A novel lightweight authentication and privacy-preserving protocol for vehicular ad hoc networks

Vehicular ad hoc network (VANET) is commonly employed in intelligent transportation system (ITS) that allows the exchange of traffic data among vehicles and nearby environment to accomplish effective driving experience. Privacy and security are the challenging issues that exist in the safety needs of the VANET. Any particular leakage of the vehicle details such as route data might result in serious impacts, and therefore, authentication and privacy-preserving protocols are needed to enhance safety in VANET. With this motivation, this paper presents a new lightweight authentication and privacy-preserving protocol using improved timed efficient stream loss-tolerant authentication with cuckoo filter (ITESLA-CF) for VANETs. The proposed model encompasses different stages of operations such as initialization, registration, mutual authentication, broadcast and verification, and vehicle revocation phases. In addition, the ITESLA-CF technique has effective broadcast authentication as TESLA with minimal memory requirement. Besides, the ITESLA-CF technique includes a cuckoo filter to save the authentic information of vehicles that exist in the RSU’s range. The proposed model has lightweight mutual authentication among the parties and it offers robust anonymity to accomplish privacy and resists ordinary attacks. To ensure the better performance of the ITESLA-CF technique, an extensive set of simulations take place and the results are assessed in terms of different measures. The resultant experimental values pointed out the supremacy of the ITESLA-CF technique over the recent state of art methods.


Introduction
Vehicular ad hoc network (VANET) is generated by employing the standards of Mobile Ad hoc Network (MANET). It is depending upon the impulsive nature of a wireless network for transferring data [1]. The communications are validation is a significant role in this scheme. Thus, the major goal of the designers is to create a VANET highly protected. In validation time, vehicle's privacy correlated data such as private data and data regarding the position should be kept in private. It has Many kinds of validation scheme is available for maintaining the privacy correlated data. Figure 1 showcases the overview of VANET.
Though the benefits of VANETs are significantly increasing, the dynamics of VANET (vehicle could leave and join without restriction) together with a multitude of scheme and application interrelated requirement makes it extremely difficult for designing an effective method to ensure privacy of the vehicle [7]. Simultaneously, guaranteeing privacy of the vehicle (driver) is the most difficult problems where an effective solution should be made or else an adversary can track vehicles traveling routes by analyzing and capturing its message [8] and find the vehicles (drivers) that might contain serious impact for the drivers. To tackle this problem, several scientists have projected procedures where vehicles can utilize pseudonym rather than their real identity in transmission simultaneously allowing authorities for extracting the real identity from pseudonyms to punish and trace mischievous vehicles. This protocol is known as conditional privacy-preserving protocol. Allocating pseudonyms to vehicles and modifying them regularly is another approach utilized for ensuring privacy of the vehicle. For maximizing privacy, vehicles should modify pseudonyms more often though the occurrence of these changes remains uncertain. Features such as storage size and availability play a significant part in defining the rate whereat the pseudonym must be modified. Most of the studies in the survey tackling privacy, security, and authentication utilize TA to obtain and load OBU and RSU by security variables such as pseudonyms, keys, and certificates.
Conventional methods to authenticate and secure message dissemination, mainly depending upon key management and message encryption, could assure secure message interchange among destination pair and known sources. This method cannot directly be employed in terms of VANET because of the dynamics of VANET. Message dissemination in VANET could be susceptible to inside attacks (viz., attacks from valid VANET members), that might damage the content of disseminated message or transmit malicious message. Therefore, guaranteeing the authenticity and integrity of the transferred message in VANET is a significant problem. This paper presents a new lightweight authentication and privacy-preserving protocol using Improved Timed Efficient Stream Loss-Tolerant Authentication with Cuckoo Filter (ITESLA-CF) for VANETs. The ITESLA-CF technique aims to achieve effective broadcast authentication as TESLA with minimal memory requirement. Moreover, the ITESLA-CF technique comprises a CF to store the authentic data of vehicle that exist in the RSU's range. The presented model has lightweight mutual authentication among the parties and it offers robust anonymity to accomplish privacy and resists ordinary attacks. For ensuring the improved efficiency of the ITESLA-CF technique, a series of experiments were performed and the results are examined in terms of several metrics.

Literature review
Alfadhli et al. [9] proposed a light-weighted system, SD2PA, depending upon a common Hash Function (HF) for VANET. This technique confronts the non-safe driving issue caused by the crucial driving region. Furthermore, the vehicle validation is made using VANET scheme administrator in the vehicles moving; hence, the validation redundancies for the whole systems are deceased and system management efficacy is improved. Yu et al. [10] proposed a privacy-preserving lightweighted authentication protocol for the demand response management in the SG environment for addressing the security limitations. The presented protocol resists several attacks and guarantees secure mutual anonymity and authentication. They calculated the security factors of the projected system by informal security analyses and verified the session key security of projected system by the ROR module.
Sathya Narayanan [11] presents a protocol, i.e., SSVC for enabling reliable and secure transmission in VANET. The aim of this study is to decrease the latency and enhance the transmission efficacy of network. Initially, a network is made by n amount of vehicles, and neighbor finding is executed through WAVE protocol. Alazzawi et al. [12] utilized a novel concept for generating pseudonyms for the vehicles while all the on-board unit (OBU) keeps one pseudonym, called "pseudonym root," and generate each pseudonym from a similar pseudonym. Thus, OBU no needs to expand its storage. In addition, the system does not utilize bilinear pairing process which causes computational overhead, and it has no certification revocation listed which results in computational and transmission overhead. This system has light-weighted mutual validation among the entire parties. Furthermore, it gives stronger anonymity for preserving privacy and resists regular attacks.
Ali and Li [13] proposed an effective ID-CPPA signature system depending upon bilinear map for V2I transmission. This system utilizes common 1 way HF instead of map to point HF. This raises the efficacy by signing and authentication of message at the RSU is executed. In Alfadhli et al. [14], a strong verification solution must deliberate these security problems and the nature of resource-limited nodes. It utilizes an integration of PUF and one-time dynamic pseudo-identity as verification factor. In addition, it removes the heavyweight dependency on the scheme key through decentralizing the broad area of CA to local areas and attains strong controller of the domain key.
Moni and Manivannan [15] proposed a scalable, distributed, privacy-preserving authentication, low overhead system for VANET. This technique utilizes an MHT to authenticate RSU and MMPT vehicles. Feng et al. [16] presented an EPAM, leveraging the asynchronous accumulator for extending the blockchain application. In addition, with the design of mutual authentication protocol, they attain privacy features such as unlinkability and anonymity in the deliberation of semitrust RSU.
Xiong et al. [17] present a CPPA with double insurance support batch authentication for VANET that is created in cyclic group on elliptical curves. Moreover, the master private key or vehicle private key is revealed, it is not possible for forging a valid authenticated message for deceiving the receivers that attain double insurance for the private key. If the multiple messages are attributed, this CPPA-D system permits the recipient to execute batch authentication for improving the efficacy. In Li et al. [18], a light-weighted authentication protocol in a proper transmission module for VANET encounters the privacy protection requirements, using HF and exclusive OR function. Prover if is utilized for verifying the protocol security, and the result shows that privacy could be assured in the simulated attacker.

Problem statement
As displayed in Fig. 2, the VANET framework in this study has fixed RSU at the roadside, trust authority (TA), and OBU fitted on mobile vehicles.
• Trust authority (TA): The TA is a trusted third party that is a registration center for RSU and OBU, and would not compromise [19]. TA and RSU interact by secure communication protocols, like TLS protocol. For avoiding an individual point of failures or bottleneck, redundant TA has similar databases and functionalities that are connected. • RSUs: The RSU is confidential and difficult that exists compromised. The RVC range is double of the IVC range to guarantee when an RSU obtains a message, each vehicle receives a similar message that exits from the possible range to obtain the notice from the RSU. • It utilizes traditional public key infrastructure (P-KI) to initiate handshaking. All the vehicles V i have a traditional private key SK i and a public key PK i , and the PK i is called TA. The public key PK TA of TA is called by every person. All the RSU transmits its public key PK R using the message occasionally to the vehicle that is traveling at the RVC range [20]. Thus, PK R is called through the whole vehicles near. It is not necessary for the vehicle to be familiar with the public keys of another vehicle to evade message overhead for swapping certificates. The private keys of TA, RSU and V i are SK TA , SK R and SK V i correspondingly and are saved confidential with the respective parties.
The projected system aims to attain the succeeding security purposes: • Message integrity and authentication: The vehicle can authenticate that messages are transmitted and signed with other vehicle with no modification by others. • Identity privacy preserving: Some third party is not capable to attain the vehicle real identity as examining many messages transmitted with a similar vehicle. • Traceability and revocability: An id of vehicle must be unseen in usual message receptor in the verification procedure for protecting the transmitter's private data; when it is essential, the TA must have the capability for attaining the vehicle real id and revoke it from upcoming use. • Collusion resistance: If numerous vehicles get together, they still could not create a valid signature for other vehicles. Noted that, in this study, they do not assume the insider adversary, viz., RSU does not get together by other vehicles to disclose the confidential content. • Replaying resistance: The malicious vehicle could not store and gather a signed message and try to send it at a late time if the original message is not valid.

The proposed model
The proposed model encompasses different stages of operations such as initialization, registration, mutual authentication, broadcast and verification, and vehicle revocation phases. The detailed working of these processes is neatly explained in the succeeding sections.

Stage I: initialization process
In this section, the TA operates in creating the fundamental scheme variables. This parameter is distributed to the participant of VANETs for facilitating the registration and another procedure or OBU and RSU:

Stage 2: registration process
A new contributor must endure a registration procedure to be confirmed as trustworthy [12]. This stage has RSU registration and vehicle registration:

Stage 3: mutual authentication process
In this phase, the ITESLA technique gets executed to achieve effective authentication among every part of the VANET (TA, RSU, and OBU). TESLA utilizes symmetric cryptography and delayed key disclosure for performing transmission verification (the left side represents operation in TESLA). For authenticating a message M, a transmitter broadcast the MAC (Phase 2) of the packet that utilizes the senders key for this interval (K i ). The recipient saves the whole message and MAC (Phase 3) till the transmitter broadcasts the key. Afterward the key revelation period, the transmitter broadcasts the key (Phase 5). For authenticating the message, receiver verifies that the kept message/MAC pairs agree with the transmission key (Phases 6 and 7). Using sufficient pair's malicious transmission, pollution attacks occur while receivers waste a substantial quantity of memory that stores invalid data [21].
ITESLA is designed for preventing memory-based DoS attacks toward TESLA. However, in ITESLA, a receiver stores a self-made MAC for reducing memory needs. A receiver stores shorten form of transmitter's data, the transmitter initially transmissions the MAC and then transmits the equivalent key and message (related to the Guy Fawkes protocol). To validate messageM, in ITESLA, the transmitter initially broadcast the MAC MACS MAC K i (M) that is calculated by the present keyK i , together with key index i (Step 2). Over receptions, by the key index i and the time related to the initial transmitter's key chain, a receiver initially authenticates the security state for ensuring that the key K i for the transmitter has not been transmitting and yet known by the transmitter. When the security conditions do not hold, the recipient drops the MAC, since an attacker can possibly have attained the equivalent keyK i . The recipient later re-MACs the attained data by a local secret key K Recv which is known to the recipient MAC R MAC K Recv (MAC S ) (Phase 3) and stores this short MAC(MAC R ) together with the key index (Phase 4).
When the key K i is revealed, the transmitter would transmit other messages, and the key is utilized for calculating the message' MACs (Step 5). For verifying a message, the recipient initially verifies the authority of K i by succeeding the one-way key chain back to a confidential key. The recipient later calculates the shorten MAC of the message (Phase 6) and relates it to the MAC and index kept in memory (Phase 7). When the recipient has an equivalent MAC/key index pair in memory, the recipient considers the message authentic (Phase 8).
Eventually, the recipient would save additional MAC and key index pairs from the memory. If a kept MAC effectively authenticates a message, the recipient could open the memory utilized for storing the MAC and key index. However, if the recipient lost legitimate sender messages and key transmission or the malicious node floods the network using MACs in an effort to waste a receiver resource, the recipient would require a policy for determining when to substitute a MAC and key pair. For the substitution policy, receiver stores the transmitter identity and coming timestamp together to shorten MAC and the key index. When memory space becomes inadequate, they utilize subsequent policy for identifying shorten MACs to get rid of: • Every shorten MACs with key indices are older compared to the latter authentic message attained in that transmitter. The perception is that older shorten MACs are yet saved since an attacker inserted the message or equivalent messages and disclosed key is missing. • When extra space is required, the message where the verifications are farthest out in the upcoming is removed. This addresses the situation where the attacker tries to trick receiver to store message for longer period by requesting the key index is n if the real transmitter's present key index is j if j << n.

Stage 4: broadcast and verification process
RSU occasionally transmits notice message that gave CF. The filter is utilized for storing fingerprints of legitimate pseudonym f (Ps). It can be novel method of probabilistic data structure which is utilized for testing membership of item among the sets. It provides optimum search accuracy and time compared to bloom filters equivalent to save size [22]. It can be included from an array of buckets whereas all the buckets include many entries. It decreases their space by calculating a fingerprint f of the value of the items to be kept in the array. It utilizes smaller f bit fingerprint to represent the data. A CF is utilized as a cuckoo hashing function to discard collision and mainly a compact cuckoo hash table.
In cuckoo hashing functions, all the data items are hashed using 2 dissimilar HF for calculating the indices of 2 candidate buckets i 1 and i 2 as i 1 h(item)modM and i 2 i ⊕ h ( f (item))modM, whereas M denotes size of CF. Value f could be distributed to most 2 candidate buckets while the candidate bucket i 1 was attempted initially. When the bucket i 1 was empty, then the value was placed in i 1 . When it is distributed, then bucket i 2 is attempted. When the bucket i 2 is empty, next the value is placed there. When i 2 is distributed, afterward the occupier of i 2 is removed and the value of f is placed there. For testing the membership of other items from CF, they first calculate the fingerprint of item f (item) and computes i 1 , i 2 . Later, when the f (item) is discovered i 1 or i 2 , the CF is verified correct; or else, the CF is verified incorrect. Figure 3 illustrates the insertion procedure in CF.
1. Broadcast procedure: Afterward the mutual authentication procedure is finished, OBU begins transmitting the beacons. Previously, RSU and OBU perform as follows [12]: • RSU derives the initial pseudonym level to a novel vehicle in their P root as Ps h(P root |1Lev), whereas Lev 1.
• RSU inserts f (Ps) for CF with cuckoo hashing, viz., described in sec (3.4), and distributes it using notice message. (Afterward, the whole vehicles from RSU ranges attain the cuckoo; hence, the beacons to a novel vehicle would be verified authentic.) • OBU derive the initial pseudonym level Ps in P root and Lev 1. Thus, the beacon would be recognized to the whole contributors and beacon transmitter would be verified as authentic. The beacon derives in {T , msg, σ msg }, whereas σ msg Ps ⊕ h(T ||msg||s). (RSU increase Lev with one for the entire OBUs in its range for deriving the novel Ps for every upgrading procedure to CF. Afterward upgrading the CF, OBU improves Lev with one and derives similar Ps.) 2. Authentication procedure: Once vehicles receive beacon {T , msg, σ msg }, it executes the succeeding step: • Initial step: Verify timestamp T whether it is latest/not.
In this case, continue the authentication procedure. Or else, it drops the beacon. • 2nd step: Calculate Ps σ msg ⊕ h (T ||msg||s). • 3rd step: Check f (Ps) from the 2 hashed i 1 , i 2 from the CFs. When unoccupied, latter it drops the beacons.

Stage 5: vehicle revocation process
This stage describes how TA revokes other vehicles which transmit incorrect data. But, all the RSUs have the whole data regarding OBUs within its range in PsL; thus, the culprit vehicle is discovered, and the RSU attains the data of this vehicle in their beacon. Later, it sends the data P root , T Reg V to TA. TA retrieves the real identity ID v from RegL v based on data in the obtained messages. Then, it eliminates the vehicle from RegL v , inserts it into the revocation list, and upgrades numbers. Finally, TA notices that RSU eliminates the vehicle in their PsL and revokes in repeated transmission.

Performance validation
This section examines the performance of the ITESLA-CF technique in terms of different measures under varying vehicle speeds. The proposed model is simulated using MATLAB tool. Table 1 determines the result analysis of ITESLA-CF model with different techniques in terms of PDR, throughput, and Routing Control Overhead (RCO). Figure 4 investigates the PDR analysis of the ITESLA-CF technique over the other techniques with respect to different vehicle speeds. The figure depicted that the ITESLA-CF   Figure 5 examines the throughput analysis of the ITESLA-CF method over the other techniques with respect to different vehicle speeds. The figure depicted that the ITESLA-CF technique has accomplished better performance with the maximum throughput under varying vehicle speeds. For instance, with 50 km/h, the ITESLA-CF technique has obtained a higher throughput of 90956.06 whereas the BPAB, 3P3B, UMBP, and SSVC techniques have attained   A detailed KCT analysis of the ITESLA-CF technique under distinct key size takes place in Fig. 8. The experimental results exhibited that the ITESLA-CF manner has increased effective outcomes with the minimum ROC. For instance,  A briefly KKT analysis of the ITESLA-CF approach in various key size take place in Fig. 9. The experimental outcomes demonstrated that the ITESLA-CF manner has increased effective outcomes with the minimum ROC. For sample, under 64 bits, the ITESLA-CF methodology has attained a worse KKT of 0.77 ms whereas the NRTU, VGKM, EGKM, and SSVC approaches have resulted in an improved KKT of 1.43 ms, 1.21 ms, 1.10 ms, and 0.84 ms correspondingly. At the same time, under 256 bits, the ITESLA-CF technique has attained a least KKT of 0.97 ms whereas the NRTU, VGKM, EGKM, and SSVC techniques have resulted in a higher KKT of 1.81 ms, 1.55 ms, 1.39 ms, and

Conclusion
This paper has presented an effective ITESLA-CF technique to achieve authentication and privacy in VANET. The proposed model encompasses different stages of operations such as initialization, registration, mutual authentication, broadcast and verification, and vehicle revocation phases. Furthermore, the ITESLA-CF technique comprises a CF for storing the authentic data of vehicles that exist in the RSU's range. The presented model is lightweight mutual authentication among the parties and it attains robust anonymity to realize privacy and resist ordinary attacks. For ensuring the improved efficiency of the ITESLA-CF technique, a series of experiments were performed and the results are examined in terms of several metrics. The experimental values highlighted the betterment of the proposed ITESLA-CF technique over the existing techniques. In future, the presented model can be extended to the design of energy management and traffic flow predictive techniques in ITS.
Funding The authors received no specific funding for this study.

Conflict of interest
The authors declare that they have no conflicts of interest to report regarding the present study.

Data availability Available based on request.
Code availability Available based on request.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecomm ons.org/licenses/by/4.0/.