp 1606ndash1617 2010

[27] D Huang S Misra M Verma and G Xue ldquoPACP Anefficient pseudonymous authentication-based conditional pri-vacy protocol for VANETsrdquo IEEE Transactions on IntelligentTransportation Systems vol 12 no 3 pp 736ndash746 2011

[28] R Lu X Lin X Liang and X Shen ldquoA dynamic privacy-pre-serving key management scheme for location-based servicesin VANETsrdquo IEEE Transactions on Intelligent TransportationSystems vol 13 no 1 pp 127ndash139 2012

[29] D Johnson A Menezes and S Vanstone ldquoThe elliptic curvedigital signature algorithm (ECDSA)rdquo International Journal ofInformation Security vol 1 no 1 pp 36ndash63 2001

[30] A Perrig R Canetti J D Tygar and D Song ldquoThe TESLAbroadcast authentication protocolrdquo RSA CryptoBytes vol 52005

[31] J Shao X Lin R Lu and C Zuo ldquoA threshold anonymousauthentication protocol for VANETsrdquo IEEE Transactions onVehicular Technology vol 65 no 3 pp 1711ndash1720 2016

[32] H Xiong ldquoCost-effective scalable and anonymous certificate-less remote authentication protocolrdquo IEEE Transactions onInformation Forensics amp Security vol 9 no 12 pp 2327ndash23392014

[33] A Shamir ldquoIdentity-based cryptosystems and signatureschemesrdquo in Proceedings of the Advances in Cryptology pp47ndash53 1984

[34] X Lin X Sun P-H Ho and X Shen ldquoGSIS a secure and pri-vacy-preserving protocol for vehicular communicationsrdquo IEEETransactions on Vehicular Technology vol 56 no 6 I pp 3442ndash3456 2007

[35] C-C Lee and Y-M Lai ldquoToward a secure batch verificationwith group testing for VANETrdquo Wireless Networks vol 19 no6 pp 1441ndash1449 2013

[36] J K Liu T H Yuen M H Au and W Susilo ldquoImprovementson an authentication scheme for vehicular sensor networksrdquoExpert Systems with Applications vol 41 no 5 pp 2559ndash25642014

[37] Y Zhang L Yang and S Wang ldquoAn efficient identity-basedsignature scheme for vehicular communicationsrdquo in Proceed-ings of the 11th International Conference on ComputationalIntelligence and Security CIS 2015 pp 326ndash330 ShenzhenChina December 2015

[38] S S Al-Riyami and K G Paterson ldquoCertificateless public keycryptographyrdquo in Proceedings of the Advances in Cryptology-ASIACRYPT2003 pp 452ndash473 2003

[39] H Xiong Z Chen and F Li ldquoProvably secure and efficientcertificateless authenticated tripartite key agreement protocolrdquoMathematical and Computer Modelling vol 55 no 3-4 pp1213ndash1221 2012

[40] H Xiong and Z Qin ldquoRevocable and scalable certificatelessremote authentication protocol with anonymity for wirelessbody area networksrdquo IEEE Transactions on Information Foren-sics and Security vol 10 no 7 pp 1442ndash1455 2015

[41] J Shen T Zhou F Wei X Sun and Y Xiang ldquoPrivacy-Preserving and Lightweight Key Agreement Protocol for V2G


in the Social Internet ofThingsrdquo IEEE Internet ofThings Journalpp 1-1 2017

[42] J L Carter and M N Wegman ldquoUniversal classes of hashfunctionsrdquo Journal of Computer and System Sciences vol 18 no2 pp 143ndash154 1979

[43] D Pointcheval and J Stern ldquoSecurity arguments for digitalsignatures and blind signaturesrdquo Journal of Cryptology vol 13no 3 pp 361ndash396 2000

[44] D Wang D He P Wang and C-H Chu ldquoAnonymous Two-Factor Authentication in Distributed Systems Certain GoalsAre Beyond Attainmentrdquo IEEE Transactions on Dependable andSecure Computing vol 12 no 4 pp 428ndash442 2015

[45] C Wang G Xu and J Sun ldquoAn enhanced three-factor userauthentication scheme using elliptic curve cryptosystem forwireless sensor networksrdquo Sensors vol 17 no 12 article no2946 2017

[46] D Wang and P Wang ldquoTwo Birds with One Stone Two-FactorAuthentication with Security Beyond Conventional BoundrdquoIEEE Transactions onDependable and Secure Computing no 99pp 1ndash14 2016

[47] D Wang H Cheng P Wang X Huang and G Jian ldquoZipfs lawin passwordsrdquo IEEE Transactions on Information Forensics andSecurity vol 12 no 11 pp 2776ndash2791 2017

[48] D He S Zeadally N Kumar and J H Lee ldquoAnonymousauthentication for wireless body area networks with provablesecurityrdquo IEEE Systems Journal no 99 pp 1ndash12 2016

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


performs as both terminal customer and information col-lector In other words useful information including trafficcongestion and emergency road condition is forwarded tothe corresponded RSU Each vehicle is equipped with anonboard unit (OBU) which conducts all the computationand communication [9 10] Compared with regular wirelesssensor networks [11] vehiclersquos high mobility is the uniquecharacteristic of VANETs

In VANETs the data exchange between TA and RSUsare via secure wired connection where the adopted crypto-graphic strategies guarantee transmission security and mes-sage confidentiality Meanwhile vehicle-to-vehicle (V2V)communication and vehicle-to-RSU (V2R) communicationare conducted through openwireless channel which employsthe dedicated short-range communications (DSRC) [12ndash14]On the one hand themoving vehicle can carry out interactivedata exchange with specific RSU through V2R communica-tion On the other hand one vehicle is capable of sharingessential messages with other vehicles in its vicinity throughV2V communication In this way a VANET with highconnectivity can be built accordingly [15]

As a particular variant of wireless sensor networks appar-ently theVANETs suffer frommultiple charted andunchartedsecurity attacks [9 14] In V2V and V2R communicationsthe transmitted messages may be eavesdropped blocked oreven forged by malicious devices Hence significant userinformation is revealed to the attacker accordingly whichcompromises the whole VANET and brings severe user pri-vacy disclosure issue [1 13] Under this circumstance properauthentication strategies are required so as to provide securityand privacy assurance Moreover highmobility feature of thevehicles brings uncertainty to the communication processwhich should also be taken into consideration

Among the aforementioned safety-related applicationsroad message dissemination is one of the essential functionsfor VANET [16] With the assistance of RSUs and remoteserver the vehicles of the sameVANET could share necessarydriving-related informationwith each other By analyzing theacquired traffic information of current areas the driver is ableto make better driving decisions such as choosing the bestnavigation route ahead of time Furthermore occurrences ofroad accidents and traffic jams can be drastically reduced [9]Thus the driversrsquo driving experience is improved

In VANETs typical road message management strategiesare mainly composed of information collection and dissem-ination First the road messages are reported by the partici-pating vehicles through OBUs [17] Afterwards the acquiredmessages will be processed and then disseminated to thelegitimate vehicles In some VANETs scenarios TA arrangesall the road messages collected from RSUs via wired trans-mission [18]Meanwhile in decentralizedVANETs scenariosmost of the computation and storing are done in the RSUside [7] while TA performs as the key generation center(KGC) Consequently in particular dense scenarios withlarge amounts of emerging vehicles the decentralized archi-tecture could reduce the computation overload and storagecomplexity in TA

As described above authentication strategies are neces-sary during roadmessage dissemination [4 19] Furthermore

the characteristic group communication between RSU andvehicles is indispensable which enables convenient dataexchange In this case the group key shared betweenRSU andall the legitimate vehicles is required Note that the group keydistribution should be conducted aftermutual authentication[6 20]

As for message dissemination in practical VANETs occa-sions two channels are required [21] namely the officialchannel and normal channel Official channel is provided bygovernmental agencies where the broadcast road informa-tion is precise and trustworthy Note that this channel isassumed to be based on real-time monitoring with satellitesand road cameras Thus it is precise and trustworthy Mean-while normal channel is the more ordinary way where theroad information is gathered from normal vehicles In thiscase some of the vehicles are assumed to be benign deviceswhich transmit precise messages while the rest are negativevehicles [22] Note that the negative vehicles may reporttrivial or even false information to the VANET system Forthis consideration with the purpose of guaranteeing thedissemination exactitude impartial and effective messageevaluation mechanism is necessary [23] For instance inextreme scenarios with massive road messages to be dissem-inated before dissemination it is necessary for the RSUs toaggregate and evaluate the acquired road messages beforedissemination Hence the RSUs could broadcast in a particu-lar sequence according to the significance and reliability ofeach message Urgent and authentic road messages can bebroadcast in the first place

During the message dissemination of the entire VANETsthe accuracy and efficiency of message dissemination closelydepend on the participating vehicles [15 24] Hence it is vitalto deploy appropriate rewarding strategy so as to motivatethe driversrsquo enthusiasm on reporting [20 25] For examplecoupons or discounts on certain commodities can be grantedto the trustworthy drivers with timely and precise reportingrecords In other words the drivers are encouraged withincentives which is of great benefit to the entire VANET

In this paper we propose a secure certificateless authenti-cation and road message dissemination protocol in vehicularad hoc networks Our nontrivial efforts can be summarizedas follows

(i) Secure Certificateless Authentication Scheme for Group KeyDistribution With the purpose of enhancing transmissionsecurity we adopt the bilinear pairing based on elliptic curveinto our authentication scheme Hence the active vehicleswithin the effective range can be identified and then allocatedwith the group key The proposed scheme yields desirablesecurity properties

(ii) Road Message Priority Management and DisseminationMechanismTheencrypted roadmessages are delivered to thecorresponding RSU The received road message is evaluatedbased on both the vehicle priority and the assessment Inthis way accuracy and efficiency of the messages dissemi-nation process are provided Hence the drivers can timelyarrange their routes according to the delivered road informa-tion




2 Related Work







TA

RSU

RSU

V2R communication

V2V communication































119877119894119889 = ℎ (119894119889 119876H) (1)


119876RSU = 119904RSU119875 (2)



119876V = 119904V119875 (3)





119876119894119889 = 119867 (119894119889 119876RSU)119862 = 119877119894119889119904RSU119876119894119889 (4)


119904119906 = 119877minus1119894119889 119862 = 119904RSU119876119894119889 (5)



1198761 = 119905119876V = 119905119904V119875 (6)


119876119894119889 = 119867 (119894119889 119876RSU) (7)


119903 = 119890 (119876RSU 119876119894119889)V = ℎ (119905 119903 119877119894119889) (8)


119880 = 119905V119904V119876119894119889 + 119904119906 (9)


119903 = 119890 (119875 119880)119890 (1198761 119876119894119889)V (10)


119890 (119875 119880)119890 (1198761 119876119894119889)V =119890 (119875 119905V119904V119876119894119889 + 119904119906)119890 (119905119876V 119876119894119889)V

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119876V 119905119876119894119889)ℎ(119905119903119877119894119889)


(11)




119882 =K119879119876V

119865 = ℎ (119882 V 119904119906) (12)





119892119896 = ℎ (119873) = ℎ (K119875) (14)


⟨119905119910119901119890 119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878) 119879119878⟩ (15)







119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)


119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)


br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)




119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)



br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)


br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)






⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





2 Related Work







TA

RSU

RSU

V2R communication

V2V communication































119877119894119889 = ℎ (119894119889 119876H) (1)


119876RSU = 119904RSU119875 (2)



119876V = 119904V119875 (3)





119876119894119889 = 119867 (119894119889 119876RSU)119862 = 119877119894119889119904RSU119876119894119889 (4)


119904119906 = 119877minus1119894119889 119862 = 119904RSU119876119894119889 (5)



1198761 = 119905119876V = 119905119904V119875 (6)


119876119894119889 = 119867 (119894119889 119876RSU) (7)


119903 = 119890 (119876RSU 119876119894119889)V = ℎ (119905 119903 119877119894119889) (8)


119880 = 119905V119904V119876119894119889 + 119904119906 (9)


119903 = 119890 (119875 119880)119890 (1198761 119876119894119889)V (10)


119890 (119875 119880)119890 (1198761 119876119894119889)V =119890 (119875 119905V119904V119876119894119889 + 119904119906)119890 (119905119876V 119876119894119889)V

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119876V 119905119876119894119889)ℎ(119905119903119877119894119889)


(11)




119882 =K119879119876V

119865 = ℎ (119882 V 119904119906) (12)





119892119896 = ℎ (119873) = ℎ (K119875) (14)


⟨119905119910119901119890 119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878) 119879119878⟩ (15)







119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)


119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)


br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)




119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)



br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)


br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)






⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



TA

RSU

RSU

V2R communication

V2V communication































119877119894119889 = ℎ (119894119889 119876H) (1)


119876RSU = 119904RSU119875 (2)



119876V = 119904V119875 (3)





119876119894119889 = 119867 (119894119889 119876RSU)119862 = 119877119894119889119904RSU119876119894119889 (4)


119904119906 = 119877minus1119894119889 119862 = 119904RSU119876119894119889 (5)



1198761 = 119905119876V = 119905119904V119875 (6)


119876119894119889 = 119867 (119894119889 119876RSU) (7)


119903 = 119890 (119876RSU 119876119894119889)V = ℎ (119905 119903 119877119894119889) (8)


119880 = 119905V119904V119876119894119889 + 119904119906 (9)


119903 = 119890 (119875 119880)119890 (1198761 119876119894119889)V (10)


119890 (119875 119880)119890 (1198761 119876119894119889)V =119890 (119875 119905V119904V119876119894119889 + 119904119906)119890 (119905119876V 119876119894119889)V

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119876V 119905119876119894119889)ℎ(119905119903119877119894119889)


(11)




119882 =K119879119876V

119865 = ℎ (119882 V 119904119906) (12)





119892119896 = ℎ (119873) = ℎ (K119875) (14)


⟨119905119910119901119890 119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878) 119879119878⟩ (15)







119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)


119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)


br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)




119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)



br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)


br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)






⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia














119877119894119889 = ℎ (119894119889 119876H) (1)


119876RSU = 119904RSU119875 (2)



119876V = 119904V119875 (3)





119876119894119889 = 119867 (119894119889 119876RSU)119862 = 119877119894119889119904RSU119876119894119889 (4)


119904119906 = 119877minus1119894119889 119862 = 119904RSU119876119894119889 (5)



1198761 = 119905119876V = 119905119904V119875 (6)


119876119894119889 = 119867 (119894119889 119876RSU) (7)


119903 = 119890 (119876RSU 119876119894119889)V = ℎ (119905 119903 119877119894119889) (8)


119880 = 119905V119904V119876119894119889 + 119904119906 (9)


119903 = 119890 (119875 119880)119890 (1198761 119876119894119889)V (10)


119890 (119875 119880)119890 (1198761 119876119894119889)V =119890 (119875 119905V119904V119876119894119889 + 119904119906)119890 (119905119876V 119876119894119889)V

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119876V 119905119876119894119889)ℎ(119905119903119877119894119889)


(11)




119882 =K119879119876V

119865 = ℎ (119882 V 119904119906) (12)





119892119896 = ℎ (119873) = ℎ (K119875) (14)


⟨119905119910119901119890 119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878) 119879119878⟩ (15)







119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)


119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)


br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)




119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)



br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)


br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)






⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




119876119894119889 = 119867 (119894119889 119876RSU)119862 = 119877119894119889119904RSU119876119894119889 (4)


119904119906 = 119877minus1119894119889 119862 = 119904RSU119876119894119889 (5)



1198761 = 119905119876V = 119905119904V119875 (6)


119876119894119889 = 119867 (119894119889 119876RSU) (7)


119903 = 119890 (119876RSU 119876119894119889)V = ℎ (119905 119903 119877119894119889) (8)


119880 = 119905V119904V119876119894119889 + 119904119906 (9)


119903 = 119890 (119875 119880)119890 (1198761 119876119894119889)V (10)


119890 (119875 119880)119890 (1198761 119876119894119889)V =119890 (119875 119905V119904V119876119894119889 + 119904119906)119890 (119905119876V 119876119894119889)V

= 119890 (119875 ℎ (119905 119903 119877119894119889) 119905119904V119876119894119889 + 119904RSU119876119894119889)119890 (119876V 119905119876119894119889)ℎ(119905119903119877119894119889)


(11)




119882 =K119879119876V

119865 = ℎ (119882 V 119904119906) (12)





119892119896 = ℎ (119873) = ℎ (K119875) (14)


⟨119905119910119901119890 119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878) 119879119878⟩ (15)







119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)


119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)


br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)




119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)



br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)


br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)






⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia







119863119892119896 (119864119892119896 (119864119877119894119889 (119898) 119894119889 119879119878)) = 119864119877119894119889 (119898) 119894119889 119879119878 (16)


119898 = 119863119877119894119889 (119864119877119894119889 (119898)) (17)


br (119898) = 12 [pr (1198941198891) + pr (1198941198892)] (18)




119864V119890119899119905119897119900119888119898 = 119897119900119888 119905119910119901119890 119888119900119899119905 (19)



br (119898) = 1119896119896sum119894=1

pr (119894119889119894) (20)


br (119898) = 1119892119892sum119894=1

pr (119894119889119894) (21)






⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





⟨119905119910119901119890 119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V) 119879119878119890V⟩ (22)


119863119892119896 (119864119892119896 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V))= 119864119904119906 (119894119891119873119874 119886119904119904119890119904119904) 119894119889 119879119878119890V (23)


119863119904119906 (119864119904119906 (119894119891119873119874 119886119904119904119890119904119904)) = 119894119891119873119874 119886119904119904119890119904119904 (24)



119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (25)




(26)



br119899Δ119905119877119863 (119898) = sum119892119894=1 pr (119894119889119894)119892+ 119899sum119894=1

(sumℎ119894

119898

119906=1 [pr (119894119889119894119906) times 119904119901119894119906]ℎ119894119898 ) (27)




119877119886119905119890Δ119905119877119863119898 [119904119901119906 gt 0] geV (28)


pr (V119901119894) = pr (V119901119894) + 1 (29)



pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




pr (V119901119894) = pr (V119901119894) minus 1 (30)


6 Security Analysis











119880 = 119905V119904V119876119894119889 + 1199041199061198801015840 = 119905V1015840119904V119876119894119889 + 119904119906 (31)


























8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia

















8 Conclusion





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





3119901 + 3119867 + 2119860 +2119872 + 2mod1119863119890119888 +mod +1119864119899119888 1119863119890119888 + 4119901 +2119867 + 2119860 + 119863 10119901 + 5119867 +4119860 +119872 4119901 + 3119867 + 119890 +119860 + 3119872




Notations




Acknowledgments



References























































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia














































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Secure Certificateless Authentication and Road Message ...

Documents

Transcript of Secure Certificateless Authentication and Road Message ...