[BACK]
Journal of Cyber Security
DOI:10.32604/jcs.2022.028792		 images
Article

Security Analysis for a VANET Privacy Protection Scheme

Yuzhen Liu1,2, Xiaoliang Wang1,2,*, Zhoulei Cao1,2 and Frank Jiang3

1School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China
2Hunan Key Laboratory for Service Computing and Novel Software Technology, Xiangtan, 411201, China
3School of Engineering and IT, University of New South Wales, NSW, Australia
*Corresponding Author: Xiaoliang Wang. Email: fengwxl@163.com
Received: 05 March 2022; Accepted: 08 April 2022

Abstract: Vehicular ad hoc network (VANET) is a self-organizing wireless sensor network model, which is extensively used in the existing traffic. Due to the openness of wireless channel and the sensitivity of traffic information, data transmission process in VANET is vulnerable to leakage and attack. Authentication of vehicle identity while protecting vehicle privacy information is an advantageous way to improve the security of VANET. We propose a scheme based on fair blind signature and secret sharing algorithm. In this paper, we prove that the scheme is feasible through security analysis.

Keywords: Vehicular ad hoc network; anonymous authentication; fair blind signature; secret sharing algorithm; security analysis; BAN logic ideology

1  Introduction

Vehicle Ad Hoc Network (VANET) is a self-organizing multi-hop network. It establishes a traffic network with information sharing through wireless communication between vehicles and road infrastructure and between vehicles. It has the characteristics of openness, high-speed change of topology and so on.

Because of the limited communication radius of the vehicle, the vehicle node not only transmits its own message, but also forwards the message to other vehicle nodes as a wireless router node. In this open self-organizing network, in order to avoid unsafe communication environment, efficient, reliable inter-vehicle authentication scheme with less delay is essential. Therefore, efficient and reliable inter-vehicle authentication scheme is the focus of VANET research.

The IEEE 1609.2 standard [1] addresses security services for applications and management messages in wireless vehicular environment. It suggests the Secure Elliptic Curve Digital Signature Algorithm (ECDSA) [2] signatures should be used for wireless access. ECDSA ensures vehicular authentication and message integrity. However, it also brings huge signature verification overhead.

Due to this, Grover et al. [3] propose an efficient authentication scheme for highly dynamic VANET. They use probabilistic verification approach to reduce packet ratio in the highly dynamic traffic. They implement a complete solution in a realistic VANET scenario, which shows their scheme decreases message loss by an overall average of 68% compared to ECDSA.

To change the one by one verification way between vehicles, Lee [4] propose a batch authentication scheme for VANETs. They use a bilinear pairing to verify the vehicles’ identities. At the same time, it can resist replay attacks and achieve non-repudiation effect. However, Bayat et al. [5] find the above scheme is vulnerable to the impersonation attack. That is to say, a malicious vehicle node can create a valid signature faking the identities of other vehicles. Therefore, they adopt a discrete logarithm problem to make malicious vehicles cannot compute the secret values of other vehicles. However, neither of the two Scheme’s computational speed is fast enough to adapt to the real high-speed traffic environment.

Considering the requirement of quick verification when vehicles meet, Liu et al. [6] propose a proxy-based authentication scheme to assist roadside units in verifying a large number of vehicles simultaneously. They also present a novel key negotiation scheme for the transmitting of sensitive messages. Using such an authentication scheme, every RSU can verify more than 26000 signatures per second simultaneously with the assistance of some proxy vehicles.

To ensure certification service availability under the high dynamicity of VANETs, Oulhaci et al. [7] propose a distributed and secure certification system architecture for vehicular authentication. They use the concept of delegation and threshold cryptography to build collaborative-based certification approach in order to resist against compromised RSUs.

While some researchers focus on vehicle authentication, others begin to pay attention to vehicle privacy. For the driver, the identity and location information of the vehicle impacts his privacy rights and he does not want it to be disclosed.

Song et al. [8] address the advances in mobile networks and positioning technologies make vehicular location information leaked. Then, some adversaries will launch unauthorized tracking to a valid vehicle in VANET. They propose a vehicle density-based location privacy (DLP) scheme providing location privacy by utilizing the neighboring vehicle density as a threshold to change the pseudonyms. The proposed DLP scheme has a lower probability of successful tracking by an adversary than conventional schemes.

In addition to location privacy, identity privacy is also important. Hwang et al. [9] use Identity-Based Encryption (IBE) to design a secure message-broadcasting method in VANET, which can protect vehicular privacy and trail. Their proposal has some functionality such as integrity, authentication, non-repudiation, confidentiality, forward secrecy, anonymity, untraceability. It is more able to meet the needs of VANET communication.

However, a large number of malicious attacks are accompanied by the development of privacy preserving.

As presented in Bouali et al. paper [10], it regards that there are a large number of malicious users in existing VANET. They divided conventional methods into two categories. One is that the central authority (CA) uses CRL to discover compromised certificates to revoke users’ certificates, and the other is to use intrusion detection methods to discover malicious users. The former approach with high overhead is not practical. The latter is a passive approach and cannot predict malicious behavior. They design a classification method to divide vehicles into three lists, namely black list, gray list, and white list. This classification offers the possibility for the system to predict an attack before it happens by detecting vehicles in the gray list in the routing process.

In many privacy protection schemes, the identity information of vehicles is completely hidden, so it is not practical to use the above anti-malicious attack scheme based on real identity.

Recently, some schemes protecting vehicular privacy in VANET, which focuses on conditional anonymous authentication based on anonymous certificates and signatures. Common techniques used in these schemes include group or ring signature scheme [11,12], ID-based encryption scheme [1316], blind signature [17] or commitment zero-knowledge proof and so on [18].

Wang et al. [12] point out that most of privacy-preserving authentication schemes depend on central certificate and has the single point failure problem, and then propose a VANET privacy protection scheme without a trusted third party. The proposal satisfies the most of security requirements, such as authentication security, good anonymity, and anti single point attack.

Tzeng et al. [15] regard that the conventional IBV scheme has some security risks and cannot be proved in the random oracle model. Therefore, they propose an identity-based batch verification for VANETs. Using a small constant number of pairing and point multiplication computations, their proposal has lower computation delay and transmission overhead because the verification processing is dependent on the number of messages.

But the above methods cannot resist collusion attack.

Recently, we proposed an anonymous identity authentication scheme, which not only guarantees users’ privacy but also achieves anonymous identity authentication.

In recent years, there are some authors put forward some methods for privacy protection [2430]. In [24], the authors design a novel anonymous authentication scheme based on edge computing in internet of vehicles. In [25], the authors put forward a location prediction method based on ga-lstm networks and associated movement behavior information. In [26], the authors research on copyright protection method of material genome engineering data based on zero-watermarking. In [27], the authors plan a plc protection system based on verification separation. H. Geng etc. design an efficient routing protection algorithm in large-scale networks [28]. In [29], the authors design a mutual authentication and key agreement protocol for wbans. In [30], X. Jin etc. design a reversible data hiding algorithm based on secret sharing.

As we mentioned above, there are also some weaknesses existing in current studies, such as single point failure, anonymity abuse. So we propose a novel mechanism based on fair blind signature and secret sharing algorithm to improve them [19].

2  Preliminary Knowledge

2.1 Fair Blind Signature

Blind Signature [20] is a signature approach that can be completed on the premise that the signer does not know the content of the signature. The blind signature scheme is extensively used in anonymous payment systems. However, the conventional blind signature schemes provide total unlinkability and sometimes it will give some attackers the opportunity to abuse anonymity. Therefore, Stadler et al. [21] propose a novel blind signature scheme to prevent anonymity abuse, which is called Fair Blind Signature Scheme. When anonymity abuse happens, this scheme can link a message signature pair with the corresponding protocol view of the signer.

2.2 Shamir Secret Sharing

Shamir’s secret sharing [22] is an algorithm proposed by Adi Shamir. It is designed for preserving a secret. The secret is divided into different parts and distributed to different members. To reconstruct the original secret, a certain number of parts need to be collected. In this scheme, as long as parts larger than a certain threshold are collected, the secret can be restored. The threshold value is often less than the number of all parts.

3  Review of the Previous Scheme

3.1 Pseudonym Issue Based on a Fair Blind Signature

Initialization

AC denotes the authentication, PAC denotes pseudonym authentication center, TC denotes tracking center respectively. All entities generate their respective public/private key pair. V generates the private key dV and public key (NV,eV). AC generates the private key dAC and public key (NAC,eAC). PAC generates the private key dPAC and public key (NPAC,ePAC). TC generates private key dTC and public key (NTC,eTC). Public keys of AC, PAC and TC will be sent to the vehicle that wants to take part in this communication network by the system.

Vehicle registration phase

1)   V registers at AC.

V furtively passes IDV||n||SV||CertV to AC. SV is the signature signed by V and equal to (IDV||n)dVmod/NV, n is the number of pseudonyms.

2)   AC verifies pseudonym and issues it.

AC checks the signature (IDV||n)dVmod/NV. If it passes verification, AC issues a pseudonym and sends IDAC||IDV||ts||SAC to V, in which SAC is the signature [(IDAC||IDV||ts)dACmodNAC]eVmodNV by AC, and ts is a time stamp.

3)   AC’s signature is verified by V.

V decrypts [(IDAC||IDV||ts)dACmodNAC]eVmodNV and obtains (IDAC||IDV||ts)dACmodNAC and then checks AC’s signature. If the signature is valid, two random numbers Ai, Bi(1in) is selected by V and the blind value BieACAi will be sent to AC from V.

4)   AC computes Ci=(BieACAi(i||IDV||ts))dAC, Di=((i||IDV||ts)eTC)dAC and sends the both to V.

5)   V verifies DieAC=(i||IDV||ts)eTC.

If passed, it will be gotten rid of blind factor and become Ei,1=Ci/Bi, Ei,2=(Ei,1eTC)/Di. The pseudonym ID is denoted as IDPVi=Ai(i||IDV||ts)||AieTC (IDAC||{IDPVi||Ei,1||Ei,2||ePVi||NPVi||SPVi})ePAC is sent by V to PAC, where 1in, and SPVi is the signature signed by V using the temporary private key dPVi.

6)   PAC verifies the signature and issues certificate.

PAC verifies the signature of V. If successful, it extracts IDPVi, namely Ai(i||IDV||ts), AieTC, Ei,1 and Ei,2. Then PAC checks whether Ei,1eAC=(Ci/Bi)eAC=(Ai(i||IDV||ts)dAC)eAC=Ai(i||IDV||ts), Ei,2eAC=(Ei,1eTC/Di)eAC=(Ai(i||IDV||ts))eTC(i||IDV||ts)eTC=AieTC. If the two equations pass verification, PAC sends (Certpvi)eV=(IDPAC||IDPVi||ts||ePVi||NPVi||SPAC)eV to V.

3.2 Anonymous Communication

The vehicle V selects Certpvi(1in) from n pseudonyms, and then sends anonymous message set Mj} (1im, m is the number of messages in this set) signed by temporary private signing key dPVi to nearby vehicles. After passing the verification of nearby vehicle, Mj} will be accepted and used as anonymous communication.

3.3 Threshold Sharing

After the signing process ends, the TC preserves the private key dTC. In order to resist single point failure, the private key dTC is distributed to a group of other TCs called tracking group by Shamir secret sharing concept. It means that at least n(nm) members are needed to recover the private key dTC, where m is the number of members in this tracking group.

3.4 Distributed Tracking Illegal Vehicle

When the anonymous illegal behavior happens, authority system will require the tracking group to recover the pseudonym of the malicious vehicle and get its real identity.

The main steps are as follows:

1)   PAC gets the pseudonym certificate CertPV from the malicious packet and requires the corresponding tracking group to recover the private key dTC.

2)   The tracking group members use the Lagrange interpolation formula and get a polynomial f(x)=i=1,ijnyiijxxjxixj. TC gets dTC=f(0)=i=1,ijnyiijxjxixj. After dTC is extracted, the real identity of the malicious vehicle is easy to be obtained.

4  Semi-formal Validity Proof for this Scheme

In this section, we use similar BAN logic ideology [23] to briefly demonstrate the validity of the proposed scheme. Although BAN logic has some limitations, it is still a widely used tool for the analysis of security-sensitive schemes and applications.

We transform the process of our protocol to the following idealized form (including plaintext).

Msg 1: VAC:{IDV,n,{IDV,n}dV,CertV}.

Goal 1: AC|V|{IDV,n}.

Proof: According to Msg 1, we could get the following statement by applying the Message Meaning Rules of BAN logic:

AC|eVV,AC{IDV,n}dVAC|V|{IDV,n}

Msg2:ACV:{IDAC,IDV,ts,{IDAC,IDV,ts}dAC}

Initial assumption 2: V|#(ts)

Goal 2: V|AC|{IDAC,IDV,ts}.

Proof: According to assumption 2, we could get the following statement by applying the Freshness Rules of BAN logic:

V|#(ts)V|#{IDAC,IDV,ts}(1)

Then, we could get the following statement by applying the Nonce Verification Rules to (1):

V|#{IDAC,IDV,ts},V|AC|{IDAC,IDV,ts}V|AC|{IDAC,IDV,ts}(2)

Finally, we could get the following statement by applying the Jurisdiction Rule to (2):

V|AC|{IDAC,IDV,ts},V|AC|{IDAC,IDV,ts}V|{IDAC,IDV,ts}

Msg 3: VAC:BieACAi.

Goal 3: ACBi.

Proof: According to Msg 3, we could get the following statement by applying the Seeing Rules of BAN logic:

AC|eACAC,AC{Bi}eACACBi

Msg 4: ACV:{{{Bi}eACAi(i,IDV,ts)}dAC,{{i,IDV,ts}eTC}dAC}

Goal 4-1: AC|V|{{Bi}eACAi(i,IDV,ts)}

Goal 4-2: AC|V|{i,IDV,ts}eTC

Proof: According to Msg 4, we could get the following statement by applying the Seeing Rules of BAN logic:

V{{{Bi}eACAi(i,IDV,ts)}dAC,{{i,IDV,ts}eTC}dAC}V{{Bi}eACAi(i,IDV,ts)}dAC(3)

Then, we could get the following statement by applying the Message Meaning Rules to (3):

V|eAVAC,V{{Bi}eACAi(i,IDV,ts)}dACV|AC|{{Bi}eACAi(i,IDV,ts)}dAC Similarly, we could get another goal: AC|V|{i,IDV,ts}eTC

Msg 5: VPAC:{IDAC,IDPVi,Ei,1,Ei,2,ePVi,NPVi,SPVi}ePAC

Goal 5: PAC{IDAC,IDPVi,Ei,1,Ei,2,ePVi,NPVi,SPVi}

Proof: According to Msg 3, we could get the following statement by applying the Seeing Rules of BAN logic:

PAC|ePACPAC,AC{IDAC,IDPVi,Ei,1,Ei,2,ePVi,NPVi,SPVi}ePACAC{IDAC,IDPVi,Ei,1,Ei,2,ePVi,NPVi,SPVi}

Msg 6: PACV:{IDPAC,IDPVi,ts,ePVi,NPVi,SPAC}eV

Goal 6: V{IDPAC,IDPVi,ts,ePVi,NPVi,SPAC}.

Proof: According to Msg 3, we could get the following statement by applying the Seeing Rules of BAN logic:

V|eVV,V{IDPAC,IDPVi,ts,ePVi,NPVi,SPAC}eVV{IDPAC,IDPVi,ts,ePVi,NPVi,SPAC}

It must be noted that the BAN logic is to achieve the trustworthiness of each other. In view of the number of relative entities in this scheme and the limited length of the paper, we only give and prove the local goal of each step in the certificate generation process. However, from these goals, the trustworthiness of each other can be further deduced.

5  Conclusion

In this paper, we use BAN logic ideology to prove our previous algorithm. Further experiments will be carried out in future work. By security analysis, the scheme has been proved to be available.

Funding Statement: This work was supported by Key project of Hunan Provincial Education Department (20A191), Hunan teaching research and reform project (2019-134), Cooperative Education Fund of China Ministry of Education (201702113002, 201801193119), Hunan Natural Science Foundation (2018JJ2138), Hunan teaching research and reform project (2019).

Conflicts of Interest: The authors state that they have no conflicts of interest related to this study to report.

References

  1. Transportation, I., & Committee, S. (2006). IEEE Trial-Use Standard for Wireless Access in Vehicular Environments--Security Services for Applications and Management Messages. IEEE Standards, 1, 1-105. [Google Scholar]
  2. Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security, 1(1), 36-63. [Google Scholar]
  3. Grover, K., Lim, A., & Lee, S. (2015). Efficient authentication approach for highly dynamic vehicular ad hoc networks. International Journal of Ad Hoc and Ubiquitous Computing, 19(3–4), 193-207. [Google Scholar]
  4. Lee, C. C. (2013). Toward a secure batch verification with group testing for VANET. Wireless Networks, 19(6), 1441-1449. [Google Scholar]
  5. Bayat, M., Barmshoory, M., Rahimi, M., & Aref, M. R. (2015). A secure authentication scheme for VANETs with batch verification. Wireless Networks, 21(5), 1733-1743. [Google Scholar]
  6. Liu, Y. L., Wang, L. M., & Chen, H. H. (2015). Message authentication using proxy vehicles in vehicular Ad Hoc networks. IEEE Transactions on Vehicular Technology, 64(8), 3697-3710. [Google Scholar]
  7. Oulhaci, T., Omar, M., Harzine, F., & Harfi, I. (2017). Secure and distributed certification system architecture for safety message authentication in VANET. Telecommunication Systems, 64(4), 679-694. [Google Scholar]
  8. Song, J. H., Wong, V. W. S., & Leung, V. C. M. (2010). Wireless location privacy protection in vehicular Ad-hoc networks. Mobile Networks & Applications, 15(1), 160-171. [Google Scholar]
  9. Hwang, R. J., Hsiao, Y. K., & Hwang, C. Y. (2011). Privacy protection on vehicular Ad hoc NETworks. International Journal of Ad Hoc and Ubiquitous Computing, 7(4), 261-271. [Google Scholar]
  10. Bouali, T., Senouci, S. M., & Sedjelmaci, H. (2016). A distributed detection and prevention scheme from malicious nodes in vehicular networks. International Journal of Communication Systems, 29(10), 1683-1704. [Google Scholar]
  11. G. Calandriello, P. Papadimitratos, J. P. Hubaux, and A. Lioy, “Efficient and robust pseudonymous authentication in VANET,” in Int. Workshop on Vehicular Ad Hoc Networks, Vanet 2007, Montréal, Québec, Canada, pp. 19–28, September 2007.
  12. Wang, X., Li, S., Zhao, S., Xia, Z., & Bai, L. (2017). A vehicular ad hoc network privacy protection scheme without a trusted third party. International Journal of Distributed Sensor Networks, 13(12), 12-15. [Google Scholar]
  13. Sun, J., Zhang, C., Zhang, Y., & Fang, Y. (2010). An identity-based security system for user privacy in vehicular Ad Hoc networks. IEEE Transactions on Parallel & Distributed Systems, 21(9), 1227-1239. [Google Scholar]
  14. Huang, D. J., Misra, S., Verma, M., & Xue, G. L. (2011). PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs. IEEE Transactions on Intelligent Transportation Systems, 12(3), 736-746. [Google Scholar]
  15. Tzeng, S. F., Horng, S. J., Li, T. R., Wang, X., Huang, P. H., & Khan, M. K. (2017). Enhancing security and privacy for identity-based batch verification scheme in VANETs. IEEE Transactions on Vehicular Technology, 66(4), 3235-3248. [Google Scholar]
  16. Chen, C. Y., Hsu, T. C., Wu, H. T., Chiang, J. Y., & Hsieh, W. S. (2014). Anonymous authentication and Key-agreement schemes in vehicular Ad-hoc networks. Journal of Internet Technology, 15(6), 893-902. [Google Scholar]
  17. X. Tian and S. Qiang, “Research of an authentication scheme based on the proxy blind signature scheme for the vehicular Ad-hoc networks,” Bulletin of Science & Technology, 2012.
  18. Singh, A., & Fhom, H. C. S. (2017). Restricted usage of anonymous credentials in vehicular ad hoc networks for misbehavior detection,” (in English), international journal of information security. Article, 16(2), 195-211. [Google Scholar]
  19. Wang, X., & Li, S. (2017). A VANET privacy protection scheme based on fair blind signature and secret sharing algorithm. Automatika, 58(3), 287-294. [Google Scholar]
  20. D. Chaum, “Blind Signatures for Untraceable Payments,” in Presented at the Advances in Cryptology-Crypto 1982, Santa Barbara, CA, USA, Springer, 1982.
  21. Stadler, M., Piveteau, J. -M., & Camenisch, J. (1995). Fair blind signatures. Lecture Notes in Computer Science, 921, 209-219. [Google Scholar]
  22. Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612-613. [Google Scholar]
  23. Burrows, M., Abad, M., & Needham, R. M. (1989). R.M.: A logic of authentication. Proceedings of the Royal Society A Mathematical Physical & Engineering Sciences, 426(1871), 1-13. [Google Scholar]
  24. Wang, X., She, X., Bai, L., Qing, Y., & Jiang, F. (2021). A novel anonymous authentication scheme based on edge computing in internet of vehicles. Computers, Materials & Continua, 67(3), 3349-3361. [Google Scholar]
  25. Cao, X., Jiang, L., Wang, X., & Jiang, F. (2020). A location prediction method based on ga-lstm networks and associated movement behavior information. Journal of Information Hiding and Privacy Protection, 2(4), 187-197. [Google Scholar]
  26. Cui, L. L., & Xu, Y. B. (2020). Research on copyright protection method of material genome engineering data based on zero-watermarking. Journal on Big Data, 2(2), 53-62. [Google Scholar]
  27. Pan, X., Li, H., Li, X., Xu, L., & Sun, Y. (2022). Plc protection system based on verification separation. Computers, Materials & Continua, 71(2), 2401-2417. [Google Scholar]
  28. Geng, H., Zhang, H., & Zhang, Y. (2021). Efficient routing protection algorithm in large-scale networks. Computers, Materials & Continua, 66(2), 1733-1744. [Google Scholar]
  29. Meng, X., Xu, J., Wu, X., & Wang, Z. (2020). Design of a mutual authentication and key agreement protocol for wbans. Journal of Information Hiding and Privacy Protection, 2(3), 107-114. [Google Scholar]
  30. Jin, X., Su, L., & Huang, J. (2021). A reversible data hiding algorithm based on secret sharing. Journal of Information Hiding and Privacy Protection, 3(2), 69-82. [Google Scholar]
images This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.