Abstract

Communication in VANETs is vulnerable to various types of security attacks since it is constructed based on an open wireless connection. Therefore, a lightweight authentication (LIAU) scheme for vehicle-to-vehicle communication is proposed in this paper. The LIAU scheme requires hash operations and uses cryptographic concepts to transfer messages between vehicles, in order to maintain the required security. Moreover, we made the LIAU scheme lightweight by introducing a small number of variable parameters in order to reduce the storage space. Performance analysis shows that the LIAU scheme is able to resist various types of security attacks and it performs well in terms of communication cost and operation time.

1. Introduction

Recently, vehicular ad hoc networks (VANETs) [1] have been favored by intelligent transportation system (ITS), and it is a part of ITS that aims to provide a safer, coordinated, and smarter mode of transportation. With the help of VANETs, ITS can improve traffic management efficiency and enhance road safety. VANETs use a vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication to obtain traffic and vehicle status information so that traffic accidents can be prevented and dealt in advance. Information among vehicles is exchanged through multihop transmission because V2V communication is based on dedicated short-range communication (DSRC) standard, which includes IEEE 802.11p. The vehicle is connected to the external network through the roadside units (RSUs). Figure 1 shows a typical structure of VANETs.

The primary purpose of deploying VANETs is to improve traffic safety. Transmitting messages efficiently and honestly among vehicles is the key to maintaining traffic safety [2]. However, VANET is in an open and insecure communication environment, which is vulnerable to various security attacks. For example, an attacker forges a road congestion message for his own benefit. The vehicle receiving the message mistakenly thinks that the road ahead is congested, and it makes a detour. So the attacker can seek personal gain.

Therefore, the vehicle needs to verify the received message and authenticate the sender. However, due to the mobility of the vehicles in the VANETs is usually very fast and the communication time among vehicles is short, vehicles need to be certified in a short time.

In addition, the vehicle may receive multiple messages at the same time. In a dense environment, a vehicle may simultaneously receive messages from a dozen or even dozens of other vehicles. Therefore, how to complete the authentication of multiple messages in a short time is an urgent problem.

To address this problem, a lightweight authentication (LIAU) scheme is proposed. The LIAU scheme introduces a simple two-layer model to authenticate V2V communication. It uses a hash function to generate system parameters. These parameters are used to authenticate the communication entities. Performance analysis shows that the proposed LIAU scheme can resist impersonation attack, modification attack, and replay attack. In addition, the LIAU scheme has low communication cost and operation time.

It is easier for attackers to attack the VANETs because it transmits messages via a wireless medium. Once the network has been attacked, transmission delay will be long and the message may have been tampered, even lost [3]. A wrong and tampered message in VANETs may cause traffic congestion or even a traffic accident. Hence, the vehicle must carry on the authentication to the received message, and it should defend various attacks.

For the security of transmitted messages, Vijayakumar et al. [4] proposed a dual authentication and key management (DAKM) strategy. The DAKM strategy uses dual authentication to prevent unauthenticated vehicles from entering VANETs. In addition, the DAKM strategy effectively updates messages. However, it does not protect the location privacy of vehicles.

Chuang and Chen [5] proposed a trust-extended authentication (TEA) strategy to authenticate V2V communication entities. The TEA strategy uses historical trust relationships between vehicles to authenticate communication entities. However, it does not provide a specific way to authenticate messages. So, an internal attack may prevail. Therefore, Kumari et al. [6] proposed an enhanced TEA (E-TEA) strategy. Although E-TEA can defend against internal attacks, it has a long running time and has heavy computational burden.

Li et al. [7] proposed an authentication framework with conditional privacy preservation and nonrepudiation (ACPN). ACPN realizes the nonrepudiation of vehicles through the public key encryption-based pseudonym mechanism. Extendibility is an important feature of ACPN, and it is convenient for other systems. However, the storage cost of ACPN is high. Wang et al. [8] proposed a two-factor lightweight privacy-preserving authentication (TFLIP) strategy. It makes use of the two-factor biological encryption mechanism to authenticate the received messages. But, the security of the TFLIP strategy depends heavily on the system secret keys.

Lee and Lai [9] proposed a secure batch verification with the group testing (SBVGT) scheme to maintain the security of VANETs. However, the scheme can only defend against impersonation attack, but it cannot resist replay attack, and it is not traceable. In addition, Muthumeenakshi et al. [10] proposed a three-party password-based authenticated key exchanged (TPKE) strategy. However, the TPKE strategy does not analyze security attacks during the communication phase. Sun et al. [11] put forward privacy-preserving mutual authentication (PPMA) to resist a DoS attack. The PPMA strategy realizes conditional privacy verification by signature. But, it has high communication costs. Vasudev and Das [12] proposed a lightweight authentication protocol to protect V2V communication from various attacks. However, the authentication protocol has not specified what kind of encryption algorithm is used. In addition, it does not compare its security performance with similar authentication protocol. Ibrahim et al. [13] also emphasized the security of V2V communication and proposed central push-based replication protocol (CPRP) in order to improve the authentication service availability. But it strongly depends on RSUs, which increase the economic cost of deploying RSUs. Malik and Pandey [14] proposed a threat driven authentication approach based on discrete event. It used Petri nets to implement the authentication, which increased communication overhead.

3. System Model

3.1. Network Model

Consider a simple two-layer network model, as shown in Figure 2. Regional authorities (RAs) lie on the top layer, and vehicles are on the ground layer. Assume that RA is the fully trusted manager, and they are distributed authorities. Each authority covers a region. And RA is in charge of generating system parameters, and it is responsible for registering vehicles. The registered vehicles are allowed to enter the network.

All vehicles in the system are equipped with the tamper-proof device (TPD), which is used to store encrypted data, including secret key and pseudonym. However, the parameter of TPD is assigned by RA. At the same time, assume that TPD has the highest security level, which can defend against any attack. In addition, each vehicle is fitted with on-board unit (OBU). Vehicles transmit and receive messages with the help of OBU. In addition, Table 1 shows the main notations and their corresponding meanings.

3.2. Attack Model

Assume that RA has the highest security level and it can defend against any attack. This paper only considers two types of attacks [15]:(1)External attack: this attack refers to that the unregistered vehicle (external) attacks the network system by various means. Such as replay attack, tracking attack, and impersonation attack.(2)Internal attack: internal attack refers to seeking personal gains by releasing false information and disguising the identity of registered vehicles. Internal attacks result from a small number of maliciously registered vehicles.

4. LIAU Scheme

The LIAU scheme aims to achieve lightweight certification of V2V communications so that the communication vehicles are legitimate. In other words, only certificated vehicles are allowed to communicate with other vehicles. The LIAU scheme consists of the initial stage, the registration stage, and the authentication stage.

4.1. Initial Stage

In the LIAU scheme, each RA has a unique identity (ID). RA generates its own private key using a secure single hash function :where is the private key to RA. And represent the ID of RA. is the random number generated by RA.

A MD5 algorithm is one of the most common hash functions [16]. It takes as input a message of arbitrary length and generates as output a 128 bit message digest. The basic principle of the MD5 algorithm is to divide the input message into blocks with 512 bits, and each block is divided into 16 subblocks with 32 bits. After a series of processing, the output consists of four groups with 32 bit. The four groups are cascaded, and a hash value with 128 bits is generated.

MD5, SHA-1, and SHA-2 are one-way hash functions. Compared with SHA-1 and SHA-2, the efficiency of MD5 is more. Under the same conditions, the execution time of MD5 is 0.000007 s [17]. However, the execution time of SHA-1 and SHA-2 algorithms is up to 0.00018 s and 10.150778 s [17], respectively. This is why the MD5 algorithm was chosen for the LIAU scheme.

4.2. Registration Stage

Similarly, each vehicle in the LIAU scheme has a unique ID and secret key. Let represent the ID of the vehicle . Let represent the secret key of the vehicle . Before the vehicle is registered with the system, it will compute the parameters using and , as shown in the following equation:

Then, the vehicle computes the parameter , as shown in the following equation:where the symbol “” represents XOR operation. And and . Finally, the parameter is transmitted toward RA by using the vehicle .

Once received, the RA first generates a random number . Then, the RA computes the parameter :where . Finally, the parameters and are transmitted toward the vehicle . Once received, the vehicle stores these parameters in TPD. And the vehicle forms a parameters set . The entire registration process is shown in Figure 3, when the vehicle gets its own registered parameters , it should make these parameters stored in TPD.

4.3. Authentication Stage
4.3.1. Identity-Oriented Initial Detection

Before communicating with other vehicles, the vehicle first authenticates its identity by itself and can only communicate with other vehicles after completing the authentication stage [12]. The vehicle generates the parameter using its own ID and its secret keys, as shown in equations (2) and (3). The generated parameter will be compared with the parameter stored in TPD. If they are the same, the vehicle succeeds to authenticate. If they are not consistent, the vehicle has to reregister with VS until the authentication succeeds.

Specifically, if the vehicle needs to communicate with other entities, it recalculates the parameter according to equation (3). Specifically speaking, the vehicle computes , , and . Then, the recalculated parameter is compared with parameter stored in TPD. If they are same, the vehicle is authenticated successfully, and it is allowed to communicate with other entities.

It is worth noting that the vehicle certification process is relatively simple, and each vehicle only needs to verify the parameters generated again with the parameters stored in TPD. If so, the vehicle is considered to be registered and authenticated successfully. However, the vehicles that are authenticated does not mean that they are a nonattacker. In fact, the authentication process would only make sense for nonattacking vehicles. These nonattacking vehicles are authenticated to ensure that the parameters acquired during the registration phase are correct.

4.3.2. Control Message-Based Authentication

In order to ensure the security of transmitting data, the communication entity needs to be verified before it is ready to transmit data.

(1) Request Message. Specifically, when the vehicle needs to transmit data to the vehicle , it first sends a request message (Rqst) to the vehicle and records the timestamp sent Rqst. At the same time, the vehicle generates a random number . Then, the vehicle extracts the parameters from TPD, and the value of the parameter is calculated as .

The vehicle makes use of the parameters , and , to compute the secret key of RA, as shown in the following equation:

After that, the vehicle calculates the following parameters:

Finally, the vehicle transmits parameters toward the vehicle , where is the timestamp that transmitted Rqst.

(2) Reply Message. The vehicle first records the timestamp of the received parameters , which is marked as . Then, is compared with that was extracted from .

If is too late, then the following inequality should hold:where is the system parameter. When inequality (9) holds, it means that the received parameters have expired. And the vehicle immediately stops communicating with vehicle . Otherwise, go to the next step. The vehicle recalculated the parameter , which is already generated by the vehicle . The recalculated parameter is given by

Similarly, the vehicle recalculates , as shown in the following equality:

Then, the vehicle extracts Rqst message from , which is given by

After obtaining these parameters, the vehicle calculates two new parameters and , which are given by

Finally, the vehicle transmits the relevant parameters toward the vehicle . Once received, the vehicle sends a reply message to the vehicle . Considering the security of the channel, the reply message is encrypted, which is given by

At last, the vehicle transmits toward the vehicle.

The purpose of this paper is to reduce the operation time of the authentication scheme and make the scheme “lightweight.” The lightweight RC4 algorithm meets the requirements. In essence, RC4 is a variable key-size stream cipher algorithm with high efficiency and good nonlinearity [18]. Compared with similar symmetric encryption algorithms A5 and CRC32, the RC4 algorithm has shorter operation time.

The three phases of RC4 operation are the state initialization, key-scheduling algorithm (KSA), Algoirthm 1, and pseudo random generation algorithm (PGRA), Algoritthm 2. The execution process of RC4 is shown in Figure 4. KSA generates initial 256 bytes permutation state, which is the input of PGRA. And the keystream is generated by using the PRGA.

unsigned char s[256]
 char key[256]
len = strlen (key)
  void RC4_init (unsigned char  s, unsigned char  key)
{int i = 0, int j = 0
unsigned char k[256] = {0};
unsigned char tmp = 0;
 for (i = 0; i < 256; i++) {s[i] = i; k[i] = key[i%len];}
 for (i = 0; i < 256; i++) {j = (j + s[i] + k[i])%256;
           tmp = s[i]; s[i] = s[j]; s[j] = tmp;}
}
unsigned char s[256]
  void RC4_PGRA (unsigned char s, unsigned char  data)
{int i = 0, int j = 0, int t = 0;
unsigned long k = 0;
unsigned char tmp = 0;
 len = strlen (data)
for (k = 0; k < len; k++) {i = (i + 1)%256; j = (j + s[i])%256;
          tmp = s[i]; s[i] = s[j];
          s[j] = tmp;
          t = (s[i] + s[j])%256;
          Data[k] ^ = s[t];}
}

Recall equation (15); the data that need to be encrypted are Reply messages, and the key is . Using Reply and as inputs to RC4, the encrypted can be generated.

(3) Authentication of Communication Entities. By exchanging control packets (Rqst, Reply) between and , they obtain each other’s information. Once receiving , the vehicle first records the time of receiving . And the timestamp is denoted as . Then, the vehicle checks whether inequality is satisfied. If not, the vehicle stops communicating with the vehicle .

When inequality holds, the vehicle will extract Reply from . To extract Reply, the vehicle must calculate correctly and decrypt successfully . Accordingly, the vehicle calculates according to equation (16). Let represent calculated by the vehicle , which is given by

Then, the parameter is used to decrypt and extract successfully Reply, which is given bywhere is the decrypted function. If holds, the vehicle can decrypt and extract . Once properly decrypted, the vehicle considers that the vehicle is secure. And the vehicle would communicate with the vehicle . The entire process is shown in Figure 5.

5. Security Analysis

The formal expression of a security analysis model [19] is used to discuss the security of the LIAU system, aiming to verify that LIAU can resist common security attacks in VANETs.

5.1. Impersonation Attack

If an attacker is interested in other user’s dedicated service, the attacker can impersonate the identity of another user and forge a valid login request. If an attacker can successfully forge, it may have successfully launched an impersonation attack.

In the LIAU scheme, in order to send a valid request, an attacker must forge an unassailable request message . Accordingly, the attacker needs to steal the parameters . However, it is very difficult for the attacker to steal these parameters. Even if, in some cases, the attacker has obtained the secret key of RA, the attacker cannot steal the parameters .

According to equation (8), if the attacker wants to calculate , the attacker must know . To calculate it, the attacker needs to get the parameters. But it is generated by the random parameters. Therefore, it is difficult for an attacker to forge a valid request message.

5.2. Replay Attack

The replay attack refers to attacking the system by resending others’ information packets [20]. When an attacker obtains the information data that are transmitted to the vehicle from the vehicle , then the attacker will transmit the obtained information to the vehicle . In this case, the data is mistakenly sent to the attacker , which is originally transmitted from the vehicle . The attacker then successfully performs the replay attack.

An attacker would launch a replay attack to delay or even stop the response to any request message. If a vehicle receives the request sent by the attacker , it means that the attacker successfully launched the replay attack.

According to the message transmission strategy in Figure 5, the vehicle does not directly transmit the request message but indirectly makes embedding in the parameter . And the transmitted message carries a timestamp. Once receiving , the vehicle first judges whether is satisfied. When not satisfied, the vehicle stops communicating. Therefore, it is difficult for an attacker to delay the request message.

Even if the attacker has received the message that is transmitted by the vehicle from the vehicle , and it has obtained . However, the attacker can only extract data from if it computes correctly. According to equation (13), it can be known that the attacker can only compute correctly if the attacker has known for the relevant parameters of the vehicle , namely, . But, the attacker does not get these parameters simultaneously. So, it is difficult for an attacker to launch a replay attack on the system.

5.3. Tampering Attack

Tampering attack refers to that an attacker tampers other users’ communication data. For an attacker , it may launch a tampering attack if it can change data illegally.

Taking communication between vehicle and vehicle as an example, the defense tampering attack performance of the LIAU scheme is analyzed. Suppose the attacker has tampered the parameters , which are transmitted by the vehicle from the vehicle . This delivers inaccurate data to the vehicle . The vehicle still calculates the relevant parameters using the mistaken parameters, including and , because the vehicle is not aware of the error. In addition, the vehicle encrypts these parameters using . And these parameters are transmitted toward the vehicle .

As shown in Figure 6, the vehicle still recalculated using its original parameters. Then, it checks whether is satisfied. If satisfied, the vehicle does not transmit any data to the vehicle . is surely different with because the parameters are changed by an attacker . Therefore, the LIAU scheme is able to defend against impersonation attacks.

5.4. Comparison of Security Performance

Table 2 lists the performance of the representative authentication scheme mentioned in related work. The performance of defending against impersonation attack, replay attack, and tampering attack is analyzed. These three types of attacks are common in VANETs, and most strategies are resistant to them. Unsurprisingly, the proposed LIAU strategy also has the ability to resist these attacks. This also shows that the LIAU strategy meets the basic security of VANETs.

6. Performance Analysis

This section discusses the communication cost, storage cost, and operation time of the LIAU scheme. The computer parameters used for this performance analysis are as follows: Intel (R) Core (TM) i5-7500 CPU, 3.40 GHz, and RAM 8.00 GB.

6.1. Communication and Storage Costs

Firstly, the communication cost and storage cost of the LIAU scheme are analyzed. The communication cost refers to the communication overhead that results from computing and exchanging the parameters during the V2V communication stage. And the storage cost is the amount of space required to store all parameters. In addition, assume that the hash digest size of SHA-2 is 32 bytes, size of the ID number and the random number are 8 bytes, and size of the timestamp is 4 bytes. Size of bilinear pairings is 128 bytes. Operation of symmetric and asymmetric encryption or decryption requires 64 bytes. Signature operation requires 128 bytes.

Figure 7 shows the communication and storage costs for the LIAU scheme. As can be seen from Figure 7, communication cost and storage cost of the LIAU scheme remain the lowest, compared with ACPN, TFLIP, E-TEA, TPKE, and PPMA. This is in line with the original intention of designing the LIAU strategy, which reduces communication and storage costs.

6.2. Operation Time

Operation time refers to the time that the vehicle has taken to register, authenticate, and communicate. The longer the operation time, the more complex the algorithm is. Different schemes implement different operations. Let represent the time taken to perform a one-way hash operation. Let and be the time taken to execute symmetric encryption and decryption, respectively. Let represent the time taken to execute the signature operation. In addition, and are the time taken to execute the exponential operation and bilinear pairing, respectively. These parameter values are as follows: , , , , , and .

Figure 8 shows the operation time of the LIAU scheme. As can be seen from Figure 8, the operation time of the LIAU scheme is relatively short, compared with that of TFLIP, E-TEA, TPKE, and PPMA schemes. Although the operation time of the ACPN scheme is lower than that of other schemes, its communication cost and storage cost are high. In other words, the operation time of the ACPN scheme is lower at the cost of high communication and storage cost.

7. Conclusion and Future Work

The intermittent nature of V2V communications poses a challenge to authenticate the communication entity and exchanged messages among vehicles. Therefore, a lightweight authentication scheme for V2V communication (LIAU) is proposed. The LIAU scheme only has used the hash operation to maintain the security of the message transmission. And it has introduced a small number of variable parameters in order to reduce the storage space and operation time. Performance analysis shows that the LIAU scheme can resist common security attacks in VANETs.

From the perspective of lightweight authentication, we only have analyzed the performance of the LIAU scheme against replay, tampering, and impersonation attack. In fact, the security issue in VANETs is complex and systematic. There are still many problems to be studied and solved.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was partly supported by the National Natural Science Foundation of China (61772198), Zhejiang Province Soft Science Foundation of China (2019C35006), and Zhejiang Province Basic Public Welfare Research Project (LGN18F030002).