Content uploaded by Yining Liu
Author content
All content in this area was uploaded by Yining Liu on Dec 24, 2022
Content may be subject to copyright.
Content uploaded by Yining Liu
Author content
All content in this area was uploaded by Yining Liu on Feb 10, 2022
Content may be subject to copyright.
85
PPRP: Preserving-Privacy Route Planning Scheme
in VANETs
YANGFAN LIANG and YINING LIU, School of Computer and Information Security, Guilin University
of Electronic Technology, Guilin, Guangxi
BRIJ B. GUPTA, Department of Computer Science and Information Engineering, Asia University, Taichung
413, Taiwan, & Lebanese American University, Beirut, 1102, Lebanon, & Center for Interdisciplinary Research
at University of Petroleum and Energy Studies (UPES), Dehradun, Uttarakhand, India, & Research and Inno-
vation Department, Skyline University College, Sharjah P.O. Box 1797, United Arab Emirates
Route planning helps a vehicle to share a message with the roadside units (RSUs) on its path in advance,
which greatly speeds the authentication between the vehicle and the RSUs when the vehicle enters the RSUs’
coverage. In addition, since only a small amount of necessary information needs to be shared between the
vehicle and the RSUs, route planning can reduce the storage overhead of the vehicle’s on-board unit (OBU)
and the RSUs. However, the message sharing requires the assistance of the certication authority (CA), which
will lead CA easily to obtain the vehicle’s planning route. Although CA knows the vehicle’s registration in-
formation and helps the vehicle to communicate with RSUs, it is unacceptable that the path of their vehicle
is obtained by CA for most drivers. In fact, vehicle’s sensitive information such as planning route, starting
time, stop place, should be privacy for others including CA. Inspired with the method of oblivious transfer,
a preserving-privacy route planning scheme in VANETs is proposed in this article, in which, a vehicle de-
duces the information of RSUs on its path with the help of CA, while CA knows nothing about which RSUs’
information has been deduced by the vehicle. Later, fast authentication or other service is easily achieved
between the vehicle and the RSUs (V2R) with the pre-shared information. After V2R authentication, vehicles
could easily communicate with adjacent vehicles with the help of RSUs (V2V). Finally, compared with related
schemes, performance evaluation illustrates the proposed scheme is better in terms of time consumption.
CCS Concepts: • Security and privacy →Security services;Network security;•Networks →Network
architectures;Network components
Additional Key Words and Phrases: VANETs, route planning privacy, oblivious transfer
ACM Reference format:
Yangfan Liang, Yining Liu, and Brij B. Gupta. 2022. PPRP: Preserving-Privacy Route Planning Scheme in
VANETs. ACM Trans. Internet Technol. 22, 4, Article 85 (December 2022), 18 pages.
https://doi.org/10.1145/3430507
This work is supported by Natural Science Foundation of China (no. 61662016 and no. 62072133), Key projects of Guangxi
Natural Science Foundation (no. 2018JJD170004).
Authors’ addresses: Y. Liang and Y. Liu, School of Computer and Information Security, Guilin University of Electronic Tech-
nology, Guilin, Guangxi; emails: afarloeng@163.com, ynliu@guet.edu.cn; B. B. Gupta, Department of Computer Science
and Information Engineering, Asia University, Taichung 413, Taiwan; email: gupta.brij@gmail.com.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee
provided that copies are not made or distributed for prot or commercial advantage and that copies bear this notice and
the full citation on the rst page. Copyrights for components of this work owned by others than ACM must be honored.
Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires
prior specic permission and/or a fee. Request permissions from permissions@acm.org.
© 2022 Association for Computing Machinery.
1533-5399/2022/12-ART85 $15.00
https://doi.org/10.1145/3430507
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:2 Y.Liangetal.
1 INTRODUCTION
In modern society, the increasing number of vehicles has brought about some problems, such as
trac congestion, trac accidents, and complicated trac conditions. To avoid these problems, it
is necessary to share the real-time information such as vehicle’s location and status, weather con-
ditions, road conditions, with other vehicles, and the surrounding equipment [Hsu et al. 2015; Zhu
et al. 2015]. Therefore, as an important part of the intelligent transportation systems (ITSs), ve-
hicular ad-hoc network (VANET) is widely researched, which usually consists of three compo-
nents: certication authority, on-board units (OBUs), and roadside units (RSUs). And two main
communication types in VANETs are respectively, Vehicle-to-Vehicle (V2V) communication and
Vehicle-to-Infrastructure (V2I) communication. As dened in IEEE Standard 1,609.2, both com-
munication styles follow dedicated short-range communication (DSRC) [Kenney 2011]proto-
col for wireless access in the vehicular environment (WAVE ) [Jiang and Delgrossi 2008].
The advent of intelligent vehicular applications and IoT technologies gives rise to data-intensive
challenges in ITS [Hussain et al. 2019]. Since messages are transmitted in an open wireless envi-
ronment, security and privacy are the critical challenges [Cheng and Liu 2020]. Specically, the
traditional security requirements at least including condentiality, authentication, and integrity,
ensure the transmitted message only to be recognized by the authorized entities [Song et al. 2020].
However, the traditional security goals are not enough for VANET, and the privacy requirement is
also necessary [Zhang et al. 2008]. Privacy requirement guarantees the sensitive or private infor-
mation cannot be known by others including the authorized entities even if the secure channel has
been established among them. For example, vehicle’ route information and departure time should
not be known by CA and RSUs.
In VANET, route planning is introduced in Ahmad et al. [2019] and is widely used for the envi-
ronment of self-driving vehicles [Hiraishi 2018]. In the route planning process, a vehicle selects its
destination and the favorite route, then the vehicle’s OBU establishes a link or shares a message
with the RSUs on its path. After soon, when the vehicle enters the corresponding RSUs’ coverage,
the very ecient authentication is achieved between the vehicle and these RSUs with the shared
message. Certainly, the message sharing between the vehicle and these RSUs requires the assis-
tance of CA, which easily exposes vehicle’s route privacy to CA. Since the vehicle’s route should
be privacy for all including CA and RSUs, how to protect the privacy among the authorized enti-
ties is vital for VANET. To address this issue, in this article, a preserving-privacy route planning
scheme in VANETs is proposed, and the main contributions are summarized as follows:
— In route planning, a vehicle rst plans its own path, so as to know the RSUs it will pass
by. Then, the vehicle obtains the authentication information of these RSUs from CA. In the
process of obtaining the information, it is ensured that CA does not know which RSUs’
information has been obtained by the vehicle. Therefore, CA cannot infer the vehicle’s path
from these RSUs. As a result, the vehicle’s path privacy is protected. After that, when the
vehicle enters the coverage of these RSUs, the rapid authentication between the vehicle and
these RSUs can be achieved with the information obtained from CA.
— After V2R authentication, vehicles easily communicates with adjacent vehicles through
OBUs installed in vehicles V2V by the assistance of RSUs.
— A detailed analysis shows that the proposed scheme could achieve privacy objectives in
VANETs. Moreover, we compare it with related schemes. The comparison results show that
our scheme is better performance in time consumption.
The rest of the article will be organized as follows. Section 2introduces lots of related works. Some
preliminaries is prepared in Section 3. Section 4describes the system model and the design goals.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:3
Section 5describes the proposed preserving-privacy route planning scheme in VANETs in detail.
Comprehensive analysis and performance evaluation are described in Section 6. Finally, there is
the conclusion of the article.
2 RELATED WORKS
In this section, we introduction various authentication schemes addressing privacy and security
in traditional VANET respectively and discuss the benets and drawbacks of those protocols.
Security and privacy for vehicular communications are vital. In past years, a lot of authentication
schemes [Calandriello et al. 2007;Heetal.2015a; Raya and Hubaux 2005;Shim2012]havebeen
proposed for the security goals including condentiality, authentication, and integrity. Although
there is an advanced quantum key distribution systems [Pljonkin 2019], most of them are based
on asymmetric cryptosystems. And this needs a public key infrastructure (PKI) [Zhang et al.
2010] to generate a lot public/private keys that are used to generate and verify digital signatures
respectively. Therefore, each vehicle needs to store the public/private keys, which is not negligible
for resource-constrained vehicle’s OBU. For this reason, some researchers proposed an identity-
based (ID-based) public key encryption scheme. Usually, in ID-based scheme, the public key can
be computed from the identity and the corresponding private key is generated by PKG. Then, Shim
et al. designed a new ID-based signature scheme [Shim 2012], however, it uses complex bilinear
pairing operations, resulting in a high computational and communication delay. For the problem,
He et al. proposed an ID-based authentication scheme [He et al. 2015a] without bilinear pairing.
Consequently, computational complexity is reduced while achieving lower communication costs.
Previous works have addressed the security and eciency issues mentioned above. However, the
privacy requirement is not paid attention to enough.
Dierent from the traditional security requirements that ensure the transmitted message only
to be recognized by the authorized entities, privacy requirements guarantee the sensitive or pri-
vate information cannot be known by the authorized entities, under the assumption that the secure
channel has been established among them. For example, the vehicle’s route information and depar-
ture time should not be known by CA and RSUs. In recent years, a lot of schemes are designed to
protect vehicles’ privacy. The schemes can be classied into two categories: (1) Group signature-
based scheme (GSB), and (2) anonymous authentication scheme for VANETs.
GSB scheme is a method commonly used for privacy-preserving. In VANETs, the sending vehicle
privacy is guaranteed due to the anonymous authentication provided by the inherent property of
group signature (GS)[Alietal.2019]. The group consists of members and manager. The manager
signs messages on behalf of the whole group and only the manager can distinguish the signer
among group members.
Lin et al. [2007] proposed a group signature scheme for VANETs. In this scheme, the OBUs need
not store a lot of anonymous keys, meanwhile, the CA can eciently trace the malicious vehicle
if necessary. Shao et al. [2016] proposed a group signature-based scheme for V2V authentication
in VANETs. But it lacks forward and backward security properties and anti-collision [Zhao et al.
2015]. Wang et al. [2016] introduced an Ecient Conditional Privacy-Preserving (ECPB)au-
thentication scheme based on group signature for VANETs. This proposed work slightly improved
verication delay and average delay. In those group-based signatures, there is a tradeo between
the anonymity level and the group size. Although a large group size is more anonymous, it in-
creases the time needed to verify signatures. On the contrary, a small group size makes it easy
for the attacker to identify members of the group. As a result, anonymity is not ideally satised
[Pournaghi et al. 2018].
One of the most accepted approaches for anonymity is pseudonymity. Each vehicle is equipped
with a large number of pseudonyms issued by CA. Then, each pseudonym is used to sign multiple
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:4 Y.Liangetal.
messages sent in a xed time interval. To prevent a pseudonym from being connected to an entity,
a pseudonym can only be used once, nally, it is discarded. This means a temporary fake identier
is used to replace the vehicle’s real identity. Therefore, sensitive information such as the vehicle’s
real ID, start time and real-time location is not easily linked to one physical vehicle. As a result,
anonymity and unlinkability are guaranteed. Liu et al. proposed the authentication scheme based
on SS called LVAP [Liu et al. 2015]. However, the scheme cannot protect the vehicles’ path because
vehicles use a same pseudonym for a long time, which may be tracked by adversaries. Hence,
it is necessary for more privacy to frequently change pseudonyms in Eckho et al. [2010]and
Pan et al. [2011]. Nonetheless, in the case of anonymity, there needs to be a certication author-
ity that can track the malicious vehicles. Because if one vehicle sends fake information to other
vehicles, which can damage the vehicle.
In the above schemes, CA is usually required to help generate the secret key or pseudonym. So,
it just guarantees the privacy between the vehicles and the vehicles, and between the vehicles and
the RSUs. The privacy of the vehicle to CA is not guaranteed, which means CA can easily access
the vehicle’s private information, such as the vehicle route, the starting time of the vehicle, and
so on. Inspired by vulnerability analysis for the authentication protocols [Alhaidary et al. 2018]
and cloud Environment [Kaushik and Gandhi 2019], a preserving-privacy route planning scheme
in VANETs is proposed in this article. In the proposed scheme, the privacy of the vehicle to CA
is ensured in the process of route planning. To be specic, in path planning, a vehicle rst plans
its own path so that it knows the RSUs it will pass through. The vehicle then obtains these RSUs’
authentication information from CA, meanwhile, it must be ensured that CA does not know which
RSUs’ information has been obtained. Therefore, CA cannot infer the vehicle’s path from these
RSUs so that the path privacy of the vehicle is protected from CA.
3 PRELIMINARIES
In this section, we introduce oblivious transfer (OT)andelliptical curve cryptosystem (ECC)
mainly used in this scheme.
Today, computers are increasingly being used for storing and retrieving information. Some of
this information is of a sensitive nature requiring adequate security measures to safeguard the
sensitive information. Hence, awareness about the various tools and techniques for securing the
information has become unavoidable [Gupta 2018]. Rabin et al. introduced OT to protect users’ pri-
vacy in electronic commerce and it is a basic cryptographic method in various privacy-preserving
technologies [Wang et al. 2020]. Although there are a lot of dierent OT schemes in terms of their
functionality, OT schemes can be usually generalized as k-out-nOT ( OTk
n) schemes. Usually, there
are two entities in a OTk
n. One is the sender who contains nmessages, the other is the receiver
who wants to obtain kmessages from the sender. Specically, the receiver can only get these k
messages that he has chosen, meanwhile, the sender knows nothing about what the receiver has
obtained. In addition, OTk
nis dened as follows. Alice knows nmessages and wants to send kof
them to Bob. Bob gets kof them with probability k!(n−k)!/n! and knows which ones he has ob-
tained, but Alice has no idea about which messages Bob has obtained [Mu et al. 2003]. Figure 1
shows the process of OT.
Moreover, ECC [He et al. 2015b] is a commonly encryption system in an elliptic curve, which
includes scalar multiplication, elliptic curve discrete logarithm problem (ECDLP), and com-
putational Die-Hellman (CDH) problem. Their denition is as follows:
Elliptic Curve: Let Fqbe a nite eld and a large prime number pis the order of Fq.Eis an
elliptic curve dened as: y2=x3+ax +b,where a,b∈Fqare constants. There is a group dened
on E,whoseorderisqand the generator is p. The set contains an innity point O.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:5
Fig. 1. The process of Oblivious Transfer.
Scalar multiplication: Let P∈Gq,n∈Z∗
q,then the scalar multiplication is nP =P+P+···+P
(for a total of ntimes).
ECDLP: There are two random points P,Q∈G,and Q=x·P. It is hard to compute xfrom Q
in the polynomial-time t.
CDH: Given two random points Y,Q∈G,whereY=y·P,Q=x·P,andx,yare unknown
integers, it is hard to compute x·y·P[Koblitz 1987].
4 MODEL AND GOALS
In this section, we briey introduce the system model and design goals of the proposed scheme.
Figure 2shows the VANET system model used in this article and Figure 3shows a workow
owchart for entities within the system.
4.1 System Model
VANETs consists of three entities: certication authority (CA), roadside unity (RSU), and ve-
hicle,asshowninFigure2. Furthermore, in order to clearly describe the major operation of all
entities in the system model, the workow chart for each entity within the system is rendered in
Figure 3.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:6 Y.Liangetal.
Fig. 2. System model.
Fig. 3. Workflow flowchart for entities within the system.
CA: CA owns powerful computing and storage capabilities. And it is responsible for managing
the entire VANETs. Usually, CA stores RSUs’ and vehicles’ information, and assists in the authen-
tication between the RSUs and the vehicles. Although CA strictly complies with the protocol, it is
curious to deduce the private or sensitive information such as the vehicle’s start time and real-time
location with the legally received messages.
RSU: RSUs are deployed at the roadsides and communicate with CA via secure channels. RSUs
can not only provide certain services for vehicles within its coverage area, but also help the com-
munication between vehicles within its coverage area.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:7
Vehicle: Vehicle is equipped with OBU and TPD modules. OBU is in charge of communication
with other OBUs, RSUs, and CA. And the deputy of TPD is to store the private information and
executes secure computing.
Adversary: The secure channel has been established among the authorized entities, In other
words, the attacker out of the system cannot monitor the public channels, impersonate the iden-
tity of the legitimate vehicle or RSU, and steal the information from TPD, and so on. Hence, in
the system, any entity that is curious to the private or sensitive information of other entities are
regarded as the active adversary, including CA, RSUs, and vehicle.
4.2 System Model
Under the assumption that the traditional security requirements at least including condentiality,
authentication, and integrity have been ensured, there are still privacy and utility goals that need
to be met.
Route privacy: In the necessary message sharing between vehicles and RSUs by the assistance
of CA. we need to prevent vehicles’ route privacy from CA. If it is not met by the system, CA can
easily get the path of any vehicle.
Anonymity: Any third party (except for CA) cannot obtain the vehicle’s true identity through
the message from a given vehicle. If it is not met by the system, the true identity of vehicle will be
exposed to everyone, increasing the risk of attack.
Traceability: Although a vehicle’s true identity is hidden from any other vehicle, CA can obtain
true identity of any vehicle if necessary. If it is not met by the system, in case there is a malicious
vehicle in the system, it cannot be identied by others, which will bring a potential risk to the
system security.
Unlinkability: No third party can link two authentication messages sent by the same vehicle.
Moreover, they cannot trace the vehicle through its messages. If it is not met by the system, an at-
tacker can externally distinguish whether two messages originate from the same vehicle, reducing
the security of the vehicle.
5 PROPOSED SCHEME
In this section, we describe the proposed scheme that consists of ve phases: Initial phase, Reg-
istration phase, Route planning phase, V2I authentication phase, and V2V Authentication phase.
In the initial phase, CA initializes and distributes system parameters. In addition, the RSUs’ basic
information is also stored in CA. In the registration phase, in order to join the vehicular network,
vehicles must be registered with CA. In route planning phase, vehicle needs to plan its path in
advance so that it knows which RSUs it will go through. Then, the necessary message is shared
between OBU and the RSUs with the collaboration of CA. Meanwhile, it is guaranteed that CA
cannot know which RSUs’ information is shared to the vehicle. In V2I authentication phase, since
information sharing between the RSUs and the vehicle has been completed in the previous phase,
the quick authentication can be implemented between vehicle and RSUs. In V2V authentication
phase, after V2I authentication, a vehicle can communicate with adjacent vehicles through OBUs
installed in vehicles by the assistance of RSUs.
5.1 Initial Phase
Let Fqbe a nite eld, qis a prime number to represent the size of the nite eld. And (a,b)∈Fq
is the parameter of elliptic curve G,andgis its generator, as represented in Table 1.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:8 Y.Liangetal.
Table 1. Main Notations
Notation Description
FqA nite eld, qis a prime number to represent the size of the nite eld
GA cyclic groups of order p
CA Certication authority
gA generator of G
pkCA ,skCA Public and private key of CA
HA secure hash function H:{0,1}∗→Zq
RSUiRSUiof number i
hA secure hash function h:{0,1}∗→Zq
KiThe session key that communicates with the RSUi
infiThe additional information of RSUi
pkj,skjPublic and private key of vehicle vj
rjVehicle vjselects a random number
AIDjThe pseudonym of vehicle vj,and jis the ID of the vehicle vj
vjThe vehicle of IDj
SjA parameter aiding necessary message sharing between OBU and RSUs
TjA parameter aiding necessary message sharing between OBU and RSUs
PathjThe number set of RSUs in the path of the vehicle vj
mj
pass The relevant path information set
mj
key The session key set
kj
iThe key to encrypt relevant information of the RSUi.
CiAw×nciphertext matrix
AjThe ciphertext vector containing nciphertexts for each RSU on the path
Val uecur rent A temporary hash value currently used to aid V2V authentication
(1) CA generates a public/ secret key pair (pkCA,skCA),wherepkCA =д·skCA. And CA selects
the hash functions: H:{0,1}∗→Zq. CA assigns the number ito RSUiwithin its jurisdiction,
where i∈{0,1,...,n}.
(2) RSUiselects its symmetric key Ki∈Zqand sends it to CA via a secure manner. In addition,
Kineeds to be updated periodically such as every day, where i∈{0,1,...,n}.
(3) CA stores the RSU’s authentication information. The specic storage form is as follows:
{(1||K1||inf1)
(2||K2||inf2)
(······)
(i||Ki||infi)
(······)
(n||Kn||infn)}
where infiis additional information of RSUi,Kiis the symmetric key of RSUi,andi∈
{0,1,...,n}.
(4) CA publishes {G,i,д,H,pkCA}and keeps {skCA,Ki,infi}in secret.
5.2 Registration Phase
The vehicle vjis registered with local CA, the detailed process is as follows:
(1) Vehicle vj,j∈{0,1,...,n}generates a public/ secret key pair (pkj,skj),wherepkj=д·skj,
then vjsends {j,pkj}to CA via a secure manner.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:9
(2) After CA receives the {j,pkj}, it selects a random number rjand generates pseudonym
AI D j=j⊕H(skCA||rj)for vj. And the AI D jis used in vehicle-to-vehicle and vehicle-to-
RSU communications, and helps CA to verify the legal identity of the vehicle. In addition,
AI D jneeds to be updated periodically such as every day.
(3) CA generates two parameters so that necessary message sharing is ensured between OBU
and RSUs in route planning phase.Sj=д·yj,Tj=Sj·yj,whereyj∈Gand j∈{0,1,...,n}.Fi-
nally, CA stores {j,AI Dj,rj,yj}in the database and sends {AID j,Sj}to the vehicle vjthrough
a secure channel.
5.3 Route Planning Phase
(1) The vehicle vjplans its route in advance, as represented in Figure 5. Suppose there are w
RSUs in the path of the vehicle vj, the RSUs’ number set is Path ={1,2,...,i,...,w}. Then, the
vehicle vjneeds to generate the relevant path information mj
path ={Rj
1,Rj
2,...,Rj
i,...,Rj
w}and
the corresponding session key mj
Key ={kj
1,kj
2,...,kj
i,...,kj
w}between CA and vj,inwhich,kj
i
is used to encrypt relevant information of the RSUi. In the specic generation process, vjselects
xj∈G, calculates kj
i=H(xj·Sj)and Rj
i=i·Sj+д·xj,wherei,j∈{0,1,...,n}. Then, the vehicle
vjselects a timestamp t1and calculates Requestj={epkCA(AI D j||mj
path ||t1),H(epkCA ),t1}. Finally,
vjsends Requestjto CA, where j∈{0,1,...,n}.
(2) On receiving Requestj, CA veries H(epkCA )and t1.Ift1and H(epkCA)are correct, vehicle
accepts Requestj. Otherwise, CA rejects it. Next, CA decrypt epkCA with private key skCA to get
AI D jand mj
path ={Rj
1,Rj
2,...,Rj
i,...,Rj
w},wherej∈{0,1,...,n}.
(3) CA queries the existence of a user with it’s pseudonym AI Djthrough a local database to de-
termine whether the vehicle vjis legitimate. If the vehicle vjis legitimate, CA takes the next
step. Otherwise, CA broadcasts that the user with the pseudonym AI Djis illegal, where j∈
{0,1,...,n}.
(4) CA generates a ciphertext vector Ci={e1
i,e2
i,...,es
i,...,en
i}containing nciphertexts for
each RSU on the path. Since there are wRSUs: {1,2,...,i,...,w}in the path of the vehicle vj.Fi-
nally, a w×nciphertext matrix Ajwill be generated and it contains the authentication information
of RSUs on the path. The ciphertext matrix is shown in Figure 4.
Suppose that RSUiis on the path of vehicle vj, the specic generation process of the ciphertext
vector for RSUiis as follows:
(i) CA generates ndierent session keys: {kj
1,kj
2,...,kj
s,...,kj
n}to encrypt the authentication
information for all nRSUs, where kj
s=H(yj·Rj
i−s·Tj),s∈{0,1,...,n},both yjand Tjare
parameters generated in registration stage to help generate ciphertext matrices, Rj
iis the path
parameter from the vehicle vj. In this case, it’s important to note that kj
s=kj
iwhen s=i,where
i,j,s∈{0,1,...,n},kj
iis the session key generated by the vehicle for decrypting the ciphertext
matrix Ajand kj
i=H(xj·Sj).The detailed proof is as follows:
kj
s=H(yj·Rj
i−s·Tj)=H(yj·(i·Sj+д·xj)−s·Tj)=H((i·Tj−s·Tj)+yj·д·xj)=H(yj·д·xj)=
H(xj·Sj)=kj
i
where Rj
i=i·Sj+д·xj,Tj=yj·Sj,s=i,Sj=д·yj,andi,j,s∈{0,1,...,n}.
(ii) CA uses this ndierent session keys: {kj
1,kj
2,...,kj
s,...,kj
n}to encrypt the authentication
information for all nRSUs. In the end, CA gets a ciphertext vector Ci={e1
i,e2
i,...,es
i,...,en
i}for
RSUi,wherees
i=Eki
s(s||Ks||infs),i,j,s∈{0,1,...,n},infiis additional information of RSUi,and
Kiis the symmetric key of RSUi.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:10 Y. Liang et al.
Fig. 4. Ciphertext matrix.
Therefore, CA performs (i)–(ii) operations on the wRSUs on the vehicle path, and CA nally
gets a w×nciphertext matrix Aj. Finally, CA sends {Aj,H(Aj||t2),t2}to the vehicle vj,wheret2
is a timestamp.
(5) On receiving {Aj,H(Aj||t2),t2}, the vehicle vjveries H(Aj||t2)and t2.Ift2and H(Aj||t2)
are correct, the vehicle accepts Aj. Otherwise, the vehicle vjrejects it. Next, the vehicle vjuses w
symmetric keys {kj
1,kj
2,...,kj
i,...,kj
w}to decrypt the part of ciphertext from the matrix Aj,sothat
it can get the authentication information with the RSUs on its path. Here, we take es
ias an example
to briey decryption. Only when s=i,kj
s=kj
i.Therefore, the vehicle vjcan decrypt es
i. Hence, the
vehicle vjcan only get the information of RSUs on its path, and other RSUs’ information cannot
be obtained by the vehicle vj. At the same time, CA does not know which RSUs’ information has
been obtained by the vehicle vj. In the end, the vehicle vjobtains the authentication information
of wRSUs on its path, so that it can quickly authenticate with the RSUs in the future, where
i,j∈{0,1,...,n}.
5.4 V2I Authentication Phase
(1) When the vehicle vjenters the coverage range of RSUi, the vehicle vjsends {EKi
(i||AI D j||r||t3),H(EKi),t3}to RSUi,whereris a random number selected by the vehicle vj,andt3
is a timestamp, and i,j∈{0,1,...,n}.
(2) On receiving {EKi(i||AID j||r||t3),H(EKi),t3},RSUiveries H(EKi)and t3. If both are correct,
RSUidecrypts the message with the key Kito get r. Otherwise, RSUirejects it. Next, RSUisends
H(r+1)to the vehicle vj,wherei,j∈{0,1,...,n}.
(3) On receiving H(r+1), the vehicle vjveries whether the received H(r+1)is correct. If yes,
the V2I authentication succeeds. Otherwise, it fails.
5.5 V2V Authentication Phase
(1) Before V2V authentication, RSUineeds to do some work to help the next V2V authentication.
RSUigenerates a one-way hash chain, its hash values are used for vehicles’ communications within
a xed period. Due to the short lifetime of the hash values for strong security, they need to be
updated regularly. The hash chain is generated as follows:
(i) RSUichooses a hash function h:{0,1}∗→Zqand randomly selects a Seed ∈G.
(ii) RSUigenerates hash chains HC by the Seed and the hash function h.
h(Seed)→h2(Seed)→···→hn−1(Seed )→hn(Seed)
Valuen→Valuen−1→···→Value2→Value1
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:11
Fig. 5. Route planning phase via public channel.
(iii) The RSUistorages the hash chains HC.
(2) After the vehicle vjsuccessfully authenticates with the RSUi,theRSUiwill send {EKi
(i||AI D j||Valuecurr ent ||t4),H(EKi),t4}to the vehicle vj,whereValuecurr ent is a temporary hash
value currently used to aid V2V authentication, where i,j∈{1,2,...,n}.
(3) On receiving {EKi(i||AID j||Valuecurr ent ||t4),H(EKi),t4}, the vehicle vjveries H(EKi)and t4.
If both are correct, the vehicle vjdecrypts the message with the key Kito get Valuecur rent ,where
i,j∈{1,2,...,n}. However, the lifetime of Valuecurrent is short. Before the current Valuecurr ent
going to end, the RSUineeds to broadcast the new hash value to the vehicles in its coverage area.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:12 Y. Liang et al.
After the vehicle receives the new hash value, the vehicle will check whether the (1) holds. If so,
the vehicle accepts it; otherwise, it will be rejected.
Valueol d =H(Valuenew ).(1)
(4) The vehicle vjwants to send message Mjto the vehicle vl. Firstly, the vehicle vjcalculates the
relevant parameters, where djis the random number selected by the vehicle vj,tjis a timestamp,
and Kiis the session key between the vehicle vjand the RSUi. The calculation of the parameters
is as follows:
Dj=д·dj
C1
i=Mj⊕Valuecur r ent
C2
i=Dj⊕Valuecur rent
ψj=dj·H(AI D j||Ki||Dj||Mj||tj)
Then, the vehicle vjsends {AI Dj,C1
i,C2
i,ψj,tj}to the vehicle vl,wherei,j,l∈{1,2,...,n}.
(5) On receiving {AI D j,C1
i,C2
i,ψj,tj}, the vehicle vlveries the timestamp tj.Ifitfails,thevehicle
vlrejects it. Otherwise, the vehicle vluses Valuecurr ent to decrypt C1
iand C2
ifor obtaining Mjand
Dj. The decryption process is as follows, where i,j,l∈{1,2,...,n}.
Mj=C1
i⊕Valuecur r ent
Dj=C2
i⊕Valuecur rent
Finally, the vehicle vlcheck whether the (2) holds. If so, the vehicle vlaccepts the message Mj;
otherwise, it will be rejected.
д·ψj=Dj·H(AI D j||Ki||Dj||Mj||tj).(2)
Batch Verication: This method can support batch verication. Hence, the vehicle vlcan simul-
taneously verify multiple messages from other vehicles. After receiving messages from dierent
vehicles, the vehicle vlrandomly selects a set R={r1,r2,...,rn}, in addition, rj∈[1,2k]andkis
a small random integer. When all timestamps are valid, the vehiclevlchecks if the (3) holds. If so,
the vehicle vlaccepts all messages; otherwise, they will be rejected. Moreover, this way can resist
the attacks on ID-based batch signatures [Liu et al. 2014].
n
j=1
rj·ψj
·д=
n
j=1
Dj·rj·H(AI D j||Ki||Dj||Mj||tj)
.(3)
The detailed proof is as follows:
(n
j=1rj·ψj)·д=(n
j=1rj·dj·H(AI D j||Ki||Dj||Mj||tj)) ·д
=(n
j=1rj·dj·д·H(AI D j||Ki||Dj||Mj||tj))
=(n
j=1Dj·rj·H(AI D j||Ki||Dj||Mj||tj))
Where Dj=д·dj,ψj=dj·H(AI D j||Ki||Dj||Mj||tj),i,j,l∈{1,2,...,n}.
6 PERFORMANCE ANALYSIS
In this section, we analyze the privacy and utility of the proposed scheme about route privacy,
anonymity, traceability, and unlinkability. Then, we compare the time consumption of our scheme
with recent schemes for vehicular networks.
6.1 Privacy and Utility Analysis
Route privacy: In route planning, CA gets the relevant path information mj
path ={Rj
1,Rj
2,...,
Rj
i,...,Rj
w}from vehicle, Rj
i=i·Sj+д·xj,wherei,j∈{1,2,...,n}. If CA wants to deduce
number ifrom the relevant path information Rj
i, it needs to know Rj
i, the relevant parameter Sj,
the generator дand the random number xjchosen by the vehicle. Although CA knows Rj
iand Sj
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:13
Table 2. Performance Comparison
Our scheme [Kumar et al. 2020] [Cui et al. 2019] [Wang et al. 2019][Kamil and
Ogundoyin 2019]
route privacy Y N N N N
anonymity Y Y Y Y Y
traceability Y N Y Y Y
unlinkability Y Y Y Y Y
Table 3. The Definition and Time of the Primary Operations
Operations Denition Time(ms)
Hash Function TH: the execution time of one hash function
operation.
0.001
Addition in ECC TA−ECC : the execution time of one addition
operation-based ECC.
0.012
Scalar Multiplication in ECC TM−ECC :the execution time of one Scalar
multiplication operation-based ECC.
6.128
AES Encryption TE−AES : the execution time of one AES
encryption.
0.006
AES Decryption TD−AES : the execution time of one AES
decryption.
0.003
from the vehicle, CA cannot get xj.Becausexjis the random number chosen by the vehicle and
only the vehicle knows it. Therefore, CA cannot compute ifrom Rj
iand know which RSUs the
vehicle will pass. As a result, the vehicle’s route privacy is protected.
Anonymity: In registration phase, CA generates the pseudonym of vjby AI D j=j⊕H(skCA||rj),
where j∈{1,2,...,n}. Later, the true identity of the vehicle is hidden in the pseudonym. If RSUs
and other vehicles want to compute the real identity jfrom AI D j, they must obtain skCA and rj.
However, those information are stored in CA’s database and only CA can use it. Therefore, all
RSUs and other vehicles cannot obtain skCA and rj. And they cannot deduce the real identity j
from AI D j. Therefore, anonymity is guaranteed.
Traceability: Once the message is disputed, CA can extract vehicle’s real identity. Since AI D j=
j⊕H(skCA||rj)and skCA and rjare stored in the CA’s database, CA can get vehicle’s real identity
by computing j=AI D j⊕H(skCA||rj). Therefore, traceability is guaranteed.
Unlinkability: Because the pseudonym of each vehicle is updated periodically, so it is impossible
for an adversary to connect multiple messages from the same vehicle.
6.2 Performance Evaluation
In this section, we analyze the merits and the time consumption of the proposed scheme and
compare it with recent schemes for vehicular networks. Firstly, the utility and privacy comparison
results listed in Table 2shows that our protocol can achieve more merits. Then, in order to do the
comparison of time consumption, the implementation is performed on a laptop that consists of an
Intel Core i5 processor with 1.6 GHz clock frequency, 4 GB 1,600 MHz DDR3 memory, and runs
macOS HighSierra operation system using C and python language. The results (average operation
times) of the implementation are shown in Table 3[Xu et al. 2019]. In addition, since the given
operations dominate the speeds of the authentication, we only discuss those operations and ignore
the other operations such as concatenation and XOR.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:14 Y. Liang et al.
Table 4. The Execution time of RSU in V2R
Scheme Verify a single vehicle Verify nvehicles
Our scheme TD−AES +2THn(TD−AE S +2TH)
[Kumaretal.2020] 5TM−ECC +2THn(5TM−ECC +2TH)
[Cui et al. 2019] 3TM−ECC +2TA−ECC +2TH(n+2)TM−ECC +
(2n)TA−ECC +(2n)TH
[Wang et al. 2019] 8TM−ECC +2TA−ECC +
2TE−AES +2TD−AES +6TH
n(8TM−ECC +2TA−ECC +
2TE−AES +2TD−AES +6TH)
[Kamil and Ogundoyin 2019] 2TM−ECC +2TA−ECC +TH2TM−ECC +n(TA−ECC +TH)
Table 5. The Execution Time of Vehicle in V2V
Scheme Verify a single-vehicle Verify nvehicles
Our scheme 2TM−ECC +TH(n+1)TM−ECC
[Kumaretal.2020] 5TM−ECC +2THn(5TM−ECC +2TH)
[Cui et al. 2019] 3TM−ECC +2TA−ECC +2TH(n+2)TM−ECC +(2n)TA−EC C +(2n)TH
Fig. 6. Comparison of authentication time in V2R (a).
The total execution time of each phase is related to the number of RSUs. For example, the
urban area of Beijing is about 1,401 square kilometers. The communication range of a RSU is
about 1,000 m and the area that the RSU can cover is about 3 square kilometers. Therefore, the
urban area of Beijing requires about 500 RSUs. In some jammed areas, more RSUs are needed,
we assume that the maximum number of RSU is 1,000. In V2R, TPD computes Requestj=
{epkCA(AI D j||mj
path ||t1),H(epkCA ),t1}. So, when there are nRSUs along the path, the time of com-
puting is (3n+2)TM−ECC +nTA−ECC +(n+1)TH. Next, CA veries H(epkCA ),decryptsepkCA with
private key skCA to get AI D jand mj
path, generates {Aj,H(Aj||t2),t2}. When there are nRSUs along
the path, the time spent by CA is (2n2+3)TM−ECC +n2TA−ECC +n2TE−AES +2TH. Then, TPD veries
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:15
Fig. 7. Comparison of authentication time in V2R (b).
Fig. 8. Comparison of authentication time in V2V (a).
H(Aj||t2)and decrypts the part of ciphertext from the matrix Aj. When there are nRSUs along the
path, the time of decryption by TPD is nTD−AES +TH.
In Table 4, we compare the verication time of the proposed scheme, [Cui et al. 2019;Kumar
et al. 2020;Wangetal.2019], and [Kamil and Ogundoyin 2019] in the V2R authentication Phase.
The performance simulation in authentication is illustrated in Figures 6and 9. The results show
the proposed scheme calculation time is better than others. In Table 5, we compare the verication
time of the proposed scheme, [Kumar et al. 2020] and [Cui et al. 2019] in the V2V authentication
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:16 Y. Liang et al.
Fig. 9. Comparison of authentication time in V2V (b).
Phase. The performance simulation in V2V authentication is illustrated in Figures 7,8and 9.The
results show the proposed scheme calculation time is better than others.
7 CONCLUSIONS
In VANET, most authentication protocols do not take the risk of vehicle privacy leakage to CA into
account. Therefore, we propose a privacy-preserving route planning scheme for VANETs, which
protects vehicles’ route privacy from CA. In the proposed scheme, for the purpose of fast and
ecient V2R authentication, a vehicle needs to plan its own path. In route planning, the necessary
message sharing between the vehicle and the RSUs requires the assistance of CA. Meanwhile,
the proposed scheme ensures that CA does not know which RSUs’ information is shared with
the vehicle. Hence, CA cannot infer the path privacy of the vehicle from the RSUs it passes by.
After V2R authentication, the vehicle can eectively communicate with adjacent vehicles by the
assistance of RSUs. As a result, ecient V2R and V2V authentication is realized and path privacy is
protected from CA in our scheme. Besides, compared with recent schemes, the proposed scheme
not only met basic security requirements such as condentiality, authentication, integrity, and
traceability in VANET, but also implemented the privacy-preserving in route planning. Finally,
analysis shows the proposed scheme performance evaluation also presents the advantages in terms
of computational cost. In the future, our work can benet to the vehicular environment.
ACKNOWLEDGMENTS
The authors would like to thank Natural Science Foundation of China and Key projects of Guangxi
Natural Science Foundation.
REFERENCES
A. Ahmad, S. Din, A. Paul, G. Jeon, M. Aloqaily, and M. Ahmad. 2019. Real-time route planning and data dissemination
for urban scenarios using the internet of things. IEEE Wireless Communications 26, 6 (December 2019), 50–55. https:
//doi.org/10.1109/MWC.001.1900151
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
PPRP: Preserving-Privacy Route Planning Scheme in VANETs 85:17
M. Alhaidary, S. M. M. Rahman, M. Zakariah, M. S. Hossain, A. Alamri, M. S. M. Haque, and B. B. Gupta. 2018. Vulnerability
analysis for the authentication protocols in trusted computing platforms and a proposed enhancement of the opad
protocol. IEEE Access 6 (2018), 6071–6081. https://doi.org/10.1109/ACCESS.2017.2789301
I. Ali, A. Hassan, and F. Li. 2019. Authentication and privacy schemes for vehicular ad hoc networks (VANETs): A survey.
Vehicular Communications 16 (April 2019), 45–61.
G. Calandriello, P. Papadimitratos, J. P. Hubaux, and A. Lioy. 2007. Ecient and robust pseudonymous authentication in
VANET. In Proceedings of the 4th ACM International Workshop on Vehicular ad hoc Networks. 19–28.
H. Cheng and Y. Liu. 2020. An improved RSU-based authentication scheme for VANET. Journal of Internet Technology 21, 4
(July 2020).
J. Cui, D. Wu, J. Zhang, Y. Xu, and H. Zhong. 2019. An ecient authentication scheme based on semi-trusted authority in
VANETs. IEEE Transactions on Vehicular Technology 68, 3 (2019), 2972–2986.
D. Eckho, C. Sommer, T. Gansen, R. German, and F. Dressler. 2010. Strong and aordable location privacy in VANETs:
Identity diusion using time-slots and swapping. In Proceedings of the 2010 IEEE Vehicular Networking Conference. IEEE,
174–181.
B. B. Gupta. 2018. Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives. CRC Press.
D. He, S. Zeadally, B. Xu, and X. Huang. 2015a. An ecient identity-based conditional privacy-preserving authentication
scheme for vehicular adhoc networks. IEEE Transactions on Information Forensics & Security 10, 12 (December 2015),
2681–2691.
D. He, S. Zeadally, B. Xu, and X. Huang. 2015b. An ecient identity-based conditional privacy preserving authentication
scheme for vehicular ad hoc networks. IEEE Transactions on Information Forensics & Security 10, 12 (December 2015),
2681–2691. https://doi.org/10.1109/TIFS.2015.2473820
Hironori Hiraishi. 2018. Passenger condition based route-planning for cognitive vehicle system. International Journal of
Software Science and Computational Intelligence 10, 2 (2018), 25–35. https://doi.org/10.4018/IJSSCI.2018040102
C. Y. Hsu, C. S. Yang, L. C. Yu, C. F. Lin, H. H. Yao, D. Y. Chen, K. R. Lai, and P. C. Chang. 2015. Development of a cloud-based
service framework for energy conservation in a sustainable intelligent transportation system. International Journal of
Production Economics 164 (June 2015), 454–461.
M. M. Hussain and M. S. Beg. 2019. Using vehicles as fog infrastructures for transportation cyber-physical systems (T-CPS):
Fog computing for vehicular networks. International Journal of Software Science and Computational Intelligence (IJSSCI)
11, 1 (2019), 47–69.
D. Jiang and L. Delgrossi. 2008. IEEE 802.11p: Towards an international standard for wireless access in vehicular environ-
ments. In Proceedings of the Vehicular Technology Conference. IEEE, Singapore, 2036–2040.
I. A. Kamil and S. O. Ogundoyin. 2019. An improved certicateless aggregate signature scheme without bilinear pairings
for vehicular ad hoc networks. Journal of Information Security and Applications 44 (February 2019), 184–200.
S. Kaushik and C. Gandhi. 2019. Ensure hierarchal identity based data security in cloud environment. International Journal
of Cloud Applications and Computing (IJCAC), 9, 4 (2019), 21–36.
J. B. Kenney. 2011. Dedicated short-range communications (DSRC) standards in the united states. In Proceedings of the IEEE.
99, 7 (July 2011), 1162–1182.
N. Koblitz. 1987. Elliptic curve cryptosystems. Mathematics of Computation 48, 177 (1987), 203–209. https://doi.org/10.2307/
2007884
V. Kumar, M. Ahmad, D. Mishra, S. Kumari, and M. K. Khan. 2020. RSEAP: RFID based secure and ecient authentication
protocol for vehicular cloud computing. Vehicular Communications 22 (April 2020), 100213.1–100213.13.
X. Sun, X. Lin, P. Ho, and X. S. Shen. 2007. A secure and privacy preserving protocol for vehicular communication. IEEE
Trans. Veh. Technol 56 (2007), 3442–3456.
J. K. Liu, T. H. Yuen, M. H. Au, and W. Susilo. 2014. Improvements on an authentication scheme for vehicular sensor
networks. Expert Systems with Applications 41, 5 (2014), 2559–2564.
Y. Liu, L. Wang, and H. Chen. 2015. Message authentication using proxy vehicles in vehicular ad hoc networks. IEEE
Transactions on Vehicular Technology 64, 8 (August 2015), 3697–3710.
Y. Mu, J. Zhang, V. Varadharajan, and Y. Lin. 2003. Robust non-interactive oblivious transfer. IEEE Communications Letters
7, 4 (April 2003), 153–155. https://doi.org/10.1109/LCOMM.2003.811213
Y. Pan, J. Li, L. Feng, and B. Xu. 2011. An analytical model for random changing pseudonyms scheme in VANETs. In
Proceedings of the International Conference on Network Computing & Information Security. 141–145. https://doi.org/10.
1109/NCIS.2011.127
A. P. Pljonkin. 2019. Vulnerability of the synchronization process in the quantum key distribution system. International
Journal of Cloud Applications and Computing 9, 1 (2019), 50–58. https://doi.org/10.4018/IJCAC.2019010104
S. M. Pournaghi, B. Zahednejad, M. Bayat, and Y. Farjami. 2018. NECPPA: A novel and ecient conditional privacy-
preserving authentication scheme for VANET. Computer Networks 134, 7 (April 2018), 78–92.
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.
85:18 Y. Liang et al.
M. Raya and J. Hubaux. 2005. The security of vehicular ad hoc networks. In Proceedings of the 3rd ACM Workshop on Security
of ad Hoc and Sensor Networks. ACM Press, 11–21.
J. Shao, X. Lin, R. Lu, and C. Zuo. 2016. A threshold anonymous authentication protocol for VANETs. IEEE Transactions on
Vehicular Technology 65, 3 (March 2016), 1711–1720. https://doi.org/10.1109/TVT.2015.2405853
K. A. Shim. 2012. An ecient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE
Transactions on Vehicular Technology 61, 4 (May 2012), 1874–1883. https://doi.org/10.1109/TVT.2012.2186992
J. Song, Y. Liu, J. Shao, and C. Tang. 2020. A dynamic membership data aggregation (DMDA) protocol for smart grid. IEEE
Systems Journal 14, 1 (March 2020), 900–908. https://doi.org/10.1109/JSYST.2019.2912415
B. Wang, Y. Wang, R. Chen, and F. Li. 2019. A practical authentication framework for VANETs. Security and Communication
Networks 2019 (May 2019), 1–11. https://doi.org/10.1155/2019/4752612
X. Wang, X. Kuang, J. Li, J. Li, X. Chen, and Z. Liu. 2020. Oblivious transfer for privacy-preserving in VANET’s feature
matching. IEEE Transactions on Intelligent Transportation Systems, 22, 7 (2020), 4359–4366.
Y. Wang, H. Zhong, Y. Xu, J. Cui, and F. Guo. 2016. Ecient extensible conditional privacy-preserving authentication
scheme supporting batch verication for VANETs. Security and Communication Networks 9, 18 (2016), 5460–5471.
Y. Xu, Y. Xun, I. Khalil, Y. Zeng, X. Huang, S. Nepal, X. Yang, and H. Cui. 2019. A lightweight authentication scheme for
vehicular ad hoc networks based on MSR. Vehicular Communications 15 (January 2019), 16–27.
C. Zhang, R. Lu, X. Lin, P. H. Ho, and X. Shen. 2008. An ecient identity-based batch verication scheme for vehicular
sensor networks. In Proceedings of the IEEE INFOCOM 2008-The 27th Conference on Computer Communications. IEEE,
246–250.
L. Zhang, Q. Wu, A. Solanas, and J. Domingo-Ferrer. 2010. A scalable robust authentication protocol for secure vehicular
communications. IEEE Transactions on Vehicular Technology 59, 4 (May 2010), 1606–1617. https://doi.org/10.1109/TVT.
2009.2038222
Z. Zhao, J. Chen, Y. Zhang, and L. Dang. 2015. An ecient revocable group signature scheme in vehicular ad hoc networks.
Ksii Transactions on Internet & Information Systems 9, 10 (October 2015), 4250–4267.
H. Zhu, X. Y. He, X. M. Liu, and H. Li. 2015. PTFA: A secure and privacy-preserving trac ow analysis scheme for
intelligent transportation system. International Journal of Embedded Systems 8, 1 (December 2015), 8–86.
Received 1 August 2020; revised 17 September 2020; accepted 16 October 2020
ACM Transactions on Internet Technology, Vol. 22, No. 4, Article 85. Publication date: December 2022.