Next Article in Journal
Self-oscillating Water Chemiluminescence Modes and Reactive Oxygen Species Generation Induced by Laser Irradiation; Effect of the Exclusion Zone Created by Nafion
Next Article in Special Issue
Detection and Modeling of Cyber Attacks with Petri Nets
Previous Article in Journal
Application of Entropy and Fractal Dimension Analyses to the Pattern Recognition of Contaminated Fish Responses in Aquaculture
Previous Article in Special Issue
Block Access Token Renewal Scheme Based on Secret Sharing in Apache Hadoop

2014, 16(11), 6152-6165; https://doi.org/10.3390/e16116152

Article
Improving the Authentication Scheme and Access Control Protocol for VANETs
by Wei-Chen Wu 1,2,* and Yi-Ming Chen 2
1
Computer Center, Hsin Sheng Junior College of Medical Care and Management, No. 418, Kaoping Village, Lungtan Township, Taoyuan County 32544, Taiwan
2
Department of Information Management, National Central University, No. 300, Jhongda Rd., Jhongli City, Taoyuan County 32001, Taiwan
*
Author to whom correspondence should be addressed.
Received: 10 August 2014; in revised form: 25 September 2014 / Accepted: 4 November 2014 / Published: 19 November 2014

Abstract

:
Privacy and security are very important in vehicular ad hoc networks (VANETs). VANETs are negatively affected by any malicious user’s behaviors, such as bogus information and replay attacks on the disseminated messages. Among various security threats, privacy preservation is one of the new challenges of protecting users’ private information. Existing authentication protocols to secure VANETs raise challenges, such as certificate distribution and reduction of the strong reliance on tamper-proof devices. In 2011, Yeh et al. proposed a PAACP: a portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks. However, PAACP in the authorization phase is breakable and cannot maintain privacy in VANETs. In this paper, we present a cryptanalysis of an attachable blind signature and demonstrate that the PAACP’s authorized credential (AC) is not secure and private, even if the AC is secretly stored in a tamper-proof device. An eavesdropper can construct an AC from an intercepted blind document. Any eavesdropper can determine who has which access privileges to access which service. For this reason, this paper copes with these challenges and proposes an efficient scheme. We conclude that an improving authentication scheme and access control protocol for VANETs not only resolves the problems that have appeared, but also is more secure and efficient.
Keywords:
vehicular ad hoc networks (VANETs); cryptanalysis; privacy; authentication; access control

1. Introduction

VANETs are a special case of mobile ad hoc networks (MANETs) that aim to enhance the safety and efficiency of road traffic [14]. A number of distinguishing features and limitations are related to the very nature of wireless communications in VANETs and the rapid movement of the vehicles involved in those communications. Compared to wired or other wireless networks, VANETs are very dynamic and their communications are volatile. In these networks, nodes are vehicles equipped with communication devices, known as on-board units (OBUs), and, depending on the applications, OBUs are used to establish communications with other vehicles or roadside units (RSUs), such as traffic lights or traffic signs.
In recent years, several research works on VANETs have been conducted by academics and various industries. Recently, some of these works addressed the security issues. As an instance of MANET, VANETs might suffer from any malicious user behaviors, such as bogus information and replay attacks on the disseminated messages. Among various security threats, privacy preservation in VANETs is one of the new challenges of protecting users’ private information. For instance, Chen and Wei proposed a safe, distance-based location privacy scheme called SafeAnon [5,6]. By simulating vehicular mobility in a cropped Manhattan map, they evaluated the performance of the SafeAnon scheme under various conditions to show that it could simultaneously achieve location privacy, as well as traffic safety. However, as Chen and Wei focused on the issues of the vehicles’ location privacy, little emphasis was put on the initial authentication phase of communications among vehicles.
In 2005, Raya et al. [7] first proposed a solution that mentioned both the security and privacy issues of safety-related applications. Wang and others reviewed Raya and Hubaux’s communication scheme in 2008 [8] and argued that Raya and Hubaux paid a great deal of attention to safety-related applications, such as emergency warnings, lane changing assistance, intersection coordination, traffic-sign violation warnings and road-condition warnings [9], but non-safety-related applications were neglected. In Raya and Hubaux’s communication scheme, Safety messages do not contain any sensitive information. However, VANETs also provide non-safety applications that offer maps [10,11], advertisements and entertainment information [12].
Similar to safety applications, non-safety applications in VANETs have to take both security and privacy issues into consideration. In addition, designing a practical non-safety application for VANETs should take the following requirements into consideration [13,14]:
Mutual authentication: providing mutual authentication between the two communicating parties, such as a vehicle-to-roadside communication device.
Context privacy: allowing mobile vehicles to anonymously interact with roadside devices to access services.
Lower computational cost: a system must have light overhead in terms of computational costs and high efficiency.
Session key agreement: generating dynamic session keys to secure the communication between nodes in VANETs.
Differentiated service access control: providing several services with different levels of access privileges for different users’ requirements.
Confidentiality and integrity: providing data confidentiality and integrity in applications of communications.
Preventing eavesdropping: an intruder cannot be allowed to discover valuable information from communications between members in VANETs.
Scalability: coping with the large-scale and dynamic environment presented by VANETs.
In 2008, Li et al. proposed a secure and efficient communication scheme named SECSPP [14] that employs authenticated key establishment for non-safety applications in VANETs. SECSPP is the first security scheme with explicit authentication procedures for non-safety applications. However, the speed of a vehicle can be extremely high in SECSPP. It is possible that the response sent from the service provider (SP) has not yet arrived, but the requesting vehicle has passed the RSUs’ transmission range. Moreover, all requests made by non-safety applications must first be verified by the proper SP, which will become a bottleneck of SECSPP. The scalability issue rises in a popular SP if a large number of requests are made.
In 2011, Yeh et al. [13] proposed a PAACP: a portable privacy-preserving authentication and access control protocol for vehicular ad hoc networks. However, in the authorization phase, a PAACP is breakable and cannot maintain privacy in VANETs. Recently, Wu et al. [15] presented a cryptanalysis of an attachable blind signature and demonstrate that the PAACP’s authorized credential (AC) is not secure and private, even if the AC is secretly stored in a tamper-proof device. This is because an eavesdropper is able to construct an AC from an intercepted blind document. Consequently, PAACP in the authorization phase is breakable and cannot maintain privacy in VANETs. Any outsiders can determine who has which access privileges to access which service. In addition, this paper efficiently copes with these challenges and proposes an efficient scheme. We conclude that improving an authentication scheme and access control protocol for VANETs will not only resolve the problems that have appeared, but will also be secure and efficient.
The remainder of this paper is organized as follows. Section 2 reviews the cryptanalysis of a PAACP. Section 3 introduces an improved scheme. In Section 4, we compare the performance of our schemes with PAACP and SECSPP and analyze various aspects of the security of our scheme. Finally, we conclude this paper and indicate some directions for future research in Section 5.

2. Cryptanalysis of A PAACP

In 2011, Yeh et al. [13] proposed a novel portable privacy-preserving authentication and access control protocol for vehicular ad hoc networks. To eliminate the communication with service providers, they proposed a novel portable access control method to store a portable service right list (SRL) into each vehicle, instead of keeping the SRLs with the service providers. In order to assure the validity and privacy of an SRL and prevent privilege elevation attacks, an attachable blind signature is used by PPACP. Recently, Wu et al. [15] proposed a cryptanalysis of an attachable blind signature and demonstrated that the PAACP’s authorized credential (AC) is not secure and private, even if the AC is secretly stored in a tamper-proof device. Their analysis showed that in PAACP, an eavesdropper can construct the AC from an intercepted blind document. As a result, PAACP in the authorization phase is breakable, and as any outsider can determine who has which access privileges to access which service, the privacy of users in PAACP’s scheme is jeopardized. Wu et al. presented Cryptanalysis 1, which shows that m′ cannot keep privacy, and Cryptanalysis 2 shows that an intruder can use public key PKSt of the St to compute authorized credential A C i S t. The notation used throughout the remainder of this paper is shown in Table 1.
Cryptanalysis 1. To acquire a message m′, an intruder can eavesdrop on the two blind documents BD1, BD2 in the (User → Signer) channel and also eavesdrop on B D 1 , B D 2 in the (SignerUser) channel. After stealing BD1, BD2, B D 1 and B D 2 , the intruder can use public key e of the signer to compute the following equation:
( B D 1 B D 2 ) e ( B D 1 B D 2 ) = m
Cryptanalysis 2. Similarly, to acquire authorized credential A C i V i and A C i S t, an intruder can eavesdrop on the two blind documents BD1i, BD2i in the (VehicleService Provider) channel and also eavesdrop on B D 1 i , B D 2 i in the (Service ProviderVehicle) channel. After stealing BD1i, BD2i, B D 1 i and B D 2 i , the intruder can use public key PKSt of the Service Provider to compute the following equation:
( B D 1 i B D 2 i ) ( B D 1 i B D 2 i ) = A C i S t
Finally, according to ( A C i * ) P K S t = A C i V i = A C i S t, A C i S t is equal to A C i V i, where A C i * consists of both A C i V i and A C i S t. Yeh et al. [13] claimed that an attachable blind signature can keep privacy; no one could comprehend the access privileges in A C i V i, and no one can realize who is accessing those services. On the basis of our cryptanalysis, A C i S t = { S I D t T exp i r e d S R L i S t } and A C i V i = { S I D t T exp i r e d S R L i V i } could be comprehended by outsiders who could then decode the service right lists S R L i S t and S R L i V i, respectively In a previous description, the service right list is as the following equation:
S R L i V i = { S V I D 1 A R 1 S V I D 2 A R 2 S V I D k A R k }
where SVIDk denotes the index of the k-th service and ARk represents the granted access privileges of SVIDk. Hence, anyone can determine who has which access privileges to access which service even if A C i * is secretly stored in a tamper-proof device.

3. Improved Scheme

In this section, we propose an improved scheme and offer an efficient authentication and access control protocol for VANETs. The security of this scheme depends on a secure one-way hash function, not the use of an attachable blind signature. This scheme consists of three phases: the registration phase, the authentication phase and the access phase. We demonstrate our scheme as follows.

3.1. The Registration Phase

A vehicle Vi creates a service right list S R L i V i and an authorized credential A C i V i, just as Yeh et al. proposed. Let x be a secret key maintained by the service provider St, and let h() be a secure one-way hash function with a fixed-length output. The registration phase is performed over a secure channel.
  • ViSt : VIDi, A C i V i
    A Vi, who submits his/her identity VIDi and his/her A C i V i to the St for registration.
  • StVi : h(), ei
    The St also creates S R L i S t and A C i S t as Yeh et al. proposed. The St then computes Vi’s secret information yi = h(VIDi, x) and e i = y i A C i S t A C i V i and writes h() and ei into the smart card of on-board units (OBUs) and issues the card to Vi.
  • StRj : yi, A C i S t
    The St also performs a multicast to send messages yi and A C i S t to their road side units (RSUs) Rj.

3.2. The Authentication Phase

After Vi sends an authentication request message to the St, the St and Vi will execute a mutual authentication between the vehicle and the service provider. First, let Ek(·)/Dk(·) be a symmetric encryption/decryption function with secret k, respectively.
  • ViSt : VIDi, C, Ni
    When Vi wishes to access services provided by St, Vi generates a nonce Ni, where Ni is a random and fresh number. Then, Vi computes C = h ( e i A C i V i , N i ) and sends an authentication request message (VIDi, C, Ni) to the St.
  • StVi : M
    After receiving the authentication request message (VIDi,C, Ni), the St and Vi execute the following steps to facilitate a mutual authentication between the vehicle and the service provider. The St performs the following operations:
    Verifies that VIDi is a valid vehicle identity. If not, the authentication request is rejected.
    Computes y i = h ( V I D i , x ) and verifies whether y i = y i . If the verification fails, the request is rejected.
    Checks whether it received C = h ( y i A C i S t , N i ). If not, the request is rejected; otherwise, the request proceeds to the next step.
    Generates a nonce Ns, where Ns is a random and fresh number.
    Encrypts the message M = E y i A C i S t { N s , N i , A C i S t } and sends it back.
    After Vi receives the message M, Vi will decrypt the message D e i A C i V i { M } to derive ( N i , N s , A C i S t ) and verify whether N i = N i. If the answer is yes, the mutual authentication is done. The portable authorized credential is A C i = A C i V i A C i S t, and we propose that A C i V i is not equal to A C i S t. Either St may reduce access privileges for some reason (for example, not paying before the deadline or breaking a contract) or Vi may disable access privileges himself/herself for some reason (for example, privacy issue or lower communication costs). Therefore, ACi is A C i V i and performs an exclusive operation with A C i S t that is reasonable and makes sense.

3.3. The Access Phase

This phase is based on the key exchange protocol proposed by Diffie et al. [16]. It is used to encrypt an individual conversation with a session key The lifespan of a session key is the period of a particular communication session. A new session phase involves two public parameters, q and α, where q is a large prime number and α is a primitive element mod q. After Vi sends a service request to its neighboring Rj, Rj will verify the authorized credential ACi by itself without further communication with St. According to the access privileges stored in the authorized credential A C i S t, Rj could decide whether Vi’s request is accepted or not. Furthermore, Rj could detect whether Vi is launching an elevation of privilege (EoP) attack.
  • ViRj : Wi
    Vi computes W i = a r v i mod q and sends Wi to Rj, where r v i is a random number.
  • RjVi : Si
    Similarly, Rj computes S i = a r R j mod q and sends Si to Vi, where r R i is a random number. Vi computes K V = ( S i ) r v i mod q, and Rj computes K R = ( W i ) r R j mod q. Then, both of them check whether KV =KR. If yes, a new session will be created. This is because:
    Session key = ( S i ) r v i mod q = ( α r R j mod q ) r v i mod q = ( α r R j r v i ) mod q = ( α r v i mod q ) r R j mod q = ( W i ) r R j mod q
  • ViRj : (Service request message)
    If Vi wants to access service, it encrypts E K V ( S V I D 1 A C i ) with KV as the service request message and sends it to Rj. After Rj receives the message, Rj will decrypt the message:
    D K R ( E K V ( S V I D 1 A C i ) )
    with KR to gain (SVID1 || ACi) and then derive ACi and SVID1, because of KV = KR. When Rj derives ACi, Rj verifies it and is then convinced that Vi is a legal user.
  • ViRj : (Service request message)nth
    When Vi continues to access the n-th service, it encrypts the n-th service request message E K V + n ( S V I D n A C i ) with KV + n and sends it to Rj. After Rj receives the n-th service request message, Rj will decrypt the message:
    D K R + n ( E K V + n ( S V I D n A C i ) )
    with KR + n to derive ACi and SVIDn. Rj examines whether SIDt, as well as SVIDn are included in A C i S t and checks the validity of the authorized credential by Texpired. If the verification succeeds, ACi is legitimate and Vi is authorized; otherwise, Rj terminates this session.

4. Analysis of the New Scheme

In this section, we roughly compare the security properties and performance of the related mechanisms discussed. The security properties comparisons between PAACP, SECSPP and our scheme in the authentication phase and access phase are shown in Table 1. The performance comparisons are shown in Table 2.

4.1. Comparison

Table 1 lists important security properties in VANETs based on Yeh et al.’s proposals. As mentioned, with PAACP, an attachable blind signature, is breakable and cannot maintain privacy, and the PAACP’s AC is not secure, even if the AC is secretly stored in a tamper-proof device. An eavesdropper is able to construct the AC from an intercepted blind document. Any outsiders in VANETs can know who has which access privileges to access which service. Consequently, PAACP cannot still satisfy context privacy properly.

4.2. Performance

Since the computational load of the PKI (Public Key Infrastructure) cryptosystem is a heavy burden for all communicating nodes in the PPACP and SECSPP, we propose an efficient version without PKI cryptosystems. Furthermore, the speed of encryption/decryption with symmetric encryption schemes is faster than with asymmetric ones, namely PKI cryptosystems. For instance, it is known that DES (Data Encryption Standard) is 100-times faster than RSA in software and 1000-times faster in hardware [17]. Consequently, we treat the computational load of a PKI operation as that of 100 symmetric operations. As listed in Table 3, the PPACP needs nearly 702 symmetric operations and SECSPP needs 740 symmetric operations in the related work, while it requires about 124 symmetric operations in our scheme. Moreover, it takes 0.0005 s to complete a one-way hash operation and 0.0087 s to finish a symmetric en-/de-cryption. We hence ignore the computational load of the one-way hash function, since it is quite lighter than that of a symmetric en-/de-cryption [18]. As a result, computational loads can be reduced to 1.0788 s in our scheme.
The following is based on the computation method in PAACP. Assume that n vehicles in the VANET request the services of the same services provider at the same time and the locations where these service requests are invoked are uniformly distributed within m RSUs. The transmission delay Ttrans_delay is the time in seconds to deliver a message from a vehicle, which is forwarded to the service provider by an RSU. The waiting time Twaiting consists of the round-trip transmission delay and the time spent on verification by the service provider. In SECSPP, the average waiting time Twaiting for a requesting vehicle can be estimated as:
T w a i t i n g = 2 × T t r a n s d e l a y + ( n + 1 ) 2 * T A c c s s v e r i f i c a t i o n
In PAACP and our scheme, the average waiting time Twaiting for a requesting vehicle can be estimated as:
T w a i t i n g = { ( n / m + 1 ) 2 × T A c c s s v e r i f i c a t i o n , if n > m T A c c s s v e r i f i c a t i o n , otherwise
In a uniform distribution of locations, the average number of requests pending in each RSU will be n m. Therefore, the average time spent for request verification in an RSU is ( n / m + 1 ) 2 × T A c c s s v e r i f i c a t i o n. Figure 1 shows that when m is equal to 10, the average waiting time Twaiting for a service request from vehicle n increases from 1 to 50. Figures 2, 3 and 4 show that the average waiting time Twaiting for a service request from vehicle n increases from 1 to 100 when m is equal to 10, 30 and 50, respectively. As Figure 2 shows, when 100 vehicles are requesting the desired services, the average waiting time Twaiting to finish the authentication in PAACP is 14.32 s. In our scheme, the average waiting time Twaiting is about 5.73 s. Similarly, as shown in Figure 3, our scheme takes about 2.28 s, compared to about 5.65 s for PAACP. Finally, our scheme takes about 1.59 s, compared to PAACP’s average of about 3.94 s, as shown in Figure 4. In summary, the average waiting time Twaiting decreases when RSU increases.

4.3. Security Analysis

The other security features of our new scheme are also discussed below:
Forward secrecy: This security means that before a Vi wants to access the (n + 1)-th service, he/she cannot decrypt the service request message that existed prior to his/her session key KV + n. Our scheme can attain forward secrecy because, if a Vi requests next (Service request message)(n+1)−th, then a new KV + (n + 1) will be generated by the (n + 1)-th service.
Backward secrecy: After a user logs out of the server, he/she cannot receive any services belonging to the left server. After a Vi accesses the n-th service, he/she cannot decrypt the service request message that existed posterior to his/her session key KV + (n + 1). Our scheme can attain backward secrecy, because after a Vi requests next (Service request message)(n+1)−th, the session key KV + (n + 1) will be generated, and the KV + (n) will be invalid.
Authentication: A Vi must submit his or her authentication request message (VIDi, C, Ni) to the service provider St, and then, the St acknowledges the Vi. After receiving the authentication request message, the St encrypts the message M = E y i A C i S t { N s , N i , A C i S t } to facilitate a mutual authentication between the vehicle and the service provider.
Authorization: In the registration phase, the service provider creates a service right list by the following equation:
S R L i V i = { S V I D 1 A R 1 S V I D 2 A R 2 S V I D k A R k }
where SVIDk denotes the index of the k-th service and ARk represents the granted access privileges of SVIDk. Hence, anyone can determine who has which access privileges to access which service. Only valid Vi can encrypt E K V ( S V I D 1 A C i ) with KV. After Rj receives E K V ( S V I D 1 A C i ), Rj will decrypt the message: D K R ( E K V ( S V I D 1 A C i ) ) with KR to gain (SVID1 || ACi) and then derive ACi and SVID1, because of KV = KR.
Replay attack: In the registration phase, a Vi submits his/her registration information over a secure channel, so there are not any replay attack issues. In the authorization phase, an old message was eavesdropped by an attacker. He/she may try to replay the old message (VIDi, C, Ni). It may fail because it is not always the same, and the nonce Ni s a random number that is generated and has a value that has not been used before, to avoid replay attack and the serious time synchronization problem.

5. Conclusion

In this paper, we review a cryptanalysis of an attachable blind signature and demonstrate that the PAACP’s AC is not secure and private, even if the AC is secretly stored in a tamper-proof device. An eavesdropper can construct the AC from an intercepted blind document. Consequently, during the authorization phase, PAACP is breakable and cannot maintain privacy in VANETs. Consequently, any outsiders can determine who has which access privileges to access which service.
Furthermore, this paper efficiently copes with these challenges and proposes an efficient scheme. We conclude that an improved authentication scheme and access control protocol for VANETs not only resolves the documented problems, but also is secure and efficient. Compared with PAACP and SECSPP, our scheme achieves more functionality and satisfies the security features required by VANETs. Future research can focus on the many commercial applications [1923].

Author Contributions

Wei-Chen Wu was responsible for planning, design, analysis and writing the manuscript. Yi-Ming Chen reviewed the manuscript. Both authors have read and approved the final manuscript.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Chung, Y.; Choi, S.; Won, D. Lightweight anonymous authentication scheme with unlinkability in global mobility networks. J. Converg. 2013, 4, 23–29. [Google Scholar]
  2. Taysi, Z.C.; Yavuz, A.G. ETSI compliant GeoNetworking protocol layer implementation for IVC simulations. Hum.-Centric Comput. Inf. Sci. 2013, 3, 1–12. [Google Scholar]
  3. Singh, R.; Singh, P.; Duhan, M. An effective implementation of security based algorithmic approach in mobile adhoc networks. Hum.-Centric Comput. Inf. Sci. 2014, 4, 1–14. [Google Scholar]
  4. Peng, K. A secure network for mobile wireless service. J. Inf. Process. Syst. 2013, 9, 247–258. [Google Scholar]
  5. Chen, Y.M.; Wei, Y.C. SafeAnon: A safe location privacy scheme for vehicular networks. Telecommun. Syst. 2012, 50, 339–354. [Google Scholar]
  6. Wei, Y.C.; Chen, Y.M. Safe distance based location privacy in vehicular networks, In Proceedings of the 2010 IEEE 71st Vehicular Technology Conference (VTC 2010-Spring), Taipei, Taiwan, 16–19 May 2010; pp. 1–5.
  7. Raya, M.; Hubaux, J. The security of vehicular ad hoc networks, In Proceedings of the 3rd ACM Workshop on Security of Ad hoc and Sensor Networks, Alexandria, VA, USA, 7–10 November 2005.
  8. Wang, N.; Huang, Y.; Chen, W. A novel secure communication scheme in vehicular ad hoc networks. Comput. Commun. 2008, 31, 2827–2837. [Google Scholar]
  9. Wischhof, L.; Ebner, A.; Rohling, H. Information dissemination in self-organizing intervehicle networks. IEEE Trans. Intell. Transp. Syst. 2005, 6, 90–101. [Google Scholar]
  10. Isaac, J.; Camara, J.; Zeadally, S.; Marquez, J. A secure vehicle-to-roadside communication payment protocol in vehicular ad hoc networks. Comput. Commun. 2008, 31, 2478–2484. [Google Scholar]
  11. Yousefi, S.; Mousavi, M.; Fathy, M. Vehicular ad hoc networks (VANETs): Challenges and perspectives, In Proceedings of the 6th International Conference on ITS Telecommunications, Chengdu, China, 21–23 June 2006; pp. 761–766.
  12. Zhang, C.; Lin, X.; Lu, R.; Ho, P.; Shen, X. An efficient message authentication scheme for vehicular communications. IEEE Trans. Veh. Tech. 2008, 57, 3357–3368. [Google Scholar]
  13. Yeh, L.; Chen, Y.; Huang, J. PAACP: A portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks. Comput. Commun. 2011, 34, 447–456. [Google Scholar]
  14. Li, C.; Hwang, M.; Chu, Y. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Comput. Commun. 2008, 31, 2803–2814. [Google Scholar]
  15. Wu, W.; Chen, Y. Cryptanalysis of a PAACP: A portable privacy-preserving authentication and access control protocol in Vehicular Ad Hoc Networks. Appl. Math. Inf. Sci. 2012, 6, 463S–469S. [Google Scholar]
  16. Diffie, W.; Hellman, M. New directions in cryptography. IEEE Trans. Inf. Theory. 1976, 22, 644–654. [Google Scholar]
  17. Schneier, B. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed; John Wiley & Sons: New York, NY, USA, 1996. [Google Scholar]
  18. Chen, H.B.; Hsueh, S.C. Light-weight authentication and billing in mobile communications, In Proceedings of the IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, Taiwan, 4–16 October 2003; pp. 245–252.
  19. Kim, H.I.; Kim, Y.K.; Chang, J.W. A grid-based cloaking area creation scheme for continuous LBS queries in distributed systems. J. Converg. 2013, 4, 23–30. [Google Scholar]
  20. Oh, J.S.; Park, C.U.; Lee, S.B. NFC-based mobile payment service adoption and diffusion. J. Converg. 2014, 5, 8–14. [Google Scholar]
  21. Følstad, A.; Hornbæk, K.; Ulleberg, P. Social design feedback: Evaluations with users in online ad-hoc groups. Hum.-Centric Comput. Inf. Sci. 2013, 3, 1–27. [Google Scholar]
  22. Park, S.W.; Lee, I.Y. Anonymous authentication scheme based on NTRU for the protection of payment information in NFC mobile environment. J. Inf. Process. Syst. 2013, 9, 461–476. [Google Scholar]
  23. Gohar, M.; Koh, SJ. A network-based handover scheme in HIP-based mobile metworks. J. Inf. Process. Syst. 2013, 9, 651–659. [Google Scholar]
Figure 1. Average waiting time when m is equal to 10.
Figure 1. Average waiting time when m is equal to 10.
Entropy 16 06152f1
Figure 2. Average waiting time when m is equal to 10.
Figure 2. Average waiting time when m is equal to 10.
Entropy 16 06152f2
Figure 3. Average waiting time when m is equal to 30.
Figure 3. Average waiting time when m is equal to 30.
Entropy 16 06152f3
Figure 4. Average waiting time when m is equal to 50.
Figure 4. Average waiting time when m is equal to 50.
Entropy 16 06152f4
Table 1. Notation used in the remainder of the paper.
Table 1. Notation used in the remainder of the paper.
NotationDescription
Vithe i-th vehicle
VIDii-th vehicular node’s real identification
Stthe t-th service provider
SIDtt-th service provider’s real identification
SVIDkk-th service’s identification
ARkthe access privilege of SVIDk
ACiauthorized credential for vehicle Vi
A C i S t, A C i V iauthorized credential made by St and Vi, respectively
A C i *portable authorized credential for vehicle Vi
S R L S t, S R L V iservice right list made by St and Vi, respectively
Dk()a corresponding symmetric cryptosystem that uses the secret key k for decryption
Ek()a secure symmetric cryptosystem that uses the secret key k for encryption
Nifresh nonce, randomly generated by VIDi
Nsfresh nonce, randomly generated by the service provider
h()a collision-free and public one-way hash function
||a string concatenation
XY :Za sender X sends a message Z to receiver Y
Table 2. Comparison of security features.
Table 2. Comparison of security features.
RequirementsOur SchemePAACPSECSPP
Mutual AuthenticationYesYesYes
Context PrivacyYesNoYes
Session Key AgreementYesYesPartially Yes
Differentiated Service Access ControlYesYesNo
Confidentiality and IntegrityYesYesN/A
Preventing EavesdroppingYesNoYes
ScalabilityFully DistributedFully DistributedBottleneck at Service
Lower Communication and Computational CostLowHighExtremely High
a: In PAACP, authorized credential (AC) is not secure and private; b: In SECSPP, the session key TSK is determined by V and S, not V and R.
Table 3. Comparison of efficiency.
Table 3. Comparison of efficiency.
Our SchemePAACPSECSPP
Authorization Phase2Tsym + 2Thash+ 5Txor4Tasym + Thash2Tasym + 2Texp+ 3Thash + 4Txor
Access Service Phase2Tsym + 2Texp+ 3Txor3Tasym + 2Tsym+ Thash3Tasym + 2Texp+ 6Thash + 5Txor
Computational Costs≈ 124Tsym≈ 702Tsym≈ 740Tsym
Rounds435
Authorization (TAuthorization)≈ 0.0174s≈ 3.48s≈ 2.784s
Access Service (TAccss verification)≈ 1.0614s≈ 2.6274s≈ 3.654s
Total Costs≈ 1.0788s≈ 6.1074s≈ 6.438s
Thash: Computational cost of one-way function; Txor: Computational cost of Exclusive-OR operation; Tsym: Computational cost of symmetric encryption; Tasym: Computational cost of asymmetric operation; Texp: Computational cost of modular exponentiation
Back to TopTop