An Innovative Authentication Framework

for VANETs

Jie Li, Senior Member, IEEE, Huang Lu, Member, IEEE, and Mohsen Guizani, Fellow, IEEE
AbstractIn Vehicular Ad hoc Networks (VANETs), authentication is a crucial security service for both inter-vehicle and vehicleroadside communications. On the other hand, vehicles have to be protected from the misuse of their private data and the attacks on
their privacy, as well as to be capable of being investigated for accidents or liabilities from non-repudiation. In this paper, we
investigate the authentication issues with privacy preservation and non-repudiation in VANETs. We propose a novel framework with
preservation and repudiation (AIAF) for VANETs. In AIAF, we introduce the public-key cryptography (PKC) to the pseudonym
generation, which ensures legitimate third parties to achieve the non-repudiation of vehicles by obtaining vehicles real IDs. The
self-generated PKC-based pseudonyms are also used as identifiers instead of vehicle IDs for the privacy-preserving authentication,
while the update of the pseudonyms depends on vehicular demands. The existing ID-based signature (IBS) scheme and the IDbased online/offline signature (IBOOS) scheme are used, for the authentication between the road side units (RSUs) and vehicles,
and the authentication among vehicles, respectively. Authentication, privacy preservation, non-repudiation and other objectives of
AIAF have been analyzed for VANETs. Typical performance evaluation has been conducted using efficient IBS and IBOOS
schemes. We show that the proposed AIAF is feasible and adequate to be used efficiently in the VANET environment.
Index TermsVehicular ad hoc network, authentication framework, privacy preservation, non-repudiation, pseudonym, identitybased cryptography

1 INTRODUCTION

VEHICULAR ad

hoc network (VANET) is a technology that

employs moving vehicles as nodes in a network to create a mobile

network to provide communication among vehicles, nearby fixed
road side units (RSUs) and regional trusted authorities (RTAs) [1]. A
VANET is considered as a variant form of a mobile ad hoc network
(MANET). It turns every participating vehicle into a wireless router
or node, and allows vehicles in approximately 300 meters range to
connect with each other. Unlike the nodes in MANETs, vehicles are
equipped with intelligent transportation sys-tems (ITS) which
potentially have longer transmission ranges, extensive on-board
storage capacities, and recharge-able source of energy. However, the
mobility of vehicles is constrained by predefined roads, the road
speed limits or the congestion level in VANETs [2]. As mobile
wireless devices and wireless networks become increasingly
influential in recent years, the demand for the vehicle-to-vehicle
(V2V) communication and the vehicle-to-roadside (V2R)

Communication increases continuously.

J. Li is with the Faculty of Engineering, Information and Systems,

University of Tsukuba, Tsukuba, Japan. E-mail: lijie@cs.tsukuba.ac.jp.
H. Lu is with the Yokohama Research Laboratory, Hitachi, Ltd.,
Yokohama, Japan. E-mail: lu.huang.jp@ieee.org.
M. Guizani is with Qatar University, Doha, Qatar.
E-mail: mguizani@ieee.org.
Manuscript received 6 July 2013; revised 26 Dec. 2013; accepted 31 Dec.
2013. Date of publication 24 Feb. 2014; date of current version 6 Mar. 2015.
Recommended for acceptance by X.Cheng.
For information on obtaining reprints of this article, please send e-mail to:
reprints@ieee.org, and reference the Digital Object Identifier below.
Digital Object Identifier no. 10.1109/TPDS.2014.2308215
.

1.1 Research Background and Motivations

VANETs are utilized for a broad range of safety applications, and
non-safety applications (such as collision warnings, road
navigation, traffic information and mobile infotainment). In
VANETs, the user authentication is a cru-cial security service for
access control in both inter-vehicle and vehicle-roadside
communication. On the other hand, vehicles have to be protected
from the misuse of their private data and the attacks on their
privacy, meanwhile, be capable of being investigated from
accidents or liabilities for non-repudiation. Peculiarly, safety
applications require a strong mutual authentication, because most
of the safety-related messages may contain life-critical
information [3]. Therefore in this paper, along with the
development of the VANET technology based on advancing
smart vehicles, and other undiscovered potential threats on
security, we are committed to solving the issues of authentication
with privacy preservation and non-repudiation in VANETs.
There is a number of research work related to the
authentication issue in VANETs, by applying symmetric or
asymmetric key managements. The symmetric key based
authentication schemes are proposed for VANETs, which use
symmetric key cryptographies for the message authentication [4],
[5]. The drawback of using symmetric key management is that
vehicles have to authenticate each other via the trust authorities,
which is not suitable for large-scale vehicular communications in
VANETs. The asymmetric key based authentication is widely
adopted because of the separate keys used for encryption and
decryption. The studies of the asymmetric key based
authentication are classified into two classes: the public key
infrastructure (PKI) based authentication and the

Identity (ID) based authentication. Although many PKI based

authentication frameworks have been proposed [3], [6], [7], [8],
[9], the system availability is still not per-evasive or feasible,
because such frameworks require additional communication to
manage the vehicular certificates and the certificate revocation
lists (CRLs) that may cause heavy communication and
computation overheads. Authentication frameworks using the IDbased signature (IBS) schemes based on the ID-based
cryptography (IBC) have been proposed to reduce the
communication over-heads [10], [11], [12], [13], [14], in which
the certificate management process has been simplified by using
the digital signature schemes. We note that, the IBS schemes can
be adapted to the authentication service for VANETs, in which
each vehicular identity is used as a public key for
signing/verifying messages in communication. Using ID-based
online/offline signature (IBOOS) is an attractive solution for
authentication in VANETs, for alleviating the computation
overhead of the IBS process. An IBOOS scheme increases
efficiency of the pairing process by separating the signing process
into an offline phase and an online phase, in which the
verification is comparatively more efficient than that of IBS [15],
[16]. In this paper, different from the existing work, we propose
an authentication framework by utilizing the IBS scheme in the
V2R communication, and together with the IBOOS scheme in the
V2V communication for better performance. In IBOOS for
VANETs, the offline phase can be executed initially at RSUs or
vehicles, while the online phase is to be executed in vehicles
during the V2V communication.

In VANETs, usually vehicles drivers (users) do not want their

private information such as vehicle names, positions, moving
routes, and user information to be revealed, in order to protect
themselves against any illegal tracing and/or user profiling. That
is, the anonymity of vehicular identities should be supported for
the privacy preservation in VANETs. Achieving anonymity by
using vehicle pseudonyms is a superior solution for the privacy
preservation [17], which intimately links a real-world identity
(ID) to the corresponding pseudonyms. In VANETs, the
pseudonym of a vehicle may be generated by the fixed RSUs or
the vehicle itself even can be downloaded from a trusted link
from the RTA periodically [14], [18], [19].
On the other hand, when traffic accidents or certain crimes
occur, the vehicle anonymity should be condition-ally retrievable,
and the identity information should be revealed to legal
authorities to establish the liability of accidents or crimes, which
is so-called conditional privacy or conditional anonymity [3]. The
non-repudiation service in VANETs prevents a vehicle from
denying previous commitments or actions [20]. For example,
vehicles causing accidents should be reliably identified, or a
vehicle cannot deny services received. Therefore, the conditional
privacy preservation with non-repudiation service is required for
VANETs, against the abuse of anonymous authentication
techniques by malicious vehicles to achieve malicious goals or
escape from liabilities. The pseudonymous authentication used in
vehicular communications can provide the privacy preservation
with an effective tracing mechanism, which is used only by the
trusted authorities (e.g., the certification authority (CA)) to reveal
the real identity of

Malicious vehicles. Although there exist many security

frameworks addressing the privacy preservation and nonrepudiation issues for VANETs [10], [13], [14], [21], [22],
various methods of using anonymous credentials are differ-ent in
each proposal, which render these issues more important and
more complex to be handled in VANETs.

1.2 Contributions and Organization

An ideal VANET should have a mechanism to validate the
authenticated vehicles with privacy preservation while retaining
message non-repudiation. In this paper, proposed a novel
Authentication framework with preservation and repudiation
(AIAF) for VANETs, by using the IBC for authentication and the
pseudonym-based mechanism for conditional
privacy
preservation and non-repudiation in urban vehicular
communications (UVC). One of the advantages of AIAF is its
reusability. Besides the solution by using the existing PKC, IBS
and IBOOS schemes, AIAF can also be utilized with new
schemes for security and performance improvements. The
contributions of this work are as follows.
The proposed AIAF provides the conditional vehicle
anonymity for privacy preservation with traceability for
the non-repudiation, in case that malicious vehicles abuse
anonymous authentication techniques to achieve
malicious attacks.
In AIAF, we introduce the public-key cryptography
(PKC) to the pseudonym generation, which ensures a
legitimate third party to achieve non-repudiation of
vehicles by obtaining their real IDs.
We propose a PKC-based adaptive pseudonym scheme by
using self-generated pseudonyms instead of real-world
IDs in authentication for privacy preservation and nonrepudiation, in which the update of the pseudonyms
depends on vehicular demands.
In AIAF, we utilize the IBS scheme for the vehicle-toroadside authentication and the roadside-to-vehicle (R2V)
authentication, which is efficient in communication. In
order to further reduce the computation overhead by IBS
in authentication, the IBOOS scheme is used for the
vehicle-to-vehicle authentication.
We show the feasibility of AIAF with respect to the
system analysis on the objectives, such as authentication,
privacy preservation, non-repudiation, time constraint,
independency, availability and integration. Moreover, the
storage and computation overHead of AIAF is evaluated by quantitative calculations in
the performance evaluation.
The rest of the paper is organized as follows. Section 2
provides the system description, the motivations and the
objectives. Section 3 introduces the preliminary background for
this paper. Section 4 presents the proposed AIAF framework for
VANETs. Section 5 provides the system analysis on
authentication, privacy preservation and no repudiation of AIAF.
Section 6 evaluates the performance of AIAF. Section 7
concludes the paper.

2 SYSTEM DESCRIPTION AND OBJECTIVES

This section describes the network architecture of a VANET and
its components, as well as the potential threats to the
Authentication, the vehicle privacy, and the message non-

repudiation in VANETs. The challenges and goals in this work

are presented afterwards.

2.1 Network Structure and Components

A VANET basically consists of three network components [14]:
road side units, vehicles (users) and a regional trusted authority.
The service of VANETs is usually divided into many different
regions, each of which is served by one RTA as the certification
authority. This network structure in VANET scenarios could be
considered as the general urban vehicular communications
structure. Observed from the experimental results from [23] that,
if a vehicle often drives to a known home or work location,
adversaries can identify a specific individual in spite of using
pseudonyms. Thus, in this paper we assume the vehicles in an
UVC structure mainly travel on roads, and do not frequently stop
at certain places. Without loss of generality, we consider that an
UVC structure of VANETs consists of an RTA, finite numbered
registered RSUs along roadsides, and a large number of vehicles
on or by the roads. In the UVC structure, the RSUs are always
reliable to cover the wireless vehicular communications of the
whole region, while vehicles are vulnerable to being
compromised by attackers but can change their pseudonyms as
IDs on demand for the privacy preservation. The wireless
communication in this structure of VANETs can be classified
mainly into the following three types, the vehicle-to-roadside
communication, the roadside-to-vehicle communication, and the
vehicle-to-vehicle communication. Other communications are
through secure wired channels, such as inter-RSU
communication and RSU-to-RTA communication.

The transmission range of an RSU is assumed to be much

longer than that of vehicles. All vehicles use symmetric radio
channels, and tamper-proof modules (TPMs) are mounted to store
sensitive information. The energy of vehicles is adequate and
assumed no constraint in a VANET. An RTA may be an
automobile manufacturer, an authenticated third party of the state,
etc. The main responsibilities of an RTA are as follows:
An RTA generates cryptographic domain parameters for
the RSUs and vehicles in its region, and delivers these
keys to them over secure channels.
It manages a list of vehicles of which the participations
have been revoked, updates the list periodically, and
advertises the list to the network to isolate the
compromised vehicles.
If a vehicle transmits false messages for malicious
purposes on the road, the RTA is responsible for tracing
and identifying the source of the messages to resolve any
dispute.

On the road. Here, we investigate these attacks specifically on

authentication, privacy preservation and non-repudiation, and
explain how they are triggered and the potential consequences.
Attacks on authentication: There are two kinds of attacks
related to authentication in VANETs and are given as follows
[24]:

1)

Impersonation attack: The attacker pretends to be another

entity. The impersonation attack can be per-formed by
stealing other vehicular entities credentials for
authentication. As a consequence, some warnings sent to
a specific entity would be sent to an undesired one.

2)

Sybil attack: The attacker uses different identities at the

same time. In this way, e.g., a single attacker could
pretend as a vehicle and reports the existence of a false
traffic bottleneck.
Attacks on privacy: Attacks on privacy over VANETs are
related to illegally gathering of sensitive information about
vehicles (e.g., eavesdropping). As there is a relation between a
vehicle and its driver, the exposure of a vehicles secret/ sensitive
information could affect its drivers privacy [24]:

1)

Identity revealing attack: Getting the owners identity of a

given vehicle could put its privacy at risk. Usually, a
vehicles owner is also its driver, so it would simplify
getting personal data about that person.

2)

Location tracking attack: The location of a vehicle in a

given moment, or the path followed during a period
of time is considered as personal data. It allows the
attacker to build the vehicles profile and, therefore,
tracking its driver.
Attacks on non-repudiation: In VANETs, the no repudiation is
related to the fact that a vehicle cannot deny a specific message if
it has sent that message. Conventionally, by producing a signature
for the message in VANETs, the vehicle cannot later deny the
sent messages. The attack on the message non-repudiation is
explained as follows [25]:

1)

Repudiation attack: Repudiation refers to a denial of

participation in all or part of communications in VANETs.
For example, a selfish driver could deny conducting an
operation on a credit card purchase, or malicious vehicles
could abuse anonymous authentication techniques to
achieve malicious goals or escape from their liabilities.

2.3 Goals and Challenges

Since access control is generally based on the identity of the user,
authentication is essential to effective security. In this paper, we
endeavor to construct an efficient authentication framework with
conditional privacy preservation and

RTAs at different regions have to be cross-certified. non-repudiation, by using the PKC-based pseudonyms and
Thus, vehicles from different regions or different ID-based key management for the different kinds of
manufacturers can be authenticated to each other via communications in VANETs. If a malicious vehicle transmits a
RTAs.
fraudulent authentication message, the trusted authority should be
able to open the corresponding signature to trace the actual
identity of the vehicle.
2.2 Attacks on Authentication, Privacy and
Besides, many other objectives and challenges are considered
Non-Repudiation
and
preferred in the existing work for the effective and efficient
Concerning security in VANETs, there are many attacks which
authentication [26]. In this work, we also
threaten the V2R, R2V and V2V communications
Incorporate the common objectives in authentication, and focus
on the following points:

Message confidentiality: The confidentiality of the

transmitted messages in a VANET depends on the

message encryption mechanism in AIAF. This is related
to the PKC-based pseudonym generation for vehicle
anonymity, as well as the encryption/ decryption achieved
from the IBC in authentication by using RSU IDs, vehicle
pseudonyms and the domain parameters.

Only to the RTA. In this way, a vehicle can obtain a public key
pkc and generate the PKC-based pseudonym from the current
public key, which can be decrypted only with the corresponding
RTAs private key skc.

3.2 Pairing for IBC

ID-based cryptography allows the public key of an entity to be
derived from its public identity information such as name, email
address, etc., which avoids the use of certificates for public key
verification in the conventional

Time constraint: Because of the high mobility of a PKI. Most existing algorithms of IBC are based on the vehicular movement,
strict time constraint is Diffie-Hellman (BDHP) and elliptic curve cryptography
Required in AIAF for VANETs, which means that the (ECC) in a pairing domain [1], where the discrete logarithm
lower the delay overhead, the more efficient and timely problem (DLP) for pairing in groups is required to be hard. For
the communication.
self-contained, we briefly review the characteristics of pairing.
Independency: Due to the possibility of infrastructure Randomly select two large primes p and q, and let E=Fp
unavailability in VANETs, including RSUs and RTAs, the indicates an elliptic curve over the finite field Fp. We denote a qdesired AIAF should not query and access infrastructures order subgroup of the additive group of points in E=F by G ,
p
1
so frequently.
and a q-order sub-group of the multiplicative group in the finite
Availability and integration: In order to ensure secure and field F_ G [31]. The pairing is a mapping e : G _ G ! G ,
p 2
1
1
2
smooth operations of VANETs, it is necessary to integrate which is a bilinear map if it satisfies the following properties:
security requirements into the design of VANETs. The
solution of the proposed AIAF is desired not only to
1) Bilinear: 8P; Q 2 G1 and 8c; d 2 Z_q, ecP; dQ
c
d
cd
retain the communication and computation ability of a
eP; dQ ecP; Q eP; Q , etc.
VANET, but also to provide integration with the local
2) Non-degeneracy: If P is a generator of G1, then eP; P is
service and security
a generator of G2.
Mechanisms.
3) Computability: There is an efficient algorithm to compute
Generally, the goal of AIAF is to provide an effective
_eP; Q in G2, 8P; Q 2 G1.
authentication mechanism to achieve the above objectives in Here Z q is the multiplicative group consisting of q _ 1 integers.
VANETs, in terms of the processing time, storage and Weil pairing [31] and Tate pairing [32] are examples of such
bilinear mapping, which presents comprehensive descriptions of
communication overhead.
how pairing parameters can be selected for security.

3 PRELIMINARIES
In this section, we introduce the PKC for pseudonym generation,
the IBS for authentication between vehicles and RSUs, and the
IBOOS for the authentication among vehicles, specifically. These
schemes will be applied in the proposed authentication
framework AIAF for VANETs. Note that the conventional IBS
and IBOOS schemes are not specifically designed for VANETs.
Thus, we adapt the conventional scheme for VANETs by
distributing functions to roles in a VANET. In this section, we
provide the preliminary background of the PKC scheme, pairing
for ID-based cryptography, as well as the IBS scheme and the
IBOOS scheme, respectively for VANETs.

3.1 Public Key Cryptography

PKC is based on asymmetric key algorithms, where the key used
to encrypt a message is not the same as the key used to decrypt it
[27]. Many existing PKC schemes are available to be utilized in
the PKC-based pseudonym generation, such as RSA [28], HFE
[29] and NTRU [30]. In the proposed AIAF for VANETs, each
vehicle c has a pair of crypto-graphic keys, i.e., a public
encryption key pkc and a private decryption key skc. The
cryptographic key pairs are generated by the RTA periodically,
and the public keys are trans-mitted to every RSU in its service
region through secure channels. Each key pkc is broadcast to all
vehicles by the RSU, while the corresponding private key skc is
known
Offline signing: Based on the sekID and public
parameters, the RTA/RSU generates an offline signature
offline
SIG
for each vehicle.

3.3 IBS Scheme for VANETs

An ID-based signature scheme [33] from IBC used in VANETs
consists of four steps including setup, key extraction, signature
signing and verification:
Setup: The RTA computes a master key s and public
parameters param for the private key generator (PKG),
and gives param to all vehicles.
Extraction: Based on an ID string, a vehicle generates a
private key sekID associated with the ID using the master
key s.
Signature signing: Based on a message M, time stamp t
and a signing key u, the sending vehicle generates a
signature SIG.
Verification: Based on the ID, M and SIG, the receiving
vehicle outputs accept if SIG is valid for verification,
and outputs reject otherwise.

3.4 IBOOS Scheme for VANETs

An ID-based online/offline signature scheme [34] from IBC used
in VANETs consists of five steps including setup, key extraction,
offline signing, online signing and verification:
Setup: Same as that in the IBS scheme.
Extraction: The RTA generates a private key sekID
associated with the ID using the master key s.
offline

Online signing: Based on the offline signature SIG

and a message M, the sending vehicle generates an online
online
signature SIG
of M.

online

Verification: Based on the ID, M and SIG

, the
online
receiving vehicle outputs accept if SIG
is valid
for verification, and outputs reject otherwise.

4 PROPOSED AUTHENTICATION FRAMEWORKS

This section describes the design of the proposed novel
authentication framework with conditional privacy-preservation
and non-repudiation for VANETs, including initialization, the
pseudonym generation, and the operation of AIAF.

4.1 Initialization
In the proposed AIAF for VANETs, we consider the UVC
structure for VANETs introduced in Section 2.1, which consists
of an RTA, finite numbered registered RSUs along roadsides, and
a large number of vehicles on or by the roads. An RTA serves in
one region, e.g., a city, a province or a country. An ID pool of
RSUs in a region is preloaded in each vehicle, in which the
number of RSUs is usually fixed that does not change frequently.
The vehicle registration is required before a vehicle starts off to
hit the road in a region. If the vehicle is newly manufactured, it
can be registered to the RTA at the car dealer via a secure
network infrastructure. If a vehicle is driven into a new region, it
can be registered to the RTA at the entry-exit administration or
the border immigration office via the secure network
infrastructure. Through the vehicle registration of each vehicle,
the RTA registers the vehicle ID and profile, then publishes and
distributes the RSU ID pool and the certified domain parameters
for authentication to the vehicle, which are defined in Section 3.
We use Fig. 1 to illustrate the operations of the proposed AIAF
for VANETs.

4.2 Pseudonym Generation

In AIAF for privacy preservation, the PKC-based pseudonym of a
vehicle is generated instead of the real-world ID in the
authentication process. Since the RTA is periodically
broadcasting the current public key via RSUs for the PKC in the
pseudonym generation, the vehicle can use it for the PKC-based
pseudonym generation, when it wants to update its current
pseudonym or generate a new pseudonym.
We define the self-generated PKC-based pseudonym of a
vehicle as follows:
Def

PSv TimejjEpkIDvjjHRjjRSU;
where Time is the current time, when the pseudonym is
generated. Epkc IDv is the encrypted value generated from the
vehicles real ID, by using the current PKCs public key pkc
obtained from the RSU broadcasts. HR denotes the code name of
the vehicles home region. RSU denotes the ID of the current
corresponding RSU, where the vehicle updates

Fig. 1. An illustration of the operations in AIAF for VANETs.

Or generates its new pseudonym for secure authentication and

communication.

4.3 Operation of AIAF

According to the components described in Section 2,
authentication in VANETs can be divided into three categories,
namely vehicle-to-roadside authentication, roadside-to-vehicle
authentication and vehicle-to-vehicle authentication. In the
proposed AIAF, RSUs are broadcasting their information
periodically, and all the operations at RTAs and RSUs are tamperproof and being performed trustfully. The proposed AIAF
operates adaptively, whenever a vehicle wants to newly
authenticate itself to others, or update its current pseudonym.
Table 1 shows the operations in AIAF.

4.3.1 V2R and R2V Authentication

The V2R and R2V authentication is carried out for the execution
of the following V2V authentication, which consists of the
following three steps. We take an example in Fig. 1 to illustrate
the authentication between one RSU and a number of vehicles:
Step 1: The RSU is broadcasting its information periodically,
which is used for the V2R and R2V authentication. Therefore, the
vehicles in the transmission range can get the RSUs information
hIDr; T; pkc; adv; nonce; SIG rIDr jjT i, where IDr is the ID of
the broadcasting RSU, T is the time stamp for the current time
interval. pkc is the public key of PKC issued by the RTA, which
is used during the current time interval. The advertisement
message adv is the invitation of V2R authentication in the next
step and the nonce is for freshness. SIGrIDr jjT is the IBS for
R2V authentication, which is generated from the RSUs ID IDr
and the time stamp T.
Step 2: A vehicle replies a message to the corresponding RSU
in either of the following two cases, by using IBS for V2R
authentication:

TABLE 1
Operations of the Proposed AIAF

4.3.2 V2V Authentication

A vehicle wants to newly generate or update its
pseudonym for authentication and communication in the
VANET system.
A vehicle receives a new RSU ID from an RSUs
Broadcast.
The vehicle uncast its new pseudonym to the RSU in the
message hIDr; PSv; T; join; SIGvPSvjjT i, where IDr indicates
the destination RSUr, PSv is the newly generated pseudonym,
join is the join request message, and SIGvPSvjjT is the digital
signature generated from the vehicles pseudonym PSv and the
time stamp T .
Step 3: After receiving the join request message from a
vehicle, the RSU verifies the signature, and accepts it if the
message is authenticated. The RSU first updates the pseudonym
PSv in its memory, as well as reports it to the RTA. Afterwards,
offline
the RSU generates the offline signatures SIG
vPSv from
the pseudonym PSv for the vehicle Vv.
The RSU then broadcasts an allocation set message to all the
vehicles in its transmission range for the V2V authentication, by
using IBS for R2V authentication. The allocation message
includes a pseudonym/offline signature/RSU ID (POI) set in the
form of PSv=SIG

offline

vPSv=IDr,

attached with a nonce,

yet to be concatenated with the digital signature SIGrIDrjjt.

Here IDr denotes the corresponding RSU, where the POI set is
generated. All the vehicles in the cur-rent RSUs transmission
range receive the message, and accept it if the signature
verification is valid. Then, regarding the acceptable POI set
according to verification, the vehicle stores and updates the POI
sets in its memory if its storage is possible, otherwise, drops it.
Authentication message with its online signature SIG

online

in

The V2V authentication, which is also called inner-RSU V2V

authentication, is used for secure vehicular communication
among vehicles. During the V2V authentication, vehicles use the
received POI sets for verification for authentication. As a sender,
the vehicle first computes the online signature SIG

online

from the

offline

offline signature SIG

, by using the IBOOS scheme for
authentication. Then, the receiver vehicles can use the online
signature for the V2V authentication.
In case that vehicle v is willing to authenticate itself to other
vehicles in its transmission range, it first computes the online
online
offline
signature SIG
vSIG
vPSvjjt from the offline
signature SIG

offline

vPSv

and the time stamp t. Then, it can

broadcast the authentication message as hPSv; t; nonce;

online

offline

SIG
Upon
receiving
the
vSIG
vPSvjjti.
authentication message from the sender vehicle, the vehicles in
the senders transmission range verify the online signature with
the corresponding POI set stored in their memories.

4.3.3 Cross-RSU V2V Authentication

The cross-RSU V2V authentication is required when a vehicle
receives an authentication message from another vehicle, whose
pseudonym does not appear in its storage. In this case, the vehicle
queries the RSU, which consists of the following three steps:
Step 1. Assume that vehicle w is aiming to authenticate itself
to the nearby vehicles. Thus, vehicle w broadcasts the
the form of hPSw; t; nonce; SIG

online

wSIG

offline

wjjti.

Step 2. Once the authentication message is received from

vehicle w, vehicle u checks its storage for the pseudonym and the
POI set of vehicle w. If the information does not appear in
vehicle us storage, vehicle u transmits its query message q:y: of
authenticity to the nearest RSU, which includes the POI set of
offline
vehicle w in the form of PSw=SIG
wPSw=IDr, signed
with the IBS SIGu.
Step 3: After receiving the queried message, the current RSU
queries other RSUs or the RTA via secure channels to check if the
POI set is authenticated. Afterwards, the cur-rent RSU replies the
query result q:r: signed with SIGr back to the querying vehicle u,
whether or not the POI set is authenticated.

4.3.4 Cross-Region Authentication

When a vehicle enters a new region, first it has to go to the
current RTA for registration. At the RTA, a vehicle can update or
replenish its RSU pool and the certified domain parameters for
authentication. When the registration is completed, the vehicle
can proceed with the above V2R, R2V and V2V authentication,
and carry on the secure communication in this region.

Not affect the efficiency of authentication during communication

in VANETs. In AIAF, we adopt RSA [28] for the PKC-based
pseudonym generation as a representative.
There are many IBS and IBOOS schemes available for the
proposed AIAF, which are mainly based on ECC and RSA
signatures. Verifying RSA signature is efficient for a vehicle [39],
and we can set small verification exponents. However, RSA
based signatures are large, resulting in a considerably increased
message size. ECC based signatures are equally useful for
signing and verification of messages and have short signature
sizes. Therefore, for VANETs, ECC based signatures are
considered more efficient than RSA signatures. To exemplify the
proposed authentication frame-work, we select the comparatively
secure and efficient ECC based signature schemes from the
available IBS and IBOOS schemes. An IBS scheme (given in
[35]) is preferable for V2R and R2V authentication, security of
this signature scheme depends on ECC and DLP. While an
IBOOS schemes (given in [37]) is preferable to satisfy V2V
broad-cast authentication, where the offline signature can be
securely refused to sign more than one message and its security
also depends on DLP.

4.4 Framework Proof

We prove the correctness of the proposed AIAF in this part. AIAF
properly functions based on the validity and accuracy of the
adopted encryption/decryption cryptographies, where the PKC,
IBS and IBOOS schemes used in AIAF are assumed reliable of
their functionalities. Since the V2R and R2V authentication in the
operation are the preliminary operations for the following V2V
authentication, thus we focus on the proof in the V2V
authentication in AIAF that is the main objective.

5 SYSTEM ANALYSIS OF AIAF

We provide the verification in the V2V authentication to prove

the correctness of AIAF. In Section 4.3.2, upon
receiving the
authentication
message
PS ; t; nonce;

First, we detail the solutions and countermeasures of AIAF,

against various adversaries and attacks presented in Section 2.2,
respectively as follows.
Solutions to attacks on authentication: In the proposed AIAF,
authentication is guaranteed by digital signatures, which bound
messages to vehicular pseudonyms and consequently the
corresponding identities. The signature verification and the query
process in the peer vehicles (sometimes via the RSUs) for the
paired digital signatures and vehicular pseudonyms protect the
vehicles from the adversaries pretending other entities in AIAF.
Since the acceptable digital signatures are specifically bounded to
the PKC-based vehicular pseudonyms, the adversaries can-not
trigger either the impersonation attacks or the Sybil attacks
without obtaining the corresponding vehicular pseudonyms of the
digital signatures.

online

SIGv

offline

SIGv

PSvjjti from vehicle Vv,

the

receiver

vehicle Vi verifies the received message for the authentication,

where we denote the received authentication message
by
the prime form of the original message, as
0 0
0
0
hPSv ; t ; nonce ; SIGv i. Vehicle Vi verifies the authenticity in
the following way. It first checks the time stamp t and the nonce
for the freshness. Then, if the time stamp is correct, vehicle Vv
further computes the verification value (e.g., u), and the digital
signature (e.g., SIGverify) from PSv, u, etc. If the value of the
computed digital signature SIGverify equals to the signature
0
SIGv in the received message, receiver vehicle Vi considers the
received message authentic. If the verification above fails,
vehicle Vi considers the message as either bogus or a replaced
one, even a mistaken one, and ignores it. The authentication
operations in the existing IBS and IBOOS schemes [35], [36],
[37], [38] are examples of such operations for the verification in
the receiver vehicles.

4.5 Implementation of the Proposed Framework

In this work, we focus on implementing the efficient IBS and
IBOOS schemes to AIAF, because the PKC scheme is only used
for the pseudonym generation, which does

Solutions to attacks on non-repudiation: In AIAF, the message

non-repudiation is achieved from the decrypted value of the
vehicle pseudonyms by the private key of the PKC scheme. Since
the secure interactions with the RTA or RSUs are proposed in

The proposed AIAF primarily attempts to provide authentication

and privacy preservation with non-repudiation in VANETs, and
resolve the conflicts between them. In this section, for the sake of
evaluating the security in AIAF, we provide the solutions and
counter-measures to attacks and adversaries, and analyze the
security objectives of AIAF, respectively.

5.1 Solutions of Security Attacks

Solutions to attacks on privacy: The adoption of pseudonyms

in VANET communications conceals real-world identities of
vehicles such that peer vehicles and RSUs can-not reveal the
senders real-world identity of a specific message; however, it is
still able to authenticate the sender. By frequently updating the
pseudonyms during communication in the general UVC of
VANETs, the proposed AIAF defends legitimate vehicles against
identity revealing and location tracing.
AIAF, we can claim that the authorized third parties (e.g., the
police) can link pseudonyms with the identity of a vehicle with
the validated digital signature at any time on demand, which
protect the authorized parties from the repudiation attacks.

5.2 Analysis on Security Objectives

Besides the main objectives of AIAF in Section 5.1, we also
analyze the other security objectives of AIAF presented in
Section 2.3, respectively as follows:
Message confidentiality: In AIAF, the message confidentiality
is related to the conditional protection of the real IDs of the
vehicles. Since we introduce PKC to the pseudonym generation
in authentication, only the CA (i. e., RTA) have the private keys,
or can obtain a vehicles real ID by using the corresponding
private key. There-fore, the PKC based pseudonym generation
achieves message confidentiality in authentication. If an
authorized third party wants to trace the real ID of a malicious
vehicle for any kind of liability, it can query the corresponding
private key from the RTA.
Time constraint: In AIAF, the IBOOS scheme is applied in
V2V authentication instead of the IBS scheme for security, in
order to further reduce the computation overhead to speed up the
authentication process. The reusability of AIAF is another
solution to the time constraint, because AIAF can also be utilized
with new PKC, IBS and IBOOS schemes in the future with
higher computational efficiency, by which the time constraint
could be satisfied better for VANETs.
Independency: For the independency of the proposed AIAF,
the access to the infrastructures (RSUs) is required only when a
vehicle receives an authentication message from another vehicle,
whose pseudonym does not appear in its storage.
Availability and integration: Since AIAF is proposed for
vehicular access control by authentication, the solution of AIAF
does not overload the communication and computation ability of
a VANET on data communication. Based on IBS and IBOOS for
authentication without violating the transmitted data, AIAF
provides the integration and interoperability with other local
service and security protocols, e.g., secure routing and transport
layer security (TLS) [40].

6 PERFORMANCE EVALUATIONS
This section evaluates the performance and efficiency of AIAF
for UVC in VANETs through system analysis and theoretical
calculations, in terms of storage requirement, computation
overhead and authentication efficiency.

6.1 Storage Requirements

In the proposed AIAF, the storage requirements on RTAs and
RSUs are not stringent since these entities are distributed and
resource-free in nature in VANETs. It is mainly concerned with
the storage cost in vehicles from two

TABLE 2
Comparison of Efficiency Using Different Cryptographies

Respects, the information necessary for cryptographic

parameters, and the number of POI sets for the V2V
authentication.
In order to gain a high security level in the proposed AIAF, we
adopt the same parameters chosen by [3], which results in a
security level similar to 2,048-bit RSA and a total storage space
of 4.2 M bytes. In this scheme, the ECC based PKI was applied,
which is well-known for its efficient storage and communication
performance compared to the RSA based PKI.

6.2 Computation and Communication Overhead

This part gives an estimation of efficiency on applying the
proposed AIAF for VANETs, by analyzing the computation
overhead and the communication overhead. We focus on applying
the efficient IBS and IBOOS schemes to AIAF, because the
adopted PKC scheme used in the pseudonym generation does not
affect the efficiency of authentication during communication in
VANETs. Although the computationally intensive pairing
operations are not involved in conventional PKI, we believe that
the ID-based cryptographies based on pairings is highly suitable,
especially in the VANET environment.
Consider that the well-known Tate pairing is used for the basic
pairing operation of the IBS scheme. It is shown in [32] that the
time taken for computing a Tate pairing is 20 ms, in the
underlying base field of Fp (where jpj = 512-bit), which has a
similar level of security to 1,024-bit RSA. The pro-posed V2V
authentication scheme using IBOOS [37] allows the secure reuse
of the offline signature, computed by the RSU. The only cost a
vehicle bears in message signing is the cost of the online phase
which requires two point multiplications in the offline phase. This
online phase only consists of integer addition and multiplication
operations, which are very efficient for vehicles in terms of time
and energy consumption. Therefore, the time and energy cost of
the online phase is almost negligible. In Table 2, we show the
efficiency of authentication with a comparison of using different
cryptographic schemes for authentication, where the parameter
values are obtained from the corresponding references. Here, the
message size indicates the communication overhead for the
authentication process in AIAF. The computation time indicates
the computation overhead, which is the verification time used for
the signature in IBS schemes and the online signature in IBOOS
schemes. The Energy cost indicates the energy assumed for
signature verification at the receiving vehicle. Note that although
energy efficiency is not a critical requirement for authentication
in VANETs, consider that in case of emergency or damages to

the vehicles, the lower the cost of the security overhead, the
Better it is desired in AIAF.

vehicle queries the nearest RSU for authenticity of the sender

Vehicles pseudonym and POI set. Tquery is calculated as:
T

6.3 Authentication Efficiency

In this part, the efficiency of mutual authentication among

where T

sender

receiver

(2)

is the time of signing the online signature

sign

by the sender vehicle, and T

receiver

verify

is the time of verifying

the online signature by the receiver vehicle, by using the

IBOOS scheme.
On the other hand, for AIAF:Cross-RSU-V2V, the
computational delay of the V2V authentication Tcross is calculated as:
sender

Tcross Tsign

Tverify

receiver

Tquery;

sender

Where Tsign
is the time
of signing the online signature by the
receiver
sender vehicle, and Tverify
is the time of verifying the online

Signature by the receiver vehicle, by using the IBOOS scheme.

Tquery is the querying time, in which the receiver

RSU=query
verify

RSU=query

(4)

sign

receiver=query

RSU=query

Concatenated with the received query message. Tverify

AIAF:Inner-RSU-V2V indicates that when AIAF is

used for the inner-RSU-V2V authentication for UVC
in VANETs. In this situation, both the sender and
the receiver vehicles are V2R authenticated to the
current corresponding RSU within its communication range. Thus, the receiver owns the pseudonym
and the POI set of the sender vehicle, and the sender
Vehicle can directly authenticate the receiver.
AIAF:Cross-RSU-V2V indicates that when AIAF is
_ used for the cross-RSU-V2V authentication for UVC
in VANETs. In this situation, the receiver vehicle
does not have the current pseudonym and the POI
Set of the sender vehicle in its storage. Thus, the
receiver has to query the corresponding RSU for the
cross-RSU-V2V authentication.
For AIAF:Inner-RSU-V2V, the computational delay of
the V2V authentication Tinner is calculated as:
Tverify

receiver=query
sign

verify
;
receiver=query
where Tsign
is the time of signing the IBS in the query
message by the receiver vehicle for querying the senders
receiver=query
POI set from the RSU, and Tverify
is the time of verifying the IBS from the RSU by the receiver vehicle, which is

sender

vehicles in VANETs is evaluated through theoretical quanti

-tative calculations for UVC. In AIAF, the efficiency of
authentication is estimated by the communication delay
among vehicles, in which we focus on the computational
delay consumed by using cryptographic techniques includeing IBS and IBOOS schemes.
In order to evaluate the efficiency and illustrate the
cryptographic overhead of authentication in AIAF, we
consider the metric of computational delay of V2V authenticcation for the performance evaluation, which indicates
the computational delay caused by encryptions and veryfications during authentication by both of the sender and
Receiver vehicles.
We design the performance evaluation considering the
following two situations/scenarios for the V2V authenticcation of AIAF in VANETs, named AIAF:Inner-RSUV2V and AIAF:Cross-RSU-V2V, which have been introduced in the operation of AIAF in Section 4 as the
inner-RSU V2V authentication and the cross-RSU V2V
authentication, respectively:

Tinner Tsign

query

(3)

is

the time of verifying the IBS in the query message from the
RSU=query
querying vehicle by the RSU, and Tsign
is the time of
signing the IBS in the response message to the vehicles
query by the RSU.
Since the vehicles in the senders transmission range
verify the signatures in the authentication message from
either the inner-RSU-V2V authentication or the crossRSU-V2V authentication, we study the computational
delay of the V2V authentication in AIAF by changing
the ratio of receiver vehicles by using AIAF:Inner-RSUV2V and AIAF: Cross-RSU-V2V. Taking into account the
mobility of vehicles for UVC in a VANET, we denote a
coefficient u to indicate the ratio of the vehicles using
AIAF:Inner-RSU-V2V for verification in authentication,
which is calculated by:
N
inner

total

(5)

where Ninner is the number of vehicles using AIAF:InnerRSU-V2V for authentication, and Ntotal is the total number
of vehicles. Thus, the ratio of the vehicles using AIAF:
Cross-RSU-V2V for verification is 1 _ u. In this way it indicates that, the higher the ratio u, the lower the vehicular
Mobility. Thus, the computational delay of the V2V authentication in AIAF is the sum of partial Tinner and partial
Tcross, which is calculated by TV2V_AIAF as:

V2V_AIAF

u_T

1 _ u _ T

(6)
The parameters of quantitative calculations for the performance evaluation of AIAF are taken from the IBS and
IBOOS schemes, which are shown in Table 2. We consider
the evaluation of AIAF with two different sets of parameters in the calculations. We denote AIAF-1 as the case that
the IBS [36] and IBOOS [38] schemes are respectively
applied to AIAF, and AIAF-2 as the case that the IBS [35]
and IBOOS [37] schemes are respectively applied to AIAF.
(The original descriptions of the applied IBS and IBOOS
schemes are included in the separated appendices, which
can be found on the Computer Society Digital Library at
http://doi.ieeecomputersociety.org/10.1109/TPDS.2014.
2308215, of the manuscript.)
The illustration of the computational delay of the V2V
authentication versus different ratio between the conditions
of AIAF:Inner-RSU-V2V
and AIAF:Cross-RSU-V2V
is
Shown in Fig. 2. For comparison, we name a special case of
AIAF, the conventional infrastructure-based authentication
(CIBA), in which all the vehicles receivers use AIAF: CrossRSU-V2V for the V2V authentication. In the same way that we
considered for AIAF with different sets of
inner

cross

ACKNOWLEDGMENTS
This work was partially supported by Grant-in-Aid for Scientific
Research of Japan Society for Promotion of Science (JSPS) and
Collaboration Research Grant of National Institute of Informatics
(NII), Japan. Huang Lu is the corresponding author.

REFERENCES

[1]

S. Zeadally et al., Vehicular Ad Hoc Networks (VANETS): Status,

Results, and Challenges, Telecomm. Systems, vol. 50, no. 4,

pp. 217-241, 2012.

Fig. 2. The computational delay of V2V authentication with different

ratios of AIAF: Inner-RSU-V2V and AIAF:Cross-RSU-V2V.

Parameters, we denote CIBA-1 as the case that the IBS [35] and
IBOOS [37] schemes are respectively applied, and CIBA-2 as the
case that the IBS [36] and IBOOS [38] schemes are respectively
applied. Furthermore, we compare the performance of AIAF with
an existing authentication protocol, called ECPP (efficient
conditional privacy preservation protocol for secure vehicular
communications) [8], which could be adopted for the same
scenario with ours. The computational delay of the V2V
authentication in ECPP is calculated by TV2V_ECPP obtained
from [8] as:
TV2V_ECPP Tk Tverify 34:8 21:88 56:68 ms; (7)

Where Tk is for the anonymous key generation and pairing

computations at the sender vehicle, and Tverify is the time for
verification at the receiver vehicle.
From Fig. 2 we can see that, the computational delay of ECPP
is similar to that of CIBA-2, and the perfor-mance of AIAF,
especially in the case of AIAF-2 is superior to that of both ECPP
and CIBA. Meanwhile, the more vehicles are in the condition of
AIAF:Inner-RSU-V2V, the less time costs in computational delay
of the V2V authentication, where high authentication efficiency
could be achieved in AIAF.

7 CONCLUSIONS
In this paper, a novel authentication framework with conditional
privacy-preservation and non-repudiation for VANETs has been
proposed, which utilizes the IBS and IBOOS schemes for the
authentication, the pseudonym-based scheme for the privacy
preservation, and the PKC-based scheme for the pseudonym
generation. AIAF achieves the desired authentication, privacy
preservation, non-repudiation and other security objectives for
UVC in VANETs. Another important characteristic of AIAF is its
reusability, i.e., it can also be utilized with other new schemes for
security and performance improvements. Anal-ysis and
performance evaluation show that, the proposed AIAF is feasible
and adequate to UVC in the VANET envi-ronment for efficient
privacy-preserving authentication with non-repudiation.

[2]

F. Li and Y. Wang, Routing in Vehicular Ad Hoc Networks: A Survey,

IEEE Vehicular Technology Magazine, vol. 2, no. 2, pp. 12-22, June
2007.

[3]

M. Raya and J. Pierre, Securing Vehicular Ad Hoc Networks, J.

Computer Security, vol. 15, no. 1, pp. 39-68, 2007.

[4]

X. Lin, TSVC: Timed Efficient and Secure Vehicular Communications with Privacy Preserving, IEEE Trans. Wireless Comm., vol. 7,
no. 12, pp. 4987-4998, Dec. 2008.

[5]

A. Studer et al., Flexible, Extensible, and Efficient VANET

Authentication, J. Comm. and Networks, vol. 11, no. 6, pp. 574-588,
2009.

[6]

IEEE 1609 Family of Standards for Wireless Access in Vehicular

Environments (WAVE), U.S. Dept. Transportation, 2009..

[7]

N.-W. Wang, Y.-M. Huang, and W.-M. Chen, A Novel Secure

Communication Scheme in Vehicular Ad Hoc Networks, Com-puter
Comm., vol. 31, pp. 2827-2837, 2008.

[8]

R. Lu et al., ECPP: Efficient Conditional Privacy Preservation Protocol

for Secure Vehicular Communications, Proc. IEEE INFOCOM, pp.
1229-1237, 2008.

[9]

Y. Sun et al., An Efficient Pseudonymous Authentication Scheme with

Strong Privacy Preservation for Vehicular Communications, IEEE
Trans. Vehicular Technology, vol. 59, no. 7, pp. 3589-3603, Sept. 2010.

[10]

P. Kamat, A. Baliga, and W. Trappe, An Identity-Based Security

Framework for VANETs, Proc. Third Intl Workshop Vehicular Ad Hoc
Networks (VANET), pp. 94-95, 2006.

[11]

Y. Zhang et al., Securing Mobile Ad Hoc Networks with Certificateless Public Keys, IEEE Trans. Dependable and Secure Computing, vol. 3, no. 4, pp. 386-399, Oct.-Dec. 2006.

[12]

P. Kamat, A. Baliga, and W. Trappe, Secure, Pseudonymous, and

Auditable Communication in Vehicular Ad Hoc Networks, Secu-rity
and Comm. Networks, vol. 1, no. 3, pp. 233-244, 2008.

[13]

X. Lin et al., GSIS: A Secure and Privacy-Preserving Protocol for

Vehicular Communications, IEEE Trans. Vehicular Technology, vol.
56, no. 6, pp. 3442-3456, Nov. 2007.

[14]

J. Sun et al., An Identity-Based Security System for User Privacy

in Vehicular Ad Hoc Networks, IEEE Trans. Parallel and Distrib-uted
Systems, vol. 21, no. 9, pp. 1227-1239, Sept. 2010.

[15]

S. Even, O. Goldreich, and S. Micali, On-Line/Off-Line Digital

Signatures, Proc. CRYPTO: Advances in Cryptology, pp. 263-275,
1990.

[16]

F.R. Yu et al., A Hierarchical Identity Based Key Management

Scheme in Tactical Mobile Ad Hoc Networks, IEEE Trans. Net-work
and Service Management, vol. 7, no. 4, pp. 258-267, Dec. 2010.

[17]

H. Dok et al., Privacy Issues of Vehicular Ad-Hoc Networks,

Intl J. Future Generation Comm. and Networking, vol. 3, no. 1,

pp. 17-32, 2010.

[18] M. Gerlach and F. Guttler, Privacy in VANETs Using Changing

PseudonymsIdeal and Real, Proc. IEEE Vehicular Technology Conf.

(VTC-Spring), pp. 2521-2525, 2007.

[19]

H. Lu, J. Li, and M. Guizani, A Novel ID-Based Authentica-tion

Framework with Adaptive Privacy Preservation for VANETs, Proc.
Comm. and Applications Conf. (ComComAp),

pp. 345-350, 2012.

[20] F. Armknecht et al., Cross-Layer Privacy Enhancement and Non-

Repudiation in Vehicular Communication, Proc. ITG-GI Conf. Comm.

in Distributed Systems (KiVS), pp. 1-12, 2007.

[21]

J. Choi and S. Jung, A Security Framework with Strong NonRepudiation and Privacy in VANETs, Proc. IEEE Sixth Consumer
Comm. and Networking Conf. (CCNC), 2009.

[22]

J. Sun, C. Zhang, and Y. Fang, An ID-Based Framework

Achieving Privacy and Non-Repudiation in Vehicular Ad Hoc
Networks,
Proc. IEEE Military Comm. Conf. (MILCOM), pp. 1-7, 2007.

[23]

B. Hoh et al., Preserving Privacy in GPS Traces via UncertaintyAware Path Cloaking, Proc. 14th ACM Conf. Computer and Comm.
Security (CCS), pp. 161-171, 2009.
[24] J.M.D. Fuentes, A.I. Gonz_alez-Tablas, and A. Ribagorda,
Overview of Security Issues in Vehicular Ad-Hoc Networks,
Handbook of Research on Mobility and Computing, pp. 894-911, IGI
Global Snippet, 2011.

[25]

B. Wu et al., A survey of attacks and countermeasures in mobile

ad hoc networks, Signals Commun. Technol.-Wireless Netw. Security,
pp. 103135, 2007.

[26]

M. Riley, K. Akkaya, and K. Fong, A Survey of Authentica-tion

Schemes for Vehicular Ad Hoc Networks, Security Comm. Networks,
vol. 4, no. 10, pp. 1137-1152, 2011.

[27]

R.A. Mollin, RSA and Public-Key Cryptography, Discrete Math.

and Its Applications. Chapman and Hall/CRC, 2002.

[28]

R.L. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining

Digital Signatures and Public-Key Cryptosystems, Comm. ACM, vol.
21, no. 2, pp. 120-126, 1978.

[29]

J. Patarin, Hidden Fields Equations (HFE) and Isomorphisms of

Polynomials (IP): Two New Families of Asymmetric Algorithms,
Proc. EUROCRYPT: 15th Ann. Intl Conf. Theory and Application of
Cryptographic Techniques, pp. 33-48, 1996.

[30]

J. Hoffstein, J. Pipher, and J.H. Silverman, NTRU: A Ring-Based

Public Key Cryptosystem, Proc. ANTS-III, pp. 267-288, 1998.

[31]

D. Boneh and M. Franklin, Identity-Based Encryption from the

Weil Pairing, Proc. CRYPTO, pp. 213-229, 2001.

[32]

P. Barreto et al., Efficient Algorithms for Pairing-Based

Cryptosystems, Proc. CRYPTO, pp. 354-369, 2002.

[33]

A. Shamir, Identity-Based Cryptosystems

Schemes, Proc. CRYPTO, pp. 47-53, 1985.

and

Signature

[34]

A. Shamir and Y. Tauman, Improved Online/Offline Signature

Schemes, Proc. CRYPTO, pp. 355-367, 2001.

[35]

F. Hess, Efficient Identity Based Signature Schemes Based on

Pairings, Proc. Ninth Ann. Intl Workshop Selected Areas in Cryptography (SAC), pp. 310-324, 2003.

[36]

C. Zhang et al., An Efficient Identity-Based Batch Verification

Scheme for Vehicular Sensor Networks, Proc. IEEE INFOCOM,

pp. 246-250, 2008.

[37] S. Xu, Y. Mu, and W. Susilo, Efficient Authentication Scheme for
Routing in Mobile Ad Hoc Networks, Proc. Intl Conf. Embedded and
Ubiquitous Computing (EUC) Workshops, pp. 854-863, 2005.

Huang Lu (S10-M14) studied in Harbin Institute of

Technology, Harbin, China, before he went to
Japan for overseas exchange. He received the BS
degree in information and network science from
Chiba Institute of Technology, Chiba, Japan, and
the MS and the PhD (Eng) degrees in computer
science from University of Tsukuba, Tsukuba,
Japan, in 2007, 2009, and 2014, respectively.
Since April 2014, he has been a researcher at the
Yokohama Research Laboratory, Hitachi, Ltd.,
Yokohama, Japan. His research interests include

computer networks, wireless communications, network security, and

computational engineering. He is a member of the IEEE.
Mohsen
Guizani
(S85-M89-SM99-F09)
received the BS (with distinction) and MS
degrees in electrical engineering, the MS and
PhD degrees in computer engineering in 1984,
1986, 1987, and 1990, respectively, from
Syracuse University, Syracuse, New York. He is
currently a professor and the associate vice
president for Graduate Studies at Qatar University, Doha, Qatar. He was the chair at the
Computer Science Department at Western
Michigan University from 2002 to 2006 and
the chair of the Computer Science Department at University of West
Florida from 1999 to 2002. He also served in academic positions at the
University of Missouri-Kansas City, University of Colorado-Boul-der,
Syracuse University and Kuwait University. His research inter-ests
include computer networks, wireless communications and mobile
computing, and optical networking. He currently serves on the editorial
boards of six technical Journals and the founder and EIC of Wireless
Communications and Mobile Computing Journal published by John
Wiley (http://www.interscience.wiley.com/jpages/ 1530-8669/). He is
the author of eight books and more than 300 publications in refereed
journals and conferences. He guest edited a number of special issues
in IEEE Journals and Magazines. He also served as a member, the
chair, and the general chair of a number of conferences. He served as
the chair of IEEE Communications Society Wireless Technical
Committee (WTC) and the chair of TAOS Technical Committee. He
was an IEEE Computer Society dis-tinguished lecturer from 2003 to
2005. He is a fellow of the IEEE and a senior member of the ACM.

" For more information on this or any other computing topic,

[38]

J. Liu et al., Efficient Online/Offline Identity-Based Signature for

Wireless Sensor Network, Intl J. Information Security, vol. 9,

pp. 287-296, 2010.

[39] N. Gura et al., Comparing Elliptic Curve Cryptography and RSA
on 8-bit CPUs, Proc. Sixth Intl Workshop Cryptographic Hardware
and Embedded Systems (CHES), pp. 925-943, 2004.

[40]

T. Dierks and E. Rescorla, RFC 5246The Transport Layer Secu- please visit our Digital Library at www.computer.org/publications/dlib. rity
(TLS) Protocol Ver. 1.2,IETF, Aug. 2008.

Jie Li (M96-SM04) received the BE degree in

computer science from Zhejiang University,
Hangzhou, China, the ME degree in electronic
engineering and communication systems from
China Academy of Posts and Telecommunica-tions,
Beijing, China. He received the DrEng degree from
the University of Electro-Communi-cations, Tokyo,
Japan. He has been with Univer-sity of Tsukuba,
Japan, where he is a professor in the Faculty of
Engineering, Information and Systems. His
research interests include mobile
distributed multimedia computing and networking, big data and cloud
computing, OS, network security, modeling, and performance evaluation of
information systems. He received the Best Paper award from IEEE
NAECON97. He has served as a secretary for Study Group on System
Evaluation of IPSJ and on several editorial boards for IPSJ Journal and so

on, and on Steering Committees of the SIG of System EVAluation (EVA) of

IPSJ, the SIG of DataBase System (DBS) of IPSJ, and the SIG of MoBiLe
computing and ubiquitous communications (MBL) of IPSJ. He has been a
cochair of several international symposia and workshops. He has also
served on the program committees for several international conferences
such as IEEE ICDCS, IEEE INFOCOM, IEEE GLOBE-COM, and IEEE
MASS. He is a senior member of the IEEE and ACM, and a member of
Information Processing Society of Japan (IPSJ).