2327-4662 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2019.2938008, IEEE Internet of
Things Journal
JOURNAL OF L
A
T
E
X CLASS FILES, VOL. XX, NO. XX, XX XXXX 3
VI.
II. BACKGROUND
A typical IoV infrastructure includes trusted authority (TA),
RSUs, and OBUs deployed inside vehicles [7], [10], [30], [31],
[32].
• TA: The TA is considered fully trusted by all parts in
the IoV and has plenty of communication, computation
and storage capabilities. In addition, TA is in charge of
the computation of system parameters and enrollment of
vehicles and RSUs. After successfully completing their
enrollment, TA computes the system parameters of IoV
and issues them to the vehicles and RSUs offline. Once a
malicious vehicle broadcasts bogus messages to mislead
nearby RSUs or other vehicles, the TA can recover the
vehicle owner’s identity from its transmitted information.
Hence, the TA can be a government entity or a trusted
organizational entity.
• RSUs: RSUs are immobile infrastructures that stay on the
roadside. RSUs serve the function of a bridge between
vehicles and the TA and use the DSRC protocol for
V2V (i.e., vehicle-to-vehicle) and V2R (i.e., vehicle-
to-RSU) wireless communications. They can verify the
traffic messages from vehicles and process them locally
or forward them to TA. RSUs are generally semi-trusted,
and the TA can detect them and then reset or remove an
RSU once it is found to be compromised.
• Vehicles: Each vehicle is deployed with an OBU, which
allows it to intercommunicate wirelessly with RSUs and
vehicles via DSRC protocol. Every OBU has a tamper-
proof device (TPD) to safeguard the memorized secret
information, e.g., secret keys and location information
from the global positioning system (GPS), etc.
Here, we will review two key cryptographic primitives
used in the proposed CL-CPPA protocol, namely, the discrete
logarithm (DL) problem and computational Diffie-Hellman
(CDH) problem [33].
• Discrete Logarithm (DL) Problem: For an element y ∈
G, the DL challenge is to be able to compute x ∈ Z
∗
q
such that y = g
x
holds, where g is the generator of G and
q is the order of G, respectively. For a random logarithm,
it is generally expected that the correct solution can be
obtained after checking half of all possible x values. In
other words, the complexity is O(|G|) steps, where |G| is
the cardinality of the group. To avoid brute-force attacks
on DL-based cryptosystems in practice, the cardinality
|G| of the underlying group must be sufficiently large
[34].
• Computational Diffie-Hellman (CDH) Problem: For
two elements g
a
, g
b
∈ G with two unknown elements
a, b ∈ Z
∗
q
, the CDH problem is to compute g
a·b
∈ G.
According to the literature [11], [12], [16], [17], [35], [36],
a secure CPPA solution for IoV should satisfy the following
security and privacy requirements.
1) Message Authentication: The messages sent from vehi-
cles should be authenticated by the receivers (i.e., RSUs
and other vehicles), and the receivers should be capable of
detecting the modification or forgery of received message.
2) Conditional Privacy-Preserving (or Traceability):
With the exception of TA, no entity (i.e., RSUs, vehicles
and other third participants) can track or extract the
vehicle’s true identity with the messages issued from
a specific vehicle. The TA can track the vehicle’s
true identity by analyzing the messages when it is
determined that a malicious vehicle transmits a false
or modified message to mislead others. Therefore, the
privacy-preserving is conditional for TA.
3) Certificate-Less: To achieve better performance and fea-
sibility in the IoV system, it is desired to support a
certificate-less CPPA scheme, where the vehicles does not
need to store any certificates for authentication and the
Trusted Authority (TA) does not need the certificates to
recover the real identity of malicious vehicles either. This
is because the overhead and complexity of certificates
management by TA increase with the number of vehicles.
In addtion, the certificate verification on the receiver
end is quite costly and not efficient in the VANET
system, since the vehicles broadcast traffic messages very
frequently.
4) Unlinkability: No entity (i.e., RSUs, vehicles and other
third-party participants) can identify a vehicle simply by
analyzing its broadcasted messages; that is, they cannot
link and determine whether two messages are issued from
the same vehicle.
5) The Secerecy of Master Keys: Although every vehicle
or RSU is installed with a tamper-proof device, the
highly-motivated adversary can extract the data stored in
the device by power analysis techniques [29]. Therefore,
it is very necessary to protect the master keys of VANETs
system safely.
6) Batch Authentication: Authenticating all messages re-
ceived by the receiver singly is not effective; hence,
batch authentication for the IoV system is an extremely
important and necessary property. In other words, a
verifier needs to be able to verify multiple messages from
several vehicles simultaneously since vehicles and RSUs
receive multiple messages within the same time interval
in practice [11].
7) Resilient to Message Modification Attack: The
attacker might send fabricated information in the IoV
system in order to reach its specific goal. For instance,
an attacker can transmit fabricated information about the
traffic condition to vehicles in the vicinity in order to
avoid the buildup of traffic or transmit different messages
to different vehicles in order to ‘lure’ the target vehicle
into a specific location.
8) Resilient to Impersonation Attack: Such attack is gen-
erally targeted at legitimate vehicles. It is run through
transmitting fabricated messages to vehicles in which
the attacker tries to impersonate as a honest vehicle
u
i
. This attack is executed to frame another vehicle,
say, u
i
, in the sense that when the TA discovers that
the transmitted messages are fabricated, the TA will
automatically associate u
i
as the originator of this attack.