RSU-Aided Remote V2V Message Dissemination Employing Secure Group Association for UAV-Assisted VANETs

Nowadays, the research on vehicular ad hoc networks (VANETs) remains a hot topic within the Internet of Things (IoT) scenarios. Diverse studies and techniques regarding all aspects of VANETs have been investigated thoroughly. Particularly, the wireless characteristic of heterogeneous vehicular communication, along with the complicated and dynamic connection topology among participating VANET entities, have severely affected the secure and stable data exchange. Specifically, the spontaneous vehicle-to-vehicle (V2V) message dissemination, as the essential functionality of VANET, plays a significant role for instant and real-time data sharing for vehicles within a certain vicinity. However, with the short-time interaction and high mobilization of vehicular connections, the remote V2V message delivery intended for long-distance vehicles in the range of different roadside units (RSUs) has not been properly researched. Meanwhile, both V2V and V2R (Vehicle-to-RSU) communication are highly restricted by environmental factors such as physical obstructions or signal interferences, thus drastically reducing the wireless connectivity in practical VANET implementations. In this case, the unmanned aerial vehicles (UAVs), as the auxiliary facilities, can provide the VANET with substitute wireless routes, so that the transmission quality and availability can be improved. In this paper, the authenticated UAV group association design is proposed at first. On this basis, the remote V2V message dissemination method is enabled, where the decentralized V2V connections involving all RSUs along the way are provided. The analysis regarding crucial security properties is presented accordingly, where the formal proofs and comparison are conducted. Moreover, the performance evaluation in terms of storage and time consumption during RSU authentication process is illustrated, respectively. Comparison results with the state-of-the-art prove that superiority on the major performance factors can be achieved.


Introduction
The tremendous popularization of the intelligent transportation system (ITS), which is considered to be the primary strategy for improving transportation quality, has been prompted by major enhancements in information and communication technology in recent years [1,2]. ITS, with its anticipated benefits, is responsible for delivering groundbreaking services and applications covering diverse modes of transport and traffic management, which are of particular interest to metropolitan cities and prosperous regions. Consequently, as the fundamental infrastructure of ITS, the VANET is characterized as the dispersed, self-organized wireless networks developed by heterogeneous vehicle entities. Generally, there are three key components of a typical VANET architecture: trusted authority (TA) as the centralized service provider, RSUs as the fundamental roadside facilities, and vehicles as the terminal users [3,4].
TA is in charge of the entire VANET operations including the confidential key allocation. Notably, vast vehicular data from VANET agencies are also consolidated and analyzed on the TA side. Evidently, TA is in strong need of computational and storage capabilities. example, two vehicles within one RSU domain can easily access the VANET and conduct V2V communication according to their own will. Both the V2V and V2R channels are securely preserved with advanced cryptographic techniques and strategies. However, the two vehicles are then traveling to different spots in the next moment, and each is in the range of individual RSU. At this moment, assuming the two vehicles have to disseminate subsequent messages, the conventional V2V communication intended for short-distance data exchange is not suitable. Meanwhile, the multi-hops channel among other vehicles is not efficient in this case. The long-distance remote V2V communications should be further studied accordingly. However, the corresponding remote V2V message delivery topic for long-distance vehicular communication in the range of different RSUs has not been properly researched so far.
Motivated by the above issues on secure VANET communication and V2V remote message dissemination, in this paper, the novel UAV-based VANET infrastructure is constructed initially. Therefore, VANET communication connectivity can be significantly improved, specifically for practical vehicular communication scenarios. Accordingly, the efficient group verification and key management process for the participating UAVs are presented. Moreover, the remote vehicular message dissemination for long-distance vehicles within different RSU domains is investigated. In the cross-domain authentication (CDA) paradigm, the decentralized V2V connection strategy with RSUs assistance is proposed.

Our Research Contributions
In this paper, the RSU-aided remote V2V message dissemination design with group association for UAV-assisted VANETs is proposed. The nontrivial efforts can be briefly summarized as follows: • Secure and efficient UAV association design with batch verification: Our design adopts the UAV-assisted VANETs infrastructure, where multiple UAV entities are involved in V2V and V2R communications for connectivity improvement. The certificateless mutual authentication process for UAV association is developed. The partial secret key is utilized by the central server and UAV itself. Non-repudiation, user anonymity, and conditional privacy for each UAV can be guaranteed. Moreover, batch verification is provided in our design. Reliable vehicular data transmission in practical VANET environments can be achieved via the constructed UAV networks. • Dynamic key management and updating mechanism for UAV-assisted VANETs: Upon verification, the corresponding UAV group key can be generated and safely distributed to the requesting UAVs. The efficient key updating method for all the involved UAVs is achieved. Notably, the dynamic UAV revocation is enabled, while the updated group key is timely acquired by the remaining legitimate UAVs. Heterogeneous vehicular data can then be forwarded through UAV assistance so that the geographic obstructions and interferences can be avoided with the alternative routes provided by UAV interactions. • RSU-aided remote V2V message dissemination with anonymity: The remote vehicular data exchange method is presented for long-distance V2V communication.
Particularly, the proposed design is conducted without remote cloud assistance. With the pre-stored driving records collected from the CDA process, the disseminated vehicular message can be forwarded through the edge RSUs and finally transmitted to the destination vehicle. Subsequently, anonymity for the participating vehicles can be guaranteed. Moreover, the superiority on both the security and performance characteristics can be achieved with the formal analysis and performance comparison.
The remainder of this paper is formulated as follows: The corresponding research development is briefly introduced in Section 2. To gain a better understanding of the topic, Section 3 outlines the requisite preliminary works and the developed UAV-assisted VANET system model. In Section 4, the secure UAV group authentication and key management, and V2V remote message dissemination are presented in detail. The security analysis and performance discussion are presented in Section 5 and Section 6, respectively. The conclusions are drawn in Section 7.

Related Works
Nowadays, secure vehicular communication in VANET scenarios has been widely investigated. Various schemes on the authentication and key management for VANETs entities have been proposed so far. In 2012, to enhance privacy preservation and efficiency for key updating, Lu et al. [5] proposed the dynamic authenticated key management scheme with location-based services (LBSs) in VANETs. The double-registration detection mechanism is applied in the proposed DIKE scheme. The LBS session key is assigned to each time slot divided from LBS session. The backward secrecy can be achieved with the integrated threshold technique. Subsequently, the EMAP protocol intended for certificate revocation of VANET is developed in [18]. The received message is validated with the current certificate revocation lists (CRLs) for verifying the authenticity. Meanwhile, the generated keys for the related efficient revocation checking process are shared among the non-revoked vehicles. Subsequently, Lin et al. proposed an efficient cooperative authentication scheme for massive message validation in VANETs [9]. The authentication overhead for the individual vehicle can be reduced. Thereafter, the two-factor lightweight VANETs authenticating scheme (2FLIP) is designed by Wang et al. [4]. The decentralization of certificate authority (CA) and biological-password-based two-factor 2FA are applied. The lightweight hashing process with fast message authentication code (MAC) regeneration design is utilized for efficient user verification. The overhead of certificate management can be reduced with the decentralized CA structure. Similarly, Lo et al. developed the paring-free identity-based message authentication scheme with the batch signature mechanism [27], thus optimized performance in terms of time consumption can be achieved. Recently, several VANET authentication schemes emphasizing on lightweight vehicular verification and privacy-preserving have been developed [7,13].
As for secure V2V data exchange, Liu et al. proposed a dual authenticated key agreement scheme (PPDAS) for secure V2V communication in the IoV paradigm [19]. The historical vehicle trust reputation evaluation method is adopted for the final V2V session key establishment. The dual verification leverages anonymous vehicle identity and behavior authentication to improve decision-making accuracy. In the next, the decentralized lightweight authentication protocol for vehicular networks is developed in [2]. The biometric device (BD) and tamper-proof device (TPD) are used for vehicle verification and key preservation. The authentication signature protocol with hash-chain key generation is introduced for V2V interactions. Anonymous identities for vehicles are applied. Similarly, Wu et al. presented the privacy-preserving mutual authentication protocol for secure vehicular data exchange in dynamic topographical VANET scenarios [17]. Recent research also includes the V2V authentication method developed by Vasudev et al. [12].
The research on UAV communication has attracted lots of attention from academia. In 2017, Yoon et al. proposed the security authentication system employing the encrypted channel for UAV networks [24]. The hijacking problem for UAV control can be addressed. Subsequently, Zhou et al. developed the physical layer security improvement method through UAV with air-to-ground jammer for secure wireless communication [25]. In 2020, Gope et al. constructed the authenticated key agreement scheme for edge-assisted UAV networks. The mobile edge computing service providers are responsible for UAV verification in this scheme. In the next, Zhang et al. presented the gateway-oriented twoserver authenticated key agreement [20]. The security of user passwords can be guaranteed in this way. Recently, a mobile edge computing (MEC) system with UAV assistance is developed in [23]. The ground users could offload the computing tasks to the nearby legitimate UAVs. Notably, the jamming signals are to be transmitted from the full-duplex legitimate UAV and other non-offloading ground users. The latency of the MEC system can be reduced accordingly. Aliev et al. proposed a scalable and lightweight group key management and matrix-based message encryption method for confidentiality preservation of V2V broadcasting [22]. The distributed and scalable VANET architecture is applied. Overall, the existing V2V schemes mainly focus on the close vehicular communication within the single RSU domain, while the long-distance remote V2V communication has not been properly studied so far.

Preliminaries and Model Definitions
In this section, the relevant cryptographic principles and fundamental knowledge are presented in order to promote the reader's comprehension of the proposed schemes. The concepts of Lagrange polynomial interpolation, bilinear pairing, Chinese remainder theorem, and homomorphic encryption are introduced, respectively. Subsequently, the related notations, the UAV-assisted VANET system model, the security criteria, and network assumptions are defined.

Lagrange Polynomial Interpolation
Given a set of k + 1 different data points {(x 0 , y 0 ), . . . , (x j , y j ), . . . , (x k , y k )}, ∀m = j, x m = x j holds. Define the polynomial of the degree k in a finite field F p as P k (x) = a 0 + a 1 x + · · · + a k x k , where a i ∈ F p for i ∈ {0, . . . , k}. Hence, for ∀i ∈ {0, . . . , k}, y i = P k (x i ) holds. The interpolation polynomial L k (x) in the Lagrange form can be defined as the linear combination as follows: Note that the Lagrange basis polynomials j (x) (0 ≤ j ≤ k) are computed as x j −x m y j holds. Accordingly, for ∀i = j, Hence, for the polynomial P k (x) of degree k, with k + 1 different data points on the graph of polynomial P k (x) and L k (x), the reconstruction of the polynomial P k (x) can be conducted accordingly.

Bilinear Pairing
Let G 1 and G 2 be the cyclic additive group and multiplicative group generated with the same prime order q. A mapping functionê : G 1 × G 1 → G 2 can be defined as a bilinear pairing if all of the following three properties are satisfied:
The bilinear mapê satisfying the above properties can be constructed with the modified Weil pairing or Tate pairing on the supersingular elliptic curve G 1 , where the following characteristics are presented. Definition 1 (Elliptic Curve Discrete Logarithm Problem (ECDLP)). Define P, Q ∈ G 1 , where Q = aP. Hence, for any probabilistic polynomial-time (PPT) adversary A , the advantage in finding the integer a ∈ Z * q to solve the ECDLP problem is defined as Adv ECDLP , which is negligible as the following equation: Definition 2 (Computational Diffie-Hellman Problem (CDHP)). Define G 1 as the cyclic group with the large prime order q. Given P, aP, bP ∈ G 1 for a, b ∈ Z * q , where P is the generator of the cyclic group G 1 . Hence, for any probabilistic polynomial-time (PPT) adversary A , the advantage in finding computing abP for solving the given CDHP problem is defined as Adv CDHP which is negligible as the following equation:
x ≡ a k mod n k has a unique solution modulo N = ∏ k i=1 n i . In this case, for i = 1, 2, . . . , k, we can get Hence, y i z i ≡ 1 mod n i and y j ≡ 0 mod n i for i = j. The solution can be computed as

Homomorphic Encryption
The homomorphic encryption design allows the predefined standard computations on ciphertexts, with which the output matches the encryption result on the computations conducted on plaintexts. With its unique properties, homomorphic encryption can be widely applied to vast security designs and privacy-preserving strategies. Hence, the transmitted data can be securely processed and out-sourced without revealing privacyrelated information. The encryption and decryption functionalities can be considered as the homomorphisms between plaintext and ciphertext spaces. In practical communication scenarios with semi-trusted entities, homomorphic encryption could remove privacy barriers inhibiting data sharing since the operations on encrypted data can be performed instead of direct calculations on the confidential user data. The Paillier cryptosystem is one of the homomorphic cryptosystems for public key infrastructure (PKI). The security of Paillier cryptosystem is based on the decisional composite residuosity assumption (DCRA) described as follows: Definition 3 (Decisional Composite Residuosity Assumption (DCRA)). Let p, q be two large primes such that n = pq. Given α ∈ Z * n 2 , if there exist γ ∈ Z * n 2 satisfying α ≡ γ n mod n 2 , hence α is defined as the n-th residue modulo n 2 . Notably, given the composite n and an integer β, it is hard to decide whether β is the n-th residue modulo n 2 .
The Paillier encryption process is additively homomorphic. That is, the product of the two ciphertexts will decrypt to the sum of their corresponding plaintexts. Let m 1 , m 2 ∈ Z * n be the plaintexts, r 1 , r 2 , r 3 < n be the random integers during encryption. The following additive homomorphic properties can be satisfied: where µ ∈ Z * n holds. E(·) denotes the encrypting operation.

Notations
The notations used in the proposed scheme, as well as the corresponding descriptions are listed in the following Table 1.

System Model
The UAV-assisted VANET infrastructure of our design is briefly explained in this section. In our assumption, the UAVs participate in the vehicular communication process as the significant message forwarding and transmission node. The VANET wireless network connectivity can be improved in order to overcome the negative impacts caused by geographical obstructions and signal interferences. As shown in Figure 1, the typical VANETs system model consists of four different layers with distinctive functionalities: the vehicular cloud as the central server, the edge layer containing the RSU facilities, the vehicle layer regarding the terminal vehicles/users, and the UAV layer for connectivity improvement. The relevant descriptions of the four VANET layers are respectively presented as follows.
Vehicular cloud is regarded as the core storage facility in charge of data storing and processing. Heterogeneous vehicular data of the whole VANET are analyzed in the vehicular cloud (VC). Notably, the utilized cloud architecture is able to provide sufficient processing and storage capabilities for multiple VANET prototypes simultaneously, which drastically facilitates the implementation of global IoV initiatives. Additionally, efficient data interchanges with nearby VANET facilities can be accomplished with the dedicated 5G communicating infrastructure. With full authority, the essential operations for the entire VANET system, including the vehicle registration, session key allocation, and user authentication, are all carried out by the VC, which is considered as the legitimate and trustworthy data server in the assumption. Note that VC is defined to be valid and trustworthy anytime.
Edge layer is defined as the distributed local VANET facility composed of various RSU clusters. Each RSU cluster maintains collaborative wired connections among the neighboring RSUs within the vicinity. Accordingly, the decentralized edge network for instant vehicular data exchange and service provision can be guaranteed. Each RSU cluster is responsible for essential vehicular information sharing and distributive edge computation. Overall, in the cloud-assisted VANET system, heterogeneous vehicular data are analyzed and stored in the cloud server, while the edge computing RSU clusters are deployed. Low latency, better response time, and transfer rates can be guaranteed in V2R interactions, which leverages the physical proximity to the terminal user. That is, the frequently used data requested from VC can be temporarily cached in the local edge server so that rapid response to the vehicles can be guaranteed. The bandwidth burden for VC can be significantly alleviated in this way.
Vehicle layer refers to the vehicle networks constructed during V2V and V2R communication. The embedded OBU within each vehicle is equipped with wireless transceiver and transponder for message delivery in high-mobility VANET scenarios. Meanwhile, the implemented TPD is for confidential information preservation. Notably, the vehicle, the OBU, and the driver are considered as one entity in our system model. Considering of the resource limitation, lightweight designs in terms of authentication and secure data exchange are crucial for practical VANETs.
UAV Cluster is defined as a set of autonomous switching nodes for advancing the transmission quality and availability. Upon validation, the legitimate UAV networks are responsible for the low-cost and multi-hop routing network construction. In practical VANET occasions, the geographical barriers such as high mountains and skyscrapers may interfere with regular V2V or V2R connections. In this case, the VANETs could take advantage of the self-organized UAV network and built substantial routing paths via dynamic UAV connections. Apparently, with its unique advantages including substitutability, low expense, and applicability, the UAV-assisted VANETs could play an imperative part in practical VANET implementation. The studies emphasizing UAV secure association and its correlation with the remaining VANET entities are vital.

Network Assumptions
As illustrated in Figure 1, the wired connections involving the VC and various local RSUs enable reliable vehicular data exchange with all the participating vehicles. Accordingly, effective strategies and techniques could be executed. Moreover, the connectivity between the vehicle and its surrounding RSU can be accomplished by V2R communication, while the data exchange between vehicles can be assured by V2V communication. All are supported by the dedicated short-range communications (DSRC) technique. However, critical V2V and V2R data sharing are carried out in the open wireless environment of realistic VANET circumstances. Therefore, serious vulnerability to various security threats and privacy risks exists. The critical key details and user secrets may be unlawfully exposed to malicious attackers or unauthorized users, which may compromise the whole VANET network. In this case, efficient security preservation and privacy protection mechanisms in VANETs need to be deployed.
Additionally, the geographical barriers may also obstruct the regular message delivery for stable V2V and V2R data sharing. The dynamic wireless ad hoc topologies constructed by the spontaneous high-speed vehicles lead to a temporary and indisciplined interaction paradigm, which brings challenges to real-time V2V communication. In this case, the VANET connectivities will be drastically impacted, resulting in insufficient availability and low scalability. With this motivation, the unmanned aerial vehicles, as the additional auxiliary facilities, can be applied to practical VANETs as the autonomous switching nodes for advancing the transmission quality and availability. Hence, proper security methods are of significance for the interactions among UAVs and vehicles.  UAVs associate with each other as shown with purple curve. The dotted red arrow indicates the remote V2V data delivery, which is conducted through the UAV-assisted VANET (dotted black arrow). In this way, the environmental obstructions can be avoided.

Security Objectives
The objectives of our design are to enhance the security assurance of UAV-assisted VANETs wireless transmissions and to address the remote V2V communication for longdistance, remote vehicles. The following security requirements for VAENT key management and authentication scheme should be fully satisfied: • Anonymity: Messages originated from the same device carry unique patterns for verification of the receiver side. In the open wireless environment, by analyzing the eavesdropped information, vital parameters including the user location may be extracted, which endangers user privacy. Therefore, anonymity for all the participating vehicles during the whole VANET communications is extremely crucial.

Proposed UAV Association and V2V Dissemination Scheme
In this section, the UAV authenticated key management scheme is developed, followed by the remote V2V message dissemination design. The proposed UAV group association design applies the certificateless cryptography technique for key escrow avoidance, where the partial secret key set is respectively managed by VC and individual UAV device. The user anonymity for the participating UAVs is provided accordingly. The edge RSU structure is responsible for pairing-based computations, while complicated processing tasks for resource-constrained UAVs are exempted during the whole process. Upon verification, the dynamic UAV group key distribution mechanism is conducted subsequently. Notably, efficient batch UAV validation design is enabled. In the next, the remote V2V message dissemination is presented. The RSU-aided vehicle communication is conducted through the RSU clusters along the driving path, while the vehicle route retrieving is achieved in this way.
The proposed scheme regarding UAV association can be roughly classified into the UAV batch authentication and group key distribution. In the initial UAV batch authentication, the UAV device registration and the nontrivial mutual verification design are executed. Subsequently, the universal group key is constructed for the universal UAV networks, which is of benefit to connectivity improvement in VANET implementation with geographical obstructions. Afterward, the remote V2V message delivery is composed of remote vehicular verification and V2V message dissemination, where the RSU-aided identity route retrieving method with remote VC assistance is developed.

UAV Batch Authentication
Initially, the corresponding UAV registration prior to the verification process is conducted, which is explicitly performed on the VC side. In this case, VC is in charge of vital UAV parameter allocation and essential key distribution to the destined UAVs. Firstly, G 1 and G 2 are respectively defined as the cyclic groups with the same large prime order q, where G denotes the generator of G 1 . Meanwhile, the map functionê : G 1 × G 1 → G 2 is defined as the bilinear pairing. The cryptographic hash functions {H i } i∈ [1,5] and {h i } i∈ [1,5] are respectively defined as At this point, VC is able to generate the unique confidential secret set ‡ i T , s i ⊥ for each validated RSU, where ‡ i T ∈ {0, 1} * denotes the identity, and s i ⊥ ∈ Z * q denotes the RSU partial secret key randomly generated by VC. At this moment, the confidential RSU information set ‡ i T , s i ⊥ is safely shared among TA and each RSU itself. Similarly, it is essential for each UAV to conduct the registration process in advance. The UAV identity ‡ j U ∈ {0, 1} * and the partial secret key k ⊗ j ∈ Z * q are then assigned by VC. Hence, the key pair for UAV is defined as ‡ j U , k ⊗ j . With the purpose of user anonymity preservation, each registered RSU randomly generates r i ⊥ ∈ Z * q and computes its temporary session identity ‡ where the current timestamp t i 1 is adopted. In this case, each session identity ‡ i ⊥ is valid within a certain time interval. The partial secret key pair is stored as r i ⊥ , s i ⊥ , while r i ⊥ is kept secret to VC. Meanwhile, the homomorphic encryption design is utilized. That is, each RSU computes . At this point, the RSU encryption key pair can be extracted as G i ,h i . Subsequently, the following calculations are conducted by RSU where t i N denotes the latest timestamp. At this point, the RSU parameters ⊥ > is published to all entities in its effective range. In the next, the UAV batch authentication process is described step by step. Assuming n, UAVs with identity set ‡ j U , k ⊗ j (j ∈ [1, n]) are organized in the range of one RSU, and each UAV itself generates the partial secret key r ⊗ j ∈ Z * q on its own. At this moment, the partial secret key pair k ⊗ j , r ⊗ j is stored in UAV storage. Hence, the temporary identity used in the authentication session is computed as ‡ By validating the certificate Sig i ⊥ , the integrity of the received message can be guaranteed. Thereafter, each UAV computes and calculates the signature which combines the published RSU parameters with vehicle partial secret keys k ⊗ j , r ⊗ j . The authentication requests Request, t j 2 , ‡ ⊗ j , S j , j , j j∈ [1,n] from n vehicles are respectively delivered to RSU for further verification. Upon receipt of the n requesting messages, the RSU checks the freshness of the received timestamp t j 2 and verifies j according to its session identity ‡ i ⊥ . Subsequently, RSU forwards t j 2 , ‡ ⊗ j , S j to the VC for final identification. As mentioned above, significant identity information ‡ j U , k ⊗ j involving all the legitimate UAVs is stored in VC. Therefore, VC adopts the delivered t j 2 and S j to the records and computes the UAV identity with the received one. If it matches, the identity of the UAV is confirmed. Hence, VC extracts the par- G , which will be forwarded to the RSU with session identity ‡ i ⊥ . At this moment, the confidential information set Z j , Ξ j , j , j , S j j∈ [1,n] for n UAVs are acquired by local RSU. Hence, RSU executes the following batch authentication calculation for n UAVs aŝ The correctness of Equation (3) can be briefly elaborated as follows: The batch authentication process involving n UAVs is performed in this way. Therefore, if the request message does not pass the validation process, the current authentication session is terminated. Otherwise, for the n UAVs, RSU computes ‡ † [1,n] , where t i 3 denotes the latest timestamp. Upon receiving the acknowledgement message, UAV first checks the freshness of t i 3 and then validates the correctness of ‡ † j and Sig † j according to [1,n] . Note that the current UAV identity is now updated as ‡ † j to provide message unlinkability. At this point, mutual authentication among UAVs and RSU is provided, which adopts the certificateless cryptographic technique for key escrow avoidance. The partial secret keys of individual UAV are respectively generated by VC and UAV itself. Moreover, bilinear pairing is utilized, while the complicated pairing calculations are exempted in UAV sides. In our design, the shared session key usk ⊗ j for the individual UAV is independently constructed as usk ⊗ j = H 4 Ξ j , which can be used for the following UAV group key distribution process.

Group Key Distribution
The group key involving all the n validated UAVs is distributed in each RSU domain so that the substantial UAV networks can be built. Initially, for j ∈ [1, n], RSU computes σ j = 1 In the next, RSU chooses the distinctive UAV group key gk i ∈ Z * q and extracts the keying value as τ i = gk i ∑ n j=1 µ j σ j . At this point, the keying function can be constructed in the form of ℵ i (x) = gk i ∑ n j=1 µ j σ j + ∏ n j=1 x − usk ⊗ j , which can be further transformed into ℵ i (x) = ∑ n j=0 ∂ j x j . Notably, the corresponding coefficients set {∂ 0 , . . . , ∂ n } is extracted. Therefore, ∀ ∈ [1, n], ℵ i usk ⊗ = gk i ∑ n j=1 µ j σ j + ∏ n j=1 usk ⊗ − usk ⊗ j = gk i ∑ n j=1 µ j σ j holds. Hence, the following computation is conducted as Sig i gk = h t i gk , ‡ i ⊥ , ∂ 0 , . . . , ∂ n , gk i ∑ n j=1 µ j σ j , where h(.) denotes the secure hash function. Accordingly, RSU broadcasts the keying packet as t i gk , ‡ i ⊥ , {∂ j } j∈[0,n] , Sig i gk . Finally, all the n UAVs receive the keying packet and reconstruct the function ℵ i (x) so that the group key gk i can be correctly derived as gk i = ℵ i usk ⊗ j mod usk ⊗ j . In this way, the UAV group key is shared among all requesting n UAVs.

Remote Vehicular Verification
In this section, the V2V communication assumptions are presented at first. As shown in Figure 2, assuming at timepoint t 1 , the vehicles V 1 and V 2 are in the range of original RSU 1 , the instant V2V interactions between V 1 and V 2 can be achieved through multiple existing schemes so far [19,22,29]. At the current time t 2 (t 2 > t 1 ), both V 1 and V 2 are now arriving at different RSU domains. At this moment, the V 1 → V 2 vehicular connection is required in the case for the subsequent message dissemination, which has not been properly addressed in the existing VANET schemes. Therefore, the remote vehicular verification is introduced in this section, followed by the remote V2V message dissemination in the next section.
Initially, assuming the vehicle with original identity ‡ j V and that the partial secret key pair k j , r j is approaching the communicating range of specific RSU, its temporary identity can be updated as ‡ j = h 3 ‡ j V , r j G . Meanwhile, the vehicle extracts the encryption key Following the same way as that of the RSU, the vehicle homomorphic encryption design with encryption key pair X j , ξ j and decryption key pair X j , Γ j is constructed. Therefore, the vehicle calculates and sends the requesting packet Request, t j , ‡ j , j , Sig j V to RSU for further verification.  Upon receipt of the packet, RSU decrypts the received Sig j V using the the decryption key G i , A i and then extracts X j ||X j , ξ j ||F j . If the values of F j and X j are validated, RSU stores the vehicle homomorphic encryption key pair X j , ξ j . Moreover, the value ℵ j can be calculated as to VC for remote identification. Thereafter, VC computes ð j = h 3 ‡ j V , k j r j G and replies to RSU with the acknowledgment Ack, ‡ j , ð j . Subsequently, RSU updates the vehicle identity as ‡ 1 j = h 3 ‡ j , r i ⊥ s i ⊥ G , where the RSU key pair r i ⊥ , s i ⊥ is adopted. Note that, in our design, anonymous identity of the participating vehicle is safely updated as soon as a verification session is finished successfully. In this case, the message unlinkability for different communication sessions can be guaranteed. Untraceability of specific vehicle is provided as well.
With the aforementioned vehicle key pair X j , ξ j and its own r i ⊥ , RSU conducts the vehicle homomorphic encryption process and computes Sig j Hence, RSU is able to broadcast the packet t i • , ‡ 1 j , Sig j ⊥ , Φ j to the destined vehicle. Upon validation on the timestamp t i • , the vehicle is able to decrypt the received Sig j ⊥ and successfully extract ð j . Notably, Φ j of the delivered packet is for integrity validation. Therefore, the vehicle extracts the final verification process as At this point, the vehicle validation with the original RSU is completed. The session key established between VC and vehicle is generated as sk j = H 4 k j r j G , which can be used as the unique identifier between vehicle and VC. Meanwhile, the unique proof for each validated vehicle is issued as P is the newly generated pseudorandom for remote vehicle verification. Moreover, the relevant certificate is computed as 1] . In this case, the original RSU will deliver the packet ‡ 1 j , X j , ξ j , P ≺ [j,1] , Sig ∝ [j,1] to all its neighboring RSUs via the edge networks. Upon receiving the packet, all its neighboring RSUs temporarily store it in their storage for possible further use. If not required in a certain time interval ∆ ∝ , the packet will be abandoned.
In our assumption, the vehicle is on the path of RSU 1 → RSU n . Hence, in the domain of RSU 2 with RSU parameter set t Subsequently, the vehicle conducts the RSU encryption using the broadcast key {G 2 ,h 2 } of RSU 2 as which will be delivered to RSU 2 for fast verification.
At this point, the current identity ‡ 1 j and the previous received P ≺ [j,1] should be updated as ‡ 2 In this case, RSU 2 computes the certificate information for final authentication on the vehicle side, which is encrypted with vehicle homomorphic encryption key pair X j , ξ j and the generated

V2V Message Dissemination
In the assumption, in further time t 2 of the n cross-domain verification sessions, ‡ n j , X j , ξ j , P ≺ [j,n] , Sig ∝ [j,n] will be broadcast by RSU n , where Intuitively, the anonymous identity for each vehicle is updated in each session. The P ≺ [j,k] is also updated based on the previously validated proofs and the keys from the current RSU n . As mentioned above, each RSU around the path safely preserves the identities, valid proofs, and the corresponding timestamps for all the passing-by legitimate vehicles. The remote long-distance V2V message dissemination method can be constructed accordingly.
Assuming a vehicle V 1 intends to conduct remote vehicular data exchange with the vehicle V 2 at time t 2 , V 1 is in the range of RSU , V 2 is in the range of RSU . Notably, both V 1 and V 2 crossed the original RSU 1 previously and conducted V2V communication at t 1 (t 2 > t 1 ). In this case, assuming the vehicle V 2 is with original identity ‡ 2 V and the partial secret key pair k 2 , r 2 , the two historical temporary identities in the range of RSU 1 are ‡ 2 = h 3 ‡ 2 V , r 2 G and ‡ 1 2 = h 3 ‡ 2 , r 1 ⊥ s 1 ⊥ G . The vehicle V 1 is able to retrieve the ‡ 2 , ‡ 1 2 from its historical transmission record. In this case, the current RSU broadcast t N , ‡ ⊥ , G ,h , J , K , R , Sig ⊥ to all. In the meantime, the current identity of The vehicle generates the packet to be delivered as Respectively, t ∇ 1 and t ∆ 2 denote the current timestamp generated on vehicle V 1 , and the previous timestamp associated with time t 1 . ‡ 2 refers to the temporary identity previous used by the destined vehicle V 2 at t 1 . The identifier sk 1 is adopted for distinction on RSU . M refers to the confidential data intended to be sent.
The current RSU then decrypts the packet and derives P 1 after validation on t ∇ 1 and h 3 (t ∇ 1 , ‡ 1 , P 1 ). Notably, the vehicle V 1 has already passed the cross-domain validation process conducted by RSU . Therefore, the corresponding identity ‡ −1 , r ∝ 1 G acquired from RSU −1 is also stored in RSU side. The packet is then forwarded to the previous RSUs following the sequence of RSU , RSU −1 , . . . , RSU 1 .
Each RSU in the sequence holds the record of vehicle V 1 on ‡ i 1 , ‡ i−1 1 (i ∈ [1, ]). The remote V2V packet can then be delivered to the original RSU 1 . Subsequently, RSU 1 extracts the ‡ 2 , ‡ 1 2 record of V 2 and continues broadcasting the packet to neighboring RSUs. Each RSU holds the record of vehicle V 2 on ‡ i 2 , ‡ i−1 2 (i ∈ [1, ]). Finally, the message M can be delivered to V 2 by RSU . The remote V2V message dissemination process is completed.

Security Analysis
In this section, the crucial security properties described in the previous Section 3.8 are analyzed in order to demonstrate the proposed scheme is provably secure. Moreover, the security comparisons on the major characteristics with the state-of-the-art are shown.

Security Discussions
Definition 4 (Forking Lemma [30]). Define A as the probabilistic polynomial-time Turing machine with only the public data as input. With non-negligible probability, A can generate, a valid signature (m, δ 1 , δ 2 , h) within a certain time bound T, where the tuple (δ 1 , δ 2 , h) is simulated without accessing the secrets. In this case, with an indistinguishable distribution probability, there is another machine that has control over the machine obtained from A replacing interaction with the signer by simulation and produces two valid signatures (m, δ 1 , δ 2 , h) and (m,  [1, x], and the probability for Sig A V = Sig V to pass the verification is 1 2 d , where d denotes the length of Sig A V . Hence, our design is resistant to replay attack.

Theorem 4.
Conditional identity privacy-preserving for both UAVs and RSUs is provided. Anonymity for specific vehicle and UAV is achieved, while the real identity of malicious entities can be revealed if necessary.
Proof of Theorem 4. As described, the original identity ‡ i T ∈ {0, 1} * for validated RSU is kept confidential all the time. Instead, the corresponding session identity is computed which includes the randomly generated r i ⊥ ∈ Z * q and timeoriented t i 1 . The RSU session identity varies in each authentication session. Anonymity and message unlinkability in different communication sessions can be provided accordingly.
The temporary UAV identity ‡ ⊗ j = H 2 ‡ j U , k ⊗ j , r ⊗ j G is applied as well, which is only valid within a certain time period and will expire in the future. Note that the distinctive identity ‡ i T ∈ {0, 1} * and ‡ j U ∈ {0, 1} * remain hidden all the time. Meanwhile, VC stores crucial keying secrets in the remote server. Hence, identity in each session can be further extracted if needed, which offers conditional identity privacy-preserving property for UAVs. As for vehicles, the anonymous identity for initialization is computed as ‡ j = h 3 ‡ j V , r j G . Therefore, vehicle anonymity is provided. With the assistance of RSU edge cluster, VC is able to reveal the original identity according to the stored driving path RSU 1 → RSU n . Overall, conditional identity privacy-preserving is enabled in this way.

Security Comparison
In this section, the proposed scheme is briefly compared with the existing VANET designs in terms of the crucial security characteristics. The comparison results are shown in Table 2, where the state-of-the-art VANETs authenticated key management schemes PPDAS [19], HABHM [31], and BPAS [32] are discussed. The proposed design is able to meet the desired security requirements.

Performance Analysis
In this section, the performance on the proposed VANET scheme is analyzed. The evaluation on major properties including storage overhead and computation cost is respectively presented for resource-constrained VANETs. The existing schemes PPDAS [19], HABHM [31], and BPAS [32] are evaluated as well.

Storage Overhead
In the proposed design, the RSU performs as the decentralized edge center for both UAV association and V2V remote data exchange, where the confidential keying information is aggregated and stored. Notably, the design for V2V authenticated key management is discussed in this section in order to compare with other existing schemes, while the storage for UAV association is not included. Meanwhile, the remote VC is able to conduct complicated tasks with sufficient computing ability. Therefore, this section emphasizes RSU storage overheard during the vehicle authentication session. The advantages of our scheme on storage overheard can be illustrated from the comparison results in Figure 3.

Computation Cost
In this section, the computation cost of the proposed design is analyzed. The time consumption for authentication on the RSU side is discussed in terms of the number of participating vehicles. The comparison result with the existing PPDAS [19], HABHM [31], and BPAS [32] are shown in Figure 4. Intuitively, with the batch authentication feature of our scheme, less time consumption is required for the mutual authenticating execution, proving the performance advantages of our design.

Conclusions
As the essential functionality of VANET, the spontaneous vehicle-to-vehicle (V2V) message dissemination plays a significant role for instant and real-time data sharing for vehicles within a certain vicinity. Firstly, the remote V2V message delivery intended for long-distance vehicles in the range of different RSUs has not been properly researched. Secondly, both V2V and communication are highly restricted by environmental factors. In this paper, the unmanned aerial vehicles is adopted as the auxiliary facilities for improving the VANET connectivity. The certificateless mutual authentication process for UAV association is developed. The partial secret key is utilized by the central server and UAV itself. Upon verification, the corresponding UAV group key can be generated and safely distributed to the requesting UAVs. The efficient key updating method for all the involved UAVs is achieved. Notably, the dynamic UAV revocation is enabled, while the updated group key is timely acquired by the remaining legitimate UAVs. Meanwhile, the remote V2V message dissemination method is presented, which deploys the decentralized edge RSUs. Particularly, the proposed design is conducted without remote cloud assistance. With the pre-stored driving records collected from the CDA process, the disseminated vehicular message can be forwarded through the edge RSUs and finally transmitted to the destination vehicle. Afterwards, the analysis regarding crucial security properties is presented accordingly, followed by the performance evaluation on storage and time consumption for the authentication process. The comparison results shows that the proposed scheme is able to satisfy the major security and performance requirements. The future works include the further optimization on storage cost and the real VANET implementation of the proposed scheme. Funding: This study was supported by research fund from Chosun University (2020).

Conflicts of Interest:
The authors declare no conflict of interest.