Internet of vehicles (IoV) is an emerging area of advanced transportation systems, in which the functionality of traditional vehicular ad hoc networks (VANET) combined with the Internet of things (IoT). This technology allows vehicle users and drivers to interact in real time from anywhere and anytime. However, until recently, the major two problems that authentication and key management methods may solve are security and privacy. In this study, we offer a privacy-preserving authentication and key management scheme for the IoV environment that is computationally and communication cost-effective. We conducted a thorough security analysis, demonstrating that the proposed scheme is resistant to a variety of cryptographic attacks. We have included a cost analysis that indicates the proposed scheme is more efficient than IoV’s current privacy-preserving authentication and key management schemes.

1. Introduction

Vehicular ad hoc network (VANET) has emerged as one of the most significant research fields in recent years, encompassing things such as vehicles, which include On-Board Units (OBU), Road-Side Units (RSU), and Trusted Authority (TA). An OBU is an electromagnetic device that is usually installed on a vehicle and used to send and receive data to and from the RSU [1]. It is made up of a resource command processor and resources, which store and restore data using a read/write memory [2]. RSUs are permanent communication gateways that feature an antenna, CPU, and read/write memory to enable wireless communication employing IEEE 802.11p radio technology between OBU and servers or the Internet [3]. The TA provides numerous premium Internet services to VANET subscribers through RSU, as well as protecting the entire vehicular network [4]. The Internet of things (IoT) allows smart connected objects to communicate with one another, expanding existing vehicular ad hoc networks (VANETs) into the Internet of vehicles (IoV) as a result of recent advancements in communication network technology [5].

The most essential services in IoV are traffic efficiency and road safety, which share real-time data through the Internet to reduce road accidents [6]. Figure 1 shows the usual flow diagram for IoV, which shows the communication process between entities such as the TA, OBU, and RSU.

Apart from standard IoV communication, the Fifth Generation (5G) cellular network is a viable choice for effectively delivering all of these services. The basic infrastructure for constructing a smart IoV environment will be provided by 5G, which will push vehicle network performance and capabilities needs to an acceptable level [7]. Because the IoT is an open network, there are certain serious security risks that must be addressed. Indeed, users are growing increasingly concerned about the impact of modern technology on their privacy. For example, an attacker eavesdropping in on communications may exploit private information to trace down a specific vehicle and its driver’s movements [8]. These malicious activities could jeopardize users’ privacy as well as lead to robbery and physical injury [9]. Authentication and key agreement will be the most effective techniques for dealing with such attacks. Authentication is the process through which two or more participants in an IoV environment learn about each other before exchanging data [10]. Furthermore, before communicating with one another, the key management system allows all participants (e.g., OBU, RSU, and TA) to validate the messages by matching the generated keys [11].

Batch verifications [12] are a technique that, in addition to the two procedures mentioned above, provides for the authentication of numerous messages at once. The elliptic-curve cryptography (ECC) and Rivest Shamir Adleman (RSA) algorithms, which are well-known public-key methods and provide the same functions, are used in the majority of existing schemes, but the computation cost is still very high because key creation, signing, and decryption are all extremely slow, making them a little more difficult to implement securely.

To address the limitations of existing vehicle communication methods, this study uses hyperelliptic curve cryptography (HECC) to show a 5G vehicular network that is both safe and efficient while also lowering computational costs. As a result of the preceding debate, we have made the following contributions to this work:(1)We propose an authentication and key management scheme with the help of HECC(2)We conducted a thorough security study, which revealed that the proposed scheme is resistant to a variety of cyber-attacks(3)We performed a computational cost study, comparing our proposed scheme to previously published approaches, and the findings demonstrate that the proposed scheme is more efficient.

1.1. Preliminaries

This section gives a short overview of the hyperelliptic curve idea and formal definition.

1.1.1. Hyperelliptic-Curve Cryptography

Hyperelliptic- curve cryptography was first developed by Miller and Koblitz, in 1988, which is the extent of an elliptic curve that depends on discrete logarithm problem in the Jacobian with genus two. Equation (1) represents the popular form of hyperelliptic curve of genus two on Jacobian group with finite field :where is a polynomial and and is a monic polynomial and .

1.1.2. Divisor

The finite formal sum of points on hyperelliptic curve is called divisor and represented in MumFord form as

1.1.3. Jacobian Group

The divisors form an Abelian group which is called Jacobian group and the order of the Jacobian group is defined as

1.1.4. Hyperelliptic-Curve Discrete Logarithm Problem (HECDLP)

Let be divisor of order in the Jacobian group ; find an integer , such that

Any entity in the IoV that receives relevant traffic messages must go through an authentication process to guarantee that the message’s source is trustworthy and that the content is complete and legitimate. Many researchers have made contributions to the field of IoV network authentication methods in this regard. To assure vehicle legitimacy, Lu et al. [13] proposed a cost-effective conditional privacy-preserving (ECPP) authentication mechanism based on certificates. A vehicle can connect to other cars in the transmission range using its certificate in this scheme; however, if the certificate’s time slot expires, the vehicle must visit an RSU to produce a new certificate. Zhang et al. [14] developed an identity-based batch verification (IBV) system, in which each vehicle stores crucial parameters and generates pseudonyms, allowing numerous messages to be evaluated at the same time using bilinear pairing characteristics.

Jiang et al. [15] used similar strategies to create an effective unidentified batch authentication methodology (ABAH) for effectively authenticating a large number of communications. Wang et al. [16] proposed a two-factor lightweight privacy-preserving authentication system (2FLIP), in which each On-Board Unit (OBU) is equipped with a perfect tamper-proof device (TPD) that stores a system key and generates a message authentication code (MAC) using the system key while signing a message. Each TPD’s retention of the system key might result in a single point of failure. In DAPPA, each authorized vehicle gets two-member secrets from RSUs, and Zhang et al. [17] introduced a distributed aggregate privacy-preserving authentication approach (DAPPA) that can conduct batch verification without needing the use of an optimum TPD. Although their multiplications are the identical, these two-member secrets differ based on the vehicle. The discovered member secrets and the one-time identity-based aggregate signature may then be used by cars to do batch verification. However, because this DAPPA system includes several pairing operations, there is a significant verification delay when a large number of messages need to be validated.

Based on a registration list, Zhong et al. [18] developed a privacy-preserving conditional authentication approach (CPPARL). The proposed CPPARL allows RSU to collect and validate all messages sent by cars within its transmission range, after which it encrypts and sends out two bloom filters, one positive and one negative, using its secret key.

To mitigate failure of service (DoS) attacks, Liu et al. [19] proposed a puzzle-based pseudonymous authentication mechanism for a 5G vehicular network. In this scheme, each vehicle must solve a hash problem before transmitting a message. However, because messages are not sent at the proper moment, this approach has a significant communication cost. To achieve efficient message authentication, Huang et al. [3] suggested a safe and efficient privacy-preserving authentication strategy for automotive networks, which uses a registration list and elliptic-curve public-key cryptography. This solution, however, does not define the service profile identifier (SPID) validation time or the hash list update rate in order to enhance network performance.

Raja et al. [20] developed an RSU-based group authentication (RGA) system in which each vehicle in its range is assigned a group ID and group key pair, ensuring more secure communication while reducing network overhead. However, their technique has a high total computing cost. Hashem Eiza et al. [21] established secure video reporting services for 5G car networks, in which vehicles may quickly report a road accident by simply sending recorded video footage, while the reporter’s identity and video data are kept private. However, because this technology is built for video transmission services, it is incompatible with other safety-related apps. Bouchelaghem and Omar [22] proposed a privacy-preserving pseudonym shifting technique for VANET; as a result, this scheme has certain security difficulties for OBU and traffic monitoring cameras-based tracking. Yao et al. [23] developed an enhanced mutual authentication strategy for VANETs that uses the ECC to provide forward secrecy; however, their proposed system has a significant computational cost and communication overhead owing to the usage of the elliptic curve.

3. Network Model

Figure 2 depicts our proposed IoV network system architecture, which includes three communication system partners: OBU, Trusted Authority (TA), and RSU, in that order. We used the substeps below to explain the function of each entity.(1)OBU: it encrypts his identity and uses TA’s public key to do a hash function. The hash values and the encrypted identifying text are subsequently transferred to TA. TA decrypts the encrypted text and applies the hash function to the decrypted text after receiving the encrypted text and hash value. It also analyses both hash values and, if they match, generates the public and private key for OBU and sends it via a secure channel. It produces the digital signature, secret key, and ciphertext of its identification and sends the authentication message to RSU after receiving the public and private key.(2)TA: upon reception of encrypted text and hash value from OBU or RSU, TA first decrypts the encrypted text before applying the hash function to it. Furthermore, it compares both hash values and, if they match, generates the public and private key for OBU or RSU and delivered it via a secure route.(3)RSU: it performs two execution processes on its identification, one of which is encryption using TA’s public key and the other of which is a hash function. Then, it sends the encrypted text of identity along with the hash values to TA. Upon reception of encrypted text and hash value, TA first decrypts the encrypted text and performs the hash function on the decrypted text. Furthermore, it compares both the hash values and, if it is matched, then produces the public and private key for OBU and dispatched it through a secure channel. When it is received, the public key and private key, further, received the authentication message from OBU, it performs the decryption process for cipher text and verification process for signature; if both the processes are performed successfully, then it set the secret key for further communications.

4. Proposed Mutual Authentication Scheme for IoV

Table 1 includes the symbols used in this scheme and the inclusive stages of our mutual authentication scheme for IoV explained as follows:(i)Setup: here, the trusted authority (TA) computes and sets as his public key and as his master private key, where has been choose randomly. Furthermore, it makes and publishes as a global parameter set, where denotes the master public key of TA, denotes a genus 2 hyperelliptic curve, denotes a 80 bits devisor, denotes an order finite field and its value will be equal to 80 bits, and represents a collision resistant and irreversible hash function.(ii)Registrations: each Actor with computes and , where is the public key of TA and represent the encryption function that encrypts the value through the public key of TA. Then, send (, ) to TA. So, upon reception of (, ), CA can compute and , where is the private key of CA and represent the decryption function that decrypts the value through the private key of TA. Furthermore, CA compare ; if it is equal, then it computes , , and , where denotes a random private number that is only know to CA, denotes the private key of , and represents the public key of . At the end, TA can delivers to utilizing secure network.(iii)Mutual authentication and secrete management: a sender Actor with computes , , , and , where and represent the two private numbers which are randomly selected by , denote the public key of receiver actor (), denotes the private key of , and denotes the encryption function that encrypts the identity of and that are through the secret key which is generated by . Furthermore, can compute and and send to .

When received , it can compute , , and ; it compares ; if it is equal, then the identities are not modified, and it is going for signature authentication as (Table 1).

4.1. Message Signing

A sender Actor , with , can compute and ; represents randomly selected by and sends to .

4.2. Message Verifications

When received , it can compute for signature authentication as .

4.3. Correctness

Here, can verify the received set as follows:

Hence, it is proved.

Also, it can generate a secret key as  = ; hence, it is proved.

5. Security Analysis

Before we can describe the security aspects of our proposed scheme, we must first discuss some of the characteristics of an attacker who would represent a threat to it. We will explore the Dolev–Yao model, in which the attacker can conduct a variety of actions. It includes the properties such as mutual authentication, anonymity, confidentiality of identities, unforgeability of signature, forward secrecy, secrete key leakage, and identity authentication. We explain the above properties one by one using the following steps.

5.1. Mutual Authentication

In the proposed scheme, generates a signature as and sends this signature to through unsecure network. When received , for verification, it can check the equality of the following equation ; if it is satisfied, then we can say that this scheme provide mutual authentication property. If we look into the correctness analysis section of this study, then we can see the equality of the above equation is hold.

5.2. Anonymity

If we look into the communicated parameter of our proposed scheme , where is the hash value with the property of irreversibility, is the hyperelliptic-curve point which does not contain any identity, are also hyperelliptic-curve point, and in which both the identity of and are protected through encryption function with secret key that is only known to and . The above discussion confirmed the existence of anonymity property in the proposed scheme.

5.3. Confidentiality of Identities

In the proposed scheme, generate the ciphertext of both the identities is and send it to through unsecure network, where secret key as , so if the attacker tries to decrypt the ciphertext, it is obligatory for him/her to make secret key first. However, we need from is equal to find the solution of hyperelliptic-curve discrete logarithm problem that can be infeasible for the attacker.

5.4. Unforgeability of Signature

In the proposed scheme, generate a signature as and send this signature to through unsecure network. If the attacker tries to make a forge signature, then it will be completely failed because and are the two unknown value so that finding two unknown variables from the same equation is infeasible.

5.5. Forward Secrecy

In the proposed scheme, the secret key is renewed for every session so that if the attacker gets access to the previously communicated messages secret key, then it will not be able to extract the content of a currently dispatched message.

5.6. Secrete Key Leakage

When the attacker wants to generate the secret key as , then it needs from so that it will be completely failed because and are the two unknown values so that finding two unknown variables from the same equation is infeasible.

5.7. Identity Authentication

In the proposed scheme, can encrypt and generate a hash value as ; then, send and to . When received , it can compute and then compare ; if it is equal, then the identities are not modified. So, in our scheme, we provide the identity authentication in this way.

6. Computational Cost Comparison

The computational cost is the key component in measuring the cryptographic scheme’s performance. Here, we start by defining the notation for the time overhead of some cryptographic operations in the proposed scheme and other schemes that are Ali et al. [24], Zhong et al. [25], Cui et al. [26], and Yao et al. [23]. For this purpose, we then explain that , Tƿ, Tɱƿ-ƿ, Tɱƿ-ECC, and Tɱʈƿ can denote consuming time for a hash function, pairing operation, multiplication over pairing, multiplication over an elliptic curve, and map-to-point operation, respectively. Furthermore, according to [2729], , Tƿ, Tɱƿ-ƿ, Tɱƿ-ECC, and Tɱʈƿ consume 0.7, 22.4, 3.1, 12.4, and 30.6, respectively. So, Tables 2 and 3 and Figure 3 are witnessed that the proposed scheme required fewer computational costs in the comparisons of Ali et al. [24], Zhong et al. [25], Cui et al. [26], and Yao et al. [23].

7. Communication Overhead

This section compares the proposed scheme’s communication overhead efficiencies to those of Ali et al. [24], Zhong et al. [25], Cui et al. [26], and Yao et al. [23]. This comparison is based on extra parameters sent with the message, which are |T|, |G|, |q|, and |n|, which represent the current timestamp size, bilinear pairing parameter size, elliptic-curve point size, and hyperelliptic-curve divisor size, respectively. We assume |M| = 1200 bits, |T| = 34 bits, |G| = 1024 bits, |q| = 160 bits, and |n| = 80 bits, and we have performed a comparative analysis in Table 4 using these assumed values, which include the extra parameters along with the message in design and Ali et al. [24], Zhong et al. [25], Cui et al. [26], and Yao et al. [23] schemes. We can conclude from Table 3 and Figure 4 that our proposed strategy clearly outperforms the other four designs in both characteristics.

8. Conclusion

This study proposed a low-cost, privacy-preserving authentication and key management strategy for the IoV ecosystem. The proposed solution makes use of the HECC mathematical concept. In terms of computation and communication costs, the proposed scheme is more cost-effective than existing privacy-preserving authentication solutions. Mutual authentication, anonymity, identity confidentiality, signature unforgeability, forward secrecy, secret key leakage, and identity authentication are among the security properties offered by the proposed approach. As a consequence, because the HECC has fewer parameters and delivers the same level of security as the elliptic curve and RSA, the proposed scheme may be a better alternative for IoV system.

Data Availability

All the data are used to support the findings of the study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest regarding the present study.