|Computers, Materials & Continua |
Active Authentication Protocol for IoV Environment with Distributed Servers
1Department of Computer Science and Information Engineering, Asia University, Taichung, Taiwan
2Bioinformatics and Medical Engineering, Asia University, Taichung, Taiwan
*Corresponding Author: Yu-Lin Song. Email: email@example.com
Received: 19 April 2022; Accepted: 12 June 2022
Abstract: The Internet of Vehicles (IoV) has evolved as an advancement over the conventional Vehicular Ad-hoc Networks (VANETs) in pursuing a more optimal intelligent transportation system that can provide various intelligent solutions and enable a variety of applications for vehicular traffic. Massive volumes of data are produced and communicated wirelessly among the different relayed entities in these vehicular networks, which might entice adversaries and endanger the system with a wide range of security attacks. To ensure the security of such a sensitive network, we proposed a distributed authentication mechanism for IoV based on blockchain technology as a distributed ledger with an ouroboros algorithm. Using timestamp and challenge-response mechanisms, the proposed authentication model can withstand several security attacks such as Man-in-Middle (MiM) attacks, Distributed Denial of Service (DDoS) attacks, server spoofing attacks and more. The proposed method also provides a solution for single-point failure, forward secrecy, revocability, etc. We exhibit the security of our proposed model by using formal (mathematical) analysis and informal analysis. We used Random Oracle Model to perform the mathematical analysis. In addition, we compared the communication cost, computation cost, and security of the proposed model with the related existing studies. We have verified the security of the model by using AVISPA tool simulation. The security analysis and computation analysis show that the proposed protocol is viable.
Keywords: IoV; message authentication; random oracle model; blockchain; distributed server; revocability
In this decade, all the industries are influenced by high-tech innovations; the need for connected devices and automation devices is increasing day by day. The Internet of Things (IoT) is a crucial member of the invention that changes modern-day connected devices. The IoT facilitates a physical object to be intelligent by communicating with other devices. By 2025, forecasts suggest that more than 75 billion IoT-connected devices will be used. This count would be a nearly threefold increase from the IoT installed base in 2019 . The cities are becoming smarter with the help of IoT like waste management, electricity supply, sanitization, efficient urban mobility, traffic management, etc. In the case of efficient urban mobility and traffic management, the IoV acts mail role. By using advanced networking technology like 5G and Cloud technologies, this system aims to achieve effective real-time communication among the Participant of the network. The IoV promises a system in which every vehicle on the street can communicate with each other, so it helps reduce accidents and increases the efficiency of fuel consumption and many more factors . IoV Is a network of vehicles where the vehicle can communicate with each other and communicate with the Road-Side Units (RSU), pedestrian’s handheld devices, traffic signals, and public network using Vehicle to Vehicle (V2 V), Vehicle to the Road (V2R), as well as a Vehicle to Infrastructure (V2I) connectivity. In the IoV system, the vehicles are the core nodes of the network, which have the storage and computation power to process the environmental data. The vehicles are powered by n number of sensors that help them learn about the environment. The drivers, passengers, and pedestrians are considered users of the system. Recommendation-based systems can also benefit from the profile of the user. The sensors used in the vehicles generate a large amount of data given as input to the local compute unit to analyze the environmental factors. The local storage of the vehicle is used to store such input data and analyze results of the environment. Such information about the location, speed, traffic, road condition, local weather, and other required data is shared between the network participants .
However, despite several advantages that IoV offers, it has some significant challenges and difficulties also to be solved. In the IoV communication model, sensitive information is transmitted between vehicles and infrastructure in the insecure communication medium. Suppose the sensitive messages of the legal user are leaked. In that case, a malicious attacker can use it to perform network attacks and give wrong information to the other devices, and it can cause a fatal accident. Another critical issue in the IoV is transmitting data in real-time without delay. So, the IoV needs a lightweight transmission, computation, and processing protocol that helps to perform real-time communication effectively. Therefore, the IoV required a secure and effective message authentication protocol to ensure the road safety of the vehicular network user [4,5]. The following are the main security requirements that a specific message authentication protocol should follow,
• Confidentiality. The message transmitted between the different entities of the network should be kept secret or private, only the legal participants of the network should be able to validate the message.
• Untraceability and anonymity. The user’s real identity must be kept secret; it should not be revealed in any circumstance. Even if a small part of the transmission got leaked, the remaining should not be compromised.
• Mutual authentication. The protocol of the IoV should help a vehicle get mutually authenticated among the other entities of the network and obtain a meaningful message of communication.
• Withstand password guessing attack. The protocol for secure IoV should resist the password guessing attack where an intruder tries to think the driver password, even when the intruder got the transferred message or the smart card credentials.
• Withstand against insider attacks. The insider attack happens within the privileged account. The confidential or trusted user of the network who accesses sensitive information misuses this account access and acts as an adversary. A suitable design of IoV protocol should withstand this attack.
• Withstand against device theft attacks. An intruder can extract the credential from the stolen device or the vehicle. In a well-designed protocol, the information removed from the device should not be enough for the intruder to access that particular network.
• Revocability. If a vehicle’s smart card is stolen or the vehicle is dumped, the identity should be removed from the Distributed Authentication Server (DAS) database before the adversary uses it. The IoV protocol should give the option, and it should provide a re-registration option for the lost smart card.
Other than the above attacks, the IoV protocol should withstand some popular attacks like a man-in-the-middle-attack, impersonation attack, denial-of-service attack, SQL injections, dictionary attack, etc.  Most of the recent time IoV authentication servers are using the centralized registration server architecture. The problem with centralized architecture is a single-point failure. The central node failure can cause the entire system to fail. The centralized architecture only can be vertically scalable [7–9]. Horizontal scalability will contradict the single central unit characteristic of the system. The bottleneck can appear when the traffic spikes, as the server can only have a limited number of open ports to listen to vehicles’ connections. This server can suffer from a denial-of-service attack (DoS) or DDoS. The centralized server could attract hackers to perform DoS attacks; DDoS attacks commonly overpower their targets by sending a huge number of legal packets from multiple attack sites. Consequently, the target spends its key resources on processing the attack packets and cannot attend to its legitimate vehicles. DDoS traffic also creates heavy congestion in the Internet core during extensive attacks, disrupting communication between all Internet users whose packets cross congested the routers. It leads to system failure and causes a large-scale accident on the road. To avoid such a DDoS attack, the distributed architecture is one of the solutions [10,11]. The DAS has various advantages over the centralized server. In distributed servers, more nodes can be easily added, so scalability will be easy to handle. All the nodes in the distributed system are linked to each other. So, nodes can easily share data with other nodes. Failure of one node does not lead to the failure of the entire distributed system. Other nodes can still communicate with each other. Distributed server results in low latency. If a particular node is located closer to the user, the distributed system makes sure that the user system receives traffic from that nearby node. Blockchain technology has many advantages like trust, decentralized structure, improved security and privacy, reduced cost, visibility and traceability, speed, immutability, individual control of data, tokenization, etc. A lot of research is happening around the advantages of blockchain these days. In this proposed model, we used one of the advantages of the blockchain called decentralized structure and property of distributed ledger. The overall design of the authentication server is decentralized in the proposed model, so to hold the transactions of the DAS, we need a distributed ledger. The distributed ledger is used to store the request of the vehicles and keys of the transaction like session keys and security keys, as specified in Section 4. Compared to the customarily distributed ledgers, the blockchain ledger has the advantage of Proof-of-Work (PoW). In Blockchain, PoW is used to validate transactions. It is a system that requires some computationally heavy tasks to validate the Block and add it to the chain. This method ensures that the data added to a blockchain is not false or manipulated. So, the DAS becomes more secure and immutable . To avoid such problems of centralized servers and to use the advantages of blockchain, the proposed model suggests a DAS for authentication in the IoV environment by using the blockchain as a distributed ledger for handling the transactions.
The contribution of the proposed model is summarized as follows.
• We have used the blockchain and distributed server architecture for authentication in IoV environment. Miners use the Ouroboros algorithm to assure the correctness of credentials of vehicles.
• We have formally analyzed the framework using the famous Random Oracle Model and performed the framework’s informal security analyses.
• The proposed model has solved the problem of revocability and single-point failure in the IoV environment.
• The proposed model has higher efficiency in communication cost over other related studies.
The paper is organized as follows: we have discussed the system’s background in Section 2. In Section 3, we have explained about the proposed system and its stages. Formal security analysis and Informal security analysis is discussed in the Section 4 and Section 5 respectively. In Section 6, we have discussed about the performance analysis of the proposed system. Finally, we have given the conclusion of the proposed system.
In this section, we discussed the various research that happened in IoV authentication protocol in recent times. Li et al.  proposed authentication with privacy preservation and nonrepudiation for IoV environment. However, Dua et al.  analyzed the framework of Li et al.  and pointed out that their research framework could not withstand the session key disclosure attack. At the same time, it does not provide user anonymity and untracebility. Recently, some researchers have concentrated on the lightweight framework to reduce the complexity of transmission in real-time. The authors Ying et al.  presented a scheme for a secure and lightweight authentication method for IoV, whereas Chen et al.  found that the Ying et al.  work has the disadvantage of location leakage, password guessing attacks, repeat attack, and same time consumes considerable authentication time. Then Chen et al.  introduced a secure framework for authentication for IoV to resolve the drawbacks of Ying et al.  however, the method presented by Chen et al.  has the drawback of high storage cost due to the vast amount of data stored in the memory. Vasudev et al.  proposed a secure and efficient message authentication protocol for IoV environment; they claimed that their proposed method could withstand various security issues in IoV. However, Yu et al.  demonstrate that Vasudev et al.  cannot withstand critical security attacks such as a middle-man attack, mutual authentication, and impersonation. Then they  introduce a secure authentication protocol in a smart city environment for IoV. However, they  do not address the problem of single-point failure, revocability Problem, or denial-of-service attack in the IoV environment. The scheme of them  has a high computational cost comparatively. Therefore, we proposed a distributed server architecture for the authentication model for IoV environment to resolve their observed security problems.
This section describes the system background and the building blocks of the proposed method,
3.1 Primitives for Cryptography
The prominent Elliptic Curve algorithm for digital signature is used in this proposed method . There are three processes act a main role in the digital signature, those processes are discussed follow,
• Key Generation: : The function is used to generate a private key , and its corresponding with the constraint for security .
• Digital Signature Generation: : The function is used to generate a digital signature value of the message m by using the .
• Verification: : The function is used to verify whether the digital signature is a correct value for the message m with the help of the public key .
The Digital signature function must not be forgeable . That’s mean legal signature should not be forged by any probabilistic polynomial-time adversary without the private key .
The following are the two main goals of adversary in this model,
• The can win the game of impersonating vehicle , so it can get authenticate into the authentication server .
• The can win the game of impersonating the authentication server , so it can get authenticate into the vehicle .
Adversary is a probabilistic polynomial time attacker, viable attacker is described as follow,
• The Adversary can block, insert, alter, and eavesdrop the message which is transmitted between the nodes through the communication medium.so, it can control the medium between the vehicle and their authentication servers.
• The Adversary can obtain the smartcard of the vehicle or the password of the vehicle. If the has acquired the smartcard, then he/she can extricate the secret information from the smartcard. So, he/she has the potential to compute the password space .
• The can be another legal user but malicious user in the distributed authentication server.
To assess the proposed framework, we explained the attack statements including the well-known “Dolev-Yao threat model (DYTM)”. The abilities of a malicious adversary are as follows. Mentioning to the DYTM model, an adversary can modify, inject, reply, eavesdrop or delete the transmitted messages in a public network [10–12]. The adversary can rob the smart card of the legal driver and retrieve the confidential information saved in storage by using the power analysis attacks. After having the confidential information, the adversary may attempt potential attacks, including MiM attack, Repeat Attack, wrong credential access, impersonate attack, server spoofing attack, etc. The adversary has complete control over the network; the capability of the adversary are he knows all the public data of the protocol, he can start any number of parallel protocol sessions, he can encrypt/decrypt if he has the key, he can build and send messages, he can compose/decompose messages and so on.
Blockchain is a system that records information to make it difficult or impossible to modify, hack or cheat the system. It is necessarily a digital ledger to store duplicated transactions and distribute them across the whole network of a computer system on the blockchain. It contains an ordered chain of blocks . These blocks have a specified number of transactions. Each block is connected to the previous block by referring to the previous block’s hash. We suggested using a blockchain similar to the bitcoin in our proposed model, as shown in Fig. 1. It contains several blocks, timestamp, previous block hash value, and Merkle tree root. In our proposed model, the distributed authentication server are miners of the blockchain network, the miner of the blockchain network; the miner will issue the next block. Generally, if the miner wants to create a new node, he must complete some PoW , but PoW has always consumed high computational power to check the transaction and add those transactions into a new block. This method is expensive because it costs a lot of energy and money. To overcome this drawback, a new approach was introduced by Scott Nadal, and Sunny King called Proof of Stack (PoS) or Delegated Proof of Stack (DPoS) . These methods select one of the miners randomly to achieve a new block. The PoS and DPoS are more effective methods compared to PoW. In our proposed model, we used the ouroboros model, which is the model of PoS , which is provable and secure. It is used as a consensus system to enter a new block of transactions in the blockchain network. Blockchains are found to consume exorbitant amount of energy because of the algorithm used in PoW. The ouroboros can manage thousands of transactions in seconds and reduce energy consumption compared to PoW. When a vehicle requests registration to the authentication server, the DAS node must check the vehicle information specified in Fig. 2. Following the successful verification, the blockchain node will enter the transaction into the blockchain network, and the entire nodes will create a new block through the Ouroboros algorithm. Whenever a vehicle wants to access the authentication system to get authorized in the network, the DAS will cross-check the transactions in the blockchain ledger and update the new access in the blockchain network. The architecture of the proposed method is illustrated in Fig. 1; using the Road-Side Unit (RSU), Infrastructure, and different sensors vehicle can communicate with the distributed authentication server.
The architecture of the proposed model is shown in Fig. 1. The , ,..., are vehicles that wanted to connect to the distributed authentication server. The infrastructure, RSU, and wireless sensors are mediums allow the vehicles to connect to the DAS through the public internet. The DAS is a distributed server for authentication which authorize the vehicle to take part in the network for communication, the DAS is backed by the blockchain ledger to store the transaction of all the vehicles. The proposed system has 4 phases shown below. In Tab. 1. we have summarized the notations we used in the framework.
1. Low level formatting
2. Vehicle Enrollment
3. Two-way Authentication
In the proposed system there are -numbers of DAS for the simplicity it is represented as . In this stage all nodes concord with an additive group with order P which is generated by the generator G and it’s five hash functions , where b is the bit output bit length and m = 0, 1, 3. Every node will generate its own private key and a public key is calculated as . We assume that the public key of each node will be known by all other nodes and vehicles then the node stores the private key in its memory and keep it as a secret and distribute the attributes to all other nodes.
When a vehicle wants to access the authentication nodes, it needs to be enrolled with the Authentication nodes. Fig. 2 shows the process of vehicle enrollment, and it is narrated as follows in steps.
Step 1: A Vehicle chooses the closest node based on path loss and fading effect to enroll itself in the network and select its identity and a random number which is derived from the set and set the values for revocation parameter as zero, . Moreover, evaluate the public key , where TS is a timestamp. The sends the message and its information (e.g., Reg number, chase number and unique digital sign) to through a secure channel where is a signature of vehicle and is the enrolment requirements.
Step 2: After getting the message, will check the authenticity of the vehicle details and the timestamp. Then Assign the value of and verify the equation or not. If the equation does not give the value 1, then the will discard the enrollment request from the vehicle. Otherwise, the will verify whether has been registered in the blockchain. If the vehicle transaction already available in the blockchain and then the will reject the request for enrolment. If not, calculate where is the timestamp for the current transaction will be broadcast to the blockchain network. Then the miner can generate a fresh block for vehicle as by using the protocol called ouroboros. This protocol is a consensus algorithm for the distributed network . Where, is the number of blocks in the blockchain. By using the secure channel, the is transmitted to from . Where, the signature represents that the node has verified that the is belongs to the specific vehicle . The node is responsible for this claim.
Step 3: Once the message is received by the vehicle , then the vehicle selects the password and a random number . After deciding those values, the evaluates , . Finally, the vehicle stores and in its local memory.
If the vehicle wants to authenticate in the network, the vehicle needs to succuss the two-way authentication with the nodes. As shown in Fig. 3, the process of two-way authentication is explained as follows.
Step 1: The vehicle Evaluates and verify whether D and are same. If the values are not same, the will discard the current session. If the values are same, the vehicle generate a random number say , and evaluates , , , , where TS is current timestamp. Then send the to by using the public channel.
Step 2: Once received the message , it verifies and evaluates then the checks the following conditions satisfiability.
Condition 1: exists in the block .
Condition 2: Revocation status of the is zero, holds in the new block
Condition 3: The blocks does not have tuple
Discard the session, even one of the above condition fails. Otherwise takes the of and verify the equation holds. If the equation does not hold, then discard the session. If the equation holds, then generates a random number and evaluates , , after that return the message to via a public channel.
Step 3: After getting the message from. The Evaluate , and verify whether If the condition is true, completes the authenticate the . Where MAC is Message Authentication Code which is calculated with the secret session key.
The procedure of the revocability phase is explained in this section. When the vehicle’s smartcard is lost, stolen the system should have to remove the account and re-register it to the authentication server. The process of revocability is explained as follows,
Step1: The vehicle chooses the nearest authentication server in the distributed system and then select a fresh random number , set , and compute the , where is timestamp. This vehicle submits the messages and several private attributes to via a protected channel, where is the prerequisite of revocability.
Step 2: Based on the acknowledgement of the message, the authentication node will first verify the genuineness of private attributes and timestamp. After that, will set , and checks the equation holds. When it holds the condition, gets the old of the by checking the blockchain in the background and computes.
This section explains the security analysis of the proposed method and how it meets the security requirements. The Low-level formatting phase, the Vehicle Enrollment phase, will be performed in the protected channel. The proposed system may endure security threads in the two-way authentication stage. Hence, we explain the security of the two-way authentication phase in this section. We proposed a security mechanism based on the work of Yu et al.  and Goldwasser et al. [23–26]. The security model of our system is designed by an adversary and a turing-machine with the probabilistic polynomial time. Let instance be the vehicle in session , can create an oracle query as following,
1. : This inquiry imitates registration as a legitimate vehicle. issues this query with ’s identity . generates the new block in block chain , ’s and , saves them in the list and returns and to .
2. : This inquiry imitates registration as a legal . issues this inquiry with ’s identity , generates ’s , saves them in List .
3. : This inquiry imitates the participant p sends message M to the . issues query and receive a response which is specified by the method.
4. : This inquiry imitates the outflow of session-key attack and return the session key as an output.
There are 2 corrupt queries,
1. : This inquiry imitates password-leakage attack and obtain the vehicle password .
2. : This query imitates the Attack.
Definition 1: Similar sessions: The session of the instance vehicle and authentication node are considered as similar if, s = s’, and both and have accepted it where are peer identities.
Definition 2: Authentication protocol: The following properties should be held to say authentication protocol is secure,
and are similar sessions and they should accept each other.
and should obtain the same keys.
The probability of accepted as is trivial.
The probability of accepted as is trivial.
Initially, we discuss two mathematical challenges to analyze our proposed protocol as follows,
Definition 3: Discrete logarithmic problem (DLP): Say where , impracticable to compute u. Our method is shown follow,
Theorem 1: Secure authentication of Vehicle: In our system, if hash function are ideally random functions, then the problem DLP is hard, so will be accepted. So that there will not be any polynomial adversary who can cast the authentication message of a legal vehicles by a non-trivial probability.
Proof: Let assume that cast the message of legal vehicle with a non-trivial probability. Then the DLP can be solve by a with a non-trivial probability by using the . Let say the DLP probability is . Given DLP , the task of γ is to evaluate (). To win this, the γ should have to imitate an environmental of our method which is identical from the real method to the . So, the γ should respond to all queries given by the . To win this, the γ should generate all the parameter and publish them same time the γ need to generate all private keys of the vehicle other than private key of the challenger and evaluate their public key . Then the γ will respond to the queries of as follows,
1. : The query is a hash query for message . The where i = 0 to 4, will maintain a list called which value is initiated as empty. The γ will check for the message in the list . If the is exist in , then the γ will return the value of to . Otherwise, random number will be generated by γ and stores the value () into the list and give the value to
2. : Here, the γ will maintain a list called which value is initialized to empty. Then γ checks the whether the tuple exists. If it exists γ will return the and to the . Otherwise, it will follow the following procedure,
A) If , then γ will assign a random number to , select a random number and evaluate the . γ saves the tuple in the list and return and.
B) If , then γ will assign a random number to , and requests the to know private key of. γ stores the tuple to the .
3. : The γ maintain a list called which values are initialized as empty. The γ will check the list for the value of tuple Exists or not. If it exists, then γ will return the value of to the . Otherwise, the γ generate a as a random value, evaluate = . G and save the tuple in the list and give the value of to the .
4. sends the initial message to the γ. The CT will be decrypted by γ and acquire , and returns to .
5. : Once the γ gets the query send, it will check the equation holds or not. If it holds, then γ asks the to obtain the message and send it to . Otherwise γ send the message to by following the steps of the proposed method.
6. : In this query, the γ returns the key to the session among and in the current session s.
7. : once the γ receives the query, it asks to give the password or the secret value of the vehicle. If , then the γ will discard the request.
8. : The γ will return the
As per the queries, if can by-pass vehicle authentication phase successfully, it implies that the adversary can successfully forged the authentication message and send the message to the turing machine γ, where is given in the Section 5.3. has casted another message According to the forking theorem in  by repeating the imitation with different values of hash . Therefore, we got two Eqs. (1) and (2) as shown below.
The turing machine γ evaluates as the solution for the DLP. The probability is, Let assume, λ is the non-trivial probability of the which casts an authentication message of legal vehicle and ρ is the probability of γ getting success in the DLP when the missed to cast the authorization message of vehicle. Based on the work of Yu et al.  the probability of turing machine γ for winning the DLP can be reduced as in Eq. (4),
where is number of queries sent. According to the Eq. (5), is non-trivial and the γ can get succussed in DLP with the non-trivial. Therefore, the legal vehicle authentication message cannot be cast by any polynomial with a non-trivial probability.
Theorem 2: Secure Authentication of : In our proposed method, if MAC and the hash functions ,.. are ideally random functions, and has trusted. The legal authentication message cannot be break by any polynomial with non-trivial probability.
Proof: Let assume, the legal authentication message can be breaking the with non-trivial probability. Then there will be a γ, which can win the underlying MAC without the secret session key with a non-trivial probability by using .
A challenger and a MAC server with a secret key are the two participants of the MAC-game; the MAC value of any message can be requested by the challenger to as many times as it wants. Let the probability for winner the MAC-game is . The procedure of the game is given follow,
1. The challenger can send two messages to the .
2. The can select a random value . Say if r value is one, then returns to the . Otherwise, it will return .
3. The challenger can win the game by guessing the value of . Therefore .
The γ imitate the atmosphere of the method which is identical from the actual proposed method to the , therefore the γ must response to each queries requested by the ; Initially the γ setup all the parameters of system other than identity of ’s challenger private key . The γ should answer the hash, execute, and leak query as like in the Theorem 1. Then the γ answers ’s query as below,
1. : Here, the γ will maintain a list called which is initialized as empty and check if a tuple exists in the list . If the tuple exists in then it will return , to the else γ will generate a random number as revocation status , select one more random number and evaluate the public key . Then γ saves the tuple in the list and give the values of and to the .
2. : The γ maintain a list called which is initialized to empty. The γ will check if a tuple exists in the list . If the tuple exists, the γ will to the . Otherwise, γ will follow the following procedure,
A) If , then the γ will set the and request the to access public key so of , saves the tuple in the list and give the to .
B) If , then the γ will set a random number to , evaluate =, save the tuple into the list .
3. : An initially sends the message to the γ, then based on the proposed system, the γ operates and returns the message to the . After the message from . The γ sends the result of vehicle authentication message based on & and result to verify the value of the .
4. : After getting this query, the γ will send the initial message to by using the private key of vehicle as our method specified. If , then γ will discard the game.
5. : Here, γ request to get the corresponding password or the secret values of the vehicle.
6. : After getting the query, γ checks the equation holds, if the values match then γ discard the game, otherwise it will return the private key .
Based on above queries, if the can pass the authentication of successfully, then forge a message and send the message to γ, where the equation of D is explained in Section 5.3. Upon receiving the γ sends and a random number = to the . Then sends MAC to γ. Then γ can check the value of b is 1 or 2 by checking the . Let assume λ is a non-trivial probability of gets a legal authentication message of . So, the probability of γ getting succussed in the MAC can be evaluated as follows in Eq. (5),
According to the above equation, the is non-trivial and the λ can win the MAC game with non-trivial. Therefore, the legal’s authentication message cannot be forged by any polynomial in a non-trivial probability.
Theorem 3: The proposed method will be a secure protocol, if it follows the below condition,
1. and has been accepted.
2. Hash to , MAC are ideally random functions.
3. The Discrete probability problem is hard.
Proof: According to theorem 1 and 2, we understand the legal or cannot be forged by any polynomial adversary . If the DLP is hard and the MAC is an ideally random function. Since has been trusted, it ensures there is a noble session of the method that has derived exactly the similar key. Based on above analysis, the suggested method is a reliable protocol.
6 Formal Security Verification Using AVISPA
We analyze the security of the proposed framework by using AVISPA tool simulation against the reply attack and MIM attack. The AVISPA toolset uses the “High-Language Protocol Specification Language” (HLPSL) language for specifying cryptographic protocols . HLPSL specifications are translated into equivalent IF specifications by the HLPSL2IF translator. The current version of the tool integrates the four back-ends as follows, On-the-fly Model-Checker (OFMC), Constraint-Logic-based Attack Searcher (CL-AtSe), SAT-based Model-Checker (SATMC), Tree Automata based on Automatic Approximations (TA4SP). To analyze the security of our proposed system, we used the rule-oriented HLPSL. More details about HLPSL and AVISPA toolset specifications are explained in [28,29]. Various roles for the vehicle , distributed authentication server , goal, environment, and session are realized by using HSPSL for our proposed model. The TA4SP and SATMC do not have the support for XOR operations, so we have simulated the protocol with OFMC and CL-AtSe. The results of the proposed model are given in Fig. 4. Based on the result, we proved that our proposed method is viable to resist the MIM attack and reply attack based on the result.
• Mutual Authentication. Based On theorem 1, if DLP problem is hard and MAC is an ideally random function, then we can determine that there will be no polynomial adversary that can be able to cast a legitimate or . Therefore, the vehicle and the can effectively authenticate to each other.
• Impersonate Attack. An impersonation attack is an attack in which an adversary successfully assumes the identity of one of the legal nodes in a system or a communication protocol  . In our proposed method, if the adversary wants to impersonate a vehicle , then the adversary must cast the message correctly. Based on Theorem 1 shows that it is not possible because the DLP problem is hard.
• Man-in-Middle Attack. In this attack, the Intruder secretly communicates and probably alters the communications among two nodes who believe that they are directly communicating with each other, as the Intruder has injected themselves between the two nodes . In our proposed method, the message transferred between legitimate or are protected by , the Intruder cannot cast the message without knowing the . Hence, our system can resist the man-in-middle attack.
• Server Spoofing Attack. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source [32–35]. According to theorem 1, without the private key of the legitimate user or authentication node, no polynomial adversary can cast the message. In our proposed method, the or only know their own , does not know other vehicles or authentication node’s private key. Hence the intruder cannot spoof any vehicles to other .
• Repeat Attack. A repeat attack is when the intruder records a communication session and replays the entire session, or some portion of the session, at a later on . We prevent the repeat attack by using the challenge and response method in our proposed way. We are using two random numbers u and .
• Untraceable and Anonymity. The vehicle’s identity is encrypted by using the hash function so that we ensure the vehicle’s real identity got protected. At the same time the value of the hash function refreshed for every session because of the random number u used in the computation of the function. The intruder cannot calculate the value of the hash function without knowing the random number u and the private key of . Therefore, our method ensures the vehicle activity is Untraceable and anonymous [37–40].
• Poison block attack. A poison block attack, sometimes referred to as a ‘big block attack’ is where a malicious miner will create a huge block that takes smaller miners with less hash power a long time to validate. In the proposed system the blockchain ledger only can be accessed by the DAS. So, there are no worries about the malicious miner in the blockchain network.
• Wrong credential access. In our proposed method, we used a password verification model which is installed in the vehicle , this model is used to verify the password correctness. If the entered password is wrong, the verified data D and will not be same where . Therefore, our proposed model detects the unauthorized access to the authentication node [40–42].
8 Performance and Comparison Analysis
In this section to calculate the Comparison analysis of “security characteristics” and “communication cost” of the proposed method we have utilized the related studies [12,13], [16,17].
In Tab. 2, we presented the security characteristics comparison of our proposed model with the related studies [12,13], [16,17]. By referring to Tab. 2, the existing schemes [12,13], [16,17] are endured various security attacks. Same time the related methods cannot provide authentication and anonymity in various cases. The proposed model for distributed authentication method prevents various security attacks and provides a revocability feature for lost vehicles.
We analyzed the storage costs of the proposed system with existing schemes [12,13], [16,17] According to , we estimate that the bit-lengths of the timestamp (), random number/identity (), symmetric encryption/decryption (), asymmetric encryption/decryption (), signature () and hash function () are 8 bytes, 10 bytes, 16 bytes, 128 bytes, 192 bytes, and 32 bytes, respectively.
We compared the computation cost of our proposed framework with the related works [12,13], [16,17] during the authentication. We estimated the following parameter values based on the Vasudev et al.  analysis method. and represents asymmetric decryption, asymmetric encryption, asymmetric decryption, asymmetric encryption, signing operation and hash function, respectively. Based on Vasudev et al. , we have represented the value of computations for various methods of cryptography operation in Tab. 2. we eliminated the computational values of XOR operation because compared to other cryptography operations, the XOR operation requires significantly computation time.
The computation time of the various cryptography operation in Tab. 3 is calculated based on the following desktop configuration, “Windows 10. Professional with an Intel (R) Core (TM) CPU i5–7200U, 8.1GB memory, @2.50 GHz” .
The total computation cost of the related works and our proposed model are compared in Tab. 4. The total computation costs of the proposed framework and Vasudev et al.’s scheme  are 10.821 ms and 7.774 ms. Even though Vasudev et al.’s scheme has a minimum computation cost, many attacks still affect it, as demonstrated by Yu et al.  So, compared to that method, our proposed model has a better computation cost with strong security.
We have calculated the communication cost of the proposed framework with the related studies [12,13], [16,17]. To calculate a convincing comparison, we assumed that the bit length of timestamp, the block size of symmetric encryption, the block size of symmetric decryption, hash output, identity, the number of blocks, random number, and signature are 32 bits, 128 bits, 128 bits, 32 bits, 180 bits, 32 bits, 320 bits respectively. The bit length of the elliptic curve for digital signature is 160 bits, and the exponentiation is 1024 bits. The communication efficiency comparison is discussed in Tab. 5. [43,44].
In the proposed method, the initial message needs (320 + 32 + 180 + 32 + 32 + 32) = 628 bits and the reply message needs (180 + 320) = 500 bits; by adding these two values, the total needed bits for the authentication phase are 1128 bits. By using the same bit length, the other related studies [12,13], [16,17]. also calculated as shown in Tab. 2. The analysis result and Fig. 5. show that our proposed model has the second lowest communication cost compared to other related schemes.
Vasudev et al.  has the lowest communication cost, but it is affected by many attacks as demonstrated by Yu et al. . In the security and communication cost wise the proposed model has efficient results, and it has the potential to implement in real time.
In this research, we proposed a distributed authentication mechanism for IoV environment based on blockchain technology with an ouroboros algorithm that protects the system from various security attacks such as man-in-middle attack, DDoS attack, server spoofing attack and provide a solution for single-point failure, forward secrecy, revocability, etc. The formal and informal security analysis proves that our proposed method is secure the random oracle model. The performance analysis demonstrates that the proposed model has high communication efficiency, which will be suitable for real time IoV environment.
Acknowledgement: This work was supported in part by the Ministry of Science and Technology, Taiwan, through grant MOST 110–2622-E-468–002 and 110–2218-E-468–001-MBK. The authors also gratefully acknowledge the helpful comments and suggestions of the Editor and anonymous reviewers, which have improved the presentation of this paper.
Funding Statement: This work was supported by the Ministry of Science and Technology of Taiwan, R.O.C., under Grant MOST 110–2622-E-468–002 and 110–2218-E-468–001-MBK.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
|This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.|