Dual Authentication and Key Management Techniques For Secure Data Transmission in Vehicular Ad Hoc Networks
Dual Authentication and Key Management Techniques For Secure Data Transmission in Vehicular Ad Hoc Networks
Abstract—Vehicular ad hoc networks (VANETs) are an impor- research community in recent years. In general, a VANET con-
tant communication paradigm in modern-day mobile computing sists of three major components, namely the Trusted Authority
for exchanging live messages regarding traffic congestion, weather (TA), Road Side Units (RSUs) and vehicles. The TA provides a
conditions, road conditions, and targeted location-based adver-
tisements to improve the driving comfort. In such environments, variety of online premium services to the VANET users through
security and intelligent decision making are two important chal- RSUs. The RSUs are fixed at the road sides which are used
lenges needed to be addressed. In this paper, a trusted authority to connect the vehicles to the TA. Each vehicle is installed
(TA) is designed to provide a variety of online premium ser- with an On Board Unit (OBU) which is used to perform
vices to customers through VANETs. Therefore, it is important all computation and communication tasks. Various statistical
to maintain the confidentiality and authentication of messages
exchanged between the TA and the VANET nodes. Hence, we studies reveal that due to road accidents, many people have
address the security problem by focusing on the scenario where the either died or injured and the traffic jams generate a tremendous
TA classifies the users into primary, secondary, and unauthorized waste of time and fuel. In order to solve these problems and
users. In this paper, first, we present a dual authentication scheme to enhance the driving comfort, appropriate traffic information
to provide a high level of security in the vehicle side to effec- should be provided to the drivers in a smart and secured way.
tively prevent the unauthorized vehicles entering into the VANET.
Second, we propose a dual group key management scheme to Therefore, VANETs are developed to provide attractive services
efficiently distribute a group key to a group of users and to update such as safety services that include curve speed warnings,
such group keys during the users’ join and leave operations. The emergency vehicle warnings, lane changing assistance, pedes-
major advantage of the proposed dual key management is that trian crossing warnings, traffic-sign violation warnings, road
adding/revoking users in the VANET group can be performed in a intersection warnings and road-condition warnings. In addition,
computationally efficient manner by updating a small amount of
information. The results of the proposed dual authentication and it can offer the comfort services such as weather information,
key management scheme are computationally efficient compared traffic information, location of petrol stations or restaurants, and
with all other existing schemes discussed in literature, and the interactive service such as Internet access. Even though, these
results are promising. services make driving comfort, the Intelligent Transport System
Index Terms—Authentication, vehicle secret key, Chinese re- (ITS) technology heavily depends on the intelligent security
mainder theorem, group key management, VANET. and privacy-preserving protocols to enhance the quality of
experience for the drivers and passengers without fear for their
I. I NTRODUCTION safety and personal privacy [1], [32].
Two types of communications are performed in VANETs.
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1016 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
is easy to ascertain all the authenticated vehicles [4], [7]. the security strength of our proposed scheme. Section VII
Authentication is the process of verifying a user identity prior to provides the performance evaluation metrics and results of our
granting access to the network. It can be considered as the first proposed algorithm with the other existing key management
line of protection against intruders. The authentication process schemes. Section VIII gives concluding remarks and suggests
ensures that only valid vehicles can be part of the group in some future directions.
VANET. In this paper, a new dual authentication scheme is
proposed to provide the security improvement in the vehicle’s
II. P REVIOUS W ORKS
side to resist malicious users entering into the VANET. After
completing the authentication process, the TA can multicast Many existing techniques are available in the literature for
the information to the authenticated vehicles. The authenticated providing authentication in the VANET [3]–[6]. Among the
vehicles can broadcast that information to other vehicles in a various existing techniques, Johnson et al. [8] proposed an
secure way. To multicast the information from the TA side and Elliptic Curve Digital Signature Algorithm (ECDSA), which
to broadcast the information from one vehicle to other vehicles, is mathematically derived from the basic digital signature al-
we have proposed a dual key management technique using gorithm. ECDSA uses an asymmetric key pair which consists
Chinese Remainder Theorem (CRT). In this technique, the TA of a public key and a private key. The public key used in this
generates two different group keys for two different groups of technique is a random multiple of the base point, where the
users, namely primary user group and secondary user group. In multiples are generated from the private key. Here, both the
the generated group keys, one group key is used for multicast- public and the private keys are used for user authentication.
ing the information from the TA to primary users (PUs) and the The two attacking techniques that are performed in this method
other group key is issued for broadcasting the information from are the attacks on Elliptic Curve Discrete Logarithmic Problem
primary users to secondary users (SUs). However, the shared (ECDLP) and the attacks on the hash function. Wasef et al. [9]
cryptographic group keys should be refreshed through a proper proposed a technique for the management of digital certificates,
racing operation at the time of group membership changes due namely Efficient Certificate Management Scheme for Vehicular
to new users joining into the network or old users leaving Ad Hoc Networks (ECMV). This method is based on a Public
from the network. Therefore, an old group member has no Key Infrastructure (PKI). In this technique, each vehicle has
access to present communications (forward secrecy) and a new a short lifetime certificate and this certificate can be updated
member has no access to previous communications (backward from any RSU. This certificate is frequently updated to provide
secrecy). The proposed dual group key management scheme privacy-preserving authentication, which creates an additional
minimizes the computational cost of the TA and group members overhead. Shen et al. [10] represented Cooperative Message
in the rekeying operation. To achieve this goal, the TA performs Authentication Protocol (CMAP) to find out the malicious
only simple addition and subtraction operations to update the information broadcasted by the malicious vehicles in the road
group key. Similarly, each vehicle user of the multicast group transport system. The cooperative message authentication is a
performs only one modulo division operation for recovering the promising technique to alleviate vehicle’s computation over-
updated key when the group membership changes. The major head for message verification. However, the communication
contributions of this paper are summarized as follows. overhead increases when the density of vehicles is higher. The
main limitation of this method is that if there is no verifier
1) We propose a secure dual authentication technique with to verify messages, then the malicious messages may be con-
the capability of preventing malicious vehicles entering sumed by vehicle users.
into the VANET system. Syamsuddin et al. [11] presented a comparison of various
2) We introduce a dual key management technique into RFID authentication protocols based on the use of the hash
the VANET to disseminate the information from the TA chain method. However, among these existing protocols, most
side to the group of vehicle users in an intelligent and of them have addressed a specific issue called authentication.
secure way. All these schemes fail to propose an integrated approach to
3) We get the computational complexity of our proposed provide the authentication as well as confidentiality services in
dual key management scheme as O(1) in both the TA and VANET. Perrig et al. [12] represented a Timed Efficient Stream
vehicle users and hence it is suitable for VANETs. Loss-tolerant Authentication (TESLA) protocol, which uses
4) The communication complexity of our proposed dual key symmetric keys instead of using asymmetric keys. Since the
management scheme is also O(1) which means that our symmetric key systems are significantly faster than signatures,
scheme takes only one broadcast to inform the updated the Denial of Service (DoS) attack is averted in this system.
keying information from the TA to vehicle group. However, it is hard to achieve non-repudiation with symmet-
ric key-based approaches. So the digital signatures provide a
The remainder of this paper is organized as follows. best way for providing authentication with non-repudiation.
Section II summarizes the previous works in the literature. The Guo et al. [13] proposed a technique based on the group
system model and attack model are presented in Section III. We signature, which is a promising security scheme to provide
describe our proposed dual authentication scheme in Section IV privacy in VANETs. In the group signature, one group public
and the dual key management for group communications in key is connected with multiple groups of private keys. In this
Section V. This section also explains secure data transmission group signature scheme, an attacker can easily find a message
scheme that takes place among vehicles. Section VI analyzes sent by the group, but it is not possible to track the sender of
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
VIJAYAKUMAR et al.: AUTHENTICATION AND MANAGEMENT TECHNIQUES FOR DATA TRANSMISSION IN VANETs 1017
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1018 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
data such as a secret key, group key and the identity of the
vehicle. The EDR is used to record information related to
accidents or vehicle crashes. The speed sensor is used to
collect the vehicle information such as velocity and breaking
information. The forward and rear sensors are used to monitor
the activities happening on the front and rear side of the vehicle.
The communication system uses a communication device such
a DSRC radio to communicate with other vehicles and RSUs.
The data collection agent also collects the fingerprint from the
individual user through the fingerprint device and compares this
with the fingerprint in the smart card for dual key authentica-
tion purpose. The smart card is given by the TA during the
time of registration, which contains the fingerprint and VSK.
The smart card is used through a smart card device which is
also controlled by the OBU. The spatio-temporal reasoning
agent is not only responsible for checking spatial and temporal
constraints on road conditions, but also to perform predictions
on the safest place with respect to space and time for further
vehicle movement and to plan in prior the suitable moving
arrangements.
The fuzzy inference engine is the core component of the in-
Fig. 2. Components of a vehicle for intelligent transportation. telligent transportation system which uses the symmetric fuzzy
Gaussian membership function [34] to extract appropriate deci-
sions from the data provided by the data collection agent. The
every state in the country has a TA. When a vehicle moves rule base contains IF-THEN fuzzy rules for the classification
from one state to another state, the vehicle’s credentials will be of the data and the fuzzy rules generated in this research work
verified using the TA of the registered state, which is initiated are given in the Appendix (see Table III). The scheduler in the
by the TA of the state where the vehicle is roaming currently. fuzzy inference subsystem is used to select appropriate rules
In Fig. 1, we have illustrated a single TA for our convenience. from the rule base and sends them to the decision making agent.
In addition to this, each TA authenticates the identity vehicle The decision making agent finally selects suitable decisions on
OBU’s or the identity of users to avoid malicious vehicles the executed rules according to the road conditions in order to
entering into the VANET system. reduce the traffic and to minimize the fuel consumption. The
Road Side Unit (RSU): RSUs are deployed at the roadsides encryption/decryption agent is used to encrypt or decrypt the
and they are regularly monitored and managed by the TA [28]. incoming messages that are received from the data collection
These units act like bridges between the TA and the vehicles. agent and the decision making agent to achieve data security.
The RSUs connect with the TA by a secure wired network and The human machine interface component is responsible for the
OBUs by an open wireless channel. interaction between the vehicle users and OBUs. The goal of
Vehicles: Each vehicle is embedded with an OBU in the this interaction is to allow the vehicle users to view the mes-
VANET system. The vehicles can communicate with other sages and to generate the messages. Vehicle original equipment
vehicles and RSUs through this OBUs. The vehicles can com- manufacturers are required to invest in vehicle components
municate with the TA through the RSUs. The OBU consists of that are designed to interact with the intelligent transportation
six major components, namely an encryption/decryption agent, components via standardized interfaces [30] in order to satisfy
data collection agent, spatio-temporal reasoning agent, Fuzzy the above mentioned objectives.
inference engine, rule base and decision making agent as shown
in Fig. 2.
Moreover, the OBU interacts with vehicle sensors, Tamper B. Attack Model
Proof Device (TPD), DSRC communication medium, smart
Since the V2V and V2I communications are carried out in an
card device, fingerprint device, Event Data Recorder (EDR) and
open wireless channel, there are many attacks which threaten
human machine interface to perform effective decision making
these kinds of communications on the road. In this section, we
on vehicle movement. The Data collection agent collects the
have listed several possible attacks performed in VANETs.
necessary data from the intelligent transportation components
like the Global Positioning System (GPS), forward and rear 1) Message replay attack: As the name implies, this attack
sensors, speed sensor, TPD, DSRC communication medium, is basically happening when the attacker repeats or delays
smart card device, finger print device and EDR for giving input the valid message transmission maliciously to disturb the
to the Fuzzy inference engine. Among these devices, the GPS traffic.
receiver is used to acquire the vehicle’s real-time geographical 2) Sybil attack: The attacker may use multiple identities at
position and to perform fairly accurate time synchronization the same time. In this attack, an attacker broadcast nu-
among the vehicles [31]. The TPD is used to store sensitive merous messages with different identities to other vehicles.
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
VIJAYAKUMAR et al.: AUTHENTICATION AND MANAGEMENT TECHNIQUES FOR DATA TRANSMISSION IN VANETs 1019
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1020 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
VIJAYAKUMAR et al.: AUTHENTICATION AND MANAGEMENT TECHNIQUES FOR DATA TRANSMISSION IN VANETs 1021
the packet using VSK of the particular vehicle and verifies (message) using vehicle’s group key kpug or ksug as shown
the IDV in equation (13).
DVSK (EVSK (N HCIDV )) . (5) Ekpug (payload) (ETA−P vt (ACIDV T S3 Lifetime)) .
(13)
Then, the TA generates the HC using the random number
N and the VSK by SHA_256 algorithm and then verifies In many existing approaches, the payload is not encrypted
the newly computed HC value with the HC which is sent [19]–[21] when it is communicated with the other ve-
from the vehicle side. hicles. In order to protect the payload (actual data or
9) If the two HC values match, then the TA hashes the Hash information) field against eavesdropping and modification
Code to get the Authentication Code (AC). by unauthorized users, we have included a protocol which
is explained in Section V. To provide two different secure
AC = SHA_256(HC). (6) group communications in VANETs, we have also devel-
oped a dual key management scheme in this paper.
10) The TA includes the Vehicle ID, incremented time stamp
value and also it includes the lifetime of the AC along with
the AC and encrypts this sequence with its private key of V. D UAL K EY M ANAGEMENT FOR
TA (TA − P vt) to create a digital signature. Therefore, G ROUP C OMMUNICATION
any vehicle user can verify this digital signature using the
Dual Key Management is a group key management scheme
public key of TA. But, no vehicle user can regenerate this
in which the TA computes two different group keys intended for
digital signature because it is generated using the private
two different groups in VANETs. The group is a very important
key of the TA.
concept in our scheme. Based on the money paid to the TA,
a very simple Service Level Agreement (SLA) is considered
ETA−P vt (ACIDV T S3Lifetime) . (7)
between the TA and the vehicle users, which categorize the
This forms the authentication response. To securely trans- vehicle users into three groups, namely Primary Users (PUs),
fer this AC to the appropriate vehicle user, the TA also Secondary Users (SUs) and Unauthorized Users (UUs) in a pre-
encrypts this authentication response using the VSK value defined manner. The PUs are eligible to get attractive services
of the corresponding user and RSK of RSU. such as safety, comfort services and interactive services from
the TA. The PUs are authorized VANET users who receive
(ERSK (EVSK (ETA−P vt (ACIDV TS3 Lifetime)))IDTA). these services from the TA side periodically. The SUs are also
(8) authorized VANET users who receive the attractive services
such as safety services from the PUs without making any re-
Finally, the TA sends the packet to the RSU. quests to them, but they cannot receive the information directly
11) RSU receives the packet from the TA and decrypts the from the TA. The PUs can communicate with each other by
packet using its RSK. means of V2V communications. However, the SUs can also
DRSK (ERSK (EVSK (ETA−P vt communicate with each other after getting the SUs group key
(ACIDV T S3 Lifetime))) IDTA ) . (9) from the TA through PUs. Both the PUs and the SUs will have
a valid VSK received from the TA. Finally, UUs are the vehicle
On receiving this message, the RSU is able to check the users who do not have access to the information exchanged
identity of TA (IDTA ), verifies that whether it is sent between PUs and SUs and hence a UU is considered as an
by the legitimate TA or malicious node. After verifying intruder in this proposed approach.
the identity of the TA, the RSU sends the packet to the To disseminate the information from the TA side to PUs
vehicle user. side in a secure way, the TA encrypts the information using a
common group key which is derived using individual vehicles
(EVSK (ETA−P vt (ACIDV T S3Lifetime)) IDTA ). secret key of PUs as discussed in one of the previous works
(10) [22]. Similarly, for broadcasting the information from the PUs
12) The vehicle decrypts the packet using its VSK, and then to SUs in a secure way, the TA encrypts the group key of SUs
verifies IDTA . using the group key of PUs and multicast it to PUs. All the PUs
can get the group key of SUs. This group key is used in the
DVSK (EVSK (ETA−P vt (ACIDV TS3 Lifetime))IDTA). PUs side to encrypt the information and the encrypted message
(11) is sent to neighboring SUs. In computing a common group key
After that, the vehicle verifies the IDV by decrypting the separately for PUs and SUs vehicles in the TA side, we use CRT
resultant message using the public key of the TA. based group key management scheme used in many existing
schemes [15], [16], [25].
DTA−pub (ETA−P vt (ACIDV T S3 Lifetime)). (12) Let k1 , k2 , k3 , . . . , kn be pairwise relatively prime positive
integers, and let a1 , a2 , a3 , . . . , an be positive integers. Then,
13) The vehicles then start sending the safety messages to CRT states that the pair of congruences, X ≡ a1 mod k1 ,
other vehicles with this AC by encrypting the payload X ≡ a2 mod k2 , . . . , X ≡ an mod kn has a unique solution
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1022 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
mod ∂g = ni=1 (ki ). To compute the unique solution, the TA B. Group Key Computation
can compute the value as shown in equation (14).
In this phase, the VANET group users complete the registra-
n tion process and get their corresponding group secret keys from
X= ai βi γi (mod ki ) the TA. Whenever the TA wants to send common information
i=1 to a group of VANET users (PUs) to support the group commu-
∂g
Where, βi = and βi γi ≡ 1 mod ki . (14) nication, the TA computes the group key in the following way
ki and multicast it to the PUs group through RSU.
The proposed dual group key management scheme works
in four phases. The first phase is the TA Initial set up, where a) Initially, the TA selects a random element kpug as a new
a multiplicative group is created at the TA side from which group key for PUs within the range q.
secret key and group key values are selected. For differentiating b) Multiply the newly generated group key with the value μ
the VSK values of PUs and SUs vehicles, we use two types which is computed in TA initial setup.
of notations for representing the secret key values used for
PUs and SUs in this section. The secret key value of PUs is γpug = kpug × μ. (20)
denoted as P U SKi (i = 1, . . . , n) and SUs are denoted as
c) The TA broadcast a single message γpug to the VANET
SU SKi (i = 1, . . . , n). The second phase is called registration
users. Upon receiving γpug value from the TA side, an
and group key computation phase, where the PUs and SUs
authorized vehicle can obtain the new group key kpug by
complete the registration process and receives P U SKi and
doing only one modulo division operation as shown in
SU SKi (i = 1, . . . , n) from the TA side. After that, the TA
equation (21).
also generates two group keys separately for two groups of PUs
and SUs and it informs this group key to them in a secure way. γpug mod P U SKi = kpug . (21)
The third phase is secure data transmission, where the data are
disseminated using the group key values in the VANET. The Since, kpug < q < P U SKi < p and μ mod P U SKi = 1,
final phase of this algorithm is the key updating phase where the kpug obtained in this way must be equal to the kpug
a group key is updated when an existing PU leaves the PU’s generated in Step a) of group key computation phase. After
multicast group or a new PU joins the PU’s multicast group in computing the group key, the TA also computes another group
order to provide forward and backward secrecy. Similarly, the key ksug using the aforementioned procedure for SUs. Then,
TA also updates the group key of SUs separately. it encrypts this ksug using kpug and it is sent as a multicast
message along with γpug and γsug to all the PUs.
A. TA Initial Set Up
Initially, the TA selects large prime numbers p and q, where Ekpug (ksug )γpug γsug . (22)
p > q and q ≤ p/4
where p value is used for defining a
After receiving the packet from TA, the PUs compute the
multiplicative group zp∗ and q is used for selecting the group key
value of kpug from γpug using equation (21) and then decrypt
values. Initially, the TA selects P U SKi and SU SKi from the
Ekpug (ksug ) to get the group key value of SUs.
multiplicative group zp∗ for ‘n’ number of vehicles which will
be given to the vehicle users at the time of offline registration.
Dkpug Ekpug (ksug ) ||γsug . (23)
In the proposed group communication scheme, it is required
that all the P U SKi and SU SKi values are pairwise relatively Then the PUs send γsug as a multicast message to all the SUs
prime positive integers and are selected from zp∗ as explained in in its coverage area. After receiving this message from the
[15], [16]. Moreover, all the secret keys should be much larger PUs, the SUs compute the value of ksug from γsug as given
than the group key which is selected within the threshold value in equation (24).
fixed by q. Next, the TA executes the following steps as we
illustrated in our previous approaches [18], [23] for computing γsug mod SU SKi = ksug . (24)
the group key used for PUs. Similarly, the TA will also compute
a group key for SUs. The PUs utilize the group key value of SUs to broadcast
the information to the nearest SUs within their coverage area.
n
Therefore, the TA encrypts the information using this group key
1) Compute ∂g = (P U SKi ) (15)
i=1
(kpug ) and multicast it to the PUs. All the PUs can use their
∂g group key to decrypt the information received from the TA side.
2) Compute xi = where i = 1, 2, 3, . . . , n (16) Each PU can in turn broadcast the information received from
P U SKi
3) Compute yi such that xi × yi ≡ 1 mod P U SKi (17) the TA to SUs by encrypting it using ksug . In this way, the
4) Multiply all users xi and yi values and store them secure group communication is implemented in this proposed
in the variables work. When ‘i’ reaches to n, the TA executes TA Initial set
vari = xi × yi (18) up phase to compute ∂g , vari and μ for ‘m’ number of users
n where m = n × δ. The value δ is a constant value which may
5) Compute the value μ = vari . (19) take values less than 5 depending upon the dynamic nature of
i the multicast group.
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
VIJAYAKUMAR et al.: AUTHENTICATION AND MANAGEMENT TECHNIQUES FOR DATA TRANSMISSION IN VANETs 1023
Step 4. After receiving the data packet from the TA, the
PUs decrypt the packet using kpug and consumes the
information or messages.
Dkpug Ekpug (IDTA message or information) . (26)
Step 6. After receiving the data packet, the nearest SUs can
decrypt the data packet using the group key ksug and
can also verify the authenticity of the messages by
decrypting the authentication part using the public
key (TA − P ub) of TA as shown below:
DTA−P ub (ETA−P vt (ACIDV T S3 Lifetime)). (28)
Step 7. The SUs can in turn forward the received data packet
Fig. 4. Secure Data communication in VANET.
to other SUs by encrypting it using ksug over a long
range using multihop communication.
C. Secure Data Transmission in VANETs
Step 8. After receiving the packets, the SUs can decrypt the
In this subsection, we have explained the secure transmission packet using the ksug and process the messages.
of data (information) from TA to vehicles and between vehicles
in VANETs. Fig. 4 shows the working of secure data transmis-
sion that takes place between the TA and PUs. In addition to D. Key Updating
this, it also represents the V2V communications that take place
between PUs and SUs. The TA has collection of servers for Group key updating operation is performed when a PU joins
storing the necessary keys and data required for the VANET or leaves and usually takes more computational complexity in
users. The TA can multicast the information to PUs through most of the group key management schemes [20], [22], [26].
a dedicated Internet connection. The PUs in turn can broad- When a PU joins the VANET group, it is the responsibility of
cast the information to SUs with the PUs wireless medium. the TA to communicate the new group key in a secure way to
Finally, the UUs have no permission to communicate to the the group members. Therefore, the newly joining user cannot
VANETs since they are unauthorized users. In order to improve view the previous communications and it provides backward
the confidentiality, the messages should be exchanged in an secrecy. Similarly, when a PU leaves from a group, the TA must
encrypted form so that the UUs cannot access the messages. update the group key in order to avoid the use of a new group
The steps involved in the secure data transmission in VANET key by the old PU to preserve forward secrecy. In our proposed
communication are described as follows: key management scheme, the group key updating process is
performed in a simplest way when the group membership
Step 1. The TA generates a group key (kpug ) using the
changes. For example, when a vehicle vi of PU leaves the
PUSK’s of the PUs after collecting the requests of group, the TA has to perform the following steps.
PUs through any RSU. Also, it generates a separate
1) Subtract vari from μ.
group key (ksug ) for SUs.
Step 2. Then, the TA multicasts both the group key values μ = μ − vari . (29)
in an encrypted form as explained in equation (20).
Both the group users can find their group key using
2) Next, the TA must select a new group key kpug and it
their secret key values as used in equation (21). Also,
should be multiplied by μ to form the rekeying message
the TA sends the group key value of SUs through the as shown below.
RSU to the PUs by encrypting it using PUs group key
Ekpug (ksug ). γpug = kpug × μ . (30)
Step 3. The TA sends messages or traffic information to the
PUs only by encrypting the messages using PUs 3) The updated group key value is sent as a broadcast
group key kpug , and there is no message exchange message to all the existing PUs. The existing users of
between the TA and SUs. the PUs group can get the updated group key value kpug
by doing only one mod operation as shown in equation
Ekpug (IDTA message or information) . (25) (21). From the received value, the vehicle vi cannot find
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1024 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
the newly updated group key kpug since that particular TA is unable to distinguish an authentication effort from a
vehicle’s secret key is not included in μ . malicious attacker. Because, the malicious attacker makes use
of real users’ authentication efforts with stolen passwords, user-
Similarly, if a PU wants to join in the multicast group, then the names and secret keys, and the TA still considers the attackers
TA has to perform only one addition operation for updating the as real users. In this paper, we have used a novel dual authen-
group key. For example, if vi wants to join an existing VANET tication scheme, which can effectively oppose the malicious
group, then the TA has to perform the following steps for group behavior of the attackers that is previously mentioned. In our
key updating. proposed authentication scheme, even if the attacker knows
VSK of any vehicle user, the OBU verifies the fingerprint of
1) Instead of computing xi and yi value for the new VANET the vehicle user. If it doesn’t match, the particular vehicle is
user, the TA can take the multiplied value of xi and yi not allowed to make communication with VANETs. Hence, the
from the variable vari which is already computed in the masquerade and Sybil attacks are successfully prevented in our
TA initialization phase. The TA can select this value from dual authentication scheme.
the TA’s storage area to compute μ = μ + vari . iii) Message tampering/fabrication/alteration attack: In
2) Next, the TA selects a new group key kpug and multiplies our scheme, the messages are encrypted using the group keys
it with updated μ to form the rekeying message as shown in the group communication before they are sent among the
in equation (30). groups. For example, the TA sends messages to the PUs group
3) The updated group key value is sent as a multicast mes- by encrypting the messages using the PUs group key kpug .
sage to all the existing and newly joined PUs of the group. Therefore, no one can delete, modify and alter the content of
From the multicast value γpug , the newly joined PUs of the messages during the transmission between the TA and PUs.
the multicast group can find the newly updated group key Since, the group keys are managed by the TA, an intruder will
kpug since his/her vari value is included in μ using vari . not be able to find the key in a feasible amount of time to
communicate with the group.
Therefore, in general, if ‘n’ PUs want to join in the existing iv) Backward secrecy: Backward secrecy is the tech-
PU‘s multicast group, the TA has to perform ‘n’ additions for nique of preventing a new PU from accessing the previous
updating the group key. The key strength of our algorithm is that communication before joining the group. In order to access
the computational complexity of the TA is completely reduced the previous communication, an adversary needs to obtain the
in comparison to the other existing approaches [21], [22]. The previous group key. Moreover, if the adversary becomes a PU
computation complexity of the TA is O(1) when a single PU in a group, it may try to derive the previous group key which is
joins or leaves from the multicast group. In addition to this, the not permitted. In the proposed group key management scheme,
computational complexity of a multicast PU is also minimized when the newly updated group key is communicated to old
by allowing each PU to perform only one modulo division group members, an adversary needs to find any one of the PUs
operation. Moreover, the TA takes only one broadcast message secret key. Moreover, all the P U SK’s are randomly selected
which is same in most of the existing algorithms for informing from a large set of positive integers with respect to the multi-
the updated group key value to PUs of the multicast group. plicative group. Even if the adversary finds any one of the PUs
secret key P U SKi , then the adversary cannot use this P U SKi .
Because, we use dual authentication scheme in this proposed
VI. S ECURITY A NALYSIS
approach to participate in VANET communication. When the
In this section, we analyze the security strength of our adversary tries to use any other PUs P U SKi , the TA will also
proposed dual authentication scheme with respect to the at- ask the adversary user to complete the authentication process
tack models presented in Section III. The proposed group key to get authentication code before participating in the VANET’s
management scheme is analyzed for various attacks to support group communication. Moreover, if an adversary sends any
forward secrecy and backward secrecy as discussed in many information without including the authentication code, then
existing algorithms [14], [17], [18], [22]. The assumption of the receiving vehicles will not process the information. This
the implemented key management scheme is that an adversary property makes the situation infeasible for the adversary to use
might be a PU for some time and the TA keeps all user secret any other PUs secret key. Consequently, the adversary cannot
keys secretly. access the communication sent before join, which means the
i) Resistance to replay attack: In a replay attack, the proposed approach supports the initial security requirement.
malicious user re-injects the previously received messages or v) Forward secrecy: Forward secrecy is the technique of
packets back into the VANET. To protect our system from preventing a PU from accessing current communication after
replay attack and provide freshness to messages, our proposed leave operation. When a PU leaves the group, he or she may
scheme maintains time stamps to keep a cache of recently try to derive the group key by using any attacking methods. In
received messages through which the newly received messages the proposed algorithm, it is infeasible for a PU to compute the
can be compared. current group key after the leave operation from the group that
ii) Masquerade and sybil attacks: In this section, we ana- was explained for the backward secrecy technique. Because,
lyze the security properties of our proposed dual authentication when a PU vi leaves from the group, the TA subtract his or
scheme and will show how the scheme is effective for resisting her share value such as multiplication of xi and yi which is
masquerade and Sybil attacks. In many existing approaches, stored in vari from μ value to produce μ . This updated μ
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
VIJAYAKUMAR et al.: AUTHENTICATION AND MANAGEMENT TECHNIQUES FOR DATA TRANSMISSION IN VANETs 1025
TABLE II
is multiplied by the newly generated group key value kpug to
C OMPUTATION , S TORAGE AND C OMMUNICATION C OMPLEXITIES
form the rekeying message γpug . Therefore, a PU who had
already left for the service cannot find the new group key in
a feasible way since his or her personal keying information is
not included. The PU who had left from the group may try to
find kpug from the rekeying value which is sent as a broadcast
message from the TA in an infeasible method. In order to do
that, the PU has to multiply his or her secret key value with
all the numbers starting from 1 to q where q is the maximum
limit of group key value. At a certain point, it will give a value
ϑ = kpug (i.e. P U SKi × ω = ϑ). After finding this ω value,
the PU vi can find a set of numbers S that will divide the
number ω. Therefore, the value of S is defined as the set of
numbers {ω mod 1, ω mod 2, . . . , ω mod ω} = 0. Among the
set of numbers, newly generated group key kpug is also one of
the number (i.e., kpug ∈ S). In this case, if the size of P U SKi
is w bits, then the attacker has to perform 2w multiplication.
The time taken to derive kpug can be increased by choosing
a large P U SKi for each VANET user’s secret key. In this
work, the size of P U SKi must be 1024 bits and prior exper-
iments were conducted with 128 bits, 256 bits and 512 bits.
After finding the set of values S that divides the number
ω, the attacker (user left from the group) can find the new
group key by selecting the values from the set S by using
brute force attack by making 2s−1 attempts. Consequently, an communication in the PUs of VANET communication. The
adversary cannot find the group key in a feasible method in computation time is defined as the time taken to compute
order to access the current communication, which means the group key at the TA when group membership changes in the
second security requirement is also supported in our proposed VANET group. The communication time is defined as the
algorithm. time taken to broadcast the amount of information from TA
vi) Collusion attack: The Collusion attack is the one in in order to make the VANET users to recover the group key.
which two or more adversaries act as legitimate PUs when they Table II shows the computation and storage complexities of var-
are participating in the group and then cooperatively compute ious key management approaches, namely Chinese Remainder
the updated group key after leaving the group. Since, the value Group Key (CRGK) [15], Fast-Chinese Remainder Group Key
of vari is subtracted from μ after the leaving operation is (FRGK) [11], Key-tree Chinese Remainder Theorem (KCRT)
performed in a multicast group, any number of prior user’s [16], Number Theory Research Unit (NTRU) [24] and Elga-
collision will not be used to gain information about the con- mal Group Key Management (EGKM) [24] and our proposed
gruence system and to derive the updated group key kpug VANET Group Key Management (VGKM) which are based
as long as the pairwise relatively prime numbers are large. on the CRT. The notations used for comparisons are defined
The following scenario describes a kind of collusion attack in as: n is the number of users, τ is the maximum number of
which two adversaries act as legitimate users. Consider v1 as children of each node of the tree, EEA is the time taken to find
an adversary A who knows the key values P U SK1 , kpug and the inverse element of a multiplicative group using Extended
v3 as an adversary B who knows the key values P U SK3 and Euclidean Algorithm, exp represents the exponential operation,
kpug at time ‘t − 2’. In time ‘t − 1’, the adversary A leaves M represents the multiplication operation, D represents the
the group with the key values P U SK1 and kpug . B receives division operation, A represents the addition operation and S
the rekeying message γpug from the TA at the time ‘t’ and represents the subtraction operation.
computes kpug . In time ‘t + 1’, B leaves the group with the Among these schemes, the Number Theory Research Unit
two key values P U SK3 and kpug . Both of these adversaries (NTRU) based group key management scheme uses a multi-
exchanges their known key values P U SK1 , kpug , P U SK3 plication ring from which it chooses some polynomial values
and kpug . Using these known values, the adversaries A and B as private and public keys from which it computes a com-
cannot cooperatively find the updated group key kpug which is mon group key. Hence, the multiplication operation used in
broadcast at time ‘t + 2’ in a feasible amount of time since their this scheme is performed by using the convolution product
shares var1 and var3 are excluded from μ. method. All the remaining schemes use a multiplicative group
for choosing and computing the keys. Moreover, all the existing
schemes take O(n) for updating the group key when a single
VII. P ERFORMANCE A NALYSIS
authorized vehicle user joins or leaves from the secure VANET
We consider two performance metrics in our proposed communication. From Table II, it is evident that all the existing
scheme, namely the computation time and communication time approaches take more computation complexity if it is used in
for updating the group key in order to perform secure group the TA side in the VANET for computing the group key for
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1026 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
VIJAYAKUMAR et al.: AUTHENTICATION AND MANAGEMENT TECHNIQUES FOR DATA TRANSMISSION IN VANETs 1027
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.
1028 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, VOL. 17, NO. 4, APRIL 2016
[29] X. Cheng, L. Yang, and X. Shen, “D2D for Intelligent transportation Maria Azees received the B.E. degree in ECE and the
systems: A feasibility study,” IEEE Trans. Intell. Transp. Syst., vol. 16, M.E. degree in applied electronics from St. Xavier’s
no. 4, pp. 1784–1793, Aug. 2015. Catholic College of Engineering, Nagercoil, India,
[30] X. Cheng et al., “Electrified vehicles and the smart grid: The ITS per- affiliated under Anna University, Chennai, India, in
spective,” IEEE Trans. Intell. Transp. Syst., vol. 15, no. 4, pp. 1388–1404, 2011 and 2013, respectively. He is currently working
Aug. 2014. toward the Ph.D. degree with Anna University. His
[31] R. Zhang, X. Cheng, L. Yang, X. Shen, and B. Jiao, “A novel centralized research interests include security and privacy for
TDMA-based scheduling protocol for vehicular networks,” IEEE Trans. VANETs.
Intell. Transp. Syst., vol. 16, no. 1, pp. 411–416, Feb. 2015.
[32] X. Shen, X. Cheng, L. Yang, R. Zhang, and B. Jiao, “Data dissemination
in VANETs: A scheduling approach,” IEEE Trans. Intell. Transp. Syst.,
vol. 15, no. 5, pp. 411–416, Oct. 2014.
[33] X. Lin et al., “TSVC: Timed efficient and secure vehicular communica-
tions with privacy preserving,” IEEE Trans. Wireless Commun., vol. 7, Arputharaj Kannan received the Master of engi-
no. 12, pp. 4987–4998, Dec. 2008. neering and Ph.D. degrees in computer science and
[34] L. J. Deborah, R. Sathiyaseelan, S. Audithan, and P. Vijayakumar, “Fuzzy- engineering from Anna University, Chennai, India,
logic based learning style prediction in e-learning using web interface in 1991 and 2000, respectively. After completing the
information,” Proc. Eng. Sci., vol. 40, no. 2, pp. 379–394, Apr. 2015. master’s degree, he worked as an Assistant Professor
with Anna University, where he is presently working
as a Professor with the Department of Information
Science and Technology, Faculty of Information and
Communication Engineering. He has successfully
produced more than 20 Ph.D. candidates. He is the
author or coauthor of more than 100 papers in several
reputed journals such as Elsevier, Springer, IET, etc. His main thrust areas of
interest include artificial intelligence and database management systems.
Authorized licensed use limited to: Lancaster University. Downloaded on December 13,2020 at 19:53:39 UTC from IEEE Xplore. Restrictions apply.