FSAID: Fog-based secure mutual authentication scheme for intelligent driving

doi:10.21203/rs.3.rs-1004049/v1

PDF

Research Article

FSAID: Fog-based secure mutual authentication scheme for intelligent driving

https://doi.org/10.21203/rs.3.rs-1004049/v1

This work is licensed under a CC BY 4.0 License

You are reading this latest preprint version

Intelligent driving has reduced traffic and accidents, which has increased road safety. One of the advantages of Smart vehicles is communication with the environment, communication with the environment makes the driver aware of the traffic situation and accidents, and other things. However, the vehicle needs to be able to authenticate the other party before exchanging data. In this paper, we propose a secure mutual authentication scheme for intelligent driving. We compare the proposed scheme with the security analysis Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and then compare the proposed scheme with other existing schemes in terms of communication, computation cost, and the number of bits. We simulated the proposed design with tools NS3, and it has been examined in terms of Packet Delivery, Throughput, and End-to-End Delay in different scenarios. The results show that the proposed scheme is resistant to known attacks and has a low communication cost and medium computation cost compared to other schemes.

Authentication

Security

V2V

OFMC

CL-ATSE

Avispa

Today, cities are becoming smart cities; one of the important factors is smart vehicles [1]. Intelligent transportation is one of the key factors in this change, one of the hot topics in smart transportation is the Internet of vehicles (IoV)[2], the (IoV) is equipped with the Internet and can communicate with the outside world (infrastructures [3], roadside units [4], mobile devices, applications, services, etc.)[5]. Applications can be routing, parking access, safety, global positioning systems (GPS). The attractive feature of IoV connection with components such as infrastructure, roadside units (RSU), sensors[6].

In intelligent driving, the sender and receiver must verify each other's identity before sending and receiving data. One of the major challenges in intelligent driving is secure authentication.

Mun et al. [7], in 2011, the presentation of scheme Enhanced secure, the anonymous authentication scheme for roaming service in global mobility networks, was based on symmetric encryption. However, this scheme is vulnerable to rainbow table attack. A secure and effective anonymous authentication scheme for roaming service in global mobility networks was presented by Zhao et al. [8] in the year 2014. This method is based on asymmetric encryption and hash. However, it is vulnerable to a rainbow table attack. Mohit et al. [9] Design of authentication protocol for wireless sensor network-based smart vehicular system in 2017. This scheme is based on hash and is vulnerable to rainbow table attack.

Ying et al.[10] in the year 2017, the presentation of anonymous and lightweight authentication for secure vehicular networks. This method is based on asymmetric encryption and hash. However, it is vulnerable to a rainbow table attack. Chen et al. [11] secure authentication protocol for Internet of vehicles in the year 2019. This method is based on symmetric encryption and hash. However, it is vulnerable to a rainbow table attack. A lightweight mutual authentication protocol for V2V communication on the Internet of vehicles was presented by Vasudev et al. [12] in the year 2020. However, it is vulnerable to a rainbow table attack. Table 1 shows the comparison-related works.

Table 1

Comparison of related work.
Related work	TTP (Fog Node ) Base	Rainbow table	Mutual Authentication	Symmetric Base	Asymmetric Base	Hash Base	Intelligent Driving
Mun et al. [7]	✔	x	✔	✔	x	✔	x
Zhao et al. [8]	✔	x	✔	x	✔	✔	x
Mohit et al. [9]	✔	x	✔	x	x	✔	x
Ying et al.[10]	✔	x	✔	✔	x	✔	x
Chen et al. [11]	✔	x	✔	✔	x	✔	x
Vasudev et al. [12]	✔	x	✔	x	x	✔	x
Proposed scheme	✔	✔	✔	x	✔	x	✔

✔: The scheme is supported. X: The scheme is not supported.

1.1 Our contribution

This paper proposed a secure mutual authentication scheme for the vehicle to vehicle.
In this scheme, we used the Asymmetric cryptography method.
The proposed scheme is resistant to known attacks in the environment.
The AVISPA tool was used for security analysis, and the proposed scheme was compared with another scheme in terms of computing communication costs and a number of bits.
The proposed scheme is simulated with the NS3 tool and examined in different Packet Delivery, Throughput, and End-to-End Delay scenarios.

1.2 Structure of the paper

This paper is organized as follows: Section 2 introduces the proposed scheme's problem statement and network model. Section 3 presents the proposed scheme. Security Analysis and result discussed in section 4. Performance analysis and Security requirements comparison has been presented in section 5. Finally, section 6 concludes this work.

In this section, the network model and hypotheses are discussed, and in the following section, the problem is defined, and its importance is discussed.

Figure 1 shows the connection between the end device and the cloud. Clouds can communicate with the fog layer, and fog can communicate with end devices. Forms the end layers internet of sensor (IoS) and Internet of Energy (IoE) and Internet of Vehicles (IoV), and machine to machine (M2M). End devices can exchange data with each other and send data to the fog layer if high processing is required. Storing end device data in the cloud makes data access very easy. However, authentication between source and destination must be performed before sending data. One of the main challenges of a V2V is secure authentication that is resistant to known attacks. In this network model, the hypotheses are as follows:

Timed vehicles and Rsu (Fog Node) synchronized
Fog and clouds know each other.
Fog and Rsu know each other.
Fog is not vulnerable.
Cloud is not vulnerable.
Rsu is not vulnerable.
Fog, cloud, and Rsu do not leak any data.
Vehicle registered in Rsu, Fog, and cloud.
Vehicles do not know each other.
The data transmission channel is not secure.

2.1 Problem Statement

Intelligent driving has made road transport safer and significantly reduced road accidents. Vehicles can exchange data with vehicles and other components of their environment.

At the intersections, cars need to exchange information with other cars to make the right decision to move. However, before exchanging data, they need to authenticate each other. Figure 2 shows the communication of cars at intersections.

Authentication in Intelligent driving is prone to Replay attacks [14] and Man-in-the-middle attacks [15] and Impersonation attacks, and rainbow table attacks [16]. To prevent these attacks, we need secure authentication schemes to be resistant to these types of attacks. In all proposed methods, the hash function is used to reduce the processing cost. However, the hash function is vulnerable to rainbow attacks. Our proposal does not use the hash function. In our proposed authentication scheme will be resistant to the above rainbow attack and other attacks.

This section presents the proposed scheme. Figure 3 shows the proposed scheme.

3.1 Notations

The list of Notations used in this proposed is shown in Table 2.

Table 2

Notations used for propose.
No.	Notations	Description
1	IDA	Identity of vehicles (A)
2	IDB	Identity of vehicles (B)
3	IDS	Identity of TTP (Fog Node)
4	Kap	Public-key of vehicles (A)
5	Kbp	Public-key of vehicles (B)
6	Ksp	Public-key of TTP (Fog Node )
7	Pka	Private -key of vehicles (A)
8	Pkb	Private -key of vehicles (B)
9	Pks	Private -key of TTP (Fog Node )
10	KAB	Session key A and B
11	TA	Timestamp of vehicles (A)
12	TS	Timestamp of TTP (Fog Node )
13	∆T	Expiration Time

3.2 Initialization and Registration phase

According to the assumptions of section second: it is assumed that the vehicle is registered Rsu, Fog, and cloud. TTP (Fog Node) has all the public keys in the network

3.3 Login and Authentication phase

LA1: In the first step, it calculates Ar from relation Ar={ TA, IDB }Ksp and sends it to S(TTP) together with IDB and IDS.

LA2: S decrypts Ar with a private key and then checks the time stamp from the relation Check if TA ≤ ∆T, Then TS, IDB, Kbp, and KAB encrypts with A public key and sends it to IDA and IDS and Tr₁ to A. In the next step, TS, IDA, Kap, and KAB encrypts with B's public key and sends it to IDB, IDS, and Tr₂ to B.

LA3: A decrypts Tr₁ with a private key and then checks the time stamp from the relation Check if TS ≤ ∆T; in the next step, it stores Kbp and KAB to communicate with B.

LA4: B decrypts Tr2₁ with a private key and then checks the time stamp from the relation. Check if TS ≤ ∆T; it stores Kap and KAB to communicate with A next step.

In this section, we analyze our proposed scheme with the Avispa tool and discuss the results.

One of the methods of security analysis is the authentication protocol of formal methods [18]. Automated Validation of Internet Security Protocols and Applications (Avispa) is an important and practical tool for the security analysis of authentication protocols [19][20]. Avispa has four sections for evaluating the security of authentication protocols. First Part one On-the-fly Model-Checker (OFMC) [21], Second Part Constraint Logic-based Attack Searcher (CL-ATSE) [22], third part SAT-based Model-Checker (SATMC) [23] and fourth part Tree Automata based on Automatic Approximations for the Analysis of Security Protocols (TA4SP)[24].

4.1 Analysis of Simulation Results

The proposed schema against replay attacks, the man in the middle attacks, impersonation attacks, and other attacks is discussed in Section 2 by OFMC and CL-AtSe testing tools. Figures 4 and 5 show the simulation results of the proposed design with tools OFMC and CL-ATSe. Simulation results in an OFMC, the total number of visited nodes is 2, while the number of depth one plies with a search time of 0.10 seconds and CL-AtSe analyzed four states and the translation time was 0.04 seconds. The results of the security analysis in tools OFMC and CL-AtSe show that the proposed scheme is safe.

In this section, the performance analysis of the proposed scheme and security requirements are compared with protocols Mun et al. [7], Zhao et al. [8], Mohit et al. [9], Ying et al. [10], Chen et al. [11], Vasudev et al. [12].

5.1 Computation cost

Table 3 compares the computation cost of the proposed scheme with other Mun et al. [7], Zhao et al. [8], Mohit et al. [9], Ying et al. [10], Chen et al. [11], and Vasudev et al. [12] schemes. The following symbols are defined to perform the analysis: Th is the execution number of a hash operation. Tecm is the execution number of an ECC point multiplication operation. Pe is the execution number of public-key encryption. Pd is the execution number of public-key Decryption. Se is the execution number of symmetric-key encryption. Sd is the execution number of symmetric-key Decryption. Pm is the execution number of Point Multiplication. Eo is the execution number of Exponential Operation.

Our observations show that Vasudev et al. [12] protocol has a lower computation cost, and Mun et al. [7] protocol costs 0.0360 ms. Mohit et al [9] protocols cost 0.0400 ms and Ying et al [10] protocols come after that. The cost of processing Chen et al. [11] protocol is 2.0980 ms, then Zhao et al. [8] protocol cost 12.3216 ms. In the proposed scheme, we have used the public-key cryptography method, and in the proposed scheme, the hash function has not been used for rainbow attacks. The proposed scheme has the highest processing cost among the existing protocols. Figure 6 shows a comparison of the Computation costs of the protocols and the proposed scheme.

Table 3

Comparison of Computation cost.
No.	Schemes	Hash function	ECC	Public key Encryption	Public key Decryption	Symmetric Key Encryption	Symmetric key Decryption	Point Multiplication	Exponential Operation	Total cost	TC (ms)
1	Mun et al [7]	8 Th	0Tecm	0Pe	0Pd	1Se	1Sd	0Pm	0Eo	8 Th + 1Se+1Sd	0.0360
2	Zhao et al [8]	10 Th	0Tecm	1Pe	1Pd	0Se	0Sd	5Pm	0Eo	10 Th + 1Pe+1Pd+5Pm	12.3216
3	Mohit et al [9]	20Th	0Tecm	0Pe	0Pd	0Se	0Sd	0Pm	0Eo	20 Th	0.0400
4	Ying et al [10]	14Th	0Tecm	0Pe	0Pd	2Se	2Sd	0Pm	1.5Eo	14Th+ + 2Se+2Sd+1.5 Eo	0.5105n+ 0.0680
5	Chen et al [11]	12Th	0Tecm	0Pe	0Pd	2Se	2Sd	0Pm	6Eo	12Th + 2Se+2Sd+6 Eo	2.0980
6	Vasudev et al [12]	17Th	0Tecm	0Pe	0Pd	0Se	0Sd	0Pm	0Eo	17Th	0.0340
7	Proposed scheme	0Th	0Tecm	3Pe	3Pd	0Se	0Sd	0Pm	0Eo	3Pe+3Pd	26.4378

ms - Milliseconds, n- Number of Vehicles

5.2 Communication cost

Our observations show that Zhao et al. [8] protocol has the highest communication cost, followed by Mun et al. [7] and Mohit et al. [9] protocol and Cost 9, respectively. Protocols Ying et al. [10], Chen et al. [11], and Vasudev et al. [12] have a communication cost of 4. Our proposed scheme has a communication cost of 3 and has the lowest communication cost among the existing protocols. Figure 7 shows a comparison of the communication costs of the protocols and the proposed scheme.

Our observations show that Mohit et al. [9] protocol has the fewest bits, followed by Ying et al. [10] protocol with 1952 bit. Vasudev et al. [12] protocol has 2496 bits, followed by Chen et al. [11] protocol with 3024 bits. The proposed scheme is 3072 bits and is less than the Mun et al. [7] and Zhao et al. [8] protocols. Figure 8 shows a comparison of the bits of the protocols and the proposed scheme. Table 4 shows a comparison of the communication cost and the number of bits of the proposed scheme with other protocols.

Table 4

Comparison of Communication cost and the number of bits.
No.	Schemes	No.of messages	Total cost (in bits)
1	Mun et al [7]	9	3808
2	Zhao et al [8]	11	5536
3	Mohit et al [9]	9	1280
4	Ying et al [10]	4	1952
5	Chen et al [11]	4	3024
6	Vasudev et al [12]	4	2496
7	Proposed scheme	3	3072

5.3 Security requirements comparison

Table 5 shows a comparison of the security requirements of the proposed scheme with other protocols. Observations show that the Mun et al. [7] and Ying et al. [10] protocols are vulnerable to rainbow table attacks and do not support AF14 to AF16. Zhao et al. [8] protocol is vulnerable to replay attacks and rainbow table attacks and does not support AF14 to AF16. Mohit et al. [9] protocol is vulnerable to replay, man-in-the-middle, and rainbow table attacks and does not support AF14 to AF16. Chen et al. [11] protocol is vulnerable to replay attacks and rainbow table attacks and cannot support AF14 and AF16. Vasudev et al. [12] protocol to replay attack. The proposed scheme is resistant to active and passive attacks, but it does not support key exchange. Note: AF1: Replay attack; AF2: Man-in-the-middle attack; AF3: Insider attack; AF4: Stolen-verifier attack; AF5: Impersonation attack; AF6: Brute force attack; AF7: Offline password guessing attack; AF8: Device anonymity; AF9: Mutual authentication; AF10: Session key agreement; AF11: Forward secrecy; AF12: Confidentiality; AF13: Rainbow table, AF14: Key Exchange, AF15: OFMC, AF16: CL-ATSE, AF17: TTP Base. ✔: The scheme is supported. X: The scheme is not supported.

Table 5

Security requirements comparison.
	Schemes						Proposed scheme
Security requirements	Mun et al [7]	Zhao et al [8]	Mohit et al [9]	Ying et al [10]	Chen et al [11]	Vasudev et al. [12]	Proposed scheme
AF1	✔	x	x	✔	x	x	✔
AF2	✔	✔	x	✔	✔	✔	✔
AF3	✔	✔	✔	✔	✔	✔	✔
AF4	✔	✔	✔	✔	✔	✔	✔
AF5	✔	✔	✔	✔	✔	✔	✔
AF6	✔	✔	✔	✔	✔	✔	✔
AF7	✔	✔	✔	✔	✔	✔	✔
AF8	✔	✔	✔	✔	✔	✔	✔
AF9	✔	✔	✔	✔	✔	✔	✔
AF10	✔	✔	✔	✔	✔	✔	✔
AF11	✔	✔	✔	✔	✔	✔	✔
AF12	✔	✔	✔	✔	✔	✔	✔
AF13	x	x	x	x	x	x	✔
AF14	x	x	x	x	x	x	x
AF15	x	x	x	x	✔	x	✔
AF16	x	x	x	x	x	x	✔
AF17	✔	✔	✔	✔	✔	x	✔

This section provides a practical demonstration of the proposed scheme by network simulation tool (NS 3 2.29 simulator) on the Ubuntu-20.04.1 platform. The hardware environment for doing NS3 simulation [25] was on Dell Inspiron 5110 machine with Intel Core i5 2410M/2.30 GHz processor having 4GB RAM and 1 TB HDD (Hard Disk Drive).

6.1 Simulation environment and settings

The various parameters used in the NS3 simulations are provided in Table 6. The simulation time of the proposed scheme was 200 seconds. The number of vehicles 30 and Rsu is considered 5, 10, and 15, respectively.

Other parameters are as follows: The Mobility of the vehicle is 0 m /s (pause), Loss model is Friis loss; Transmit power 7.5-dBm, Medium access control type IEEE 802.11, Wireless protocol 802.11 p, Routing protocol: AODV, Simulation Environment Area 300*1500M and Simulation scenario Intersection.

Table 6

Simulation parameters.
Parameter	Description
Platform	Ubuntu-20.04.1
Hardware platform	Dell Inspiron 5110, Intel Core i5, 4GB RAM, 1 TB HDD
Tool used	NS 3 2.29
Number of Vehicles	30
Number of Rsu	5,10,15
Mobility of V	0 (pause)
Simulation Environment Area	300*1500M
Loss model	Friis loss
Transmit power	7.5 dBm
Routing protocol	AODV
Medium access control type	IEEE 802.11
Wireless protocol	802.11 p
Communication range of Rsu to Vehicles	100 M
Simulation scenario	Intersection
Simulation time	200 seconds

6.2 Simulation Results

We simulated the proposal scheme using the NS3 tool in three scenarios with Rsu 5, 10, and 15. The results of the packet delivery simulation show that the proposed scheme with 10 Rsu has the best highest packet delivery, and then there is the number of 15 and 5 Rsu, respectively. Figure 9 shows a comparison of packet delivery results with different scenarios. The results show that 15 Rsu has more throughput, and then there is the number of 10 and 5 Rsu, respectively. Figure 10 shows a comparison of Throughput results with different scenarios. In terms of End-to-End Delay, it is the minimum of 5, 10, and 15 Rsu, respectively. Figure 11 shows a comparison of End-to-End Delay results with different scenarios. Our observations show that the proposed design at the intersection requires 15 Rsu to have better performance with 30 vehicles.

In this paper, a secure authentication scheme based on public-key encryption is provided for intelligent driving. The results of security analysis with the Avispa tool show that the proposed schemes are resistant to known attacks. The comparison of the proposed design has a very low communication cost, and its Computation cost is average compared to other methods. The results of the NS3 simulation for the intersection show that in the proposed scheme for 30 vehicles, at least 15 Rsu are needed to have the best performance. In future work, we plan to reduce Computation costs to perform better with fewer Rsu numbers.

Feng, S., Yan, X., Sun, H., Feng, Y., & Liu, H. X. (2021). Intelligent driving intelligence test for autonomous vehicles with naturalistic and adversarial environment. Nat. Commun, 12(1), 1–14
Cao, B., Sun, Z., Zhang, J., & Gu, Y. (2021). "Resource Allocation in 5G IoV Architecture Based on SDN and Fog-Cloud Computing,"IEEE Trans. Intell. Transp. Syst.,
Yu, S., Gong, X., Shi, Q., Wang, X., & Chen, X. (2021). "EC-SAGINs: Edge Computing-enhanced Space-Air-Ground Integrated Networks for Internet of Vehicles,"IEEE Internet Things J.,
Guerna, A., Bitam, S., & Calafate, C. T. (2021). AC-RDV: a novel ant colony system for roadside units deployment in vehicular ad hoc networks. Peer-to-Peer Netw. Appl, 14(2), 627–643
Manogaran, G., Saravanan, V., & Hsu, C. H. (2021). "Information-Centric Content Management Framework for Software Defined Internet of Vehicles Towards Application Specific Services,"IEEE Trans. Intell. Transp. Syst.,
Jandial, A., Merdrignac, P., Shagdar, O., & Fevrier, L. (2020). "Implementation and evaluation of intelligent roadside infrastructure for automated vehicle with I2V communication,". Vehicular Ad-hoc Networks for Smart Cities (pp. 3–18). Springer
Mun, H., Han, K., Lee, Y. S., Yeun, C. Y., & Choi, H. H. (2012). "Enhanced secure anonymous authentication scheme for roaming service in global mobility networks,". Math. Comput. Model, 55, no. 1–2. doi: 10.1016/j.mcm.2011.04.036.
Zhao, D., Peng, H., Li, L., & Yang, Y. (2014). "A secure and effective anonymous authentication scheme for roaming service in global mobility networks,". Wirel. Pers. Commun, 78(1), 247–269. doi: 10.1007/s11277-014-1750-y.
Mohit, P., Amin, R., & Biswas, G. P. (2017). "Design of authentication protocol for wireless sensor network-based smart vehicular system," Veh. Commun., vol. 9, no. February, pp. 64–71,
Ying, B., & Nayak, A. (2017). Anonymous and lightweight authentication for secure vehicular networks,. IEEE Trans. Veh. Technol, 66(12), 10626–10636
Chen, C. M., Xiang, B., Liu, Y., & Wang, K. H. (2019). "A secure authentication protocol for internet of vehicles," IEEE Access, vol. 7, no. c, pp. 12047–12057,
Vasudev, H., Deshpande, V., Das, D., & Das, S. K. (2020). "A lightweight mutual authentication protocol for V2V communication in internet of vehicles,". IEEE Trans. Veh. Technol, 69(6), 6709–6717
Fotohi, R., Ebazadeh, Y., & Geshlag, M. S. (2020). "A New Approach for Improvement Security against DoS Attacks in Vehicular Ad-hoc Network," arXiv, doi: 10.14569/ijacsa.2016.070702
Kumari, S., Karuppiah, M., Das, A. K., Li, X., Wu, F., & Kumar, N. (2018). A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J. Supercomput, 74(12), 6428–6453
Wazid, M., Bagga, P., Das, A. K., Shetty, S., Rodrigues, J. J. P. C., & Park, Y. (2019). AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment,. IEEE Internet Things J, 6(5), 8804–8817
Billet, O., & Gilbert, H. (2006). "Cryptanalysis of rainbow," in International Conference on Security and Cryptography for Networks, pp. 336–347
Salami, Y., Ebazadeh, Y., & Khajehvand, V. (2021). "CE-SKE: cost-effective secure key exchange scheme in Fog Federation,"Iran J. Comput. Sci., pp.1–13,
Konnov, I. (2018). "Handbook of Model Checking by Edmund M. Clarke, Thomas A. Henzinger, Helmut Veith, and Roderick Bloem (eds), published by Springer International Publishing AG, Cham, Switzerland, " Form. Asp. Comput., pp. 455–456, 2019
Armando, A., et al. (2005). "The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications," in Computer Aided Verification, pp. 281–285
"Avispa." http://www.avispa-project.org/
Basin, D., Mödersheim, S., & Viganò, L. (2003). "An on-the-fly model-checker for security protocol analysis," in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2808, no. 3, pp. 253–270
Turuani, M. (2006). "The CL-Atse Protocol Analyser," in Term Rewriting and Applications, pp. 277–286
Armando, A., & Compagna, L. (2004). "SATMC: A SAT-Based Model Checker for Security Protocols," in Logics in Artificial Intelligence, pp. 730–733
Boichut, Y., Kosmatov, N., & Vigneron, L. (2006). Validation of Prouvé protocols using the automatic tool TA4SP. TFIT, 6, 467–480
"NS3." https://www.nsnam.org

PDF

Reviewers invited by journal
07 Apr, 2022
Editor assigned by journal
25 Oct, 2021
First submitted to journal
21 Oct, 2021

You are reading this latest preprint version

FSAID: Fog-based secure mutual authentication scheme for intelligent driving

Status:

Version 1

Abstract

Figures

1. Introduction

1.2 Structure of the paper

2. Network Model

2.1 Problem Statement

3. Proposed Scheme

3.2 Initialization and Registration phase

3.3 Login and Authentication phase

4. Security Analysis

4.1 Analysis of Simulation Results

5. Performance Analysis

5.1 Computation cost

5.2 Communication cost

5.3 Security requirements comparison

6. Simulation Results And Analysis

6.1 Simulation environment and settings

6.2 Simulation Results

7. Conclusion

References

Status:

Version 1