Efficient Secure and Privacy-Preserving Route Reporting Scheme for VANETs

Vehicular ad-hoc network (VANET) is a core component of intelligent traffic management system which could provide various of applications such as accident prediction, route reporting, etc. Due to the problems caused by traffic congestion, route reporting becomes a prospective application which can help a driver to get optimal route to save her travel time. Before enjoying the convenience of route reporting, security and privacy-preserving issues need to be concerned. In this paper, we propose a new secure and privacy-preserving route reporting scheme for VANETs. In our scheme, only an authenticated vehicle can use the route reporting service provided by the traffic management center. Further, a vehicle may receive the response from the traffic management center with low latency and without violating the privacy of the vehicle. Experiment results show that our scheme is much more efficiency than the existing one.


Introduction
Nowadays, vehicles bring much convenience for modern life. But with the increasing amount of vehicles, urban transportation system suffers many challenges. Traffic congestion happens in big cities during rush hours everyday, which has negative effects on traffic efficiency of the cities. Air pollution and low traffic efficiency caused by traffic congestion are serious problems for traffic management department. Also the complexity of the traffic environment makes drivers difficult to make decisions and could easily lead to accidents. Therefore, government focuses on technologies that can be used to resolve traffic problems. Vehicular ad-hoc network (VANET) is proposed recently to improve traffic efficiency. It has attracted more and more attention from both industry and academic community. A VANET usually consists of vehicles and infrastructures including roadside units (RSUs). Each entity in VANET is equipped with on-board unit (OBU) which has communication module and computation module. A VANET enables vehicle to vehicle (V2V), vehicle to infrastructure (V2I) and infrastructure to vehicle (I2V) communications based on dedicated short range communication (DSRC) protocol [1].
VANET is a core component of intelligent traffic management system. With the knowledge of traffic information, intelligent traffic management system could be applied to control traffic situation directly or indirectly. For example, according to traffic flow, intelligent traffic management system can adjust traffic light to improve traffic efficiency [2]. As traffic congestion wastes much time of drivers and passengers, route reporting schemes supported by intelligent traffic management system would be a solution. Route reporting schemes require drivers to report their future routes to traffic management center so that possible traffic congestion could be predicted by analysing each vehicle's route information. According to the route information, drivers can change their routes to avoid traffic jam. Although great convenience is provided by route reporting, it also suffers from several security and privacy issues that must be taken into consideration. In route reporting schemes, vehicles need to broadcast messages which contain their location, future routes, etc. If an attacker may learn a vehicle's location or travel plan, then driver's privacy would be violated. Pseudonyms are generally used to protect vehicles' privacy. But most of the existing route reporting schemes using pseudonyms cannot meet the privacy requirements of drivers, because the reported information can be used to link pseudonyms [3]. In addition, an attacker can forge messages to mislead other vehicles or send fake messages to RSUs. Authentication mechanism should be provided to guarantee the security of the messages in VANETs. Digital signatures can be employed to provide authentication of the messages. To avoid the certificate management problem, identity-based signature is an ideal option.
Besides security and privacy, efficiency is a crucial concern for a route reporting scheme. When vehicles are driving at high speed, the entities in VANETs should react quickly so that vehicles can get response in real-time. A route reporting scheme should have low computation and communication overheads. In existing secure and privacy-preserving route reporting schemes, however, RSUs need to verify a mass of signatures to achieve authentication. If the signatures are verified one by one, it could not achieve expected efficiency requirement. To satisfy the efficiency requirement, an efficient batch verification technique should be employed in route reporting schemes. By using the batch verification technique, a set of signatures could be verified in a short period of time.
Recently, a scheme called privacy-preserving route reporting for infrastructure-based VANETs (PRIB) was proposed [3]. PRIB protects vehicles' privacy by using pseudonyms to hide vehicles' identities and using homomorphic encryption to hide vehicles' travel plans. In PRIB, the traffic management center can only learn the total number of vehicles in each road segment. A vehicle's travel plan will not be leaked to other entities.

Related Work
The concept of intelligent traffic management system was proposed in [4]. Intelligent traffic management system can be employed to define and apply traffic management decisions. Many intelligent traffic management schemes have been studied recently. Salama et al. proposed an intelligent cross road traffic management system which can control traffic lights by using photoelectric sensors to monitor traffic density [5]. Based on the radio frequency identification (RFID) technology, a scheme that collects and calculates average traffic flow information on each road to get latest congestion messages was proposed in [6]. Recently, Liu et al. proposed an intelligent traffic light control scheme which is secure, privacy-preserving and fog device friendly [2].
Route guidance is a valuable application in intelligent traffic management system. Khosroshahi et al. proposed an optimal route search algorithm for dynamic route guidance [7]. Hajiahmadi et al. proposed a high-level scheme for optimal dynamic route guidance using macroscopic fundamental diagram [8]. Wang et al. proposed a real-time path-planning algorithm based on a hybrid-VANET-enhanced intelligent transportation system, which takes advantages of VANETs and transportation system [9]. Lin et al. introduced a scheme that can be used to predict traffic conditions and determine alternative optimal routes based on shared traffic information [10]. Rabieh et al. proposed a privacy-preserving route reporting scheme, in which attackers cannot link pseudonyms [3].
The security and privacy issues in VANETs have been studied for a long time [11]- [14]. Pseudonyms are commonly applied to achieve vehicles' privacy. Chaurasia et al. proposed a privacy sustaining strategy based on appropriate pseudonym update for VANETs [15]. Chim et al. proposed a VANET-based privacy-preserving navigation scheme based on anonymous credential [16]. Wei et al. proposed an RSU aided beacon-based trust management system which aims to thwart internal malicious attackers by using beacon messages and event messages [17]. Recently, Song et al. realized security requirements in VANETs by using secure multiparty computation and homomorphic encryption [18].

Our Work
In this paper, we propose an efficient secure and privacy-preserving route reporting scheme. Our scheme has five stages: setup, initialization, route request and reporting, batch verification and route aggregation, traffic guidance. In setup and initialization stages, system parameters and entities' privatepublic keys are generated. In route request and reporting stage, a vehicle who wants to use the route reporting service has to connect to service provider, i.e., traffic management center, via an RSU. It has to verify the RSU' signature at first and then generate a route request which contains its signature and encrypted route. Batch verification and route aggregation is an important stage which is mainly executed by RSUs. In this stage, RSUs verify signatures from nearby vehicles and aggregate encrypted routes. Compared with a recent proposal, our main improvement is that we reduce the computation overhead of this stage. In traffic guidance stage, the traffic management center receives aggregated routes and generates traffic guidance for the vehicles. Performance evaluation is also given to show the efficiency of our scheme. The remainder of this paper is organized as follows. Section Ⅱ is the background which introduces our network model, design goals and related techniques. In section Ⅲ, we give a high-level review of the PRIB scheme and discussion the efficiency of the scheme. In section Ⅳ, the improved scheme is proposed in detail. In section Ⅴ, the performance evaluation and security analysis are presented. The last section is the conclusion.

Network Model
As shown in Figure.    Vehicles: Vehicles run on the road and send route request packets when enter into the communication range of the RSUs. Vehicles also can use computation modules to encrypt and sign messages with issued credentials by DMV.  RSUs: RSUs are deployed along the roads and also equipped with computation modules. RSUs can communicate with vehicles and TMCs. RSUs are responsible for route aggregation, traffic guidance forwarding, etc.  TMCs: Each TMC is connected to a group of RSUs which are located in the TMC's monitoring area. TMCs generate traffic guidance for vehicles by using traffic information analysis algorithm.  DMV: DMV is a trust agency that manages registration for vehicles and RSUs. Typically, DMV is responsible for generating public-private key pairs and certified pseudonyms for vehicles.  Authentication: Authentication must be concerned in VANETs. If authentication is not supported, entities cannot detect whether the messages received have been modified or even malicious attackers may forge traffic guidance which would threat the driver's safety.  Computation efficiency: As we mentioned, computation efficiency is closely related to the latency of the route reporting scheme. Our scheme mainly focuses on the computation overhead to help drivers get route guidance in time.

Bilinear Maps
Bilinear map has been applied in various VANETs' schemes [19], [20] with its excellent cryptographic properties. Let , be two cyclic additive groups of prime order , and be a cyclic multiplicative group of the same order. Let be a generator of , be a generator of . A map is a bilinear map with following properties:  Bilinearity: for all .  Non-degeneracy: .  Computability: There exists an efficient algorithm to compute for any , .

Homomorphic Encryption
Homomorphic encryption is a form of encryption that allows perform computation on ciphertext. The decrypted result matches the result that the same operation performed on the plaintext. Here is a form of homomorphic encryption: Paillier cryptosystem is applied in this paper because of its additive homomorphic properties.

The PRIB scheme
In this section, we describe PRIB briefly and give a discussion of PRIB.

Review of PRIB
In PRIB, roads are divided into segments and each segment has a unique identifier. DMV generates a public-private key pair and a secret for each vehicle. Each TMC generates a public-private key pair and publishes the public key. The RSU broadcasts route request packet to vehicles in its communication range. Vehicle verifies the signature of the RSU then reports its encrypted route if the signature is valid. Vehicle sends back packet containing its encrypted route by using Paillier homomorphic encryption [21]. After the RSU receives a certain number of route packets, it verifies the vehicles' signatures by leveraging batch verification technique [22], [23]. If the signatures are valid, the RSU aggregates the vehicles' routes and send aggregated route ciphertext to the TMC. TMC verifies the signature of aggregated route packet and decrypt the ciphertext. After decryption, the TMC gets the total number of vehicles that will drive in each road segment. Due to the homomorphic encryption, the TMC cannot acquire any vehicle's routes separately. With the number of vehicles in each road segment and traffic information, the TMC sends traffic guidance to vehicles through RSUs. So vehicles can easily avoid traffic congestion by the route reporting.

Discussion of PRIB
PRIB scheme aims to achieve privacy-preserving in route reporting scheme. To prevent attackers from using reported information to link pseudonyms, PRIB uses homomorphic encryption and route aggregation to protect vehicles' privacy. It's a valid approach for TMCs to analyse traffic condition and generate traffic guidance without leakage of vehicles' route information. However, more aspects should be concerned in traffic management system such as efficiency.

Our Scheme
As shown in Figure. 2, our improved scheme have five stages: setup, initialization, route request and reporting, batch verification and route aggregation, traffic guidance. In setup stage, DMV generates system parameters and publishes them to other entities. In initialization stage, DMV generates keys for vehicles and RSUs. In route request and reporting stage, the RSU sends route request to the vehicles in its communication range. After receiving request, the vehicle generates route reporting packet and sends it to the RSU. In batch verification and route aggregation stage, the RSU verifies route reporting packets using batch verification technique, then sends aggregated routes to the TMC. In traffic guidance stage, TMC decrypts aggregated routes and analyse routes to provide traffic guidance for vehicles.

Setup
At this stage, DMV generates the public parameters for the whole system. It does the following:  Choose two cyclic additive groups , and a cyclic multiplicative group of prime order , let be a bilinear map . is a generator of .  Choose cryptographic hash functions , , and , where is the length of the pseudo identities.  Randomly pick as its master private key, and computes as its master public key.  Publish the system parameters as where are prestored in each entity in the system.

Initialization
At this stage, DMV generates private keys for vehicles and each RSU generates its private-public key pair. This stage is generally the same as that in PRIB [3].

Computation Overhead
The main difference between our scheme and PRIB is signature batch verification of reporting routes. So in this section, we focus the computation overhead of RSUs and show the efficiency of our improved scheme. Our experiments were implemented on a Linux machine with Intel Core i7-4790 at frequency of 3.60 GHz by using MIRACL library. As shown in Figure. 3, PRIB's verification time increases faster than ours and always longer than ours. In PRIB, when the RSU verifies the signatures of vehicles' routes, the verification of n vehicles' route reporting packets needs n+1 times of pairing operations. Pairing operations are time consuming cryptographic computations. However, in our scheme, we reduce the times of pairing operations into only 2. Also, the number of pairing operations in our scheme doesn't increase with the number of signatures. So in Figure.3, the verification time of our scheme is much lower than PRIB's time.

Security Analysis
In this section, we show that our scheme satisfies security requirements such as privacy-preserving and authentication.
 Vehicle privacy: With homomorphic encryption, each vehicle's future route is transmitted in the form of ciphertext. encrypts its route under the TMC's public key , so cannot recover 's route. Furthermore, when TMC decrypts aggregated routes which are in form of , it means that only the number of vehicles that will drive on the segment would be achieved. So even TMC cannot get knowledge of each vehicle's future route.  Authentication: Authentication is achieved by digital signatures. uses batch verification to verify multiple signatures of vehicles. The basic signature scheme in the paper is transformed from Hess's signature scheme [24]. The security of the signature scheme relies on Diffie-Hellman hard problem. The random numbers used in batch verification make the signatures unforgeable.

Conclusion
In this paper, we propose an improved route reporting scheme which is more practical than existing one. Our scheme uses the batch verification technique which can verify multiple route reporting packets in a short period of time. Compared to PRIB, our scheme not only achieves required security properties, but the computation overhead has been reduced. Both theoretical analysis and experiments show that our scheme is valid and meets the efficiency for traffic management system in VANETs. We will focus on more techniques to improve traffic management system by enhancing safety and efficiency.

Acknowledgment
This work is supported in part by the national key research and development program of China under grant 2017YFB0802004, the NSF of China under Grants 61572198, 61632012, Shanghai high technology field project under grant 16511101400.