Provably Secure with Efficient Data Sharing Scheme for Fifth-Generation...

[Full title: Provably Secure with Efficient Data Sharing Scheme for Fifth-Generation (5G)-Enabled Vehicular Networks without Road-Side Unit (RSU)]

Citation: Al-Shareeda, M.A.; Manickam, S.; Mohammed, B.A.; Al-Mekhlafi, Z.G.; Qtaish, A.; Alzahrani, A.J.; Alshammari, G.; Sallam, A.A.; Almekhlafi, K. Provably Secure with Efficient Data Sharing Scheme for Fifth-Generation (5 G)-Enabled Vehicular Networks without Road-Side Unit (RSU) Sustainability 2022 , 14 , 9961 https://doi.org/10.3390/su 14169961 Academic Editors: G G Md Nawaz Ali, Md. Noor-A-Rahim, Mohammad Omar Khyam, Xuejun Li, Lei Zhang and Manuel Fernandez-Veiga Received: 21 May 2022 Accepted: 8 August 2022 Published: 11 August 2022 Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations Copyright: © 2022 by the authors Licensee MDPI, Basel, Switzerland This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/) sustainability Article Provably Secure with Efficient Data Sharing Scheme for Fifth-Generation (5 G)-Enabled Vehicular Networks without Road-Side Unit (RSU) Mahmood A. Al-Shareeda 1 , Selvakumar Manickam 1, * , Badiea Abdulkarem Mohammed 2 , Zeyad Ghaleb Al-Mekhlafi 2 , Amjad Qtaish 2 , Abdullah J. Alzahrani 2 , Gharbi Alshammari 2 , Amer A. Sallam 3 and Khalil Almekhlafi 4 1 National Advanced IPv 6 Centre (NAv 6), Universiti Sains Malaysia, Penang 11800, Malaysia 2 College of Computer Science and Engineering, University of Ha’il, Ha’il 81481, Saudi Arabia 3 Engineering and Information Technology College, Taiz University, Taiz 6803, Yemen 4 CBA-Yanbu, Taibah University, Al Madinah 42353, Saudi Arabia * Correspondence: selva@usm.my; Tel.: +604-653-3004 Abstract: The vehicles in the fifth-generation (5 G)-enabled vehicular networks exchange the data about road conditions, since the message transmission rate and the downloading service rate have been considerably brighter. The data shared by vehicles are vulnerable to privacy and security issues. Notably, the existing schemes require expensive components, namely a road-side unit (RSU), to authenticate the messages for the joining process. To cope with these issues, this paper proposes a provably secure efficient data-sharing scheme without RSU for 5 G-enabled vehicular networks. Our work included six phases, namely: TA initialization (TASetup) phase, pseudonym-identity generation (PIDGen) phase, key generation (KeyGen) phase, message signing (MsgSign) phase, single verification (SigVerify) phase, and batch signatures verification (BSigVerify) phase. The vehicle in our work has the ability to verify multiple signatures simultaneously. Our work not only achieves privacy and security requirements but also withstands various security attacks on the vehicular network. Ultimately, our work also evaluates favourable performance compared to other existing schemes with regards to costs of communication and computation Keywords: security and privacy; 5 G-enabled vehicular networks; without RSU; data sharing scheme 1. Introduction With the continuous increasing demand for fifth-generation (5 G) technology, research on the management of vehicle-to-everything (V 2 X) communication has emerged. Unlike the conventional vehicular networks, the V 2 X communication provides networks, things, users, and vehicles with reliable connectivity, manageable, operable, controllable, and high-quality [ 1 – 4 ]. The characteristics of 5 G-enabled vehicular networks have a wide high bandwidth and coverage area. Based on data shared by 5 G wireless, during peak periods, the data transmission rate can approach 20 Gb/s, while the average data transfer rate is over 100 Mb/s [ 5 – 8 ]. The capacity of the supported network is 1000 times that of conventional networks, and it can give a more steady connection [ 9 – 11 ]. Each vehicle in V 2 X communication is usually fitted with several expensive sensors, such as cameras of high-resolution, radars of microwave, and lidars of multi-beam, to get comprehensive and reliable data within urban or highway areas [ 12 – 17 ]. Moreover, each vehicle has installed wireless devices, namely onboard units (OBUs), to share large amounts of traffic-related information with others and connect technologies of heterogeneous wireless access during the outside world [ 18 – 20 ]. There are mainly two categories of data shared by vehicles in V 2 X communication [ 21 , 22 ]. One is calamities noticed by users, such as nearby hotel ratings Sustainability 2022 , 14 , 9961. https://doi.org/10.3390/su 14169961 https://www.mdpi.com/journal/sustainability

Sustainability 2022 , 14 , 9961 2 of 19 and parking lot occupancy. The other is that information is collected by sensors when the vehicle crosses the road environment, such as conditions of the poor road, congestion of traffic, and extreme weather. With these data shared, vehicles offer the driver and passenger a comfortable driving experience, satisfactory transport access, and a safe driving environment Given the fact the 5 G-enabled vehicular network exploits wireless channels, the data shared by vehicles have security and privacy vulnerabilities [ 23 ]. The third-party has the ability to change, delete, and alter the data shared by the vehicle to cause damage to the road environment. Meanwhile, when an attacker exposes any personal data of the user (e.g., location or identity), it will cause criminal charges. Therefore, several scholars have focused on achieving security and privacy requirements for vehicular networks by proposing sophisticated data-sharing schemes Nevertheless, these schemes require expensive components called road-side units (RSUs) to cooperate in the mutual authentication phase, which raises the latency of the vehicular networks. Besides, studies [ 11 , 24 ] have proven that a compromised RSU causes leakage of secret information preserved in the RSU Hence, the main motivation of this paper is to reduce the massive overhead of performance system in terms of communication and computation costs by proposing a lightweight operations instead of bilinear pair and map-to-point function operations. Our proposed solution does not use RSU to authenticate the vehicle during mutual authentication process. Our proposed solution applies the 5 G technology to the fast exchange of messages among vehicles. This work is carried out in our simulation experiments with regards to network simulator (OMNeT++) and traffic simulator (SUMO) to analyze the results. The major contributions of our work can be listed as follows: • We retrospectively analyze the taxonomy of existing schemes for vehicular networks. Furthermore, some security vulnerabilities of these schemes are highlighted. Then, we present the vehicular network architecture with regard to the system model and security goals • We propose a provably secure with an efficient data-sharing scheme for 5 G-enabled vehicular networks. To improve efficiency further, our work does not use an expansive component called RSU for the authentication process • We implement simulation experiments over a simulation platform (traffic generation simulator and network generation simulator), displaying that the performance efficiency of our work in terms of computation and communication costs has been enhanced compared with the existing works The remainder of our work is organized as follows: Section 2 reviews the taxonomy of the existing schemes Section 3 introduces vehicular network architecture The six algorithms of the proposed scheme are provided in Section 4 . The security analysis and performance comparison of our work are presented in Sections 5 and 6 , respectively Section 7 shows the conclusions of our work 2. Related Work In this section, we retrospectively analyze some related work focusing on data-sharing among vehicles for vehicular networks. The taxonomy of existing schemes is as below Additionally, we provide a critical analysis of the related work as well 2.1. Massive Certificate-Based (MCB) Schemes The fundamental concept of Massive Certificate-Based (MCB) schemes is that TA is responsible for issuing and preloading massive numbers of certificates (roughly 44,000) and their relevant pair-keys (private and public) to participating vehicles. These certificates are assigned based on level of the anonymity to archive security and privacy for vehicular networks Several scholars [ 25 – 33 ] have proposed MCB schemes for vehicular networks However, there are three main drawbacks of the MCB schemes: (i) massive certificate

Sustainability 2022 , 14 , 9961 3 of 19 arrangement burden for TA owing to the huge pool of anonymous certificates and the relevant pair-keys are needed; (ii) storage arrangement burden owing to limit vehicle storage, and (iii) massive computation and communication overheads owing to the need to verify certification in the investigation methods 2.2. Group Signature-Based (GSB) Schemes Chaum and van Heyst [ 34 ] first proposed the fundamental concept of group signatures in 1991. The group members are permitted to sign information anonymously on behalf of all members Several scholars [ 35 – 39 ] have proposed GSB schemes to overcome the drawbacks arising MCB schemes in a vehicular network. However, there are two main drawbacks of the GSB schemes: (i) the massive size of the Certification revocation list (CRL) owing to the number of blocked vehicle’s number is growing; and (ii) massive overheads of communication and computation owing to the two pairing-based operations that are needed 2.3. Pseudonym Identity-Based (PIB) Schemes To overcome the limitations concerning the two above (MCB and GSB) schemes, several scholars proposed Pseudonym Identity-Based (PIB) schemes to provide high-level security in vehicular networks In 2015, He et al. [ 40 ] first used elliptic curve cryptography rather than pairing-based cryptography to provide efficient performance and secure communications In the scheme presented by He et al. [ 40 ], the private key of the system is saved on each vehicle. Nevertheless, if the vehicle is compromised by an adversary, the whole system is insecure. In 2017, Zhang et al. [ 41 ] designed a mutual authentication and preservation scheme to achieve distributed aggregate for the vehicular network. In the scheme designed by Zhang et al. [ 41 ], RSU is accountable for producing secret shares for vehicles within its communication area. In the same year, Azees et al. [ 42 ] designed an anonymous authentication by helping RSU to secure communication in vehicular networks. In 2018, Pournaghi et al. [ 43 ] combined the TPD of RSU and TPD of vehicles to achieve high-level security In their scheme, the TA is saved with two private keys on the TPD of RSU. Therefore, RSU is responsible for temporarily computing the specific timestamp and generating the signature key of the vehicle. In 2019, Alazzawi et al. [ 44 ] designed a pseudonym-based system to achieve a robust integrity scheme. The scheme proposed by Alazzawi et al. [ 44 ] has not achieved likability requirements, since only one pseudonym identity is used within all travailing. Furthermore, the system’s secret key is saved on the RSU without using the TPD, which makes it an easy task for the attacker to disclose the key. In the same year, Bayat et al. [ 45 ] designed a pseudonym-based to design a RSU-based authentication scheme. RSU is responsible for preloading a pool of signature keys and pseudonym-IDs to each vehicle Ali and Li [ 46 ] proposed an authentication data-sharing scheme by using RSU to authenticate a large number of messages for vehicle-to-infrastructure (V 2 I) communication This scheme replaced map-to-point hash functions by general one-way hash functions to sign message and verify signature. Nevertheless, this scheme uses bilinear pair operations, which are considered time-consuming and complicated Al-Shareeda et al. [ 47 ] designed a data-sharing scheme by using bilinear pair cryptography and cryptographic hash function. This scheme applies RSU to generate a signature key for the corresponding pseudonym-ID for authentic vehicles. This scheme is vulnerable to a massive overhead of performance costs as it uses complicated operations and is time-consuming Alshudukhi et al. [ 48 ] applied elliptic curve cryptography to propose an authentication data-sharing scheme for vehicular network. The TA in this scheme saves the system’s private key to each RSU. Once a vehicle wants to join the system, RSU computes and preloads security parameters to vehicles. However, since this scheme uses a large number of multiplication point operations based on ECC, the performance costs is challenged.

Sustainability 2022 , 14 , 9961 4 of 19 Ali et al. [ 49 ] constructed a hybrid signcryption based on and public key infrastructure and certificateless cryptosystem to provide security criteria in a single logical phase This scheme uses bilinear pair operations to sign messages and verify signatures, which causes a massive overhead of performance system 2.4. Critical Analysis The summation of related work is as follows. The majority of existing schemes are based on three classes of approaches: (i) Massive certificate-based (MCB) schemes, (ii) Group signature-based (GSB) schemes, and (iii) Pseudonym identity-based (PIB) schemes The first two approaches required high overhead costs to sign messages and verify signatures, which is not suitable for deployment in vehicular networks. In contracts, the third approach is called pseudonym identity-based (PIB) schemes, proposed by the researcher to address the overhead costs of the system. Our work is based on the third approach to address the existing scheme based on PIB schemes by applying 5 G technology and avoiding using RSU Since the existing PIB schemes apply RSU to participate authentication process, if they make assumptions that no other things can discover the secrets in a TPD of a vehicle, if a vehicle is corrupted in one RSU, the third party can calculate the RSU’s master key 3. Vehicular Network Architecture This section presents the vehicular network architecture with regard to the system model and security goals in our work for 5 G-enabled vehicular networks 3.1. System Model As presented in Figure 1 , the three main entities are called: trusted authority (TA), 5 G-base station (5 G-BS), and onboard unit (OBU) for 5 G-enabled vehicular networks The main work of these entities is explained in the following steps • Trusted Authority (TA): TA is trustworthy by all entities in the 5 G-enabled vehicular networks and has sufficient resources with regards to storage, communication, and computation. The TA is also in charge of generating the initial parameters of the network and registering the vehicles • 5 G-base Station (5 G-BS): is a radio receiver and has sufficient fast-moving and broadspectrum in 5 g-enabled vehicular networks. The main task of 5 G-BS is to connect vehicles and TA. The 5 G-BS does not save or compute the data regarding vehicular networks • Onboard Unit (OBU): Each enrolled vehicle has one onboard unit (OBU) for sending and receiving information about the surrounding environment. Each OBU has TPD to preserve sensitive data and do computation processes for cryptographic operations OBU is a considered as a terminal node in networks which enjoys all types of services for 5 G technology. Therefore, this work adds a security algorithm in a secure processing service (SPS) layer in each node for the simulation, as shown in Figure 2 . The main reason behind using the SPS layer is to implement an authentication process that is higher than the MAC and physical layer.

Sustainability 2022 , 14 , 9961 5 of 19 Figure 1. The System Model of 5 G-enabled Vehicular Networks Figure 2. Authentication Node Layers in OMNeT++ Device-to-Device (D 2 D) Communication The D 2 D wireless network in 5 G technology is determined as direct communication among vehicles (terminal nodes) without passing via infrastructure node. In a traditional network, all data must go through the infrastructure node called the base station, even if it is inside the range of D 2 D communication. As a result, D 2 D communication can considerably increase the network’s spectral efficiency in this instance 3.2. Security Goals In this section, the security requirements should be achieved in our work • Authentication and Integrity: To make sure that the message transmitted has been carried out by a registered vehicle. Besides, the message has not been tampered with • Privacy Preserving: The original identity of the message broadcasting vehicle must be protected and the message should not disclose the identity to other units so that an attacker cannot utilize their identity for themselves.

Sustainability 2022 , 14 , 9961 6 of 19 • Traceability: When issuing a forged message, the vehicle has the traceable to its signer and that power must lie with the TA • Replaying Resistance: Our work should be capable of resisting replay attackers to avoid repeating the message sent by the registered vehicle 4. Proposed Scheme To address limitations in the existing schemes, this paper proposes a provably secure efficient data-sharing scheme for 5 G-enabled vehicular networks. Our work has six phases, namely: TA initialization (TASetup) phase, pseudonym-ID generation (PIDGen) phase and key generation (KeyGen) phase, message signing (MsgSign) phase, single verification (SigVerify) phase, and batch signatures verification (BSigVerify) phase Our work is based on the scheme proposed by [ 50 ]. However, unlike the scheme proposed by [ 50 ], the proposed scheme uses 5 G-BS to provide high-efficiency data-sharing among vehicles. This paper carried out the simulation experiments with regard to network simulators and traffic simulators (SUMO) to analyze the results of these phases. Furthermore, the proposed scheme does not need an expensive component (RSU) to authenticate the messages. Vehicles in our work can renew the security groups by sending a request to TA through 5 G-BS wirelessly, which avoids repeat parameters used. The proposed scheme should be divided into the following phases: • TASetup: The TA executes TASetup phase to obtain security parameter η . The network parameters Υ and the private (secret) keys α and β are returned on this algorithm The system parameters Υ are considered as an implicit input to all methods explained below • PIDGen and KeyGen: The TA executes the PIDGen and KeyGen algorithms to return the pseudonym-ID PID i and the signature key SK i , respectively • MsgSign: The registered vehicle V i executes MsgSign algorithm. The safety-related message M i for a pseudonym-ID PID i is taken as input for returning the signature δ i • SigVerify: The verifying vehicle V j executes SigVerify algorithm. Once receiving a signature δ i on a safety-related message M i for a pseudonym-ID PID i from a vehicle V i , if the signature δ i is legitimate, it results true; otherwise, it outputs false • BSigVerify: The verifying vehicle V j executes SigVerify algorithm. Once receiving a batch of n signature ( δ 1 , δ 2 , . . . δ n ) on n safety-related messages ( M 1 , M 2 , . . . ., M n ) for n pseudonym-IDs ( PID 1 , PID 2 , . . . ., PID n ) from n vehicles ( V 1 , V 2 , . . . , V n ) simultaneously, if the signatures ( δ 1 , δ 2 , . . . δ n ) are legitimate, it results true; otherwise, it results false 4.1. TASetup The TA executes the TASetup algorithm to return the network parameters Υ and the private (secret) keys α and β as the following steps • Given a network parameter η ∈ Z + , TA selects a generator g based on a group G of the order prime q • Four cryptographic general hash functions, H 1 , H 2 , H 3 and H 4 , are chosen by TA and set as H 1 : G × G → Z ∗ q , H 2 : [ 0, 1 ] ∗ → Z ∗ q , H 3 : [ 0, 1 ] ∗ × [ 0, 1 ] ∗ × G × G × [ 0, 1 ] ∗ → Z ∗ q and H 4 : G → Z ∗ q • TA sets the randomly picked number α ∈ Z ∗ q as a private (secret) key, then measures its corresponding public key ξ Pub − α = g α for private key extraction • TA sets the randomly picked number β ∈ Z ∗ q as a private (secret) key, then measures its corresponding public key ξ Pub − β = g β for traceability • The network public parameters are set as Υ = { g , G , q , H 1 , H 2 , H 3 , H 4 , ξ Pub − α , ξ Pub − β } Note that private (secret) keys α and β are only known to TA Since our work is based on 5 G technology, it is an easy task to renew the groups to avoid repeating them during the next steps. The renew process executes between vehicle and TA through 5 G-BS.

Sustainability 2022 , 14 , 9961 7 of 19 4.2. PIDGen and KeyGen To achieve mutual authentication and privacy-preservation in our work, the pseudonym- IDs ( PIDs ) that are particularly concerned with the relevant original identities OIDs should be used by following these steps: • User submits the original identity OID of his/her vehicle to TA via secure communication. TA is responsible for testing the validity of OID • Once confirmed the authenticity of OID , TA sets a group of the randomly selected values { ω i , l , ω i ,2 , . . ω i , n } ∈ Z ∗ q as a private key and then measures the relevant public keys PK ∗ i = { PK i , l , PK i ,2 , . . PK i , n } , where PK i , l = g ω i , l and l ∈ { 1, 2, . n } • TA then computes a group of PIDs for vehicle V i as PID ∗ i = { PID i , l , PID i ,2 , . . . , PID i , n } , where PID i , l = OID i ⊕ H 1 ( PK β i , l , ξ Pub − β ) and l ∈ { 1, 2, . n } • Once calculating the PID ∗ i , TA sets randomly selected values SK ∗ i = { SK i , l , SK i ,2 , . . . SK i , n } as a signature keys, where SK i , l = α H 2 ( PID i , l ) and l ∈ { 1, 2, . n } • Ultimately, TA preloads the network parameters Υ and groups { PK ∗ i , PID ∗ i , SK ∗ i } to TPD of vehicle V i through a secure channel 4.3. MsgSign Prior to sending the safety-related messages to public channel in 5 G-enabled vehicular network, vehicle V i signs them to achieve integrity and authentication. The messagesignature tuples on one message M i ∈ [ 0, 1 ] ∗ by participating vehicle V i is demonstrated as the following steps • Vehicle V i sets the randomly selected a signature key SK i , l , a relevant PK i , l and pseudonym-ID PID i , l from the groups PK ∗ i , PID ∗ i , and SK ∗ i , respectively • Vehicle V i sets the randomly picked value d i ∈ Z ∗ q and calculates D i = g d i • Vehicle V i signs message M i ∈ [ 0, 1 ] ∗ as Θ i = H 3 ( M i , D i , T i , PID i , l , PK i , l ) , where T i is a freshness timestamp • Vehicle V i computes signature δ i = ( H 4 ( D i ) − SK i , l Θ i ) d − 1 i • Finally, vehicle V i broadcasts the message-signature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } to others in 5 G-enabled vehicular networks 4.4. SigVerify Once the verifying vehicle V j has acquired a single tuple signed by V i , the following steps should be executed • Upon receiving the message-signature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } , the verifying vehicle V j tests the brightness of timestamp T i . Verifying vehicle V j rejects the message if it is not valid • If T i is fresh, verifying vehicle V j then calculates H 2 ( PID i , l ) and Θ i = H 3 ( M i , D i , T i , PID i , l , PK i , l ) • Finally, verifying vehicle V j checks whether Equation ( 1 ) holds or not D δ i i ξ H 2 ( PID i , l ) Θ i Pub − α ? = g H 4 ( D i ) (1)

Sustainability 2022 , 14 , 9961 8 of 19 If Equation ( 1 ) is achieved, then the verifying vehicle V j accepts the message M i ; otherwise, the V j rejects it. The correctness of the SigVerify’s Equation is explained as follows: D δ i i ξ H 2 ( PID i , l ) Θ i Pub − α = ( g d i ) ( H 4 ( D i ) − SK i , l Θ i ) d − 1 i ( g α ) H 2 ( PID i , l ) Θ i = g d i ( H 4 ( D i ) − α H 2 ( PID i , l ) Θ i ) d − 1 i g α H 2 ( PID i , l ) Θ i = g d i d − 1 i H 4 ( D i ) − α H 2 ( PID i , l ) Θ i g α H 2 ( PID i , l ) Θ i = g H 4 ( D i ) − α H 2 ( PID i , l ) Θ i g α H 2 ( PID i , l ) Θ i = g H 4 ( D i ) − α H 2 ( PID i , l ) Θ i + α H 2 ( PID i , l ) Θ i = g H 4 ( D i ) 4.5. BSigVerify Upon receiving n message-signature tuples { M i 1 , PID i , l 1 , PK i , l 1 , D i 1 , T i 1 , δ i 1 } , { M i 2 , PID i , l 2 , PK i , l 2 , D i 2 , T i 2 , δ i 2 } ,. . . , { M i n , PID i , l n , PK i , l n , D i n , T i n , δ i n } simultaneously Verifying vehicle V j uses the system public parameters Υ = { g , G , q , H 1 , H 2 , H 3 , H 4 , ξ Pub − α , ξ Pub − β } to verify batch messages as the following steps • Verifying vehicle V j tests the validity of { T 1 , T 2 . . T n } , and drops the messages if some of them are not valid • Verifying vehicle V j sets the randomly selected n values { γ 1 , γ 2 . . γ n } , where γ i ∈ R [ 1, 2 m ] for m = 80 and i = 1, 2 . . . , n is typically acceptable [ 51 ]. • Verifying vehicle V j then calculates H 2 ( PID i , l ) and Θ i = H 3 ( M i , D i , T i , PID i , l , PK i , l ) , where i = 1, 2 . . . , n • Finally, verifying vehicle V j checks whether Equation ( 2 ) holds or not g ∑ n i = 1 ( γ i H 4 ( D i )) ? = n ∑ i = 1 D γ i δ i i ξ γ i H 2 ( PID i , l ) Θ i Pub − α (2) If Equation ( 2 ) is achieved, then the verifying vehicle V j accepts the messages; otherwise, the V j discards them. The correctness of the BSigVerify’s Equation is explained as follows: n ∑ i = 1 D γ i δ i i ξ γ i H 2 ( PID i , l ) Θ i Pub − α = n ∑ i = 1 ( g γ i d i ) ( H 4 ( D i ) − SK i , l Θ i ) d − 1 i ( g γ i α ) H 2 ( PID i , l ) Θ i = n ∑ i = 1 g γ i d i ( H 4 ( D i ) − α H 2 ( PID i , l ) Θ i ) d − 1 i g γ i α H 2 ( PID i , l ) Θ i = n ∑ i = 1 g γ i d i d − 1 i H 4 ( D i ) − α H 2 ( PID i , l ) Θ i g γ i α H 2 ( PID i , l ) Θ i = n ∑ i = 1 g γ i H 4 ( D i ) − α H 2 ( PID i , l ) Θ i g γ i α H 2 ( PID i , l ) Θ i = n ∑ i = 1 g γ i H 4 ( D i ) − α H 2 ( PID i , l ) Θ i + γ i α H 2 ( PID i , l ) Θ i = g ∑ n i = 1 γ i H 4 ( D i )

Sustainability 2022 , 14 , 9961 9 of 19 5. Security Analysis In this section, the security definition, provable security, and security level of our work are analyzed in the following subsections 5.1. Security Definition The security model for the proposed scheme is provided by a game activated between a polynomial-time adversary A and a challenger I . In the model, adversary A can access polynomially bounded queries oracle adaptively to challenger I as the following steps Setup: In this process, a TASetup algorithm of the 5 G-enabled vehicular networks is simulated I runs the TASetup algorithm to compute the network parameters Υ and the private (secret) keys α and β . Once receiving this query, I sends Υ to A H i = 1,2,3,4 : When sending the information query IQ , I sets the randomly selected number θ i ∈ Z ∗ q and saves ( IQ , θ i ) in the list L i . Then, I returns θ i to A GenerateVeh: When receiving the original identity OID i of vehicle V i , I computes pseudonym-IDs PID ∗ i and signature keys SK ∗ i of vehicle V i . Then I saves { OID i , PID ∗ i , SK ∗ i } in the list L veh CorruptVeh: When receiving the original identity OID i of vehicle V i , I sends pseudonym-IDs PID ∗ i and signature keys SK ∗ i of vehicle V i to A SignatureGen: When submitting pseudonym-ID PID i and message M by A , I produces and returns the relevant the message-signature tuples to A Upon performing the above queries, A forges the signature δ ∗ i of safety-related message M ∗ i related with original identity OID ∗ i of vehicle V ∗ i Forgery: When the below steps are achieved, A wins the game • δ ∗ i is a legal signature of the message M − • A signature of M − has not been queried in the CorruptVeh and SignatureGen Let the function Adv Scheme Ω A indicate the advantage of A in breaking the proposed scheme Ω Definition 1. The proposed scheme Ω for 5 G-enabled vehicular networks is chosen-message and chosen-identity secure, when the function Adv Scheme Ω A is negligible for A 5.2. Provable Security According to Definition 1, the selected message and chosen identity of our work utilizing the random oracle model (ROM) are analyzed. Figure 3 shows a game between a challenger I and an attacker A Figure 3. A game between a challenger I and an attacker A Theorem 1. Supposing that the underlying DLP is unsolvable, the proposed scheme for 5 G-enabled vehicular networks is secure in the ROM Proof. Suppose that an attacker of polynomial-time A can forge a legal the messagesignature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } by an advantage of non-negligible Adv Scheme Ω A ,

Sustainability 2022 , 14 , 9961 10 of 19 then challenger I could resolve DLP with advantage of non-negligible via working the A as a subroutine. Consider ξ Pub − α = g α be an example of the DLP, and main work of the A is to calculate α . Initially, I produces Υ = { g , G , q , H 1 , H 2 , H 3 , H 4 , ξ Pub − α , ξ Pub − β } to A Then A runs oracle-queries adaptively modeled by I as the following steps Oracle ( H 1 ) : I initializes the form of { $ , ξ Pub − β , µ 1 } in the list L H 1 firstly. Once a query { $ , ξ Pub − β } is issued by A , I tests whether the form of { $ , ξ Pub − β , µ 1 } existing in the list L H 1 . If exists, I produces µ 1 = H 1 ( $ , ξ Pub − β ) to A , otherwise, I sets the randomly selected nonce µ 1 ∈ Z ∗ q , produces to µ 1 = H 1 ( $ , ξ Pub − β ) to A and puts { $ , ξ Pub − β , µ 1 } to the list L H 1 Oracle ( H 2 ) : I initializes the form of { λ , µ 2 } in the list L H 2 firstly. Once a query { λ } is issued by A , I tests whether the form of { λ , µ 2 } existing in the list L H 2 . If exists, I produces µ 2 = H 2 ( λ ) to A , otherwise, I sets the randomly selected nonce µ 2 ∈ Z ∗ q , produces to µ 2 = H 2 ( λ ) to A and puts { λ , µ 2 } to the list L H 2 Oracle ( H 3 ) : I initializes the form of { M i , D i , T i , PID i , l , PK i , l , µ 3 } in the list L H 3 firstly. Once a query { M i , D i , T i , PID i , l , PK i , l } is issued by A , I tests whether the form of { M i , D i , T i , PID i , l , PK i , l , µ 3 } existing in the pool L H 2 If exists, I produces µ 3 = H 3 ( M i , D i , T i , PID i , l , PK i , l ) to A , otherwise, I sets the randomly selected nonce µ 3 ∈ Z ∗ q , produces to µ 3 = H 3 ( M i , D i , T i , PID i , l , PK i , l ) to A and puts { M i , D i , T i , PID i , l , PK i , l , µ 3 } to the list L H 3 Oracle ( H 4 ) : I initializes the form of { D i , µ 4 } in the list L H 4 firstly. Once a query { D i } is issued by A , I tests whether the form of { D i , µ 4 } existing in the list L H 4 . If exists, I produces µ 4 = H 4 ( D i ) to A , otherwise, I sets the randomly selected nonce µ 4 ∈ Z ∗ q , produces to µ 4 = H 4 ( D i ) to A and puts { D i , µ 4 } to the list L H 4 Oracle(GenerateVeh): I initializes the form of { OID i , η , SK i , PID i , PK i } in the list L veh firstly. Once sending a query { OID i , η , SK i , PID i , PK i } to by I , A tests whether the form of { OID i , η , SK i , PID i , PK i } existing in the pool L veh . If exists, I results PK i to A , otherwise, I runs the following two points • If OID i = OID ∗ i , I sets the randomly selected three values η i , µ 1 and µ 2 , calculates PK i = g η i and holds { SK i , PID i } I saves { OID i , η , SK i , PID i , PK i } , { $ , ξ Pub − β , µ 1 } and { λ , µ 2 } in the list L veh , L H 1 and L H 2 respectively. Finally, I returns PK i to A • If OID i 6 = OID ∗ i , I sets the randomly selected three values η i , µ 1 and µ 2 , calculates PK i = g η i , PID i = OID i ⊕ µ 1 and SK i = α µ 2 I saves { OID i , η , SK i , PID i , PK i } , { $ , ξ Pub − β , µ 1 } and { λ , µ 2 } in the list L veh , L H 1 and L H 2 respectively. Ultimately, I results PK i to A Oracle(CorruptVeh): I invokes { OID i , η , SK i , PID i , PK i } from L veh and produces { SK i , PID i } to A Oracle(SignatureGen): When receiving a query with pseudonym-ID PID i and message M i from A , I sets the randomly selected three values d i , µ 3 and µ 4 and calculates D i = g d i , δ i = ( H 4 ( D i ) − SK i , l Θ i ) d − 1 i I saves { M i , D i , T i , PID i , l , PK i , l , µ 3 } and { D i , µ 4 } in the list L H 3 and L H 4 , respectively. Finally, I returns the message-signature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } to A At last, A outputs the message-signature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } to I If PID i 6 = PID ∗ i , then I ends the game I verifies whether Equation ( 3 ) holds D δ i i ξ H 2 ( PID i , l ) Θ i Pub − α ? = g H 4 ( D i ) (3) When it is wrong, then I breaks the game by using forking lemma in [ 52 ]. When the I attempts the process with a various chosen H 2 , then A can result in another valid message-signature tuple { M i , PID i , l , PK i , l , D i , T i , δ ∗ i } with the advantage Adv Scheme Ω A > 1 9 . Therefore, it obtains the following equation D δ ∗ i i ξ H 2 ( PID i , l ) Θ ∗ i Pub − α ? = g H 4 ( D i ) (4)

Sustainability 2022 , 14 , 9961 11 of 19 Based on Equations ( 3 ) and ( 4 ), it can be concluded as follows D δ i − δ ∗ i i ? = ξ H 2 ( PID i , l ) ( Θ i − Θ ∗ i ) Pub − α (5) D δ i Θ ∗ i − δ ∗ i Θ i i ? = g H 4 ( D i ) ( Θ ∗ i − Θ i ) (6) Thus, according to the above two equations, it can be respectively concluded as follows • D δ i − δ ∗ i i ? = g H 4 ( D i ) ( Θ ∗ i − Θ i ) , ( g ) d i ( δ i − δ ∗ i ) ? = ( g ) x H 2 ( PID i , l ) ( Θ ∗ i − Θ i ) d i δ i − δ ∗ i ? = α H 2 ( PID i , l ) ( Θ ∗ i − Θ i ) (7) • D δ i Θ ∗ i − δ ∗ i Θ i i ? = g H 4 ( D i ) ( Θ ∗ i − Θ i ) , g d i ( δ i Θ ∗ i − δ ∗ i Θ i ) ? = g H 4 ( D i ) ( Θ ∗ i − Θ i ) d i ( δ i Θ ∗ i − δ ∗ i Θ i ) ? = H 4 ( D i ) ( Θ ∗ i − Θ i ) (8) Based on the above two equations, I results H 4 ( D i ) H 2 ( PID i , l ) − 1 ( δ i − δ ∗ i ) ( δ i Θ ∗ i − δ ∗ i Θ i ) − 1 as the output of the DLP. The following events to resolve the DLP by I are analyzed • EV pid indicates the event that PID ∗ i = PID i • EV f abricate indicates the event that I can fabricate two legal signatures Let N H 2 indicates the value of H 2 oracle queries. Therefore, it outputs Prob [ EV pid ] = 1 N H 2 , Prob [ EV f abricate | EV pid ] > 1 9 . The advantage and Adv Scheme Ω A that A could resolve the DLP is as follows Prob [ EV f abricate ∧ EV pid ] = Prob [ EV f abricate | EV pid ] Prob [ EV pid ] > 1 9 Adv Scheme Ω A 1 N H 2 = Adv Scheme Ω A 9 N H 2 Thus, I resolves the DLP with an advantage of non-negligible Adv Scheme Ω A 9 N H 2 owing to the bounded N H 2 and non-negligible Adv Scheme Ω A . Hence, this completes the security proof for the proposed scheme 5.3. Security Requirements Our work should be achieved the security goals (Section 3.2 ) concerning security requirements as follows • Authentication and Integrity: Once the vehicle sending the message-signature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } to others, the checker in our work checks the correctness D δ i i ξ H 2 ( PID i , l ) Θ i Pub − α ? = g H 4 ( D i ) for testing the tuple’s integrity and authenticity. According to Theorem 1 in Section 5.2 , there is no attacker A of polynomial-time that could impersonate/generate a legitimate message if the DLP is hardness • Privacy Preserving: In the PIDGen and KeyGen phase, the vehicle’s true identity is hidden in the PID ∗ i = { PID i , l , PID i ,2 , . . . , PID i , n } by TA, where PID i , l = OID i ⊕ H 1 ( PK β i , l , ξ Pub − β ) and l ∈ { 1, 2, . n } . To disclose the vehicle’s true identity OID i from PID i , l = OID i ⊕ H 1 ( PK β i , l , ξ Pub − β ) , A requires to calculate ξ Pub − β = g β based on β ∈ Z ∗ q . Nevertheless, this process contradicts the hardness of CDHP. Thus, our work satisfies privacy preserving • Traceability: By tracing the origin of messages sent, the TA is able to revoke and block the enrollment of any attacker that attempts to broadcast forge messages or disturb the system in 5 G-enable vehicular networks. Once receiving the forge message, the vehicle reports it to the TA to verify its aid and, if available in the list, calculates the OID i as OID i = PID i , l ⊕ H 1 ( β PK β i , l , ξ Pub − β ) utilizing master key β . Thus, the function of traceability is provided by our work.

Sustainability 2022 , 14 , 9961 12 of 19 • Replaying Resistance: Our work can resist replay attacks by utilizing timestamp T i in the message-signature tuples { M i , PK i , l , PID i , l , D i , T i , δ i } . It denotes the signing time of tuples. Let T ri is the arrival time of the message. It requires to verify if T ri − T i ≥ ∆ T When this condition holds, then there is no replay attacks 5.4. Security Level In this section, we show the security level of our work compared to the existing schemes in terms of privacy and security requirements. Therefore, we summarize and compare the security and piracy requirements of our work with the existing works He et al. [ 40 ], Azees et al. [ 42 ], Pournaghi et al. [ 43 ], and Bayat et al. [ 45 ] in Table 1 . Thereby, all related works require RSU aid. Schemes of Azees et al. [ 42 ] and Bayat et al. [ 45 ] are vulnerable to replay attacks. Azees et al.’s scheme [ 42 ] is not satisfied by mutual authentication. As a result of Table 1 , it can be concluded that our work achieves better security properties as compared to other works tabulated in that table Table 1. Comparison of Security Properties Schemes Authentication and Integrity Privacy Preserving Replaying Resistance Traceability No RSU Aided He et al. [ 40 ] 3 3 3 3 7 Azees et al. [ 42 ] 7 3 7 3 7 Pournaghi et al. [ 43 ] 3 3 3 3 7 Bayat et al. [ 45 ] 3 3 7 3 7 Our work 3 3 3 3 3 6. Performance Comparison In this section, the performance comparison of our work is evaluated with regard to costs of communication and computation. Meanwhile, the performance of our work is compared with schemes He et al. [ 40 ], Azees et al. [ 42 ], Pournaghi et al. [ 43 ], and Bayat et al. [ 45 ] via an experiment of simulation As presented in Figure 4 , this work utilizes traffic generation simulator and network generation simulator such as OpenStreetMap [ 53 ], GatcomSUMO [ 54 ], SUMO [ 55 ] OM- NeT++ [ 56 ], VEINS [ 57 ], Simu 5 G [ 58 ], and MIRACL [ 59 , 60 ] to execute experiments of simulation for 5 G-enabled vehicular networks. OpenStreetMap is a very real trusted map website. GatcomSUMO is a java-based program utilized to facilitate the connection between the generation of traffic (SUMO) and the generation of the network (OMNeT++). SUMO is a road traffic simulation with a highly portable. OMNeT++ is a open-architecture for networks. Veins are joined with the generation of road traffic and the generation of networks. INET is a framework OMNeT++ suited for wired, wireless, and mobile networks. Simu 5 G is suited for a 5 G-enabled vehicular network. MIRACL is a cryptographic library utilized to run operations based on cryptography algorithms. Table 2 lists the parameters of the simulation experiment.

Sustainability 2022 , 14 , 9961 13 of 19 Figure 4. Simulation Experiments for 5 G-enabled Vehicular Networks Table 2. Parameters of Simulation Experiment Parameters Value Play ground size x = 3463 m, y = 4270 m and z = 50 m Simulation time 200 s Physical Layer IEEE 802.11 p Mac Layer IEEE 1609.4 Bit rate 6 Mbps Maximum transmission 20 mW 6.1. Computation Costs For a fair evaluation, the notations with the costs of the execution time of some cryptographic operations are tabulated in Table 3 . This paper considers the computation overheads of generating pseudonym-IDs, signed message, and verification process, and compares them with existing schemes in Table 4 . Table 3. Notation with its Costs of Execution Time Notation Descriptions Execution Time T bp a bilinear pairing − e (P,Q) 5.811 ms T mul a BP scalar multiplication s − P 1.5654 ms T add a BP point addition − P + − Q 0.0106 ms T MTP a MapToPoint hash function 4.1724 ms t mul a ECC scalar multiplication operation s P 0.6718 ms t add a ECC point addition operation P + Q 0.0031 ms t h a secure cryptographic hash function 0.0001 ms

Sustainability 2022 , 14 , 9961 14 of 19 Table 4. The Cost of Computation of Five Authentication Schemes Scheme MsgSign Phase SigVerify Phase BSigVerify Phase He et al.’s scheme [ 40 ] 3 t mul + 3 t h ≈ 2.0156 ms 5 t mul + t add + 2 t h ≈ 3.3622 ms ( 2 + 3 n ) t mul + ( 2 n − 1 ) t add + ( 2 n ) t h ≈ 1.3405 + 2.0236 n ms Azees et al.’s scheme [ 42 ] 1 T mul + 1 t h ≈ 1.5655 ms 2 T bp + 5 T mul + 2 T add ≈ 19.661 ms ( 1 + n ) T bp + ( 5 n ) T mul + ( 2 n ) T add ≈ 5.811 + 13.6592 n ms Pournaghi et al.’s scheme [ 43 ] 3 T mul + 1 T add + 2 t h + 1 T MTP ≈ 8.8794 ms 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 21.6054 ms 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 17.433 + 5.7378 n ms Bayat et al. ’s scheme [ 45 ] 1 T MTP ≈ 4.1724 ms 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 21.6054 ms 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 17.433 + 5.7378 n ms The proposed scheme 1 t mul + 2 t h ≈ 0.6719 ms 4 t mul + t add + 2 t h ≈ 2.6904 ms ( 2 + 2 n ) t mul + ( n ) t add + ( 2 n ) t h ≈ 1.3436 + 1.3469 n ms In the MsgSign phase of the scheme of He et al. [ 40 ], the user needs to run three operations with regard to ECC scalar multiplication and three operations with regard to general hash function. Hence, the cost of computation of the MsgSign phase is 3 t mul + 3 t h ≈ 2.0156 ms. In the SigVerify phase of He et al.’s scheme [ 40 ], the user needs to run five operations with regard to scalar multiplication, one operation with regard to addition point and two operations with regard to hash function. Hence, the cost of computation of the SigVerify phase is 5 t mul + t add + 2 t h ≈ 3.3622 ms. In the BSigVerify phase of He et al.’s scheme [ 40 ], the vehicle needs to run (2 + 3 n) operations with regard to scalar multiplication, (2 n − 1) operations with regard to addition point and (2 n) operations with regard to hash function. Hence, the cost of computation of the BSigVerify phase is ( 2 + 3 n ) t mul + ( 2 n − 1 ) t add + ( 2 n ) t h ≈ 1.3405 + 2.0236 n ms In the MsgSign phase of Azees et al.’s scheme [ 42 ], the user needs to run one operation with regard to BP scalar multiplication and one operation with regard to general hash function. Hence, the cost of computation of the MsgSign phase is 1 T mul + 1 t h ≈ 1.5655 ms In the SigVerify phase of Azees et al.’s scheme [ 42 ], the user needs to run two operations with regard to bilinear pair, five operations with regard to scalar multiplication, and two operations with regard to addition point. Hence, the cost of computation of the SigVerify phase is 2 T bp + 5 T mul + 2 T add ≈ 19.661 ms. In the BSigVerify phase of Azees et al.’s scheme [ 42 ], the user needs to run (1 + n) operations with regard to bilinear pair, (5 n) operations with regard to scalar multiplication, and (2 n) operations with regard to addition point. Hence, the cost of computation of the BSigVerify phase is ( 1 + n ) T bp + ( 5 n ) T mul + ( 2 n ) T add ≈ 5.811 + 13.6592 n ms In the MsgSign phase of Pournaghi et al.’s scheme [ 43 ], the user needs to run three operations with regard to scalar BP multiplication, one operation with regard to addition point, two operations with regard to general hash function, and one operation with regard to MapToPoint hash function. Hence, the cost of computation of the MsgSign phase is 3 T mul + 1 T add + 2 t h + 1 T MTP ≈ 8.8794 ms. In the SigVerify phase of the Pournaghi et al.’s scheme [ 43 ], the user needs to run three operations with regard to bilinear pair, one operation with regard to scalar multiplication, and one operation with regard to MapToPoint hash function. Hence, the cost of computation of the SigVerify phase is 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 21.6054 ms. In the BSigVerify phase of Pournaghi et al.’s scheme [ 43 ], the user needs to run three operations with regard to bilinear pair, (n) operations with regard to scalar multiplication, and (n) operations with regard to MapToPoint hash function. Hence, the cost of computation of the BSigVerify phase is 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 17.433 + 5.7378 n ms In the MsgSign phase of Bayat et al.’s scheme [ 45 ], the user needs to run only one operation with regard to MapToPoint hash function. Hence, the cost of computation of the MsgSign phase is 1 T MTP ≈ 4.1724 ms. In the SigVerify phase of the Bayat et al.’s scheme [ 45 ], the user needs to run three operations with regard to bilinear pair, one operation with regard to scalar multiplication, and one operation with regard to

Sustainability 2022 , 14 , 9961 15 of 19 MapToPoint hash function. Hence, the cost of computation of the SigVerify phase is 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 21.6054 ms. In the BSigVerify phase of Bayat et al.’s scheme [ 45 ], the user needs to run three operations with regard to bilinear pair, (n) operations with regard to scalar multiplication, and (n) operations with regard to MapToPoint hash function. Hence, the cost of computation of the BSigVerify phase is 3 T bp + ( n ) T mul + ( n ) T MTP ≈ 17.433 + 5.7378 n ms In the MsgSign phase of our work, the user needs to run one operation with regard to ECC scalar multiplication and two operations with regard to general hash function. Hence, the cost of computation of the MsgSign phase is 1 t mul + 2 t h ≈ 0.6719 ms In the SigVerify phase of our work, the vehicle needs to run four operations with regard to scalar multiplication, one operation with regard to addition point and two operations with regard to hash function. Hence, the cost of computation of the SigVerify phase is 4 t mul + t add + 2 t h ≈ 2.6904 ms. In the BSigVerify phase of our work, the user needs to run (2 + 2 n) operations with regard to scalar multiplication, (n) operations with regard to addition point, and (2 n) operations with regard to hash function. Hence, the cost of computation of the BSigVerify phase is ( 2 + 2 n ) t mul + ( n ) t add + ( 2 n ) t h ≈ 1.3436 + 1.3469 n ms Furthermore, the entire time is based on the runtime of each cryptographic operation The elapsed time (ET) between the exit and entrance is the overhead cost ET = 1 M n ∑ i = 1 M ( T i out − T i in ) (9) where, M is the message number, T i in is the entrance time of message i , and T i out is the exit time of message i . Figures 5 and 6 depict the average time to sign and verify a message between the proposed and scheme of He et al. [ 40 ]. The main reason for comparing our work against only He et al. [ 40 ] is to the same cryptography operations (e.g., ECC) used to sign message and verify signature. Additionally, the cost of He et al.’s scheme [ 40 ] is most efficient compared with other schemes according to Table 4 . The results of the experimental methods show that our work is much more efficient than existing methods Figure 5. Average Time to Sign Message Figure 6. Average Delay to Verify Message.

Sustainability 2022 , 14 , 9961 16 of 19 6.2. Communication Costs In this section, the primary concentrate is the cost of communication included in the timestamps, signatures, and pseudonym-IDs for the message-signature tuples Table 5 shows the sizes of cryptographic elements used for communication costs Table 5. The Sizes of Elements Used Element Size Z ∗ q 160 bits G 320 bits G 1 1024 bits Timestamp 32 bits Hash function 160 bits In the scheme of He et al. [ 40 ], the signer broadcasts the message-signature tuple { M i , R i , AID i ,1 , T i , AID i ,2 , σ i } to the recipient, where σ i ∈ Z q , { R i , AID i ,2 , AID i ,1 } ∈ G and T i is a timestamp. Consequently, the cost of communication is 3 × 320 + 160 + 32 = 1152 bits. In the scheme of Azees et al. [ 42 ], the signer broadcasts the message-signature tuple { Cert k || Y k || Sig } to the recipient, where Cert k = { E i || σ 1 |||| y v || λ || σ 2 || Y k || y u || DID ui } , { E i , y u , Y k , DID u i , sig } ∈ G 1 , { σ 2 , σ 1 , λ } ∈ Z ∗ q , c is a hash operation. Consequently, the cost of communication is 6 × 1024 + 3 × 160 + 32 = 6656 bits. In Pournaghi et al.’s scheme [ 43 ], the signer sends the message-signature tuple { M i , ID RSU j , pID 1 i , pID 2 i , σ i } to the recipient, where { pID 1 i , pID 2 i } ∈ G 1 and { σ i , ID RSU j } ∈ Z ∗ q . Consequently, the cost of communication is 2 × 1024 + 2 × 160 = 2368 bits. In Bayat et al.’s scheme [ 45 ] the signer broadcasts the message-signature tuple { M i , pID 1 i , pID 2 i , σ i } to the recipient, where { pID 1 i , pID 2 i } ∈ G 1 and σ i ∈ Z ∗ q . Consequently, the cost of communication is 2 × 1024 + 1 × 160 = 2208 bits In our work, the signer sends the message-signature tuple { M i , PK i , l , PID i , l , D i , T i , δ i } to others in 5 G-enabled vehicular networks, where { PK i , l , D i } ∈ G , T i is the timestamp and { δ i , PID i , l } is a hash operations. Consequently, the cost of communication is 2 × 320 + 2 × 160 + 32 = 992 bits Communication cost comparisons for all works are presented in Table 6 . Similar to the cost of computation, our work is significantly better than other existing works, as presented in Figure 7 . Table 6. The Costs of Communication Comparison Scheme Message-Signature Tuple Size (bits) n Size (bits) He et al. [ 40 ] { AID i ,1 , AID i ,2 , M i , R i , T i , σ i } 3 × 320 + 160 + 32 = 1152 1152 n Azees et al. [ 42 ] { Sig || Y k || Cert k } 6 × 1024 + 3 × 160 + 32 = 6656 6656 n Pournaghi et al. [ 43 ] { M i , ID RSU j , pID 1 i , pID 2 i , σ i } 2 × 1024 + 2 × 160 = 2368 2368 n Bayat et al. [ 45 ] { M i , pID 1 i , pID 2 i , σ i } 2 × 1024 + 1 × 160 = 2208 2208 n Our Proposed { M i , PK i , l , PID i , l , D i , T i , δ i } 2 × 320 + 2 × 160 + 32 = 992 992 n Figure 7. The Costs of Communication Comparison.

Sustainability 2022 , 14 , 9961 17 of 19 7. Conclusions This paper proposed a provably secure with efficient data-sharing scheme without using RSU for 5 G-enabled vehicular networks. Our work does not use an expansive component called RSU for the authentication process to improve efficiency further. Furthermore, the provable security displayed that our work is secure against adaptive selected-message attacks based on the random oracle model. Furthermore, our work not only achieves the requirements of security (message authentication and integrity, identity privacy preservation, and traceability) but also resists the security attacks such as replay attacks. This work carried out our simulation experiments with regard to network simulator (OMNeT++) and traffic simulator (SUMO) to analyze the results. Lastly, this paper reduces the computation cost to sign the message, verify signature, and batch signature verification by 66.67%, 19.98%, and 20.01%, respectively. This paper reduces the communication overhead the message-signature-tuple size by 13.89% The major limitation the proposed approach is uses large numbers (e.g., four operations) of ECC-based multiplication point to verify messages sent among vehicles A fast-moving vehicle requires fast verification by using lightweight operations to verify messages. Therefore, in future work, it will contain the design of a fog computing-based authentication scheme that uses an operation based on ECC cryptographic algorithm in 5 G-enabled vehicular networks Author Contributions: Conceptualization, writing—review and editing, M.A.A.-S.; writing—original draft preparation, investigation, supervision, S.M.; funding acquisition, software, visualization, B.A.M.; methodology, funding acquisition, resources, Z.G.A.-M.; project administration, funding acquisition, software, A.Q.; funding acquisition, investigation, resources, A.J.A.; data curation, software, visualization, G.A.; visualization, methodology, visualization, supervision, A.A.S.; and investigation, methodology, validation, K.A. All authors have read and agreed to the published version of the manuscript Funding: This research has been funded by the Scientific Research Deanship at the University of Ha’il, Saudi Arabia, through project number RG-21098 Institutional Review Board Statement: Not Applicable Informed Consent Statement: Not Applicable Data Availability Statement: Not Applicable Acknowledgments: We would like to acknowledge the Scientific Research Deanship at the University of Ha’il, Saudi Arabia, for funding this research Conflicts of Interest: The authors declare no conflict of interest References 1 Al-Shareeda, M.A.; Manickam, S.; Mohammed, B.A.; Al-Mekhlafi, Z.G.; Qtaish, A.; Alzahrani, A.J.; Alshammari, G.; Sallam, A.A.; Almekhlafi, K. CM-CPPA: Chaotic Map-Based Conditional Privacy-Preserving Authentication Scheme in 5 G-Enabled Vehicular Networks Sensors 2022 , 22 , 5026. [ CrossRef ] 2 Al-Shareeda, M.A.; Manickam, S. Man-In-The-Middle Attacks in Mobile Ad Hoc Networks (MANETs): Analysis and Evaluation Symmetry 2022 , 14 , 1543. [ CrossRef ] 3 Cheng, X.; Chen, C.; Zhang, W.; Yang, Y. 5 G-enabled cooperative intelligent vehicular (5 GenCIV) framework: When Benz meets Marconi IEEE Intell. Syst 2017 , 32 , 53–59. [ CrossRef ] 4 Al-Shareeda, M.A.; Anbar, M.; Manickam, S.; Khalil, A.; Hasbullah, I.H. Security and Privacy Schemes in Vehicular Ad-Hoc Network With Identity-Based Cryptography Approach: A Survey IEEE Access 2021 , 9 , 121522–121531. [ CrossRef ] 5 Al-Shareeda, M.A.; Anbar, M.; Manickam, S.; Hasbullah, I.H. Towards identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks IEEE Access 2021 , 9 , 113226–113238. [ CrossRef ] 6 Prasad, K.S.V.; Hossain, E.; Bhargava, V.K. Energy efficiency in massive MIMO-based 5 G networks: Opportunities and challenges IEEE Wirel. Commun 2017 , 24 , 86–94. [ CrossRef ] 7 Al-Shareeda, M.A.; Manickam, S.; Mohammed, B.A.; Al-Mekhlafi, Z.G.; Qtaish, A.; Alzahrani, A.J.; Alshammari, G.; Sallam, A.A.; Almekhlafi, K. Chebyshev Polynomial-Based Scheme for Resisting Side-Channel Attacks in 5 G-Enabled Vehicular Networks Appl. Sci 2022 , 12 , 5939. [ CrossRef ]

Sustainability 2022 , 14 , 9961 18 of 19 8 Fascista, A.; Coluccia, A.; Wymeersch, H.; Seco-Granados, G. Downlink single-snapshot localization and mapping with a single-antenna receiver IEEE Trans. Wirel. Commun 2021 , 20 , 4672–4684. [ CrossRef ] 9 Al-Shareeda, M.A.; Anbar, M.; Manickam, S.; Hasbullah, I.H. A Secure Pseudonym-Based Conditional Privacy-Preservation Authentication Scheme in Vehicular Ad Hoc Networks Sensors 2022 , 22 , 1696. [ CrossRef ] [ PubMed ] 10 Dong, P.; Zheng, T.; Yu, S.; Zhang, H.; Yan, X. Enhancing vehicular communication using 5 G-enabled smart collaborative networking IEEE Wirel. Commun 2017 , 24 , 72–79. [ CrossRef ] 11 Al-Shareeda, M.A.; Anbar, M.; Manickam, S.; Hasbullah, I.H. Password-Guessing Attack-Aware Authentication Scheme Based on Chinese Remainder Theorem for 5 G-Enabled Vehicular Networks Appl. Sci 2022 , 12 , 1383. [ CrossRef ] 12 Alazzawi, M.A.; Al-behadili, H.A.; Srayyih Almalki, M.N.; Challoob, A.L.; Al-shareeda, M.A. ID-PPA: Robust identity-based privacy-preserving authentication scheme for a vehicular ad-hoc network. In Proceedings of the International Conference on Advances in Cyber Security, Penang, Malaysia, 8–9 December 2020; Springer: Singapore, 2020; pp. 80–94 13 Al Shareeda, M.; Khalil, A.; Fahs, W. Realistic heterogeneous genetic-based RSU placement solution for V 2 I networks Int. Arab J Inf. Technol 2019 , 16 , 540–547 14 Hamdi, M.M.; Mustafa, A.S.; Mahd, H.F.; Abood, M.S.; Kumar, C.; Al-shareeda, M.A. Performance Analysis of QoS in MANET based on IEEE 802.11 b. In Proceedings of the 2020 IEEE International Conference for Innovation in Technology (INOCON), Bangalore, India, 6–8 November 2020; pp. 1–5 15 Hamdi, M.M.; Audah, L.; Rashid, S.A.; Al Shareeda, M. Techniques of Early Incident Detection and Traffic Monitoring Centre in VANETs: A Review J. Commun 2020 , 15 , 896–904. [ CrossRef ] 16 Al-shareeda, M.A.; Anbar, M.; Manickam, S.; Hasbullah, I.H.; Khalil, A.; Alazzawi, M.A.; Al-Hiti, A.S. Proposed efficient conditional privacy-preserving authentication scheme for v 2 v and v 2 i communications based on elliptic curve cryptography in vehicular ad hoc networks. In Proceedings of the International Conference on Advances in Cyber Security, Penang, Malaysia, 8–9 December 2020; Springer: Singapore, 2020; pp. 588–603 17 Al-shareeda, M.A.; Alazzawi, M.A.; Anbar, M.; Manickam, S.; Al-Ani, A.K. A Comprehensive Survey on Vehicular Ad Hoc Networks (VANETs). In Proceedings of the 2021 International Conference on Advanced Computer Applications (ACA), Maysan, Iraq, 25–26 July 2021; pp. 156–160 18 Xu, W.; Zhou, H.; Cheng, N.; Lyu, F.; Shi, W.; Chen, J.; Shen, X. Internet of vehicles in big data era IEEE/CAA J. Autom. Sin 2017 , 5 , 19–35. [ CrossRef ] 19 Cheng, J.; Cheng, J.; Zhou, M.; Liu, F.; Gao, S.; Liu, C. Routing in internet of vehicles: A review IEEE Trans. Intell. Transp. Syst 2015 , 16 , 2339–2352. [ CrossRef ] 20 Bai, F.; Krishnan, H. Reliability analysis of DSRC wireless communication for vehicle safety applications. In Proceedings of the 2006 IEEE intelligent transportation systems conference, Toronto, ON, Canada, 17–20 September 2006; pp. 355–362 21 Yang, Q.; Zhu, B.; Wu, S. An architecture of cloud-assisted information dissemination in vehicular networks IEEE Access 2016 , 4 , 2764–2770. [ CrossRef ] 22 Cui, J.; Ouyang, F.; Ying, Z.; Wei, L.; Zhong, H. Secure and efficient data sharing among vehicles based on consortium blockchain IEEE Trans. Intell. Transp. Syst 2021 , 23 , 8857–8867. [ CrossRef ] 23 Lai, C.; Lu, R.; Zheng, D.; Shen, X. Security and privacy challenges in 5 G-enabled vehicular networks IEEE Netw 2020 , 34 , 37–45 [ CrossRef ] 24 Vijayakumar, P.; Azees, M.; Chang, V.; Deborah, J.; Balusamy, B. Computationally efficient privacy preserving authentication and key distribution techniques for vehicular ad hoc networks Clust. Comput 2017 , 20 , 2439–2450. [ CrossRef ] 25 Cincilla, P.; Hicham, O.; Charles, B. Vehicular PKI Scalability-consistency Trade-offs in Large Scale Distributed Scenarios. In Proceedings of the 2016 IEEE Vehicular Networking Conference (VNC), Columbus, OH, USA, 8–10 December 2016; pp. 1–8 26 Huang, D.; Misra, S.; Verma, M.; Xue, G. PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs IEEE Trans. Intell. Transp. Syst 2011 , 12 , 736–746. [ CrossRef ] 27 Joshi, A.; Gaonkar, P.; Bapat, J. A Reliable and Secure Approach for Efficient Car-to-Car Communication in Intelligent Transportation Systems. In Proceedings of the 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India, 22–24 March 2017; pp. 1617–1620 28 Lu, R.; Lin, X.; Luan, T.H.; Liang, X.; Shen, X. Pseudonym changing at social spots: An effective strategy for location privacy in vanets IEEE Trans. Veh. Technol 2011 , 61 , 86–96. [ CrossRef ] 29 Thenmozhi, T.; Somasundaram, R. Pseudonyms based blind signature approach for an improved secured communication at social spots in VANETs Wirel. Pers. Commun 2015 , 82 , 643–658. [ CrossRef ] 30 Rajput, U.; Abbas, F.; Oh, H. A hierarchical privacy preserving pseudonymous authentication protocol for VANET IEEE Access 2016 , 4 , 7770–7784. [ CrossRef ] 31 Asghar, M.; Doss, R.R.M.; Pan, L. A Scalable and Efficient PKI based Authentication Protocol for VANETs. In Proceedings of the 2018 28 th International Telecommunication Networks and Applications Conference (ITNAC), Sydney, Australia, 21–23 November 2018; pp. 1–3 32 Förster, D.; Kargl, F.; Löhr, H. PUCA: A pseudonym scheme with user-controlled anonymity for vehicular ad-hoc networks (VANET). In Proceedings of the 2014 IEEE Vehicular Networking Conference (VNC), Paderborn, Germany, 3–5 December 2014; pp. 25–32.

Sustainability 2022 , 14 , 9961 19 of 19 33 Sun, Y.; Zhang, B.; Zhao, B.; Su, X.; Su, J. Mix-zones optimal deployment for protecting location privacy in VANET Peer Peer Netw. Appl 2015 , 8 , 1108–1121. [ CrossRef ] 34 Chaum, D.; Van Heyst, E. Group signatures. In Workshop on the Theory and Application of Cryptographic Techniques ; Springer: Berlin/Heidelberg, Germany, 1991; pp. 257–265 35 Shao, J.; Lin, X.; Lu, R.; Zuo, C. A Threshold Anonymous Authentication Protocol for VANETs IEEE Trans. Veh. Technol 2015 , 65 , 1711–1720. [ CrossRef ] 36 Alimohammadi, M.; Pouyan, A.A. Sybil attack detection using a low cost short group signature in VANET. In Proceedings of the 2015 12 th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), Rasht, Iran, 8–10 September 2015; pp. 23–28 37 Zhang, L.; Wu, Q.; Qin, B.; Domingo-Ferrer, J.; Liu, B. Practical secure and privacy-preserving scheme for value-added applications in VANETs Comput. Commun 2015 , 71 , 50–60. [ CrossRef ] 38 Cui, J.; Wang, Y.; Zhang, J.; Xu, Y.; Zhong, H. Full Session Key Agreement Scheme Based on Chaotic Map in Vehicular Ad hoc Networks IEEE Trans. Veh. Technol 2020 , 69 , 8914–8924. [ CrossRef ] 39 Lim, K.; Tuladhar, K.M.; Wang, X.; Liu, W. A scalable and secure key distribution scheme for group signature based authentication in VANET. In Proceedings of the 2017 IEEE 8 th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), New York City, NY, USA, 19–21 October 2017; pp. 478–483 40 He, D.; Zeadally, S.; Xu, B.; Huang, X. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks IEEE Trans. Inf. Forensics Secur 2015 , 10 , 2681–2691. [ CrossRef ] 41 Zhang, L.; Wu, Q.; Domingo-Ferrer, J.; Qin, B.; Hu, C. Distributed aggregate privacy-preserving authentication in VANETs IEEE Trans. Intell. Transp. Syst 2016 , 18 , 516–526. [ CrossRef ] 42 Azees, M.; Vijayakumar, P.; Deboarh, L.J. EAAP: Efficient anonymous authentication with conditional privacy-preserving scheme for vehicular ad hoc networks IEEE Trans. Intell. Transp. Syst 2017 , 18 , 2467–2476. [ CrossRef ] 43 Pournaghi, S.M.; Zahednejad, B.; Bayat, M.; Farjami, Y. NECPPA: A novel and efficient conditional privacy-preserving authentication scheme for VANET Comput. Networks 2018 , 134 , 78–92. [ CrossRef ] 44 Alazzawi, M.; Lu, H.; Yassin, A.; Chen, K. Efficient Conditional Anonymity with Message Integrity and Authentication in a Vehicular Ad hoc Network IEEE Access 2019 , 7 , 71424–71435. [ CrossRef ] 45 Bayat, M.; Pournaghi, M.; Rahimi, M.; Barmshoory, M. NERA: A New and Efficient RSU based Authentication Scheme for VANETs Wirel. Networks 2019 , 26 , 1–16. [ CrossRef ] 46 Ali, I.; Li, F. An efficient conditional privacy-preserving authentication scheme for Vehicle-To-Infrastructure communication in VANETs Veh. Commun 2020 , 22 , 100228. [ CrossRef ] 47 Al-Shareeda, M.A.; Anbar, M.; Manickam, S.; Hasbullah, I.H. SE-CPPA: A Secure and Efficient Conditional Privacy-Preserving Authentication Scheme in Vehicular Ad-Hoc Networks Sensors 2021 , 21 , 8206. [ CrossRef ] [ PubMed ] 48 Alshudukhi, J.S.; Al-Mekhlafi, Z.G.; Mohammed, B.A. A Lightweight Authentication With Privacy-Preserving Scheme for Vehicular Ad Hoc Networks Based on Elliptic Curve Cryptography IEEE Access 2021 , 9 , 15633–15642. [ CrossRef ] 49 Ali, I.; Chen, Y.; Ullah, N.; Afzal, M.; Wen, H. Bilinear pairing-based hybrid signcryption for secure heterogeneous vehicular communications IEEE Trans. Veh. Technol 2021 , 70 , 5974–5989. [ CrossRef ] 50 Li, J.; Choo, K.K.R.; Zhang, W.; Kumari, S.; Rodrigues, J.J.; Khan, M.K.; Hogrefe, D. EPA-CPPA: An efficient, provably-secure and anonymous conditional privacy-preserving authentication scheme for vehicular ad hoc networks Veh. Commun 2018 , 13 , 104–113. [ CrossRef ] 51 Liu, J.K.; Yuen, T.H.; Au, M.H.; Susilo, W. Improvements on an authentication scheme for vehicular sensor networks Expert Syst Appl 2014 , 41 , 2559–2564. [ CrossRef ] 52 Pointcheval, D.; Stern, J. Security arguments for digital signatures and blind signatures J. Cryptol 2000 , 13 , 361–396. [ CrossRef ] 53 Haklay, M.; Weber, P. Openstreetmap: User-generated street maps IEEE Pervasive Comput 2008 , 7 , 12–18. [ CrossRef ] 54 Abenza, P.P.G.; Malumbres, M.P.; Peral, P.P. 10 GatcomSUMO: A Graphical Tool for VANET Simulations Using SUMO and OMNeT+. In Proceedings of the SUMO 2017–Towards Simulation for Autonomous Mobility, Berlin, Germany, 8–10 May 2017; p 113 55 Behrisch, M.; Bieker, L.; Erdmann, J.; Krajzewicz, D. SUMO–simulation of urban mobility: An overview. In Proceedings of the SIMUL 2011, The Third International Conference on Advances in System Simulation, ThinkMind, Barcelona, Spain, 23–29 October 2011 56 Varga, A. Discrete event simulation system. In Proceedings of the European Simulation Multiconference (ESM’2001), Prague, Czech Republic, 7–9 June 2001; pp. 1–7 57 Sommer, C.; German, R.; Dressler, F. Bidirectionally coupled network and road traffic simulation for improved IVC analysis IEEE Trans. Mob. Comput 2010 , 10 , 3–15. [ CrossRef ] 58 Nardini, G.; Sabella, D.; Stea, G.; Thakkar, P.; Virdis, A. Simu 5 G–An OMNeT++ library for end-to-end performance evaluation of 5 G networks IEEE Access 2020 , 8 , 181176–181191. [ CrossRef ] 59 Scott, M. MIRACL-A Multiprecision Integer and Rational Arithmetic C/C++ Library. Available online: http://www.shamus.ie (accessed on 2003) 60 Ltd, S.S. Multi Precision Integer and Rational Arithmetic Cryptographic Library (MIRACL). Available online: http://www. certivox.com/miracl/ (accessed on 2018).

Other Environmental Sciences Concepts:

[back to top]

Discover the significance of concepts within the article: ‘Provably Secure with Efficient Data Sharing Scheme for Fifth-Generation...’. Further sources in the context of Environmental Sciences might help you critically compare this page with similair documents:

Performance efficiency, Performance Comparison, Traceability, Authentication process, Security and privacy, Original Identity, Discrete-event simulation, Digital signature, Secure channel, Security analysis, Su mo, Network architecture, Urban mobility, Network parameters, Simulation experiment, IEEE, Security requirements, Authentication scheme, Privacy-preserving, Security goals, Privacy preservation, Vehicular communication, Coverage Area, Computation Cost, Security Level, IEEE Transactions, Privacy requirements, System Model, Wireless Device, Wireless channel, Cryptographic operations, Message authentication, Graphical Tool.