IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO.

2, JUNE 2021 2365

VCom: Secure and Efficient Vehicle-to-Vehicle

Message Communication Protocol
Trupil Limbasiya , Student Member, IEEE, and Debasis Das , Member, IEEE

Abstract—Vehicles are especially capable of exchanging per-

tinent information with nearby vehicles. However, there are
multiple challenges like secure data exchange, fast message
transmission, dynamic topology, and user data protection while
transmitting relevant information between moving vehicles on the
road. Therefore, researchers suggested different vehicle-to-vehicle
(V2V) message communication and verification mechanisms, but
they are vulnerable to crucial security attacks. Furthermore,
the existing V2V communication schemes relatively require high
operational costs for the implementation, taking more time
and computational resources for road safety and traffic data
exchanges. In this article, we propose a secure and efficient V2V
message communication protocol (named as VCom) for vehicle
users using a low-cost function (i.e., SHA-256) while preserving
user anonymity. The security proof and analysis are discussed
for the VCom to confirm its security and user privacy strengths
against different security attributes and attacks. The test-bed
implementation results show that the VCom is comparatively effi-
cient in the computational cost, communication overhead, storage
cost, and energy consumption. Fig. 1. V2V and V2I Message Communications through DSRC on the Road.

Index Terms—Attack, communication protocol, operational

efficiency, security, user anonymity.
I. I NTRODUCTION
OMMUNICATION is one of the most important pillar
C to exchange useful data between two or more entities.
Since data is transferred in a public network, an adversary can
intercept common channel communications, leading to secu-
rity and privacy concerns for users and the communication
system. Therefore, it is imperative to use a reliable message
transmission system for data exchanges [1].
Vehicular ad-hoc network (VANET) is an infrastructure-
less framework to transmit on-road information (i.e., road
condition, traffic, weather, emergency/cooperative messages,
etc.) with nearby on-board-units (OBUs) and road-side-units
(RSUs) using the dedicated short-range communication
Manuscript received February 18, 2020; revised June 2, 2020, September
29, 2020, and November 27, 2020; accepted December 1, 2020. Date of pub-
lication December 4, 2020; date of current version June 10, 2021. This work
was supported by Indian Institute of Technology Jodhpur, India (Grant No.
I/SEED/DDS/20200032). The associate editor coordinating the review of this
article and approving it for publication was Q. Li. (Corresponding author:
Trupil Limbasiya.)
Trupil Limbasiya is with the Department of Computer Science and
Information Systems, Birla Institute of Technology and Science Pilani,
K. K. Birla Goa Campus, Zuarinagar 403726, India (e-mail: limbasiyatrupil
@gmail.com).
Debasis Das is with the Department of Computer Science and Engineering,
Indian Institute of Technology Jodhpur, Jodhpur 342037, India (e-mail:
(DSRC) for Intelligent Transportation Systems (ITS) appli-
cations [2]. RSUs are deployed on the road to share/collect
vital data within its communication range, as vehicle-to-
infrastructure (V2I) communication. An OBU is a vital part
of the vehicle, and it is fixed in a vehicle during the reg-
istration process. Vehicle-to-vehicle (V2V) communication is
practiced to transfer pertinent messages between in-range vehi-
cles. Fig. 1 shows the vehicular data exchange overview in
VANET for V2V and V2I communications. VANET is used
for various ITS applications, such as road safety, driver assis-
tance, location sharing, emergency messages, toll payment,
etc. Therefore, VANET is more useful to vehicle users while
offering road safety and traffic management services [3].
Vehicles exchange relevant information with nearby VANET
devices through DSRC over a common channel. In vehicular
communications, message delay or loss happens due to differ-
ent reasons such as verification overhead, unreliable channel,
and dynamic topology, increasing the message transmission
time in a highly mobile environment. Consequently, vehicle
users may not get crucial information timely while on the
move. Thus, the vehicular communication system should be
designed effectively using low-cost operations to exchange
vital information between moving devices [4], [5].
While exchanging vehicular messages, it is indispensable to
confirm the data correctness and the sender through authen-
tication schemes to protect from illegal data modification or
changes. Otherwise, a malicious user can intercept messages to

[email protected]). perform illegal activities, such as information exposure, mod-
Digital Object Identifier 10.1109/TNSM.2020.3042526 ification, obstruction, delay, and impersonation. Furthermore,
1932-4537 
c 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
2366 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 2, JUNE 2021
it is also essential to preserve user privacy on the road for pro-
tection of personal information and activities [6], [7], [8], [9].
To overcome these security and privacy issues, researchers
proposed various vehicular message verification schemes to
check the authenticity of received messages. However, the
existing message communication schemes are vulnerable to
crucial security threats like Sybil, modification, plain-text,
man-in-the-middle, impersonation, password guessing, and
replay. Thus, an adversary has an opportunity to send bogus
messages on behalf of other legal vehicle users, and thereby,
vehicle users may not get on-time precise information while
driving on the road [10], [11], [12].
Considering the above-discussed points, it is vital to
design secure and privacy-preserving efficient vehicular mes-
sage communication protocol, due to its scope in various
road safety and traffic management applications. Hence,
vehicle users should have a robust V2V message commu-
nication scheme, which efficiently performs all necessary
operations rapidly without compromising security and user
privacy.
Our Contributions: To overcome high operational costs and
security challenges in V2V data exchange, we propose a secure
and efficient V2V message communication protocol (named as
VCom) for better user experience while moving on the road,
and its key insights are as follows.
• VCom: We propose an anonymous secure and efficient
V2V communication protocol using low-cost primitives,
such as SHA-256, bit-wise XOR, and concatenation.
• Security Evaluations: We analyze security and user pri-
vacy strengths of the VCom using (i) security proof based
on the random oracle model (ii) attacks analysis to under-
stand its security robustness against vital attacks (i.e.,
man-in-the-middle, Sybil, modification, illusion, replay,
password guessing, impersonation, and plain-text) and
essential security properties (i.e., authentication, confi-
dentiality, integrity, and user anonymity).
• Implementation Results:We evaluate performance of the
VCom on Intel i5-5200U processor, 8 GB RAM, 2.2 GHz
clock frequency computer machine for different opera-
tional costs, i.e., computation time, energy consumption,
communication overhead, and storage cost. Further, we
compare performance results of the VCom with other
relevant vehicular communication protocols.
This article is structured as follows. Section II discusses
various features and drawbacks of existing relevant vehicu-
lar communication schemes. Section III gives an overview of
vital security attacks, adversary model, challenges, and cur-
rent status on V2V communication schemes. We propose an
effective and secure V2V message communication protocol in
Section IV. We present security evaluations to confirm security
strengths of the VCom based on the formal security proof and
analysis in Section V. The performance results are discussed
and compared with recent relevant communication schemes in
Section VI. We eventually conclude our work in Section VII.
II. R ELATED W ORKS
We discuss existing relevant vehicular communication
schemes to understand their features and drawbacks in
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
VANETs. In 2008, Zhang et al. [15] suggested a novel ring
signature system to offer privacy with less communication
overhead without using certificates. The scheme [15] gener-
ates keys for the ring signature algorithm and then calculates
a ring signature equation. Furthermore, it computes messages
to send it to the receiver, and the recipient checks the original-
ity of the obtained messages. They considered users’ vehicle
identity as a public key, reducing additional costs for other
operations. Moreover, they [15] claimed that their system
achieves integrity, originality, privacy, and decentralization,
but Huang et al. [16] identified that the scheme [15] fails
in message dropping, message overhead, and key mainte-
nance. Therefore, they [16] came up with a key management
and batch authentication scheme for VANETs, but this pro-
tocol requires a very high amount of computation time.
Wen et al. [17] suggested a message authentication system
using the public key concept while considering vehicular
message communications at the physical layer. However, the
protocol design in [17] is not effective in VANETs because it
takes high computation time due to public key concept usage.
Hao et al. [18] discussed on high computational overhead in
the existing vehicular communication systems, and it is unrea-
sonable due to the high mobility nature of vehicles. To reduce
the computation cost, they suggested a cooperative advanced
message verification scheme. After that, Wasef and Shen [19]
proposed an expedite message authentication protocol (EMAP)
to distribute and update a secret key reliably to reduce mes-
sage loss and message delay in VANET using the revocation
checking process based on a keyed hash message authentica-
tion code. However, the protocol design in [19] is not efficient
due to user privacy disruption and high communication cost
in VANET environment. Li et al. [20] suggested an authenti-
cation mechanism to preserve privacy and non-repudiation in
VANETs while satisfying reasonable performance results in
communication overhead and storage cost. Fogue et al. [21]
introduced an advanced message authentication protocol based
on batch verification using the concept of signature generation
and verification for secure message recovery. Furthermore, the
protocol design in [21] enables vehicles to confirm the neigh-
bor vehicle’s position. There is an idea of proxy vehicles in
which if an exceeding number of vehicles is present close to
an RSU temporarily, then an RSU is unable to verify message
signatures (of all these vehicles) reasonably.
Chim et al. [22] discussed the necessity of group com-
munication to know present vehicles in a cluster and convey
messages effectively and securely. They [22] proposed a bi-
linear pairing based system to trace the location of vehicles.
However, this feature is only available to the trusted authority
(TA). Shim [23] suggested an effective conditional privacy-
preserving authentication scheme (CPAS), focusing on batch-
verification. Lee and Lai [24] notified that the system [22]
is susceptible to a replay attack and non-repudiation. To over-
come these deficiencies, they [24] extended the existing frame-
work by including the pseudo-identity formation, message
signature, and confirmation. Researchers ([25] and [26]) iden-
tified that an impersonation attack is possible in [24]’s protocol
design, and they ([25] and [26]) individually proposed a secure
communication scheme concerned on bi-linear mapping. After
that, He et al. [28] perceived that the scheme [26] is not
LIMBASIYA AND DAS: VCom: SECURE AND EFFICIENT VEHICLE-TO-VEHICLE MESSAGE COMMUNICATION PROTOCOL
protected against modification, replay, impersonation, man-
in-the-middle, and stolen verifier attacks. Hence, they [28]
advised an improved mechanism for the vehicular technol-
ogy, but Zhong et al. [29] noticed that the computational
cost is high in [28] and then, they proposed a new enhanced
authentication system for better performance results.
In 2017, Xie et al. [30] suggested an authentication system
based on identity to reduce computational overhead at both
(OBU and RSU) sides. However, they [30] failed to design
a reliable data transmission scheme, which can withstand
fundamental security attacks. Dua et al. [31] suggested a
V2V message communication scheme to offer confidentiality,
integrity, and authenticity while on the move, but it is vulnera-
ble to spoofing and eavesdropping attacks, and it requires more
computational time during the authentication phase. In 2018,
Tangade et al. [32] presented an authentication system for V2V
and V2I communications by using symmetric hash message
authentication code and asymmetric identity-based cryptog-
raphy. However, the system [32] needs to establish multiple
handshakes before sending one message to the receiver.
Consequently, it is a time-consuming process in VANETs.
Recently, Cui et al. [33] suggested a message-verification
method for VANETs to resolve problems of repeated veri-
fication of the same message and failure to identify invalid
messages. However, it requires high computation time, and it
leads to delay during data transmissions.
III. P RELIMINARIES AND P ROBLEM S TATEMENT
While focusing on V2V data exchange, we explain various
security and privacy attacks, adversary model, challenges, and
current status on V2V communication protocols.
A. Security Attacks in V2V Communication
Messages are sent over a public/common channel.
Therefore, it is indispensable to protect crucial information
against various security attacks. We describe some of these
attacks as follows through which an adversary may perform
illegal activities during vehicular communications [13], [14].
• If an adversary can alter transmitted messages without
knowledge of an original sender, and the receiver accepts
modified messages for further usage, then a modification
attack can be applied in the system.
• If an adversary sends bogus data to the receiver using dif-
ferent identities, and the receiver accepts bogus messages,
then the system is weak against a Sybil attack.
• An adversary can capture transferred messages over a
common communication channel, and if s/he can extract
any relevant information from these messages, then a
man-in-the-middle attack is possible.
• If the time-stamp concept is not used in the system, then
attackers can easily apply a replay attack.
• If an adversary can exchange messages with legiti-
mate users on behalf of any legal user without his/her
knowledge, then an impersonation attack is feasible.
• A password guessing attack can be performed if an adver-
sary can decide the correctness of a vehicle user password
using a guessed password in the system.
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
2367
• If vehicle users share personal conversations simply in
a public network, then other individuals can directly get
vital information, resulting in a plain-text attack.
• If an adversary can change information either at a hard-
ware level or during communication, then an illusion
attack is feasible in the communication system.
B. Adversary Model
We describe valid considerations as the adversary’s security
and operational efficiency capabilities to intercept or interrupt
vehicular communications [27], [28], [34], [35].
1) Consider two registered vehicle users (as VI and VJ ),
and they know their private credentials, public param-
eters, and common channel values. If VI can do some
illegal activities by using his/her credentials and public
values to impersonate VJ , then VI is an adversary (A)
for VJ by playing two roles (legal user and adversary).
2) If A has all necessary credentials, and s/he knows the
complete protocol design, then only s/he can calculate
different values (for request/response messages).
3) We consider an equation, P = Q ⊕ R. If A knows Q and
R, then only A can get P. Otherwise, A cannot compute
P, Q, or R if s/he has only one value (Q or R or P).
4) A can guess only one value to get an unknown param-
eter (e.g., random nonce, password, or another relevant
value) at the same time. It means that A can consider
one unknown value as a guessable parameter, but it is
not feasible to guess multiple unknown parameters to
get precise outcome in polynomial time [28], [31], [39].
5) A tamper-proof device (TPD) is a small safe storage
location in an OBU to save secret values. A TPD cannot
be compromised, as it contains a set of sensors to detect
hardware tampering, and if it happens, then all the stored
values are immediately destroyed from its memory [7].
6) Vehicular communications happen over a public com-
munication channel. Thus, an adversary can get all
transmitted messages through a common channel.
C. Challenges in V2V Communication
Communication over mobile devices has been extended
through advanced technologies to improve various smart trans-
portation services. Thus, it has resulted in large networks
while exchanging on-road data with ubiquitous devices. We
frequently practice vehicular communications in various ITS
applications for discrete motives, as discussed earlier, and tech-
nology changes day-by-day to enhance user (drivers and pas-
sengers) experience on the road. Thereby, V2V communication
applications’ main aim is to exchange crucial information
(road safety and traffic management) precisely with nearby
other vehicles within a reasonable time to reduce/stop destruc-
tion in different services.
Vehicular messages are sent via a public channel, and thus,
an adversary can obstruct or interrupt transferred messages for
illegal data access or forgery. Hence, the receiver (i.e., vehicle)
should validate the source and correctness of the obtained mes-
sages before using the information. Furthermore, both vehicles
(sender and receiver) should verify each other to satisfy mutual
2368 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 2, JUNE 2021
authentication in a public environment for data exchanges. In
addition, it is also necessary to preserve user privacy to protect
personal information, previously visited locations, future jour-
neys, and other related activities while exchanging vehicular
messages [8], [9], [10], [12].
Since vehicles are always in a moving situation, it is not
feasible to spend much time on computation during the com-
munication phase. Thus, the computation time plays a vital
role in V2V communication. When the sender transfers mes-
sages to the receiver, the communication protocol requires
memory in bytes (known as communication overhead) to
establish a connection for data exchanges. The communica-
tion overhead is especially expected every time (whenever
the message is sent.). Moreover, the receiver gets multiple
messages from many vehicles, increasing the message verifi-
cation overhead at the receiver OBU. Hence, it is necessary to
improve on-device performance without compromising secu-
rity and user privacy attributes in the vehicular communication
system [15], [28], [33].
Considering the above-discussed points, it is important to
take communication latency, user trust and privacy, attacks
protection, computation cost, and communication overhead
into account while exchanging pertinent information between
vehicles. Consequently, it is required to design the message
communication protocol using fewer operations and low-cost
cryptographic primitives for V2V data exchanges.
D. Current Status on V2V Communication Protocols
Researchers proposed different authentication mechanisms
in [28], [29], [30], [31], [32], and [33] to enhance security
while exchanging crucial information through V2V commu-
nication. However, these schemes are vulnerable to various
attacks, such as Sybil, impersonation, modification, plain-text,
illusion, password guessing, man-in-the-middle, and replay.
Thus, they cannot achieve essential security attributes like
authenticity, confidentiality, and integrity for vehicle users to
prevent from illegal data access and forgery. Besides, these
communication protocols are designed with multiple ellip-
tic curve (EC) small scale multiplication operations, taking
relatively high computational cost, communication overhead,
storage cost, and energy consumption for V2V communica-
tion. Hence, the existing schemes need much time to com-
plete the entire message generation and verification process.
Consequently, recent V2V communication schemes ([28],
[29], [30], [31], [32], and [33]) are not effective for secure
and efficient V2V data exchange to improve user experience
on the road.
To address vital security and operational efficiency prob-
lems in V2V communication, we come up with an effi-
cient and secure communication scheme to exchange relevant
information between vehicles by preserving user anonymity.
IV. T HE P ROPOSED P ROTOCOL : VC OM
We propose a new secure and efficient V2V message
communication scheme (named VCom) by preserving user
anonymity. The VCom consists of mainly three phases as (i)
vehicle registration (ii) V2V message communication, and (iii)
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
Fig. 2. The VCom System Architecture Overview.
TPD update. Initially, a vehicle user should once register with
the vehicle server, and then, s/he can exchange messages with
nearby other registered vehicle users directly. Besides, vehi-
cle users regularly update their TPD through a TPD update
phase to get essential parameters of recently enrolled users.
Fig. 2 illustrates a simple outline of the VCom for vehicle
registration and V2V communication phase.
A. System Overview
We consider that vehicles transmit relevant messages with
nearby vehicles (moving in the same direction) to make better
decision(s) ahead of time while on the move, and the receiver
is within the communication range of the sender. Geographical
location settings are practiced through the Global Positioning
System (GPS) for vehicles’ current position [6], [36].
In VCom, the vehicle server (VS) initially computes the
server secret key, SKID = h(pi ||VSid ||TSSK ) once and
keeps SKID in its secure database. A vehicle user (Vi ) selects
his/her credentials and provides his/her anonymous identity
(AVIDi ) to the manufacturer to get a unique randomly gen-
erated temporary registration code (TRCVi ), where TRCVi
is used to verify Vi ’s legality during the vehicle registra-
tion phase. The manufacturer immediately shares TRCVi and
AVIDi with VS through the Transport Layer Security (TLS)
protocol [20], [33]. Vehicle’s confidential credentials are stored
in a TPD, whereas other normal values are saved in an OBU.
A TPD is a tamper-resistant hardware device with a clock and
its own battery for time synchronization. Time synchroniza-
tion is vital in the communication system to coordinate various
operations, power saving mode, and elimination of transmis-
sion collisions. When vehicles cross RSUs on the road, they
can be reliably resynchronized by an RSU [7], [37], [38]. After
completing the registration process, vehicles can communicate
with nearby OBUs using DSRC for crucial information, but
they should prove their authenticity before exchanging relevant
messages. Fig. 3 shows different operations by OBU and TPD
in the VCom. Different notations are represented in Table I.
B. VCom: Vehicle Registration Phase
All vehicle users should register once with the vehicle server
(VS) through the following steps to become a valid participant
in the VCom, and this procedure is necessary for all users.
During this phase, VS does different computations and saves
some parameters into a TPD and an OBU. After that, TPD
and OBU are installed by VS in a vehicle. The design of the
proposed registration phase is also shown in Table II.
LIMBASIYA AND DAS: VCom: SECURE AND EFFICIENT VEHICLE-TO-VEHICLE MESSAGE COMMUNICATION PROTOCOL
Fig. 3. TPD and OBU Operations in the Proposed Scheme (VCom).
TABLE I
U SED N OTATIONS I NTO THE P ROTOCOL
1) Vi selects his/her VIDi , PWi , qi and gets TRCVi while
providing AVIDi to the manufacturer. Vi computes
AVIDi = h(qi ||VIDi ), RPWi = h(VIDi ||PWi ||qi ),
Ui = RPWi ⊕ TRCVi , Wi = h(RPWi ||AVIDi )
to send {AVIDi , Ui , Wi } to VS over the TLS
protocol [20], [33].
2) VS checks the availability of AVIDi . If it is not found
in the list of existing vehicle users, then VS computes
RPWi = Ui ⊕ TRCVi , Wi = h(RPWi ||AVIDi ), and
?
checks Wi = Wi . If it holds, then VS generates ri
from Zq∗ , where q is a large prime number. Further, VS
calculates Ai = ri ⊕ h(AVIDi ⊕ ri ), Bi = Ai ⊕ RPWi ,
Ci = Ai ⊕ SKID to save SKID , ListAVID , ListSCVV
i ij
into TPDi and Bi , Ci into OBUi . Here, TPDi is a
temper-proof device for a vehicle of Vi ; ListAVID is a
i
list of different AVIDi for all registered vehicle users;
and SCVVij = h(AVIDi ⊕h(pi ||TSSK )⊕AVIDj ). After
that, VS installs TPDi and OBUi into a vehicle securely.
Moreover, VS safely keeps AVIDi and its respective Bi
in its database.
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
2369
TABLE II
R EGISTRATION P HASE IN THE VC OM
3) Vi computes Di = h(VIDi ||PWi ) ⊕ qi , Ci =
h(PWi ||qi ) ⊕ Ci ⊕ Di and removes Ci from OBUi
to save Ci , Di in OBUi .
C. VCom: V2V Message Communication Phase
When a vehicle user (Vj ) is interested in getting relevant
information from another vehicle user (Vi ) or two vehicles
want to exchange pertinent messages, the V2V message com-
munication phase is performed as follows over a common
channel. Here, Vj is a receiver vehicle user (RVj ), who sends
a request message to get pertinent information, and Vi is a
sender vehicle user (SVi ), who sends a response message to
RVj based on a request. It is also presented in Table III.
1) RVj inserts his/her VIDj , PWj , and OBUj cal-
culates qj = Dj ⊕ h(VIDj ||PWj ), RPWj =
h(VIDj ||PWj ||qj ), AVIDj = h(qj ||VIDj ), Aj =
RPWj ⊕ Bj , Cj = Aj ⊕ Dj ⊕ h(PWj ||qj ) ⊕ SKID . If
Cj = Cj , then OBUj computes Pj = AVIDi ⊕ SKID ⊕
sj ⊕ SCVVij and Qj = Mreq ⊕ h(SCVVij ||SKID ) ⊕
h(si ||SCVVij ||T1 ). OBUj sends {AVIDj , Pj , Qj , T1 }
to Vi . Here, Mreq is a requested message by OBUj (on
behalf of RVj ) to SVi .
2) Similarly, SVi inserts his/her VIDi and PWi to calculate
qi = Di ⊕h(VIDi ||PWi ), RPWi = h(VIDi ||PWi ||qi ),
2370 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 2, JUNE 2021

TABLE III
V2V M ESSAGE C OMMUNICATION IN THE VC OM

TABLE IV
Ai = RPWi ⊕Bi , Ci = Ai ⊕h(PWi ||qi )⊕Di ⊕SKID . TPD U PDATE P HASE IN THE VC OM
 ?
OBUi verifies Ci = Ci . If it matches, then OBUi
checks the freshness of {AVIDj , Pj , Qj , T1 } through
T2 − T1 ≤ ΔT1 . If it is valid, OBUi computes
AVIDi = h(qi ||VIDi ) and gets sj = Pj ⊕ AVIDi ⊕
SKID ⊕ SCVVij . OBUi normally receives multiple
request messages from nearby vehicles, increasing the
computation overhead at OBUi . Thus, OBUi computes
the following equation to get sj from received messages
from different vehicle users using the batch verification
concept, minimizing the computation overhead.

n n 
 
sj = AVIDi ⊕ SKID ⊕ Pj ⊕ SCVVij
j =1 j =1

After that, OBUi retrieves 

Mreq =

h(SCVVij ||SKID ) ⊕ h(sj ||SCVVij ||T1 ) ⊕ Qj ,
αi = Mres ⊕ h(sj ||SCVVij ||T1 ) ⊕ AVIDi ⊕ Mreq  ,
and βi = h(Mres ||sj ||T2 ||AVIDj ||SKID ). OBUi sends
{αi , βi , T2 } to RVj via an insecure channel. Here,
Mres is a response message by SVi for Mreq .
3) OBUj checks T3 −T2 ≤ ΔT2 . If valid, then OBUj cal-
culates Mres  = h(s  ||SCV
j Vij ||T1 )⊕αi ⊕AVIDi ⊕Mreq
and βi = h(Mres ||sj ||T2 ||AVIDj ||SKID ). If βi = βi ,
 
then only RVj will consider Mres as a correct response
message for Mreq . In other cases, OBUj discards it
immediately, understanding message interception.
D. VCom: TPD Update Phase
New vehicle users enroll with the vehicle server (VS) daily,
and thus, already registered vehicle users do not have the secret
communication count (SCVVij ) of recently enrolled users.
Therefore, the existing vehicle users update their TPD with
VS as follows, and its process is also displayed in Table IV.
1) RVi inserts his/her VIDi , PWi , and OBUi computes
qi = Di ⊕h(VIDi ||PWi ), RPWi = h(VIDi ||PWi ||qi ),
Ai = RPWi ⊕ Bi , Ci = Ai ⊕ Di ⊕ SKID . OBUi con-
?
firms Ci = Ci . If valid, OBUj calculates AVIDi =

Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
LIMBASIYA AND DAS: VCom: SECURE AND EFFICIENT VEHICLE-TO-VEHICLE MESSAGE COMMUNICATION PROTOCOL
h(qi ||VIDi ), Xi = Bi ⊕ ti ⊕ AVIDi ⊕ SKID , Yi =
h(Xi ||ti ||T4 ||SKID ) and sends {AVIDi , Xi , Yi , T4 }
to VS.
2) VS checks the freshness of {AVIDi , Xi , Yi , T4 } through
ΔT4 . If it is valid, VS computes ti = AVIDi ⊕ SKID ⊕
Xi ⊕ Bi and Yi = h(Xi ||ti ||T4 ||SKID ). VS verifies
Yi with Yi , and if both are equal, VS considers a
valid request from a legitimate vehicle user and updates
its TPDi .
V. S ECURITY E VALUATIONS
We describe security robustness of VCom to understand its
resilience against crucial security and privacy attributes in dif-
ferent circumstances. We firstly illustrate the formal security
proof referring the random oracle model (ROM) [40], and then
discuss security analysis, considering the adversary model (see
Section III-B). The security evaluation is described for regis-
tration, communication, and TPD update phases, considering
integrity, authentication, confidentiality, and user anonymity.
A. Security Proof
We consider the ROM based security model for a game
between an adversary (A) and the challenger (C) to deter-
mine whether A can win a game by tackling the challenge
given by C polynomially for a non-negligible probability or
not. We elucidate the game outline between A and C for vehi-
cle registration, V2V communication, and TPD update phases
(of VCom), as follows. In the constructed game, the VCom is
safe if A has negligible advantage(s) in polynomial time.
Vehicle Registration — Oracle: A sends {AVIDi , Ui , Wi }
to the challenger (C) for a bogus vehicle user registration,
where C is the vehicle server (VS). If C provides valid
{OBUi , TPDi } to an adversary, then only A wins the game.
V2V Communication — Oracle: A sends {AVIDj , Pj , Qj ,
T1 } to C to confirm the correctness of forged parameters,
where C is a sender vehicle (SVi ). If C returns {αi , βi , T2 }
and βi = βi holds at A side, then only A wins the game.
TPD Update — Oracle: A sends {AVIDi , Xi , Yi , T4 } to
C to get updated TPD parameters illegally. Here, C is the
vehicle server (VS). If Yi = Yi holds, then only VS updates
a TPD with new parameters. Otherwise, VS ends the session
immediately.
Definition 1: An adversary (AA ) knows public channel val-
ues (sent during the communication phase), but s/he does not
have access to OBU and TPD parameters. In this case, AA
is an outsider entity in the VCom. Here, AA aims (i) to reg-
ister with VS illegally, (ii) to forge messages, and (iii) to get
updated TPD parameters illegitimately.
Theorem 1: The VCom is protected against AA ’s adaptive
illegal activities under the one-way hash function assumption
polynomially in the random oracle model.
Proof: As per Definition 1, an adversary (AA ) knows
AVIDj , Pj , Qj , αi , βi , Xi , and Yi in the proposed protocol.
Since AA is an outsider entity, s/he is not a legitimate user
in the VCom and thus, AA wants to register with VS illegally.
When AA sends forged {AVIDi , Ui , Wi } to VS, and s/he does
not have correct TRCVi , VS (as the challenger C) checks the
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
2371
availability and legitimacy of AVIDi and Ui through Wi . At
that time, C ends the session immediately due to the failure on
the sent parameters by AA . Hence, AA cannot win the game
for the vehicle registration phase.
AA wants to win the game by forging public channel param-
eters, {AVIDj , Pj , Qj , T1 } and {αi , βi , T2 }. To compute
forged values (Pj and Qj ) and get its response message from
the challenger (C), AA needs SKID , sj , Mreq , AVIDi , and
SCVVij . However, AA cannot succeed to compute Pj and
Qj due to unavailability of SKID , sj , and SCVVij , thereby
sending incorrect parameters to SVi , where C is SVi in this
case. Thus, C sends random response and βi = βi at AA
side, leading to the game loss for message forgery in the
VCom. Similarly, AA wants to forge a response message for
{αi , βi , T2 } (where AA is acting as SVi , and C is RVj ), but
AA cannot compute αi and βi correctly due to unavailability
of SCVVij , Mreq , sj , and AVIDi . Thereby, C does not accept
the received response message, as βi = βi . Hence, AA cannot
win the game to achieve message forgery in the VCom.
If AA is interested to know updated TPD parameters with-
out being a valid user in the VCom, then AA needs Bi , ti ,
SKID , and AVIDi to compute Xi and Yi . AA manages AVIDi
from a common channel and can generate a random nonce (ti ),
but s/he does not know Bi (for AVIDi ) exactly, and it is infea-
sible to calculate Bi precisely without having Ai and RPWi .
Furthermore, AA does not have SKID due to an outsider entity
as per Definition 1. Moreover, VS (as C in this case) verifies
?
Xi through Yi = Yi , where AA fails in this test, leading to
the game loss in the proposed TPD update phase.
Hence, AA cannot win any game for message forgery
(integrity, confidentiality, and authentication) in the VCom.
Definition 2: We consider that an adversary (AB ) is a reg-
istered user in the VCom, having his/her private credentials
and other common parameters. Further, AB can steal OBUj
of another vehicle user (say Vj ), extracting stored values from
this OBU. In this definition, AB plays two roles (a registered
user (say Vk ) and an adversary). The intentions of AB are to
forge messages during V2V communication and know updated
TPD parameters on behalf of Vj .
Theorem 2: The proposed scheme can resist AB ’s adaptive
malicious activities in a polynomial time under the one-way
hash function assumption in the random oracle model.
Proof: We consider that AB (say Vk ) is a valid user in the
VCom, having SKID , Bk , Ck , and Dk . Further, AB steals
OBUi and OBUj (since Vi and Vj are target users as well
as the challenger (C)), getting Bi , Ci , Di , Bj , Cj , and Dj .
Furthermore, AB can capture Pj , AVIDj , T1 , Qj , αi , βi , T2
from a common communication channel.
To forge messages in the VCom as Vk , AB should
encode/decode Pj , Qj , αi , and βi to compute a valid message
request/response (refer Table III). Accordingly, AB should
know AVIDi , SKID , sj , SCVij for necessary computations.
As per the Definition 2, AB knows SKID , but sj , SCVij , and
AVIDi are unknown to AB . Further, it is hard to get these val-
ues because sj is randomly generated number; AVIDi is an
anonymous vehicle user identity, and there are many vehicle
users in the VCom; SCVij is the secret communication count,
2372 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 2, JUNE 2021
which is computed as h(AVIDi ⊕ h(pi ||TSSK ) ⊕ AVIDj ) in
the registration phase, and SCVij is securely saved in TPDi
and TPDj only. Moreover, TPDi and TPDj are tamper-
proof devices, and they cannot be accessed by other users [7].
Therefore, AB cannot compute required parameters for a mes-
sage request/response as per the Definition 2 without having
sj , AVIDi , and SCVij . Consequently, AB cannot win the game
to forge messages in the VCom.
When AB wants to connect with VS (the challenger, C) to
perform the TPD update phase on behalf of Vi , s/he should
know Bi , SKID , ti , and AVIDi to compute a valid request.
Here, AB manages SKID (as being Vk ) and generates ti , but
AB does not know AVIDi (due to many vehicle users) and its
relevant Bi . Moreover, it is hard to get Bi without having Ai
and RPWi . Besides, if AB sends a request (computed with
erroneous parameters), then C rejects the session directly.
While considering AB as an insider, s/he also fails in the
game to perform malicious activities in the VCom.
B. Security Attacks Analysis
We discuss security analysis of the VCom, describing
its security and privacy robustness against various crucial
vehicular communication attacks and user anonymity.
1) Modification: If attackers can alter transmitted
information (Mreq or Mres ), then a modification attack is
feasible in the system. In the VCom, RVj sends a message
request as {AVIDj , Pj , Qj , T1 } to SVi to obtain relevant
information (say response message (Mres ) for Mreq ). SVi
transfers {αi , βi , T2 } to RVj as a response message over
a common channel. Therefore, an adversary (A) knows
AVIDj , Pj , Qj , αi , βi , T1 , T2 .
If A wants to modify Mreq , then s/he should calculate Qj
(for Mreq ). Thus, A requires SCVVij , SKID , sj , AVIDi to cal-
culate Mreq illegally. If we assume that A is a registered
vehicle user, then s/he has SKID . However, it is difficult to get
SCVVij (= h(AVIDi ⊕ h(pi ||TSSK ) ⊕ AVIDj )), and it is only
available into TPDVi and TPDVj . Here, SCVVij is not acces-
sible to others because it is saved in a TPD. Furthermore, A
does not know sj , and it is not feasible to get it without know-
ing SCVVij . Moreover, it is hard to guess sj and SCVVij , as
they are computed using SHA-256. Besides, it is also difficult
to know AVIDi because RVj does not disclose the identity of
SVi . Thus, it is hard to forge Mreq in the VCom.
In another case, A needs Mreq , SCVVij , AVIDi , sj to mod-
ify Mres . However, A does not have Mreq (unable to get it
from Qj ), SCVVij (due to highly complex value), sj (not
known without having essential parameters), and AVIDi (not
disclosed by RVj and SVi ). When RVj gets {αi , βi , T2 }
from SVi , RVj verifies all values (sj , SCVVij , Mreq , AVIDi )
 ?
through βi = βi . Moreover, the time-stamp concept is prac-
ticed in Qj and βi . Thus, an adversary cannot alter the
time-stamp in the computation, as s/he does not have all
required values to compute Qj and βi again. Consequently, A
cannot do change(s) in Mres . Hence, the VCom can withstand
a modification attack.
2) Replay: The main objective of this attack is to delay
transmitted messages (Mreq /Mres ) so A can send it with or
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
without some changes (in Mreq or Mres ) later. Thus, a receiver
cannot get required information timely.
(i) A tries to delay a message request {AVIDj , Pj , Qj , T1 },
then it will be recognized during ΔT1 confirmation at
SVi side. We assume that A holds {AVIDj , Pj , Qj , T1 }
temporary to capture these values. To send delayed
messages, s/he should calculate Pj , Qj again, and for
this, A requires sj , SCVVij , Mreq , AVIDi . We con-
sider that A can generate sj , but s/he does not know
SCVVij (saved in a TPD of respective users only),
Mreq (known to only RVj ), AVIDi (it is difficult to
decide whose identity it is due to multiple vehicles in
the system.). In the VCom, SVi checks the freshness of
{AVIDj , Pj , Qj , T1 } by performing T2 − T1 ≤ ΔT1 .
If the difference between T2 and T1 is beyond ΔT1 ,
then SVi does not accept that message request. Thus, A
fails to delay {AVIDj , Pj , Qj , T1 }.
(ii) Similarly, A can resend {αi , βi , T2 } later with modi-
fied time-stamp T2 only, but RVj identifies the delay
through T3 − T2 ≤ ΔT2 , rejecting the obtained
message directly. Thus, A cannot succeed to apply a
replay attack simply by changing T2 in {αi , βi , T2 }.
In another case, A should compute αi and βi to per-
form a replay attack. However, s/he cannot calculate βi
and αi precisely because A does not have all essen-
tial variables (SKID (in case of a non-registered vehicle
user), SCVVij , Mreq , Mres , sj , AVIDi ). Moreover, RVj
confirms βi after getting from SVi . Hence, A is unable
to apply a replay attack on {αi , βi , T2 }.
Considering above two failure cases for delayed messages
by an attacker, the proposed protocol resists a replay attack.
3) Man-in-the-Middle: If A can extract vital information
(Mreq or Mres ) from sent messages, then s/he succeeds to
apply this attack. There are two cases (request and response
messages) in which A can attempt to reveal some information.
For the first case, we consider that A wants to get Mreq
from {AVIDj , Pj , Qj , T1 }, as s/he can capture these values
from a public channel. Further, A is a registered user in the
VCom and thereby, s/he knows SKID . If A can get Mreq , then
there is a possibility of this attack. To do this, A should know
SCVVij , sj , and SKID . However, A fails to get sj and SCVVij
because sj is a random nonce, and it is hard to get sj exactly
without having essential values. SCVVij is only known to SVi
and RVj (saved in their respective TPD), and it is hard to
guess SCVVij because it is computed using AVIDi , pi , AVIDj ,
and TSSK .
In the second case, A is interested to know Mres (for
Mreq ), and there is only one option to get Mres through
αi = Mres ⊕ h(sj ||SCVVij ||T1 ) ⊕ AVIDi ⊕ Mreq  in

the VCom. Hence, A needs αi , sj , AVIDi , SCVVij , Mreq 
to get Mres from this equation. We assume, αi is
known to A from a common channel, but A is unfamil-
iar to sj , AVIDi , Mreq  , SCV
Vij . Thus, A is unable to
obtain Mres .
Based on above two cases, A cannot get Mres or Mreq .
Thus, the VCom is secure to a man-in-the-middle attack.
LIMBASIYA AND DAS: VCom: SECURE AND EFFICIENT VEHICLE-TO-VEHICLE MESSAGE COMMUNICATION PROTOCOL
4) Impersonation: An authentication system can withstand
against an impersonation attack if A cannot imitate as SVi for
RVj or as RVj for SVi .
A acts as SVi with RVj : A should compute αi
and βi correctly to impersonate SVi so RVj cannot
discard {αi , βi , T2 } (sent by A). In the VCom, βi
and αi are calculated as h(Mres ||sj ||T2 ||AVIDj ||SKID )
and Mres ⊕ h(sj ||SCVVij ||T1 ) ⊕ AVIDi ⊕ Mreq  respec-
tively. Hence, A should know all essential values (i.e.,
Mreq , sj , SKID , AVIDi , SCVVij ) to compute forged αi and
βi with a fresh time-stamp (T2 ). However, A does not
know all these values, as SCVVij is saved in TPDi
and TPDj . A TPD is not accessible to anyone even
though a legitimate vehicle user acts as an adversary [7].
Consequently, A fails to compute forged parameters (which
are to be sent to RVj as a response message for Mreq ).
Further, T2 is practiced in βi , and RVj firstly confirms
the validity of T2 . Therefore, A should re-calculate βi ,
but it is not feasible due to unavailability of required
values. Thus, an adversary cannot perform this attack in
the VCom.
A acts as RVj with SVi : A needs Pj , Qj to send a forged
message request (to SVi ) on behalf of RVj . Considering
Pj = AVIDi ⊕ SKID ⊕ sj ⊕ SCVVij and Qj = Mreq ⊕
SKID ⊕ h(sj ||SCVVij ||T1 ), A should know SCVVij , SKID ,
sj , AVIDi to compute forged Pj and Qj . We consider that
A manages AVIDi and generates sj . However, it is hard to
know SCVVij and SKID . Besides, A cannot simply imper-
sonate a vehicle user by changing T1 because T1 is used in
Qj , and the freshness of T1 is checked at SVi side. Thus,
it is difficult to act as SVi for A. Hence, an adversary can-
not succeed to do an impersonation attack (for both cases) in
the VCom.
5) Plain-Text: A plain-text attack is feasible in the data
transmission scheme if A can understand transferred mes-
sages directly. It means that both (sender and receiver)
exchange vital information without using cryptographic prim-
itives or they transfer information in a simple form over
an insecure channel. To apply this attack, A has two
approaches as (i) A can identify significant data from trans-
ferred messages (over a public channel) (ii) A attempts
to reveal meaningful information after performing necessary
computations.
In the first case, A cannot get vital information from an inse-
cure channel because RVj sends {AVIDj , Pj , Qj , T1 }, and
Mreq is not transmitted simply in the VCom. Similarly, A
cannot perceive Mres from {αi , βi , T2 }. Therefore, A fails to
learn consequential results straight-away.
For the second case, A can retrieve Mreq or Mres if and
only if s/he has all essential values for the computation.
Considering Mreq = Qj ⊕ SKID ⊕ h(sj ||SCVVij ||T1 ) and
Mres = αi ⊕ Mreq ⊕ h(sj ||SCVVij ||T1 ) ⊕ AVIDi , A needs
all these values to get Mres and/or Mreq . Thus, A should know
AVIDi , SKID , sj , and SCVVij to understand Mreq . If A man-
ages SKID and AVIDi circumstantially, then also it is difficult
to get SCVVij (known to only SVi from TPDi and RVj from
TPDj ) and sj (random nonce). Consequently, A cannot get
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
2373
Mres , as Mres = h(sj ||SCVVij ||T1 ) ⊕ αi ⊕ AVIDi ⊕ Mreq .
Hence, the VCom is protected to a plain-text attack.
6) Illusion: This attack is performed for two intentions as
(i) do change(s) in an OBU to send bogus data and (ii) send
false or altered information. This attack is hard to identify, as
it is executed at the hardware level. If A wants to apply an
illusion attack in the VCom, then s/he should compute Pj ,
Qj , αi , and βi . Thus, A should know SCVVij , SKID , Mreq ,
sj , and AVIDi because Pj = AVIDi ⊕ SKID ⊕ sj ⊕ SCVVij ,
Qj = Mreq ⊕ h(SCVVij ||SKID ) ⊕ h(sj ||SCVVij ||T1 ), αi =
Mres ⊕ h(sj ||SCVVij ||T1 ) ⊕ AVIDi ⊕ Mreq  , and β
i =

h(Mres ||sj ||T2 ||AVIDj ||SKID ). Therefore, A should calcu-
late/know these values. Here, sj is a random nonce; SCVVij
is a secret communication count, and it is available to Vi and
Vj only; SKID is the VS secret key; Mreq is a requested mes-
sage; AVIDi is an anonymous vehicle user identity, and the
system consists of multiple vehicle users. However, A cannot
get sj , AVIDi , SCVVij , Mreq , and SKID , as discussed earlier.
Thus, an adversary fails to perform this attack in the VCom.
7) Sybil: It is applied to reduce the receiver’s performance
by sending multiple messages using different identities,
expecting the high verification time and overhead at the
receiver side. Thus, a vehicle may not get vital information
timely. The VCom is designed using low-cost operations (i.e.,
SHA-256, bit-wise XOR, and concatenation), taking very less
computation time comparatively. If A attempts to perform
a Sybil attack in the VCom, then also the receiver quickly
checks its legality, and it directly discards received messages
if invalid. Hence, the VCom can withstand a Sybil attack.
8) Password Guessing: If an adversary can decide that a
guessed password (PWi ) is whether correct or not, then a
password guessing attack is applicable in the scheme. In the
VCom, a user password (PWi ) is used in the computation
of RPWi , Di (directly) and Bi , Ci (indirectly). Thus, A has
mainly two ways to confirm the correctness of PWi based on
RPWi [ = h(VIDi ||PWi ||qi )] and Di [ = h(VIDi ||PWi ) ⊕ qi ]
in the VCom. In both cases (RPWi and Di ), A can check
the exactness of PWi , but s/he also requires VIDi and qi .
However, s/he does not know qi and VIDi in addition to
PWi . Furthermore, it is not feasible to guess all these val-
ues at the same to get the correct outcome in polynomial
time [28], [31], [39]. Moreover, A cannot get any meaning-
ful result from Bi and Ci without having RPWi and Di . For
these reasons, the VCom resists a password guessing attack.
9) User Anonymity: Vehicle users are not interested in dis-
closing their private information, such as user identity and
relevant parameters to disclose his/her activities and confiden-
tial messages. If A can get private information of a registered
vehicle user, then the communication system does not achieve
user anonymity for the benefits of vehicle users. In the VCom,
sender and receiver exchange AVIDj , Pj , Qj , αi , and βi for
V2V communication. All these values are computed using
SHA-256. Thus, it is not feasible to reveal any information
from these computed values due to its irreversible property.
The vehicle user identity (i.e., VIDi or VIDj ) is never
shared with anyone in the VCom, and it is only known to the
2374 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 2, JUNE 2021
TABLE V
S ECURITY A NALYSIS C OMPARISON IN R ELEVANT V2V
C OMMUNICATION M ECHANISMS
vehicle owner (the person, who selected the vehicle user iden-
tity during the vehicle registration phase.). Hence, there is no
way to reveal/derive the vehicle user identity or learn private
information of both (sender and receiver) even though the reg-
istered vehicle user is acting as an adversary. Thus, the VCom
satisfies user anonymity throughout the vehicle registration and
V2V communication phases.
Based on the given security proof and analysis, the VCom
can withstand crucial attacks by satisfying integrity, authenti-
cation, confidentiality, and user anonymity. Thus, the VCom
also resists other relevant security attacks while considering
these security properties. Table V shows the comparison of
vital security attacks for related V2V communication schemes.
VI. P ERFORMANCE A NALYSIS
We analyze test-bed experimental results of the VCom
for different performance measures and do comparison of
the VCom with advanced existing V2V data transmission
schemes, such as [28], [29], [30], [31], [32], and [33].
A. Simulation Set-Up
The test-bed experimental setup is considered as Intel i5-
5200U processor, 8 GB RAM, 2.2 GHz clock frequency
computer machine with Windows 10. For programming lan-
guage, Python 3.1 is used to implement different cryptographic
primitives based on py-ecc and pycrypto libraries. Different
vehicular communication schemes are designed using cryp-
tographic primitives, such as elliptic curve (EC) small scale
multiplication (Tsm−ecc ), EC point addition (Tpa−ecc ), bit-
wise XOR (⊕), concatenation operator (), and SHA-256
(Th(·) ). However, the execution time of  and ⊕ is nominal
(in the implementation) compared to other mentioned crypto-
graphic primitives. Thus, we do not count the execution time
of ⊕ and  for all schemes. On the above-stated platform, the
average execution time (after 100 runs) of these primitives is
shown in Table VI. V2V communication is performed through
DSRC, and messages are sent on every 100-300 milliseconds
at 5.8 GHz frequency bandwidth, 10 MHz channel capacity,
25 dBm transmission power, and 6 Mbps data rate and there
are 180 vehicles according to the DSRC standard [2], [41].
B. Performance Metrics
We calculate computation time, energy consumption, com-
munication overhead, and storage cost for [28], [29], [30],
[31], [32], [33], and VCom.
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
TABLE VI
T HE AVERAGE E XECUTION T IME FOR C RYPTOGRAPHIC O PERATIONS
1) Computation time: It is calculated based on the required
total number and type of cryptographic operations dur-
ing the communication phase, and it is measured in
milliseconds (ms) [28]. If the scheme requires less com-
putational time, then it can quickly transmit vehicular
messages between vehicles on the road. Moreover, an
adversary gets very less time to perform illegal activities.
2) Energy consumption: The system needs energy to exe-
cute different cryptographic operations, and the energy
consumption (EC) is directly proportional to the com-
putation time. It is calculated as EC = TC ∗ C , and
is measured in millijoule (mJ), where TC = computa-
tional time; C = the CPU maximum power (fixed as
10.88 W in wireless communications) [42].
3) Communication overhead: This cost is a memory
requirement for the message communication system dur-
ing the data transmission phase between the sender
and the receiver. It is calculated based on the total
number and type of transferred parameters from both
sides (sender and receiver) to establish a mutual con-
nection, and it is measured in bytes [28], [43]. If the
system expects high memory, then it needs more time
to complete the implementation process.
4) Storage cost: It is calculated based on the type and num-
ber of different private and public parameters, which
are stored into OBUi and TPDi . And these devices
are installed in Vi ’s vehicle during the registration
phase [28], [43]. It is also measured in bytes. If the com-
munication protocol needs more memory for storage,
then the installation cost is increased.
C. Results and Analysis
The computation time is calculated by considering Th(·) ,
Tpa−ecc , and Tsm−ecc for [28], [29], [30], [31], [32], [33],
and VCom. Different data transmission schemes require var-
ied computational time for its verification procedure, as the
total number and type of cryptographic primitives are differ-
ent during the communication phase. He et al. [28] expects
6Tsm-ecc + 2Tpa-ecc + 5Th(·) = 18.3171 ms. Zhong et al. [29]
requires 5Tsm-ecc + 7Th(·) = 15.0985 ms. Xie et al. [30] needs
4Tsm-ecc + 3Th(·) + 2Tpa-ecc = 12.2655 ms. Dua et al. [31]
takes 8Tsm-ecc + 12Th(·) = 24.2308 ms. The scheme [32] takes
4Th(·) + 5Tsm-ecc = 15.1229 ms. Cui et al. [33] requires
10Tsm-ecc + 7Th(·) = 30.2397 ms. However, the proposed
scheme (VCom) requires 16Th(·) = 0.0976 ms. Hence, mes-
sages are quickly processed in the VCom compared to [28],
[29], [30], [31], [32], and [33].
The energy consumption is dependent on the total com-
putational time of the communication scheme as per the
energy consumption formula (refer Section VI-B2). For V2V
communication, 199.2900 mJ, 164.2717 mJ, 133.4486 mJ,
LIMBASIYA AND DAS: VCom: SECURE AND EFFICIENT VEHICLE-TO-VEHICLE MESSAGE COMMUNICATION PROTOCOL 2375

TABLE VII
C OMPUTATIONAL T IME AND E NERGY C ONSUMPTION A NALYSIS C OMPARISON W ITH D IFFERENT C OMMUNICATION S CHEMES

263.6311 mJ, 164.5372 mJ, and 329.0079 mJ are expected

in [28], [29], [30], [31], [32], and [33] respectively. However,
the proposed mechanism consumes 1.0619 mJ because the
VCom is designed using comparatively low-cost primitive
(i.e., SHA-256). The energy comparison is described in
Table VII.
For the communication overhead and storage cost, we
consider the memory size of different parameters as follows:
identity/password/normal variable = 8 bytes; ECE = 64 bytes
(as the random nonce size for the generator is 256 bits.);
time-stamp = 4 bytes; one-way hash (i.e., SHA-256) = 32
bytes [28], [43]. The storage cost is one-time memory space
requirement in the basic setup/registration phase, but the com-
munication overhead is regularly required when data transfer
happens between two vehicle users. Hence, the communica-
tion overhead is more important rather than the storage cost
for a cost-effective communication protocol.
• He et al. [28] needs 1(time-stamp) + 1(SHA-256) +
3(ECC) = 228 bytes to transfer parameters and 3(iden-
tity) + 9(ECC) = 600 bytes to store data.
• Zhong et al. [29] takes 1(time-stamp)+2(SHA-256) +
1(ECC)+1(identity) = 140 bytes in communication and
4(ECC)+1(identity) = 264 bytes for storage.
• Xie et al. [30] expects 1(time-stamp)+1(identity) +
3(ECC) = 204 bytes during communication and 3(ECC)
+ 4(identity) = 224 bytes for storage.
• Dua et al. [31] requires 5(time-stamp)+2(identity) +
7(ECC)+7(SHA-256) = 708 bytes in communication
and 2(SHA-256)+4(ECC)+4(identity) = 352 bytes for
storage.
• Tangade et al. [32] needs 1(identity)+2(SHA-256)+2
(ECC)=200 bytes in communication and 1(time-
stamp)+4 (identity)+20(ECC)+1(SHA-256)=1348
bytes for storage.
• Cui et al. [33] requires 1(time-stamp)+1(SHA-256)+2
(ECC)+1(identity) = 172 bytes for communication and
10(ECC)+8(identity) = 704 bytes for storage.
• However, the VCom expects 2(time-stamp)+5(SHA-256)
= 168 bytes in the communication phase and 6(SHA-
256)+2(identity) = 208 bytes for storage.
The total cost (communication and storage) is 828 bytes
(in [28]), 404 bytes (in [29]), 428 bytes (in [30]), 1060 bytes
(in [31]), 1548 bytes (in [32]), 876 bytes (in [33]), and 376
bytes (in VCom). Fig. 4 shows the comparison for the com-
munication overhead, storage cost, and total cost of relevant
V2V communication protocols. The total cost (in VCom) is
less compared to existing vehicular communication schemes,
Fig. 4. Communication and Storage Costs Comparison for V2V
Communication Schemes.
as the VCom needs less number of bytes during the commu-
nication and registration phases, providing cost-effective and
energy-efficient V2V communication.
VII. C ONCLUSION
This article presents a secure and energy-efficient V2V
message communication protocol (VCom) using low-cost
cryptographic functions (i.e., concatenation, SHA-256, and
bit-wise XOR). Based on the security proof and analysis,
the VCom can withstand crucial vehicular communication
security attacks, such as man-in-the-middle, Sybil, plain-text,
illusion, impersonation, modification, password guessing, and
replay. Further, the VCom satisfies integrity, authentication,
confidentiality, and user anonymity. The test-bed experimen-
tal results confirm that the VCom is comparatively efficient
in computation time, energy consumption, storage cost, and
communication overhead than relevant V2V communication
schemes. Consequently, the proposed protocol helps to trans-
mit road safety and traffic management messages between
moving vehicles quickly and securely in a public network
while preserving user anonymity. Hence, the VCom is useful
in different smart transportation applications for the benefits
of vehicle users while moving on the road.
R EFERENCES
[1] T. Limbasiya, D. Das, and S. K. Sahay, “Secure communication protocol
for smart transportation based on vehicular cloud,” in Proc. ACM 21st
Int. Joint Conf. Pervasive Ubiquitous Comput. (UbiComp) ACM Int.
Symp. Wearable Comput., Sep. 2019, pp. 372–376.

Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
2376 IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 2, JUNE 2021
[2] J. B. Kenney, “Dedicated short-range communications (DSRC) stan-
dards in the United States,” Proc. IEEE, vol. 99, no. 7, pp. 1162–1182,
Jul. 2011.
[3] G. Karagiannis et al., “Vehicular networking: A survey and tutorial on
requirements, architectures, challenges, standards and solutions,” IEEE
Commun. Surveys Tuts., vol. 13, no. 4, pp. 584–616, 4th Quart., 2011.
[4] S. Zeadally, R. Hunt, Y.-S. Chen, A. Irwin, and A. Hassan, “Vehicular ad
hoc networks (VANETS): Status, results, and challenges,” Telecommun.
Syst., vol. 50, no. 4, pp. 217–241, Dec. 2012.
[5] S. Bak, Z. Huang, F. A. T. Abad, and M. Caccamo, “Safety and
progress for distributed cyber-physical systems with unreliable com-
munication,” ACM Trans. Embedded Comput. Syst., vol. 14, no. 4,
pp. 1–22, Dec. 2015.
[6] J. P. Hubaux, S. Capkun, and J. Luo, “The security and privacy
of smart vehicles,” IEEE Security Privacy, vol. 2, no. 3, pp. 49–55,
May/Jun. 2004.
[7] M. Raya and J. P. Hubaux, “Securing vehicular ad hoc networks,” J.
Comput. Security, vol. 15, no. 1, pp. 39–68, Jan. 2007.
[8] M. N. Mejri, J. Ben-Othman, and M. Hamdi, “Survey on VANET secu-
rity challenges and possible cryptographic solutions,” Veh. Commun.,
vo. 1, no. 2, pp. 53–66, Apr. 2014.
[9] S. Al-Sultan, M. M. Al-Doori, A. H. Al-Bayatti, and H. Zedan, “A
comprehensive survey on vehicular ad hoc network,” J. Netw. Comput.
Appl., vol. 37, pp. 380–392, Jan. 2014.
[10] H. Hasrouny, A. E. Samhat, C. Bassil, and A. Laouiti, “VANet security
challenges and solutions: A survey,” Veh. Commun., vol. 7, pp. 7–20,
Jan. 2017.
[11] S. S. Manvi and S. Tangade, “A survey on authentication schemes in
VANETs for secured communication,” Veh. Commun., vol. 9, pp. 19–30,
Jul. 2017.
[12] A. Ghosal and M. Conti, “Security issues and challenges in V2X: A
survey,” Comput. Netw., vol. 169, pp. 1–20, Mar. 2020.
[13] M. S. Al-Kahtani, “Survey on security attacks in vehicular ad hoc
networks (VANETs),” in Proc. IEEE 6th Int. Conf. Signal Process.
Commun. Syst. (ICSPCS), Gold Coast, QLD, Australia, Dec. 2012,
pp. 1–9.
[14] F. Sakiz and S. Sen, “A survey of attacks and detection mechanisms
on intelligent transportation systems: VANETs and IoV,” Ad Hoc Netw.,
vol. 61, pp. 33–50, Jun. 2017.
[15] C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen, “An efficient identity-
based batch verification scheme for vehicular sensor networks,” in Proc.
IEEE 27th Conf. Comput. Commun. (INFOCOM), Phoenix, AZ, USA,
Mar. 2008, pp. 246–250.
[16] J.-L. Huang, L.-Y. Yeh, and H.-Y. Chien, “ABAKA: An anonymous
batch authenticated and key agreement scheme for value-added services
in vehicular ad hoc networks,” IEEE Trans. Veh. Technol., vol. 60, no. 1,
pp. 248–262, Jan. 2011.
[17] H. Wen, p.-H. Ho, and G. Gong, “A novel framework for message
authentication in vehicular communication networks,” in Proc. IEEE
10th Global Telecommun. Conf. (GLOBECOM), Honolulu, HI, USA,
Nov. 2009, pp. 1–6.
[18] Y. Hao, Y. Cheng, C. Zhou, and W. Song, “A distributed key manage-
ment framework with cooperative message authentication in VANETs,”
IEEE J. Sel. Areas Commun., vol. 29, no. 3, pp. 616–629, Mar. 2011.
[19] A. Wasef and X. Shen, “EMAP: Expedite message authentication pro-
tocol for vehicular ad hoc networks,” IEEE Trans. Mobile Comput.,
vol. 12, no. 1, pp. 78–89, Jan. 2013.
[20] J. Li, H. Lu, and M. Guizani, “ACPN: A novel authentication
framework with conditional privacy-preservation and non-repudiation
for VANETs,” IEEE Trans. Parallel Distrib. Syst., vol. 26, no. 4,
pp. 938–948, Apr. 2015.
[21] M. Fogue et al., “Securing warning message dissemination in VANETs
using cooperative neighbor position verification,” IEEE Trans. Veh.
Technol., vol. 64, no. 6, pp. 2538–2550, Jun. 2015.
[22] T. W. Chim, S. M. Yiu, L. C. Hui, and V. O. Li, “SPECS: Secure
and privacy enhancing communications schemes for VANETs,” Ad Hoc
Netw., vol. 9, no. 2, pp. 189–203, Mar. 2011.
[23] K.-A. Shim, “CPAS: An efficient conditional privacy-preserving authen-
tication scheme for vehicular sensor networks,” IEEE Trans. Veh.
Technol., vol. 61, no. 4, pp. 1874–1883, May 2012.
[24] C.-C. Lee and Y.-M. Lai, “Toward a secure batch verification with group
testing for VANET,” Wireless Netw., vol. 19, no. 6, pp. 1441–1449,
Aug. 2013.
[25] Z. Jianhong, X. Min, and L. Liying, “On the security of a secure
batch verification with group testing for VANET,” Int. J. Netw. Security,
vol. 16, no. 5, pp. 351–358, Sep. 2014.
[26] M. Bayat, M. Barmshoory, M. Rahimi, and M. R. Aref, “A secure
authentication scheme for VANETs with batch verification,” Wireless
Netw., vol. 21, no. 5, pp. 1733–1743, Jul. 2015.
[27] X. Lin and X. Li, “Achieving efficient cooperative message authentica-
tion in vehicular ad hoc networks,” IEEE Trans. Veh. Technol., vol. 62,
no. 7, pp. 3339–3348, Sep. 2013.
Authorized licensed use limited to: Thiagarajar College of Engineering. Downloaded on September 03,2021 at 06:01:03 UTC from IEEE Xplore. Restrictions apply.
[28] D. He, S. Zeadally, B. Xu, and X. Huang, “An efficient identity-
based conditional privacy-preserving authentication scheme for vehic-
ular ad hoc networks,” IEEE Trans. Inf. Forensics Security, vol. 10,
pp. 2681–2691, 2015.
[29] H. Zhong, J. Wen, J. Cui, and S. Zhang, “Efficient conditional
privacy-preserving and authentication scheme for secure service pro-
vision in VANET,” Tsinghua Sci. Technol., vol. 21, no. 6, pp. 620–629,
Dec. 2016.
[30] Y. Xie, L. Wu, J. Shen, and A. Alelaiwi, “EIAS − CP :
New efficient identity-based authentication scheme with conditional
privacy-preserving for VANETs,” Telecommun. Syst., vol. 65, no. 2,
pp. 229–240, Jun. 2017.
[31] A. Dua, N. Kumar, A. K. Das, and W. Susilo, “Secure message com-
munication protocol among vehicles in smart city,” IEEE Trans. Veh.
Technol., vol. 67, no. 5, pp. 4359–4373, May 2018.
[32] S. Tangade, S. S. Manvi, and P. Lorenz, “Decentralized and scalable
privacy-preserving authentication scheme in VANETs,” IEEE Trans. Veh.
Technol., vol. 67, no. 9, pp. 8647–8655, Sep. 2018.
[33] J. Cui, L. Wei, J. Zhang, Y. Xu, and H. Zhong, “An efficient
message-authentication scheme based on edge computing for vehicu-
lar ad hoc networks,” IEEE Trans. Intell. Transp. Syst., vol. 20, no. 5,
pp. 1621–1632, May 2019.
[34] C. Lyu, D. Gu, Y. Zeng, and P. Mohapatra, “PBA: Prediction-based
authentication for vehicle-to-vehicle communications,” IEEE Trans.
Depend. Secure Comput., vol. 13, no. 1, pp. 71–83, Jan./Feb. 2015.
[35] T. Limbasiya and N. Doshi, “An analytical study of biometric based
remote user authentication schemes using smart cards,” Comput. Elect.
Eng., vol. 59, pp. 305–321, Apr. 2017.
[36] T. Leinmuller, E. Schoch, F. Kargl, and C. Maihofer, “Decentralized
position verification in geographic ad hoc routing,” Security Commun.
Netw., vol. 3, no. 4, pp. 289–302, Jul./Aug. 2010.
[37] M. Maroti, B. Kusy, G. Simon, and A. Ledeczi, “The flooding time
synchronization protocol,” in Proc. 2nd Int. Conf. Embedded Netw. Sens.
Syst. (SenSys), Nov. 2004, pp. 39–49.
[38] M. Ciurana, F. Barcelo-Arroyo, and F. Izquierdo, “A ranging system
with IEEE 802.11 data frames,” in Proc. IEEE Radio Wireless Symp.,
Long Beach, CA, USA, Jan. 2007, pp. 133–136.
[39] J. Zhang, J. Cui, H. Zhong, Z. Chen, and L. Liu, “PA-CRT:
Chinese remainder theorem based conditional privacy-preserving
authentication scheme in vehicular ad-hoc networks,” IEEE
Trans. Depend. Secure Comput., early access, Mar. 11, 2019,
doi: 10.1109/TDSC.2019.2904274.
[40] M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm
for designing efficient protocols,” in Proc. ACM 1st Conf. Comput.
Commun. Security (CCS), Dec. 1993, pp. 62–73.
[41] Z. H. Mir and F. Filali, “LTE and IEEE 802.11p for vehicular
networking: A performance evaluation,” EURASIP J. Wireless Commun.
Netw., vol. 2014, no. 1, pp. 1–15, Dec. 2014.
[42] D. He, C. Chen, S. Chan, and J. Bu, “Secure and efficient handover
authentication based on bilinear pairing functions,” IEEE Trans. Wireless
Commun., vol. 11, no. 1, pp. 48–53, Jan. 2012.
[43] M. S. Farash, M. Turkanovic, S. Kumari, and M. Hölbl, “An efficient
user authentication and key agreement scheme for heterogeneous wire-
less sensor network tailored for the Internet of Things environment,” Ad
Hoc Netw., vol. 36, pp. 152–176, Jan. 2016.
Trupil Limbasiya (Student Member, IEEE) is
currently pursuing the Ph.D. degree with the
Department of Computer Science and Information
Systems, Birla Institute of Technology and Science
Pilani, K. K. Birla Goa Campus, Zuarinagar, India.
He has published research articles in various peer-
reviewed international journals and well-known
international conferences. His research interests
include applied cryptography, information security,
and network security for smart city applications.
Debasis Das (Member, IEEE) received the Ph.D.
degree in computer science and engineering from the
Indian Institute of Technology (IIT) Patna, India. He
joined as an Assistant Professor with the Department
of Computer Science and Engineering, IIT Jodhpur,
Jodhpur, India. In 2019, he was an Assistant
Professor with the Birla Institute of Technology
and Science Pilani, K. K. Birla Goa Campus,
Zuarinagar, India, and NIIT University, Neemrana,
India. His research interests include VANETs, smart
cities, lightweight cryptography, Internet of Vehicles,
blockchain, and network security.