IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 67, NO.
9, SEPTEMBER 2018
Decentralized and Scalable Privacy-Preserving
Authentication Scheme in VANETs
Shrikant Tangade , Member, IEEE, Sunilkumar S. Manvi , Senior Member, IEEE,
and Pascal Lorenz , Senior Member, IEEE
Abstract—Existing authentication schemes are based on either
symmetric or asymmetric cryptography such as public-key
infrastructure (PKI). These PKI-based authentication schemes
are highly recommended to address the security challenges in
VANETs. However, they have certain shortcomings such as: 1) lack
of privacy-preservation due to revealing of vehicle identity and
broadcasting of safety-message and 2) lengthy certificates leading
to communication and computation overheads. The symmetric
cryptography based schemes on the other hand are faster because
they use a single secret key and are very simple; however, it does not
ensure nonrepudiation. In this paper, we present a decentralized
and scalable privacy-preserving authentication (DSPA) scheme for
secure vehicular ad hoc networks. The proposed scheme employs
a hybrid cryptography. In DSPA, the asymmetric identity-based
(ID-based) cryptography and the symmetric hash message authen-
tication code (HMAC) based authentication are adopted during
vehicle to infrastructure and vehicle to vehicle communications,
respectively. Extensive simulations are conducted to validate the
proposed DSPA scheme by comparing the existing works based on
PKI, ID-based, group signature, batch verification, and HMAC.
The performance analysis showed that DSPA is more efficient,
decentralized, scalable, and also a privacy-preserving secured
scheme than the existing authentication schemes.
Index Terms—Security, public key infrastructure (PKI),
identity-based (ID-based) cryptography, hybrid cryptography,
vehicular ad hoc networks (VANETs).
I. INTRODUCTION
HE vehicular ad hoc network (VANET) is a class of the
T mobile ad-hoc network (MANET). It is a self-configuring,
dynamic, and infrastructure-less network [1]. The VANETs have
attracted significant attention in both academia and industry. In
VANETs, vehicles are nodes, which are embedded with On-
Board Units (OBUs) devices, it enables Vehicle to Infrastructure
(V2I) and Vehicle to Vehicle (V2V) wireless communications by
making use of Dedicated Short Range Communication (DSRC)
protocol standard. These OBU and DRSC protocol together
Manuscript received December 15, 2017; revised April 14, 2018; accepted
May 16, 2018. Date of publication May 23, 2018; date of current version
September 17, 2018. The review of this paper was coordinated by Prof. J. Liu.
(Corresponding author: Shrikant Tangade.)
S. Tangade is with the Department of Electronics and Communication
Engineering, REVA Institute of Technology and Management, Bengaluru
560064, India (e-mail:,shrikantstangade@reva.edu.in).
S. S. Manvi is with the School of Computing and Information Technology,
REVA University, Bengaluru 560064, India (e-mail:,ssmanvi@reva.edu.in).
P. Lorenz is with the University of Haute-Alsace, Colmar 68008, France
(e-mail:,lorenz@ieee.org).
Digital Object Identifier 10.1109/TVT.2018.2839979
0018-9545 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
8647
enables each vehicle to communicate with its neighboring vehi-
cles and fixed devices located at roadside known as Road Side
Units (RSUs) [2]–[5].
The main objective of VANET is to provide safety to vehicle
passengers by broadcasting safety messages between vehicles
and these safety messages comprise life critical information.
Efficient multi-hop routing protocols are needed for scaling and
efficient deployment of safety-related applications in VANET
[6]. The routing protocols must perform better interms of packet
delivery ratio and delays. The discussion of routing is not in the
scoope of this paper.
According to the DSRC, each vehicle periodically broadcasts
safety messages every 100–300 milliseconds about road safety
warnings and road traffic conditions [7], [8]. Since, safety mes-
sages are broadcasted through an open wireless medium, it is
vulnerable to diverse kinds of security attacks such as imper-
sonation, modification, identity-disclosure, Sybil attacks and so
on. Therefore our primary objective is to address these security
issues by providing security before we put VANET application
scenarios into practice [9]. Security can be achieved by provid-
ing primary security requirements, such as: node authentication,
message integrity, and non-repudiation.
In VANETs, due to the wireless broadcast communication
mode, adversaries can control wireless communication channels
fairly effortlessly. Adversaries can modify, intercept, delete, and
replay messages broadcasted in VANETs very easily. For exam-
ple, an adversary vehicle can turn the traffic red light to green
light so that other vehicles are forced to make way for his vehi-
cle to pass. Hence, the security of safety-messages in VANETs
is very essential [10], [11]. In VANETs, another key issue is ve-
hicle privacy [11]–[15]. For many safety applications, a vehicle
sends out a safety message which comprises of information such
as, identity (ID), location, speed, etc. to its neighbour vehicles
or RSUs in plaintext. The adversary can capture these vehicle’s
messages, and he could trace the traveling routes of vehicle and
track the driver’s private information, which leads to serious
effects. Therefore, anonymity and conditional privacy must be
provided in VANETs to address this privacy issue. This ensures,
only the trusted authority can extract the real identity of vehicle
from the safety message [16].
A. Problem Statement
The objective of this paper is to design a privacy preser-
vation scheme in VANET that performs the following: node
authentication, message authentication, non-repudiation, real-
time processing, decentralized operation, scalability, privacy,
and reduced overheads. The scheme employs ID-based cryp-
tography and hash message authentication code (HMAC) to
achieve the objectives.
8648 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 67, NO. 9, SEPTEMBER 2018
B. Our Contributions
The major contributions of this paper are summarized as
follows.
r Firstly, we propose a new hybrid cryptography based DSPA
scheme for VANETs. In DSPA, the asymmetric ID-based
cryptography and the symmetric HMAC based authentica-
tion are adopted to improve performance.
r Secondly, we perform a security analysis to prove that the
proposed DSPA scheme could satisfy privacy and security
requirements in VANETs.
r Finally, we present performance analysis of the communi-
cation cost and the computation cost to demonstrate that
the proposed DSPA scheme provides greater performance
than formerly proposed schemes for VANETs.
C. Organization of the Paper
The related work is discussed in Section II. Section III in-
troduces background information like system architecture, de-
sign goals, security and privacy requirements. The Section IV
describes proposed DSPA authentication scheme. Section V
provides the both security and performance analysis. Finally,
this paper is summarized with conclusion and future work in
Section VI.
II. RELATED WORKS
Many existing techniques are available in the literature for
providing authentication in the VANET. Among the various ex-
isting techniques, Johnson et al. [15] proposed an Elliptic Curve
Digital Signature Algorithm (ECDSA). It uses an asymmetric
key pair, a private key and a public key. Here, both the pub-
lic and the private keys are used for user authentication. The
possible two attacks in this method are the attacks on Elliptic
Curve Discrete Logarithmic Problem (ECDLP) and the attacks
on the hash function. Raya and Hubaux [16] proposed a scheme,
which makes use of anonymous certificates based on PKI. It re-
quires exhaustive search in Certificate Revocation Lists (CRLs)
because of the large number of stored certificates.
Syamsuddin et al. [17] presented a comparison of different
RFID authentication schemes, which employed the hash chain
method. All these schemes fail to propose an integrated ap-
proach to provide the authentication as well as confidentiality
services in VANET. Perrig et al. [18] presented a timed efficient
stream loss-tolerant authentication (TESLA) protocol, which
uses symmetric keys. Since the symmetric key systems are sig-
nificantly faster than signatures, the Denial of Service (DoS)
attack is averted in this system. However, symmetric key-based
schemes do not provide authentication with non-repudiation.
Thus, the digital signatures provide a best way for providing
authentication with non-repudiation.
Guo et al. [19] presented a group signature based technique,
which is a favorable security scheme with privacy preservation
in VANETs. Only one group public key is linked with private
keys of various groups. Therefore, an attacker cannot trace the
route of the sender of the message. Lin et al. [20] proposed
a time-efficient and secure vehicular communications (TSVC)
scheme, which authenticates a sequence of messages. Due to
its fast MAC verification, this scheme considerably reduces the
message loss ratio. However, in large scale networks, it is nec-
essary for a vehicle to broadcast its hash chain much more
frequently to neighbors and hence the message loss ratio could
increase.
Fig. 1. VANET system architecture based on cellular network.
Freudiger et al. [21] proposed a scheme with location privacy
by making use of the cryptographic MIX-zone. Sampigethava
et al. [22] also presented a scheme which used group navigation
of vehicles to ensure location privacy. These schemes [21], [22]
made use of a digital signature or asymmetric cryptography,
which results in long authentication latency, high computation
costs, and a large storage space. Zhang et al. [23] presented
RSU-aided messages authentication scheme (RAISE) to min-
imize the signature cost by making use of the symmetric key
HMAC based message signature, instead of a PKI based signa-
ture. However, the key agreement process and the extra ID-Key
table maintenance leads to a high computation and storage costs
in RAISE. Therefore, there is need for low computation and
storage costs authentication schemes in VANETs.
The IEEE Trial-Use Standard [24] adopted conventional PKI
to achieve the security in VANET. However, it needs a large
storage capacity to store keys and the corresponding certificates,
which inturn leads to message verification delay. Xiaoyan et al.
[25], and Nai-Wei et al. [26] presented group signature and ID-
based signature schemes to provide privacy preservation and re-
duced overheads. Bayat et al. [27], Boneh et al. [28], and Horng
et al. [29] proposed batch verification based schemes, which
reduced the signature verification time. We used the schemes
given in [24]–[29] for comparision with our proposed scheme,
since they employ ID-based signature and HMAC.
III. BACKGROUND
Before we introduce proposed authentication scheme, we are
presenting system architecture model, and basic security with
privacy requirements.
A. System Architecture
In this paper, we propose a VANET system architecture
model, which is based on cellular networks as shown in Fig. 1.
The entire network model is considered as a two-layer model.
The top layer consists of Trusted Authority (TA), we call it
as Master TA (MTA) and it is the root of the system. Agents
of Trusted Authority (ATA), act as a low level TA. These top
layer components communicate with each other through a se-
cured wired/wireless channel. The bottom layer consists of
TANGADE et al.: DECENTRALIZED AND SCALABLE PRIVACY-PRESERVING AUTHENTICATION SCHEME IN VANETS 8649

components, RSUs and OBUs; these components communi- TABLE I

cate with each other through the DSRC protocol standard. The NOTATIONS AND DESCRIPTION
detailed description of MTA, ATA, RSUs, and OBUs are as
follows.
r TA: It is assumed to be highly trusted and powerful com-
ponent in the network, hence it is called as MTA. It has
enough computation and memory capacity. The main re-
sponsibility of MTA is to generate master private, public,
and secrete keys. MTA also generates private and public
keys of ATAs, and vehicles. It maintains a Master Cer-
tificate Revocation List (MCRL), which comprises of all
revoked vehicles list.
r ATA: It generates RSU’s private and public key pair. ATA
also uploads system parameters into newly registered RSU,
they are: master secrete-key, master public-key, and public-
key of ATA itself. It maintains a slave CRL (SCRL).
r RSUs: These are densely deployed along the roadside and
each BST covers set of RSUs. These RSUs perform pre-
authentication of vehicles with the help of ATA during V2I
communication.
r OBUs: Using OBU, each vehicle communicates to RSU
(V2I) or other vehicles (V2V) within the DSRC range.
In V2I communication, each vehicle pre-authenticates by
RSU and during V2V communication, broadcasts safety
messages.

B. Security and Privacy Requirements

In VANETs, both security and privacy are essential for se-
cure communications [30], [31]. Before we identify security
requirements, we should first discuss the security threats.
Raya et al. [16] identified four groups of attackers based on
their behavior, they are (i) insider Vs outsider attackers, (ii)
active Vs passive attackers, and (iii) malicious Vs rational at-
tackers, and (iv) local Vs extended attackers. The main objective
of these attackers is to get personal benefits by injecting vari-
ous security threats. The most common basic security threats in
VANET are summarised as follows [32], [33].
r Impersonation attack: In this attack, an adversary pretends
to be another authenticated vehicle in the VANET.
r Sybil attack: The adversary acts as multiple identities (IDs)
at the same time. In this attack, an adversary broadcasts
large number of bogus messages with different IDs.
r Message modification attack: In this attack, an adversary
may edit the content of broadcast messages.
r Message replay attack: In this attack, the adversary resends
or delays the message to disturb the traffic or to create an
illusion of accidents.
r Bogus information attack: This attack occurs when the
adversary injects fake data in broadcast messages.
r Identity (ID) discloser attack: In this attack, the adversary
extracts the real ID details of vehicle.
r Denial of service (DoS) attack: This attack occurs when the
adversary broadcasts bogus messages in order to interrupt
network services by bringing down the network.
The security and privacy are primary goal to provide secure
communications in VANETs. The recent survey on security and
privacy points out the following primary security requirements
with conditional privacy preservation [34], [35].
r Source authentication: The authentication is the first line
of defense against outsider attacks. It ensures whether the
senders are legitimate nodes or not.
r Message integrity: It ensures that messages sent by legiti-
mate nodes are indeed received without being modified or
forged.
r Identity privacy preservation: The real identity of a vehicle
must be kept anonymous during V2V and V2I communi-
cations. This is achieved by using pseudo identities.
r Traceability: When vehicle sends malicious message for its
personal benefits or to mislead other vehicles, the trusted
authority can extract the real identity of the malicious ve-
hicle.
r Unlinkability: It ensures that malicious vehicles never link
multiple messages sent by the particular vehicle and hence
cannot trace the sending vehicle.
IV. THE PROPOSED DSPA SCHEME
In this section, we propose a hybrid cryptography based DSPA
scheme. It employs an identity-based (ID-based) cryptography
[36]–[38] and symmetric HMAC. The proposed scheme has
three phases, Phase-I: system initialization, Phase-II: V2I pre-
authentication and Phase-III: V2V authentication. The notations
used in this paper are listed in Table I.
A. Phase-I: System Initialization
In Phase-I, the primary four components of VANET are ini-
tialized with system parameters before they take part in VANET
8650
communications. These are: (i) Master TA Initialization, (ii)
Agent TA Initialization, (iii) RSU Initialization, and (iv) Vehi-
cle Initialization. The detailed initialization process is discussed
in following sections.
1) Master TA Initialization: The Master TA executes the
following steps.
r Master TA (MTA) generates master private and public
keys: { mPrk, mPuk }. The mPrk key is used to gener-
ate private keys for ATAs, RSUs, and vehicles. It is only
known to MTA. The mPuk key is made public and it is used
to generate public keys for ATAs, RSUs, and vehicles.
r It also generates master secrete key { mSrk } as given in
Eq. (1).
mSrK := KeyGen(RIDTA , mP rK, T S)
r This mSrk key is used during V2V authentication and also
for generating unique secrete keys for each ATA during
their registration. The mSrk changes after every 24 Hrs.
r The mPrk key will be kept secret with MTA and { mPuk,
mSrk, & SrKA i } keys are uploaded into each ATA, RSU,
and vehicles during their registration with MTA.
r The MTA maintains three separate databases for registered
ATAs, RSUs, and vehicles.
r The MTA parameters after initialization are:
MTA_Parameters: [mPrK, mPuK, mSrK, & SrKA i ]
2) Agent TA Initialization: Before ATA takes part in
VANET, it must be registered with MTA as follows:
r Each ATA registers with MTA with its real identity RIDA i
r ATA’s private and public key pair {P rKA i , P uKA i } are
generated by MTA using { RIDA i , mPrK, and mPuK } as
given in Eqs. (2) and (3).
P rKAi := KeyGen1(RIDAi , mP rK)
P uKAi := KeyGen2(P rKAi , mP uK)
r MTA then generates unique secrete key for registered
ATAi as given in Eq. (4).
SrKAi := KeyGen(RIDAi , mP rK, mSrK)
r The MTA updates its database of ATA with details of newly
registered ATAi as given in Eq. (5).
M T A DB AT A
:= {RIDAi , P rK Ai , P uK Ai , &SrK Ai }
r At the same time MTA uploads these parameters {P rKA i ,
B. Phase-II: V2I Pre-Authentication
P uKA i , SrKA i , mPuK, & mSrK} into the newly regis-
tered ATA Ai. Hence, ATA-parameters after registration
are:
Ai_Parameters: [RIDA i , P rKA i , P uKA i , SrKA i ,
mPuK, & mSrK].
3) RSU Initialization:
r Each RSU within BTS coverage area must register with
ATA of its BTS and MTA using its real identity RID .
r RSU’s private and public key pair (P rKR , P uKR )R are
generated by ATA using RIDR , P rKA , and P uKA as
given in Eqs. (6) and (7).
P rKR := KeyGen3(RIDR , P rKA )
P uKR := KeyGen4(P rKR , P uKA )
r The ATA shares details of registered RSU to MTA through
trusted wired/wireless channel. Then, both ATA and MTA
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 67, NO. 9, SEPTEMBER 2018
update their database of RSU with newly registered RSU’s
details as given in Eqs. (8) and (9).
AT A DB RSU := {RIDR , P rKR , P uKR } (8)
M T A DB RSU := {RIDA , RIDR , P rKR , P uKR }
(9)
r At the same time, ATA uploads parameters into newly
registered RSU, they are: {P rKR , P uKR , P uKA , mPuK,
and mSrK}. Hence, RSU-parameters after registration with
ATA are:
RSU_Parameters: [RIDR , P rKR , P uKR , mPuK, mSrk].
4) Vehicle Initialization: Before any vehicle takes part in
(1) VANET, it must register with MTA.
r Each vehicle ’V’ registers with MTA with its real identity
RIDV and area code ACodeH m A TA of its home ATA.
r MTA then computes master pseudo-ID mP sIDV of vehi-
cle using RIDV and validity time period V T P m P sI D of
mP sIDV as given in Eq. (10).
mP sIDV := Hash(RIDV ||ACodeHm ATA ||V T Pm PsID)
(10)
r Vehicle’s private and public key pair { P rKV , P uKV }
are generated by MTA using mP sIDV , mPrK, & mPuK
as given in Eqs. (11) and (12).
P rKV := KeyGen5(mP sIDV , mP rK) (11)
P uKV := KeyGen6(P rKV , mP uK) (12)
r The MTA updates its database of vehicle with newly reg-
(2) istered vehicle’s details as given in Eq. (13).
(3) M T A DB V := {RIDV , mP sIDV , V T Pm PsID ,
(13)
P rKV , P uKV , ACodeH m A TA }
(4)
r At the same time, MTA uploads parameters into Tamper
Proof Device (TPD) of newly registered vehicle ’V’, they
are: {P rKV , P uKV , P uKA , SrKA , & mPuK }. Hence,
the ’V’ parameters after registration with MTA are:
V_Parameters: [RIDV , mP sIDV , V T P m P sI D , P rKV ,
P uKV , SrKA , & mPuK].
(5)
In Phase-II, each registered vehicle with MTA must perform
an online registration with nearest ATA by pre-authenticating
through RSU before taking part in V2V communication. The
detailed steps of proposed V2I pre-authentication are discussed
in: Algorithms-1, 2, 3, and 4. The detailed sequence of operation
of Phase-II are depicted in Fig. 2.
C. Phase-III: V2V Authentication
The vehicles which are pre-authenticated in Phase-II can only
(6) take part in V2V communication. Each MTA’s coverage area
(7) forms a group of pre-authenticated vehicles having same mSrK.
The detailed steps of V2V authentication are presented in the
following Algorithm-5. The particular sequence of operation of
Phase-III are depicted in Fig. 3.
TANGADE et al.: DECENTRALIZED AND SCALABLE PRIVACY-PRESERVING AUTHENTICATION SCHEME IN VANETS
Fig. 2. Phase-II V2I Pre-Authentication: Algorithm-1, 2, 3, and 4.
Algorithm 1: V2I Pre-Authentication.
Input: mP sIDV , V T Pm P sI D , SrKA , P rKV , and
P uKV
Output: sP sIDV , V T PsP sI D , mSrK, and V T Pm S r K
1: BEGIN
2: Vehicle generates and broadcasts beacon-signal (BSV )
using Algorothm-2
3: RSU verifies BSV and pre-authenticates vehicle using
Algorithm-3
4: ATA does vehicle registration and it sends back
acknowledgement AckBSV of BSV to authenticated
vehicle using Algorithm-4. The AckBSV contains
sP sIDV , V T PsP sI D , mSrK, and V T Pm S r K ; these
are used during V2V authentication.
5: Authenticated vehicle updates received parameters
sP sIDV , V T PsP sI D , mSrK, and V T Pm S r K
by decrypting AckBSV using its private-key (P rKV )
as shown in Eq. (14).
D(P rKV , AckBSV )
6: END
V. SECURITY AND PERFORMANCE ANALYSIS
A. Security Analysis
We now show that the proposed scheme satisfies the follow-
ing security requirements: (1) node authentication, (2) message
authentication, and (3) privacy protection.
r Node authentication: In phase-II, as discussed in
Algorithm-2, a vehicle V broadcasts BSV to RSUs within
ATAs coverage area. This BSV contains ID-based digital
signature and pseudo-ID mP sIDV instead of real-ID of
the vehicle. The digital signature and the mP sIDV ensure
8651
Algorithm 2: Generation of BSV and Broadcasting.
Input: mP sIDV , V T Pm P sI D , SrKA , P rKV , and
P uKV
Output: HCV , and BSV
1: BEGIN
2: HMAC-Code: Vehicles calculate HCV by using its
mP sIDV , V T Pm P sI D , and P uKV as shown in
Eq. (15).
HCV = HM AC(SrKA , mP sIDV ||V T Pm PsID
(15)
||P uKV )
3: Generation of BSV : Vehicle prepares the BSV by using
its mP sIDV , V T Pm P sI D , HCV , P uKV , and
with its signature as shown in Eq. (16).
BSV = mP sIDV ||V T Pm PsID ||HCV
(16)
||P uKV ||SIGPrKv (HCV )
4: Broadcasting BSV : The vehicle broadcasts BSV for
every 100 ms to nearest RSUs within ATAs coverage
area.
5: END
Algorithm 3: Verification of BSV and Pre-Authentication.
Input: BSV , SrKA , mP sIDV , V T Pm P sI D v , P uKV ,
and HCV
Output: BSV and sending vehicle authenticated or not
1: BEGIN
2: After receiving BSV by RSU, it verifies the integrity of
BSV and also authenticates sending vehicle by
calculating HMAC Code (HC’) using received
mP sIDV , V T Pm P sI D v , and P uKV from BSV and
secrete key SrKA as shown in Eq. (17).
HC  = HM AC(SrKA , mP sIDV ||V T Pm PsIDv ||P uKV )
(17)
3: if HC  == HCV then
4: RSU confirms that received BSV has integrity and
sending vehicle is authenticated with MTA.
5: RSU forwards BSV to its ATA for further
authenticated vehicle registration with it.
6: else if HC  ! = HCV then
7: RSU confirms either received BSV is modified by
attackers or sending vehicle is not authenticated with
(14) MTA.
8: Hence, RSU drops the received BSV and further
reports to MTA through ATA for issuing incentives
for such vehicles.
9: end if
10: END
the node authentication during V2I communication. Sim-
ilarly, in phase-III, as discussed in Algorithm-5, a safety
message contains HMAC code, which is generated by
mSrK. The only pre-authenticated vehicles (in phase-II)
have mSrK. Also signature of a sending vehicle and
tP sIDV are appended with safety message. HMAC, sig-
nature and temporary tP sIDV ensure node authentication
during V2V communication.
8652 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 67, NO. 9, SEPTEMBER 2018
Fig. 3. Phase-III V2V Authentication: Algorithm-5.
Algorithm 4: Sending New Slave sP sIDV and mSrK.
Input: P uKV , sP sIDV , V T PsP sI D v , mSrK, V T Pm S r K ,
mP sIDV
Output: AckBSV
1: BEGIN
2: The ATA selects new temporary ID sP sIDV .
3: The ATA prepares AckBSV for received BSV by
encrypting appended data: sP sIDV , V T PsP sI D v ,
mSrK, V T Pm S r K , and mP sIDV with P uKV of
sending vehicle as shown in Eq. (18).
AckBSV = E(P uKV , sP sIDV ||V T PsPsIDv
(18)
||mSrK||V T Pm SrK ||mP sIDV )
4: ATA then broadcasts AckBSV within its coverage area
through RSUs.
5: END
r Message authentication: The message authentication en-
sures the integrity of received message. This is achieved
by appending HMAC code in safety message during V2V
communication as discussed in Algorithm-5.
r Privacy protection: This is achieved by using pseudo-ID
(tP sIDV /mP sIDV ) for each vehicle. The privacy is pre-
served during both V2I and V2V communication as dis-
cussed in Algorithms 2 and 5.
B. Performance Analysis
The schemes are simulated using network simulator ns-3, traf-
fic simulators SUMO and MOVE to evaluate the performance.
The specification of a computer system used for the simula-
tion are: Intel Core i3-3770, 3.4 GHz, 4 GB RAM, and Linux
operating system.
A two-lane two-way highway with average speed of vehicle,
80 km/h, is considered for simulation. The vehicle communica-
tion range is 300 m and each vehicle broadcast safety-messages
for every 300 ms. Based on [16], a receiving vehicle can hear
maximum up to 120 other vehicles in the duration of 300 ms.
Algorithm 5: V2V Authentication.
Input: MSG, SrKA , mSrK, sP sIDV , mP sIDV ,
P rKV , TS
Output: Saf M sgV
1: BEGIN
2: The sending vehicle creates its own temporary ID
tP sIDV for every Safety-Message Saf M sgV as
shown in Eq. (19).
tP sIDV = HM AC(SrKA , sP sIDV ||mP sIDV ||T S)
(19)
3: The vehicle then prepares and broadcasts the
Safety-Message Saf M sgV as shown in Eq. (20).
Saf M sgV = M SG || HM ACm SrK (M SG)
(20)
||tP sIDV || SIGPrK V (M SG)||T S
4: The receiving vehicle authenticates both the sending
vehicle and the received message integrity by verifying
HMAC-code as given in step 5.
5: The receiving vehicle calculates HMAC-code (HC’)
using the received MSG and mSrK as shown in Eq. (21).
HC  = HM AC(mSrK, M SG) (21)
6: if HC’ == HM ACS r K (MSG) then
7: both vehicle and message are authenticated
successfully. Hence, the receiving vehicle follows the
sender’s safety-message
8: else
9: either message is modified or the sending vehicle is
unauthenticated. Hence, the receiving vehicle drops
the sender’s safety-message.
10: such Saf M sgV is forwarded to ATA & MTA through
RSU for further investigation of the sending vehicle.
11: end if
12: END
The data rate of channel is minimum 6 Mbps and maximum
12 Mbps.
The DSPA scheme is compared with existing schemes [24]–
[29]. The schemes in graphs are denoted as follows: [24] as
a PKI-Certi scheme, [25] as a Xiaoyan’s scheme, [26] as a
ECPP (Efficient Conditional Privacy-preserving) authentication
scheme, [27] as a ID-MAP (identity-based message authentica-
tion using proxy vehicles) scheme, [28] as a BLS scheme, and
[29] as bSPECS scheme. We considered these schemes for the
comparision due to the following reasons. The PKI-Certi scheme
employs certificate based signature. The Xiaoyan’s scheme used
group signature. The ECPP scheme adopted ID-based signature,
and ID-MAP, BLS, and bSPECS employied batch-verification.
The objective is to compare the proposed scheme with schemes
based on PKI, ID-based, group signature, batch verification,
and HMAC and show that the DSPA (hybrid cryptography us-
ing ID-based and HMAC) performs better in terms of security
requirements, overheads, and delays.
The simulation parameters considered are given in Table II.
1) Communication overhead: Communication overhead is
defined as the total number of overhead bytes (i.e., excluding
payload bytes) divided by the total number of bytes in trans-
mission (i.e., payload bytes plus overhead bytes) as shown in
TANGADE et al.: DECENTRALIZED AND SCALABLE PRIVACY-PRESERVING AUTHENTICATION SCHEME IN VANETS
TABLE II
NS-3 SIMULATION PARAMETERS
TABLE III
SIGNED SAFETY-MESSAGE IN PROPOSED DSPA AUTHENTICATION SCHEME
TABLE IV
SIGNED SAFETY-MESSAGE IN ECPP AUTHENTICATION SCHEME
TABLE V
SIGNED SAFETY-MESSAGE IN ID-MAP SCHEME
TABLE VI
SIGNED SAFETY-mePrK V SSAGE IN PKI-CERTI AUTHENTICATION SCHEME
TABLE VII
SIGNED SAFETY-MESSAGE IN XIAOYAN’S AUTHENTICATION SCHEME
TABLE VIII
SIGNED SAFETY-MESSAGE IN BLS AUTHENTICATION SCHEME
Eq. 22.
OverheadBytes
CommunOverhead :=
P ayloadBytes + OverheadBytes
(22)
The signed safety-message format used in the proposed
DSPA, and other schemes ECPP, ID-MAP, PKI-Certi, Xi-
aoyan’s, BLS, and bSPECS are shown in Tables III, IV, V,
VI, VII, VIII, and IX, respectively.
The transmitting bytes in schemes DSPA, ECPP, ID-MAP,
PKI-Certi, Xiaoyan’s, BLS, and bSPECS, are, 161, 172, 191,
248, 256, 213, 451, respectively.
The Fig. 4 shows the relationship between communication
overhead and vehicle density with fixed payload, 67 bytes.
The DSPA has 2.66%, 6.53%, 10.15%, 14.59%, 15.44%, and
26.75% less communication overhead than that of the ECPP,
8653
TABLE IX
SIGNED SAFETY-MESSAGE IN BSPECS AUTHENTICATION SCHEME
Fig. 4. Communication overhead: Payload = 67 bytes.
Fig. 5. Communication overhead: Payload = 50, 100, 150, and 200 bytes.
ID-MAP, BLS, PKI-Certi, Xiaoyan’s, and bSPECS authen-
tication schemes, respectively. DSPA performs better due to
fact that it employied ID-based cryptography for V2I commu-
nication and HMAC for V2V communication. The Fig. 5 shows
the relationship between communication overhead and size of
safety-message payload with fixed vehicle density, 50%. As the
payload increases, the proposed DSPA has still less communi-
cation overhead compared to other schemes. Communication
overheads in DSPA are less, since, the signatures are of smaller
size.
2) Computation overhead: In the proposed DSPA scheme,
as shown in Eq. 20 in Algorithm-5, the HMAC code and digital
signature of sending vehicle are appended with safety-message.
Receiving vehicle verifies only HMAC code to ensure message
integrity and authentication of the sending vehicle. Whereas,
digital signature is verified by ATA for further revocation
of unauthorized vehicles. The safety-message used in ECPP,
bSPECS, Xiaoyan’s, ID-MAP, PKI-Certi, and BLS schemes
take 4.5 ms, 15.6 ms, 16 ms, 18.75 ms, 23 ms, and 25.8 ms for
verification of signatures, respectively. Whereas, in proposed
DSPA scheme, HMAC takes only 4 ms. The Figs. 6 and 7
compare the computation overhead and security processing
8654 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 67, NO. 9, SEPTEMBER 2018
Fig. 6. Computation overhead.
Fig. 7. Security processing delay.
delay. It is observed that the computation overhead and security
processing delay of proposed DSPA scheme is very less as
compared other schemes. The reason for less computation
overhead in DSPA is that symmetric cryptography HMAC is
used for V2V communication.
VI. CONCLUSION AND FUTURE WORK
In this paper, we have proposed a decentralized and scalable
privacy-preserving hybrid cryptography based DSPA scheme
for secure communication in VANETs. The entire communi-
cation network is divided into several domain areas, which are
locally monitored by ATAs. The proposed scheme consists of
three phases, phase-I, where MTA, ATAs, RSUs, and all vehi-
cles registered with system parameters before they take part in
VANETs. The phase-II (V2I), where, vehicles do online reg-
istration with nearest ATA and pre-authenticate with RSUs.
In phase-III (V2V), the vehicle authenticates with other ve-
hicles in VANET. We employed an ID-based cryptography for
pre-authenticating vehicles by RSUs during V2I communica-
tion. Whereas, HMAC is used for vehicle to vehicle authentica-
tion during V2V communication. The simulation results along
with the performance and security analysis show that, the pro-
posed DSPA scheme can significantly reduce communication
and computation overheads. It also provides decentralization,
scalability, and privacy preserverance of vehicles by using PsID.
The proposed scheme performance can be further im-
proved by employing either group signature or batch signature
verification or cooperative message verification along with hy-
brid cryptography based scheme. The group signature provides
privacy and non-traceability of sender vehicles by its anony-
mous authentication property. Further, to speed up the signature
verification progess and to reduce the computation overhead,
batch signature verification and cooperative message verifica-
tion may be used, respectively. The batch verification evaluates
multiple safety messages signatures simultaneously and the co-
operative verification verifies ‘m’ different safety messages sig-
natures simultaneously by cooperative work of neighbouring
vehicles/RSUs. The batch verification and ID-based can be em-
ployied for V2I authentication. V2V authentication can employ
cooperative verification and HMAC.
REFERENCES
[1] D. He, S. Zeadally, B. Xu, and X. Huang, “An efficient identity-based
conditional privacy-preserving authentication scheme for vehicular ad hoc
networks,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 12, pp. 2681–
2691, Dec. 2015.
[2] L. Zhang, Q. Wu, J. Domingo-Ferrer, B. Qin, and C. Hu, “Distributed
aggregate privacy-preserving authentication in VANETs,” IEEE Trans.
Intell. Transp. Syst., vol. 11, no. 10, pp. 1–11, Jun. 2016.
[3] V. Daza, J. Domingo-Ferrer, F. Seb, and A. Viejo, “Trustworthy privacy-
preserving car-generated announcements in vehicular ad hoc networks,”
IEEE Trans. Veh. Technol., vol. 58, no. 4, pp. 1876–1886, May 2009.
[4] F. Qu, Z. Wu, F. Wang, and W. Cho, “A security and privacy review of
VANETs,” IEEE Trans. Intell. Transp. Syst., vol. 16, no. 6, pp. 2958–2996,
Dec. 2015.
[5] S. S. Manvi and S. Tangade, “A survey on authentication schemes in
VANETs for secured communication,” J. Veh. Commun., vol. 9, pp.
19–30, Mar. 2017.
[6] K. Z. Ghafoor, M. A. Mohammed, J. Lloret, K. A. Bakar, and Z. M.
Zainuddin, “Routing protocols in vehicular ad hoc networks: Survey and
research challenges,” Netw. Protocols Algorithms, vol. 5, no. 4, pp. 39–83,
Dec. 2013.
[7] D. Jiang and L. Delgrossi, “IEEE 802.11p: Towards an international stan-
dard for wireless access in vehicular environments,” in Proc. IEEE 68th
Veh. Technol. Conf., 2008, pp. 2036–2040.
[8] Dedicated Short Range Commun, 2015. [Online]. Available:
http://standards.ieee.org/develop/wg/1609WG.html
[9] J. Cui, J. Zhang, H. Zhong, and Y. Xu, “SPACF: A secure privacy-
preserving authentication scheme for VANET with cuckoo filter,” IEEE
Trans. Veh. Technol., vol. 66, no. 11, pp. 10283–10295, Nov. 2017.
[10] 1609.2-2013-IEEE Standard for Wireless Access in Vehicular
Environments-Security Services for Applications and Management Mes-
sages, IEEE Std. 1609, 2013.
[11] W. I. Khedr, “Improved lightweight authentication scheme for IEEE
802.11p vehicle-to-infrastructure communication,” Adhoc Sensor Wire-
less Netw., vol. 31, pp. 227–258, Mar. 2016.
[12] K. Grover, A. Lim, S. Lee, and Q. Yang, “Privacy-enabled probabilistic
verification in broadcast authentication for vehicular networks,” Adhoc
Sensor Wireless Netw., vol. 32, pp. 239–274, Jan. 2016.
[13] S. Tzeng, S. Horng, T. Li, X. Wang, P. Huang, and M. K. Khan, “Enhanc-
ing security and privacy for identity-based batch verification scheme in
VANETs,” IEEE Trans. Veh. Technol., vol. 66, no. 4, pp. 3235–3248, Apr.
2017.
[14] S. Tangade and S. S. Manvi, “Scalable and privacy-preserving authenti-
cation protocol for secure vehicular communications,” in Proc. IEEE Int.
Conf. Adv. Netw. Telecommun. Syst., 2017, pp. 1–6.
[15] D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital
signature algorithm (ECDSA),” Int. J. Inf. Security, vol. 1, no. 1, pp. 36–
63, Aug. 2001.
[16] M. Raya and J. Hubaux, “Securing vehicular ad hoc networks,” J. Comput.
Security, vol. 15, no. 1, pp. 39–68, Jan. 2007.
[17] I. Syamsuddin, T. Dillon, E. Chang, and S. Han, “A survey of RFID
authentication protocols based on hash chain method,” in Proc. 3rd Int.
Conf. Convergence Hybrid Inf. Technol., 2008, pp. 559–564.
[18] A. Perrig, R. Canetti, J. D. Tygar, and D. Song, “The TESLA broadcast
authentication protocol,” RSA Cryptobytes, vol. 5, no. 2, pp. 2–13, Aug.
2002.
[19] J. Guo, J. P. Baugh, and S. Wang, “A group signature based secure and
privacy preserving vehicular communication framework,” in Proc. IEEE
Mobile Netw. Veh. Environ., Anchorage, AK, USA, 2007, pp. 103–108.
[20] X. Lin et al., “TSVC: Timed efficient and secure vehicular communica-
tions with privacy preserving,” IEEE Trans. Wireless Commun., vol. 7,
no. 12, pp. 4987–4998, Dec. 2008.
TANGADE et al.: DECENTRALIZED AND SCALABLE PRIVACY-PRESERVING AUTHENTICATION SCHEME IN VANETS
[21] J. Freudiger, M. Raya, and M. Feleghhazi, “Mix zones for location privacy
in vehicular networks,” in Proc. 1st Int. Workshop Wireless Netw. Intell.
Transp. Syst., 2007, pp. 1–7.
[22] K. Sampigethaya, M. Li, L. Huang, and R. Poovendran, “AMOEBA: Ro-
bust location privacy scheme for VANET,” IEEE J. Sel. Areas Commun.,
vol. 25, no. 8, pp. 1569–1589, Oct. 2007.
[23] C. Zhang, X. Lin, R. Lu, and P. H. Ho, “RAISE: An efficient RSU-aided
message authentication scheme in vehicular communication networks,” in
Proc. IEEE Int. Conf. Commun., 2008, pp. 1451–1457.
[24] IEEE Trial-Use Standard for Wireless Access in Vehicular Environments
(WAVE)-Security Services for Applications and Management Messages,
IEEE Std. 1609.2, Jul. 2006.
[25] X. Zhu, S. Jiang, L. Wang, and H. Li, “Efficient privacy-preserving au-
thentication for vehicular ad hoc networks,” IEEE Trans. Veh. Technol.,
vol. 63, no. 2, pp. 907–919, Feb. 2014.
[26] N. Lo and J. Tsai, “An efficient conditional privacy-preserving authentica-
tion scheme for vehicular sensor networks without pairings,” IEEE Trans.
Intell. Transp. Syst., vol. 17, no. 5, pp. 1319–1328, May 2016.
[27] M. Bayat, M. Barmshoory, M. Rahimi, and M. R. Aref, “A secure au-
thentication scheme for VANETs with batch verification,” Wireless Netw.,
vol. 21, no. 5, pp. 1733–1743, 2015.
[28] D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the Weil
pairing,” J. Cryptology, vol. 17, no. 4, pp. 297–319, Sep. 2004.
[29] S. Horng, S. Tzeng, Y. Pan, and P. Fan, “b-SPECS+: Batch verification
for secure pseudonymous authentication in VANET,” IEEE Trans. Inf.
Forensics Security, vol. 8, no. 11, pp. 1860–1875, Nov. 2013.
[30] W. Sun, J. Liu, and H. Zhang, “When smart wearables meet intelligent ve-
hicles: Challenges and future directions,” IEEE Wireless Commun. Mag.,
vol. 24, no. 3, pp. 58–65, Jun. 2017.
[31] J. Liu, S. Zhang, W. Sun, and Y. Shi, “In-vehicle network attacks and
countermeasures: Challenges and future directions,” IEEE Netw. Mag.,
vol. 31, no. 5, pp. 50–58, Sep. 2017.
[32] A. Dhamgaye and N. Chavhan, “Survey on security challenges in
VANET,” Int. J. Comput. Sci., vol. 2, no. 1, pp. 88–96, 2013.
[33] Z. Lei, W. Qian, A. Solanas, and J. Domingo, “A scalable robust authen-
tication protocol for secure vehicular communications,” IEEE Tran. Veh.
Technol., vol. 59, no. 4, pp. 1606–1617, May 2010.
[34] P. Vijayakumar, M. Azees, A. Kannan, and L. J. Deborah, “Dual authen-
tication and key management techniques for secure data transmission in
vehicular ad hoc networks,” IEEE Trans. Intell. Transp. Syst., vol. 17,
no. 4, pp. 1015–1028, Apr. 2016.
[35] M. Azees, P. Vijayakumar, and L. J. Deborah, “Comprehensive survey on
security services in vehicular ad-hoc networks,” IET Intell. Transp. Syst.,
vol. 10, no. 6, pp. 379–388, Mar. 2016.
[36] A. Shamir, “Identity-based cryptosystems and signature schemes,” in
Proc. Adv. Workshop Theory Appl. Cryptographic Tech., 1984, pp. 47–
53.
[37] H. Yoon, J. H. Cheon, and Y. Kim, “Batch verifications with ID-based
signatures,” in Proc. Int. Conf. Inf. Security Cryptology, 2005, pp. 233–
248.
[38] K. A. Shim, “An ID-based aggregate signature scheme with constant
pairing computations,” J. Syst. Softw., vol. 83, no. 10, pp. 1873–1880, Oct.
2010.
Shrikant Tangade (M’16) received the B.E. degree
in computer science and engineering and the M.Tech.
degree in computer network engineering from
Visvesvaraya Technological University, Belgaum,
India, in 2007 and 2010, respectively. He is currently
working toward the Ph.D. degree in electronics and
communication engineering in the area of Security
in Vehicular Ad Hoc Networks (VANETs). He has
two years of research experience in Indian Institute
of Science, Bangalore, India. He has also six years
of teaching experience. He has selected and attended
“BMW Summer School-2016” at Munich, Germany. He is currently working
as an Assistant Professor with the School of Electronics and Communication
Engineering, REVA University, Bengaluru, India, and he is also the IEEE Stu-
dent Branch Counselor. His research interests include vehicular ad hoc net-
works, wireless sensor networks, and optical networks. He is the recipient of
“Outstanding IEEE Branch Counselor-2017” by IEEE Bangalore Section and
“Outstanding IEEE Branch Counselor and Advisor Award-2017” by IEEE. He
is a member of the IEEE Vehicular Technology Society and the IEEE Computer
Society.
8655
Sunilkumar S. Manvi (SM’11) received the B.E. de-
gree from Karnataka University, Dharwad, India, in
1987, the M.E. degree in electronics from the Uni-
versity of Visweshwariah College of Engineering,
Bangalore, India, in 1993, and the Ph.D degree in
electrical communication engineering, Indian Insti-
tute of Science, Bangalore, India, in 2003. He is cur-
rently working as a Principal Investigator with Wire-
less Information Systems Research Lab, a Principal
with Reva Institute of Technology And Management,
Bengaluru, India, and the Director with the School
of Computing And Information Technology, REVA University, Bangalore,
India. He has experience of around 28 years in research and teaching. He is in-
volved in research of Agent based applications in Multimedia Communications,
Wireless Networks, Wireless Sensor Networks, Vehicle Networks, Grid/Cloud
computing, and E-commerce. He has published 106 papers in national and in-
ternational journals, 160 papers in national and international conferences, and
15 publications as books/book-chapters. As per google scholar, he has 1200
citations (h-index = 20 and i-10index = 40). VGST Karnataka has awarded
best research publication in 2014. He is a Fellow IETE (FIETE, India)and
a Fellow of IE (FIE, India). Some of his publications on Agent Technology,
Multicast Routing in MANETs, Wireless Grids, and Resource Management in
Cloud Computing are among top down loaded articles in Elsevier Journals,
namely Computer Communications, Information Sciences, E-Commerce Re-
search and Applications, and Network and Computer Applications. He has been
technical programme committee member of more than 30 national/international
conferences.
Pascal Lorenz (SM’00) received the M.Sc. and Ph.D.
from the University of Nancy, France, in 1990 and
1994, respectively. Between 1990 and 1995, he was
a Research Engineer with WorldFIP Europe and
Alcatel-Alsthom. Since 1995, he is a Professor with
the University of Haute-Alsace, Colmar, France. He is
the author/coauthor of 3 books, 3 patents, and 200 in-
ternational publications in refereed journals and con-
ferences. His research interests include QoS, wireless
networks, and high-speed networks. He was the Tech-
nical Editor of the IEEE Communications Magazine
Editorial Board (2000–2006), Chair of the Communications Systems Integration
and Modeling Technical Committee (2003–2009), Chair of Vertical Issues in
Communication Systems Technical Committee Cluster (2008–2009), and Chair
of the Communications Software Technical Committee (2008–2010). He has
served as Co-Program Chair of IEEE Wireless Communications and Network-
ing Conference (WCNC)’2012, International Conference on Communications
(ICC)’2004 and 2017, tutorial Chair of Vehicular Technology Conferenc’2013
Spring and WCNC’2010, track Chair of Personal Indoor and Mobile Radio
Communications’2012, symposium Co-Chair at Globecom 2007–2011, ICC
2008–2010, and ICC’2014 and 2016. He has served as Co-Guest Editor for
special issues of IEEE Communications Magazine, Networks Magazine, Wire-
less Communications Magazine, Telecommunications Systems, and LNCS. He
is an Associate Editor of International Journal of Communication Systems
(IJCS-Wiley), Journal on Security and Communication Networks (SCN-Wiley)
and International Journal of Business Data Communications and Networking,
Journal of Network and Computer Applications (JNCA-Elsevier). He is senior
member of IARIA fellow and member of many international program commit-
tees. He has organized many conferences, chaired several technical sessions
and gave tutorials at major international conferences. He was IEEE ComSoc
Distinguished Lecturer Tour during 2013–2014.