Pervasive and Mobile Computing Secure

1 downloads 0 Views 2MB Size Report
May 29, 2018 - vehicular nodes and the cloud-based infrastructure for secure information message communication. ... Public key cryptography (PKC's) schemes are important for framework ...... V YCAU h. V (1)ωV for some ppt adversary.
Pervasive and Mobile Computing 48 (2018) 43–58

Contents lists available at ScienceDirect

Pervasive and Mobile Computing journal homepage: www.elsevier.com/locate/pmc

Secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs Qamas Gul Khan Safi a, *, Senlin Luo b , Limin Pan b , Wangtong Liu b , Guangluo Yan b a

Faculty of Electrical & Electronics, University of Engineering & Technology, Taxila, Pakistan Information System & Security and Countermeasures Experiments Center, School of Information and Electronics, Beijing Institute of Technology, 100081, PR China b

article

info

Article history: Received 22 April 2017 Received in revised form 8 March 2018 Accepted 21 May 2018 Available online 29 May 2018 Keywords: Cloud computing VANETs Authentication Toll payment Encryption Signature verification

a b s t r a c t The privacy and security issues of information message dissemination have been well researched in typical VANETs. However, cloud computing paradigm is merely utilized for secure information message dissemination over VANETs. In this paper, we propose a secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs, which primarily deal with two types of information messages that is general purpose and special purpose information messages. General purpose information messages include infotainment, traffic congestion, location-based services and emergency services. While the special purpose information messages include toll tax and revenue collection services. Moreover, our secure authentication framework (CCES-PKC) integrates the novel cloud-based pairing-free certificate-less encryption, secure authentication control, signature-based information encryption, decryption through cloud verification and signature authentication along with batch auditing. The certificate overhead management is passed over to the cloud infrastructure for fine-grained information message dissemination by enabling verification, integrity and confidentiality. Performance assessments including efficiency, security and experimental analysis emphasize that the proposed scheme is remarkably appropriate for secure toll payment information message dissemination. © 2018 Elsevier B.V. All rights reserved.

1. Introduction Cloud computing is a promising paradigm as it influences the development process of cloud-oriented applications, networking and communication technologies. Cloud computing provides inexpensive, flexible and on-demand services. Many companies such as Google, Microsoft, Amazon, AT&T, Salesforce.com and Rackspace are offering cloud services and solutions. Cloud computing is dynamic and robust but there are various security and privacy concerns regarding data and users [1]. VANETs (Vehicular ad-hoc networks) is another auspicious technology for providing effective and dynamic solutions for traffic management, secure navigational services, vehicular safety and infotainment [2]. On the other hand, the automobile industry is introducing the new vehicles equipped with more cutting-edge technologies and powerful computing resources [3]. All these technologies spark the development process of valuable applications for intelligent transportation service (ITS) [4]. The primary objective of these applications is to enhance efficiency, convenience and driving safety. The

*

Corresponding author. E-mail address: [email protected] (Q.G.K. Safi).

https://doi.org/10.1016/j.pmcj.2018.05.004 1574-1192/© 2018 Elsevier B.V. All rights reserved.

44

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

innovative intelligent driver-less vehicles are also in need of more and more connectivity for information sharing between cloud infrastructure, vehicular nodes and the roadside infrastructure [5]. These Vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) [6] based applications not only bring new prospects but also bring challenges specific to security and privacy [7]. Olariu et al. [8] originally devised the term VANET clouds by unfolding the VANETs and cloud technologies together [9]. There are numerous versions of architectural outlines in terms of VANETs and cloud technologies, for example, Vehicular clouds, VANET-based clouds, VANET using cloud and hybrid vehicular clouds [10–14]. The inspiration behind the integration of both VANET and cloud technology is to deliver future prospects of various Intelligent Transportation Systems (ITS) [15–17]. Recently, security and privacy-related issues impede the rapid development of vehicular cloud-oriented applications [18, 19]. Cloud-based vehicular information message dissemination service is useful for providing various kind of services such as parking, toll tax, weather, infotainment, traffic congestion and disaster recovery information [20–23]. Moreover, a malicious vehicular node can easily be recognized and hunt down. The adversaries can easily compromise or jeopardize the normal information message dissemination procedure between cloud infrastructure and vehicular nodes by means of sharing false traffic information, hence disrupting the whole ITS [24]. Therefore, it is highly recommended to develop the secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs. In this regard, effective authentication, data confidentiality, integrity and secure channel formation is significant for secure information message dissemination. Huang et al. [25] formulated the ciphertext-policy attribute-based encryption (CP-ABE), such that each vehicular node has a definite role for information message sharing and dissemination [26]. Thus, only an authentic vehicular node can access and encrypt/decrypt the information message [27]. In order to reduce the impediments of key management, Identity-based encryption is an authentication scheme that only relies on public key identifiers and more suitable for VANETs only [28,29]. According to the authentication protocol perspective, many web-based secure services may be inefficient for the accomplishments of access requirements of vehicular nodes [30]. As many research studies [31] have well studied the typical VANET scenarios with a major focus on characteristics of a stable and reliable network environment for information exchange. However, the amalgamation cloud infrastructure and VANETs need more attention in terms of secure access authentication and reliable information message dissemination. In this study, we intended to arrange a secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs by enabling cooperation among concerned entities. This research targets to provide fine-grained information message dissemination to the vehicular nodes through synchronized cooperation between cloudenabled infrastructure and the vehicular nodes. The fine-grained information messages can be composed of traffic congestion reports, LBS (Location-based services), emergency services, infotainment and toll tax collections. In our proposed scheme, the information messages are subdivided into two types. Type 1, consists of general purpose information messages and type 2 consists of special purpose information messages. General purpose information messages encompass of infotainment, traffic congestion reports and emergency services. While the special purpose information messages encompass of toll tax and revenue collection services. Also, the fine-grained information messages are rendered in such a way to make a wellstretched information view by utilizing multi-hop communication resources. The RSUs helps to establish linkage between vehicular nodes and the cloud-based infrastructure for secure information message communication. Traffic management Bureau (TMB) is a trusted authority to regulate the whole process of communication and information sharing between cloud, RSU and vehicular nodes. The limitations of both processing and storage resources are the major concerns about RSUs and OBUs. Most of the information message dissemination research studies only cover the general purpose information message broadcast over VANETs. Also, most of the studies not utilizing the cloud-based services for centralized efficient management. To address above mentioned limitations, we propose an innovative secure authentication framework for toll payment information message dissemination with novel cloud-based pairing free certificate-less encryption system. Our unique approach not only efficiently handle both kinds of general purpose and special purpose information messages but ensures the high trust level as well. To accomplish, the explicit level of authentication, encryption and verification of signatures, our novel secure cloud-based information message dissemination scheme includes the efficiency, simulation and security analysis. Our work presents the following contributions: 1. A secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs. 2. A highly trusted certificate-less pairing free encryption scheme (CCES-PKC) to reduce complications of certificate management. 3. The cloud-enabled verification process based on signature and encryption scheme. 4. The cloud-enabled batch auditing and tracking scheme for auditing and verification efficiency. Organization. The rest of this paper is organized as follows. Section 2 summarizes the related work and research objective with respect to cloud and VANETs. Section 3 highlights the preliminary background regarding bilinear maps, attributebased encryption and identity-based signature schemes. The detailed overview of our proposed system is listed in Section 4. Section 5 comprises of the detailed construction scheme. In Section 6 we analyzed the efficiency and security of our proposed scheme. Finally, Section 7 concludes the paper with some remarks for future directions.

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

45

2. Background and related work 2.1. Related work Security and privacy are the hot issues in VANNETs and cloud computing. People from academia and industry are paying their utmost attention towards the solution of security and authentication of these issues and trying hard to enhance the trust level of the end-users [32,33]. Researchers have paid much more attention towards the architecture, services, design, privacy and security of both [9,34]. The successful adoption of these futuristic technologies depends upon the effective handling the architectural, service-level, design-level and privacy-level issues of both VANET and cloud computing, that primarily relates to the satisfaction of end users [35]. In recent past, numerous solutions have been proposed such as security based on conditional privacy [7], access control through authentication [36], public/ private key management [37] and various encryption/decryption schemes [38]. A number of key challenges arise in the process of secure access authentication and secure information dissemination among vehicular nodes and cloud infrastructure [39]. Cloud service providers must be trusted for the provision of better usage of cloud-enabled services for smooth data delegation as organizations have concerns about information outsourcing [40,41]. C. Zhang et al. [26], proposed the RSU-enabled message authentication scheme, in which RSUs are considered to be trusted. The attribute-based encryption (ABE) scheme is another promising method for controlling access-based information sharing in cloud computing [42]. A CP-ABE scheme firstly proposed for the support of tree-based agreement in standard group model [37]. Most of the proposed research studies [43,44] based on CP-ABE scheme only focus on general-purpose information message dissemination and have not supported the idea of batch verification and cloud-based signatures. In [45] presented a batch authentication method by applying pairing-oriented computation model to achieve information message authentication. Another scheme proposed the storage-based value card service for VANET-oriented payment services [46]. These studies are only restricted to provide services in wireless network situation and have no provision for special purpose information message dissemination. Public key cryptography (PKC’s) schemes are important for framework authentication agreement keys. The research studies of public key cryptosystems include NCLPKC [47], CL-based PKC [48,49], ID-based PKC [50–52] the Lite-CA-based PKC [53] and so on. Typically, there is an issue of certificate complexity management in Lite-CA-based PKC [53]. The ID-oriented key authentication schemes [52], lowered the overheads of certificate complexity management but the key escrow issue still there. The certificate-less public key system (CL-PKC) has the problem of impersonation attack, also the Lite-CA-based PKC is a variant of CL-PKC [53]. Due to the higher trust level of this method, effective public key management can be achieved and impersonation attack can also be avoided. The NCL-PKC [47], only deals with the CA-based special purpose information message dissemination that is drive-thru payment framework for VANETs. This scheme lacks the cloud-enabled centralized authentication, verification and reliability for a large scale metropolitan area. In this paper, we present a novel cloud-based certificate-less encryption scheme (CCES-PKC) motivated by the pairingoriented CL-based PKC [48,49] and the Lite-CA-based PKC [53]. In our proposed scheme, the certificate overhead management is passed over to the cloud infrastructure for fine-grained toll payment information message dissemination through verification, integrity and confidentiality. This scheme provides a solution for both general purpose and special purpose information message dissemination. The Secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs also delegates a maximum number of authorization procedures to the CSP. 2.2. Preliminaries 2.2.1. Bilinear maps Let G1 and G2 be the two multiplicative cyclic groups based upon prime order p and q. The bilinear map is named as e, and e : G1 × G1 → G2 , only if the bilinear map e has the following features. 1. Non-degeneracy: e(q, q) ̸ = 1. ( ) 2. Bi-linearity: for all q1 , q2 ∈ G1 and a, b ∈ Zp then e qa1 , qb2 = e(q1 , q2 )ab 3. Quantifiable: for all x, y ∈ G1 , e(x, y) is to be quantifiable in an effective mode. Only in case of a group operation in G1 and the bilinear map e : G1 × G1 → G2 can be effectively quantifiable, then we can say that G1 is a bilinear group [52]. 2.2.2. Gap Diffie–Hellman (GDH) groups Let G be a multiplicative cyclic group created by g with prime order q. The concerning mathematical issue in G is: 1. Discrete Logarithm Problem (DLP): Provided h, g ∈ G, to get an integer a ∈ Z∗q , like as h = g a when an integer persists. 2. Decision Diffie–Hellman problem (DDHP): A certain quadruple (g , g a , g b , g c ) ∈ G for a, b, c ∈ Z∗q , choose whether c ≡ ab mod q. 3. Computational Diffie–Hellman problem (CDHP): A specific triple (g , g a , g b ) ∈ G for a, b, c ∈ Z∗q , that calculate g ab .

46

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

3. System overview and design In this section, we outline the system design along with system assumptions and also elaborate the attack model. 3.1. System design We subdivided our proposed scheme into three main categorizations, TMB along with cloud-based infrastructure, RSUs along with VANET-based infrastructure and an OBU of the vehicular node. Both cloud-side and VANET-side infrastructures are well linked through RSUs. The cloud infrastructure can be partitioned into the following components and are named as Cloud Data Processing Unit (CDPU), Information Gateway Service (IGS) and Cloud Authentication Unit (CAU) along with TMB as a trustworthy authority. CAU is responsible for vehicles credentials verification, certification, subscription and substantiation in coordination with the trustworthy authority TMB. Information messages data from OBUs and RSUs are gathered by the cloud infrastructure for further processing at CDPU. After processing of the information messages, IGS gathers the fine-grained information messages from CPDU by including TMB’s input (if any) and forward it to RSUs. Also, IGS organizing the fine-grained information messages according to the physical location of each RSU. All the geographic regions with their RSUs are divided into zones/regions and further partitioned into segments for well beaconing of the information messages. The proposed scheme not only be utilized for effective traffic information systems but also assisting TMB in various kind of traffic management operations such as tracking the malicious vehicles, vehicle toll tax payments, well-timed weather forecasts, hazardous road conditions and monitoring traffic congestion on various routes of an urban center. 3.1.1. Traffic Management Bureau (TMB) TMB is trusted authority in authority for malicious vehicle detection, law enforcement and toll tax collections. Furthermore, implement and control the traffic management by handling disputes related to regulation. It is a trustworthy authority for all the key participants of the entire system mainly comprising of vehicular nodes, RSUs, cloud infrastructure, city traffic bureau and end users. TMB along with CAU, validates the registration permits of the vehicle as it requests the cloud-based information dissemination facility and after authentication, the system grants further processing. 3.1.2. Road side unit (RSU) RSUs serve as communication gateway terminals between cloud-based infrastructure and OBUs of the vehicular nodes. In our case, RSUs are considered as semi-trusted entities that can be compromised by the adversaries. Furthermore, RSUs gather traffic congestion information of their vicinity and forward it to the cloud-based infrastructure as coarse-grained information. 3.1.3. Onboard unit (OBU) The modern-day vehicles equipped with more sophisticated gadgets mainly named as OBUs. OBUs have more computing, storage and communication power that helps them in efficiently handling the latest traffic management and safety applications. All the necessary security certificates and vehicle registration credentials are pre-installed in OBUs for smooth communication with cloud-based infrastructure through RSUs. Moreover, all the beaconing information messages are broadcasted in two schemes. Scheme 1 for ordinary traffic messages and scheme 2 for a special purpose such as toll tax collection and traffic violation payment receipts. 3.2. Assumptions This scheme is proposed under the following assumptions. 1. TMB is assumed to be the trustworthy authority having the highest level of security for key and thus cannot be compromised. 2. Each and every vehicular node is presumed to be equipped by an OBU that is not to be compromised for side-channel attacks as well. OBUs have enough processing, storage and communication capability to perform essential security key and cryptographic computations. 3. TMB ensures a clear and well-directed policy framework for all the essential system-level entities (see Fig. 1).

4. A novel cloud-based certificate-less encryption scheme In this section, we present a novel cloud-based certificate-less encryption scheme (CCES-PKC) motivated by the pairingoriented CL-based PKC [48,49] and the Lite-CA-based PKC [53]. Initially, we present the descriptions and security model for the proposed CCES-PKC scheme. Moreover, we describe validations on security, confidentiality and consistency. Lastly, we design an elementary CCES-PKC encryption scheme based upon ElGamal public key encryption scheme. Our scheme mainly consists of the following ten algorithms.

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

47

Fig. 1. Cloud-based security and privacy-oriented information dissemination model.

4.1. Descriptions and structure design Description 1. The CCES-PKC encryption scheme is a ten-array tuple



( ) = PTMB , Pu , εg , εh , qg , qh , En, De, Sig , Ve

i. TMB setup: PTMB , is a polynomial time probabilistic algorithm (PTPA) in which 1k is the input security parameter and thus the output master key (private/public) is (RkTMB , SkTMB ). TMB side initiate this algorithm. ii. Vehicular node setup: Pu , is also a PTPA type of algorithm that input the system level security parameter as 1k and output the master key pair (private/public) (Rku , Sku ). This algorithm is initiated by an OBU of the vehicular node. iii. Partial private key setup: εg , is a (TPA algorithm that input 1k , SkTMB , Sku and the vehicular node’s unique identifier as inputs VID ∈ {0, 1}∗ . Then the partial private key-based output is S 2 ku . CAU and TMB run this algorithm. iv. Partial public key setup: εh , another PTPA algorithm that input security key as 1k , SkTMB , Rku and VID . Thus the partial public key output as R2 ku . TMB initiate this algorithm for each vehicular node. v. Put-on private key: A deterministic algorithm qg , take input as 1k , RkTMB , Sku and yVID . Then the final output private key (Sku , S 2 ku ) is only valid for partial private key S 2 ku . CAU is held responsible to run this algorithm. vi. Put-on public key: A deterministic algorithm qh , take input as 1k , RkTMB , Rku and yVID . Then the final output public key (Rku , R2 ku ) is only valid for partial public key R2 ku . RSU is held responsible to run this algorithm vii. Encryption: En, is a PTPA algorithm that inputs a plaintext as IM ∈ IM , Rku , R2 ku and RkTMB and output a Ciphertext as CIM ∈ σ or ∅, that means Rku or R2 ku is invalid. Area covered under each RSU can utilize this algorithm. viii. Decryption: De, is a PTPA deterministic algorithm that input the Ciphertext CIM ∈ σ , Sku and S 2 ku and output the equivalent plaintext as IM ∈ IM or ∅, that means CIM is not a valid Ciphertext. Area covered under each RSU can utilize this algorithm. ix. Signature: Sig(Rku , IM , Sku ), is a PTPA algorithm initiated by the signer for inputs Rku and the message IM, with secure access control and secret key to generate a signature for the information beaconing message introduced by the TMB and CAU. x. Verification: Ve(Rku , IM , Sig , Sku ), is a PTPA algorithm initiated by the verifier for inputs Rku , message IM and a signature Sig with access control. The proposed CCES-PKC is dissimilar from the research studies of CL-based PKC [48] and Lite-CA-based PKC [53]. Our CCESPKC scheme consists of ten-array tuple with five secrets as compare to NCL-PKC [47] have only eight-array tuple with only four secrets. In this regard, our proposed scheme is more robust and secure as compare to NCL-PKC [47], CL-based PKC [48,49] and Lite-CA-based PKC [53]. Also, the proposed CCES-PKC supports the cloud-based centralized key management with explicit certificate verification framework and the cloud-based trust-worthy management module of TMB working in accordance with CAU. This provides a level-III resilience against malicious KGC attack [53].

48

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

4.2. CCES-PKC encryption model This section elaborates the design fundamentals of the CCES-PKC encryption scheme without pairing along with four key algorithms. These algorithms include vehicular node setup along with TMB setup, partial private and public key setup, put-on private and public key setup and the signature verification of the beaconing information message. (1) TMB initialization setup and bilinear mapping TMB initiate this algorithm along with CAU. An OBU of the vehicular node, TMB and CAU work in accordance with the technique of bilinear pairing. A security parameter ks as input for this algorithm. Firstly, TMB chooses two secure large prime numbers r and a divisor as q. While, q|r − 1. Secondly, TMB and CAU selects a cyclic group G having prime order q. While, g be a generator of G. Then the privacy-oriented secure hash functions are Ha : {0, 1}∗ × G → Z∗q and Hb : {0, 1}∗ × G → Z∗r . TMB chooses a random number XTMB ← Z∗q and calculate YTMB ← g XTMB mod r. The dual pairs (XTMB , YTMB ) and (XCAU , YCAU ) utilized as private/public master-level security keys. In conclusion, the overall system-level parameters will be as {r , q, g , YTMB , YCAU , Ha , Hb }. (2) Vehicular node registration: A vehicular node V desiring to disseminate information messages, must have to get registered with TMB along with CAU authentication process and in response obtaining the public level general key from CAU. For this module, there are further sub-algorithms mentioned as follows.

• Vehicular node OBU setup: Let a vehicular node V having identity VID . V , chooses a random number XV ← Z∗q and calculates the YV ← g XV mod r. As XV , is the secret key value of V and YV is the identity for a vehicle to ensure its anonymity. Thus, (VID , YV , Ha (VID ∥ XV ), Hb (VID ∥ XV )) is communicated towards TMB through RSU for registration request that is further validated by CAU.

• Partial-key assignment: After the registration request, from the vehicular node V , Firstly, TMB authenticates the legitimacy of VID based on vehicular node OBU related credentials and choose a random number γV ← Z∗q , then calculates µV ←( g γV mod )R, hV ← Ha (YV ∥ µV ) , σV ← γV + hV XTMB + XCAU mod q, and generating a ciphertext σ CTV ← σV ⊕ Ha YV ∥ YV V mod q. Which results in setting up a public partial-key assignment R2k ← µV and the V partial private key Sk2 ← σV for vehicular node V ; and TMB along with CAU creates a valid key (CTV , R2k , Sk2 ) to the V V V vehicular node through RSU.

• Public-key assignment: Subsequently, getting(R2kV from TMB, the vehicular node V firstly decrypts CTV and selects ) X

X h

X h

V V V V σV , that is hV ← Ha (YV ∥ µV ) , σV ← CTV ⊕ Ha YV ∥ µVV YTMB YCAU . Then, V enables R2k ← µV as its public partial V

key and sets RkV ← YV as a public key. Finally, the paired key (RkV , R2k ) is as a ultimate public key. V σ • Private-key assignment: Sk2 , upon receiving from TMB, vehicular node V validates by examining it whether YV V ≡ X

X H (Y ∥µ )

X H (Y ∥µ )

V

V a V V V a V V µVV YTMB YCAU prevails, if not, V report a complaint against TMB. Then, the private key assignment is as SkV ← XV as-well-as private partial-key is Sk2 ← σV , Finally, the vehicular node stores (SkV , Sk2 ) as its ultimate V V

private key.

5. Proposed scheme construction This section covers the design construction of the proposed design of the novel CCES-PKC scheme for cloud-based secure access control framework for information dissemination over VANETs. Numerous vehicular nodes maneuvering on various roads have the tendency to share traffic, route, safety and infotainment information messages. Vehicular nodes strive for the communication channel to achieve authentication, access control mechanisms and information encryption. The information flow and access control mechanism is shown in Fig. 3. Five primary algorithms performed various operations such as the secure access control, communication among various modules, signature-based information encryption, the cloud-enabled information message verification and information message decryption. 5.1. System setup initialization Every vehicular node has to register itself through a set of predefined procedure applied by TMB and a cloud-based module CAU. An OBU of the vehicular node contains the registration attributes such as vehicular model, color, registration plate, license number, speed, direction, lane and time. Due to the continuous movement of vehicular nodes, OBUs can be easily compromised by the malicious vehicular nodes or an adversary can attack the communication channel. Our cloud-based secure access control framework by utilizing our novel CCES-PKC scheme. The important notations used in our framework construction are described in Table 1. def

Description 2. The two groups, additive-based group Zq ={0, 1, . . . , q − 1} and the multiplicative-based group Z∗q . While, q is a prime integer. The random variables used and chosen throughout our paper are selected from Zq or Z∗q . Furthermore, TMB along with CAU (a cloud-based module) picks a cyclic group G of prime order q and g be a generator of G. The secure hash function is as Hb : {0, 1}∗ × {0, 1}∗ × G → Z∗q .

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

49

Table 1 Important notations. S. No.

Notation

Explanation

1 2 3 4 5 6 7 8 9 10 11 12 13 14 16 17

V1 , V2 VID Zq , Zq∗ IM , CM G, q, g XTMB , YTMB XCAU , YCAU BA Ha , Hb En, De XV , YV

Vehicular node 1 and 2 Vehicular identity credentials The additive and multiplicative group of q order Information message and cipher message Information message and its cipher message Master-level public/private key for TMB Master-level public/private key for CAU Batch auditing of the beaconing information message Cryptographic hash functions of a and b type Symmetric cryptosystem-based encryption and decryption Vehicular node public keys and anonymous identity The hash value for information message integrity Vehicular node-based signature of the information message Information message session time Assigned public key Assigned private key

ωV , ρV δV

IMst (RkV , R2k ) V (SkV , Sk2 ) V

5.2. Signature-based encryption and verification As described earlier, any vehicular node V used the signature-based encryption with anonymous security credentials and the verification protocols to ensure secure access control mechanism. The vehicular node V should sign and encrypt the information messages to make sure the secure information dissemination across cloud-based infrastructure and the OBU of a vehicular node through RSUs. The other vehicular nodes participating in the information sharing process can validate the received information messages in terms of shared security keys and signatures. There are two kinds of information messages that is general purpose and the special purpose. General purpose information messages are shared through general purpose signature keys to be utilized by all the vehicular nodes for general traffic information. Special purpose information messages are shared through special signature keys for some specific e-commerce transactions. The communication of information messages between vehicular nodes through VANETs, communication between cloud infrastructure towards vehicular nodes and RSUs is vulnerable to the adversaries. Thus, to strengthen the secure and privacy-oriented information message dissemination, we adopt two kinds of encryption schemes. Scheme 1 is for the special purpose information messages and scheme 2 is for the general purpose information messages. Furthermore, we utilized the Reduced MR(P)ElGamal signature [54] and Schnorr signature [55] to ensure information message signature and verification measures. In precise words, algorithm 1 and 2 partially adopted the conventions of Reduced MR(P)-ElGamal signature [54] and Schnorr signature [55] schemes.

Algorithm 1, describes the procedure of information message signature and encryption. All the information messages from OBUs towards cloud infrastructure and from cloud infrastructure towards vehicular nodes through RSUs will be encrypted and uploaded to the cloud module of CDPU. The YV2 , is a public key of the vehicular node V2 as on the receiver end. Therefore,

50

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

vehicular node V2 can utilize XV2 as a private key to decrypt CM V . To ensure advanced-level of security characteristics, the two encryption operations are developed both for scheme 1 Ha (YV2 ∥ YV2 σV ) and for scheme 2 Ha (YV2 ∥ YV2 XV ). The IMst is to maintain the session time of the availability of information messages. The ωV , ρV , two hash values to ensure integrity of information message verification. The two pairs of secret values (kV , σV ) and (kV , XV ) for satisfying the two signature equations SV and tV . In conclusion, δV is the CAU-enabled information message signatures transmitted towards receiver through RSUs.

In algorithm 2, the cloud-based verification process is defined to ensure successful broadcast of information message with the authentic signature inspection. This algorithm initially test the IMst confirmation, upon validation it authenticate two (1) certification equations that is g kV and hV (1) through that we can obtain a binder value ωV (1) . This process certifies, only CAU and TMB authenticated information messages can be transmitted to the objective vehicular nodes via RSUs. The malicious vehicular node can be easily identified and further tracked down in algorithm 4. As cloud-enabled infrastructure and TMB is a trusted authority along with semi trusted RSUs, it is difficult to pretend as a legitimate vehicular node in the provided session time IMst to be compromised. Only legitimate vehicular nodes can decrypt the transmitted information messages and RSUs have no role in decryption at all. Information message decryption process is defined in algorithm 3. The two methods used for decryption are for normal information messages and special purpose information messages. The normal decryption process utilized simple and effective scrambled information to hide the ordinary information messages. For special purpose information messages, utilized the special characteristics of hash functions such as collision resistance to ensure legitimate vehicular nodes can only recover the information messages. The Gap Diffie–Hellman (GDH) [56] signature method is utilized to ensure the security of decryption process.

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

51

5.3. Cloud-based traceability and auditing along with TMB The cloud-based traceability and batch auditing achieved through a trusted entity TMB, to ensure auditing and traceability of the malicious activities of both malicious vehicular nodes and suspicious information messages. The security threats such as masquerading the genuine vehicular node and the exploiter act as a semi-trusted node can cause a serious security breach. Algorithm 4 and 5 are designed to handle both kinds of attacks as mentioned above. Algorithm 4 trace the malicious behavior of both vehicular nodes and an exploited RSU. TMB along with CAU utilized the Reduced MR(p)-ElGamal signature [54] to build the authentication equation ρV (2) by assigning a private key XTMB , wherever rV g kV = YV XTMB . Also, TMB verifies ρV (2) is equal to ρV . If it is true, it shows that vehicular node-based signature of vehicle node V1 and RSU involved exist and thus being not exploited otherwise, vehicular node V1 has a vindictive behavior. To verify above statement, TMB makes a commitment (2) point ωV (2) , for computing hV (2) and g kV . Due to the privacy of XV and XTMB , only TMB or that particular vehicular node XV kV (2) (2) V1 can recover ρV and ρV , that is rV g = YV XTMB ≡ YTMB . In conclusion, the comparison between ωV (2) ̸ = ωV (1) and (2) ρV == ρV , can validate the results from that particular vehicular node V1 and the TMB along with CAU correspondingly. In case both of them are true, then TMB is exploited; otherwise, the vehicular node V1 is malicious. Moreover, TMB along with CAU will transmit the warning messages to the other vehicular nodes of the affected region and dismisses all the communication towards that particular malicious node.

In algorithm 5, the process to validate effective signature authentication and batch auditing of the validated results is elaborated. As already denoted that n number of maneuvering vehicular nodes can submit the information certification requests at once to a particular RSU. This leads to overburdening the RSUs in case of too much computational handling by the RSUs. However, in our cloud-based trusted infrastructure approach, there is no such computational burden on the RSUs and offered the facility of computational load handling by the cloud side itself. Our novel secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs has two kinds of validation schemes with features of authentication and auditing. The cloud-based auditing approach enabled the batch auditing and batch verification that reduced the computational overheads and improved the validation competence. In algorithm 5, there are two schemes for batch auditing procedure, scheme 1 as already approached in algorithm 2, which emphasizes on the batch signature authentication process without auditing. On the other hand, scheme 2, which not only include the batch signature authentication but also include the auditing process as well. As of scheme 2 has more computational overhead as compared to scheme 1, it is essential to select the appropriate scheme in accordance with the objectives, that is scheme 1 is for the busiest hours while scheme 2 is for the idle hours. In the course of the cloud-based batch auditing procedure, it (1) (1) (1) (1) (1) first of alliteratively computes BA[k] , D[k] , F[k] , C[k] and I[k] by authenticating a verified result from vehicular node via RSU, (1)

that is g kV . Also, the other components are extracted from user node k to achieve signature checking in scheme 1. TMB and CAU make a new hash value ρV (2) by means of the vehicular node’s secret key or only through the assigned private keys (2) XTMB and XCAU . The summation value of BA[k] can only be calculated by utilizing ρV (2) and ρV . The scheme 2 achieves the batch auditing feature and finally if the equivalence of all the summation of algorithm 5 proves valid, it means that there

52

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

exist malicious vehicular nodes or compromised RSUs. In such kind of situations, the traceability function in algorithm 4 is of much importance.

6. Performance analysis In order to evaluate the efficiency of our proposed CCES-PKC scheme, we mainly present the experimental setup in our experiments, then the performance evaluation, together with computational overhead, communication overhead and encryption/decryption efficiency of our scheme. In the meantime, experimental and theoretical results prove the effectiveness of our proposed scheme in comparison with the prevailing schemes. In conclusion, we present the recommended security proof of our proposed scheme. 6.1. Experimental setup To evaluate the performance and efficiency of our proposed CCES-PKC scheme, we simulate the secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs in a trusted cloud server named as Aliyun (Alibaba cloud). We implement the proposed scheme on three kinds of dedicated hardware platforms to measure performance for OBU-based vehicular nodes. A 2.50 GHz Nexus smartphone running Android OS with 2 GB of RAM, a 3.0 GHz Intel Core CPU with 4 GB of RAM running 32-bit Ubuntu 14.04, and an Octa-core 1.95 GHz smartphone operating on Android OS with RAM of 3 GB.

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

53

Table 2 Operational processes with computational and communicational overheads. Algorithms setup

Computational overhead

Information encryption with sig. 1 Information encryption with sig. 2 Cloud-enabled verification Information decryption 1 Information decryption 2 Signature and verification Cloud-enabled traceability Cloud-enabled batch auditing

5En + 5P + 4F + 4K 2.5En + 2.5P + 2F + 2K 2.5En + 2.5P + 2K 0.5En + 1F + 1K 1F + 1K mEn + 2mP + 2SV 4En + 2P + 3K mEn + 4mP + 4mBA

Communication overhead 4|q| + 1|M | 2|q| + 1|N | 1|q| + 1S 0.5|q| 0.5|q|

Time (ms) 2.99 2.15 2.15 0.72 – – 2.99 –

Sig. 1: Signature 1, Sig. 2: Signature 2. Table 3 Encryption, decryption and signature & verification overheads. Processes

Our Scheme

NCL-PKC [47]

Lite-CA PKC [53]

ID-based PKC [48]

Encryption Decryption TPT* (ms) S&V*

0.5En + 1F 0.5En + 1F 1.51 (each scheme) mEn + 2mP + 2SV

1E2 + 1A 1E2 + 1A 1.54 (each scheme) –

1E1 + 2M + 3A 1E1 + 0.5M + 4.5A 3.84 -

1e + 1P + 1A 1e + 1A 8.16 –

T.P.T*: Total process time, S&V*: Signature and verification.

6.2. Computational and communicational overhead In this section, we have presented the hypothetical effectiveness of our proposed CCES-PKC scheme in terms of computational overhead in comparison with existing schemes. In Table 3, we have evaluated the computational overheads of all the major processes and Table 2 shows the evaluation of our proposed scheme with other related research studies. As shown in Table 2, the load of each algorithm setup in terms of various functional processes. Except for the batch auditing process, the total computed load for our proposed framework is about 8.01 (ms) for scheme 1 and for scheme 2 the total load time is 7.17 (ms). The minor processes which take very short time are being neglected as also mentioned in previous research studies [47,48,50–53]. The communication overhead of our proposed scheme is much lesser than the other relevant studies [47,48,51,53]. As we have delegated most of the processes to the cloud infrastructure which lessens the processing overhead of both OBU and RSU as well. As the processing and memory resources of the OBU/RSU are limited, due to which both performance and efficiency are badly affected. In this regard, our cloud-oriented methodology is more proficient and robust, as it can easily manage the processing and space overheads of encryption/decryption for a huge number of vehicular nodes. 6.3. Simulation and mathematical analysis The comprehensive comparison in terms of encryption, decryption, total process time and signature verification efficiency is shown in Table 3. The detailed analysis of various studies [47,48,50–53] with our proposed framework CCES-PKC revealed the effective results for scheme 1. The scheme 2 is neglected because of minor time consumption. The results clearly show that our proposed secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs is more robust and efficient. The total load of various algorithms (from Algorithms 1 to 5) is considered from 1 to 100 in terms of rising frequency as shown in Fig. 3. 6.4. Comparison Table 4 shows the general comparative evaluation of our proposed scheme with other related research studies in terms of cloud-based centralized infrastructure, partial key authentication, user-OBU authentication, put-on key authentication, encryption/decryption and signature verification setup. Our proposed scheme is much more flexible and extensible as compare to the other schemes of NCL-PKC [47], Lite-CA PKC [53] and ID-based PKC [48,50,51]. Fig. 2, shows the overall decryption time of three different platforms with and without delegation towards the cloud-enabled environment. The cloud-enabled delegation is much more efficient and comprehensive in terms of saving time and computational cost of resource-limited devices. 6.5. Security and privacy analysis In this section, we have evaluated the security and privacy of our proposed secure authentication framework for cloudbased toll payment message dissemination over ubiquitous VANETs. The proposed CCES-PKC scheme is investigated for various kind of adversary-based attacks to support secure and privacy-oriented information message dissemination.

54

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

Fig. 2. Overall decryption time of OBU with and without our proposed cloud-enabled scheme.

Table 4 Comparison of operational processes. Operational processes

Our scheme

NCL-PKC [47]

Lite-CA PKC [53]

ID-based PKC [48]

Cloud-based setup Vehicular node/user setup Partial key setup (Public/Private) Put-on key setup (Public/Private) Encryption/Decryption setup Signature and verification setup

Yes Yes Yes Yes Yes Yes

No Yes Yes Yes Yes No

No Yes Yes No Yes No

No Yes Yes No Yes No

Fig. 3. A comparison of computational overhead.

• Cloud-enabled verification and authentication Normally, the cloud-enabled verification of information message dissemination put emphasis on the broadcasted information message integrity, non-repudiation and authentication of sender and receiver [57]. In the process of cloud-enabled verification, the cloud-infrastructure is considered to be trusted and RSUs as semi-trusted entities. (1) The SCH assumption [55] and GDH signature [56], are used to calculate the two binder values of hV (1) and g kV .

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

55

(1 )









The cryptographic segments of three kinds YV , CM V , g k are encapsulated to make sure the hardness of the GDH (1 ) assumption. To compromise µV (1) or ωV (1) is very much difficult through forging. The binder value of g kV is only possible to construct, if an adversary compromise the signature-based equation SV , that is assured by the PMR signature hardness assumption [37]. On the basis of the TDH trapdoor theorems [35], it is unfeasible to build a h ω validation equation g SV µV V YCAU V (1)ωV for some ppt adversary. In this research study, cloud-infrastructure along with TMB is considered to be trusted. Confidentiality and integrity (2) The cloud-enabled construction of cryptographic segments for algorithm 1, are hV (2) , ωV (2) , g k and ρV (2) for containing private key XV . This ensures the confidentiality and privacy of the vehicular node’s identity credentials. Thus identity theft is not an easy going option for the adversary A. The construction of the binder key ρV (2) is only possible for CAU and that specific vehicular node. This also ensures the integrity and non-repudiation of the broadcasted information messages. Furthermore, the exclusive master-level private key XCAU , XTMB only belongs to the cloud-infrastructure and no adversary can compromise it. Consequently, integrity and traceability are very well ensured. Information message signature and encryption The information message signature and encryption security are guaranteed through the adaptation of Reduced MR(p)ElGamal signature (RMR) [54] and the variant of Schnorr signature (SCH) [55]. A one-way hash value point for the weak collision resistance property Ha (YV2 ∥ YV2 XV ) is utilized for the secret message CM V . The information message authenticity and integrity are well protected by utilizing secret key values ωV and ρV under the SCH assumption [55]. Batch auditing The process of cloud-enabled batch auditing provides the batch verification signature, auditing and batch checking characteristics for both scheme 1 and scheme 2. The security of scheme 1 depends on Dual (exponential) ChallengeResponse (DCR) signature [34]. The cloud-enabled CAU utilized the master-level secret key XCAU to make the new hash value, ρV (2) and can only be calculated by CAU. With respect to DCR problem assumption the adversary cannot construct the secret keys being used in algorithm 2. The security features of algorithm 3 depends upon the property of Collision-resistant hash function. Which means an adversary can only be successful in decryption process if he decrypts the ciphertext CM V that is with lowermost possibility. CCES-PKC Encryption security The cloud-enabled CAU public key R2k ← µV for vehicular node V using secret key γV , such as µV = g γV mod R, V while the public key RkV = YV and YV = g XV . As XV , is the private key of a vehicular node and should be protected by it. In this case, a partial private key s2 kV = σV is provided by the CAU utilizing secret keys γ and XCAU , XTMB . Hence, it is difficult to compromise the final public key (RkV , R2 kV ) by an attacker except the CAU itself. Moreover, it is difficult for an adversary to compromise the vehicular node private key (SkV , S 2 kV ), even difficult for CAU also. Without master-level private key it is much difficult for vehicular node to compromise the Ha (VID ∥ XV ), stored by cloud-enabled CAU. Thus our proposed encryption has no such key escrow problem and achieve the trust level 3. For safeguarding consistency and privacy, we have utilized the ind-atk-based model (typical indistinguishability) for our proposed CCES-PKC scheme. The three kinds of attacks CPA (chosen plain-text attack), CCA1 (chosen ciphertext attack 1) and CCA2 (chosen ciphertext attack) are well analyzed and adapted to our proposed scenario [16,38].

7. Conclusions and future work In this paper, we proposed a secure authentication framework for cloud-based toll payment message dissemination over ubiquitous VANETs. Furthermore, we propose a CCES-PKC scheme which is proven secure and efficient for handling both kinds of general purpose and special purpose information message dissemination. General purpose information messages include infotainment, traffic congestion, location-based services and emergency services. Whereas, the special purpose information messages include toll tax and revenue collection services. The secure authentication framework integrates the novel cloud-based pairing-free certificate-less encryption (CCES-PKC), secure authentication control, signature-based information encryption, decryption through cloud verification and signature authentication along with batch auditing. Extensive performance comparisons and simulation results indicate that the proposed scheme is extremely suitable for secure cloud-based toll payment information message dissemination over VANETs. In future research, we will focus on more robust scenarios for vehicular cloud computing and the issues related to its privacy. Acknowledgment This work was supported in part by the Technology Innovation Program of Beijing Institute of Technology under Grant No. 2011CX01015.

56

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

References

[1] Whaiduzzaman, M. Sookhak, A. Gani, R. Buyya, A survey on vehicular cloud computing, J. Netw. Comput. Appl. 40 (2014) 325–344. [2] S. Zeadally, R. Hunt, Y. Chen, A.S.M. Irwin, A. Hassan, Vehicular ad hoc networks (VANETS): status, results, and challenges, Telecommun. Syst. 50 (4) (2012) 217–241. [3] J.I. Arnason, J. Jepsen, A. Koudal, M.R. Schmidt, S. Serafin, Volvo intelligent news: A context aware multi modal proactive recommender system for in-vehicle use, Pervasive Mob. Comput. 14 (2014) 95–111. [4] N. Bicocchi, M. Mamei, Investigating ride sharing opportunities through mobility data analysis, Pervasive Mob. Comput. 14 (2014) 83–94. [5] L. Palkovics, A. Fries, Intelligent electronic systems in commercial vehicles for enhanced traffic safety, Veh. Syst. Dyn. 35 (4–5) (2001) 227–289. [6] J. Santa, A.F. Gómez-Skarmeta, M. Sánchez-Artigas, Architecture and evaluation of a unified V2V and V2I communication system based on cellular networks, Comput. Commun. 31 (12) (2008) 2850–2861. [7] R.G. Engoulou, M. Bellaïche, S. Pierre, A. Quintero, VANET security surveys, Comput. Commun. 44 (2014) 1–13. [8] S. Olariu, I. Khalil, M. Abuelela, Taking VANET to the clouds, Int. J. Pervasive Comput. Commun. 7 (1) (2011) 7–21. [9] S. Bitam, A. Mellouk, S. Zeadally, VANET-cloud: a generic cloud computing model for vehicular Ad Hoc networks, IEEE Wireless Commun. 22 (1) (2015) 96–102. [10] M. Eltoweissy, S. Olariu, M. Younis, Towards autonomous vehicular clouds, Ad Hoc Netw. (2010) 1–16. [11] R. Hussain, J. Son, H. Eun, S. Kim, H. Oh, Rethinking vehicular communications: Merging VANET with cloud computing, in: Cloud Computing Technology and Science, CloudCom, 2012 IEEE 4th International Conference on, IEEE, 2012, pp. 606–609. [12] M. Wazid, A.K. Das, N. Kumar, V. Odelu, A.G. Reddy, K. Park, Y. Park, Design of Lightweight authentication and key agreement protocol for vehicular ad hoc networks, IEEE Access (5) (2017) 14966–14980. [13] S. Kumari, M. Karuppiah, X. Li, F. Wu, A.K. Das, V. Odelu, An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks, Secur. Commun. Netw. 9 (17) (2016) 4255–4271. [14] A. Dua, N. Kumar, A.K. Das, W. Susilo, Secure message communication protocol among vehicles in smart city, IEEE Trans. Veh. Technol. (67) (2017) 4359–4373. [15] S. Al-Sultan, M.M. Al-Doori, A.H. Al-Bayatti, H. Zedan, A comprehensive survey on vehicular Ad Hoc network, J. Netw. Comput. Appl. 37 (2014) 380–392. [16] Q.G.K. Safi, S. Luo, C. Wei, L. Pan, Q. Chen, PIaaS: Cloud-oriented secure and privacy-conscious parking information as a service using VANETs, Comput. Netw.-Elsevier 124 (2017) 33–45. [17] Q.G.K. Safi, S. Luo, L. Pan, W. Liu, R. Hussain, S.H. Bouk, SVPS: Cloud-based smart vehicle parking system over ubiquitous VANETs, Comput. Netw.Elsevier 138 (2018) 18–30. [18] R. Hussain, Z. Rezaeifar, Y.-H. Lee, H. Oh, Secure and privacy-aware traffic information as a service in VANET-based clouds, Pervasive Mob. Comput. 24 (2015) 194–209. [19] Q.G.K. Safi, S. Luo, C. Wei, L. Pan, Guanglu Yan, Cloud-based security and privacy-aware information dissemination over ubiquitous VANETs, Comput. Stand. Interfaces-Elsevier 56 (2018) 107–115. [20] M.-K. Jiau, S.-C. Huang, J.-N. Hwang, A.V. Vasilakos, Multimedia services in cloud-based vehicular networks, IEEE Intell. Transp. Syst. Mag. 7 (3) (2015) 62–79. [21] G.S. Aujla, R. Chaudhary, N. Kumar, A.K. Das, J.J. Rodrigues, SecSVA: Secure, storage, verification, and auditing of big data in the cloud environment, IEEE Commun. Mag. 56 (1) (2018) 78–85. [22] S. Roy, S. Chatterjee, A.K. Das, S. Chattopadhyay, N. Kumar, A.V. Vasilakos, On the design of provably secure lightweight remote user authentication scheme for mobile cloud computing services, IEEE Access 5 (2017) 25808–25825. [23] P. Gope, A.K. Das, Robust anonymous mutual authentication scheme for n-times ubiquitous mobile cloud computing services, IEEE Internet Things J. 4 (5) (2017) 1764–1772. [24] G. Yan, D. Wen, S. Olariu, M.C. Weigle, Security challenges in vehicular cloud computing, IEEE Trans. Intell. Transp. Syst. 14 (1) (2013) 284–294. [25] D. Huang, M. Verma, ASPE: Attribute-based secure policy enforcement in vehicular ad hoc networks, Ad Hoc Netw. 7 (8) (2009) 1526–1535. [26] C. Zhang, X. Lin, R. Lu, P.-H. Ho, RAISE: An efficient RSU-aided message authentication scheme in vehicular communication networks, in: Communications, 2008 ICC’08 IEEE International Conference on, IEEE, 2008, pp. 1451–1457. [27] Y. Hao, Y. Cheng, C. Zhou, W. Song, A distributed key management framework with cooperative message authentication in VANETs, IEEE J. Sel. Areas Commun. 29 (3) (2011) 616–629. [28] X. Liu, Y. Xia, W. Chen, Y. Xiang, M.M. Hassan, A. Alelaiwi, SEMD: Secure and efficient message dissemination with policy enforcement in VANET, J. Comput. System Sci. 82 (8) (2016) 1316–1328. [29] Q. Kang, X. Liu, Y. Yao, Z. Wang, Y. Li, Efficient authentication and access control of message dissemination over vehicular ad hoc network, Neurocomputing 181 (2016) 132–138. [30] A. Wasef, X. Shen, EMAP: Expedite message authentication protocol for vehicular ad hoc networks, IEEE Trans. Mobile Comput. 12 (1) (2013) 78–89. [31] L.-Y. Yeh, Y.-C. Lin, A proxy-based authentication and billing scheme with incentive-aware multihop forwarding for vehicular networks, IEEE Trans. Intell. Transp. Syst. 15 (4) (2014) 1607–1621. [32] E. Lee, E.-K. Lee, M. Gerla, S.Y. Oh, Vehicular cloud networking: architecture and design principles, IEEE Commun. Mag. 52 (2) (2014) 148–155. [33] J. Shao, R. Lu, X. Lin, K. Liang, Secure bidirectional proxy re-encryption for cryptographic cloud storage, Pervasive Mob. Comput. 28 (2016) 113–121. [34] X. Dong, J. Yu, Y. Zhu, Y. Chen, Y. Luo, M. Li, SECO: Secure and scalable data collaboration services in cloud computing, Comput. Secur. 50 (2015) 91–105. [35] P. Talebifard, V.C. Leung, Towards a content-centric approach to crowd-sensing in vehicular clouds, J. Syst. Archit. 59 (10) (2013) 976–984. [36] R. Lu, X. Lin, H. Zhu, P.-H. Ho, X. Shen, ECPP: Efficient conditional privacy preservation protocol for secure vehicular communications, in: INFOCOM 2008 the 27th Conference on Computer Communications. IEEE, IEEE, 2008, pp. 1229–1237. [37] M. Gerla, Vehicular cloud computing, in: Ad Hoc Networking Workshop (Med-Hoc-Net), 2012 the 11th Annual Mediterranean, IEEE, 2012, pp. 152–155. [38] K. Mershad, H. Artail, Finding a STAR in a vehicular cloud, IEEE Intell. Transp. Syst. Mag. 5 (2) (2013) 55–68. [39] S. Iqbal, M.L.M. Kiah, B. Dhaghighi, M. Hussain, S. Khan, M.K. Khan, K.-K.R. Choo, On cloud security attacks: A taxonomy and intrusion detection and prevention as a service, J. Netw. Comput. Appl. 74 (2016) 98–120. [40] S.S. Chow, U. Hengartner, J.K. Liu, K. Ren, Special issue on security and privacy in mobile clouds, Pervasive Mob. Comput. 28 (C) (2016) 100–101. [41] A. Benslimane, S. Barghi, C. Assi, An efficient routing protocol for connecting vehicular networks to the Internet, Pervasive Mob. Comput. 7 (1) (2011) 98–113.

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58

57

[42] R. Lu, Y. Rahulamathavan, H. Zhu, C. Xu, M. Wang, Security and privacy challenges in vehicular cloud computing, Mobile Inf. Syst. (2016). [43] R. Aluvalu, V. Kamliya, L. Muddana, HASBE access control model with secure key distribution and efficient domain hierarchy for cloud computing, Int. J. Electr. Comput. Eng. 6 (2) (2016) 770. [44] S. Tang, X. Li, X. Huang, Y. Xiang, L. Xu, Achieving simple, secure and efficient hierarchical access control in cloud computing, IEEE Trans. Comput. 65 (7) (2016) 2325–2331. [45] C.-C. Lee, Y.-M. Lai, Toward a secure batch verification with group testing for VANET, Wireless Netw. 19 (6) (2013) 1441–1449. [46] C.-L. Chen, W.-C. Tsai, Using a stored-value card to provide an added-value service of payment protocol in VANET, in: Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS, 2013 Seventh International Conference on, IEEE, 2013, pp. 660–665. [47] J. Song, F. Yang, L. Wang, Secure authentication in motion: A novel online payment framework for drive-thru Internet, Future Gener. Comput. Syst. (2016). [48] S.S. Al-Riyami, K.G. Paterson, Certificateless public key cryptography, in: International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2003, pp. 452–473. [49] G. Lippold, C. Boyd, J.G. Nieto, Strongly secure certificateless key agreement, in: International Conference on Pairing-Based Cryptography, Springer, 2009, pp. 206–230. [50] K.-K.R. Choo, J. Nam, D. Won, A mechanical approach to derive identity-based protocols from Diffie–Hellman-based protocols, Inform. Sci. 281 (2014) 182–200. [51] C. Boyd, K.-K.R. Choo, Security of two-party identity-based key agreement, in: International Conference on Cryptology in Malaysia, Springer, 2005, pp. 229–243. [52] D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, SIAM J. Comput. 32 (3) (2003) 586–615. [53] X. Dong, L. Wei, H. Zhu, Z. Cao, L. Wang, An efficient privacy-preserving data-forwarding scheme for service-oriented vehicular ad hoc networks, IEEE Trans. Veh. Technol. 60 (2) (2011) 580–591. [54] K. Nyberg, R.A. Rueppel, Message recovery for signature schemes based on the discrete logarithm problem, Des. Codes Cryptogr. 7 (1–2) (1996) 61–81. [55] C.-P. Schnorr, Efficient signature generation by smart cards, J. Cryptology 4 (3) (1991) 161–174. [56] D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in: International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2001, pp. 514–532. [57] K.-K.R. Choo, C. Boyd, Y. Hitchcock, The importance of proofs of security for key establishment protocols: Formal analysis of Jan–Chen, Yang–Shen– Shieh, Kim–Huh–Hwang–Lee, Lin–Sun–Hwang, and Yeh–Sun protocols, Comput. Commun.-Elsevier 29 (15) (2006) 2788–2797.

Dr. Qamas Gul Khan Safi received his B.S. degree in Computer Science in 2005, M.S. degree in Software Engineering from University of Engineering and Technology, Taxila, Pakistan in 2011. He has completed his Ph.D. degree in Information Security and Countermeasures from Beijing Institute of Technology, Beijing P.R. China. He has working experience of more than 11 years of both as academician and researcher. His research interest includes information security and privacy issues in VANET (Vehicular Ad Hoc Networks), information dissemination in VANET, VANET applications, cloud computing, VANET-based clouds, IoT and NLP. He is currently working as an Assistant Professor in University of Engineering and Technology, Taxila, Pakistan.

Senlin Luo received the B.E. and M.E. degrees from the College of Electrical and Electronic Engineering, Harbin University of Science and Technology, Harbin, China, in 1992 and 1995, respectively, and the Ph.D. degree from the School of Information and Electronics, Beijing Institute of Technology, Beijing, China, in 1998. He is currently a Deputy Director, Laboratory Director, and Professor of Information System and Security Countermeasures Experimental Center, Beijing Institute of Technology. His current research interests include machine learning, medical data mining, and information security.

Limin Pan received B.E. and M.E. degrees from the College of Electrical and Electronic Engineering, Harbin University of Science and Technology, Harbin, China. She is currently working in School of Information and Electronics, Beijing Institute of Technology, Beijing. Her research interests include data mining and image processing, Natural language processing and machine learning.

58

Q.G.K. Safi et al. / Pervasive and Mobile Computing 48 (2018) 43–58 Wangtong Liu received the Master’s degree from the School of Information and Electronics, Beijing Institute of Technology, Beijing China, in 2013. He is currently pursuing the Ph.D. degree at the Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology. His current research interests include operating system security and virtualization security.

Guanglu Yan is a Ph.D. of Information and Communication Engineering from the Beijing Institute of Technology, China. He holds a BE degree in Information and Communication Engineering from Beijing Institute of Technology in 2010. His main research interests are operating system security, application security and hardware virtualization system security.