1 Introduction

The rapid advancement in wireless technology has raised scope of mobile vehicles. These vehicles are intelligent enough to communicate with each other through intelligent processing equipment also known as On Board Units. This improves efficiency and safety of vehicles in road traffic [1]. In addition, it may provide information and information services when connected with internet. In recent years, a lot of work has been done on road networks; recently 802.11 p task group is working on the DSRC standard to support road networks. But, the inadequacy of existing research on road networks make them susceptible to malicious attacks. Such malign attacks may harm vehicles by propagating false information [2]. Due to this problem, digital signature is essential in messages on road networks. However, this again will create a problem, because information about vehicle route, driving conditions, and driver’s identity is revealed by signed messages, which may cause violation of privacy of drivers as well as, of passengers [3]. Hence, it is imperative for signed message that its signature must be kept anonymous. Nevertheless, if someone deliberately transfers false information, he shall seriously be reprimanded [4]. Also, the concept of using a regular digital signature is proposed. However, it fails to provide the legitimate security. Also, it involves the usage of a set of anonymous keys that shall change frequently. The demerit of this approach is that it will create a huge overhead. A better scheme is proposed by combining a posteriori and priori countermeasures but it is unable to differentiate the vehicles as well as, the process for determining threshold value is complicated [5, 6].

Moreover, if groups are dynamic then group managers can leave group at any time and newly selected group managers possess all the information about members [7]. Such problems have not been well addressed in most of these approaches. The Reported Server (RS) is completely trusted entity and so is the RSU. However, in reality there is a fair chance of compromising information of RSUs because they are located in open spaces. Also, if database of RS is compromised then attacker will get access to all information about pseudonym along with related real world identities and consequently, the whole system will suffer [36, 810].

1.1 Related Work

Road networks can be used for two types of communication that are given as follows:

  1. 1.

    Node to node communication

  2. 2.

    Mix Zone-based communication

According to node to node communication model, the vehicle gets a unique identification and it can communicate only to the neighbouring vehicle with the help of beacon signals (beaconing). Nevertheless, node-to-node communication uses the small transmission, and transmits only hello packets. This method can only be used in vehicle-to-vehicle communication. This model can be used for the simple node and geographic routing protocol algorithms. It may utilize more cost, high communication overhead and complex key distribution. The concept of mix zone-based communication may be the next level of road networks. Moreover, it follows some additional features. The idea of mix zone has been presented, which can broadcast some critical information by using road side units (RSU). But, RSU may cover more than one mix zone, and it also helps in communicating between the vehicles and certification authority (CA). Henceforth, mix zone based communication uses mix zone routing protocol (MZRP) and follows the mix zone based algorithm used in different kinds of communication. Also, mix-zone based routing may follow vehicle-to-vehicle communication (V2V) and vehicle-to-infrastructure communication (V2I). The mix zone-based communication can possess the public key only, so it is incapable to provide desired level of protection [36, 810].

In this paper, we present a dynamic pseudonymous based multiple mix-zones authentication protocol that provides privacy to mobile vehicles in road network. The contributions of this paper are provided as follows:

  1. (1)

    The protocol only expects dynamic pseudonymous changing behavior from reported server.

  2. (2)

    In case of reported server being compromised, no valuable information is disclosed to attacker.

  3. (3)

    RSUs do not know about actual identity of mobile vehicles. In case, if any or all of RSUs are compromised, no valuable information is revealed that can aid an attacker to identify a mobile vehicle.

  4. (4)

    The protocol provides privacy of a user. In case of detection of any malicious behavior, the actual identity of the attacker can be exposed on the request of law enforcement agencies. It also provides privacy guarantee for mobile vehicles i.e. it becomes challenging for an attacker to find real identity of mobile vehicles.

  5. (5)

    Finally, we have employed reality road map; where we have performed extensive simulations by Sumo simulator to evaluate threat of the accessed RSU problem. We have also compared our proposed method with existing methods based on several parameters. It shows that, our simulation results have outperformed existing techniques and provided better results in terms of obtaining high privacy preservation rate requiring a small number of pseudonym changes along with presenting the best performance.

2 Models and Design Goals

In this section, we discuss system model, threat model, design goals, assumptions and cryptographic tools. Security challenges generally include the use of public key signature. In this scenario, reported sever communication with mobile vehicle has to be achieved by using public key. Security and privacy may be the two big apprehensions for designing the road network. If these challenges are overlooked, it might lead to the severe ambiguities in placement of road network. It is imperative to note that unless proper measures are taken, road networks are vulnerable to various malicious attacks.

2.1 System Model

We have to consider that RS (Reported Server) and Mix-zone (MZ) are fully trusted; however, they never get communication message between vehicle to RS or MZ to RS because of dynamic changing pseudonyms between them. Each vehicle has a unique digital identifier or vehicle identity (VID). This VID is issued and installed in a vehicle’s mix-zones for registration from reported server. The VID is considered as a long term digital certificate that uniquely authenticates a vehicle. Similar to most of the dynamic pseudonymous authentication schemes, our protocol requires VID for dynamic pseudonymous issuance but the issuance of VID itself is not considered in this paper. In our system model, there exist five participants namely Reported Server (RS), Mix-Zones (MZ), Roadside Units (RSUs), Initiator Vehicle and Receiver Vehicle. Below is the description of each of them:

  1. (1)

    Reported server (RS): The responsibility of RS is to issue the base dynamic pseudonyms to vehicles after registration. The registration typically involves validating a VID and then encrypting VID-to-pseudonym information by mix-zones (MZ) public key. Subsequently, the plain text information about VID is deleted. This encrypted escrow information is used to resolve the pseudonym-real identity relationship in case of mix-zones. Note that, base pseudonym has longer life time than a short lived pseudonym in our protocol.

  2. (2)

    Mix-Zones (MZ): Any misbehaving node is reported by law enforcement agencies to the MZ. The MZ then reports the base pseudonym to RS and provides the associated private key that is later used by RS to decrypt the escrow information.

  3. (3)

    Roadside Units (RSUs): RSU is an infrastructure with powerful communication capabilities. RSUs are deployed with roadside. They are connected with RS and MZ directly (preferably through wired medium). In our protocol, the responsibilities of RSUs are (i) to verify base pseudonym and issue short term pseudonyms (ii) provide base pseudonym of the misbehaving vehicle, whose short term pseudonym is reported to MZ by law enforcement agencies.

  4. (4)

    Initiator Vehicle: The initiator vehicle is the broadcaster of the message.

  5. (5)

    The receiver vehicle: These are all those vehicles that receive the messages sent by initiator vehicle. They need to authenticate the message as they receive.

2.2 General Architecture

The advancement in the field of wireless communication and information technology has drastically changed many aspects of human life. The combination of these technologies makes life easier and provides conveniently accessible services for humanity. One of the most benefited aspect is the development in the technology of advanced vehicle safety. Consequently, the advent of latest techniques in wireless information and communication technologies allow manufacturers to incorporate ICT in their vehicles. This renders vehicle safety, traffic efficiency, driver assistance and infotainment [1114]. The vehicles possessing these modern technology equipment can communicate with each other and with the RSU located near the roads. This leads to the innovative era in the field of communication and the formation of self-organized networks. As discussed earlier, the road side unit which is placed near the roads is also connected with the backbone network. This type of network is known as road network. In such a scenario, both vehicle and RSUs act as end points and routers. This formulates ad-hoc nature road network that supports context awareness and is known to be the first commercial implementation of MANETs (mobile ad-hoc networks) [15]. This enables vehicles to use various useful features of distinct applications like disaster warning system, traffic information control and prevention systems, climate and weather conditions observing, etc. Additionally, it also enjoys online entertainment, advertisement and promotions. Generally, every vehicle acts on a peer-to-peer mode that enhances the available bandwidth resources and also provides connectivity to the diverse geographical locations. Research organizations may apply these communication techniques to improve intelligence, security and efficiency of transportation system. This type of adhoc network may help vehicle-to-vehicle communication when the vehicle is moving at a fast pace and vehicle to infrastructure communication when the vehicles speed is slow or stationery. It may provide numerous safety and non-safety applications [16, 17].

The road network communication can be of three types as shown in Fig. 1.

Fig. 1
figure 1

Road network communication model

Full size image
  1. 1.

    Vehicle to Vehicle Communication.

  2. 2.

    Vehicle to RSU Communication.

  3. 3.

    Communication between Road Side Unit and the base station.

Vehicular communication consists of several applications from simple exchange of vehicle information to very complex information like infrastructure integration. Whereas, authentication is the key in each and every phase of communication. Various features related with VANETs are in the inception phase and yet to be refined and standardized. However, general overview of the system gives the reflection of basic mechanism, components and constraints involved in the system [18].

While discussing road networks, it is imperative to note that there are several distinct features that need to be taken into consideration when security is to be incorporated. These features include; (a) The type of communication: Vehicular adhoc networks work on the basis of node to node communication, where each node is responsible to establish connection with another node for the sake of information sharing (b) Mobility & Dynamic-nature: It is obvious from the previous discussion that road networks are type of MANETs and hence, the mobility feature is inherited from the parent. However, in road network, the nodes change their position constantly with different speed and direction except RSU because it is installed along the road. Eventually, network becomes very dynamic in nature. (c) Frequent exchange of information: As we know that nodes are mobile in VANETs, therefore, the nodes are continuously exchanging information with other nodes inside road network. (d) Real time processing & self-organizing: As discussed VANETs properties above, it requires immediate processing of critical information that must take short amount of time to exchange information correctly. (e) Infrastructure-less nature: In VANETs nodes are connected with each other without any physical medium; hence it is completely based upon ‘infrastructure less’ environment. (f) Low volatility: In VANETs, the time span for the nodes which are in range of communication is very small. (g) Data value versus distance: The communication range of VANETs is about 5–10 km. As mentioned above, virtual groups are created to connect and exchange information. We can divide VANETs communication in terms of following three units. Firstly, OBU that can enable V2V and V2I communication. Secondly, they have the set of sensors which are used to measure different properties of the vehicles i.e. Fuel consumption and its environment like slippery road, safety distance. Therefore, this critical data can be shared with other vehicles to improve their awareness and road safety. Last but not the least, a TPM (Trusted Platform Module) is often mounted on vehicles. However, these devices are specially used for the security purpose because, they offer reliable storage and computation. They may have a reliable internal clock and are supposed to be tamper-resistant or at least tamper-evident (Papadimitratos et al. 2006) [8]. Hence, this allows critical information like user credential or pre-cash information to get reliably stored.

3 Dynamic Pseudonymous Based Multiple Mix-Zones Authentication Protocol

We have presented the scheme that are used to provide dynamic base pseudonyms multiple mix-zones on road networks. In this section, the requirements of the anonymous authenticated key agreement protocol are specified initially. Then the protocol is presented in detail. Afterwards, the message format used to address the destination vehicle is described. An anonymous authenticated key agreement protocol can be applied when two vehicles which are part of the same group, want to communicate confidentially with each other without leaking their identity neither to the other vehicle nor to parties eavesdropping the exchanged messages. The identity of the other vehicle is not known at the time the protocol execution is initiated (Table 1).

Table 1 Notation description
Full size table

The RS will be responsible to initialize the system parameters for each mobile vehicle member which is registered over the road network. Corresponding key and pseudo identity is generated by each vehicle over the road network. Moreover, each vehicle is furnished with a tamper-proof device, while no eavesdropper can get access to the stored data in that device. The system may be modeled as stated below.

3.1 Scheme Generation

RS will store \({\text{V}}_{\text{i}} = \{ {\text{ID}}_{{{\text{r}}_{\text{i}} }} |1 \le {\text{i }} \le {\text{n}}\} .\)

  1. (1)

    Given the bilinear parameters (\({\mathcal{H}},\) \({\mathbb{Q}},\) \({\mathbb{G}}, {\mathbb{G}},\) E), the RS would select four arbitrary numbers, i.e., \({\text{s}}1, {\text{s}}2, {\text{s}}3, {\text{sr }} \in {\mathbb{Z}}_{{\mathcal{H}}} .\)

  2. (2)

    The RS computes \({\text{P}}_{{{\text{key}}_{1} }} = {\text{s}}1{\text{P}}, {\text{P}}_{{{\text{key}}_{2} }} = {\text{s}}2{\text{P}}, {\text{and Key}}_{{{\text{i}},{\text{j}}}} = {\text{s}}3{\text{P}}.\)

  3. (3)

    Every vehicle has tamper-proof device which in turn, is secretly preloaded with the parameter values {s1, s2, s3}.

  4. (4)

    Additionally, Road Side Unit will secretly be preloaded with the parameter values {\({\text{Key}}_{{{\text{i}},{\text{j}}}}\) r, \({\text{RSU}}_{\text{i}}\)}.

3.2 Key Generation Mechanism and Pseudonym

  1. (1)

    RS would calculate \({\text{P}}_{{{\text{key}}_{1} }} = = {\text{sr RSUi and P}}_{{{\text{key}}_{\text{r}} }} = {\text{srP}}.\) So, the RS private key can be modeled as \(\left( {{\text{P}}_{{{\text{key}}_{1} }} {\text{r}}, {\text{SP}}_{{{\text{key}}_{1} }} {\text{r }}} \right).\)

  2. (2)

    The vehicle, which can be represented by \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\), selects an arbitrary number ri \({\mathbb{Z}}_{{\mathcal{H}}}\).

  3. (3)

    \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\) computes \({\text{Pseu}}_{\text{ID}}^{1} = {\text{riP and Pseu}}_{\text{ID}}^{2} = {\text{RSU}}_{\text{i}} \oplus {\text{H}}\left( {{\text{riP}}_{{{\text{key}}_{1} }} } \right).\)

  4. (4)

    Vi computes \({\text{P}}_{{{\text{key}}_{1} }}\) = s1 \({\text{Pseu}}_{\text{ID}}^{1}\) and \({\text{P}}_{{{\text{key}}_{2} }}\) i = s2H(\({\text{Pseu}}_{\text{ID}}^{1} ,{\text{Pseu}}_{\text{ID}}^{2}\)).

3.3 Dissemination of the System Parameters

(1) The system parameters (H, \({\mathbb{Q}}\), \({\mathbb{G}},{\mathbb{G}}\), E, \({\text{P}}_{{{\text{key}}_{1} }}\), \({\text{P}}_{{{\text{key}}_{2} }}\), \({\text{P}}_{{{\text{key}}_{\text{r}} }}\)) are preloaded by each road network mobile vehicle.The private material should be kept confidential during system initialization phase. In the first phase, vehicle’s tamper-proof device gets populated with the private master keys {s1, s2, s3} during the system parameter generation process. Furthermore, the device which is tamper-proof, generates the value (\({\text{Pseu}}_{\text{ID}}^{1} ,{\text{Pseu}}_{\text{ID}}^{2}\)) and the relative privacy key (\({\text{P}}_{{{\text{key}}_{1} }}\),\({\text{P}}_{{{\text{key}}_{2} }}\)) in the pseudonym and key generation procedure. This mechanism is based on the feature which is known as cyclic group discrete logarithm hence, it is strenuous to get s1 and s2 from the given reserved key. The identity information (\({\text{Pseu}}_{\text{ID}}^{1} ,{\text{Pseu}}_{\text{ID}}^{2}\)) is a penname that may acquire privacy preservation. However, vehicle Vi will generate a different pseudo identity while entering the communication distance of next RSU, where \({\text{Pseu}}_{\text{ID}}^{1}\) = ri· P, \({\text{Pseu}}_{\text{ID}}^{2}\) = \({\text{ID}}_{{{\text{r}}_{\text{i}} }} | \oplus\) H (ri·, \({\text{P}}_{{{\text{key}}_{1} }}\)), whereas, ri value must be different in different regions. (\({\text{P}}_{{{\text{key}}_{1} }}\),\({\text{P}}_{{{\text{key}}_{2} }}\)) are the private keys which are used by the RSU as a verifier, and they are calculated without ri.

3.4 Message Signing

In this process, the message is broadcasted by the vehicles on road network. Additionally, to confirm the security of the message and the validity of the sender, this process further ensures that every message that is directed by the vehicle must be encrypted by its private key. The whole process of message encryption can be described as below:

  1. (1)

    Vehicle \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\), where i ∈ (1, 2, 3,…, n), produces associated information \({\text{M }}_{\text{i}}\), where \({\text{M }}_{\text{i}}\) = M \(\parallel\) T.

  2. (2)

    \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\), selects pseudo identity \({\text{Pseu}}_{\text{ID}}\) and the relative private key value \({\text{P}}_{\text{key}}\) from the robust tamper-proof device. Then \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\) will sign on message \({\text{M }}_{\text{i}}\) where, \(\aleph_{\text{i}}^{1}\) = \({\text{P}}_{{{\text{key}}_{1} }}\), + h(\({\text{M }}_{\text{i}}\) =) \({\text{P}}_{{{\text{key}}_{2} }}\).

  3. (3)

    The tamper-proof device of \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\), produces \(\aleph_{\text{i}}^{1}\) with s3, where \(\aleph_{\text{i}}^{2}\) = (ri + s3(h(\({\text{M }}_{\text{i}}\) =)\({\text{P}}_{{{\text{key}}_{2} }}\)) + \(\aleph_{\text{i}}^{1}\)))\({\text{P}}_{{{\text{key}}_{\text{r}} }}\).

  4. (4)

    Then,\({\text{ID}}_{{{\text{V}}_{\text{i}} }}\) ends the message {\({\text{Pseu}}_{\text{ID}}\),\({\text{M }}_{\text{i}}\) =)\({\text{P}}_{{{\text{key}}_{2} }}\), \(\aleph_{\text{i}}^{1}\), \(\aleph_{\text{i}}^{2}\), \(\aleph_{\text{I}}^{1}\)} to the additional contestants in the locality.

From the above discussion, one can infer that by comparing the signatures which are produced by private keys, we have combined \({\text{P}}_{{{\text{key}}_{\text{r}} }}\) with the vehicle’s private keys to sign the appropriate vehicular messages. Moreover, the stated signature scheme is based on the identity based encryption algorithm, which assists in mapping among publically available identities. Also, there is not any need of certificates when verifying the messages. Alternatively, we may comprehend that only small length pseudo identity will be sent i.e., |\({\text{Pseu}}_{\text{ID}}\)| = |(\({\text{Pseu}}_{\text{ID}}^{1} \left| \,+\, \right|{\text{Pseu}}_{\text{ID}}^{2}\)| consisting of forty two bytes. Categorically, we may say that the vehicular message signature size would be eighty four bytes, i.e. |\({\text{Pseu}}_{\text{ID}}\)| + |\(\aleph_{\text{i}}^{1}\)| + |\(\aleph_{\text{I}}^{1}\)| = 84 bytes.

3.5 Verification by Proxy Vehicles

In this process, multiple messages are authenticated by the proxy vehicle and then output will be sent to those vehicles which have fairly little computing capabilities. Researcher in this scenario, proposes most efficient proxy vehicle selection technique. It is evident from the above discussion that vehicles must possess additional computation capabilities to assist other entities in the network. Also, the vehicles can communicate with each other by remaining in the same area. For secure communication, every vehicle must sign and then send a message. Whereas, the vehicles which do not have computation resources, the RS will debase to regular verification scheme. This signature scheme is built on ID cryptography, and the certificates of proxy vehicles are not pre-stored by the RSUs. Proxy vehicle authentication process can be explained as below:

(1) The messages {\({\text{Pseu}}_{\text{ID}}\), \({\text{M }}_{\text{i}}\), \(\aleph_{\text{i}}^{1}\), \(\aleph_{\text{i}}^{2}\)} sent by \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\), i ∈ (1, 2, 3,…, n), are accepted by a proxy vehicle Vproxy. However, Vproxy may validate that the signatures in group, i.e., \(\aleph_{\text{i}}^{1}\), i ∈ (1, 2, 3,…, n), are legal if they satisfy:

$${\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} \aleph_{\text{i}}^{1} ,{\text{P}}} \right) = \left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{Pseu}}_{\text{ID}} , {\text{P}}_{{{\text{key}}_{1} }} } \right) \times {\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right){\text{H}}\left( {{\text{Pseu}}_{\text{ID}}^{1} \parallel {\text{Pseu}}_{\text{ID}}^{2} } \right)_{{}} ,{\text{P}}_{{{\text{key}}_{2} }} } \right)$$

Thus, before starting the verification procedure, public key is obtained by the proxy vehicle i.e. (\({\text{P}}_{{{\text{key}}_{1} }}\), \({\text{P}}_{{{\text{key}}_{2} }}\)), and hence, acknowledge the message \({\text{M }}_{\text{i}}\), the signature \(\aleph_{\text{i}}^{1}\) of \({\text{M }}_{\text{i}}\), and the pseudo identity (\({\text{Pseu}}_{\text{ID}}^{1}\), \({\text{Pseu}}_{\text{ID}}^{2}\)),) from each surrounding vehicle \({\text{ID}}_{{{\text{V}}_{\text{i}} }}\). Then, E(\(\mathop \sum \nolimits_{\text{i}}^{\text{n}}\) = 1 \(\aleph_{\text{i}}^{1}\), P) and E(\(\mathop \sum \nolimits_{\text{i}}^{\text{n}}\) = 1 \({\text{Pseu}}_{\text{ID}}^{1}\), \({\text{P}}_{{{\text{key}}_{1} }}\)) E(\(\mathop \sum \nolimits_{\text{i}}^{\text{n}}\) = 1 h(\({\text{M }}_{\text{i}}\)) H (\({\text{Pseu}}_{\text{ID}}^{1} \parallel {\text{Pseu}}_{\text{ID}}^{2}\)), \({\text{P}}_{{{\text{key}}_{2} }}\)) may be computed by the proxy vehicle. Furthermore, if this is equal, then it can be assumed that the reliability of the messages and the identities of the message source are verified. The legitimacy of Eq. (1) can be proved as below:

$${\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} \aleph_{\text{i}}^{1} ,{\text{P}}} \right) = {\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{P}}_{{{\text{key}}_{1} + }} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right){\text{P}}_{{{\text{key}}_{2} }} ,{\text{P}}} \right) = {\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{P}}_{{{\text{key}}_{1} }} ,{\text{P}}} \right){\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right){\text{P}}_{{{\text{key}}_{2} }} ,{\text{P}}} \right)$$
$${\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{S}}_{1} {\text{Pseu}}_{\text{ID}}^{1} ,{\text{P}}} \right){\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{S}}_{2} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right){\text{H}}\left( {{\text{Pseu}}_{\text{ID}}^{1} \parallel {\text{Pseu}}_{\text{ID}}^{2} } \right),{\text{P}}} \right)$$
$${\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{S}}_{1} {\text{Pseu}}_{\text{ID}}^{1} ,{\text{P}}} \right){\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{S}}_{2} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right){\text{H}}\left( {{\text{Pseu}}_{\text{ID}}^{1} \parallel {\text{Pseu}}_{\text{ID}}^{2} } \right),{\text{S}}_{2} {\text{P}}} \right)$$
$${\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{S}}_{1} {\text{Pseu}}_{\text{ID}}^{1} ,{\text{P}}_{{{\text{key}}_{1} }} } \right){\text{E}}\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{S}}_{2} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right){\text{H}}\left( {{\text{Pseu}}_{\text{ID}}^{1} \parallel {\text{Pseu}}_{\text{ID}}^{2} } \right),{\text{P}}_{{{\text{key}}_{2} }} } \right)$$
(1)

Then, Vproxy computes \(\mathop \sum \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1} \in {\mathbb{Z}}_{{\mathcal{H}}}\), \(\mathop \prod \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2} \in {\mathbb{Z}}_{{\mathcal{H}}}\) and sends {Mproxy, IDproxy, \(\aleph_{\text{proxy}}^{1}\) proxy} to a Road Side Unit. It can be denoted as Mproxy = M \(\mathop \sum \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1}\) + \(\mathop \prod \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2}\) \({\text{Pseu}}_{{{\text{ID}}_{\text{i}} }}\), \({\text{i }} \in \left( {1, 2, 3, . . . , {\text{n}}} \right),\) hence, the authentication results that are generated by the proxy vehicle are incorporated in M. Also, {M = a} shows that the set of messages are valid whereas, {M = b} shows that the set of messages are invalid. Signature value \(\aleph_{{}}^{1}\) proxy is produced by V proxy’s privacy key (\({\text{P}}_{{{\text{key}}_{1} }}\) proxy, \({\text{P}}_{{{\text{key}}_{2} }}\) proxy). Additionally, it has been assumed that n different messages are verified by a proxy vehicle so, RSU may not need to acquire all signatures because they can be computed as Σ \(\mathop \sum \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1}\) and \(\mathop \prod \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2}\).

3.6 Authentication by an RSU at Outputs from Proxy Vehicles

RSUs are responsible to authenticate the results that are generated by the proxy vehicle. Also, the system would remove fake results and repeal malevolent proxy vehicles. RSU authentication process from the proxy vehicle contains these three steps.

Task (1) It has to be guaranteed that the message must be coming from the real proxy vehicle and there must not be any tempered message by forwarding nodes.

Task (2) It must be ensured that the result coming out of proxy vehicle must include precise authentication result by using batch verification process.

Task (3) If RSU finds any proxy vehicle as malicious, it must revoke it. This mechanism can be elaborated as follows:

When received {Mproxy, \({\text{P}}_{{{\text{key}}_{\text{proxy}} }}\), \(\aleph_{\text{proxy}}^{1}\)}, the RSU initiates Task (1) to authenticate if the single signature \(\aleph_{\text{proxy}}^{1}\) is legal. The single signature authentication procedure has been described and verified in [7]. If this process is authentic, then the factual identities are traced by the RS of this batch of vehicles by calculating \({\text{ID}}_{\text{r}}\) = \({\text{Pseu}}_{\text{i}}^{2} \oplus\) H (s1· \({\text{Pseu}}_{\text{i}}^{1}\)). These results seem to be legal and the set of messages are validated if the subsequent equation holds:

$${\text{E}}\left( {\mathop \prod \limits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2} ,{\text{RSU}}_{\text{r}} } \right) = {\text{E}}\left( {\mathop \prod \limits_{{{\text{i}} = 1}}^{\text{n}} {\text{Pseu}}_{\text{ID}}^{1} \left[ {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \aleph_{\text{i}}^{1} } \right]{\text{P}}_{{{\text{key}}_{1} }} {\text{P}}_{{{\text{key}}_{21} }} } \right)$$
(2)

As discussed earlier, RSU has previously acquired its private key (\({\text{P}}_{{{\text{key}}_{1} }} ,{\text{P}}_{{{\text{key}}_{21} }}\)) and extracted \(\mathop \sum \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1}\), \(\mathop \prod \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2}\) from the message Mproxy, during the process of verification. The RSU computes \({\text{E}}\left( {\mathop \prod \nolimits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2} ,{\text{RSU}}_{\text{r}} } \right)\) with \({\text{RSU}}_{\text{r}}\), and \({\text{E}}\left( {\mathop \prod \nolimits_{{{\text{i}} = 1}}^{\text{n}} {\text{Pseu}}_{\text{ID}}^{1} \left[ {\mathop \sum \nolimits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \aleph_{\text{i}}^{1} } \right]{\text{P}}_{{{\text{key}}_{1} }} {\text{P}}_{{{\text{key}}_{21} }} } \right)\), respectively. Moreover, if condition does not meet in (3), then it is considered that the proxy vehicle is malicious. So, receiving feedback from RSU, the RS will cancel the malevolent proxy vehicle and in turn, will avoid it from distressing the verification process later. The authenticity of (3) can be confirmed as follows:

$$\begin{aligned} {\text{E}}\left( {\mathop \prod \limits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{2} ,{\text{RSU}}_{\text{r}} } \right) & = {\text{E}}\left\{ {\left[ {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{r}}_{\text{sk}} + {\text{s}}_{3} \left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \mathop \sum \limits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1} } \right)} \right]{\text{P}}_{{{\text{key}}_{\text{r}} }} ,{\text{RSU}}_{\text{r}} } \right\} \\ & = {\text{E}}\left\{ {\left[ {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{r}}_{\text{sk}} + {\text{s}}_{3} \left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \mathop \sum \limits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1} } \right)} \right]{\text{s}}_{\text{r}} {\text{P}},{\text{RSU}}_{\text{r}} } \right\} \\ & = {\text{E}}\left\{ {\left[ {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{r}}_{\text{sk}} + {\text{s}}_{3} \left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \mathop \sum \limits_{{{\text{i}} = 1}}^{\text{n}} \aleph_{\text{i}}^{1} } \right)} \right]{\text{P}},{\text{s}}_{\text{r}} {\text{RSU}}_{\text{r}} } \right\} \\ & = {\text{E}}\left\{ {\left( {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{r}}_{\text{sk}} } \right){\text{P}}.{\text{s}}_{3} {\text{RSU}}_{\text{r}} \left[ {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \aleph_{\text{i}}^{1} } \right]{\text{P}},{\text{s}}_{\text{r}} {\text{RSU}}_{\text{r}} } \right\} \\ & = {\text{E}}\left\{ {\mathop \prod \limits_{{{\text{i}} = 1}}^{\text{n}} {\text{Pseu}}_{\text{ID}}^{1} \left[ {\mathop \sum \limits_{\text{i}}^{\text{n}} {\text{h}}\left( { {\text{M }}_{\text{i}} } \right) + \aleph_{\text{i}}^{1} } \right]{\text{P}}_{{{\text{key}}_{1} }} {\text{P}}_{{{\text{key}}_{21} }} } \right\} \\ \end{aligned}$$
(3)

The cost of computation incurred by RSUs on authenticating n signatures may be equal to that of the one incurred on inspecting a proxy vehicle’s operation. Considering the above discussion, it can be concluded that the total cost would be equivalent to one multiplication and two pairing operations. Moreover, the total cost that incurred by an RSU for authenticating n signatures encompasses of n multiplications and three pairing operations. Because of different vehicle’s contribution, session keys can be distinct on \({\text{RSU}}_{\text{i}}\). The broadcast message {\({\text{P}}_{{{\text{key}}_{\text{r}} }}\), T, \(\aleph_{\text{r}}^{{}}\)} by the RSU comprises of a 21-byte public parameter and 21-byte signature, i.e., |\({\text{P}}_{{{\text{key}}_{\text{r}} }}\)| + |\(\aleph_{\text{r}}^{{}}\)| = 42 bytes.

4 Experiments and Evaluation

4.1 Experiment Setup

We have evaluated our proposed method with SUMO simulator [22], and Real Northwest Atlanta region Map is used as depicted in Fig. 2. The computation overheads are calculated at MNN by using crypto++ [19, 21] and MIRACL [20] benchmarks. We have based our analysis by covering a large area of 14 km × 12 km and over 10,000 vehicles moving at a varying speed.

Fig. 2
figure 2

Simulation scenario

Full size image

4.2 Performance Evaluation

We have compared our protocol performance with existing protocol for computation overhead. Maping to point hash function requires time which is denoted by Tmtp whereas, one point multiplication performance time is donated by Tmul. Finally, pairing operation performance time is denoted by Tpar. The experiments are performed on an Intel i5 2.4-GHZ machine for computing times as shown in Fig. 3. The signing of a single message and n messages computation overhead of all schemes is shown in Table 2.

Fig. 3
figure 3

Computing time

Full size image
Table 2 Computation overheads
Full size table

The elements in \({\mathbb{G}}\) and \({\text{G}}_{\text{i}}\) are 64 × 2 = 128 bytes and 20 × 2 = 40 bytes respectively. The comparison of computation cost is presented in Table 3. Also, the communication cost of the b-SPECS + scheme [3] is 128 × 6 + 4 = 772 bytes. Thus, the communication cost of GKAVIN and LAM scheme [4, 6] is 128 × 5 + 4 = 644 bytes. So, the communication cost of our proposed scheme is 40 × 3 + 4 = 124 bytes and so on [5]. Evidently, based on the results obtained in our scheme after comparing computation cost and communication cost, we conclude that our scheme has outperformed other existing schemes.

Table 3 Comparason of communication cost
Full size table

5 Conclusions

In this paper, we have proposed an efficient dynamic pseudonymous based multiple mix-zones authentication protocol over road networks for privacy preservation in order to enhance the security of road networks. We have employed the reality road map; where extensive simulations by Sumo simulator are performed to evaluate the threat of the accessed RSU problem. We have also compared our proposed method with existing methods based on several parameters. Based upon detailed analysis, it is evident that, our simulation results have outperformed existing techniques and provided better results in terms of obtaining high privacy preservation rate. It is also evident that our scheme requires a small number of pseudonym changes while giving the best performance.