Efficient Privacy-Preserving Data Sharing for Fog-Assisted Vehicular Sensor Networks
Abstract
:1. Introduction
1.1. Our Contributions
- First, the proposed EP${}^{2}$DS scheme exploits the super-increasing sequence [20] for achieving multi-dimensional data aggregation, while calculating the average sensory data in each road segment, greatly saving on the resources of communication and computation.
- Secondly, by utilizing the modified oblivious transfer [28], the proposed EP${}^{2}$DS scheme is able to query about the road conditions of the potential moving routes without disclosing the query location.
- Thirdly, an analysis of security indicates that the proposed EP${}^{2}$DS scheme is proven to be secure under elliptic curve discrete logarithm (ECDL) assumption in the random oracle model and satisfies all the requirements for security and privacy.
- Finally, the performances of computation and communication in costs are evaluated through quantitative calculations, with the results that the proposed EP${}^{2}$DS scheme is of more efficiency than others.
1.2. Organization
2. Related Works
3. Background
3.1. System Model
3.2. Security Requirement
3.3. Elliptic Curve
3.4. Security Assumption
4. The Proposed Scheme
4.1. System Initialization
- (1)
- $TA$ randomly chooses a large prime number p, and selects a non-singular elliptic curve E defined by ${y}^{2}={x}^{3}+ax+b\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}p$, where $a,b\in {F}_{p}$.
- (2)
- $TA$ picks a group $\mathbb{G}$ of E with the prime order q and a generator P.
- (3)
- $TA$ randomly chooses $s\in {\mathbb{Z}}_{q}^{*}$ as its master key and computes its public key ${P}_{pub}=sP$.
- (4)
- $TA$ chooses eight one-way hash functions ${H}_{i}:{\{0,1\}}^{*}\to {\mathbb{Z}}_{q}^{*}$, $i=1,2,\xb7\xb7\xb7,7$, ${H}_{8}:{\{0,1\}}^{*}\to \in {\{0,1\}}^{\left|d\right|-1}$.
- (5)
- $TA$ chooses a super-increasing sequence $\overrightarrow{a}=({a}_{1},{a}_{2},\xb7\xb7\xb7,{a}_{m})$, such that ${\sum}_{k=1}^{m}{a}_{k}3n\delta d<q$, ${\sum}_{k=1}^{i-1}{a}_{k}3n\delta d<{a}_{i}$ ($i=1,2,\xb7\xb7\xb7,m$), where ${a}_{1},{a}_{2},\xb7\xb7\xb7,{a}_{m}$ are large prime numbers and d is the maximum value of the data. Then, $TA$ assigns prime number ${a}_{k}$ towards segment k.
- (6)
- $TA$ publishes the system parameters $\{p,q,\mathbb{G},P,{P}_{pub},$ ${H}_{1},{H}_{2},{H}_{3},{H}_{4},{H}_{5},{H}_{6},{H}_{7},{H}_{8},\overrightarrow{a}\}$.
4.2. Registration
4.2.1. ${V}_{i}$ Registers with $TA$
- (1)
- ${V}_{i}$ sends the identity $I{D}_{i}$ to the $TA$ in secure channel.
- (2)
- After confirming the identity $I{D}_{i}$, $TA$ randomly chooses ${w}_{i}\in {\mathbb{Z}}_{q}^{*}$ and computes$$PI{D}_{i,1}={w}_{i}P,PI{D}_{i,2}=I{D}_{i}\oplus {H}_{1}({w}_{i}{P}_{pub},{t}_{i}),$$
- (3)
- $TA$ randomly chooses ${r}_{i}\in {\mathbb{Z}}_{q}^{*}$ and computes$${R}_{i}={r}_{i}P,{x}_{i}={r}_{i}+s{H}_{2}(PI{D}_{i},{R}_{i},{P}_{pub}).$$
- (4)
- $TA$ randomly chooses a sharing key $\phi \in {\{0,1\}}^{\left|d\right|-1}$, and transmits the pseudo identity $PI{D}_{i}$, the private key $({x}_{i},{R}_{i})$ and the sharing key $\phi $ to ${V}_{i}$ in a secure channel.
4.2.2. $F{N}_{j}$ Registers with $TA$
- (1)
- $F{N}_{j}$ sends the identity $I{D}_{F{N}_{j}}$ to the $TA$ in a secure channel.
- (2)
- $TA$ randomly chooses ${r}_{F{N}_{j}}\in {\mathbb{Z}}_{q}^{*}$ and computes$${R}_{F{N}_{j}}={r}_{F{N}_{j}}P,{x}_{F{N}_{j}}={r}_{F{N}_{j}}+s{H}_{3}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{P}_{pub}).$$
- (3)
- $TA$ sends the private key $({x}_{F{N}_{j}},{R}_{F{N}_{j}})$ to $F{N}_{j}$ in a secure channel.
4.2.3. $CC$ Registers with $TA$
- (1)
- $TA$ randomly chooses $x\in {\mathbb{Z}}_{q}^{*}$ and computes ${P}_{cc}=xP$.
- (2)
- $TA$ sends the private key x and public key ${P}_{cc}$ to $CC$ in a secure channel.
4.3. Data Collection
4.3.1. Data Gathering
- (1)
- ${V}_{i}$ formats $({d}_{i,1}^{j},{d}_{i,2}^{j},\xb7\xb7\xb7,{d}_{i,m}^{j})$ and $({e}_{i,1}^{j},{e}_{i,2}^{j},\xb7\xb7\xb7,{e}_{i,m}^{j})$ into ${d}_{i}^{j}={\sum}_{k=1}^{m}{a}_{k}({d}_{i,k}^{j}+\phi )$ and ${e}_{i}^{j}={\sum}_{k=1}^{m}{a}_{k}({e}_{i,k}^{j}+\phi )$.
- (2)
- ${V}_{i}$ randomly selects ${r}_{i}^{j}$, ${s}_{i}^{j}\in {\mathbb{Z}}_{q}^{*}$ and computes$${A}_{i}^{j}={r}_{i}^{j}P,{B}_{i}^{j}={d}_{i}^{j}P+{r}_{i}^{j}{P}_{cc},{C}_{i}^{j}={s}_{i}^{j}P,{D}_{i}^{j}={e}_{i}^{j}P+{s}_{i}^{j}{P}_{cc}.$$
- (3)
- ${V}_{i}$ randomly picks ${l}_{i}^{j}\in {\mathbb{Z}}_{q}^{*}$ and calculates$${L}_{i}^{j}={l}_{i}^{j}P,{\sigma}_{i}^{j}={x}_{i}+{l}_{i}^{j}{H}_{4}(PI{D}_{i},{R}_{i},{A}_{i}^{j},{B}_{i}^{j},{C}_{i}^{j},{D}_{i}^{j},{L}_{i}^{j},{T}_{i}^{j}),$$
- (4)
- ${V}_{i}$ transmits the data report $D{R}_{i}^{j}=\{PI{D}_{i},{R}_{i},{A}_{i}^{j},{B}_{i}^{j},$ ${C}_{i}^{j},{D}_{i}^{j},{L}_{i}^{j},{\sigma}_{i}^{j},{T}_{i}^{j}\}$ towards $F{N}_{j}$, as shown in Figure 2 (①).
4.3.2. Data Aggregation
- (1)
- $F{N}_{j}$ checks whether ${t}_{i}$ is valid and ${T}_{i}^{j}$ is fresh for each $i=1,2,\xb7\xb7\xb7,w$. If ${t}_{i}$ is not valid or ${T}_{i}^{j}$ is not fresh, $D{R}_{i}^{j}$ will be rejected. Otherwise, $F{N}_{j}$ performs the batch verification using small exponent test [36]. $F{N}_{j}$ randomly selects a set of small numbers ${\theta}_{1}^{j},{\theta}_{2}^{j},\xb7\xb7\xb7,{\theta}_{w}^{j}\in [1,{2}^{w}]$ and checks whether the following equation holds$$\begin{array}{c}{\sum}_{i=1}^{w}{\theta}_{i}^{j}{\sigma}_{i}^{j}P={\sum}_{i=1}^{w}{\theta}_{i}^{j}{R}_{i}+{\sum}_{i=1}^{w}{\theta}_{i}^{j}{H}_{2}(PI{D}_{i},{R}_{i},{P}_{pub}){P}_{pub}\hfill \\ \phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{0.277778em}{0ex}}+{\sum}_{i=1}^{w}{\theta}_{i}^{j}{H}_{4}(PI{D}_{i},{R}_{i},{A}_{i}^{j},{B}_{i}^{j},{C}_{i}^{j},{D}_{i}^{j},{L}_{i}^{j},{T}_{i}^{j}){L}_{i}^{j}.\hfill \end{array}$$If it does hold, $F{N}_{j}$ computes$${A}^{j}={\sum}_{i=1}^{w}{A}_{i}^{j},{B}^{j}={\sum}_{i=1}^{w}{B}_{i}^{j},{C}^{j}={\sum}_{i=1}^{w}{C}_{i}^{j},{D}^{j}={\sum}_{i=1}^{w}{D}_{i}^{j}.$$
- (2)
- $F{N}_{j}$ randomly picks ${l}^{j}\in {\mathbb{Z}}_{q}^{*}$ and calculates$${L}^{j}={l}^{j}P,{\sigma}^{j}={x}_{F{N}_{j}}+{l}^{j}{H}_{5}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{A}^{j},{B}^{j},{C}^{j},{D}^{j},{L}^{j},{T}^{j}),$$
- (3)
- $F{N}_{j}$ transmits the aggregated data report $AD{R}^{j}=\{I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{A}^{j},{B}^{j},{C}^{j},{D}^{j},{L}^{j},{\sigma}^{j},{T}^{j}\}$ towards $CC$, as shown in Figure 2 (②).
4.3.3. Data Reading
- (1)
- $CC$ checks whether ${T}^{j}$ is fresh for each $j=1,2,\xb7\xb7\xb7,n$. If ${T}^{j}$ is not fresh, $AD{R}^{j}$ will be rejected. Otherwise, $CC$ randomly chooses a set of small numbers ${\theta}^{1},{\theta}^{2},\xb7\xb7\xb7,{\theta}^{n}\in [1,{2}^{n}]$ and performs the batch verification using small exponent test [36]. $CC$ verifies whether the following equation holds$$\begin{array}{c}{\sum}_{j=1}^{n}{\theta}^{j}{\sigma}^{j}P={\sum}_{j=1}^{n}{\theta}^{j}{R}_{F{N}_{j}}+{\sum}_{j=1}^{n}{\theta}^{j}{H}_{3}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{P}_{pub}){P}_{pub}\hfill \\ \phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{2.em}{0ex}}\phantom{\rule{1.em}{0ex}}\phantom{\rule{0.277778em}{0ex}}\phantom{\rule{0.166667em}{0ex}}+{\sum}_{j=1}^{n}{\theta}^{j}{H}_{5}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{A}^{j},{B}^{j},{C}^{j},{D}^{j},{L}^{j},{T}^{j}){L}^{j}.\hfill \end{array}$$If it does hold, $CC$ calculates$$\mathsf{\Phi}={\sum}_{j=1}^{n}{B}^{j}-x\xb7{\sum}_{j=1}^{n}{A}^{j},\Delta ={\sum}_{j=1}^{n}{D}^{j}-x\xb7{\sum}_{j=1}^{n}{C}^{j}.$$By solving the discrete log of $\mathsf{\Phi}$ and $\Delta $ with the base P, utilizing the Pollard’s lambda algorithm [37], $CC$ can obtain$$\mu ={\sum}_{j=1}^{n}{\sum}_{i=1}^{w}(\phi +{d}_{i}^{j}),\nu ={\sum}_{j=1}^{n}{\sum}_{i=1}^{w}(\phi +{e}_{i}^{j}).$$
- (2)
- $CC$ distributes $\mu $ and $\nu $ to all fog nodes $\{F{N}_{1},F{N}_{2},\xb7\xb7\xb7,F{N}_{n}\}$ for further sharing with vehicles.
4.4. Data Query
4.4.1. Query Generation
- (1)
- ${V}_{q}$ selects two random numbers ${r}_{q}^{j},{s}_{q}^{j}\in {\mathbb{Z}}_{q}^{*}$ and calculates$${E}_{q}^{j}={r}_{q}^{j}P,{F}_{q}^{j}={u}_{c}P+{x}_{q}{E}_{q}^{j},{G}_{q}^{j}={s}_{q}^{j}P,{H}_{q}^{j}={v}_{c}P+{x}_{q}{G}_{q}^{j}.$$
- (2)
- ${V}_{q}$ randomly picks ${l}_{q}^{j}\in {\mathbb{Z}}_{q}^{*}$ and calculates$${L}_{q}^{j}={l}_{q}^{j}P,{\sigma}_{q}^{j}={x}_{q}+{l}_{q}^{j}{H}_{6}(PI{D}_{q},{R}_{q},{E}_{q}^{j},{F}_{q}^{j},{G}_{q}^{j},{H}_{q}^{j},{L}_{q}^{j},{T}_{q}^{j}),$$
- (3)
- ${V}_{q}$ transmits the query report $Q{R}_{q}^{j}=\{PI{D}_{q},{R}_{q},{E}_{q}^{j},{F}_{q}^{j},$ ${G}_{q}^{j},{H}_{q}^{j},{L}_{q}^{j},{\sigma}_{q}^{j},{T}_{q}^{j}\}$ towards $F{N}_{j}$, as shown in Figure 2 (③).
4.4.2. Data Response
- (1)
- After receiving $Q{R}_{q}^{j}$, $F{N}_{j}$ checks whether ${t}_{q}$ is valid and ${T}_{q}^{j}$ is fresh. If ${t}_{q}$ is not valid or ${T}_{q}^{j}$ is not fresh, $Q{R}_{q}^{j}$ will be rejected. Otherwise, $F{N}_{j}$ verifies whether the following equation holds$$\begin{array}{c}{\sigma}_{q}^{j}P={R}_{q}+{H}_{2}(PI{D}_{q},{R}_{q},{P}_{pub}){P}_{pub}+{H}_{6}(PI{D}_{q},{R}_{q},{E}_{q}^{j},{F}_{q}^{j},{G}_{q}^{j},{H}_{q}^{j},{L}_{q}^{j},{T}_{q}^{j}){L}_{q}^{j}.\end{array}$$If it does hold, $F{N}_{j}$ selects two random numbers ${t}_{q}^{j},{\phi}_{q}^{j}\in {\mathbb{Z}}_{q}^{*}$ and calculates$$\phantom{\rule{0.166667em}{0ex}}{J}_{q}^{j}={t}_{q}^{j}{E}_{q}^{j}+{\phi}_{q}^{j}{G}_{q}^{j},{K}_{q}^{j}={t}_{q}^{j}{F}_{q}^{j}+{\phi}_{q}^{j}{H}_{q}^{j},$$$${M}_{q}^{j}=\mu +{\sum}_{k=1}^{m}{a}_{k}{H}_{8}({t}_{q}^{j}{u}_{k}+{\phi}_{q}^{j}{v}_{k}),{N}_{q}^{j}=\nu +{\sum}_{k=1}^{m}{a}_{k}{H}_{8}({t}_{q}^{j}{u}_{k}+{\phi}_{q}^{j}{v}_{k}).$$
- (2)
- $F{N}_{j}$ randomly picks ${\widehat{l}}_{q}^{j}\in {\mathbb{Z}}_{q}^{*}$ and calculates$${\widehat{L}}_{q}^{j}={\widehat{l}}_{q}^{j}P,{\widehat{\sigma}}_{q}^{j}={x}_{F{N}_{j}}+{\widehat{l}}_{q}^{j}{H}_{7}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{J}_{q}^{j},{K}_{q}^{j},{M}_{q}^{j},{N}_{q}^{j},{\widehat{L}}_{q}^{j},{\widehat{T}}_{q}^{j}),$$
- (3)
- $F{N}_{j}$ transmits the response report $R{R}_{q}^{j}=\{I{D}_{F{N}_{j}},$ ${R}_{F{N}_{j}},{J}_{q}^{j},{K}_{q}^{j},{M}_{q}^{j},{N}_{q}^{j},{\widehat{L}}_{q}^{j},{\widehat{\sigma}}_{q}^{j},{\widehat{T}}_{q}^{j}\}$ towards ${V}_{q}$, as shown in Figure 2 (④).
4.4.3. Response Reading
- (1)
- After receiving $R{R}_{q}^{j}$, ${V}_{q}$ checks whether ${\widehat{T}}_{q}^{j}$ is fresh. If ${\widehat{T}}_{q}^{j}$ is not fresh, $R{R}_{q}^{j}$ will be rejected. Otherwise, ${V}_{q}$ verifies whether the following equation holds$$\begin{array}{c}{\widehat{\sigma}}_{q}^{j}P={R}_{F{N}_{j}}+{H}_{3}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{P}_{pub}){P}_{pub}+{H}_{7}(I{D}_{F{N}_{j}},{R}_{F{N}_{j}},{J}_{q}^{j},{K}_{q}^{j},{M}_{q}^{j},{N}_{q}^{j},{\widehat{L}}_{q}^{j},{\widehat{T}}_{q}^{j}){\widehat{L}}_{q}^{j}.\hfill \end{array}$$If it does hold, ${V}_{q}$ calculates$$\mathsf{\Lambda}={K}_{q}^{j}-{x}_{q}\xb7{J}_{q}^{j}.$$By solving the discrete log of $\mathsf{\Lambda}$ with the base P, utilizing the Pollard’s lambda algorithm [37], ${V}_{q}$ can obtain ${\beta}_{c}={H}_{8}({t}_{q}^{j}{u}_{c}+{\phi}_{q}^{j}{v}_{c})$.
- (2)
- By calling the Algorithm 1, ${V}_{q}$ can achieve the average sensing data ${\overline{d}}_{c}$ captured at segment c.
Algoruthm 1 Recovery ${\overline{d}}_{c}$ captured at segment c |
Input: $({a}_{1},{a}_{2},\xb7\xb7\xb7,{a}_{m})$, ${\beta}_{c}$, $\phi $, $\delta $, ${M}_{q}^{j}$ and ${N}_{q}^{j}$ |
Output: ${\overline{d}}_{c}$ |
begin: |
set ${X}_{1}={M}_{q}^{j}$, ${X}_{2}={N}_{q}^{j}$; |
for $k=m$ to c do |
${d}_{k}=\frac{{X}_{1}-{X}_{1}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}{a}_{k}}{{a}_{k}}$, ${e}_{k}=\frac{{X}_{2}-{X}_{2}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}{a}_{k}}{{a}_{k}}$; |
${X}_{1}={X}_{1}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}{a}_{k}$, ${X}_{2}={X}_{2}\phantom{\rule{0.277778em}{0ex}}mod\phantom{\rule{0.277778em}{0ex}}{a}_{k}$; |
return ${\overline{d}}_{c}=\frac{{d}_{c}-{\beta}_{c}-\delta \phi}{{e}_{c}-{\beta}_{c}-\delta \phi}$. |
end |
5. Security
5.1. Security Model
5.2. Security Proof
5.3. Analysis and Comparison of Security Requirement
- Modification attack: Based on Theorem 2, any polynomial attacker is unable to forge a valid data report with modification on data reports found.
- Replay attack: On the basis of the proposed EP${}^{2}$DS scheme, the timestamp is contained in the data report. By examining freshness of the timestamp, the verifier is able to bear any replay attacks.
- Impersonation attack: From Theorem 2, no attacker can fabricate a legal data report without vehicle’s private key.
- Man-in-the-middle attack: The analysis of the modification attack shows that any modification of the data reports on transmission is able to be found.
6. Performance Evaluation
6.1. Computation Costs
6.2. Communication Costs
7. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
Appendix A
- Hash queries: Upon receiving the query, $\mathcal{C}$ returns a random value to $\mathcal{A}$.
- Extract queries: Upon receiving the query on the pseudo identity $PI{D}_{i}$, $\mathcal{C}$ returns a private key to $\mathcal{A}$.
- Signcryption queries: Upon receiving the query on the message ${m}_{i}$ under $PI{D}_{i}$, $\mathcal{C}$ returns a ciphertext to $\mathcal{A}$.
- The ciphertext on ${m}_{i}^{*}$ under $PI{D}_{i}^{*}$ is valid.
- $PI{D}_{i}^{*}$ has not been requested in the extract queries.
Appendix B
- ${L}_{{H}_{2}}$: It consists of tuples $(PI{D}_{i},{R}_{i},{P}_{pub},{h}_{i})$.
- ${L}_{{H}_{4}}$: It consists of tuples $(PI{D}_{i},{R}_{i},{C}_{i,1},{C}_{i,2},{L}_{i},$${T}_{i},{\tau}_{i})$.
- ${L}_{{V}_{i}}$: It consists of tuples $(PI{D}_{i},{x}_{i},{R}_{i})$.
- If ${L}_{{H}_{2}}$ contains $(PI{D}_{i},{R}_{i},{P}_{pub},{h}_{i})$, $\mathcal{B}$ responds with the previous value ${h}_{i}={H}_{2}(PI{D}_{i},{R}_{i},{P}_{pub})$ to $\mathcal{A}$.
- If ${L}_{{H}_{2}}$ does not contain $(PI{D}_{i},{R}_{i},{P}_{pub},{h}_{i})$, $\mathcal{B}$ randomly chooses a number ${h}_{i}\in {\mathbb{Z}}_{q}^{*}$, adds $(PI{D}_{i},{R}_{i},$ ${P}_{pub},{h}_{i})$ into ${L}_{{H}_{2}}$ and returns ${h}_{i}$ to $\mathcal{A}$.
- If ${L}_{{H}_{4}}$ contains $(PI{D}_{i},{R}_{i},{C}_{i,1},{C}_{i,2},{L}_{i},{T}_{i},{\tau}_{i})$, $\mathcal{B}$ responds with the previous value ${\tau}_{i}={H}_{4}(PI{D}_{i},{R}_{i},{C}_{i,1},$ ${C}_{i,2},{L}_{i},{T}_{i})$ to $\mathcal{A}$.
- If ${L}_{{H}_{4}}$ does not contain $(PI{D}_{i},{R}_{i},{C}_{i,1},{C}_{i,2},{L}_{i},$ ${T}_{i},{\tau}_{i})$, $\mathcal{B}$ randomly chooses a number ${\tau}_{i}\in {\mathbb{Z}}_{q}^{*}$, adds $(PI{D}_{i},{R}_{i},{C}_{i,1},{C}_{i,2},{L}_{i},{T}_{i},{\tau}_{i})$ into ${L}_{{H}_{4}}$ and returns ${\tau}_{i}$ to $\mathcal{A}$.
- If $PI{D}_{i}=PI{D}_{i}^{*}$, $\mathcal{B}$ aborts the game.
- If $PI{D}_{i}\ne PI{D}_{i}^{*}$, $\mathcal{B}$ executes:
- -
- If ${L}_{{V}_{i}}$ contains $(PI{D}_{i},{x}_{i},{R}_{i})$, $\mathcal{B}$ returns $({x}_{i},{R}_{i})$ to $\mathcal{A}$.
- -
- If ${L}_{{V}_{i}}$ does not contain $(PI{D}_{i},{x}_{i},{R}_{i})$, $\mathcal{B}$ randomly chooses ${x}_{i},{h}_{i}\in {\mathbb{Z}}_{q}^{*}$ and makes ${R}_{i}={x}_{i}P-{h}_{i}{P}_{pub}$. If ${h}_{i}$ already appear in ${L}_{{H}_{2}}$, $\mathcal{B}$ chooses another ${x}_{i}\in {\mathbb{Z}}_{q}^{*}$ and tries again. $\mathcal{B}$ inserts $(PI{D}_{i},{x}_{i},{R}_{i})$ and $(PI{D}_{i},{R}_{i},{P}_{pub},{h}_{i})$ into ${L}_{{V}_{i}}$ and ${L}_{{H}_{2}}$, respectively. Finally, $\mathcal{B}$ returns the $({x}_{i},{R}_{i})$ to $\mathcal{A}$.
- ${E}_{1}$: $\mathcal{B}$ does not abort above game in extract queries.
- ${E}_{2}$: $\mathcal{B}$ is able to correctly output the value of b.
- If $PI{D}_{i}=PI{D}_{i}^{*}$, $\mathcal{B}$ randomly selects ${t}_{i},{l}_{i},{\sigma}_{i},{h}_{i},{\tau}_{i}\in {\mathbb{Z}}_{q}^{*}$ and calculates ${C}_{i,1}={t}_{i}P$, ${C}_{i,2}={t}_{i}{P}_{cc}+{m}_{i}P$, ${L}_{i}={l}_{i}P,{R}_{i}={\sigma}_{i}P-({h}_{i}{P}_{pub}+{\tau}_{i}{L}_{i})$. If the ${h}_{i}$ already appears in ${L}_{{H}_{2}}$ or ${\tau}_{i}$ already appears in ${L}_{{H}_{4}}$, $\mathcal{B}$ chooses another ${\sigma}_{i}\in {\mathbb{Z}}_{q}^{*}$ and tries again. Then, $\mathcal{B}$ returns the ciphertext $\{PI{D}_{i},{R}_{i},{C}_{i,1},{C}_{i,2},{L}_{i},{\sigma}_{i},$ ${T}_{i}\}$ to $\mathcal{A}$, and inserts $(PI{D}_{i},{R}_{i},{P}_{pub},{h}_{i})$ and $(PI{D}_{i},{R}_{i},{C}_{i,1},{C}_{i,2},$ ${L}_{i},{T}_{i},{\tau}_{i})$ into ${L}_{{H}_{2}}$ and ${L}_{{H}_{4}}$, respectively.
- If $PI{D}_{i}\ne PI{D}_{i}^{*}$, $\mathcal{B}$ generates a ciphertext $\{PI{D}_{i},{R}_{i},$ ${C}_{i,1},{C}_{i,2},{L}_{i},{\sigma}_{i},{T}_{i}\}$ in accordance with the proposed scheme. Then, $\mathcal{B}$ returns the ciphertext to $\mathcal{A}$.
- ${E}_{1}$: $\mathcal{B}$ never abort above game in extract and signcryption queries.
- ${E}_{2}$: $\mathcal{B}$ is able to output a valid ciphertext.
- ${E}_{3}$: $PI{D}_{i}=PI{D}_{i}^{*}$.
References
- Lee, U.; Magistretti, E.; Zhou, B.; Gerla, M.; Bellavista, P.; Corradi, A. MobEyes: Smart mobs for urban monitoring with a vehicular sensor network. IEEE Trans. Commun. Mag. 2006, 13, 52–57. [Google Scholar] [CrossRef] [Green Version]
- Placzek, B. Selective data collection in vehicular networks for traffic control applications. Transp. Res. Part C Emerging Technol. 2012, 23, 14–28. [Google Scholar] [CrossRef] [Green Version]
- Mednis, A.; Elsts, A.; Selavo, L. Embedded solution for road condition monitoring using vehicular sensor networks. In Proceedings of the 2012 6th International Conference on Application of Information and Communication Technologies (AICT), Tbilisi, Georgia, 17–19 October 2012; pp. 1–5. [Google Scholar]
- Fiebig, B. European traffic accidents and purposed solutions. In Proceedings of the ITU-Workshop on Standardization in Telecommunication for Motor Vehicles, Geneva, Switzerland, 24–25 November 2003; pp. 24–25. [Google Scholar]
- Yu, R.; Huang, X.; Kang, J.; Ding, J.; Maharjan, S.; Gjessing, S.; Zhang, Y. Cooperative resource management in cloud-enabled vehicular networks. IEEE Trans. Ind. Electron. 2015, 62, 7938–7951. [Google Scholar] [CrossRef]
- Ni, J.; Lin, X.; Zhang, K.; Shen, X.M. Privacy-preserving real-time navigation system using vehicular crowdsourcing. In Proceedings of the IEEE 84th Vehicular Technology Conference: VTC2016-Fall, Montreal, QC, Canada, 18–21 September 2016; pp. 1–5. [Google Scholar]
- Bonomi, F.; Milito, R.; Zhu, J.; Addepalli, S. Fog computing and its role in the internet of things. In Proceedings of the Mobile Cloud Computing Workshop, Helsinki, Finland, 13–17 August 2012; pp. 13–16. [Google Scholar]
- Armbrust, M.; Fox, A.; Griffith, R.; Joseph, A.D.; Katz, R.H.; Konwinski, A.; Lee, G.; Patterson, D.A.; Rabkin, A.; Stoica, I.; et al. A view of cloud computing. Commun. ACM 2010, 53, 50–58. [Google Scholar] [CrossRef] [Green Version]
- Dai, Y.; Xu, D.; Maharjan, S.; Zhang, Y. Joint offloading and resource allocation in vehicular edge computing and networks. In Proceedings of the IEEE Global Communications Conference, Abu Dhabi, UAE, 9–13 December 2018; pp. 1–7. [Google Scholar]
- Ni, J.; Zhang, K.; Yu, Y.; Lin, X.; Shen, X.S. Privacy-preserving smart parking navigation supporting efficient driving guidance retrieval. IEEE Trans. Veh. Technol. 2018, 67, 6504–6517. [Google Scholar] [CrossRef]
- Basudan, S.; Lin, X.; Sankaranarayanan, K. A privacy-preserving vehicular crowdsensing based road surface condition monitoring system using fog computing. IEEE Internet Things J. 2017, 4, 772–782. [Google Scholar] [CrossRef]
- Chun, S.; Shin, S.; Seo, S.; Eom, S.; Jung, J.; Lee, K. A pubsub-based fog computing architecture for Internet-of-vehicles. In Proceedings of the 8th International Conference on Cloud Computing Technology and Science, Luxembourg, 12–15 December 2016; pp. 90–93. [Google Scholar]
- Ni, J.; Zhang, A.; Lin, X.; Shen, X.S. Security, privacy, and fairness in fog-based vehicular crowdsensing. IEEE Commun. Mag. 2017, 55, 146–152. [Google Scholar] [CrossRef]
- Wei, J.; Wang, X.; Li, N. A privacy-preserving fog computing framework for vehicular crowdsensing betworks. IEEE Access 2018, 6, 43776–43784. [Google Scholar] [CrossRef]
- Omoniwa, B.; Hussain, R.; Javed, M.A. Fog/Edge computing-based IoT (FECIoT): Architecture, applications, and research issues. IEEE Internet Things 2019, 6, 4118–4149. [Google Scholar] [CrossRef]
- Zhuo, G.; Jia, Q.; Guo, L.; Li, M.; Li, P. Privacy-preserving verifiable data aggregation and analysis for cloud-assisted mobile crowdsourcing. In Proceedings of the 35th IEEE International Conference on Computer Communications, San Francisco, CA, USA, 10–14 April 2016; pp. 1–9. [Google Scholar]
- Rabieh, K.; Mahmoud, M.M.E.A.; Younis, M. Privacy-preserving route reporting schemes for traffic management systems. IEEE Trans. Veh. Technol. 2017, 66, 2703–2713. [Google Scholar] [CrossRef]
- Xu, C.; Lu, R.; Wang, H.; Zhu, L.; Huang, C. PAVS: A new privacy-preserving data aggregation scheme for vehicle sensing systems. Sensors 2017, 17, 500. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Sun, G.; Sun, S.; Sun, J.; Yu, H.; Du, X.; Guizani, M. Security and privacy preservation in fog-based crowd sensing on the internet of vehicles. J. Network Comput. Appl. 2019, 134, 89–99. [Google Scholar] [CrossRef]
- Lin, X.; Lu, R.; Shen, X. MDPA: Multidimensional privacy-preserving aggregation scheme for wireless sensor networks. Wirel. Commun. Mob. Comput. 2010, 10, 843–856. [Google Scholar] [CrossRef]
- Lu, R.; Heung, K.; Lashkari, A.H.; Ghorbani, A.A. A light-weight privacy-preserving data aggregation scheme for fog computing-enhanced IoT. IEEE Access 2017, 5, 3302–3312. [Google Scholar] [CrossRef]
- Wang, B.; Chang, Z.; Zhou, Z.; Ristaniemi, T. Reliable and privacy-preserving task recomposition for crowdsensing in vehicular fog computing. In Proceedings of the 87th Vehicular Technology Conference, Porto, Portugal, 3–6 June 2018; pp. 6–11. [Google Scholar]
- Kong, Q.; Lu, R.; Ma, M.; Bao, H. A privacy-preserving sensory data sharing scheme in internet of vehicles. Future Gener. Comput. Syst. 2019, 92, 644–655. [Google Scholar] [CrossRef]
- Ghinita, G.; Kalnis, P.; Kantarcioglu, M.; Bertino, E. A hybrid technique for private location-based queries with database protection. In Proceedings of the 11th International Symposium on Spatial and Temporal Databases, Aalborg, Denmark, 8–10 July 2009; pp. 98–116. [Google Scholar]
- Paulet, R.; Kaosar, M.G.; Yi, X.; Bertino, E. Privacy-preserving and content protecting location based queries. IEEE Trans. Knowl. Data Eng. 2014, 26, 1200–1210. [Google Scholar] [CrossRef]
- Zhu, H.; Lu, R.; Huang, C.; Chen, L.; Li, H. An efficient privacy-preserving location-based services query scheme in outsourced cloud. IEEE Trans. Veh. Technol. 2016, 65, 7729–7739. [Google Scholar] [CrossRef]
- Zhu, H.; Liu, F.; Li, H. Efficient and privacy-preserving polygons spatial query framework for location-based services. IEEE Internet Things J. 2017, 4, 536–545. [Google Scholar] [CrossRef]
- Naor, M.; Pinkas, B. Oblivious transfer with adaptive queries. In Proceedings of the Advances in Cryptology-CRYPTO’99, Santa Barbara, CA, USA, 15–19 August 1999; pp. 573–590. [Google Scholar]
- IEEE, 802.11p-2010-IEEE Standard for Information technology. Available online: https://ieeexplore.ieee.org/document/5514475/versions#versions (accessed on 14 January 2020).
- Jiang, S.; Liu, J.; Duan, M.; Wang, L.; Fang, L. Secure and privacy-preserving report de-duplication in the fog-based vehicular crowdsensing system. In Proceedings of the IEEE Global Communications Conference, Abu Dhabi, UAE, 9–13 December 2018; pp. 1–6. [Google Scholar]
- Zhu, L.; Li, M.; Zhang, Z. Secure fog-assisted crowdsensing with collusion resistance: From data reporting to data requesting. IEEE Internet Things J. 2019, 6, 5473–5484. [Google Scholar] [CrossRef]
- Miller, V.S. Use of elliptic curves in cryptography. In Proceedings of the Advances in Cryptology-CRYPTO’85, Santa Barbara, CA, USA, 18–22 August 1985; pp. 417–426. [Google Scholar]
- Koblitz, N. Elliptic curve cryptosystem. Math. Comput. 1987, 48, 203–209. [Google Scholar] [CrossRef]
- Ming, Y.; Zhang, X.; Shen, X. Efficient privacy-preserving multi-dimensional data aggregation scheme in smart grid. IEEE Access 2019, 7, 32907–32921. [Google Scholar] [CrossRef]
- He, D.; Zeadally, S.; Xu, B.; Huang, X. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans. Inf. Forensics Secur. 2015, 10, 2681–2690. [Google Scholar] [CrossRef]
- Liu, J.K.; Yuen, T.H.; Au, M.H.; Susilo, W. Improvements on an authentication scheme for vehicular sensor networks. Expert Syst. Appl. 2014, 41, 2559–2564. [Google Scholar] [CrossRef] [Green Version]
- Boneh, D.; Goh, E.; Nissim, K. Evaluating 2-DNF formulas on ciphertexts. In Proceedings of the 2nd Theory of Cryptography Conference, Cambridge, MA, USA, 10–12 February 2005; pp. 325–341. [Google Scholar]
- Ming, Y.; Cheng, H. Efficient certificateless conditional privacy-preserving authentication scheme in VANETs. Mob. Inf. Syst. 2019, 2019, 1–19. [Google Scholar] [CrossRef] [Green Version]
- Shamus Software Ltd. Multi precision integer and rational arithmetic cryptographic library (MIRACL). Available online: http://www.certivox.com/miracl/ (accessed on 1 December 2019).
- Pointcheval, D.; Stern, J. Security proofs for signature schemes. In Proceedings of the Advances in Cryptology-EUROCRYPT’96, Saragossa, Spain, 12–16 May 1996; pp. 387–398. [Google Scholar]
- Ming, Y.; Shen, X. PCPA: A practical certificateless conditional privacy preserving authentication scheme for vehicular ad hoc networks. Sensors 2018, 18, 1573. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- He, D.; Kumar, N.; Zeadally, S.; Vinel, A.; Yang, L.T. Efficient and privacy-preserving data aggregation scheme for smart grid against internal adversaries. IEEE Trans. Smart Grid 2017, 13, 1–9. [Google Scholar] [CrossRef]
Symbol | Definition |
---|---|
$TA$ | Trusted authority |
$CC$ | Cloud center |
$\left(s,{P}_{pub}\right)$ | $TA$’s public key and private key |
$\left(x,{P}_{cc}\right)$ | $CC$’s public key and private key |
${V}_{i}$ | The i-th data collection vehicle |
$(I{D}_{i},PI{D}_{i})$ | ${V}_{i}$’s real identity and pseudo identity |
$\left({x}_{i},{R}_{i}\right)$ | ${V}_{i}$’s private key |
$F{N}_{j}$ | The j-th fog node |
$I{D}_{j}$ | $F{N}_{j}$’s identity |
$\left({x}_{F{N}_{j}},{R}_{F{N}_{j}}\right)$ | $F{N}_{j}$’s private key |
${V}_{q}$ | The data query vehicle |
$(I{D}_{q},PI{D}_{q})$ | ${V}_{q}$’s real identity and pseudo identity |
$\left({x}_{q},{R}_{q}\right)$ | ${V}_{q}$’s private key |
$({u}_{k},{v}_{k})$ | Identifier of the segment k |
d | Maximum value of sensory data |
m | The total number of segments |
n | The total number of fog nodes |
$\delta $ | The total number of vehicles |
$\left|d\right|$ | Maximum length of sensory data |
$\phi $ | The vehicles’ sharing key |
${d}_{i,k}^{j}$ | The sensory data captured by ${V}_{i}$ at segment k under $F{N}_{j}$ |
${e}_{i,k}^{j}$ | If ${d}_{i,k}^{j}>0$, then ${e}_{i,k}^{j}=1$; If ${d}_{i,k}^{j}=0$, then ${e}_{i,k}^{j}=0$. |
${H}_{i}$ | Eight one-way hash functions, ${H}_{i}:{\{0,1\}}^{*}\to {Z}_{q}^{*},i=1,2,\xb7\xb7\xb7,7,{H}_{8}:{\{0,1\}}^{*}\to {\{0,1\}}^{\left|d\right|-1}$. |
⊕ | The exclusive OR operation |
$p,q$ | Two large prime numbers |
${F}_{p}$ | The finite field over p |
$\mathbb{G}$ | An additive group with the order q on the elliptic curve E over ${F}_{p}$ |
P | A generator of $\mathbb{G}$ |
Security | S1 | S2 | S3 | S4 | S5 | S6 | S7 | S8 | S9 | S10 |
---|---|---|---|---|---|---|---|---|---|---|
Rabieh et al.’s scheme [17] | √ | √ | × | × | × | √ | √ | √ | √ | √ |
Sun et al.’s scheme [19] | √ | √ | × | √ | √ | √ | √ | √ | √ | √ |
Kong et al.’s scheme [23] | √ | √ | √ | × | × | √ | √ | × | √ | × |
Paulet et al.’s scheme [25] | × | √ | √ | × | × | √ | × | × | × | × |
Zhu et al.’s scheme [26] | √ | √ | √ | × | × | √ | √ | × | √ | × |
EP${}^{2}$DS | √ | √ | √ | √ | √ | √ | √ | √ | √ | √ |
Notations | Descriptions | Runtime |
---|---|---|
${T}_{sm}$ | Scalar multiplication operation in $\mathbb{G}$ | 0.3851 |
${T}_{log}$ | Solving the DL operation mod p | 0.6438 |
${T}_{e}$ | The exponentiation operation in ${\mathbb{G}}_{1}$ | 2.0289 |
${T}_{m}$ | The multiplication operation in ${\mathbb{G}}_{1}$ | 1.4293 |
${T}_{h}$ | Map to point hash function operation | 3.5819 |
${T}_{p}$ | Bilinear pairing operation in ${\mathbb{G}}_{1}$ | 10.3092 |
Scheme | Data Collection Phase | Data Query Phase | |||
---|---|---|---|---|---|
${\mathit{V}}_{\mathit{i}}$ | $\mathit{F}\mathit{N}$ | $\mathit{C}\mathit{C}$ | ${\mathit{V}}_{\mathit{a}}$ | $\mathit{F}\mathit{N}$ | |
[17] | $2{T}_{m}$+$2{T}_{e}$ | ${T}_{m}$+${T}_{e}$+$(w$+$1){T}_{p}$ | ${T}_{e}$+$(n$+$1){T}_{p}$ | − | − |
= 6.9164 ms | = 10.3092w+13.7674 ms | =10.3092n+2.0289 ms | |||
[19] | $2{T}_{m}$+${T}_{e}$+${T}_{h}$ | $(w$+$3){T}_{m}$+$4{T}_{p}$ | ${T}_{m}$+$n{T}_{e}$+$2{T}_{p}$ | − | − |
= 15.1967 ms | = 1.4293w+45.5247 ms | =2.0289n+11.7385 ms | |||
[23] | $4{T}_{m}$+$4{T}_{e}$ | $2w{T}_{m}$ | $6n{T}_{m}$+$4n{T}_{e}$ | $10{T}_{m}$+$7{T}_{e}$ | $9{T}_{m}$+$7{T}_{e}$ |
= 13.8328 ms | = 2.8586w ms | =16.6914n ms | =28.4953 ms | =27.0660 ms | |
[25] | − | − | − | $5{T}_{m}$+$9{T}_{e}$ | 6m${T}_{m}$+$(8$m+ )Te |
=25.4066 ms | =24.8070m+6.0867 ms | ||||
[26] | − | − | − | $2{T}_{p}$+$5{T}_{e}$ | $4{T}_{p}$+$4{T}_{m}$ |
=30.7629 ms | =46.9540 ms | ||||
EP${}^{2}$DS | $5{T}_{sm}$ | $(w$+$3){T}_{sm}$ | $(n$+$3){T}_{sm}$+$2{T}_{log}$ | $11{T}_{sm}$+$2{T}_{log}$ | $8{T}_{sm}$ |
=1.9255 ms | =0.3851w+1.1553 ms | =0.3851n+2.4429 ms | =5.5237 ms | =3.0808 ms |
Scheme | Data Collection Phase | Data Query Phase | |
---|---|---|---|
Data Report Size | Query Report Size | Response Report Size | |
Rabieh et al.’s scheme [17] | 260 bytes | − | − |
Sun et al.’s scheme [19] | 516 bytes | − | − |
Kong et al.’s scheme [23] | 1152 bytes | 1152 bytes | 1664 bytes |
Paulet et al.’s scheme [25] | − | 256 bytes | 256m+128 bytes |
Zhu et al.’s scheme [26] | − | 324 bytes | 320 bytes |
EP${}^{2}$DS | 172 bytes | 172 bytes | 148 bytes |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ming, Y.; Yu, X. Efficient Privacy-Preserving Data Sharing for Fog-Assisted Vehicular Sensor Networks. Sensors 2020, 20, 514. https://doi.org/10.3390/s20020514
Ming Y, Yu X. Efficient Privacy-Preserving Data Sharing for Fog-Assisted Vehicular Sensor Networks. Sensors. 2020; 20(2):514. https://doi.org/10.3390/s20020514
Chicago/Turabian StyleMing, Yang, and Xiaopeng Yu. 2020. "Efficient Privacy-Preserving Data Sharing for Fog-Assisted Vehicular Sensor Networks" Sensors 20, no. 2: 514. https://doi.org/10.3390/s20020514