Sage Journals: Discover world-class research

Abstract

Vehicular ad hoc networks have emerged as a promising approach to increasing road safety and efficiency. Vehicles periodically broadcast traffic-related status messages. Message authentication is a common way for ensuring information reliability, but it is an unaffordable computational cost for single vehicle. In this article, we propose an efficient cooperative message authentication based on reputation mechanism. In the proposed scheme, reputation model is used to assess authentication efforts of vehicles, which enhances initiative for cooperative message authentication and inhabits selfish behavior; sequence optimization algorithm solves messages overflowing on condition limited computation of onboard unit and improves the speed of message authentication at the premise of ensuring the reliability of message authentication. Simulation results show that our scheme presents a nice performance of authentication efficiency, packet loss ratio, and missing detection ratio.

Keywords

Cooperative authentication efficiency reputation message authentication

Introduction

Vehicular ad hoc networks (VANETs) have been aroused great attention and promising research from academia, industry, and governments in recent years. In general, a VANET is composed of three components: onboard units (OBUs) equipped in mobile vehicle, roadside units (RSUs) fixed along roadside, and a center trust authority (TA). One of the core applications of VANETs is safety application to improve the security and efficiency of the transportation system.¹ In VANETs safety application system, each vehicle periodically broadcasts traffic-related status information containing its location, speed, direction, and others per 100–300 ms.^2,3 Message authentication is a common tool for ensuring information reliability, but it faces a challenge in VANETs. When the number of messages that are received by a vehicle becomes large, traditional exhaustive authentication (every vehicle authenticates each message) may generate unaffordable computation cost on the vehicle and therefore bring unacceptable delay to time-critical applications, such as accident warning. Some efficient cooperative message authentication schemes have been proposed to reduce the single vehicle’s message verification cost resorted to the other’s cooperative authentication.⁴

To the best of our knowledge, it assumes that vehicles will selflessly and actively take part in message authentication in most of existing cooperative authentication scheme.⁵ However, the vehicles are the member of a community and are unwilling to actively participate in message authentication or do false authentication because that cooperative authentication will result in loss of privacy and resource consumption.⁶ Therefore, it is an idealized model for vehicles to selflessly take part in cooperative message authentication. In some sense, it should take the will-factor as one of the important factors affecting the performance of the cooperative scheme.

In this article, we propose a cooperative message authentication scheme based on reputation mechanism. In this scheme, the reputation model is proposed to evaluate the efforts of cooperative message authentication and message authentication sequence optimization algorithm is proposed to resolve messages overflowing vehicles. Our scheme improves authentication efficiency while reducing packet missing ratio and packet losing ratio. In summary, this article has threefold main contributions:

We propose a cooperative message authentication scheme based on reputation mechanism, which achieves cooperative message authentication and reputation management with a combination of centralized and distributed way under the premises of protecting users’ privacy.

We propose a reputation management model for the work of broadcasting and authentication message. This model inhibits the selfish behavior of users and prevents invalid authentication, and free-riding attack.

We propose an optimization algorithm for message authentication according to reputation value (RV), message type, and others, which improve the efficiency of message authentication at the premise of ensuring the reliability of message authentication.

The rest of the paper is organized as follows. Section “Related works” reviews related works. Section “System model” describes the system model. Section “Cooperative message authentication” proposes cooperative message authentication. Section “Security analysis and simulation analysis” analyzes the simulation results in OMNet. Section “Conclusion” presents the conclusion and future work.

Related works

There are two main concerned aspects in message authentication in VANETs: first is the efficiency of authentication and second is privacy protection.⁷ The efficiency of authentication is about dealing with a large number of messages generated VANETs, including messages processing, authentication, and so on. In order to reduce the computation cost of message authentication, Zhang et al.^8,9 proposed two message authentication schemes using RSUs, but the protocol requires RSUs to cover all areas. Calandriello et al.¹⁰ proposed a synthetic signature scheme, which can do authentication at the same time of receiving a signature, and the efficiency authentication is very considerable in the large vehicle density. Salamanis et al.¹¹ adopted a reputation evaluation mechanism, which considers not only other users’ feedback but also users’ travel preferences. When the penetration rate of malicious users increases, the mechanism has a strong anti-malicious user attack ability. Lin et al.¹² proposed a probability-based authentication scheme, in which the vehicles are chosen to become verifiers according to probability, and then they share certification results to reduce the numbers of messages that required verifying for individual vehicle. Hao et al.¹³ proposed an efficient and practical cooperative message authentication protocol (CMAP), in which cooperative verifiers are selected by positional relationships to significantly reduce the computation and communication cost in the group signature–based implementation, but it cannot prevent free-riding authentication attacks. Lin and Li¹⁴ proposed a co-verification scheme, in which multiple vehicles can authenticate the same message to reduce the cost and delay of authentication by individual vehicle. Hasrouny et al.¹⁵ proposed a group leader–based trust model for vehicle network communication, which is used to classify vehicles according to their reliability and select potential group leaders (GLS).

The users pay more attention to privacy protection in VANETs; they do not want to expose their privacy when they send messages or verify messages. Privacy protection is mainly divided into two categories in VANETs: one is the location privacy and other is identity information protection. It is an important way to protect location privacy by using pseudonym because the users only need renew the pseudonym occasionally in special position.^16–18 Some researchers proposed communication agent to hide the real identity of vehicles.¹⁹ A model of service reputation and feedback reputation is proposed in Wang et al.²⁰ In the scheme, information entropy and most rules are applied to reputation accumulation algorithm to combat false feedback.

By analyzing the limitations of existing schemes, a dynamic pseudonym–based multi-hybrid mix zone (DPMM) technology is proposed to ensure the highest accuracy and privacy.²¹ It proves DPMM is superior to the existing name change technology in obtaining high privacy through a small amount of name change and achieves good results. Digital signature technology is a privacy protection technology widely used in various fields because it can guarantee data integrity and identity privacy and prevent repudiation under certain conditions.²² Compared to other signature technologies, group signature technology is more suitable for dynamic characteristics of VANETs. The basic idea of group signature in VANETs is that the vehicles form an authentication group, and then any one of the group can sign messages by group signature on behalf of their group. Group signature can be verified by group public keys only. Lin et al.²³ proposed a privacy-preserving protocol combined the identity authentication technology with group signature technology, vehicles do not need to be equipped with a large number of anonymous keys and can frequently and efficiently update private key, and the trusted center can track the target vehicle. However, when facing a large scale of emergencies safe anonymous authentication, the complex of this protocol makes low efficiency. Lu et al.²⁴ proposed a dynamic key management scheme (DIKE), in which each vehicle user can be privacy-preserving authenticated before joining an location based services (LBS) and can use a pseudo-ID to conceal its real identity during a service session. DIKE can effectively prevent double registration attack and present efficient service session key update procedures, particularly for sparse VANET environments. To improve the efficiency and anonymity of authentication, an ID-based anonymous access authentication scheme for edge computing vehicle ad hoc networks is proposed.²⁵ To improve the security and efficiency of authentication, Park et al.²⁶ adopted an incentive mechanism based on Bitcoin and proposed a safe and feasible incentive scheme for cooperative vehicles. Zhang²⁷ proposed authentication scheme using cryptographic mix-zone to protect vehicle privacy and proposed pseudonym updating protocol to solve the privacy problem of the authentication process.^2,7 However, these schemes do not take into account the real situation. When the number of messages are huge, it is impossible for a single vehicle to complete the verification.

However, as aforementioned before, most of the existing cooperative authentication schemes are on the basis of assuming that vehicles will selflessly and actively take part in message authentication. The willing and initiative of the member in cooperative message authentication are the important factors affecting efficiency and security of cooperative message authentication.

System model

In this section, we analyze the network model of cooperative message authentication in VANETs from three aspects: the network model, reputation model, and security model.

Network model

Network model is made up of three entities: trusted authority (TA), roadside unities (RSUs), and vehicle nodes, as shown in Figure 1.

Figure 1.

The network model of VANETs.

TA is completely trustable authority with the highest level of security. We assume TA will never be compromised. TA is in charge of two types of transactions. First, it provides identity registration function and assigns the ID, public key pairs and public key certificate for every node during the registration phase. Here, all of IDs and private key are unique and private. Second, TA manages and checks historical records of RV and publishes the vehicles which submitted false reputation records.

RSUs are deployed at the roadsides and connect to TA via trustable wired channels. We assume a trusted platform module is equipped in each RSU, which can resist software attacks, but cannot resist sophisticated hardware tampering.^13,28 Therefore RSUs are semi-trust with a medium security level. Uncompromised RSUs are group managers in our authentication group and in charge of identity authentication and group key distribution for the new group member.

Vehicle nodes are vehicles with OBU and global positioning system (GPS). OBU is in charge of communication with other OBUs and RSUs in dedicated short-range communication (DSRC) protocol.²⁹ OBU is the only one in charge of computation tasks. GPS receiver sends the location to OBU using DGPS with accuracy on the order of centimeters.¹³ According to Gao and Qi,²⁹ each vehicle in a VANET broadcasts a traffic safety message every 100–300 ms, which keeps the vehicle’s driving-related information, such as location, speed, turning intention, and driving status (e.g. regular driving, waiting for a traffic light, traffic jam). Each vehicle maintains a node information list of 1-hop neighbors by collecting broadcast information of other vehicles.

Reputation model

Vehicle’s reputation embodies its efforts on traffic safety message and cooperative message authentication. A vehicle can obtain positive reputation increment (RI) when a vehicle has completed a trustable authentication effort; of course, it will get negative RI when it does false authentication or does nothing in the authentication work. The vehicle’s reputation can be used as evaluation index of some reward from VANETs, so the reputation model can be an incentive factor to encourage vehicles actively to do cooperative message authentication.

The reputation model has two parts: TA management and local management, as shown in Figure 2. TA management is in charge of checking RVs and corresponding data-update to prevent cheating cases, such as an unauthorized change in reputation. Local management is designed according to the dynamic characteristics of VANETs.³⁰ The vehicle’s reputation segment (RS) record and RI calculation are maintained by the vehicle itself and vehicles surrounding it. Reputation consists of three parts: RV, RS, and RI. RV is a weighted value of historic reputation and RI of the vehicle. RS is the evaluation value of vehicle’s authentication efforts by other vehicles. RI is the evaluation value of vehicle’s authentication efforts during a continuous period of time, which is an overall value by gathering RS record from surrounding vehicles.

Figure 2.

Vehicle’s reputation model.

When a vehicle (abbreviated as A) enters a message authentication group, A will establish node information list of 1-hop group member and inform others its RV to 1-hop group member by group signcryption. Then other vehicles record RS for A’s cooperative message authentication efforts during the next period of time. When the new RI trigger of A fires, A will broadcast notification of its RS collection, then the surrounding vehicles will broadcast A’s RS. Next, A will calculate new RI with RS that received from other vehicles. Next, A send new RI to other vehicles. The other vehicles will check whether the new RI check whether the new RI is correct or not. If it does, they sign signature on new RI and send it to A. Finally, A signs and sends new RI and RV to TA through RSUs, as shown in Figure 2.

Security model

From the analysis in section “Network model,” the security of our model can be divided into three stages: TA issues secure public key during group member registration phase and cooperative message authentication phase. In the second and third phases, short group signature is used in this stage, which is classic group signature proposed by Boneh et al.³¹ with the advantage of low computing cost and traceability and has been widely applied to message signature in VANETs.^13,15,29

Because the classic group signature algorithm is adopted in our cooperative authentication scheme and has been presented rigid security proof,^22,29,32 we do not present again in this article. Therefore, the ability of adversaries in our model is assumed to be active, rational, and inside during the third stage, that is, the adversaries are inside attackers that may break the cooperative authentication, such as valid registered vehicles or RSUs. Rational attackers know the security mechanism and only attack for their own benefits under the condition of without being tracked or detected.³³ We also assume that the majority of vehicles are honest which is reasonable in the civilian use system and will not actively compromise with others.

Therefore, a misbehaving vehicle can block its negative RSs during the reputation update phase. It may change their random identity to stop their lowering reputation records. It may also launch a malicious attack by generating an invalid RS to a neighboring vehicle.

Cooperative message authentication

Cooperative message authentication model in this article consists of three parts: group member registration protocol, dynamic reputation management, and cooperative message authentication based on reputation mechanism.

Group member registration protocol

Vehicles move quickly on the road and continuously go through the communication coverage area of different RSUs, which results in that vehicles register with different message authentication groups frequently. We proposed a group member registration protocol to ensure group member is a valid member. As mentioned in section “System model,” each RSU will get a public ID, public key pairs, and public key certificate from TA; each vehicle will get a private ID, public key pairs, and public key certificate from TA. When a vehicle comes in a new communication area, vehicle and RSU start mutual authentication program by group member registration protocol; if it is successful, the vehicle joins the group and gets group private key and public key from RSU. Then the vehicle will generate new pseudonyms by ID and registration time. Related notations and corresponding descriptions are shown in Table 1.

Table 1.

Notations and descriptions.

Notations	Descriptions
$R_{pub} / R_{pri}$	RSU’s public/private key pair obtained from TA
${V_{k}}_{pub} / {V_{k}}_{pri}$	Vehicle k’s public/private key pair obtained from TA
${ID}_{k}$	Vehicle k’s secret ID obtained from TA
$Si g_{A} (M)$	Signature of message M signed by A’s private key
$(M)_{n}$	Message M is encrypted by n’s public key
${G_{k}}_{pub} / {G_{k}}_{pri}$	Group public/private key pair for vehicle k
$G_{pub}$	Group public keys
T	Timestamp
H(.)	Hash function, such as SHA-1

RSU: roadside unit; TA: trust authority.

As shown in Figure 3, the process of group member registration protocol consists of five steps:

Step 1. RSU broadcasts group information to vehicles in its communication coverage area as follows: public key $R_{pub}$ , public key certification $Si g_{TA} (R_{pub})$ , group public key $G_{pub}$ , and the compromised RSUs’ identities in its neighborhoods.

Step 2. Vehicle k sends its public key ${V_{k}}_{pub}$ and key certification $Si g_{TA} ({V_{k}}_{pub})$ to RSU after $Si g_{TA} (R_{pub})$ has passed its verification.

Step 3. If the $Si g_{TA} ({V_{k}}_{pub})$ pass verification, RSU sends group private key ${G_{k}}_{pri}$ to vehicle K, then encrypts $h ({G_{k}}_{pri}), Si g_{R_{pri}} (h ({G_{k}}_{pri})), R_{pub}$ , and ${V_{k}}_{pub}$ by vehicle public key ${V_{k}}_{pub}$ , and then sends this encrypted message to vehicle K.

Step 4. If $Si g_{R_{pri}} (h ({G_{k}}_{pri}))$ pass verification by $R_{pub}$ , then vehicle K calculates $(I D_{k}, T)_{TA}$ , which is the evidence of its new identity in current group. Then send message signature of $(I D_{k}, T)_{TA}, T$ , and other information to RSU, as shown in Step 4 of Figure 3.

Step 5. RSU sends ${G_{k}}_{pri}$ , ${G_{k}}_{pub}$ , and signature $Si g_{R_{pri}} ({G_{k}}_{pri})$ to vehicle K.

Figure 3.

Group member registration protocol.

RSU stores the registration information ${(I D_{k}, T)_{TA}, T, {G_{k}}_{pri}, {G_{k}}_{pub}}$ of vehicle K after the process of group member registration; the registration information will be used by TA to trace illegitimate behaviors. Vehicle K sets new pseudonym as $Pe s_{k} \leftarrow H (I D_{k}, T)$ that used to communication in the current group. Pseudonyms of vehicles are not related, so the adversary is unable to track the vehicle’s trajectory through pseudonyms. Only TA can reveal the real identity of the message according to registration information ${(I D_{k}, T)_{TA}, T, {G_{k}}_{pri}, {G_{k}}_{pub}}$ if necessary. Thus, it can protect the privacy of vehicles meanwhile it can reveal the real identity and reputation of the corresponding vehicle.

After the vehicle successfully joined the group, it sends hello message to confirm group members in surrounding vehicles, then tags these group members as member vehicles and constructs nodes set V in 1-hop communication range. Assume vehicle’s pseudonym is A, A has I neighbor nodes $B_{i} \in V$ . Nei(A) denotes information about neighbor vehicles stored in A. If there is new member comes in A 1-hop communication range, A will also add new neighbor information in Nei(A); on the contrary, if a neighbor moves away, A will delete its information from Nei(A).

Dynamic reputation management

We will analyze the maintenance strategy of RS and computation of RI in way of localized reputation management in this section, in order to comply with network topology which changes frequently.

Maintenance strategy of RS

In order to ensure all RSs can be collected whenever RI trigger is fired, the best way is that RSs are stored by vehicles in 1-hop communication range.³⁰ Relative positions in RS management are mainly three cases, as shown in Figure 4; here A’s RS is regarded as an example to explain the maintenance strategy of RS. Vehicle A and neighbor vehicles $B_{i}$ maintain the information of their neighbor nodes (i.e. Nei(A) and Nei(B_i)) respectively. Positional relationship between $B_{i}$ and A is changed mainly in two categories: one is that $B_{i}$ goes away from A’s 1-hop communication range, as shown in Figure 4 (case 1); $B_{i}$ will send A’s RS $R S_{B_{i} A}$ to other vehicle $B_{i - 1}$ and the other is that vehicle $B_{i}$ comes in A’s 1-hop communication range; it will sends hello message to confirm group members ship, then accepts A’s reputation information and starts to record A’s RS, as shown in Figure 4 (case 2). The last case is that A goes away from all of neighbor vehicles, as shown in Figure 4 (case 3); it will directly trigger reputation incremental update affairs, which we explain in the next section. There is a special case, that is, vehicle A changes its pseudonym, we can deem A leave off the original group.

Figure 4.

Relative position changing versus reputation relay.

Computation of RI

As the analysis in the previous section, when vehicle A goes away from all of the 1-hop neighbor vehicles, or A changes its pseudonym, the new RI trigger will be fired. The new RI computation has four steps:

Step 1: notation. Vehicle A broadcasts a notation RSQM for RS collection. To ensure data integrity and authenticity, the secure message format is designed for RSQM as follows

RSQM = {Payload = {GID, Type = R S_{q}, Event, T_{q}, Pe s_{A}}, Si g_{{G_{A}}_{pri}} (H (Payload))}

Here, $GID$ denotes the group ID which is used to identify a group. $Pe s_{A}$ denotes pseudonym of a collector and $T_{q}$ denotes the current timestamp generated by A.

Step 2: collections. Once received A’s RSQM, the neighbor vehicles $B_{i}$ will broadcast answer message RSAM; the member vehicles around also receive RSAM and get all of A’s RS. The format of RSAM is as follows

RSAM = {Payload = {GID, Type = R S_{a}, Target = A, R S_{B_{i} A}, T_{q}}, Si g_{{G_{B_{i}}}_{pri}} (H (Payload))}

Here, $R S_{B_{i} A}$ denotes A’s RS stored in $B_{i}$ .

Step 3: computations. After receives all of RS, A calculates its new RI ${RI}_{A}^{*}$ as follows

{RI}_{A}^{*} = NewRI (R S_{B_{1} A}, R S_{B_{2} A}, \dots)

(1)

Meanwhile, each neighbor vehicles $B_{i}$ will also calculate A’s RI with its version of ${RI}_{B_{i} A}^{*}$ , as follows

{RI}_{B_{i} A}^{*} = NewRI (R S_{B_{1} A}, R S_{B_{2} A}, \dots)

(2)

Here, the function of $NewRI ()$ calculates the RI based on the current RS received from all of neighbor $B_{i}$ .

Then A will broadcast verification message RIVM to the neighbors for verification of ${RI}_{A}^{*}$ . The format of RIQM is as follows

RIQM = {Payload = {GID, Type = R I_{T_{q}}, {RI}_{A}^{*}, T_{q}, Pe s_{A}}, Si g_{{G_{A}}_{pri}} (H (Payload))}

Each neighbor $B_{i}$ can verify ${RI}_{A}^{*}$ with its ${RI}_{B_{i} A}^{*}$ . If it pass verification, $B_{i}$ will send RI answer message RIAM to A. The format of RIAM is as follows

RIAM = {Payload = {GID, Type, Target = A, T_{q}, blind ({RI}_{A}^{*})}, Si g_{{G_{B_{i}}}_{pri}} (H (Payload))}

Here, function $blind ()$ can adopt from any common partially blind signature scheme.^34,35

Step 4: update and upload. After the number of signature of $blind ({RI}_{A}^{*})$ received from neighbor vehicle is more than $T_{k}$ , A will update its RV as follows

{RV}_{A} = NewRV ({R I_{i}}, {{T_{q}}_{i}}, R V_{i - 1})

(3)

Here, ${R I_{T_{q}}}$ is historic RI set and ${T_{q}}$ is corresponding renew time of $R I_{T_{q}}$ . And then A stores new information of ${R I_{T_{q}}, T_{q}, {Si g_{g}}_{T_{k}}, R V_{T_{q}}}$ in its OBU and uploads it to TA reputation management center through RSUs.

Cooperative message authentication based on reputation mechanism

Most message authentication models assume that vehicles will participate in cooperative authentication selfless. However, the vehicles are the member of a community and are unwilling to actively participate in message authentication or do false authentication because that cooperative authentication will result in loss of privacy and resource consumption. If there is no verification of the message authentication work, the malicious vehicles may do free-riding attack without authentication efforts or by false authentication efforts, which is fatal to implement cooperative message authentication. To address this issue, we propose a new cooperative message authentication model based on reputation mechanism in this section, which is an evaluation mechanism based on reputation for message authentication efforts.

There are two main types of message authentication in cooperative message authentication. One is to verify group signature of the message; if a message cannot pass group signature verification, it will be defined as an invalid message. Another is to verify the content of the message; if its content is considered as wrong but group nature can be verified, the message will be defined as a false message. For example, a vehicle may claim a traffic jam somewhere; however, no traffic jam happens there. If a message is judged as an invalid message, it will be dropped without to track the signer; for in such a case, even authorities cannot find the signer of an invalid message. If a message is judged as a false message, the singer will be recorded a negative RS for this message. Each vehicle maintains a 1-hop neighbor list Nei(A) as reputation management to know each member vehicle’s reputation, location, speed, and other information.

Message type and corresponding role

There are two types of messages in cooperative message authentication: regular broadcast message (RBM) and cooperative authenticated message (CAM). RBMs are messages broadcasted periodically by vehicles with content including its current position, direction, and velocity, as well as road information. CAM is 1-hop warning information broadcasted by verifiers when they find a message is an invalid message or false message; the non-verifier authenticates the corresponding RBM through the CAM broadcast by other vehicles. To ensure data integrity and authenticity, the secure message format is designed for RBM and CAM as follows

RBM = {Payload = {GID, Type, Ur, content, Pe s_{A}, {Verlist}}, Si g_{{G_{A}}_{pri}} (H (Payload))}

CAM = {Payload = {GID, Type, Reason, Pe s_{A}, Pe s_{B}}, Si g_{{G_{B}}_{pri}} (H (Payload))}

Here, $GID$ denotes the group ID which is used to identify a group, $Type$ denotes message type, ${Pes}_{A}$ denotes the sender of RBM, ${Pes}_{B}$ denotes the verifier of RBM, and ${Verlist}$ denotes verifier list for this message selected according to relative location.

Each vehicle simultaneously plays multiple roles: it is a sender of RBM sent by itself and also a verifier of RBM sent by 1-hop neighbor vehicle. For simplicity, we denote A as a sender role of RBM, B as a verifier role of RBM that is the sender of CAM, and C as a role of others, which will verify authentication efforts on random ways.

Verifier selection method has a great influence on the performance of cooperative message authentication. We adopt verifier selection algorithm based on relative location proposed in Hao et al.¹³ As shown in Figure 5, when A sends an RBM to other vehicles, A establishes its own center-centric coordinate system. Then A selects 2M verifiers who are the closest to the selection arcs. M is the number of verifier on one side of the sender of RBM, and the selection arcs are a radius of 280/140 m from the sender (Tips. 20 m for margins, the communication range of vehicles is 300 m). Then A inserts the pseudonyms of verifier that being selected into Verlist.

Figure 5.

Illustration of verifier selection.

If a vehicle is selected as verifier by A, it plays B-role (B) and proceeds the verification. In the first step, B verifies the group signature of RBM; if a signature cannot pass the group signature verification, B will broadcast invalid message CAM with invalid message warning and drops RBM, else B will do the second step. In the second step, B verifies the verification content of RBM; if B considers the content of message wrong, B will broadcast CAM with false message warning and records A’s negative RS. Otherwise, B only needs to record A’s positive RS.

The other member vehicles play C role (C). When C receives an RBM, C will store it in the buffer of OBU and waits for corresponding CAM; at the same time, C will calculate verification probability (VR) of this RBM as follows

VR = Verify_Rand (Type, θ)

Here, $Type$ denotes message type and $θ$ denotes safety threshold. Messages with different types have different safety thresholds; a message with the higher security level has higher safety threshold $θ$ . The value of $VR$ is 1 and 0: 1 is that C will verify the RBM whether receives CAM or not; 0 is that C will verify the RBM after receives CAM.

If $VR$ is 1, C verifies RBM and waits for corresponding CAM from B. The following four cases will occur: (1) RBM in C’s verification is true and B does not send CAM during time $τ_{w}$ ( $τ_{w}$ is time threshold for waiting C for AM), which means B does right effort. C will record B’s positive RS in this case. (2) RBM in C’s verification is true and received B’s CAM, which means B does wrong efforts in C’s opinion. C will record B’s negative RS in this case. (3) RBM in C’s verification is false and B does not send CAM during time $τ_{w}$ , which means B does wrong efforts in C’s opinion. C will record B’s negative RS in this case. (4) The results of C’s verification and B’s verification are the same; C will record B’s positive RS in this case.

If $VR$ is 0, C waits for corresponding CAM from B. The following two cases will occur: (1) C will consider that RBM is true if C does not receive CAM during time $τ_{w}$ , then C will not record any B’s RS in this case. (2) C receives CAM and then C will verify RBM. If B’s verification is same with C’s, C will record B’s positive RS in this case, or if B’s verification is different from C’s, C will record B’s negative RS in this case. Message and role relation is shown in Figure 6.

Figure 6.

Message and role relation.

Message authentication sequence optimization algorithm

In a typical safety application, each vehicle broadcasts a safety message every 300 ms under the general situation, even every 100 ms under an emergency situation. According to the measurement given by Hao et al.¹³ and Wisitpongphan et al.,³⁶ there may exist as many as 87 vehicles broadcasting message within the 300 m communication range of receiving a vehicle, which means that each vehicle should process more 87 and 270 messages during 300 ms under the general situation and emergency situation, respectively. However, the verification time for a short group signature is 11 ms with a 3 GHz Pentium IV system, which applies that each vehicle can at most process 27 messages from other vehicles during 300 ms.¹³ A few cooperative authentication schemes are proposed to decrease the number of the message authentication process for each vehicle.^13,37 In the schemes, each vehicle will process more 25 messages authentications during 300 ms, which means that OBUs process message authentication only. If there are more safety messages in proceeding queue for a vehicle to do authentication, some of the messages will overflow from proceeding queue due to limit computing capacity of OBUs, which will result in serial traffic safety issue for overflowing important safety messages. To the best of our knowledge, there is less literature to address this problem. In this section, we propose a message authentication sequence optimization algorithm based on reputation mechanism in order to improve efficiency, with low missed detection ratio in the premise.

In our cooperative message authentication model, each vehicle maintains two message process queues: urgent queue and credible queue. An RBM with the more urgent rating will be inserted into an urgent queue. A CAM will always be most urgent and be inserted in the urgent queue.

The urgent ratings of messages in our scheme are divided into three categories: particularly urgent, general urgent, and general. For example, collision notification is particularly urgent and road condition message is general. As the analysis in section “Reputation model” and “Dynamic reputation management,” each vehicle maintains a neighbor list $Nei (B_{i})$ and knows the neighbor’s reputation grade. The reputation grade is an important value for vehicles to get other servers.^30,38 Therefore, a rational vehicle will not broadcast false message to cherish its reputation grade.

When B receives RBM, it calculates the processing level indicator (PRI) as the following function

{PRI}_{m} = function (RV, Ur, T_{s})

(4)

Here, $RV$ denotes reputation value of the message sender, $Ur$ denotes urgent rating, and $T_{s}$ denotes the send time of message.

According to the value of $PR I_{m}$ , message M will insert urgent queue or credible queue. The messages in the urgent queue will be authenticated; the messages in credible queue will be authenticated only when the urgent queue is empty and the OBU is idle.

Cooperative message authentication process

Two types of messages will be received in our model, i.e. RBM and CAM; vehicles will deal with a message in different procedures according to message type and its role, as shown in Figure 7.

Figure 7.

The workflow of cooperative message authentication.

If a vehicle is a verifier of an RBM, it is B-role for this message. B will do a procedure as follows: First, each RBM’s $PR I_{m}$ will be calculated by function (4), then it be inserted into a credible queue or urgent queue according to $PR I_{m}$ . Second, messages in the urgent queue will get priority to be verified. Third, each message in a credible queue will set a countdown timer $T_{w}$ . If its $T_{w}$ ends soon, it triggers a notification for verification, then it will be verified if OBU is idle and it will be as a trustable message without being verified.

If a vehicle is not a verifier of a RBM, it is C role for this message. C will store this message in the buffer of OBU and wait for corresponding CAM, then it will calculate verification probability (VP) of the message by function (4), if VP = 1, C inserts RBM in an urgent queue.

Security analysis and simulation analysis

In this section, we first analyze the security of the proposed scheme and then use OMNet 4.0 as the simulation platform to examine the performance of our cooperative message authentication scheme. Then the proposed scheme is compared with four similar schemes.

Security analysis

The proposed scheme can be resilient to various attacks to privacy and reputation. If a vehicle blocks the negative RSs, its reputation result will not be accepted by its neighbor vehicle. Next, the proposed scheme can ensure that each vehicle can maintains a valid reputation segment list, and each vehicle can submit the list to TA at any time. The neighbor-assisted reputation segment renew algorithm can ensure reputation update on the condition of real identity hiding. Therefore, no vehicle could evade reputation recorder under real identity hiding.

Simulation analysis

In the simulation, we mainly consider the highway scenario with three lanes in each direction. The parameters in the simulation are designed according to Hao et al.¹³: vehicles are placed uniformly on the road and travel at a speed of 30 + 5 m/s. Parameters of the physical layer and the MAC layer are designed according to Ma et al.³⁹

We assume that malicious vehicles account for 5% and member vehicles account for 95%. The malicious vehicles always send invalid RBM, and they never send CAM to help others; the member vehicles are friendly vehicles authenticated by group managers (uncompromised RSUs), and they are rational and selfish, which leads to do free-riding attack with probabilities under model rules. We set initial RV of the vehicles conforming to normal distribution law.

The number of B-role (B) is an important factor to affect the missing detection ratio of RBM and computation costs of OBUs. As the more number of B-role, the missing detection ratio will be smaller but the overall cost of the entire network computing of OBUs is increased, and therefore, then the number of B is a trade-off between missed detection ratio and computation cost of OBUs. In simulation, we set the number of B as 4, 6, and 8, respectively; then the missed detection ratio versus the number of B-role are shown in Figure 8. It can be seen that the performance of missed detection ratio under 8 B-roles is lower than 0.2. The number is larger than 8 to ensure a better-missed detection ratio, but it will lead to a negative impact by incurring more communication and computation cost. Therefore, our later simulations will set the number of B is 8.

Figure 8.

Missed detection ratio versus the number of B-role.

In order to measure the performance of the proposed scheme (ECMA), we plot a group of comparative experiments with CMAP proposed in Hao et al.,¹³ probabilistic verification (ProVer) in Zhang et al.,²⁸ joint privacy and reputation assurance (JPRA) in Li and Chigan,³⁰ anonymous reputation system (ARS) in Jaimes et al.,⁴⁰ and the proposed ECMA.

Figure 9 shows that the missed packet ratio of ECMA, ARS, CMAP, JPRA, and ProVer under different vehicle densities with eight verifiers. As shown in Figure 9, the missed packet ratios of CMAP, JPRA, and ECMA are better than ProVer in lower vehicle’s density; with increasing vehicle’s density, the missed packet ratio of ProVer increases quickly; when vehicle’s density is over 150 later, the missed packet ratio of ECMA is lower than CAMP, JPRA, and APS due to efficient message authentication sequence optimization algorithm based on reputation, which improves verification’s efficiency while degrades certified missed packet ratio.

Figure 9.

Missed detection ratio versus vehicle’s density.

To achieve each of the received messages having been authenticated, a vehicle can verify message by itself or assort to other’s cooperative message authentication. The average message authentication ratio is the ratio between the number of authenticated message and the number of the received message. Figure 10 shows the average message authentication ratio of a single vehicle under different vehicle densities. As shown in Figure 10, the average authentication ratio of ProVer is less than the ratio of ECMA, JPRA, APS, and CMAP. With the increase of vehicle’s density, the ratio of ECMA is more than 80% due to its message authentication sequence optimization algorithm based on reputation.

Figure 10.

Average message authentication ratio.

Conclusion

In this article, we present a novel cooperative message authentication scheme in VANETs based on reputation mechanism. In the proposed scheme, a reputation model is used to assess authentication efforts of vehicles, which is effective to enhance initiative for cooperative message authentication and inhabit selfish behavior; a message authentication sequence optimization algorithm is proposed to solve messages overflowing due to limit computing capacity of OBUs. Extensive simulations show that our cooperative message authentication scheme embodies a better performance, such as authentication efficiency, packet loss ratio, and missing detection ratio. The next work is to further research on universality of cooperative message authentication.

Footnotes

Handling Editor: Weizhi Meng

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: The work was supported in part by the National Natural Science Foundation of China (61862052), and the National Natural Science Function of Qinghai Province (2019-ZJ-7065, 2017-ZJ-959Q).

ORCID iD

Yong Xie

References

Hasrouny

Samhat

Bassil

et al . VANET security challenges and solutions: a survey. Veh Commun 2017; 7: 7–20.

Zhang

Men

Choo

KKR

et al . Privacy-preserving cloud establishment and data dissemination scheme for vehicular cloud. IEEE T Depend Sec Comput. Epub ahead of print 23 January 2018. DOI: 10.1109/TDSC.2018.2797190.

Zhang

Domingo-Ferrer

et al . Distributed aggregate privacy-preserving authentication in VANETs. IEEE T Intell Transp Syst 2017; 18(3): 516–526.

Shen

Liu

Cao

et al . Cooperative message authentication in vehicular cyber-physical systems. IEEE T Emerg Topic Comput 2013; 1(1): 84–97.

Sakiz

Sen

. A survey of attacks and detection mechanisms on intelligent transportation systems: VANETs and IoV. Ad Hoc Netw 2017; 61: 33–50.

Manvi

Tangade

. A survey on authentication schemes in VANETs for secured communication. Veh Commun 2017; 9: 19–30.

Zhang

et al . Privacy-preserving vehicular communication authentication with hierarchical aggregation and fast response. IEEE T Comput 2016; 65(8): 2562–2574.

Zhang

Lin

et al . RAISE: an efficient RSU-aided message authentication scheme in vehicular communication networks. In: Proceedings of the international conference in computing, Beijing, China, 19–23 May 2008. New York: IEEE.

Zhang

Lin

et al . An efficient message authentication scheme for vehicular communications. IEEE T Veh Technol 2008; 57(6): 3357–3368.

10.

Calandriello

Papadimitratos

Hubaux

et al . Efficient and robust pseudonymous authentication in VANET, https://people.kth.se/∼papadim/publications/fulltext/efficient-robust-pseudonymous-authentication-vanet.pdf

11.

Salamanis

Kehagias

Tsoukalas

et al . Reputation assessment mechanism for carpooling applications based on clustering user travel preferences. Int J Transp Sci Technol 2019; 8: 68–81.

12.

Lin

Zhang

Sun

et al . Performance enhancement for secure vehicular communications. In: Proceedings of the global telecommunications conference, Washington, DC, 26–30 November 2007, pp.480–485. New York: IEEE.

13.

Hao

Cheng

Zhou

et al . A distributed key management framework with cooperative message authentication in VANETs. IEEE J Select Area Commun 2011; 29(3): 616–629.

14.

Lin

. Achieving efficient cooperative message authentication in vehicular ad hoc networks. IEEE T Veh Technol 2013; 62(7): 3339–3348.

15.

Hasrouny

Bassil

Samhat

et al . Security risk analysis of a trust model for secure group leader-based communication in VANET. In: A

Laouiti

Qayyum

Mohamad Saad

. (eds) Vehicular ad-hoc networks for smart cities. Singapore: Springer, 2017, pp.71–83.

16.

Freudiger

Manshaei

Hubaux

et al . On non-cooperative location privacy: a game-theoretic analysis. In: Proceedings of the 16th ACM conference on computer and communications security, Chicago, IL, 9–13 November 2009, pp.324–337. New York: ACM.

17.

Lin

Luan

et al . Anonymity analysis on social spot based pseudonym changing for location privacy in VANETs. In: Proceedings of the international conference on communications, Kyoto, Japan, 5–9 June 2011, pp.1–5. New York: IEEE.

18.

Luan

et al . Pseudonym changing at social spots: an effective strategy for location privacy in VANETs. IEEE T Veh Technol 2012; 61(1): 86–96.

19.

Scheuer

Fuchs

Federrath

. A safety-preserving mix zone for VANETs. In: Furnell

Lambrinoudakis

Pernul

. (eds) Trust, privacy and security in digital business. Berlin: Springer, 2011, pp.37–48.

20.

Wang

Zhang

Wang

et al . RPRep: a robust and privacy-preserving reputation management scheme for pseudonym-enabled VANETs. Int J Distrib Sens Netw 2016; 12(3): 613–624.

21.

Arain

Deng

Memon

et al . Privacy protection with dynamic pseudonym-based multiple mix-zones over road networks. China Commun 2017; 14(4): 89–100.

22.

Yan

Zhang

. Certificateless public integrity checking of group shared data on cloud storage. IEEE T Serv Comput. Epub ahead of print 8 January 2018. DOI: 10.1109/TSC.2018.2789893.

23.

Lin

Sun

et al . GSIS: a secure and privacy-preserving protocol for vehicular communications. IEEE T Veh Technol 2007; 56(6): 3442–3456.

24.

Lin

Liang

et al . A dynamic privacy-preserving key management scheme for location-based services in VANETs. IEEE T Intell Transp Syst 2012; 13(1): 127–139.

25.

Gao

Guo

et al . An anonymous access authentication scheme for vehicular ad hoc networks under edge computing. Int J Distrib Sens Netw 2018; 14(2): 1550147718756581.

26.

Park

Sur

Rhee

. A secure incentive scheme for vehicular delay tolerant networks using cryptocurrency. Secur Commun Netw 2018; 18(1): 1–13.

27.

Zhang

. OTIBAAGKA: a new security tool for cryptographic mix-zone establishment in vehicular ad hoc networks. IEEE T Inform Foren Secur 2017; 12(12): 2998–3010.

28.

Zhang

Solanas

et al . A scalable robust authentication protocol for secure vehicular communications. IEEE T Veh Technol 2010; 59(4): 1606–1617.

29.

Gao

. An anonymous access authentication scheme for VANETs based on ID-based group signature. In: Proceedings of the international conference on broadband and wireless computing, communication and applications, Taichung, Taiwan, 27–29 October 2018, pp.490–497. Cham: Springer.

30.

Chigan

. On joint privacy and reputation assurance for vehicular ad hoc networks. IEEE T Mobile Comput 2014; 13(10): 2334–2344.

31.

Boneh

Boyen

Shacham

Short group signatures. In: Franklin

. (ed.) Advances in cryptology—CRYPTO 2004. Berlin: Springer, 2004, pp.41–55.

32.

Yao

Han

et al . User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst J 2018; 12(2): 1767–1777.

33.

Liu

Guo

Fan

et al . A practical privacy-preserving data aggregation (3PDA) scheme for smart grid. IEEE T Ind Inform 2019; 15(3): 1767–1774.

34.

Abe

Fujisaki

. How to date blind signatures. In: Kim

Matsumoto

. (eds) Advances in cryptology—ASIACRYPT’96. Berlin: Springer, 1996, pp.244–251.

35.

Liu

Wang

et al . Privacy-preserving raw data collection without a trusted authority for IoT. Comput Netw 2019; 148(1): 340–348.

36.

Wisitpongphan

Bai

Mudalige

et al . Routing in sparse vehicular ad hoc wireless networks. IEEE J Select Area Commun 2007; 25(8): 1538–1556.

37.

Marfia

Pau

De Sena

et al . Evaluating vehicle network strategies for downtown Portland: opportunistic infrastructure and the importance of realistic mobility models. In: Proceedings of the 1st international MobiSys workshop on Mobile opportunistic networking, San Juan, PR, 11 June 2007, pp.47–51. New York: IEEE.

38.

Dhurandher

Obaidat

Jaiswal

et al . Vehicular security through reputation and plausibility checks. IEEE Syst J 2014; 8: 384–394.

39.

Chen

Refai

. Unsaturated performance of IEEE 802.11 broadcast service in vehicle-to-vehicle networks. In: Proceedings of the 66th vehicular technology conference, Baltimore, MD, 30 September–3 October 2007, pp.1957–1961. New York: IEEE.

40.

Jaimes

LMS

Ullah

dos Santos Moreira

. ARS: anonymous reputation system for vehicular ad hoc networks. In: Proceedings of the 8th IEEE Latin-American conference on communications, Medellin, Colombia, 15–17 November 2016, pp.1–6. New York: IEEE.

An efficient cooperative message authentication based on reputation mechanism in vehicular ad hoc networks

Abstract

Keywords

Introduction

Related works

System model

Network model

Reputation model

Security model

Cooperative message authentication

Group member registration protocol

Dynamic reputation management

Maintenance strategy of RS

Computation of RI

Cooperative message authentication based on reputation mechanism

Message type and corresponding role

Message authentication sequence optimization algorithm

Cooperative message authentication process

Security analysis and simulation analysis

Security analysis

Simulation analysis

Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References