Content uploaded by Hongyuan Cheng
Author content
All content in this area was uploaded by Hongyuan Cheng on Jan 11, 2024
Content may be subject to copyright.
IEEE SYSTEMS JOURNAL 1
PPRT: Privacy Preserving and Reliable Trust-Aware
Platoon Recommendation Scheme in IoV
Hongyuan Cheng, Xianchao Zhang , Jingkang Yang, and Yining Liu , Senior Member, IEEE
Abstract—Vehicular platoon is an evolved driving pattern in
Internet of Vehicles (IoV) that consists of a platoon head (PH)
vehicle and several member vehicles to reduce fuel consumption
and enhance communication efficiency. In such vehicular platoon
system, PH vehicles’ reputation is calculated according to feedback
reports provided by its member vehicles. Hence, it is essential to
calculate a truthful reputation for PH vehicle without revealing the
privacy and weight information of member vehicles. Inspired by
this, we explore homomorphic encryption, data perturbation, and
truth discovery techniques to design a privacy-preserving and reli-
able trust-aware platoon recommendation scheme. Compared with
existing schemes, this article features the following advantages. The
feedback reports collection process and never reveals the privacy
and weight information of member vehicles. Besides, PH vehicles’
reputation is iteratively calculated by fog node and cloud service
provider without the involvement of member vehicles, which con-
siders high-speed mobility and equipment limitations of vehicles.
The security analysis illustrates that our scheme fulfills security
requirements of IoV. Further, we deployed Network Simulator-3
(NS-3) and Simulation of Urban Mobility (SUMO) for simulations,
which demonstrated that our scheme reduces the computation bur-
den by at least 42.62%, communication burden by at least 2%, and
storage burden by at least 45.95%, compared with related schemes.
Index Terms—Internet of vehicles (IoV), platoon recommend-
ation, privacy preserving, truth discovery, vehicular platoon.
I. INTRODUCTION
WITH the evolution of automobiles, wireless communi-
cation, and automatic control technology, platooning
has drawn great attention in Internet of Vehicles (IoV) that
serves as an attractive way to enhance road safety, relieve traffic
congestion, and mitigate air pollution [1]. Vehicle platoon is
regarded as a novel driving mode in which a platoon head (PH)
Manuscript received 14 September 2022; revised 11 January 2023 and 20
February 2023; accepted 30 March 2023. This work was supported in part
by the National Natural Science Foundation of China under Grant 62072133,
in part by International Exchanges 2021 Cost Share (NSFC) under Grant
IEC\NSFC\211034, in part by the Henan Key Laboratory of Network Cryptog-
raphy Technology under Grant LNCT2021-A11, and in part by the Innovation
Project of GUET Graduate Education under Grant 2021YCXB05. (Correspond-
ing authors: Xianchao Zhang; Yining Liu.)
Hongyuan Cheng, Jingkang Yang, and Yining Liu are with the School of
Computer Science and Information Security, Guilin University of Electronic
Technology, Guilin 541004, China, and also with the Henan Key Laboratory
of Network Cryptography Technology, Zhengzhou 450000, China (e-mail:
hycheng649@163.com; jk_y@foxmail.com; lyn7311@sina.com).
Xianchao Zhang is with the College of Information Science and Engineer-
ing, Key Laboratory of Medical Electronics and Digital Health of Zhejiang
Province, Engineering Research Center of Intelligent Human Health Situation
Awareness of Zhejiang Province, Jiaxing University, Jiaxing 314001, China
(e-mail: zhangxianchao@zjxu.edu.cn).
Digital Object Identifier 10.1109/JSYST.2023.3264773
vehicle leads a group of vehicles with the same driving trip and
destination on the road [2]. Compared with conventional driving
patterns, vehicles shape a platoon on the road, moving one after
each other in close proximity, which enhances driving safety,
alleviates traffic congestion, and significantly decreases energy
consumption due to reduced air resistance [3].
Indeed, the research and application of vehicular platoon has
gained considerable attention from industry and academia. The
PATH program [4], launched in California in 1986, combines
information technology and transportation systems. Its experi-
ments are mainly conducted on a platoon of four vehicles with
automatic longitudinal control. More recently, the CONCORDA
Project [5] was coorganized by Germany, The Netherlands,
Spain, France, and Belgium in 2018. It aims to enhance the
environment of existing pilot projects with three main scenarios:
automated highway driving, truck platooning, and automated
collision avoidance features.
While platooning can deliver numerous advantages in terms
of roadway capacity and driving efficiency, the openness of
the communication channel makes it challenging to apply in
practice. Clearly, the leader–follower mechanism requires the
PH vehicles to provide high-quality services for dominating
the driving route and driving manner of the entire platoon [6].
Thus, it is crucial to identity the PH vehicles with excellent
performance in the platoon recommendation system. Currently,
an effective approach is to assess the reputation of PH vehicles
according to feedback from member vehicles, which is
considered as an incentive mechanism to avoid traffic accidents
caused by low-quality service of PH vehicles [7]. In such
approach, all member vehicles are assigned the same weight.
However, the quality of feedback provided by different member
vehicles varies considerably due to different driving patterns,
observation errors, different time intervals, and malicious
comments [8]. Hence, the traditional aggregation approach
of giving equal weight to all member vehicles may result
in inaccurate reputation evaluation of PH vehicles, which is
contrary to the initial goal of vehicular platoon.
Rather than assigning equal value to all member vehicles, truth
discovery [9] defines different reliability weights by catching
the differences between the feedback provided by each member
vehicle and object truth, and further employs these weights to
derive the ground truth through a quality-aware data aggregation
approach.
A. Motivations and Contributions
Despite the remarkable improvement in the accuracy of eval-
uating the reputation of PH vehicles supported by truth discov-
ery, we found that there are still two major serious problems
with the existing truth discovery-based platoon recommendation
1937-9234 © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
2IEEE SYSTEMS JOURNAL
schemes. On the one hand, vehicle feedback reports concern the
privacy of the vehicle, including identity, location, driving route,
etc. Once this information is revealed, attackers and semitrusted
entities [cloud service provider (CSP) and fog node (FN)] will
put vehicles in danger. The reason is that movement patterns,
home addresses, religious places, and sexual inclinations may
be captured by analyzing vehicle feedback reports [10]. Then,
to prevent privacy leakage or malicious retaliation, vehicles will
be hesitant to provide truthful feedback reports, which compro-
mises the accuracy of the truth discovery. On the other hand,
most schemes demand that member vehicles maintain online
during the iterations of calculating the reputation of the PH
vehicle. Considering the resource limitations and the high-speed
mobility of vehicles, it is infeasible to expect all vehicles remain
online until the reputation of the PH vehicle is acquired.
To fill the mentioned gap, this article presents a privacy
preserving and reliable trust-aware platoon recommendation
(PPRT) scheme to work out the reputation of the PH vehicle. In
our PPRT scheme, with the help of FN, CSP iteratively calculates
the PH vehicle’s reputation based on the encrypted and perturbed
feedback provided by its member vehicles after the trip. By doing
this, the system can identify and recommend reputable PH vehi-
cles for user vehicles. Particularly, the abovementioned process
does not reveal the privacy (identity and feedback reports) and
weight information of member vehicles. The contributions of
our work are specified in the following.
1) The pseudonym and signature mechanism is employed in
the PPRT scheme to ensure anonymous authentication and
identity privacy protection of member vehicles during the
feedback reports collection process. In addition, to further
protect the privacy of vehicle feedback reports, the vehicle
perturbs the feedback report and encrypts it with Paillier
cryptosystem rather than sending it in plaintext.
2) Since the member vehicles only require to upload feed-
back once after a trip, and the subsequent truth discovery
process occurs at the FN and CSP sides. The proposed
PPRT scheme significantly reduces the computation and
communication burdens on the vehicle side and is more
suitable for the practical scenarios of IoV with high-speed
vehicle mobility and constrained equipment resources.
3) A formal proof is provided to demonstrate the secu-
rity of our PPRT scheme. Besides, extensive experi-
ments based on real-world datasets validate the accu-
racy of the scheme. Meanwhile, simulations performed
on Network Simulator-3 (NS-3) and SUMO show that
the PPRT scheme outperforms the related schemes by at
least 42.62%, 2%, and 45.95% in terms of computation,
communication, and storage costs, respectively.
The rest of the PPRT scheme is shown in the following. The
rest of this article is organized as follows. The next two sections
review relevant references and the models and design goals of
our scheme. Section IV describes the background knowledge.
We describe the PPRT scheme details in Section V. The formal
security proof and security analysis are described in Section VI.
In Section VII, the simulation results and performance compar-
isons are provided. Finally, Section VIII concludes this article
and describes future work.
II. RELATED WORK
Currently, several schemes have been proposed to es-
timate the PH vehicle’s reputation. The reputation-based
announcement schemes [11],[12] are presented to assess the
reliability of feedback sent by legitimate vehicles, which aggre-
gates the feedback provided by their neighboring vehicles and
calculates the reputation with the help of a weighted average
technology. To encourage cooperation and punish malicious
vehicles, the reputation system is proposed in [13] for reliable
cooperative downloading. Then, Cheng et al. [14] designed
a cloud-assisted vehicle feedback privacy protection protocol
(PPVF), which guarantees the reputation calculation of the target
vehicle without revealing the privacy of vehicle. However, tra-
ditional reputation evaluation methods, including averaging and
voting, usually assign equal weight to vehicles, which may cause
inaccurate ground-truth evaluations owing to differences in driv-
ing habits, viewing angles, and viewing distances of vehicles.
Truth discovery [15] conquers this problem by evaluating the
reliability (called weights) of the data according to its quality
(the difference between the data and the objects truths) and
further inferring the truth value. In fact, truth discovery has been
extensively adopted in vehicular crows sensing systems as an
excellent means of obtaining reliable data [7],[8]. Concretely,
to ensure the accuracy and reliability of data aggregated in a
distributed model, Patwardhan et al. [16] proposed a reputation
management system that offers a guided process for building
trusting relationships and motivating active cooperation. Then,
Raya et al. [17] proposed a data-centric trust-building framework
for scenario where interaction with a small number of mobile
nodes is required to gain the trustworthiness of data. The RE-
PLACE scheme [18] takes into account that poorly performing
PH vehicles will put the entire platoon at risk. It measures the
service quality of the PH vehicle through the feedback provided
by user vehicles as a trust index and adopts Dirichlet distribution
to ensure high accuracy and dynamics. Later, to offer a reliable
trusted-based crowd-sensing services in connected vehicular
cloud computing, the RTSense [19] that removes vehicles with
sensing data differing from the truth by more than a threshold
value from the next iteration is proposed, which can effectively
defend against malicious and newcomer attacks. Recently, a trust
and reputation scheme for measuring the reliability has been
introduced in trust-based platoon service query (TPSQ) [20],
which prevents poorly behaved platoon vehicles from provid-
ing low-quality services. However, the trust-based and privacy-
preserving platoon recommendation scheme (TPPR) [21] found
that the TPSQ relies on the strong assumption of complete trust
of the service provider. Following this, they proposed a TPPR
scheme, which reduces the trust of the service provider while
completing the platoon service recommendation.
III. MODELS AND DESIGN GOALS OF PPRT
We describe the system model, threat model, and design goals
in this section to better illustrate our scheme.
A. System Model
The overall system model of this article considers a classic
scenario of platoon service recommendation scenario consisting
of four participants: trusted authority (TA), CSP, FN, and vehi-
cles. Fig. 1shows the four participants and their interactions.
Each participant is discussed in detail in the following.
Trusted authority: An uncompromising TA with high-
computing, storage, and communication capabilities manages
all participants and provides registration services for vehicles
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
CHENG et al.: PPRT: PRIVACY PRESERVING AND RELIABLE TRUST-AWARE PLATOON RECOMMENDATION SCHEME IN IOV 3
Fig. 1. System model. FN
j:jth FN. PH
k:kth PH vehicle. Vi:ith member
vehicle in the platoon. V2F: Vehicle to FN.
and FNs. It is responsible for assigning pseudonyms to vehicles
and tracking the true identity of malicious vehicles based on
its pseudonym. It also maintains a database and a blacklist
for storing PH vehicle’s reputations and all misbehaving PH
vehicles, respectively. TA is responsible for the establishment
and dissolution of the vehicular platoon [22] and reallocates new
PH vehicle to the platoon led by low-reputation PH vehicle. To
facilitate platoon management, vehicles cannot join or leave the
platoon without the permission of TA.
CSP: CSP is a honest but curious authority that is curious
about feedback from individual vehicle. It has sufficient com-
puting and storage capacity to communicate with TA and all
FNs by wired communication. After receiving feedback from
the vehicles, CSP performs an evaluation algorithm based on
truth discovery and works with FNs to calculate the reputation
scores of the PH vehicles.
FN: FNs are capable of covering a wide area usually deployed
at the edge of network [23]. They interact via a wired link and
act as a gateway between vehicles and CSP. They are in charge
of verifying the legitimacy of vehicles and collecting feedback
reports from member vehicles, which are then forwarded to CSP.
Vehicle: Vehicles are registered with the TA before partici-
pating in the system. Vehicles equipped with the on-board units
(OBU) communicate with other vehicles and FNs via a wireless
communication mode. The OBU is treated as a tamper-proof
device for storing the vehicle’s private data (pseudonyms and
private keys). After a trip, the vehicle uploads its feedback report
to the FN in ciphertext. Vehicles can be further divided into the
following two categories.
1) PH vehicles: The PH vehicle, also called platoon leader,
controls the entire vehicle platoon and is tasked with
leading the entire platoon through a safe, efficient, and sat-
isfactory trip. Their behaviors affect the whole road’s con-
dition and operation efficiency. There are a number of PH
vehicles who form a set P={PH1,PH2,...,PHk,...}.
It is not difficult to imagine that the PH vehicles can only
be controlled by drivers with extensive driving experience,
good historical reputation, and well driving behavior.
2) Member vehicles: Member vehicles automatically follow
the PH vehicle and obey its commands. Kmember vehi-
cles {V1,V
2,...,V
i,...,V
K}form a complete platoon,
where Kis within the system-defined size interval. After
finishing a trip, they will submit feedback reports to FN.
B. Threat Model
The Dolev–Yao model [24] is a simple and useful framework
for analyzing security protocols, which makes strong assump-
tions about the adversaries and entities involved in communi-
cation. We define the threat model of the proposed scheme ac-
cording to the Dolev–Yao model. As described in the Dolev–Yao
model, all phases (except the registration phase) are carried out
on the public and insecure channel in our scheme. Attackers
can easily access the public channel to read, intercept, replay,
modify, and spoof packets transmitted over the channel. Besides,
TA is considered to be a fully trusted entity, whereas FNs and
CSPs are honest but curious third parties [25],[26]. Following
similar assumptions in [26], we also assume that there is no
collusion between FN and CSP. The details involved in our threat
model are shown in the following.
1) All the contents stored in the vehicle tamper-proof device
remain unchangeable, unreadable, and undeleteable by
any adversary. Moreover, the secret keys of TA and CSP
are not accessible to the attacker.
2) Vehicles that participate in feedback tasks are usually re-
warded accordingly. Thus, motivated by financial benefits,
vehicles intend to infer feedback data of other member
vehicles as well as the identity information of surrounding
member vehicles. Moreover, some selfish or malicious
vehicles may deliver false feedback reports to disrupt the
credibility assessment of the PH vehicle.
3) Both FNs and CSP honestly adhere to predesigned pro-
tocols and attempt to infer the identity, feedback data,
weight information, location, and trajectory privacy of
each vehicle by analyzing the messages sent by vehicles
over the open channel.
C. Design Goals
Since adversaries and selfish or malicious vehicles may
threaten the security of platoon communication, the reliable
and privacy-preserving platoon recommendation scheme should
fulfill the following security objectives.
Identity privacy: Due to the high sensitivity of vehicle iden-
tities, vehicles communicate using pseudonyms rather than true
identity. Further, no entity except TA can infer the vehicle’s true
identity from the messages it broadcast.
Feedback report authentication and integrity: The sender of
feedback reports must prove the legitimacy of its identity and
the integrity of the messages to the recipient. Consequently, no
entity can impersonate a legitimate vehicle to disrupt system
communications or gain financial benefit.
Feedback report confidentiality: Since vehicle feedback re-
ports contain a lot of sensitive information, attackers and
semitrusted entities (FNs and CSPs) may be curious about the
content of the feedback reports. Thus, the vehicle feedback
report must be invisible to all entities (other vehicles, FNs and
CSPs). No one except TA can associate the intercepted feedback
report with a specific vehicle.
Accuracy: This scheme should accurately calculate the rep-
utation scores for the PH vehicle according to the member
vehicles’ feedback reports. Moreover, the computed reputation
scores should be as close to the ground truth as possible.
Reliability: Reliability serves as an important metric for
achieving reliable platoon service recommendation systems. To
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
4IEEE SYSTEMS JOURNAL
recommend reliable PH vehicles, the designed scheme should
accurately distinguish between well-behaved and poorly be-
haved PH vehicles according to their behavior.
Resistance to security attacks: Defend against known pas-
sive and active attacks, especially modification, impersonation,
replay, and known session key attacks.
IV. PRELIMINARIES
This section describes the three foundation elements in the
proposed scheme: elliptical curve cryptosystem, Paillier cryp-
tosystem, and truth discovery.
A. Elliptical Curve Cryptosystem and Assumptions
Elliptic curve cryptography (ECC) is extensively applied in
authentication programs for its advantage of providing a higher
level of security with a shorter key [27],[28].Fnrepresents a
finite field, determined by a large prime number n. Let a group
of elliptic curve points E, which are defined by equation y2=
x3+a·x+bmod n, where a, b ∈Fnand all points on Eand
an infinity point Oform an additive elliptic curve group G1of
order qand generator P.
Scalar point multiplication: The scalar multiplication of Eis
counted as the repeated addition of a point. For instance, there is
a point Pon E, then m·Pis calculated as m·P=P+P+
···+P(mtimes), where m∈Z∗
q.
Elliptic curve discrete logarithm problem assumption: Tw o
randomly given points P, Q ∈G1, where Q=x·P,x∈Z∗
q.
The elliptic curve discrete logarithm problem (ECDLP) is to
discover the random value x∈Z∗
qthat satisfies Q=x·P.The
negligible probability ψthat the attacker Cof calculating x
in probabilistic polynomial time (PPT) is defined as ECDLP
assumption: AdvDLP(C)=Pr[x←C(P, rP):x∈Z∗
q]≥ψ.
Elliptic curve computational Diffie–Hellman problem (EC-
CDHP) assumption: Given two random points Qand Yon the
E, where Q=x·P,Y=y·P, and x,yare two unknowns. The
ECCDHP is the calculation of the value x·y·P. The negligible
probability εthat the attacker Cof calculating xyP in PPT is
defined as ECCDHP assumption: AdvCDHP(C)=Pr[xyP ←
B(P, xP, yP ):x, y ∈Z∗
q]≥ε.
B. Homomorphic Encryption
The Paillier cryptosystem is employed in our scheme since it
allows performing arithmetic operations on ciphertexts and gives
the same result as performing the same arithmetic operation on
plaintexts, and is semantically secure against chose plaintext
attack [29]. Moreover, it features low encryption and decryption
costs, which makes it suitable for IoV scenario. The Paillier
cryptosystem has the following algorithms and homomorphic
properties.
Public/private keys generation: We first compute the product
n=p1·q1, where p1and q1are randomly selected large primes.
Assume that the lowest common multiple of p1−1and q1−1is
λ(n). Let the function L(x)be (x−1)/n, then L(gλmod n2)
is equal to gλ(n)≡1modn, where g∈Z∗
n2and it is reversible
modulo n. The public and private key pairs for homomorphic
encryption are pk =(n, g)and sk =(λ,μ), respectively, where
μ= (((gλmod n2)−1)/n)−1.
Encryption: Compute the ciphertext C←E(m)=gm·
rn(modn2)for encrypting the message musing the public key
of the receiver and a random number r∈Z∗
n2.
Decryption: The plaintext that matches the ciphertext C
can be acquired by calculating the equation m←D(C)=
(((Cλmod n2)−1)
n)·μ(modn).
1) The product of two ciphertexts matches the sum of
two corresponding plaintexts, such that Dsk(Epk (m1)·
Epk(m2)) = m1+m2.
2) The plaintext power of a ciphertext belongs to the
product of two corresponding plaintexts, such that
Dsk(Epk (m1)m2)=m1·m2.
C. Truth Discovery
Accurately evaluating the reputation of PH vehicles is a
crucial part of successfully implementing the platoon service
recommendation. Specifically, truth discovery always begins by
measuring each vehicle’s reliability, and then combines the vehi-
cles’ weights and feedback data to further infer the ground truth.
Thus, this article employs the truth discovery mechanism [30]
with superior accuracy and efficiency to infer the ground truth
of PH vehicles by integrating the weights and feedback reports
of member vehicles. The truth discovery generally involves two
phases: weight update and truth update. Specifically, suppose
that a total of Mobjects’ data need to be collected, and N
denotes the number of vehicles. fn
mdenotes the objected values
of the nth user for the mth value.
Weight update: Given the ground truth f∗
mof each object, the
individual weight ωncan be updated as follows:
ωn=log
N
n=1
M
m=1
d(fn
m−f∗
m)−log
M
m=1
d(fn
m−f∗
m)(1)
where d(·)is a distance function that measures the difference
between the observations and estimated truth.
Truth update: Similar to the weight update, iterative updating
of ground truth f∗
mfor each object of every vehicle is shown as
follows:
f∗
m=
N
n=1
ωn·fn
m/
N
n=1
ωn.(2)
Ultimately, the truth is updated iteratively and recursively until
the function converges to the ground truth. We can see that the
data provided by vehicles with higher weights are more likely
to be considered as the truth.
V. P ROPOSED PROTOCO L (PPRT)
Our scheme consists of five parts: overview, setup, registra-
tion, feedback report generation, and reputation score evalua-
tion. The frequently used symbols are given in Table I.
A. Overview
Fig. 2shows the whole flow and function of our scheme. The
PPRT scheme is proposed for calculating PHk’s reputation after
the trip Trk. First, all vehicles and FNs are required to register
with TA. Second, all member vehicles evaluate the PH vehicle’s
reputation and provide feedback report to the FN. Note that
we focus on PH vehicle reputation evaluation with reliability
and privacy protection, so this article will not consider the
platoon construction process. Third, FN calculates PH vehicles’
reputation with the help of CSP based on the truth discovery
algorithm. Finally, FN delivers PH vehicles’ reputation to TA for
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
CHENG et al.: PPRT: PRIVACY PRESERVING AND RELIABLE TRUST-AWARE PLATOON RECOMMENDATION SCHEME IN IOV 5
TAB L E I
LIST OF SYMBOLS
Fig. 2. High level of the proposed scheme.
platoon service recommendation. TA will impose a cash penalty
on PH vehicles with reputation below the system threshold or
remove them from the database.
B. Setup Phase
TA chooses a secure prime κ, an elliptic curve Edefined by
y2=x3+a·x+bmod n, where a, b ∈Fn. Then, it chooses a
cyclic additive group Gwith prime order q.P∈Gis a generator.
TA randomly picks the master private key s∈Z∗
qand computes
the public key as Ppub =s·P. Then, it chooses three secure hash
functions h1:G→Z∗
q,h2:{0,1}∗→Z∗
q, and h3:{0,1}∗→
Z∗
q. After that, CSP generates the public–private key pair pk =
(λ,μ)and sk =(n, g)for its Paillier Cryptosystem and sends the
public key (n, g)to TA. Eventually, TA publishes system pub-
lic parameters params ={G, p, q, P, Ppub ,h
1(·),h
2(·),h
3(·)},
where params is prestored in all registered entities.
C. Registration Phase
All vehicles and FNs interact with TA on the secure channel
to complete the registration.
Vehicle registration: Videlivers registration request and its
true identity IDito TA. Then, TA generates pseudonyms PIDi=
(PIDi,1,PIDi,2)and the corresponding key skiby computing
PIDi,1=ri·P,PIDi,2=ID
i⊕h1(ri·Ppub), and ski=ri+
s·h2(PIDi||ti)modq, where ri∈Z∗
qis a random number
selected by TA. Finally, TA sends <PIDi,t
i,sk
i,(n, g)>
to Vi.TheVi’s tamper-proof device stores the messages <
PIDi,sk
i,t
i,(n, g)>.
FN registration: FNjsends the registration request and its
identity IDjto TA. Then, TA selects a private key sj∈Z∗
qfor
FNjand sends the public–private key pair (sj,S
j)to FNj,
where Sj=sj·P. Finally, FNjsecurely stores the public–
private key pair (sj,S
j).
D. Feedback Report Generation Phase
Since the PHk’s reputation in the trip Trkmainly depends
on the feedback report collected from its member vehicles, we
calculate its reputation score by combing all feedback reports
about PHk. This section describes the process of generating
feedback reports for member vehicles. Suppose that PHkman-
ages a team of member vehicles V={V1,...,V
i,...,V
K}.Vi
need to provide feedback reports after the trip Trkto assess
PHk’ reputation.
1) FNjproves the legitimacy of its identity to all vehicles
within its communication range. It selects rjand cal-
culates Rj=rj·P.Next,FNjgenerates the signature
σj=sj+rj·h3(IDj||tj)modq, where IDjis FN’s
identity and tjis the timestamp. FNjbroadcasts message
<IDj,R
j,σ
j,t
j>within its communications range.
2) Each member vehicle confirms the legitimacy of FNjby
checking the following:
σj·P=sj·P+rj·P·h3(IDj||tj)
=Sj+Rj·h3(IDj||tj)(3)
3) The feedback report generated by Viis presented in
the following. Vigives PHka feedback score fiand
perturbs fiwith noise αi∈Z∗
qas ˜
fi=fi−αi, where
αiis randomly generated by Vi. Thus, the feedback re-
port of Viis FRi=(PID
k,Trk,˜
fi), where PIDkis the
anonymous identity of PHk. Moreover, ˜
fiis encrypted
by Vias ciphertext E(˜
fi)=g˜
fi·rvinmod n2, where
rvi ∈Z∗
qis randomly chosen by Vi. Furthermore, Vien-
crypts noise αias ciphertext E(αi)to guard the privacy
of noise. It further encrypts α2
ias E(α2
i), which will
be used to compute the distance. Then Vipacks a ran-
dom number hiand computes Hi=hi·Pand ξi=h3
(PIDi||Hi||E(αi)||E(α2
i)||E(˜
fi)||FRi||ti), where ti
is the current timestamp. After that, Vigenerates a
signature σvi =ski+ξi·himod qand computes Ci=
h1(Sj·hi)⊕(E(αi)||E(α2
i)||E(˜
fi)||FRi). Finally, Vi
submits <PIDi,C
i,H
i,σ
vi,t
i,t
i,t
j>to FNj.
Particularly, the feedback report collection procedure in our
PPRT scheme remains effective even if the vehicular platoon
crosses two adjacent FNs, since it may transfer communication
between the vehicle and the current FN to the next FN using
the V2I-handover authentication mechanism [31]. However, this
article only considers the scenario where an FN successfully
collects all feedback reports for a vehicular platoon.
E. Batch Verification Phase
In this section, after getting all feedback reports from member
vehicles in Trk,FNjverifies Ksignatures at once to check
the legitimacy and integrity of all vehicles using the batch
verification technology.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
6IEEE SYSTEMS JOURNAL
1) Upon receiving Kfeedback reports <PIDi,C
i,
Hi,σ
vi,T
i,t
i,t
i,t
j>,i∈(1,K),FNjobtains (E
(αi)||E(α2
i)||E(˜
fi)||FRi)=Ci⊕h1(sj·Hi)and calc-
ulates ξi=h3(PIDi||Hi||E(αi)||E(α2
i)||E(˜
fi)||FRi||ti).
2) FNjverifies the feedback reports of Kmember vehicles
at once by checking the following:
K
i=1
σviP=K
i=1
ski+ξihiP
=
K
i=1
(ri+sh2(PIDiti)+ξihi)P
=
K
i=1
riP+
K
i=1
h2(PIDiti)sP +
K
i=1
ξihiP
=
K
i=1
PIDi,1+
K
i=1
h2(PIDiti)Ppub +
K
i=1
ξiHi.
(4)
It is worth noting that the abovementioned operation is con-
ducted only once in the evaluation PH vehicles’ reputation. After
that, member vehicles can remain offline, which is more suitable
for the vehicular network scenario.
F. Reputation Score Evaluation Phase
In this phase, FNjfirst initializes the object truth f∗of the
PHkrandomly and calculates PHk’s reputation score with the
help of CSP. The details are as follows.
1) Based on the object truths f∗,FNjcalculates the dis-
tance between the feedback score and the estimated
truths without knowing individual feedback report. Specif-
ically, FNjcalculates the ciphertext Ci
dis =E(α2
i)·
E(αi)2·(
fi−f∗),i∈(1,K).
2) To ensure that the weights are calculated for each
vehicle without revealing the distance information Ci
dis
of individual vehicles to CSP, FNjfirst perturbs Ci
dis
with the random noise bi∈Z∗
qas (Ci
dis)bi,i ∈(1,K).
Then, FNjaggregates Kciphertexts and perturbs it
with a random number B∈Z∗
qto obtain (K
iCi
dis)B.
Furthermore, FNjcalculates bi(
fi−f∗)2,i∈(1,K),
and BK
i(˜
fi−f∗)2. Finally, FNjdelivers aggregated
report ciphertext <|bi·(˜
fi−f∗)2,(Ci
dis)bi|K
i=1,B ·
K
i(˜
fi−f∗)2,(K
iCi
dis)B>to CSP.
3) CSP recovers the distance of each member vehicle using
private key (λ,μ)and computes sumdi and sum as follows.
sumdi =bi(
fi−f∗)2+Dsk((Ci
dis)bi)=bi(fi−f∗)2
(5)
sum =B·
K
i
(˜
fi−f∗)2+Dsk ⎛
⎝K
i
Ci
disB⎞
⎠.
(6)
Then, the weight of Viis calculated as
ωi=log(sum)−log(sumdi)=ωi+log(B/bi).(7)
4) To assure that the weight information is not compromised
to FNj, CSP further fuzzes ωiby adding a random value
di∈Z∗
qand encrypts each noise to obtain E(di). Finally,
it submits <E(di),ωi+di>to FNj, where i∈(1,K).
5) After receiving the fuzzy weight information, FNjfirst
recovers the weight ωi+di,i∈(1,K)by computing
log(B/bi), and then computes the aggregated weight in-
formation as the following:
WX =
K
i=1
fi·(ωi+di).(8)
Then, random values β1,β
2∈Z∗
qare chosen by FNjto
compute the ciphertexts Cdand Cαas follows:
Cd=E(β1)·
K
i=1
E(di)
fi=Eβ1+
K
i=1
di·
fi
(9)
Cα=E(β2)·K
i=1 E(αi)ωi+di
=Eβ2+
K
i=1
αi·(ωi+di).(10)
Finally, FNjsubmits the ciphertexts Cdand Cαto CSP.
6) CSP decrypts the ciphertexts Cdand Cαto obtain the
summation sumras follows:
sumr=Dsk(Cd)+
K
i=1
di·αi−Dsk(Cα)
=
K
i=1
(di·
fi−αi·ωi)+β1−β2.(11)
Then, it sends <sumr,K
i=1 di>to FNj.
7) After receiving the messages from CSP, FNjupdates the
reputation score of the PH vehicle PHkas follows:
f∗
k=
WX −sumr+β1−β2
K
i=1 (ωi+di)−K
i=1 di
=K
i=1 ωi·fi
K
i=1 ωi
.
(12)
The Steps 1)–7) are performed iteratively until convergence,
which is defined as a specific number of iterations or the differ-
ence in the estimated reputation scores between two adjacent
iterations. Feedback scores and weight information are fully
protected in our scheme. Neither FN nor CSP can obtain any
sensitive information about member vehicles. Moreover, the
member vehicles are only involved in the feedback report gener-
ation phase and not in the iterative process, which significantly
reduces the computation and communication burdens on the
vehicle side.
G. Computational Complexity
This section mainly describes the computational complexity
of the PPRT scheme. When Kmember vehicles participate in the
PH vehicle’s reputation evaluation, each member vehicle needs
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
CHENG et al.: PPRT: PRIVACY PRESERVING AND RELIABLE TRUST-AWARE PLATOON RECOMMENDATION SCHEME IN IOV 7
to perform three exponential operations, three scalar multiplica-
tion operations based on ECC, and three hash operations to verify
the FN’s signature and encrypt and disturb the feedback report.
Thus, the computational complexity of each member vehicle is
O(1). Besides, to batch authenticate Ksignatures and calculate
the distance between all user feedback values and the true value,
the FN needs to perform K+2point addition operations, K+2
scalar multiplication operations based on ECC, and 3Khash
operations, which results in O(K)computational complexity.
Finally, CSP performs four exponential operations to decrypt
and calculate the summed distance. Thus, the computational
complexity of each member vehicle, FN, and CSP is O(1),
O(K), and O(1), respectively.
VI. SECURITY PROOF AND ANALYSIS
A. Security Proof
This section proves that the adversary Acannot forge a legal
signature message with a negligible probability εin the PPRT
scheme. The security of this article is defined by the game
between the adversary Aand the challenger C.
Theorem 1: In the random Oracle model, the proposed
scheme can resist chosen message attack.
Proof: Suppose that Acan forge a legal signature message
with a negligible probability ε, and then we construct a C,
which is able to solve the ECDLP by running Aas a subroutine
with a negligible probability 120686RT/ε in the corresponding
polynomial time, where ε≥10(R+S)(S+1)/q.Rand S
represent the number of times that Aexecutes the queries in
the random oracle.
For the ECDLP, there is a random instance (P, a ·P)in Gq.
If Ccould solve the problem, it means that Cwill calculate
unknown a. Moreover, Cis able to settle the ECDLP by carrying
out the following queries from A.
1) Setup: After setting the security parameter κas in-
put, Cselects random number sas a system pri-
vate key and calculates its corresponding public key
Ppub =s·P. It sends the system parameters param =
{G, P, Ppub ,q,h
2,h
3}to A. The challenger Cselects
random number ri∈Z∗
q,i=1,...,n, to create an anony-
mous set PID ={PID1,...,PIDi,...,PIDn}for A,
where PIDi={PIDi,1,PIDi,2}.Ifi=i∗, then PIDi,1=
a·P; otherwise, PIDi,1=ri·P. Then, Cmaintains
three lists Lh2,Lh3, and Lh1, which store the query and
answer of the lists Lh2,Lh3, and Lh1, respectively.
2) h2−query :After receiving the query with the
tuple PIDi,1,PIDi,2,t
ifrom A,Cchecks if the
PIDi,1,PIDi,2,t
i,h
2
iexists in list Lh2.Ifitisexists,C
returns h2
ito A; otherwise, Crandomly generates a num-
ber h2
i∈Z∗
qand inserts the tuple PIDi,1,PIDi,2,t
i,h
2
i
into Lh2. Finally, Cgives the h2
ito A.
3) h3−query :After receiving the query with the tu-
ple PIDi,1,PIDi,2,M,t
i from A,Cchecks if the
PIDi,1,PIDi,2,M,t
i,h
3
iexists in list Lh3.Ifitexist,C
returns h3
ito A; otherwise, it randomly generates a number
h3
i∈Z∗
qand inserts the tuple PIDi,1,PIDi,2,M,t
i,h
3
i
into Lh3. Finally, Cgives the h3
ito A.
4) Extract −query:After receiving the query with vehi-
cle’s PIDifrom A,Cselects hi∈Z∗
q, calculates Hi=
hi·Pand checks if the PIDi,1,PIDi,2,t
i,sk
iexists in
Lh1.Ifitexists,Creturns skito A; otherwise, it calculates
ski=ri+s·h2(PIDi,t
i)modqand stores the new tu-
ple in Lh1. Finally, Cgives skito as the return value.
5) Sign −query :After receiving the query on the content
of Mwith vehicle’s PIDifrom A,Cchecks if the list
Lh2has PIDi,1,PIDi,2,t
i,h
2
ifirst. If it exists, Cextracts
h2
ifrom the tuple. Then, Cchooses two random numbers
hiand h3
i. Besides, it chooses two random numbers xi
and yi; otherwise, it calculates Hi=(h3
i)−1·xi·P−Q
and σvi =yi, and sends (M,Hi,σ
vi)to A, where h3
i=
h3(PIDi,M,t
i).
6) Analysis :According to Forking Lemma [32],ifAcan
forge two legitimate signatures (Hi,σ
vi =ski+hi·h3
i),
(Hi,σ
vi=ski+hi·h3
i
), and h3
i=h3
i
,skiwill be
obtained from the abovementioned two signatures by com-
puting the following:
h3
i
σvi −h3
iσvi
h3
i
−h3
i
mod q=ski.(13)
Thus, Ccan solve the ECDLP with a probability less
than 120686RT/ε during polynomial time, where ε≥10(R+
S)(S+1)/q. However, it contradicts with the difficulty of solv-
ing the ECDLP. So the PPRT can resist the adaptive selection
message attack under the random oracle model.
B. Security Analysis
Identity privacy preserving: Since the member vehicles
adopt pseudonyms, Vi’s true identity IDiis hidden in PIDi=
(PIDi,1,PIDi,2), where PIDi,1=ri·Pand PIDi,2=ID
i⊕
h1(ri·Ppub). To extract IDifrom PIDi,2=ID
i⊕h1(ri·
Ppub), the adversary must derive ri·Ppub =ri·s·Pfrom
Ppub =s·Pand PIDi,1=ri·P. However, due to ECCDHP
assumption, the probability of the adversary calculating ri·
Ppub =ri·s·Pis negligible. That is, only TA with the private
key smay derive the vehicle’s true identity in our scheme.
Message authentication and integrity: According to Theo-
rem 1, an attacker cannot forge a valid feedback report <
PIDi,C
i,H
i,σ
vi,t
i,t
i,t
j>in polynomial time to satisfy
(4). That is, the authentication and integrity of the scheme can
be confirmed by checking whether (4) holds.
Feedback report confidentiality: For the member vehicle Vi,
the sensitive feedback report fiis added perturbation αiand
encrypted as ciphertext E(αi),E(α2
i),E(fi−αi). Since the
Paillier encryption technique is indistinguishable under the cho-
sen plaintext attack [33], plaintexts αi,α
2
i,f
i−αicannot be
recovered by any entity without knowing (λ,μ). Although CSP
maintains the decryption key (λ,μ), it cannot learn the individ-
ual feedback report from ciphertexts E(αi),E(α2
i),E(fi−αi)
without knowing αi. Thus, the PPRT scheme fulfills the confi-
dentiality of the feedback reports.
Reliability: To accurately distinguish between well-behaved
and badly behaved PH vehicles, this scheme uses the truth
discovery technology to obtain PHk’s reputation score from the
feedback report <PIDi,C
i,H
i,σ
vi,t
i,t
i,t
j>provided by
all member vehicles Vi,i∈(1,K)in the trip Tr k. Then, if PHk’s
reputation score is higher than the system threshold, it will be
rewarded; otherwise, it will be removed from the PH vehicles
database and given corresponding penalties.
Resistance of impersonation attack: To launch an im-
personation attack, the adversary should forges the vehicle
Visignature σ∗
vi to meet (4). However, according to The-
orem 1, the adversary is hard to forge a signed message
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
8IEEE SYSTEMS JOURNAL
TAB L E I I
FUNCTIONAL COMPARISON AMONG VARIOUS SCHEMES
<PIDi,C∗
i,H
i,σ
∗
vi,t
i,t
i,t
j>in polynomial time without
knowing the master private key s.
Resistance of replay attack: The vehicle’s feedback report
<PIDi,C
i,H
i,σ
vi,t
i,t
i,t
j>contains the timestamps ti,
ti, and tj. Thus, FN can detect whether the feedback report
has been replayed by checking the freshness of timestamps ti,
ti, and tj. Thus, the PPRT can resist replay attack.
Resistance of modification attack: In this article, if an
adversary makes any modification on <PIDi,C
i,H
i,σ
vi,
ti,t
i,t
j>, the FN can easily detect it by checking the ver-
ification equation (4). Thus, our scheme could withstand the
modification attack.
VII. SIMULATION AND PERFORMANCE EVA L U AT I O N
The performance analysis and simulation are presented to
show the efficiency of our scheme. The performance analysis
mainly involves four aspects: functionality comparison, accu-
racy, computation, and communication and storage costs. More-
over, the simulation is executed by NS-3, and the analysis results
are obtained from MATLAB. The end-to-end packet delay and
packet loss ratio are compared with the related works lightweight
privacy-preserving truth discovery (LPTD) [9], cloud-aided
trustworthiness evaluation (CATE) [13], and TPPR [21].
The main idea of all the abovementioned schemes is to
evaluate the vehicle’s reputation while ensuring the security and
reliability of the uploaded messages, which is very relevant to our
PPRT scheme. Concretely, Zhang et al. [9] designed an LPTD
scheme using homomorphic encryption and one-way hash chain
technology, which protects devices’ privacy and resists false
data injection attacks. Then, Shen et al. [13] provided a CATE
scheme that provides more reasonable reputation assessment
for vehicles based on its attributes while ensuring security and
reliability of information upload. TPPR scheme is proposed
in [21], which calculates the vehicle’s reputation score while
ensuring all vehicles’ privacy.
A. Functionality Comparison
We compare the functionality of all schemes based on the
design goals and security analysis and present the results in
Table II. As given in Table II, our scheme meets more merits
and is more suitable for practical application scenarios in IoV.
B. Accuracy
Most of the previous schemes treat the mean value as the truth,
which assigns the same weight to each vehicle. We measure the
accuracy of the estimated objected truths between our scheme
and the baseline approach Mean. The Amap POI dataset1is
1[Online]. Available: https:// opendata.pku.edu.cn/dataset.xhtml?persistent
Id=doi:10.18170/DVN/WSXCNM
Fig. 3. Observation errors for different noise intensity. (a) MAE. (b) RMSE.
selected for the experiment, which collected POI data points in
China from 16 June, 2017 to 13 August, 2017. We exploit mean
of absolute error (MAE) and root-mean-squared error (RMSE)
to measure the deviation between the estimated truth and the
ground truth. MAE is defined as MAE =1
K(fi−f∗).Sim-
ilarly, RMSE is defined as RMSE =1
K(fi−f∗)2, where
Kis the number of member vehicles, firepresents the observed
value of the member vehicle Vi, and f∗represents the ground
truth. Although MAE may measure the average distance be-
tween the observed value and ground truth, it is not susceptible
to outlier. So we add RMSE as another metric for our experiment.
In fact, the observation error increases with the distance between
the member vehicles and the PH vehicles, and a greater degree
of confusion will lead to greater observation error (such as
observation error will be greater in rainy weather). We suppose
that the observation errors are subject to normal distribution.
Specifically, the observation error of a member vehicle is subject
to N(0,(r×d×v)2), where ris the resolving power of the
member vehicle. (The resolving power of driver is between
1 / 5000 and 1 / 2000. To control variables and facilitate the
simulation, we set r=1/2000). dis the distance between the
member vehicle and the PH vehicle, vis a variable named noise
intensity, and we adjust the noise variance by changing v, which
simulates different scenarios with different levels of chaos.
The evaluation results are shown in Fig. 3.Fig.3(a) and (b)
shows the MAE and RSME of all methods, respectively. As
shown in Fig. 3(a) and (b), the observation errors of our scheme
and the mean method increases in direct proportion to the noise
intensity and the increase rates (the slopes of error lines) are
almost the same. Obviously, our scheme has smaller biases than
the mean method, which means the observation errors of our
method are lower and achieves the goal of accuracy.
C. Computation Overhead Comparison
The computation overhead of the scheme is defined as the total
cost of each communication node performing cryptographic
operations and calculations during the scheme running. We ran
the cryptographic operations 100 times and took the average
values as the results. Thus, Tbp ≈3.6549 ms means the time
of the bilinear pairing operation. Tm
bp ≈0.4600 ms means the
time of multiplication operation based on bilinear pairing. Ta
bp ≈
0.0500 ms means the time of point addition operation based on
bilinear pairing. Tm
ecc ≈0.0200 ms means the time of scalar mul-
tiplication operation based on ECC. Ta
ecc ≈0.0014 ms means the
time of point addition operation based on ECC. Th≈0.0001 ms
means the time of hash operation. TSE ≈0.1300 ms means
the time for symmetric encryption or decryption operation.
Tmtp ≈3.2400 ms means the time of a hash-to-point operation.
Texp ≈0.3390 ms means the time of one exponential operation.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
CHENG et al.: PPRT: PRIVACY PRESERVING AND RELIABLE TRUST-AWARE PLATOON RECOMMENDATION SCHEME IN IOV 9
TABLE III
COMPUTATION COST OF OUR PPRT SCHEME OVER OTHER SCHEMES
Fig. 4. Comparison of computation costs of the vehicle.
Fig. 5. Comparison of computation costs of the FN.
In our scheme, each member vehicle verifies the FN’s sig-
nature and performs feedback report perturbation and feed-
back report encryption, which costs (3Texp +3Tm
ecc +3Th)K≈
1.1673 K(ms). Moreover, FN uses the batch verification tech-
nology to verify the signature of multiple member vehicles at
once. Then, it calculates the distance of each user feedback
value the true value in the form of ciphertext and aggregates the
distances of all users. Thus, the execution time is (K+2)Ta
ecc +
(K+2)Tm
ecc +3KTh≈0.1028 + 0.0517 K(ms). CSP con-
ducts 4Texp ≈1.356 ms to decrypt and calculate the summed
distance. The computation burdens of other schemes are evalu-
ated in the same way, as given in Table III.
From Fig. 4, with the increase of member vehicles, our scheme
has the lowest computation costs on the vehicle. Specifically, our
PPRT scheme outperforms other related schemes LPTD, CATE,
and TPPR by 2.0342 K−1.1673 K
2.0342 K≈42.62%,10.01 K−1.1673 K
10.01 K≈
88.34%, and 4.2+13.617 K−1.1673 K
4.2+13.617 K≈91.43%, respectively. Dif-
ferent from the other schemes, our scheme requires member
vehicles to only participate in the initialization phase, which
better meets the actual requirements of high-speed vehicle move-
ment scenarios. Fig. 5shows the computation costs of the FN
against varying number of member vehicles. Compared with
other schemes, our scheme requires lowest computation costs.
Fig. 6depicts CSP’s execution time for different numbers of
Fig. 6. Comparison of computation costs of CSP.
member vehicles. The computation burden of our scheme at
CSP side is higher than LPTD and TPPR but lower than CATE.
However, referring to Section VII-A, LPTD ignores user au-
thentication and identity privacy protection. Besides, compared
with the TPPR, our scheme not only achieves feedback report
privacy but also protects weight privacy.
D. Communication and Storage Overheads Comparison
Communication overhead comparison: The communica-
tion overhead of the scheme generally includes message,
pseudonym, signature, timestamp, etc. Following our previous
work PPVF [14], we set the element sizes of G1and Gato
1024 and 320 bits, respectively. The size of identity, hash value,
timestamp, random integer, AES encryption, and homomorphic
ciphertext is 128, 160, 32, 160, 256, and 4096 bits.
In our scheme, since each member vehicle is only in-
volved in the initialization phase and uploads message <
PIDi,C
i,H
i,σ
vi,T
i,t
i,t
i,t
j>to the FN, so the size of
the message is 1568 Kbits. Moreover, the FN first broadcasts
<IDj,R
j,σ
j,t
j>to member vehicles. Besides, in each itera-
tion, FN communicates with CSP to obtain the weight and truth.
Thus, the total communication cost on the FN and CSP side
are 480 + 1504 K(bits)and 640 + 320 K(bits), respectively.
The communication burden of the state-of-the-art works LPTD,
CATE, and TPPR is evaluated in the same way, as given in
Table IV.
In Fig. 7, as the number of vehicles increases, the commu-
nication burden on the vehicle increases linearly. Specifically,
our PPRT outperforms other related schemes LPTD, CATE, and
TPPR by 1600 K−1568 K
1600 K≈2%,6624 K−1568 K
6624 K≈76.33%, and
1824+3200 K−1568 K
1824+3200 K≈51%, respectively. From the abovemen-
tioned analysis, the communication cost in PPRT and LPTD is
significantly lower than the other two schemes. Furthermore,
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
10 IEEE SYSTEMS JOURNAL
TAB L E I V
COMMUNICATION COST OF THE PROPOSED SCHEME OVER OTHER SCHEMES
TAB L E V
CRYPTOGRAPHIC OPERATION AND EXECUTION TIMES
Fig. 7. Comparison of communication delay of the vehicle.
Fig. 8. Comparison of communication delay of the FN.
from the functional comparison in Section VII-A, it is found
that only PPRT can meet all the security requirements.
Besides, the communication efficiency of our scheme at the
FN side is lower than scheme CATE and higher than schemes
LPTD and TPPR, as shown in Fig. 8. However, as depicted
in Section VII-A, LPTD fails to achieve user authentication
and identity privacy protection, which means it cannot meet
the basic security and privacy requirements of IoV scenarios.
Similarly, although the TPPR outperforms our scheme in terms
of communication efficiency at FN side, their work ignores the
privacy preservation of weights and feedback reports, which
poses the privacy threat to the vehicle. Finally, as shown in
Fig. 9, the communication efficiency of our scheme and TPPR is
significantly lower than schemes LPTD and CATE. Moreover,
Fig. 9. Comparison of communication delay of CSP.
compared with the scheme TPPR, our scheme can meet more
merits.
Storage burden comparison: To compare the storage burden
on vehicle level, we first assume that a member vehicles may
require npseudonyms. In our PPRT scheme, TA preloads param-
eter <PIDi,t
i,sk
i,(n, g)>into the vehicle’s tamper-proof
device at the registration phase, so the vehicle’s storage burden
is 352 + 640n(bits). Specifically, in the feedback report genera-
tion phase, the vehicle gives a feedback score fito the PH vehi-
cle, which is then disturbed and encrypted with noise and homo-
morphic keys. Thus, the vehicle consumes only the computation
and communication burdens at this phase, without storing any
parameter. In LPTD, TA assigns a group of parameters Si,the
hash chain HCi, and public keys pk to vehicles for subsequent
communication, where i∈(1,n). Thus, the memory burden of
the vehicle is 160 + 2208n(bits). For CATE, TA assigns npar-
ticipant’s public key Yiand parameter <e
i,H(ID),S,e,X >
for each vehicle, where i∈(1,n). Thus, the memory overhead
of the vehicle is 3232 + 1184n(bits). In TPPR, the storage bur-
den of the vehicle is 8192 + 1440n(bits). Specifically, our PPRT
outperforms other related schemes LPTD, CATE, and TPPR
by 160+2208n−(352+640n)
160+2208n≈71.01%,3232+1184n−(352+640n)
3232+1184n≈
45.95%, and 8192+1440n−(352+640n)
8192+1440n≈55.56%, respectively, in
terms of vehicle’s storage space. Thus, our PPRT scheme is able
to maintain the security while occupying the least amount of
vehicle storage space.
E. NS-3 Experiment
In this section, we simulate the network performance for
all protocols under the open-source platforms NS-3 3.272and
SUMO 1.8.3The road topography and vehicular movement
traces are generated by open street map4and SUMO, respec-
tively. Fig. 10 shows the simulation area map with a range of
25 km ×23 km, which is a real-traffic environment located in
Guilin, China. In addition, the communication channel capac-
ity is 6Mb/s supported by the medium IEEE 802.11p. The
communication range is set as 300 m. The vehicles form a
fixed-sized platoon, and the number of member vehicles is set
to 20 −100. Table IV tabulates the parameter information used
in the simulation. Since vehicles move much slower than the
transmission speed of radio waves, the vehicle’s speed slightly
affects the transmission delay of the packets and packets loss
ratio [34],[35]. In this case, the fixed vehicle speed of 20 m/s
in our scheme does not affect the simulation results. Moreover,
2[Online]. Available: https:// www.nsnam.org/
3[Online]. Available: https:// sumo.dlr.de/docs/index.html
4[Online]. Available: http:// www.openstreetmap.org/
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
CHENG et al.: PPRT: PRIVACY PRESERVING AND RELIABLE TRUST-AWARE PLATOON RECOMMENDATION SCHEME IN IOV 11
Fig. 10. Simulation area map with a range of 25 km ×23 km in Guilin, China.
FNs (blue circles) are evenly deployed on this map along the roads. The start
and end positions of the platoon’s trip do not affect the simulation results, so we
indicate the entire platoon with a red square.
Fig. 11. Comparison of end-to-end delay under different vehicle density.
Fig. 12. Comparison of total lost ratio under different vehicle density.
to evaluate the network performance, we consider the following
metrics.
1) End-to-end packet delay: It represents the total time it
takes for a vehicle from generating a packet to the packet
is received by other entities. We compared the end-to-end
delay of the proposed scheme with LPTD, CATE, and
TPPR under different member vehicles density when the
velocity of all vehicles is 20 m/s. As shown in Fig. 10,
the end-to-end packet delay increases with the number
of member vehicles. As packets size transmitted in IoV
increases with the number of member vehicles, the end-
to-end packet delay also increases accordingly. The exper-
imental result in Fig. 11 shows that our scheme maintains
the lowest end-to-end packet delay compared with other
schemes. This is because our scheme consumes the least
computation and communication burdens in generating
and receiving a packet compared with other schemes.
2) Packet loss ratio: It represents the ratio of the total number
of lost packets to the total number of sent packets. We pre-
sented the packet loss ratio for our scheme, LPTD, CATE,
and TPPR in Fig. 12. As the number of vehicles increases,
the packets size transmitted in IoV also increases, resulting
to the problem of packet collision. As shown in Fig. 12,the
packet loss ratio of all schemes increases with the number
of member vehicles. However, our scheme remains a low
packet loss rate because it takes little time to generate and
transmit packets.
VIII. CONCLUSION
This article proposes a PPRT scheme that assesses the PH
vehicle’s reputation to recommend the most reliable PH ve-
hicle for the user vehicles. Initially, our PPRT scheme relies
on anonymous mechanism, homomorphic encryption, and data
disturbance technology to protect the identity, feedback reports,
and weight information of vehicles during feedback reports
collection. Unlike existing schemes, the truth discovery process
in our scheme occurs on the FN and CSP sides without real-time
participation of member vehicles, which is more suitable for
high-speed mobile and resource-constrained IoV scenarios. We
provide a formal analysis to prove the security of our scheme.
Besides, simulations on NS-3 and SUMO show that the PPRT
scheme reduces the computation, communication, and storage
costs by at least 42.62%, 2%, and 45.95%, respectively, com-
pared with the related schemes. The future work would focus
on implementing the abovementioned protocol in the following
two scenarios. First, the vehicle feedback collection process is
distributed among several adjacent FNs. Second, semitrusted
FNs deliberately do not update the reputation scores of PH
vehicles or provide them with false reputation scores for personal
gain.
REFERENCES
[1] D. Jia, K. Lu, and J. Wang, “A disturbance-adaptive design for VANET-
enabled vehicle platoon,” IEEE Trans. Veh. Technol., vol. 63, no. 2,
pp. 527–539, Feb. 2014.
[2] Y. Li, C. Tang, S. Peeta, and Y. Wang, “Integral-sliding-mode braking
control for a connected vehicle platoon: Theory and application,” IEEE
Trans. Ind. Electron., vol. 66, no. 6, pp. 4618–4628, Jun. 2019.
[3] Q. Han, C. Liu, H. Yang, and Z. Zuo, “Longitudinal control-oriented
spectrum sharing based on C-V2X for vehicle platoons,” IEEE Syst. J.,
vol. 17, no. 1, pp. 1125–1136, Mar. 2023.
[4] S. E. Shladover, “AHS research at the california path program and future
AHS research needs,” in Proc. IEEE Int. Conf. Veh. Electron. Saf., 2008,
pp. 4–5.
[5] A. Balador, A. Bazzi, U. Hernandez-Jayo, I. de la Iglesia, and H. Ah-
madvand, “A survey on vehicular communication for cooperative truck
platooning application,” Veh. Commun., vol. 35, 2022, Art. no. 100460.
[6] P.-Y. Kong, “Computation and sensor offloading for cloud-based
infrastructure-assisted autonomous vehicles,” IEEE Syst. J., vol. 14, no. 3,
pp. 3360–3370, Sep. 2020.
[7] L. Yan and S. Yang, “Trust-aware truth discovery with long-term vehicle
reputation for internet of vehicles crowdsensing,” in Proc. Int. Wireless
Commun. Mobile Comput., 2021, pp. 558–563.
[8] I. Rasheed, “Enhanced privacy preserving and truth discovery method for
5G and beyond vehicle crowd sensing systems,” Veh. Commun., vol. 32,
2021, Art. no. 100395.
[9] C. Zhang, L. Zhu, C. Xu, K. Sharif, X. Du, and M. Guizani, “LPTD:
Achieving lightweight and privacy-preserving truth discovery in ciot,”
Future Gener. Comput. Syst., vol. 90, pp. 175–184, 2019.
[10] M.Li, L. Zhu, and X. Lin, “Privacy-preserving traffic monitoring with false
report filtering via fog-assisted vehicular crowdsensing,” IEEE Trans. Serv.
Comput., vol. 14, no. 6, pp. 1902–1913, Nov./Dec. 2021.
[11] Q. Li, A. Malip, K. M. Martin, S.-L. Ng, and J. Zhang, “A reputation-based
announcement scheme for VANETs,” IEEE Trans. Veh. Technol., vol. 61,
no. 9, pp. 4095–4108, Nov. 2012.
[12] X. Chen and L. Wang, “A trust evaluation framework using in a vehicular
social environment,” in Proc. IEEE Conf. Comput. Commun. Workshops,
2017, pp. 1004–1005.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
12 IEEE SYSTEMS JOURNAL
[13] J. Shen, C. Wang, J.-F. Lai, Y. Xiang, and P. Li, “CATE: Cloud-aided
trustworthiness evaluation scheme for incompletely predictable vehic-
ular ad hoc networks,” IEEE Trans. Veh. Technol., vol. 68, no. 11,
pp. 11213–11226, Nov. 2019.
[14] H. Cheng, M. Shojafar, M. Alazab, R. Tafazolli, and Y. Liu, “PPVF:
Privacy-preserving protocol for vehicle feedback in cloud-assisted
VANET,” IEEE Trans. Intell. Transp. Syst., vol. 23, no. 7, pp. 9391–9403,
Jul. 2022.
[15] J. Chen, Y. Liu, Y. Xiang, and K. Sood, “RPPTD: Robust privacy-
preserving truth discovery scheme,” IEEE Syst. J., vol. 16, no. 3,
pp. 4525–4531, Sep. 2022.
[16] A. Patwardhan, A. Joshi, T. Finin, and Y. Yesha, “A data intensive repu-
tation management scheme for vehicular ad hoc networks,” in Proc. 3rd
Annu. Int. Conf. Mobile Ubiquitous Syst.-Workshops, 2006, pp. 1–8.
[17] M. Raya, P. Papadimitratos, V. D. Gligor, and J.-P. Hubaux, “On data-
centric trust establishment in ephemeral ad hoc networks,” in Proc. IEEE
INFOCOM 27th Conf. Comput. Commun., 2008, pp. 1238–1246.
[18] H. Hu, R. Lu, Z. Zhang, and J. Shao, “REPLACE: A reliable trust-based
platoon service recommendation scheme in VANET,” IEEE Trans. Veh.
Technol., vol. 66, no. 2, pp. 1786–1797, Feb. 2017.
[19] L. Zhu, C. Zhang, C. Xu, and K. Sharif, “RTSense: Providing reliable
trust-based crowdsensing services in CVCC,” IEEE Netw., vol. 32, no. 3,
pp. 20–26, May/Jun. 2018.
[20] H. Hu, R. Lu, and Z. Zhang, “TPSQ: Trust-based platoon service query
via vehicular communications,” Peer-to-Peer Netw. Appl., vol. 10, no. 1,
pp. 262–277, 2017.
[21] C. Zhang et al., “TPPR: A trust-based and privacy-preserving platoon
recommendation scheme in VANET,” IEEE Trans. Serv. Comput., vol. 15,
no. 2, pp. 806–818, Mar./Apr. 2022.
[22] T. Sturm, C. Krupitzer, M. Segata, and C. Becker, “A taxonomy of
optimization factors for platooning,” IEEE Trans. Intell. Transp. Syst.,
vol. 22, no. 10, pp. 6097–6114, Oct. 2021.
[23] M. Aazam, S. Zeadally, and K. A. Harras, “Fog computing architecture,
evaluation, and future research directions,” IEEE Commun. Mag., vol. 56,
no. 5, pp. 46–52, May 2018.
[24] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE
Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208, Mar. 1983.
[25] J. Ni, A. Zhang, X. Lin, and X. S. Shen, “Security, privacy, and fairness in
fog-based vehicular crowdsensing,” IEEE Commun. Mag., vol. 55, no. 6,
pp. 146–152, Jun. 2017.
[26] K. Xue, J. Hong, Y. Ma, D. S. Wei, P. Hong, and N. Yu, “Fog-aided
verifiable privacy preserving access control for latency-sensitive data shar-
ing in vehicular cloud computing,” IEEE Netw., vol. 32, no. 3, pp. 7–13,
May/Jun. 2018.
[27] N. P. Smart, “The discrete logarithm problem on elliptic curves of trace
one,” J. Cryptol., vol. 12, no. 3, pp. 193–196, Jun. 1999.
[28] D. Boneh and V. Shoup, “A graduate course in applied cryptography,”
2015. [Online]. Available: https:// crypto.stanford.edu/∼dabo/cryptobook/
draft_0_2.pdf
[29] N. Saputro and K. Akkaya, “Performance evaluation of smart grid data ag-
gregation via homomorphic encryption,”in Proc. IEEE Wireless Commun.
Netw. Conf., 2012, pp. 2945–2950.
[30] Q. Li, Y. Li, J. Gao, B. Zhao, W. Fan, and J. Han, “Resolving con-
flicts in heterogeneous data by truth discovery and source reliability
estimation,” in Proc. ACM SIGMOD Int. Conf. Manage. Data, 2014,
pp. 1187–1198.
[31] C. Wang, J. Shen, J.-F. Lai, and J. Liu, “B-TSCA: Blockchain assisted
trustworthiness scalable computation for V2I authentication in VANETs,”
IEEE Trans. Emerg. Topics Comput., vol. 9, no. 3, pp. 1386–1396, Jul.–
Sep. 2021.
[32] D. Pointcheval and J. Stern, “Security arguments for digital signatures and
blind signatures,” J. Cryptol., vol. 13, no. 3, pp. 361–396, 2000.
[33] R. Lu, K. Heung, A. H. Lashkari, and A. A. Ghorbani, “A lightweight
privacy-preserving data aggregation scheme for fog computing-enhanced
IoT,” IEEE Access, vol. 5, pp. 3302–3312, 2017.
[34] L. Wei, J. Cui, Y. Xu, J. Cheng, and H. Zhong, “Secure and lightweight
conditional privacy-preserving authentication for securing traffic emer-
gency messages in VANETs,” IEEE Trans. Inf. Forensics Secur., vol. 16,
pp. 1681–1695, 2021.
[35] Y. Wang, X. Wang, H.-N. Dai, X. Zhang, and M. Imran, “A data reporting
protocol with revocable anonymous authentication for edge-assisted intel-
ligent transport systems,” IEEE Trans. Ind. Informat., early access, Dec.
2, 2022, doi: 10.1109/TII.2022.3226244.
Hongyuan Cheng received the B.E. degree in com-
puter science and technology from Taishan Univer-
sity, Taian, China, in 2018. She is currently working
toward the Ph.D. degree in cyberspace security with
the School of Computer and Information Security,
Guilin University of Electronic Technology, Guilin,
China.
Her research interests include data privacy and
security and privacy in VANETs.
Xianchao Zhang received the Ph.D. degree in sys-
tems engineering from Beihang University, Beijing,
China, in 2013.
From 2013 to 2015, he was a Postdoctoral Fellow
with Peking University, Beijing, China. From 2018
to 2022, he was a Postdoctoral Fellow with South-
east University, Nanjing, China. From 2015 to 2021,
he was a Senior Engineer with the China Academy
of Electronic and Information Technology, Beijing,
China. He is currently a Professor with the Key Lab-
oratory of Medical Electronics and Digital Health,
Zhejiang, China, and the Engineering Research Center of Intelligent Human
Health Situation Awareness, Jiaxing University, Zhejiang, China. His research
interests include artificial network and privacy computing.
Jingkang Yang received the B.E. degree in mechani-
cal design manufacture and automation from Lanzhou
Jiaotong University, Lanzhou, China, in 2018. He
is currently working toward the Ph.D degree in in-
formation and communication engineering with the
School of Computer and Information Security, Guilin
University of Electronic Technology, Guilin, China.
His research interests include privacy preserving
and machine learning.
Yining Liu (Senior Member, IEEE) received the B.S.
degree in applied mathematics from Information En-
gineering University, Zhengzhou, China, in 1995, the
M.S. degree in computer software and theory from
the Huazhong University of Science and Technology,
Wuhan, China, in 2003, and the Ph.D. degree in
mathematics from Hubei University, Wuhan, China,
in 2007.
He is currently a Professor with the Guilin Uni-
versity of Electronic Technology, Guilin, China. His
research interests include data privacy, security and
privacy in VANETs, image security, and machine learning.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Authorized licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on July 16,2023 at 08:10:01 UTC from IEEE Xplore. Restrictions apply.
