Implementing an Efﬁcient Secure Attribute-Based Encryption System for IoV Using Association Rules Implementing an Efficient Secure Attribute-Based Encryption System for IoV Using Association Rules

: As the Internet of vehicles (IoV) is the perceptual information subject, the intelligent connected vehicle (ICV) is establishing an interconnected information transmission system through opening more external interfaces. However, security communication problems thereby are generated, attracting massive attention for researchers. Hence, the in-vehicle network system is responsible for controlling the state of the ICV and has a major impact on driving safety. In this paper, we designed an efﬁcient secure ciphertext-policy attribute-based encryption (CP-ABE) system for protecting communication. The research focuses on mining the frequency features between vehicle nodes through the max-miner association rules algorithm, aiming to build frequent item sets. Furthermore, an improved asymmetric ABE scheme can implement secure communication in-vehicle nodes that belong to the same classiﬁcation set. Through the hardware platform and in-vehicle network simulator (INVS) to evaluate our scheme, the results demonstrate that the work possesses enough security without reducing communication efﬁciency, meanwhile improve bus load performance. Abstract: As the Internet of vehicles (IoV) is the perceptual information subject, the intelligent connected vehicle (ICV) is establishing an interconnected information transmission system through opening more external interfaces. However, security communication problems thereby are gener-ated, attracting massive attention for researchers. Hence, the in-vehicle network system is responsible for controlling the state of the ICV and has a major impact on driving safety. In this paper, we designed an efficient secure ciphertext-policy attribute-based encryption (CP-ABE) system for protecting communication. The research focuses on mining the frequency features between vehicle nodes through the max-miner association rules algorithm, aiming to build frequent item sets. Fur-thermore, an improved asymmetric ABE scheme can implement secure communication in-vehicle nodes that belong to the same classification set. Through the hardware platform and in-vehicle network simulator (INVS) to evaluate our scheme, the results demonstrate that the work possesses enough security without reducing communication efficiency, meanwhile improve bus load performance.


Introduction
Recently, the Internet of vehicles (IoV) has attracted much interest due to initiatives on improving traffic efficiency and reduce traffic breakdowns, especially through the smart mobility projects being implemented in many countries [1]. With the new generation of mobile communication technology, IoV realizes the communication between "vehicle to infrastructure (V2I)", "vehicle to people (V2P)" and "vehicle to vehicle (V2V)", thereby enhancing the intelligence of vehicles and building an intelligent, convenient, and efficient driving environment [2], as shown in Figure 1. As the core of IoV, intelligent connected vehicles (ICVs) are also attracting a lot of attention and developing rapidly. In order to facilitate the connection of vehicle to the Internet, ICV opens up a number of interfaces, for example, cellular connection, Wi-Fi, Bluetooth, USB and onboard diagnostics (OBD-II) [3]. However, this also increases the likelihood that the vehicle will be successfully attacked [4]. Through these interfaces, the attacker can intrusion the in-vehicle network and inject malicious messages, finally achieve illegal control of the vehicle. In recent years, various attacks incidents frequent occurrences, especially remote attacks [5,6]. For example, the attacker takes control of the vehicle by sending a forged message from the entertainment system to the CAN bus via a cellular network connected to the vehicle [7].
Initially, the in-vehicle communication protocol only considers some characteristics, such as reliability, comfort, and convenience but yet ignores a crucial point that the message is transmitted under a secure environment [8]. Hence, as the applicate in-vehicle communication bus, the controller area network (CAN) does not provide any security mechanisms. In addition, the broadcast transmission mechanism between electronic control units (ECUs) also increases a security risk for ICV. Additionally, the ECUs are the core electronic components of a smart networked vehicle and are considered to be the in-vehicle computer. ECUs communicate with sensors on the CAN network to control the driving state of the vehicle. It is also an untrustworthy exchange of information method. In a nutshell, the safe transmission of information is a prerequisite for safe driving, necessary to be considered.
In order to solve the security problem of in-vehicle networks, many researchers have provided solutions based on cryptography methods. These methods can be divided into two categories. One is to verify the integrity of the message and the origin of the data by means of a message authentication mechanism, for example by generating a MAC authentication message based on cryptography and transmitting an authentication message of equal length corresponding to this message on the CAN bus [9]. Another approach is to ensure the confidentiality of the message by means of an encryption mechanism, for example, by encrypting the data in groups using AES [10]. However, these approaches are based on information systems and ignore the fact that ICV is a physical information system, so they are inefficient or not applicable to in-vehicle networks. Therefore, it is considered necessary to combine the physical characteristics of smart vehicles with cryptographic methods to design secure and effective in-vehicle communication systems.
In this paper, we first analyze the communication list between ECUs of a vehicle brand, finding that ECU could receive all the data in the CAN, but it did not use all the data received. Hence, it is important for the message transmitting mechanism to make a pre-isolated communication scheme. Not only does it improve the efficiency of message transmission, but it also prevents other ECUs from being attacked by a break-in to affect themselves in terms of security. Furthermore, efficient encryption solutions are also necessary for data transmission to achieve integrity and confidentiality. In this paper, we perform a correlation analysis of communication frequencies based on real in-vehicle communication data and combines the analysis results with asymmetric ciphertext-policy attribute-based encryption (CP-ABE) algorithms [11,12] to design an in-vehicle access control strategy to achieve isolation of ECUs without communication needs.
The main contributions of this paper are as follows: (1) First, we collect the ECUs communication list of a company. Through the max-miner association rules algorithm, the frequency features are mined between vehicle nodes. The ECU whose communication frequency reaches the threshold value is grouped into one category and regarded as having the same frequency attribute. We find that this part filter unnecessary communications, laying the foundation for the implementation of the ABE pre-isolation system. (2) Second, we propose an improved attribute-based encryption algorithm to build an attribute isolation architecture of the in-vehicle network after getting the frequency sets. This architecture only allows ECU with the same frequency attribute to communicate, thus reducing the load on the bus while isolating ECU nodes that do not The rest of this paper is organized as follows: In Section 2, we review more related works. In Section 3, ECU frequency attributes are classified. In Section 4, we present the details of isolated communication system. The analysis of the security for the communication system in Section 5. Simulations are presented in Section 6. Finally, the conclusions of this research and future work are presented in Section 7.

Related Work
In the past decade, in order to solve the problem of information security of ICV, many researchers have been working on designing a secure in-vehicle network architecture. As the most widely used in-vehicle bus communication protocol, CAN is currently the focus of research. The characteristics of non-encryption and non-authentication are the main reasons why CAN networks are vulnerable to malicious attacks. Therefore, enhancing the security of the in-vehicle network with encryption and authentication functions is one of the effective measures to ensure the confidentiality and reliability of CAN frames. In this section, research related to the proposed security communication for in-vehicle CAN is presented.
The first method of ensuring the security of in-vehicle networks through authentication mechanisms was proposed by Nilsson et al. [13], who provided integrity and authentication through a 64-bit message authentication codes (MACs) tag. Their method requires four messages to send a 64-bit tag by inserting a 16-bit tag in the CRC field. Therefore, their method increases the bus load and takes up CAC field resulting in errors that cannot be verified during transmission.
With the development of ICV, CAN is gradually unable to meet its demands in transmission rate and bandwidth. In order to solve this problem, Robert Bosch GmbH developed a new communication protocol-CAN with flexible data rate (CAN-FD) [14]. Soon afterward, Patsakis et al. [15] proposed a distributed secure communication architecture for modern vehicles under CAN-FD in which ECU performs secure multi-party calculations for authentication and asymmetric encrypted communication. However, ECU nodes need additional data interaction in the communication process, which increases the bus load and limits the applicability of this architecture in the vehicle real-time communication system. In [16], Woo et al. proposed a practical vehicle CAN-FD security architecture. In their architecture, each ECU performs the initial session key generation process with the GECU in a fixed order, and the ECUs perform authentication and encryption based on HMAC and AES. Han et al. [17] creatively put forward a kind of attribute isolation communication architecture. Their scheme is to divide the ECU's functional attributes according to the characteristics of ICV, and build the attribute isolation communication architecture based on the ABE algorithm. Agrawal et al. [18] implement encrypted communication for ECU groupings based on characteristics and enable communication between ECUs of different groups through GECU. However, the forwarding of data frames from different groups through the GECU can cause communication delays. Groza et al. [19] proposed a broadcast authentication for CAN-FD. They used split keys and mixed authentication tags to improve the security of the in-vehicle network.
While the above methods provide authentication or encryption of data for in-vehicle networks, they also suffer from response delays or increased bus loads. In this paper, we propose a frequency attribute isolation system based on CP-ABE for CAN-FD. ECUs encrypt data according to access structure without concern for the number of ECUs in the network, which is suitable in in-vehicle networks where the number of ECUs is increasing dramatically. By associating the key with the frequency attribute of the ECUs, there is no need to store a large number of keys and key management is simplified. In addition, the proposed system reduces the response time and bus load rate compared to [18,19].

ECU Frequency Attribute Classification
In this section, we will analyze the communication frequency correlation based on real in-vehicle communication data and cluster the ECUs.

Data Pre-Processing
The CAN bus is a multi-master bus system where all ECUs connected to the network can send data when it is idle. When an ECU on the CAN sends data, it is broadcast to all other ECUs in the network in the form of a data frame. However, according to the CAN bus communication list we obtained from one company, the data frames on the bus are not required for every ECU, part of the communication list is shown in Table 1. For example, when the engine management system (EMS) sends a data frame with the ID FB, the gear shift module (GSM) and instrument cluster unit (ICU) do not use it. The communication list contains the destination and source addresses of the data frames, this information is confidential and is provided by the automotive companies we work with. Therefore, isolation of ECUs that have no communication needs does not interfere with the normal operation of the vehicle. In addition, when a node in the CAN is hijacked, it can prevent all nodes in the network from being controlled. To ensure that the results of the correlation analysis are more accurate, we use a real dataset of in-vehicle communications for the analysis. We collected 870,000 CAN bus data for two hours of vehicle driving with a USBCAN. The communication dataset contains the DLC, Data, etc. of the data frames without destination and source addresses, but from the communication dataset we can obtain the frequency of each data frame.
Furthermore, we have produced a heat map ( Figure 2) based on the pre-processed data set, from which we can get a more intuitive impression of the connection between the ECUs. Dark colors indicate a high frequency of communication between ECUs and light colors indicate a low frequency of communication, we can see that some ECUs communicate at a high frequency and some at almost zero.

Communications Frequency Correlation Analysis
Association rule analysis is the process of mining hidden information from a data set, and the maximum frequent itemset mining algorithm is an important algorithm in association rule analysis [20,21]. A frequent item set is a set of items that occur in a data set

Communications Frequency Correlation Analysis
Association rule analysis is the process of mining hidden information from a data set, and the maximum frequent itemset mining algorithm is an important algorithm in association rule analysis [20,21]. A frequent item set is a set of items that occur in a data set with a frequency no less than that used to specify a threshold. For example, a set of items, such as EMS and transmission control unit (TCU), that occur frequently together in dataset, is a frequent item-set. The sets of ECUs that appear frequently in the dataset are in demand for communication. However, since the number of frequent item sets is numerous and the maximum frequent itemset is relatively less and can contain all frequent item sets, maximum frequent itemset mining is more suitable for us to uncover the communication relationships between ECUs [22].
Complete set-enumeration tree is the primary data structure for the maximum frequent itemset mining algorithm. The process of data mining is transformed into the search process of a set enumeration tree by describing the set of items as in Figure 3, enumerating all possible combinations of items. Figure 3 shows the complete set-enumeration tree for {TCU, EMS, ESP, GSM, ICU}. Each node g of the tree is represented by two item sets. The first item set is called the prefix, denoted as h(g), which is represented by the enumeration item of the current node of the tree; the second item set is called the suffix, denoted as t(g), and it is composed of all the items of the child nodes of the current node after removing the items contained in the current node. For example, for node EMS, h(EMS) = {EMS}, t(EMS) = {ESP, GSM, ICU}. We denote the parent node of node g as g p and the child node as g c . The generation method of

Communications Frequency Correlation Analysis
Association rule analysis is the process of mining hidden information from a data set, and the maximum frequent itemset mining algorithm is an important algorithm in association rule analysis [20,21]. A frequent item set is a set of items that occur in a data set with a frequency no less than that used to specify a threshold. For example, a set of items, such as EMS and transmission control unit (TCU), that occur frequently together in dataset, is a frequent item-set. The sets of ECUs that appear frequently in the dataset are in demand for communication. However, since the number of frequent item sets is numerous and the maximum frequent itemset is relatively less and can contain all frequent item sets, maximum frequent itemset mining is more suitable for us to uncover the communication relationships between ECUs [22].
Complete set-enumeration tree is the primary data structure for the maximum frequent itemset mining algorithm. The process of data mining is transformed into the search process of a set enumeration tree by describing the set of items as in Figure 3, enumerating all possible combinations of items. Figure 3 shows the complete set-enumeration tree for { , , , , }. Each node of the tree is represented by two item sets. The first item set is called the prefix, denoted as ℎ( ), which is represented by the enumeration item of the current node of the tree; the second item set is called the suffix, denoted as ( ), and it is composed of all the items of the child nodes of the current node after removing the items contained in the current node. For example, for node EMS, ℎ( We denote the parent node of node as and the child node as . The generation method of  Maximum frequent itemset mining for complete set-enumeration tree according to the max-miner algorithm [23]. Maximal frequent itemset mining is the continuous pruning of the enumeration tree. There are two principles of pruning: firstly, all item sets containing infrequent subsets are infrequent; secondly, if the superset of an item set is a frequent item set, this item set must not be the maximum frequent item set. We prune the enumeration tree according to these two principles. First, the 1-itemset are sorted by frequency of occurrence in the dataset and the candidate itemset C and the frequent itemset F. Second, the frequency of h(g) ∪ t(g) of element g in C is calculated and added to F if it is greater than the threshold value. Otherwise, add its child nodes h(g c ) to C. Third, update the candidate itemset C and the frequent itemset F. Repeat second and third until C = { }. The max-miner algorithm is presented as Algorithm 1. Scan T to count the frequency of all candidate groups in C 7: For each g ∈ C such that h(g) ∪ t(g) is frequent do 8: Remove from F any itemset with a proper superset in F 12: Remove from C any group g such that h(g) ∪ t(g) has a superset in F 13: Return F

Results of Clustering
Through constant parameter tuning, we found that the clustering effect is the best when the threshold is 0.1. A total of six maximum frequent item sets are mined, and these six groups are visualized by R language [24], as shown in Figure 4. The circle diagram in Figure 4 is a Venn diagram used to show the relationship between sets of frequency attributes, with the overlapping parts being the intersection between different sets and the non-overlapping parts being elements specific to the set. However, the Venn diagram is not very readable, and the upset diagram (i.e., bar chart) in Figure 4 can show the relationship between sets more clearly. According to the clustering results, match the corresponding frequency attribute set for ECUs. For example, the gl 1 ,gl 2 and gl 3 collections all have EMS, and the frequency attribute set of EMS is S = {gl 1 , gl 2 , gl 3 }. The set of frequency attributes of automatic parking assist system (APA) is S APA = {gl 4 , gl 5 } and the set of frequency attributes of intelligent remote car anti-theft alarm (GSM) is S GSM = {gl 3 , gl 5 }. According to the in-vehicle communication system designed in this paper, EMS and GSM have the same frequency attribute gl 3 , so they can communicate, while EMS and APA do not have the same frequency attribute, so they cannot communicate.

Communication Architecture
In this section, the in-vehicle communication system based on the above ECU frequency attribute clustering is elaborated. The communication system consists of a GECU and ECUs which are equipped in vehicle. There are four phases to consider for the proposed in-vehicle communication system, namely system initialization, registration, setting the matching strategy and isolated communication.
GECU: The GECU is considered trustworthy and has better computation power and storage capacity than the ECU. The GECU is used to verify the identity of the ECUs.
ECU: ECUs are also known as car computers and their purpose is to control the state of the car and implement its various functions. According to the frequency attribute clus-

Communication Architecture
In this section, the in-vehicle communication system based on the above ECU frequency attribute clustering is elaborated. The communication system consists of a GECU and ECUs which are equipped in vehicle. There are four phases to consider for the proposed in-vehicle communication system, namely system initialization, registration, setting the matching strategy and isolated communication. GECU: The GECU is considered trustworthy and has better computation power and storage capacity than the ECU. The GECU is used to verify the identity of the ECUs.
ECU: ECUs are also known as car computers and their purpose is to control the state of the car and implement its various functions. According to the frequency attribute clustering above, each ECU has a different set of frequency attributes.

System Initialization
The GECU follows the steps below to generate the public parameters and master key, before broadcasting the public parameters across the network.

1.
The GECU inputs the security parameter 1 λ , generate an additive group G and a multiplicative G 1 with prime order p, g is a generator in G. Define a bilinear mapping e : G × G → G 1 .

2.
It can be seen from the above that there are a total of six group labels for ECUs, GECU randomly selects six number for group labels and marks them as gl 1 , gl 2 , gl 3 , gl 4 , gl 5 , gl 6 in Z * P .

Registration
During the registration phase, the GECU verifies the legitimacy of the ECU identity and sends the master key for the ECU with a legitimate identity. To improve the speed of registration, symmetric encryption is used at this stage. Specific registration process is shown in Algorithm 2.

1.
ECU I randomly chooses a ∈ Z * q to generate the request information ag ID ECU I .

2.
ECU I signs the request information ag ID ECU I to obtain the signature information Sig I .

3.
ECU I sends Msg 1 ag ID ECU I ||t||Sig I Certi f icate I to GECU.

1.
The GECU verifies the validity of the timestamp by Formula (1). The maximum time difference allowed by the in-vehicle network is T, the current time is t . 2.
If the timestamp is valid, the GECU confirms the integrity and validity of ECU I by verifying the signature and certificate of the Msg 1 .

3.
After verify the legal identity of ECU I , the GECU randomly choose b ∈ Z * q to generate response information bg ID ECU I , and a signature on response information.

4.
The GECU generates a temporal session key SK = abg, and uses SK to encrypt master key y.

GECU Sends MK to ECU
1. ECU I verifies the validity of the timestamp by Formula (2). The maximum time difference allowed by the in-vehicle network is T, the current time is t . 2.
If the timestamp is valid, ECU I confirms the integrity and validity of GECU by verifying the signature and certificate of the Msg 2 .

3.
After verify the legal identity of GECU, ECU I decrypts E SK (y) in Msg 2 by SK and obtains y.

Setting the Matching Strategy
Based on the above clustering of frequency attributes define the set of frequency attributes as U = {gl 1 , gl 2 , gl 3 , gl 4 , gl 5 , gl 6 }. A tree structure T is used to represent access policies. When x is an internal node, it represents the relationship "or", when x is a leaf node, it represents the frequency attribute. For example, the set of frequency attributes of EMS is S = {gl 1 , gl 2 , gl 3 }. The EMS access structure tree T is shown in Figure 5. In order to represent simply, we define the following two functions. Firstly, ( ) is used to denote the parent of node . Secondly, the function ( ) returns the frequency attribute associated with when is a leaf node. Let the root node of the access tree T be r. The access tree T is denoted and the subtree with root node is denoted . A set of frequency attributes satisfying the access tree structure is denoted ( ) = 1, otherwise, ( ) = 0. The value of is computed recursively, and if is non-leaf node, the value of is computed for each child node ′ of ( ). When at least one child node returns 1, ( ) = 1. When is a leaf node, when

Isolated Communication
We propose an isolated communication system for in-vehicle networks based on asymmetric CP-ABE algorithms. In this system, the key is associated with a frequency attribute. Only ECUs with the same frequency attribute as the sender ECU can decrypt the ciphertext, which guarantees the confidentiality of the architecture. We take , and as an example to illustrate the way in which the ECUs communicate with each other (see Figure 6). The specific steps include the following three algorithms: en- In order to represent simply, we define the following two functions. Firstly, parent(x) is used to denote the parent of node x. Secondly, the function att(x) returns the frequency attribute associated with x when x is a leaf node.
Let the root node of the access tree T be r. The access tree T is denoted T r and the subtree with root node x is denoted T x . A set of frequency attributes S satisfying the access tree structure T x is denoted T x (S) = 1, otherwise, T x (S) = 0. The value of T x is computed recursively, and if x is non-leaf node, the value of T x is computed for each child node x of T x (S). When at least one child node returns 1, T x (S) = 1. When is a leaf node, when att(x) ∈ S, T x (S) = 1. If T r (S) = 1 then it means that the set S of frequency attributes satisfies the access T r .
Based on the clustering results in the previous section, the set of frequency attributes of automatic parking assist system (APA) is S APA = {gl 4 , gl 5 } and the set of frequency attributes of intelligent remote car anti-theft alarm (GSM) is S GSM = {gl 3 , gl 5 }. The access structure of the EMS is denoted T, then T(S APA ) = 0 and T(S GSM ) = 1. This means that the GSM satisfies the EMS access structure and that messages sent encrypted by the EMS can be successfully decrypted by the GSM, but not by the APA.

Isolated Communication
We propose an isolated communication system for in-vehicle networks based on asymmetric CP-ABE algorithms. In this system, the key is associated with a frequency Symmetry 2021, 13, 1177 9 of 16 attribute. Only ECUs with the same frequency attribute as the sender ECU can decrypt the ciphertext, which guarantees the confidentiality of the architecture. We take ECU I , ECU J and ECU K as an example to illustrate the way in which the ECUs communicate with each other (see Figure 6). The specific steps include the following three algorithms: encrypt, keygen and decrypt.
tributes of intelligent remote car anti-theft alarm (GSM) is = { , }. The access structure of the EMS is denoted T, then ( ) = 0 and ( ) = 1. This means that the GSM satisfies the EMS access structure and that messages sent encrypted by the EMS can be successfully decrypted by the GSM, but not by the APA.

Isolated Communication
We propose an isolated communication system for in-vehicle networks based on asymmetric CP-ABE algorithms. In this system, the key is associated with a frequency attribute. Only ECUs with the same frequency attribute as the sender ECU can decrypt the ciphertext, which guarantees the confidentiality of the architecture. We take , and as an example to illustrate the way in which the ECUs communicate with each other (see Figure 6). The specific steps include the following three algorithms: encrypt, keygen and decrypt.  Figure 6. Communicate architecture. Figure 6. Communicate architecture.

1.
Encrypt (S, M, PK): ECU I generates the ciphertext CT according to the encrypt algorithm. The encrypt algorithm takes frequency attribute set S 1 of ECU I , a message M and the public parameters PK as input. ECU I picks up a random value s ∈ Z p , where s is secret value. We denote the number of elements in set S as n. ECU I randomly picks up n elements k i ∈ Z p for gl i ∈ S 1 and set C = Me(g, g) ys ,C 1 = g s . For gl i ∈ S 1 , the algorithm computes C gl = β s + α k i ,C gl = θ −H(gl)k i , C gl = g k i and hashes the value of the gl i in S 1 and construct an access structure tree T as shown in Figure 7. The ciphertext CT = T, C, C 1 , ∀gl ∈ N : C gl , C , gl , C gl .

2.
( , , ): generates key SK according to the keygen algorithm. The keygen algorithm takes frequency attribute set of , the master key MK and the public parameters PK as input.
denotes the number of elements in is m, and randomly picks up m elements ∈ for ∈ . randomly chooses ∈ and computes = + , = . For ∈ , the algorithm computes = and = ( ) + . The secret key = , , ∀ ∈ : , . The steps for are the same as for .

3.
( , , ): decrypts the ciphertext CT according to the decrypt algorithm. The decrypt algorithm takes the frequency attribute set of , the ciphertext CT and secret key SK as input.
computes the hash value of the elements in the set and denotes it as the set . The algorithm chooses , for , which the hash value matches the T.
computes as follows:

2.
Keygen (S, MK, PK): ECU J generates key SK according to the keygen algorithm. The keygen algorithm takes frequency attribute set S 3 of ECU J , the master key MK and the public parameters PK as input. ECU J denotes the number of elements in S 3 is m, and randomly picks up m elements t i ∈ Z p for gl i ∈ S 3 . ECU J randomly chooses t ∈ Z p and computes D 1 = g y + β t , D 2 = g t . For gl i ∈ S 3 , the algorithm computes D gl = g t i and D gl = θ H(gl)t i + α −t . The secret key SK = D 1 , D 2 , ∀gl ∈ GL : D gl , D gl . The steps for ECU K are the same as for ECU J .

3.
Decrypt (CT, SK, S): ECU J decrypts the ciphertext CT according to the decrypt algorithm. The decrypt algorithm takes the frequency attribute set S 3 of ECU J , the ciphertext CT and secret key SK as input. ECU J computes the hash value of the elements in the set S 3 and denotes it as the set S 3 . The algorithm chooses D gl , D gl for gl, which the hash value matches the T. ECU J computes as follows: B = e g s , g y + β t /e β s , g t (6) B = e(g, g) sy (7) ECU J obtains the M = CB . The frequency attribute set S 2 of the ECU K does not satisfy the access structure tree T, so the ECU K decryption fails.

Security Analysis of the Proposed Scheme111
In this section, we present a theoretical proof of the security of the proposed communication architecture for IoV.

Theorem 1.
Assuming that the computational Diffie-Hellman (CDH) assumption is established, the MK in the proposed system cannot be obtained.
Proof of Theorem 1. If the adversary A can compute temporal session key SK = abg, it is possible for A to obtain MK. The advantage of a successful attack by A is Adv A . We use A to construct algorithm A CDH to solve the CDH problem.
A DL randomly picks y, θ, α, β ∈ Z p and publishes the public parameters are: PK = (p, g, G, G 1 , e), θ, α, β, e(g, g) y and saves the master key MK = y. A can make queries about A CDH to q CDH times.
Query: A makes queries about SK, the algorithm A DL returns ag and bg to A. Challenge: After A receives ag and bg, A uses (ag, bg) to call algorithm A DL . That is given ag, bg, compute abg. The advantage of A challenge success in this process is Adv A = q CDH × Adv CDH . The advantage Adv A of the algorithm in successfully solving the CDH problem in the polynomial time is negligible. Therefore, the adversary A does not have access to the temporal session keys SK and MK.

Theorem 2.
Assuming that the decisional Diffie-Hellman (DDH) assumption is established, plaintext cannot be extracted from ciphertext.

Proof of Theorem 2.
If there is a polynomial-time adversary A that can attack our scheme with advantage of ε, we can construct a simulator B to play the DDH game with advantage of ε. Given a DDH paradigm g, g a , g b , Z , B creates the following simulation.
Init: The adversary A commits to simulator B the challenge access tree T. The simulator B sets the public parameters according to the following steps. It randomly picks y, m, n ∈ Z p and calculates θ = g m , β = g n and sets the public parameter PK = (p, g, G, G 1 , e), θ, α = g a , β, e(g, g) y and the master key MK = y. The simulator sends the PK to the adversary A.
Phase 1: The adversary A can query the SK of the frequency attribute set S. If S cannot satisfy the challenge access tree, B will calculate SK and send it to A as follows. B randomly pick t ∈ Z p , t i ∈ Z p 1≤i≤m and D 1 = g y + β t ,D 2 = g t . For gl ∈ S, the algorithm computes D gl = g t i and D gl = θ −H(gl)t i + α −t . The secret key SK = D 1 , D 2 , ∀gl ∈ GL : D gl , D gl . Challenge: The adversary A submits two messages M 0 and M 1 of equal length to B. The simulator randomly selects a message M b to encrypt and sends the encrypted ciphertext CT to A. The ciphertext is output as: CT = P , C, C 1 , ∀gl ∈ N : C gl , C , gl , C gl C = Me(g, g) ys = me(g, g) yab = me g a , g b y which implies s = ab,C 1 = Z. For gl ∈ N, the algorithm computes C gl = g ns + g ak i ,C gl = θ H(gl)k i , C gl = g k i . For gl / ∈ N, the algorithm computes C gl = g ns + g ak i , C gl = g k i and randomly selects C gl ∈ G. Phase 2: Repeat Phase 1 and any S cannot satisfy the challenge access tree. Guess: The adversary A computes M. When C 1 = Z = g ab , the ciphertext is wellformed and the plaintext M is computed correctly. A can guess b correctly. When Z is randomly chosen, m is random and A can only guess b randomly, So if b = b, B return η = 1. Otherwise, B returns η = 0. However, DDH difficulty problem is unsolvable in probabilistic polynomial time. Therefore, we can conclude that the proposed scheme satisfies IND-CPA secure.

Simulation and Evaluation
To evaluate the performance of the proposed scheme, we carried out hardware-based performance evaluation and software simulation based on in-vehicle network simulator (IVNS) [25]. The performance evaluation environment is illustrated in Figure 8, and the specifications of equipment used for evaluation are listed in Table 2.  Intel core i5-8259U 1.6 GHz RAM 8GB

Hardware-Based Performance Evaluation
To measure the time parameters of registration, keygen, encrypt, decrypt success and failure, we carried out hardware-based performance evaluation. In our scheme, all ECU must send a registration request to GECU before the vehicle starts, and the ECU passing the registration request can obtain important parameters for communication. After obtaining the important parameters, ECU generates the key for decryption according to its

Hardware-Based Performance Evaluation
To measure the time parameters of registration, keygen, encrypt, decrypt success and failure, we carried out hardware-based performance evaluation. In our scheme, all ECU must send a registration request to GECU before the vehicle starts, and the ECU passing the registration request can obtain important parameters for communication. After obtaining the important parameters, ECU generates the key for decryption according to its own set of frequency attributes. When ECU I sends a data frame, it encrypts the message according to the set of frequency attributes, hashes the frequency attributes of the set and construct an access structure tree T to achieve the effect of protecting the privacy of the ECU I , and embeds T in the ciphertext for broadcasting in the network. When the ECU J receives the ciphertext, it hashes its own set of frequency attributes first, if it meets the access structure tree T, it is considered successful decryption, otherwise, the decryption failed. We apply this scheme to the microcontrollers of STM32H743 and STM32H743IIT6 and evaluate their performance. To minimize errors, these four algorithms were run 100,000 times respectively, and the average, maximum and minimum execution time were measured.
As shown in Figure 9, the average time of successful registration is 8.24 ms. The ignition time of a car is about 1 s generally, and the number of ECU nodes in the car will not exceed 100, so the scheme can meet the real-time requirements of current intranet. The average time of key generation, encryption, decryption success and failure are 2.78 ms, 4.12 ms, 6.9 ms and 1.98 ms, respectively.

Network Simulator-Based Evaluation
We use the software IVNS, STM32H743 and STM32H743IIT6 microcontrollers to build an evaluation environment similar to the real in-vehicle network environment. IVNS is an in-vehicle network simulator developed by Mundhenk et al., based on the discrete event simulation framework (SimPy) in Python language in 2016. It can evaluate the real-time performance of in-vehicle network well. We imported the average execution time of registration, key generation, encryption, successful decryption and failure decryption based on the hardware performance evaluation into the IVNS database, and performed the performance evaluation based on the network simulator. STM32H743 serves as the GECU and STM32H743IIT6 serves as the ECU.

Analysis of Calculation Time Consumption
For the measurement of time calculation consumption, we defined the following scenarios and performed a performance evaluation.
(1) Sender-ECU encrypts data frames based on the set of frequency attributes.
(2) Sender-ECU broadcasts the ciphertext and access structure tree T on the network.
(3) Receiver-ECU receives ciphertext and access structure tree T. (4) If the frequency attributes set of receiver-ECU meets the requirements of the access structure tree T, decryption will be carried out and plaintext will be obtained. Otherwise, decryption fails.

Network Simulator-Based Evaluation
We use the software IVNS, STM32H743 and STM32H743IIT6 microcontrollers to build an evaluation environment similar to the real in-vehicle network environment. IVNS is an in-vehicle network simulator developed by Mundhenk et al., based on the discrete event simulation framework (SimPy) in Python language in 2016. It can evaluate the real-time performance of in-vehicle network well. We imported the average execution time of registration, key generation, encryption, successful decryption and failure decryption based on the hardware performance evaluation into the IVNS database, and performed the performance evaluation based on the network simulator. STM32H743 serves as the GECU and STM32H743IIT6 serves as the ECU.

Analysis of Calculation Time Consumption
For the measurement of time calculation consumption, we defined the following scenarios and performed a performance evaluation.
(1) Sender-ECU encrypts data frames based on the set of frequency attributes.
(2) Sender-ECU broadcasts the ciphertext and access structure tree T on the network.
(3) Receiver-ECU receives ciphertext and access structure tree T. (4) If the frequency attributes set of receiver-ECU meets the requirements of the access structure tree T, decryption will be carried out and plaintext will be obtained. Otherwise, decryption fails.
We measured the execution time from the time the sender ECU encrypts the data frame to the time all the receiver ECUs decrypt the message. By fixing the bit rate of the arbitration segment at 0.5 Mbit/s, the bit rate of the data segment at 4 Mbit/s, and the data transmission cycle of the ECU at 50ms, the communication response time of the ECU at same CPU clock rate is measured. We measured the response time of Sec suggestion in [18] and LiBrA suggestion in [19] under the same circumstances and compared them to the proposed scheme. The communication response time under different ECU numbers is shown in Figure 10. Since the encrypted data frames are forwarded by the GECU, the Sec's response time is higher than ours. At the same time, since there are 2 n communication groups for n nodes, LiBrA's response time is higher than ours when the number of ECUs increases. For example, with 80 ECUs in the vehicle, the response time of our solution is 34% faster than Sec and 57% faster than LiBrA.

Analysis of Bus Load Rate
Bus load rate refers to the actual legend of the total number of bits per unit time of the bus and the total number of bits per unit time of the legend of the bus, and is an important index to measure the performance of the in-vehicle network communication, we can read the communication of the bus load rate through the IVNS added monitor. By fixing the bit rate of the arbitration segment at 0.5 Mbit/s, the bit rate of the data segment at 4 Mbit/s, and the data transmission cycle of the ECU at 20 ms, the bus load rate of the architecture in this paper is evaluated. We measured the bus load rate of Sec suggestion in [18] and LiBrA suggestion in [19] under the same circumstances and compared them to the proposed scheme. The bus load rate under different ECU numbers is shown in Figure  11. Due to the fact that there are 2 communication groups for n nodes and that the ECUs store multiple keys, the bus load rate of the LiBrA increases significantly when the number of ECUs increases. Since the encrypted data frames are forwarded by the GECU, the Sec's bus load rate is higher than ours. As the encryption and decryption of our solution is less affected by the number of ECUs, the bus load rate of our solution is 7.8% lower than Sec and 20.6% lower than LiBrA at a number of 80 ECUs in the vehicle.
Under normal circumstances, the bus load rate must be maintained below 30% in order to meet the real-time requirements of intelligent networked vehicles for in-vehicle communication. As shown in Figure 11, the bus load rate of our scheme is kept below 30%, which meets the real-time communication requirements of vehicles. The proposed scheme simplifies key management and reduces bus load by constructing access policies for each ECU and isolating unauthorized ECUs, meeting the real-time needs of the invehicle network.

Analysis of Bus Load Rate
Bus load rate refers to the actual legend of the total number of bits per unit time of the bus and the total number of bits per unit time of the legend of the bus, and is an important index to measure the performance of the in-vehicle network communication, we can read the communication of the bus load rate through the IVNS added monitor. By fixing the bit rate of the arbitration segment at 0.5 Mbit/s, the bit rate of the data segment at 4 Mbit/s, and the data transmission cycle of the ECU at 20 ms, the bus load rate of the architecture in this paper is evaluated. We measured the bus load rate of Sec suggestion in [18] and LiBrA suggestion in [19] under the same circumstances and compared them to the proposed scheme. The bus load rate under different ECU numbers is shown in Figure 11. Due to the fact that there are 2 n communication groups for n nodes and that the ECUs store multiple keys, the bus load rate of the LiBrA increases significantly when the number of ECUs increases. Since the encrypted data frames are forwarded by the GECU, the Sec's bus load rate is higher than ours. As the encryption and decryption of our solution is less affected by the number of ECUs, the bus load rate of our solution is 7.8% lower than Sec and 20.6% lower than LiBrA at a number of 80 ECUs in the vehicle.
Under normal circumstances, the bus load rate must be maintained below 30% in order to meet the real-time requirements of intelligent networked vehicles for in-vehicle communication. As shown in Figure 11, the bus load rate of our scheme is kept below 30%, which meets the real-time communication requirements of vehicles. The proposed scheme simplifies key management and reduces bus load by constructing access policies for each ECU and isolating unauthorized ECUs, meeting the real-time needs of the invehicle network.

Conclusions
In this paper, a secure and efficient in-vehicle communication system is designed based on an asymmetric ABE algorithm. First, the ECU communication frequency relationship is analyzed according to the max-miner algorithm of the maximum frequent term set, and the frequency attributes of ECUs are classified based on the mining results. Secondly, access structures are designed according to the set of frequency attributes of the ECUs to build the in-vehicle network communication system. In our scheme, only ECUs that meet the ciphertext requirements can decrypt the data, ensuring data confidentiality while reducing the risk of attacks on the in-vehicle network. In addition, we demonstrate through theoretical proof that the scheme in this paper achieves IND-CPA security. Finally, our solution is evaluated by means of a hardware platform and IVNS software. The evaluation results show that the scheme meets the requirements of in-vehicle networks in terms of communication latency and busload.
In the future, as driverless technology becomes more popular, there will be higher requirements for data transmission efficiency in in-vehicle networks. Designing faster and more secure in-vehicle communication solutions is the focus of our research.

Conflicts of Interest:
The authors declare no conflicts of interest.

Abbreviations
The following abbreviations are used in this paper: ℎ( ) Prefix of node g ( ) Suffix of node g Parent node of g Child node of g Figure 11. Bus load rate.

Conclusions
In this paper, a secure and efficient in-vehicle communication system is designed based on an asymmetric ABE algorithm. First, the ECU communication frequency relationship is analyzed according to the max-miner algorithm of the maximum frequent term set, and the frequency attributes of ECUs are classified based on the mining results. Secondly, access structures are designed according to the set of frequency attributes of the ECUs to build the in-vehicle network communication system. In our scheme, only ECUs that meet the ciphertext requirements can decrypt the data, ensuring data confidentiality while reducing the risk of attacks on the in-vehicle network. In addition, we demonstrate through theoretical proof that the scheme in this paper achieves IND-CPA security. Finally, our solution is evaluated by means of a hardware platform and IVNS software. The evaluation results show that the scheme meets the requirements of in-vehicle networks in terms of communication latency and busload.
In the future, as driverless technology becomes more popular, there will be higher requirements for data transmission efficiency in in-vehicle networks. Designing faster and more secure in-vehicle communication solutions is the focus of our research.

Conflicts of Interest:
The authors declare no conflict of interest.