SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing

: With the maturity and popularization of the Internet of Things, we saw the emergence of the Internet of Vehicles. This collects and processes real-time trafﬁc information, alleviates trafﬁc congestion, and realizes intelligent transportation. However, sensitive information, such as real-time driving data of vehicles, are transmitted on public channels, which are easily to steal and manipulate for attackers. In addition, vehicle communications are vulnerable to malicious attacks. Therefore, it is essential to design secure and efﬁcient protocols. Many studies have adopted asymmetric cryptosystems and fog computing to in this environment, but most of them do not reﬂect the advantages of fog nodes, which share the computational burden of cloud servers. Therefore, it is challenging to design a protocol that effectively uses fog nodes. In this paper, we design an authentication protocol based on a symmetric encryption algorithm and fog computing in the Internet of Vehicles. In this protocol, we ﬁrst propose a four-layer architecture that signiﬁcantly reduces the computational burden of cloud servers. To resist several well-known attacks, we also apply Intel software guard extensions to our protocol. This is because it can resist privileged insider attacks. We prove the security of the proposed protocol through the Real-Or-Random model and informal analysis. We also compare the performance of the proposed protocol with recent protocols. The results show better security and a lower computational cost.


Introduction
With the maturity and popularization of the Internet of Things (IoT) [1,2], a special network connecting vehicles through the Internet has emerged: the Internet of Vehicles (IoV) [3][4][5]. The IoV is a subset of the IoT that realizes communication by vehicle-to-vehicle (V2V), vehicle-to-pedestrian (V2P), and vehicle-to-infrastructure (V2I) connections. The IoV collects, processes, and shares road information in real time, alleviates traffic congestion in traffic control, and reduces traffic accidents through early warnings to ensure vehicle safety. It also realizes intelligent transportation to improve its efficiency.
Previously, researchers introduced cloud computing into the IoV to efficiently process large amounts of real-time road information. With an increasing number of vehicles, the computational burden of the cloud server (CS) is also increasing. The authors of [6][7][8] proposed a definition of fog computing. Compared with cloud computing, fog computing has the characteristics of low latency, large numbers, wide distribution, and lighter computing. Fog and cloud computing are complementary but not substitutes. Cloud computing realizes the calculation or storage of a large amount of data, compensating for the lack of computing resources for fog nodes.
Recently, the literature [9][10][11][12] has involved research on authenticated key agreement (AKA) protocols for applying fog computing to the IoV. In 2019, Ma et al. [9], based on asymmetric cryptosystems and fog computing, proposed an AKA protocol. The protocol used the traditional three-layer architecture: "vehicle-fog node-CS", where the vehicle and roadside unit (RSU) play the participant (i.e., vehicle). However, the protocol showed that the participation of a CS was required for each authentication, which did not reflect the advantages of fog nodes and did not realize the function of fog nodes sharing the computational burden of a CS. Moreover, Eftekhari et al. [10] found that the protocol [9] was insecure and vulnerable to stolen smart card attacks, known session-specific temporary information disclosure attacks, and privileged insider attacks. Based on this architecture, Eftekhari et al. [10] designed an improved protocol that did not reflect the advantages of fog nodes. In 2020, Wu et al. [11] proposed a fog-based AKA protocol based on the traditional three-layer architecture. However, the RSU was a fog node. Each communication required the participation of a CS. In 2021, following the architecture presented in [11], Wu et al. [12] proposed a lightweight AKA protocol that still did not realize the function of fog nodes sharing the computational burden of a CS.
Although the above AKA protocols [9][10][11][12] use fog computing, they fail to realize the function of fog nodes sharing the computational burden of a CS. This is because in the conventional architecture, fog nodes actually replace the RSU, and computing is still on the CS, which does not reduce the computational burden of the CS. Therefore, we first propose a four-layer architecture: "vehicle-RSU-fog node-CS". The four-layer architecture of the IoV based on fog computing is shown in Figure 1. In this architecture, when a vehicle enters the road and wants to communicate with the RSU, the communication modes are divided into the following two cases: 1.
Case 1: The RSU judges that the vehicle communicates with itself for the first time and then sends a data request to the CS. The CS sends a response to the RSU accordingly and simultaneously sends the data response to the fog node. Thereafter, the vehicle and RSU realize their communication with the assistance of the fog node. The four entities involved in this communication process are the vehicle, RSU, fog node, and CS.

2.
Case 2: This extends from Case 1. Only the fog node (without the participation of the CS) can help the vehicle and RSU to realize communication. Here, this architecture effectively realizes the function of the fog node sharing the computational burden of the CS.
The IoV environment still has some security challenges. For example, sensitive information such as vehicle real-time driving data are transmitted on a public channel, which is easy to steal from and manipulate for an attacker, resulting in the disclosure of vehicle privacy. In addition, the process of vehicle communication is vulnerable to replay attacks [13], impersonation attacks [14][15][16], and privileged insider attacks [9], among others. Therefore, to ensure communication and protect the sensitive data of vehicles, a safe and effective protocol must be designed.
Due to the above security challenges of the IoV environment, researchers are committed to enhancing the security of the IoV. Therefore, a hardware-based, trusted execution environment called software guard extensions (SGX) [17][18][19] has emerged. SGX is secure hardware developed by Intel. The difference between SGX and other security software is that it only includes hardware, which avoids software vulnerabilities and malicious threats in the system and largely ensures system security. In addition, SGX provides a trusted execution environment, as malicious code cannot access or tamper with any sensitive data stored in SGX, guaranteeing data confidentiality and integrity. The structure of SGX mentioned in [17]. Preserved random memory (PRM) is a reserved area for SGX in the dynamic memory, and the Enclave Page Cache (EPC) is a part of the PRM. SGX has a secure container called Enclave, which is stored in the EPC to store sensitive data and code. The user enters the value into the Enclave through the Ecall. After SGX completes the confidential computing in the Enclave, it returns the computational results through Ocall.  To ensure secure communication and reduce the computational burden of the CS, we propose an authentication protocol under a four-layer architecture. We also apply SGX and a symmetric encryption algortihm to the proposed protocol to resist several well-known attacks. Our main contributions are as follows: (1) We first propose a four-layer architecture in the IoV environment as shown in Figure 1.
Adopting such an architecture reduces the computational pressure of the CS. (2) We apply SGX to store the private value of the fog node and RSU in SGX so that even if the attacker obtains the data in the authentication table, he or she cannot obtain the private values in SGX. In other words, SGX can make the proposed protocol resist privileged insider attacks and enhance the security of the protocol. (3) We prove the security of the proposed protocol through the Real-Or-Random model (ROR) and informal analysis. Furthermore, we compare the performance of the proposed protocol with recent protocols, with the results showing better security and a lower computational cost.
The rest of the paper is organized as follows. Section 2 briefly reviews the relevant research work. Section 3 describes the system model and proposed protocol in detail. In Section 4, we use the ROR model and informal analysis to prove the protocol's security. We compare the performance of the proposed protocol with recent protocols and discuss the obtained results in Section 5. Finally, we provide a brief summary of the content of this study in Section 6.

Related Work
Researchers have conducted extensive research on security challenges based on the IoV [20,21]. In 2007, Raya et al. [22] determined that information transmission security should be ensured in the IoV. Therefore, cryptographic technology, namely the public key infrastructure (PKI) mechanism, was introduced into the proposed protocol. Although this technology ensured that the vehicles privacy was not leaked, the computational cost was extremely high. In 2011, Huang et al. [23] designed an AKA protocol for value-added services known as ABAKA. The protocol realized anonymity but used elliptic curve cryptography (ECC), and the overhead remained extremely high. In 2017, Ying et al. [13] designed a protocol and claimed that it realized anonymous and secure communication. The protocol had a low computational cost and was lightweight. Mohit et al. [14] proposed a secure authentication protocol that configured vehicle sensors for the IoV to monitor the vehicle and the surrounding environment. However, Yu et al. [15] found that the protocol [14] was vulnerable to user impersonation attacks and could not provide anonymity or mutual authentication. Yu et al. [15] designed an improved protocol for ensuring communication security. However, Sadri et al. [24] found that the protocol [15] was vulnerable to user impersonation and sensor capture attacks and could not provide untraceability. Sadri et al. [24] designed a secure protocol based on this. In 2021, Jiang et al. [25] designed an authentication protocol based on a physical unclonable function (PUF). This protocol effectively combined biometrics and a PUF to achieve secure identification and authentication. In the same year, Kurma et al. [26] designed a new authentication protocol for the IoV. The protocol [26] was based on radio frequency identification, which increased the protocol security and used ECC at a high computational cost.
In previous years, to achieve efficient authentication, the literature [27,28] adopted the cloud computing architecture to different environments. Later, researchers found that fog computing is more suitable for the IoV than cloud computing with a large amount of real-time data to process. Therefore, scholars have applied fog computing to the IoV to reduce the computational burden of the CS. Wazid et al. [29] proposed a protocol based on authentication key management (AKM) between two different entities, namely AKM and the IoV, to realize security authentication in the IoV. Han et al. [30] proposed a security protocol based on fog computing [30], which had two highlights. One was that the vehicle and RSU were self-authenticated without the participation of the trusted authority (TA), which improved the communication efficiency. The other was that the fog node managed the pseudonym of the vehicle to realize privacy protection. Soleymani et al. [31] designed a message authentication protocol that used bilinear pairing primitives with a high overhead. The protocol [31] also used pseudonym management for privacy protection. Ma et al. [9], based on asymmetric cryptosystems and fog computing, proposed an AKA protocol. The protocol used ECC at a high computational cost, and they claimed that the protocol was provably secure. However, Eftekhari et al. [10] found that the protocol [9] was vulnerable to known session-specific temporary information disclosure, privileged insider, and stolen smart card attacks. Eftekhari et al. [10] proposed an improved lightweight protocol. Wu et al. [11] proposed an AKA protocol. The protocol also used ECC, which had a large computational cost and computational burden from the CS under the architecture used. In 2021, Wu et al. [12] designed a lightweight AKA protocol, which was also based on the above architecture and did not realize the function of fog nodes sharing the computational burden of the CS. The main works related to this paper are summarized in Table 1.

The Proposed Protocol: SGXAP
This section introduces the system model and the proposed protocol in detail. Definitions and specific descriptions of the symbols used in the protocol are listed in Table 2.

Symbol Description
The m-th fog node CS Cloud server

and FS m K CS
Secret key of CS SK Session key D k () and E k () Symmetric encryption and decryption algortihm

System Model
The system includes four entities: the vehicle, RSU, fog node, and CS. In this model, the RSUs know which fog nodes they are deployed in, and the CS also knows which fog node RSU is deployed. These four entities, namely the definition, function, computing power, and storage capability of each role, are explained in detail below: (1) Vehicle: This refers to the vehicle or vehicle user who selects the appropriate speed or driving route by acquiring the relevant real-time road information collected by the RSU. (2) RSU: This is a semi-trusted device that collects real-time road condition information.
It is arranged on both sides of the road and has weak computing power and storage capacity. The RSU judges whether the vehicle is communicating with itself for the first time. (3) Fog node: This is a semi-trusted entity with certain computing power. It quickly processes the road condition information collected by the RSU and can store data. As a third party, the fog node participates in communicating between the vehicle and RSU. (4) CS: This is a semi-trusted entity which can realize the calculation or storage of a large amount of data. Here, the CS is the registration center, which participates in registering vehicle, RSU, and fog node. For Case 1, it is also the data transmitter.
When the vehicle wants to communicate with the RSU, there are two communication modes: Case 1 is shown in Figure 2. The RSU judges that the vehicle communicates with itself for the first time and sends a data request to the CS. Then, the CS transmits the private value of the vehicle to the fog node and RSU. Here, the RSU stores the private data of the vehicle to judge whether the communication between the vehicle and itself is happening for the first time. The fog node stores information about the vehicle to realize the authentication process. Finally, the vehicle and RSU realize communication through the fog node.

2.
Case 2 is shown in Figure 3. This case extends Case 1. Therefore, only the fog node (without the participation of the CS) can help the vehicle and RSU to realize communication. This is because in the first communication, the fog node and RSU know the private information of the vehicle. Here, this architecture dramatically reduces the computational burden of the CS.

The Proposed SGXAP
The proposed protocol comprises three phases: registration, login authentication, and data transmission.

Registration Phase
The registration phase of the proposed protocol includes the V i , RSU j , and FS m registration phases. In the V i registration phase, V i registers with the CS, as shown in Figure 4. The detailed registration steps are as follows: (1) First, V i selects the ID i , password PSW i , biometrics BIO i , and random number r i , computes Gen(BIO i ) = (σ i , τ i ), and finally transmits {ID i } to the CS. (2) After CS receives the message {ID i }, it selects r c , computes PID i = h(ID i r c ) and TK V−C = h(PID i K CS ), and then saves the pseudo identity {PID i } in the database before finally In the RSU j registration phase, RSU j registers with the CS, as shown in Figure 5. The detailed registration steps are as follows: FS m stores {PID j , TK R−C } in SGX and stores {PID j , ID j } in database. (1) First, RSU j selects the ID j and random number r j and then transmits {ID j , r j } to the CS. (2) After the CS receives the message {ID j , r j }, it selects r s , computes PID j = h(ID j r j r s ) and In the FS m registration phase, FS m registers with the CS, as shown in Figure 6. The detailed registration steps are as follows: (1) First, FS m selects the identity ID f and random number r f and then transmits {ID f , r f } to the CS.

Login and Authentication Phase
The vehicle and RSU achieve authentication and establish a session key with the assistance of the fog node to realize secure communication. The authentication of the proposed protocol has the following two cases: 1.
Case 1. V i communicates with RSU j under FS m for the first time. The authentication process needs the assistance of FS m and the participation of the CS. When RSU j receives the message M 1 sent by V i , it cannot retrieve the private value of V i through the pseudo-identity PID i . Then, RSU j enters the data transmission phase and sends a data request Req j to the CS. After the CS successfully verifies RSU j , it sends the private value of V i to RSU j and FS m , and then RSU j and FS m store the private value. Finally, V i , RSU j , and FS m continue to realize relevant authentication. The entire process includes the authentication phase of Figure 7 and the data transmission phase of Figure 8.

2.
Case 2. V i has communicated with RSU j under FS m . Therefore, the private value of V i is stored in RSU j and FS m , and the entire authentication process can be realized without the CS participating. The process is the login authentication phase, as shown in Figure 7.
The entities in the authentication phase include V i , RSU j , and FS m without the CS participating. The specific authentication steps are illustrated in Figure 7.
Matches TK R−C according to PID j and compute: (1) V i first enters its own ID i , PSW i , and BIO i , and the SC computes σ i = Rep(BIO i , τ i ), RPW i = h(PSW i σ i ), and P * i = h(ID i RPW i r i ) and compares P * i ? = P i . If they are equal, then the login is successful. Otherwise, the login fails. After successfully logging in to the SC, V i selects a random number N i and timestamp T 1 and computes (2) After RSU j receives M 1 from V i , it first checks the freshness of the timestamp T 1 .
If the limit is exceeded, then the authentication is suspended. Otherwise, the authentication continues. Then, RSU j indexes TK V−C stored in SGX according to PID i . If it cannot be indexed, then it indicates that V i is communicating with RSU j for the first time. Here, RSU j sends a data request to the CS, requesting the CS to send the private value of V i to itself and FS m , as shown in Figure 8, and then continue to realize the authentication process. If it can be indexed, V i is not communicating with RSU j for the first time, and the authentication process continues. Later, RSU j selects N j , and T 2 computes TN R−C = h(TK R−C PID j ), TV R−C = N j ⊕ TN R−C , and V 2 = h(ID j N j TV R−C ). Finally, RSU j sends the message = V 1 . If they are equal, this indicates that V i is legal. Otherwise, the authentication is suspended. FS m finds the identity ID j according to PID j and then sends PID j to the security interface of SGX. SGX matches the secret value TK R−C according to PID j , computes TN R−C = h(TK R−C PID j ), and outputs the secret value TN R−C from the secure interface. Then, FS m computes N j = TN R−C ⊕ TV R−C , V 2 = h(ID j N j TV R−C ) and compares V 2 ? = V 2 . If they are equal, RSU j is legal. Otherwise, the authentication is suspended. After authenticating V i and RSU j , FS m selects timestamp (4) After RSU j receives the message M 3 from FS m , it checks the freshness of T 3 and computes (ID If they are equal, FS m is legal. Otherwise, the authentication fails. After the authentication is successful, RSU j selects the timestamp T 4 and computes If they are equal, RSU j is legal. Otherwise, the authentication fails.

Data Transmission Phase
When V i communicates with RSU j under FS m for the first time, the private value of V i is not stored in RSU j or FS m . Thus, RSU j requests private data from the CS. The entities in this phase include RSU j , FS m , and the CS. According to Case 1, when RSU j receives the message M 1 sent by V i and does not retrieve the privacy value of V i through PID i , RSU j requests data from the CS, as shown in Figure 8. The specific steps are as follows: (1) RSU j generates a data request Req j , selects N R and T 5 , and computes TV R−C = (ID j TK R−C ) ⊕ N R and V 5 = h(ID j N R TV R−C ). Finally, the message M 5 = {Req j , PID i , PID j , PID f , TV R−C , V 5 , T 5 } is sent to the CS. (2) After the CS receives M 5 from RSU j , it checks the freshness of T 5 . After finding ID j according to PID j , the CS computes TK R−C = h(PID j K CS ), N R = (ID j TK R−C ) ⊕ TV R−C , and V 5 = h(ID j N R TV R−C ) and compares V 5 ? = V 5 . If they are equal, RSU j is legal. Otherwise, the authentication is suspended. Then, CS selects T 6 and T 7 and computes The CS finds ID f according to PID f and computes After completing the above data request, V i , RSU j , and FS m continue the authentication process.

RSU j CS FSm
Generates Req j Selects N R , T 5

Formal Security Analysis
The ROR model, proposed by Canetti et al. [32], calculates the probability that the attacker (A) can break the SK through multiple query operations to prove the security of the protocol. Here, we compute the probability of cracking the SK and prove that our protocol is secure.

Adversary Model
We used the Dolev-Yao and Canetti-Krawczyk models to define the capabilities of A [33,34]. The specific capabilities are as follows: (1) A can intercept, interrupt, forge, and replay the information transmitted on the common channel. (2) A can act as malicious insiders of the fog nodes and CS to obtain internal information. Here, we use Π m V , Π n RSU , and Π z FS to represent the m-th V i , n-th RSU j , and z-th FS m instances, respectively. Here, we assume that the query capabilities of A are Y = {Π m V , Π n RSU , and Π z FS }:

Security Requirements
The secure AKA protocol should meet the following security requirements:

1.
User anonymity and untraceability: A can neither obtain the real identity of the communication entity nor trace the session key of the communication process through the data transmitted on the public channel.

2.
Resistance of common attacks: The secure AKA protocol should be able to resist the following attacks: (1) Privileged insider attacks: As an A, the insiders of the communication entity spy on the private data stored in the database to disguise as a legal entity or obtain the session key; (2) Impersonation attacks: A intercepts and decrypts the data transmitted on the public channel, disguises as a legal entity, communicates with other entities, and establishes a session key; (3) Known temporary information disclosure attacks: A calculates the session key in the communication process by obtaining the random number of an entity and the data transmitted on the public channel; (4) Man-in-the-middle attacks: A intercepts the data transmitted on the public channel, tampers with the data, and establishes the session key with the legal entity without the knowledge of both parties of the communication entity; (5) Offline password guessing attacks: A intercepts the verification value containing the password stored on the public channel or in the smart device, repeatedly guesses the password, calculates the verification value in the offline state, and compares it with the intercepted verification value until the two values are equal; (6) Replay attacks: A repeatedly sends the message transmitted on the public channel to the communication entity so as to deceive the entity and interfere with normal communication; (7) Stolen smart card attacks: After A steals the smart card and obtains the parameters about the entity identity before using the parameters to launch camouflage attacks or malicious acts.

Theorem 1.
Suppose that A can execute the above queries and the probability that A can break the proposed protocol P in polynomial time is adv P A (ξ) ≤ q send /2 l−1 + 3q 2 hash /2 l + 2max{C · q s send , q send /2 l }. Here, q send refers to the number of queries executed, q hash refers to the number of times the hash is executed, l refers to the bit length of the biological information, and C and s refer to two constants.
Proof. We define seven games GM 0 -GM 6 to simulate the attack process of A. In the proof, Succ GM i A (ξ) represents the probability that A can win multiple rounds of the game. The process of A simulating the query is shown in Table 3. The proof steps are as follows: GM 0 : In the ROR model, the simulation of GM 0 is consistent with a real attack. Therefore, we have GM 1 : GM 1 and GM 0 are different from the GM 1 add Execute() operation. In GM 1 , A can intercept {M 1 , M 2 , M 3 , M 4 } transmitted on the common channel. When GM 1 ends, A executes a Test() query to compute the SK, where SK = h(ID i ID j N i N j ). As {ID i , ID j , N i , N j } is confidential to A, the probability of GM 1 is equal to GM 0 . The probability of GM 1 is (2) GM 2 : The difference between GM 2 and GM 1 is that GM 2 adds the Send() operation. According to Zipf's law [35], the probability of GM 2 is expressed as GM 3 : GM 3 adds the Hash() operation and reduces the Send() operation. According to the birthday paradox, the probability of GM 3 is GM 4 : In GM 4 , A obtains temporary information to verify that it is resistant to known temporary information disclosure attacks. A can obtain a random number for one of the two parties: Π m V and Π n RSU . Suppose A obtains a random number N i . As ID i , ID j , and N j are unknown, the SK cannot be computed. Similarly, if the random number N j is leaked, then the SK cannot be computed by A. Therefore, the probability of GM 4 is expressed as GM 5 : In this game, A executes the Corrupt(Π m V ) query to obtain the parameters {PID i , r i , P i , TR i , τ i } in the smart card. Legitimate users typically use low-entropy passwords. A may attempt to extract the password PSW i by executing an offline password guessing attack using the parameters {PID i , r i , P i , TR i , τ i }. However, in our protocol, A cannot obtain PSW i without the biometric information τ i and secret credential RPW i . The probability of A guessing one bit of biological information is 1/2 l . According to Zipf's law [35], when q send ≤ 10 6 , the probability that A can guess a password is greater than 0.5. These results prove that the proposed protocol is resistant to offline password guessing attacks. Therefore, we can derive GM 6 : This game verifies whether the proposed protocol is resistant to impersonation attacks. The difference between GM 6 and GM 5 is that A uses h(ID i ID j N i N j ) for the query operation, and the probability of successfully obtaining SK is The probability of the success and failure of GM 6 is 1/2. Therefore, the probability that A can guess SK is Using these formulas, we obtain Therefore, we can obtain Adv P A ≤ q send /2 l−1 + 3q 2 hash /2 l + 2max{C · q s send , q send /2 l }.

Send(Y, M)
On a query Send(Π m V , start), we assume Π m V is a normal state. Π m V selects N i , T 1 and computes TK V−C = TR i ⊕ h(RPW i r i ), , and checks V 1 . If the verification holds, continue to calculate TN R−C , N j and check V 2 . If it is equal, select T 3 and compute TV F−R , V 3 .
, SK, and V 3 and checks V 3 . If V 3 holds, Π n RSU selects T 4 and computes TV R−V , V 4 . Then, Send(Π n RSU , N j ), SK, and V 4 and checks V 4 . If it is not equal, then the query process is terminated. Otherwise, Π m V accepts and terminates.

Execute(Y)
On an Execute query, we continue with the Send query simulation as follows: On a Test query, to flip a coin C, if C = 1, A can obtain SK. If C = 0, A can obtain any string of the same length as SK.

Mutual Authentication
The proposed protocol realizes mutual authentication using {V 1 , V 2 , V 3 , V 4 }. FS m uses V 1 to verify the legitimacy of V i and V 2 to verify the legitimacy of RSU j . RSU j uses V 3 to verify the legitimacy of FS m , and V i uses V 4 to verify the legitimacy of RSU j . Therefore, the proposed protocol can achieve mutual authentication.

Replay Attacks
The timestamps {T 1 , T 2 , T 3 , T 4 } are used by the protocol to resist replay attacks. Here, we consider T 1 as an example. When RSU j receives message M 1 of V i , it first checks the freshness of T 1 . If T 1 is valid, then the authentication continues. Otherwise, authentication is suspended. Suppose A intercepts M 1 and repeatedly sends it to RSU j . When RSU j checks the freshness of T 1 , T 1 exceeds this time, and the authentication process stops. Therefore, the proposed protocol can resist replay attacks.

Privileged Insider Attacks
Suppose that A can obtain the value from a party's database. Here, we consider FS m as an example. Based on this assumption, A can obtain the values {PID f , TK F−C , PID j , ID i } stored in the database. However, because the protocol uses a secure hardware SGX, the values {TK R−C , TK V−C } stored in SGX are not available. Therefore, A cannot obtain the value {ID i , ID j , N i , N j } required to compute the SK, where SK = h(ID i ID j N i N j ). Therefore, the proposed protocol can resist privileged insider attacks.
. Thus, the legitimacy of V i cannot be verified in FS m . The same applies for A attempting to intercept {M 2 , M 3 , M 4 }. Therefore, the proposed protocol can resist man-in-the-middle attacks.

User Anonymity and Untraceability
In our protocol, the identities of V i , RSU j , and FS m are not transmitted to the common channel, but pseudo-identities {PID i , PID j , PID f } are transmitted. A cannot know the identities of the three, thus realizing anonymity. Because random numbers N i and N j used in {M 1 , M 2 , M 3 , M 4 } are variable in every session, A cannot track V i , RSU j , or FS m . Therefore, our protocol provides anonymity and untraceability.

Comparisons and Discussions
In this section, we compare the proposed protocol with the AKA protocols proposed by Ma et al. [9], Wazid et al. [29], Eftekhari et al. [10], and Wu et al. [11] in terms of security and performance. Table 4 presents the comparison results in terms of security. Here, indicates that the protocol can resist the attack, × indicates that the protocol is vulnerable to the attack, and − demonstrates that it is not mentioned whether the protocol can resist it. As shown in the table, the protocol of Ma et al. [9] is vulnerable to privileged insider attacks, known specific temporary information disclosure attacks, and stolen smart card attacks. The protocol proposed by Wazid et al. [29] is vulnerable to impersonation attacks. The other protocols and the proposed protocol are secure.

Performance Comparison
In this part, we compare the proposed protocol with the current AKA protocols for computational and communication costs. Because the authentication phase of the proposed protocol has two cases, the calculations of the computational and communication costs are also divided into two cases.
To calculate the computational cost, we considered two cases of the proposed protocol as examples. In Case 1, RSU j and FS m have no privacy value of V i . Therefore, the CS must transmit the privacy value to RSU j and FS m to realize the entire authentication process. This situation requires the participation of the CS. Therefore, when calculating the computational cost, in addition to calculating the computational cost of the three parties involved in the authentication phase, we also needed to calculate the computational cost of the CS. In Case 2, RSU j and FS m have the private value of V i and do not require the participation of the CS; only the computational costs of V i , RSU j , and FS m need to be calculated.
When comparing the computational cost, we estimated the computational time of each entity in the protocol through a simulation experiment. We used MI 8 to simulate the vehicle, a Lenovo laptop to simulate the RSU and fog node, and a Lenovo desktop computer to simulate the cloud server. The equipment configuration of the three devices is shown in Table 5. The simulation experiment used the average execution time of the three devices 10 times as the running time, as shown in Table 6. Here, the ⊕ and operations were negligibly small, and the execution time of fuzzy extraction was similar to that of the hash function, according to [36]. It is shown in [19] that the average running time of the system with SGX only increases by 20 µs, sufficiently showing the low computation cost of SGX. Hence, we ignored the computational cost of SGX in the following comparisons. The results of the comparison of the computational cost are listed in Table 7. It is evident from Table 7 that for V i and FS m , excluding our protocol, the other protocols performed point multiplication, so the computational cost of our protocol was the lowest. For RSU j , only our protocol contained the RSU. For the CS, the computational cost of Wazid et al. [29] was smaller than that of our protocol, whereas the others were higher than that of our protocol. As the CS had strong computing power, it did not affect the protocol's performance. Therefore, the computational cost of the proposed protocol was relatively small.  Ma et al. [9] 3T sm + 4T ha ≈ 60.017 -4T sm + 4T ha ≈ 42.012 10T sm + 11T ha ≈ 120.026 Wazid et al. [29] 3T sm + 2T f e + 22T ha ≈ 60.100 -2T sm + T pa + 14T ha ≈ 36.115 3T ha ≈ 0.007 Eftekhari et al. [10] 3T sm + T pa + 11T ha ≈ 60.202 -3T sm + T pa + 12T ha ≈ 54.109 3T sm + 2T pa + 15T ha ≈ 36.136 Wu et al. [11] 2T sm + T f e + 8T ha ≈ 60. When comparing the communication cost, the length of the timestamp was regarded as 32 bits, the length of the identity and random number was 160 bits, that of the hash function and symmetric encryption and decryption was 256 bits, and that of the ECC point was 320 bits. The proposed protocol was considered an example to illustrate the calculation method. The communication cost was calculated based on the two cases of the protocol. For Case 1, we needed to calculate the communication cost in the authentication phase and the communication cost in the data transmission phase. In Case 1, the protocol transmitted seven messages on the common channel, including  [29], Eftekhari et al. [10], and Wu et al. [11] were 4512, 3488, 4416, and 4448 bits, respectively. The comparison results are presented in Table 8. Therefore, evidently in Case 1, because our protocol has seven rounds of messages, the communication cost of our protocol was higher than that of the other protocols. In Case 2, the communication cost of our protocol was lower than that of the other protocols, which significantly reduced the communication cost of the protocol.

Discussions
Now, we discuss our protocol and those of Eftekhari et al. [10] and Wu et al. [11] in terms of architecture, computational cost, and communication cost.
In the first item (architecture), both protocols [10,11] used the traditional three-layer architecture (i.e., vehicle-fog node-CS). As mentioned in the Introduction, this architecture fails to realize the function of fog nodes sharing the computational burden of the CS, because the fog nodes actually replace the RSUs, and computation is still performed on the CS. To reduce the computational burden of the CS, we extended the traditional architecture to propose the first four-layer architecture, namely vehicle-RSU-fog node-CS. In this architecture, when a vehicle enters the road and wants to communicate with the RSU, the communication modes are divided into the two cases. Case 1 requires the participation of each entity, while Case 2 only requires the participation of the vehicle, RSU and fog node without the CS. Therefore, this architecture effectively realizes the function of the fog node sharing the computational burden of the CS.
In the second item (computational cost), both protocols [10,11] performed ECC operations. Our protocol performs hash, fuzzy extraction, and symmetric encryption and decryption operations in Case 1, and it only performs hash and fuzzy extraction operations in Case 2. Though the three protocols are secure, our protocol has a lower computational cost.
In the final item (communication cost), the communication cost of the proposed protocol (Case 1) was slightly higher than that of both protocols [10,11] because it requires an additional three rounds to judge whether the vehicle communicates with the RSU for the first time. However, Case 1 only occurred once for the same vehicle and RSU. In Case 2, our protocol had a lower communication cost than Eftekhari et al. [10] and Wu et al.'s [11] protocols.

Conclusions
In this paper, we first introduced the IoV and fog computing and reviewed the related research results. After that, we proposed an authentication protocol based on SGX and fog computing in the IoV. In this protocol, we first proposed a four-layer architecture that significantly reduced the computational burden of the CS. To resist several well-known attacks, we applied SGX to our protocol. Finally, we proved the security of the proposed protocol through the ROR model and informal analysis. We also compared its performance with those of recent protocols. The results show that the proposed protocol had better security and a lower computational cost. Future studies will continue to conduct further research based on the architecture used. We hope that this research will provide ideas and help researchers.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript:

IoT
Internet of Things