IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 2, APRIL 2017 601

A Secure Mechanism for Big Data Collectionin Large Scale Internet of Vehicle

Longhua Guo, Mianxiong Dong, Member, IEEE, Kaoru Ota, Member, IEEE, Qiang Li,Tianpeng Ye, Jun Wu, Member, IEEE, and Jianhua Li

Abstract—As an extension for Internet of Things (IoT),Internet of Vehicles (IoV) achieves unified management in smarttransportation area. With the development of IoV, an increasingnumber of vehicles are connected to the network. Large scaleIoV collects data from different places and various attributes,which conform with heterogeneous nature of big data in size,volume, and dimensionality. Big data collection between vehi-cle and application platform becomes more and more frequentthrough various communication technologies, which causes evolv-ing security attack. However, the existing protocols in IoT cannotbe directly applied in big data collection in large scale IoV. Thedynamic network structure and growing amount of vehicle nodesincreases the complexity and necessary of the secure mechanism.In this paper, a secure mechanism for big data collection inlarge scale IoV is proposed for improved security performanceand efficiency. To begin with, vehicles need to register in the bigdata center to connect into the network. Afterward, vehicles asso-ciate with big data center via mutual authentication and singlesign-on algorithm. Two different secure protocols are proposedfor business data and confidential data collection. The collectedbig data is stored securely using distributed storage. The discus-sion and performance evaluation result shows the security andefficiency of the proposed secure mechanism.

Index Terms—Big data, Internet of vehicles (IoV), large scale,secure mechanism.

I. INTRODUCTION

W ITH the rapid development of communication andcomputation technologies, a growing number of vehi-

cles are connected to the Internet of Things (IoT) [1]. Asa huge interactive network, Internet of Vehicles (IoV) hasbecome an important issue of mobile Internet [2]. Informationsuch as vehicles’ location, speed and driven route are col-lected to central processing system using particular sensorsand devices [3]. Huge research value and commercial interestwill be promised after computing and analyzing vehicles’

Manuscript received February 28, 2016; revised May 27, 2016; acceptedJune 14, 2016. Date of publication March 22, 2017; date of current versionApril 28, 2017. This work was supported in part by the National NaturalScience Foundation of China under Grant 61401273, Grant 61571300, Grant61562004, and Grant 61431008, in part by the JSPS KAKENHI under GrantJP15K15976, Grant JP16K00117, and Grant 26730056, and in part by theJSPS A3 Foresight Program. (Corresponding author: Mianxiong Dong.)

L. Guo, Q. Li, T. Ye, J. Wu, and J. Li are with the School of ElectronicInformation and Electrical Engineering, Shanghai Jiao Tong University,Shanghai Key Laboratory of Integrated Administration Technologies forInformation Security, Shanghai 200240, China.

M. Dong and K. Ota are with the Department of Information and ElectronicEngineering, Muroran Institute of Technology, Muroran 0508585, Japan(e-mail: mx.dong@csse.muoran-it.ac.jp).

Digital Object Identifier 10.1109/JIOT.2017.2686451

information [4]. Large scale IoV achieves unified managementas an extension for IoT in smart transportation area [5].

In IoV, the vehicles’ trajectory is subject to the roaddistribution in a wide range of physical area. A large numberof traffic information is shared through IoV which contributesto the smart management and road optimization [6]. Withthe development of society, the increasing number of vehi-cles and roads lead to extended scale of IoV which coversa wide range of physical area. Deployed on the vehicles, dif-ferent kinds of sensors provide a large amount of data aboutvehicles’ attribute information, driving state information, andtraffic information [7]. The data is spatio-temporal in naturefor its dependence upon time and location. The increasingnumber of vehicles collect data from different places and var-ious attributes, which converges big data of heterogeneousnature with variation in size, volume, and dimensionality [8].

With the spread and development of IoV, the collectedcontents involve not only personal privacy for example vehi-cle’s real-time location, but also some important data includingvehicle running parameter which is closely related to traf-fic safety [9]. However, the fraudulent messages may be sentby malicious vehicle nodes to jeopardize the traffic systemor purse their own profit [10]. Hence, it is significant todesign a mechanism to ensure that the transmission of vehicledata resource is trusted and not tampered with. As the intelli-gent transportation system is continuously developing and bigdata applied in the IoV [11], big data collection between vehi-cle and application platform becomes more and more frequentthrough various communication technologies, which causesevolving security attack. How to secure the big data collectionin large scale IoV is meaningful and deserves researching.

Nowadays, there existed some related works which focus onsecurity of big data and IoV. Mershad and Artail [12] proposeda security scheme of data messages exchanged between usersand RSUs, but the scalability of IoV is still a remainedproblem to solve. Wu et al. [10] proposed an efficient systemfor balancing public safety and vehicle privacy that guaranteesmessage trustworthiness. Wang et al. [13] proposed a securemechanism for privacy-preserving communication with avail-able cryptographic primitives in vehicle-to-grid networks.Cárdenas et al. [14] and Xu et al. [15] worked at the bigdata area and developed the security and privacy mechanisms.As an important technology in big data area, the security ofHadoop is also addressed in [16] and [17]. Liu et al. [18]proposed a key exchange scheme for secure scheduling ofbig data applications. Li et al. [19], [21] proposed security

2327-4662 c© 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

602 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 2, APRIL 2017

Fig. 1. Basic architecture of IoV.

models to solve authentication, privacy issues in related areas.However, the existing protocols in the related area cannot bedirectly applied in big data collection in large scale IoV. Asa result, the security and efficiency issue for big data collectionstill deserves research.

In this paper, a secure information collection scheme forbig data in large scale IoV is proposed. To begin with, vehi-cles need to register in the big data center to connect inthe network. After the initialization phase, vehicles associatewith big data center via authentication toward both sidesusing single sign-on algorithm. The collected information istransferred under security protection with improved efficiency.The collected big data will be secure stored using distributedstorage architecture to achieve the unified management. Theremainder of this paper is organized as follows. Section IIdescribes the background related to this paper and presentsthe security requirements for big data collection in largescale IoV. Section III presents the proposed system model.In Section IV, the details of proposed security mechanism aregiven, followed by the discussion in Section V as well asperformance evaluation in Section VI, respectively. Finally, wedraw our conclusion and give the future work in Section VII.

II. BACKGROUND

A. IoV

According to particular communication protocols anddata interaction standards, IoV is an integrated network basedon in-vehicle network, vehicular ad hoc network, and vehicle-mounted mobile Internet. It is an extended application of IoTwhich achieves intelligent traffic management control, vehiclesintellectualization control and intelligent dynamic informationservice [22], [23].

As shown in Fig. 1, vehicle nodes, sink nodes, and bigdata center constitute the basic architecture of the IoV. Thebig data center managements and processes data which arecollected by vehicle nodes and transferred by sink nodes.In the onboard unit of vehicle node, vehicle gateway col-lects the information from orientation module, vehicle station

parameter collection module, and so on. As sink nodes, rodeside units and users’ communication devices help transfer theinformation.

In contrast to other ad hoc networks, IoV have some dif-ferent features. As the vehicle nodes may change its locationsat a high speed, node topological structure is dynamic andchanging. It is hard to build accurate neighborhood. What ismore, the process of information exchange in IoV has seri-ous Doppler effect and attenuation which has bad influence tothe efficiency of information collection. With the data increas-ing, it causes worse effect to large scale IoV in the bigdata environment.

B. Big Data

Big Data is a system that let digitize large amount of infor-mation and combine it with existing databases. Big data isdefined based on three primary characteristics, also knownas the 3Vs: 1) volume; 2) variety; and 3) velocity [24].The increasing number of vehicles collect data from dif-ferent places and various attributes, which converge bigdata of heterogeneous nature with variation in size, vol-ume, and dimensionality. The integration of big data andIoV has been a trend with the development of new informa-tion technologies [25], [26]. Big data collection can improvedecision making, especially path planning in IoV. As for thegovernment, the collected big data helps, analyzes and solvethe traffic problems. As for the company like real-time trans-portation company, it helps optimize the vehicle resource. Asa result, the government and companies demand and startbuilding the big data platform for the large scale IoV.

C. Security Requirements for IoV

According to the features of IoV, the secure informationcollection scheme has to meet the requirements to ensure thedata collection security. The security requirements with opera-tional functions and management functions include [27]–[29]the following.

1) Authentication to identify the vehicle node, sink node,and big data center.

2) Integrity to protect messages against modification ordestruction.

3) Confidentiality to protect the information sent to appro-priate entity. The business data like temperature param-eters can be transferred in plain text form while theconfidential data like location data need to be transferredin cipher text form.

4) Nonrepudiation to prevent deny afterward.5) Authorization to ensure that only authorized nodes

access to the resource. As for the high dynamic topo-logical structure, single sign-on mechanism for nodes isnecessary.

III. SYSTEM MODEL

To address the security requirements in large scale IoV,a secure data collection scheme for big data is proposedas shown in Fig. 2. The increasing number of large scalevehicle nodes generate various attributes data from differ-ent places. These data will be collected by big data center

GUO et al.: SECURE MECHANISM FOR BIG DATA COLLECTION IN LARGE SCALE IoV 603

Fig. 2. Secure data collection model.

with secure protection and stored in distributed storage systemusing Hadoop architecture. In the initialization phase, asso-ciation with authentication toward all new adding vehiclenodes forms the first security line of defense against illegalnodes. These nodes will register in the system and exchangenecessary information with the data center. After the initial-ization phase, the proposed secure single sign-on algorithmimproves the efficiency of the logon protocol. Besides, thecollected information is transferred under security protectionuntil logout.

IV. PROPOSED SCHEME

To address the security problems in wide area IoV, a secureinformation collection scheme for big data is proposed [30].To begin with, vehicles need to register in the big data cen-ter to connect in the network. After the initialization phase,the vehicles associate with the big data center via authenti-cation toward both sides using single sign-on algorithm. Thecollected information is transferred under security protectionwith improved efficiency. Big data of vehicle information iscollected as designed format using distributed storage. Theexplanation of main symbols are given as shown in Table I.

A. Initialization

To support different kinds of big data platform, we assumethat each vehicle is equipped with a certificate issued by out-side certification authority (CA). In the initialization phase,vehicles need to register in the big data center to connect inthe network. Vehicle nodes and big data center generate publickey and private key of themselves, respectively. As shown inFig. 3, certification, with their corresponding public keys asa path, is exchanged between vehicle nodes and big data cen-ter. If the certificates pass the inspection, the corresponding IDwill be registered as a valid account. Sink nodes are respon-sible for message forwarding. What is more, sink nodes arealso necessary to register in this phase.

B. Logon for the First-Time

With the development of IoV, an increasing number of vehi-cles are connected to the network. Vehicles may run at a high

TABLE ISYMBOLS USED BY SECURE INFORMATION COLLECTION SCHEME

Fig. 3. Message exchange in initialization phase.

speed and connect to different sink nodes. With the highdynamic topological structure, IoV requires single sign-on fornodes to achieve authorization ensuring that only authorizednodes access to the resource. The secure information collectionscheme proposed single sign-on algorithm which improves theefficiency of the logon protocol. The expandability is enhancedutilizing the proposed scheme. After initialization phase, sinknodes and vehicle nodes connect to the big data center usingdifferent protocol as shown in Figs. 4 and 5.

In the phase of sink nodes’ sign-on, ID, nonsense, and Ts aresent to big data center with sink nodes’ signature as shown inFig. 4. According to received message, big data center checksthe signature and ID of sink nodes. What is more, Ts guaran-tees the time-efficiency while nonsense resists replay attack. Ifthe messages are legal from valid account, the big data centergenerates the unique key_sc. The nonsense and key_sc will beencrypted using pk_cen and sent to sink node afterward. Sink

604 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 2, APRIL 2017

Fig. 4. Sink nodes’ logon for the first time.

Fig. 5. Vehicle nodes’ logon for the first time.

node will acquire the key_sc after decrypting the ciphertextusing sk_sink.

In the phase of vehicle nodes’ sign-on, a similar processis designed as shown in Fig. 5. Big data center receives andchecks m1 with vehicle and sink node’s signature. After check-ing the signatures, m2 is calculated with big data center’ssignature. The “ticket” m2 is stored in vehicle node and worksas an important parameter for vehicle node’s single sign-onafterward. What is more, pk_veh encrypts key_vc as m3 whichis used for protecting the messages between vehicle node andbig data center. key_sc are utilized for ensuring the securitybetween sink node and big data center. Sink node generateskey_vs to encrypt m2 and m3. Apart from Epk_veh (key_vs)and Ekey_vs (m2, m3), cert_sink is required to ensure the legalidentity for the sink node.

C. Logon Once Again

When the vehicle nodes leave the region of its first logonsink node, it has to access to the new arriving sink nodewith another logon. As for this kind of vehicle nodes, theproposed scheme simply the logon process afterward. Asshown in Fig. 6, interaction between vehicle node and sinknode can improve the efficiency of the logon process andupdate the session key. Besides the stored ticket m2, cer-tificate and Ts are sent to sink node with vehicle node’ssignature. Signature of big data center in m2 proves that theticket was awarded by big data center. If the ID in certificatematches with that in m2 and the timestamp does not exceedthe period limit, the vehicle will be regarded as legal nodeand log in the system. The certificate of sink node and key_vswhich is encrypted by pk_sink will be sent to vehicle nodeafterward.

Fig. 6. Vehicle nodes’ logon later.

Fig. 7. Message exchange for business data collection.

D. Secure Data Collection

The above sections set the secure premise for data collectionin the large scale IoV. In condition that the vehicle nodes havesucceed to log in the system, the business data and confidentialdata will be collected using following algorithms as shown inFigs. 7 and 8, respectively.

M1 and M2 represent the business data which is the mainobject for interaction. The business data like temperatureparameters can be transferred in plain text form. m4 is cal-culated by the concatenation of vehicle node’s ID and M1. Toimprove the calculation efficiency, hash value of m4 is utilizedfor calculating the HMAC. As key_vc and key_vs has beenshared in advance, HMAC helps prevent tampering with dataand guarantee the identity of data sender. Sink nodes verifyHMAC [key_vs, H(m4)] and transmit HMAC[key_vc, H(m4)].When big data center publishes M2, the same algorithm isproposed in steps 3 and 4.

Different from business data collection, confidential data hasto be transferred in ciphertext form. As a random key, Tk isutilized for encrypting. To share Tk with sink node and bigdata center, key_vc and key_vs helps achieve the confidenceof Tk. As Tk is shorter than m4, the utilization of Tk decreasethe calculation complexity.

E. Secure Data Storage

In the above section, a secure information collection schemefor big data is proposed. Apart from business data and con-fidential data, some necessary security data of vehicle andsink nodes need to be stored in big data center. Data struc-ture for vehicle and sink nodes stored in big data centeris designed as shown in Table II. ID and certificate repre-sent identification of the nodes. It is worth mentioning that ifthe vehicle node is successfully registered in the system, thestatue changes from “off” to “on.” Once abnormal actions are

GUO et al.: SECURE MECHANISM FOR BIG DATA COLLECTION IN LARGE SCALE IoV 605

Fig. 8. Message exchange for confidential data collection.

TABLE IIDATA STRUCTURE FOR VEHICLE AND SINK NODES

STORED IN BIG DATA CENTER

detected through analysis in big data center, the statue will bechanged from on to off. Another initialization process is neces-sary to fight against illegal nodes. If the timestamp is beyondthe valid period, the node has to logon as the new addingnode. Session key and public key are significant to achieveconfidentiality and protect the information sent to appropriateentity.

The business data like temperature parameters can be storedin plain text form while confidential data has to be stored inciphertext form. As for the confidential data, key_vc is uti-lized to encrypt it for each vehicle node. Only when vehiclenode interacts with big data center, its confidential data canbe accessed and decrypted using key_vc while other vehiclenodes would not be able to acquire the confidential data. Inthe data storage, the proposed algorithm helps achieve autho-rization to ensure that only authorized nodes access to theresource.

However, with the growing number of vehicles nodes, bigdata center processes and collects larger amount of data. Thedata size is much larger than that one single disk can load.Distributed file system is badly demand for the big data inlarge scale IoV. To address this issue, Hadoop distributed filesystem (HDFS) enjoys great popularity in big data systems. Inproposed scheme, the collected big data is stored using securedistributed storage algorithm in the basis of HDFS. When thedata is requested, localized image file will be called usingstream process. It does not matter where the file is locatedand which format is stored. One HDFS cluster contains oneNameNode and several DataNodes. NameNode is master nodein charge of managing file system, including namespace andblock. DataNode is utilized for data file storage. HDFS cutsone file into several blocks which are stored in DataNode.In addition to the original HDFS, enhanced security schemeensure that only authorized nodes can access to the resource.To read the stored files, client interacts with NameNode toacquire the access token of the corresponding block, where

Fig. 9. Secure distributed storage for collected big data.

the target file is stored. These token has been allocated inadvance in NameNode. If the block access token matcheswith the allocated token, the stored file can be access to theclient.

As shown in Fig. 9, key_vc encrypts the messages trans-ferred between vehicle nodes and big data application. In bigdata center, key_vc works as certificate for controlling the bigdata application’s access to the confidential data of the corre-sponding vehicle node. If available, the client JVM request filename and block ID to NameNode through Distributed filesys-tem while block ID and location will be sent as response.Afterward, FSData outputstream sends block ID and byterange to DataNode to acquire block data. NameNode con-trols the state of DataNode while the DataNode will sendthe instructions for searching the stored data. As the businessdata is stored in plain text form, it can be used directly whilethe ciphertext form of confidential data has to be decryptedusing key_vc.

V. DISCUSSION

A. Security Analysis

With the development of advanced information technolo-gies, large scale IoV has occupied huge research value andcommercial interest. The security of big data collection isof great significance. To ensure the data collection security,the proposed mechanism meets the requirements, includingauthentication, integrity, confidentiality, nonrepudiation, andauthorization. In addition to the security requirements, secu-rity attacks such as man-in-the-middle (MITM) attack, replayattack, masquerade attack, and message manipulation attackare also prevented by the proposed mechanism.

Nodes in the system are authenticated using certificateswhich are issued by CA. Compared with the traditional user-name/password token scheme, the certificates in proposedscheme fight against brute force and cannot be forged whichis more reliable for authentication. In the message exchangefrom initialization phase to data collection phase, signatureis utilized for ensuring the integrity against modification

606 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 2, APRIL 2017

or destruction. Public key is exchanged in the initializationphase and private key helps encrypt symmetric key which isutilized for encrypting confidential data. Combining with pub-lic/private key, symmetric key protects the information to besent to appropriate entity. To meet the requirement of con-fidentiality, the confidential data is transferred in cipher textform. Stored by itself, the private key is utilized to calcu-late signature for nonrepudiation to prevent deny afterward.In the data storage, the session key “key_vc” works as cer-tificate for controlling the big data application’s access tothe confidential data of the corresponding vehicle node. Onlyauthorized nodes that have the certificate can access to theresource.

In our scheme, m2 is utilized as the ticket for single sign-on. However, an attacker cannot success to sign-on even ifit makes a copy of the previous m2, certificate and Ts arealso required for checking the identity of the vehicle nodes.So the malicious nodes fail to conduct replay attack to thebig data center according to the proposed mechanism. MITMattacker intercepts the exchanging massages and tampers withthe data. However, the messages transferred in the proposedmechanism are encrypted using session key and signature alsohelps fight against MITM attack. In masquerade attack [31],the attackers send wrong messages through pretending to bevalid nodes which have bad influence to the security of infor-mation system. In the proposed scheme, all the nodes inthe large scale network are authenticated using certificatesand signatures. Therefore, the masquerade attackers cannotsend wrong messages between the valid nodes because theycannot pass the authentication and pretend to be the validnodes. In message manipulation attack, the exchanged mes-sages may be dropped, modify or even forged to interruptthe data collection by attacker. In our mechanism, an attackeris too hard to forge the packet or path. Thus, the mes-sage manipulation attack is not effective to conduct with thismechanism.

B. Efficiency Analysis

To improve the efficiency of the secure big data collectionprocess, single sign-on algorithm, message digest, and randomkey (Tk) are designed and utilized in the proposed mechanism.

As for the high dynamic topological structure, single sign-on algorithm contributes to the simplification of logon process.For the vehicle nodes that connect to the new sink node, theywill just interact with the new sink node while a tripartiteinteraction is required. The stored ticket m2 will certificatethe valid identity for the vehicle node while the certificationof sink node will be sent back afterward. The simplification oflogon process helps improve the efficiency of the mechanism.The expandability is also enhanced utilizing the proposedscheme.

In the large scale IoV, the increasing number of vehiclenods generates growing big data in size, volume, and dimen-sionality. Message digest is utilized for decreasing the lengthof exchanged message in the business data and confidentialdata collection. m4 is calculated by the concatenation of vehi-cle node’s ID and M1 which is far longer than hash value of

m4. The utilization of message digest improves the calculationefficiency for big data collection.

In big data collection, confidential data are transferred incipher text form. The vehicle nodes are required to encrypt theconfidential data to sink node and big data center. If the confi-dential data is encrypted using session keys, including key_vcand key_vs directly, the calculation time will be effected bythe length of the data which is often large in big data. In theproposed scheme, random key (Tk) encrypts the confidentialdata while the session keys ensure the length of Tk which is farshorter than the confidential data. The utilization of randomley also contributes to improve the efficiency for encryptingthe big data in large scale IoV.

VI. PERFORMANCE EVALUATION

In the large scale IoV, an increasing number of vehiclesare connected to the network which generates growing bigdata. The security schemes of big data collection are requiredto take the efficiency into consideration. In this section, wepresent the simulation results for evaluating the performanceof our proposed mechanism. An overall time sequence willbe given to shown the data flow of the proposed scheme. Thesimulation result of single sign-on algorithm, message digestand random key (Tk) shows the efficiency in logon processand data collection phase. With the increasing amount of data,the computing time and transmitting time for data collectiondirectly reflect the performance of the security mechanism. Asa result, we will compare our mechanism with others in thesetwo aspects.

A. Overall Time Sequence

To evaluate performance of the proposed secure mecha-nism, the simulation of the entire data collection process isconducted using the network simulator software Opnet. Asshown in Fig. 10, overall time sequence for three kinds ofnodes is given. A complete secure big data collection betweenvehicle node, sink node, and big data center is presentedto show how the work flow goes. As defined in the IEEE802.11 about telecommunications and information exchangein vehicle-to-infrastructure, we assume that the transfer rateis up to 12 Mb/s [32]. The abscissa axis records the time ofinteractions while vertical axis shows the transfer rate of eachnode using the security protocols. Interactions including ini-tialization phase, sink node’s logon, vehicle node’s logon, anddata collection are simulated continuously. For each node, thetime period when the blue line is over zero represents thetransmitting time for each action. For two interacting objects,the difference time value of between two following actionsrepresents the calculation time. The results show that theproposed mechanism is available in the environment of largescale IoV.

B. Single Sign-On Comparison

As the vehicle nodes may change its location at a highspeed, node topological structure is dynamic and changing.The vehicle nodes may connect to different sink nodes with thechanging of network topological. The asymmetric encryption

GUO et al.: SECURE MECHANISM FOR BIG DATA COLLECTION IN LARGE SCALE IoV 607

Fig. 10. Overall time sequence of the proposed scheme.

Fig. 11. Calculation time for each phase.

utilizes RSA algorithm in which the length of public/privatekey are both 1024 bites while AES-128 algorithm is utilizedfor symmetrical encryption. The asymmetric encryption costsmuch more than the symmetrical encryption does. As a result,the sink node’s logon time cost and vehicle node’s logon timecost for the first time are far more than that of other phasesas shown in Fig. 11. So the big data collection in large scaleIoV deserves a secure single sign-on algorithm.

Compared with mutual authentication (MA), the proposedmechanism just designs an interaction with the new sink nodefor vehicle node while a tripartite interaction is required in thetraditional sign-on. As shown in Fig. 12, the computing timeof vehicle node, sink node, and big data center using SSO andMA are presented. All the three kinds of nodes using SSO costless time than that using MA. It shows that SSO decreases thecomputing cost for logon which is more significant for thelogon with the dynamic network structure in the environmentof large scale IoV.

As shown in Fig. 13, the computing time and transmit-ting time for SSO and MA are presented. The computingtime for SSO is shorter than MA. As the proposed SSOalgorithm is designed to transfer certificate twice, the trans-mission of certificate costs more time. The huge computationtime decrease at the price of little increase of transmitting

Fig. 12. Calculation time of each node using SSO and MA.

Fig. 13. Computing and transmission time using SSO and MA.

time. With the enhanced security requirements, the lengthof the key for asymmetric encryption grows which maylead to the increase of the encryption/decryption time. Theproposed SSO algorithm shows better efficiency in the largescale IoV.

C. Message Digest and Random Key Comparison

In big data collection, confidential data are transferred incipher text form which is required to encrypt the confidentialdata to sink node and big data center. As shown in Fig. 14, thetransmitting time of data collection increases with the growingof collected data size. Other phases set a security foundationfor data collection and the size of collected data size doesnot affect the efficiency of these phases. As a result, howto improve the efficiency of the big data collection deservesresearching in the large scale IoV.

In our scheme, message digest and random key (Tk) areutilized for improving the efficiency. Different from ourscheme in Figs. 14 and 15, the message is directly pro-cessed using HMAC algorithm without calculating messagedigest in advance in schemes 1 and 3 while the confidentialdata is encrypted using session keys, including key_vc andkey_vs directly in schemes 2 and 3. As shown in Fig. 15,the computing time using our scheme for vehicle nodes andbig data center is much shorter than that using other schemes.

608 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 2, APRIL 2017

Fig. 14. Transmission time of collected data’s size for each phase.

Fig. 15. Computing time for each node using our scheme and other schemes.

The computing time using our scheme for sink node is almostequal to that using other schemes.

As the utilization of random key, the exchange of encryptedTk costs extra transmitting time for data exchange. As shownin Fig. 16, our proposed scheme performs much better thanschemes 1 and 3 in the interaction between vehicle node tosink node as well as big data center to sink node. However, ourproposed scheme performs little worse than schemes 1 and 3 inthe interaction between sink node to big data center as wellas sink node to vehicle node. The calculation cost decreasesat the price of little increase of transmitting time in someinteractions. In terms of overall mechanism, the big data securecollection improves the efficiency using our proposed scheme.

VII. CONCLUSION

In this paper, a secure information collection scheme forbig data in large scale IoV is proposed. Single sign-on algo-rithm for authentication are utilized with improved efficiency.The proposed secure data exchange algorithm using messagedigest and random key contributes to overhead reduction. Thebusiness data is transferred in plain text form while the confi-dential data is transferred in cipher text form. The collected bigdata will be processed using Hadoop architecture to achievethe unified management. The evaluation result and discus-sion show the proposed secure information collection scheme

Fig. 16. Transmission time for each node using our scheme and otherschemes.

achieves high efficiency and security for big data in largescale IoV.

In the future, this paper will consider developments in thefollowing three aspects. First, a demonstration experiment isnecessary to verify our proposed scheme’s efficiency and secu-rity. Second, with the increasing amount of vehicles in the IoV,we could do some further research about the routing protocolof IoV to optimize our security scheme. Third, with the devel-opment of the new communication technology, such as 5G, wewould pay attention on the security scheme to fit with thesechanges.

REFERENCES

[1] J. A. Guerrero-Ibanez, S. Zeadally, and J. Contreras-Castillo,“Integration challenges of intelligent transportation systems with con-nected vehicle, cloud computing, and Internet of Things technologies,”IEEE Wireless Commun., vol. 22, no. 6, pp. 122–128, Dec. 2015.

[2] M. Jin, X. Zhou, E. Luo, and X. Qing, “Industrial-QoS-oriented remotewireless communication protocol for the Internet of construction vehi-cles,” IEEE Trans. Ind. Electron., vol. 62, no. 11, pp. 7103–7113,Nov. 2015.

[3] N. Kumar, J. J. P. C. Rodriguesand, and N. Chilamkurti, “Bayesian coali-tion game as-a-service for content distribution in Internet of Vehicles,”IEEE Internet Things J., vol. 1, no. 6, pp. 554–555, Dec. 2014.

[4] J. Fu, Z. Chen, R. Sun, and B. Yang, “Reservation based optimal park-ing lot recommendation model in Internet of Vehicle environment,”China Commun., vol. 11, no. 10, pp. 38–48, Oct. 2014.

[5] J. Cheng et al., “Routing in Internet of vehicles: A review,” IEEE Trans.Intell. Transp. Syst., vol. 16, no. 5, pp. 2339–2351, Oct. 2015.

[6] A. Dua, N. Kumar, and S. Bawa, “A systematic review on routing pro-tocols for vehicular ad hoc networks,” Veh. Commun., vol. 1, no. 1,pp. 33–52, Jan. 2014.

[7] B. Li, C. Zhao, H. Zhang, X. Sun, and Z. Zhou, “Characterizationon clustered propagations of UWB sensors in vehicle cabin:Measurement, modeling and evaluation,” IEEE Sensors J., vol. 13, no. 4,pp. 1288–1300, Apr. 2013.

[8] N. Kumar, S. Misra, J. J. P. C. Rodrigues, and M. S. Obaidat, “Coalitiongames for spatio-temporal big data in Internet of Vehicles environ-ment: A comparative analysis,” IEEE Internet Things J., vol. 2, no. 4,pp. 310–320, Aug. 2015.

[9] Y. Zhou, S. Chen, Y. Zhou, M. Chen, and Q. Xiao, “Privacy-preserving multi-point traffic volume measurement through vehicle-to-infrastructure communications,” IEEE Trans. Veh. Technol., vol. 64,no. 12, pp. 5619–5630, Dec. 2015.

[10] Q. Wu, J. Domingo-Ferrer, and Ú. Gonzalez-Nicolas, “Balancedtrustworthiness, safety, and privacy in vehicle-to-vehicle communi-cations,” IEEE Trans. Veh. Technol., vol. 59, no. 2, pp. 559–573,Feb. 2010.

GUO et al.: SECURE MECHANISM FOR BIG DATA COLLECTION IN LARGE SCALE IoV 609

[11] J. Soares, N. Borges, B. Canizes, and Z. Vale, “Probabilistic estima-tion of the state of electric vehicles for smart grid applications in bigdata context,” in Proc. IEEE Power Energy Soc. Gen. Meeting, Denver,CO, USA, Jul. 2015, pp. 1–5.

[12] K. Mershad and H. Artail, “A framework for secure and efficientdata acquisition in vehicular ad hoc networks,” IEEE Trans. Veh.Technol., vol. 62, no. 2, pp. 536–551, Feb. 2013.

[13] H. Wang, B. Qin, Q. Wu, L. Xu, and J. Domingo-Ferrer, “TPP: Traceableprivacy-preserving communication and precise reward for vehicle-to-gridnetworks in smart grids,” IEEE Trans. Inf. Forens. Security, vol. 10,no. 11, pp. 2340–2351, Nov. 2015.

[14] A. A. Cárdenas, P. K. Manadhata, and S. P. Rajan, “Big data ana-lytics for security,” IEEE Security Privacy, vol. 11, no. 6, pp. 74–76,Nov./Dec. 2013.

[15] L. Xu, C. Jiang, J. Wang, J. Yuan, and Y. Ren, “Information security inbig data: Privacy and data mining,” IEEE Access, vol. 2, pp. 1149–1176,Oct. 2014.

[16] M. R. Jam, L. M. Khanli, M. S. Javan, and M. K. Akbari, “A sur-vey on security of hadoop,” in Proc. 4th Int. Conf. Comput. Knowl.Eng. (ICCKE), Mashhad, Iran, Oct. 2014, pp. 716–721.

[17] P. Adluru, S. S. Datla, and X. Zhang, “Hadoop eco system forbig data security and privacy,” in Proc. IEEE Long Island Syst.Appl. Technol. Conf. (LISAT), Farmingdale, NY, USA, May 2015,pp. 1–6.

[18] C. Liu et al., “An iterative hierarchical key exchange scheme for securescheduling of big data applications in cloud computing,” in Proc. 12thIEEE Int. Conf. Trust Security Privacy Comput. Commun., Melbourne,VIC, Australia, Jul. 2013, pp. 9–16.

[19] H. Li et al., “Enabling fine-grained multi-keyword search support-ing classified sub-dictionaries over encrypted cloud data,” IEEE Trans.Depend. Secure Comput., vol. 13, no. 3, pp. 312–325, May/Jun. 2016.

[20] H. Li et al., “EPPDR: An efficient privacy-preserving demand responsescheme with adaptive key evolution in smart grid,” IEEE Trans. ParallelDistrib. Syst., vol. 25, no. 8, pp. 2053–2064, Aug. 2014.

[21] H. Li, R. Lu, L. Zhou, B. Yang, and X. Shen, “An efficient Merkle-tree-based authentication scheme for smart grid,” IEEE Syst. J., vol. 8,no. 2, pp. 655–663, Jun. 2014.

[22] M. A. Salahuddin, A. Al-Fuqaha, and M. Guizani, “Software-defined networking for RSU clouds in support of the Internet ofVehicles,” IEEE Internet Things J., vol. 2, no. 2, pp. 133–144,Apr. 2015.

[23] K. M. Aalm, M. Saini, and A. E. Saddik, “Toward social Internet ofVehicles: Concept, architecture, and applications,” IEEE Access, vol. 3,pp. 343–357, Mar. 2015.

[24] Z. Su, Q. Xu, and Q. Qi, “Big data in mobile social networks:A QoE-oriented framework,” IEEE Netw., vol. 30, no. 1, pp. 52–57,Jan./Feb. 2016.

[25] D. Tracey and C. Sreenan, “A holistic architecture for the Internet ofThings, sensing services and big data,” in Proc. 13th IEEE/ACM Int.Symp. Cluster Cloud Grid Comput., Delft, The Netherlands, May 2013,pp. 546–553.

[26] C. Cecchinel, M. Jimenez, S. Mosser, and M. Riveill, “An architectureto support the collection of big data in the Internet of Things,” in Proc.IEEE 10th World Congr. Services, Anchorage, AK, USA, Jun./Jul. 2014,pp. 442–449.

[27] L. Guo, J. Wu, Z. Xia, and J. Li, “Proposed security mecha-nism for XMPP-based communications of ISO/IEC/IEEE 21451 sen-sor networks,” IEEE Sensors J., vol. 15, no. 5, pp. 2577–2586,May 2015.

[28] G. Longhua, D. Mianxiong, K. Ota, W. Jun, and L. Jianhua, “Event-oriented dynamic security service for demand response in smartgrid employing mobile networks,” China Commun., vol. 12, no. 12,pp. 63–75, Dec. 2015.

[29] H. Li, D. Liu, Y. Dai, and T. H. Luan, “Engineering searchable encryp-tion of mobile cloud networks: When QoE meets QoP,” IEEE WirelessCommun., vol. 22, no. 4, pp. 74–80, Aug. 2015.

[30] K. Yu, M. Arifuzzaman, Z. Wen, D. Zhang, and T. Sato, “A key manage-ment scheme for secure communications of information centric advancedmetering infrastructure in smart grid,” IEEE Trans. Instrum. Meas.,vol. 64, no. 8, pp. 2072–2085, Aug. 2015.

[31] M. Rahman and K. El-Khatib, “Secure time synchronization for wire-less sensor networks based on bilinear pairing functions,” IEEE Trans.Parallel Distrib. Syst., to be published.

[32] Telecommunications and Information Exchange Between Systems. Localand Metropolitan Area Networks. Specific Requirements. Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)Specifications, IEEE Standard 802.11, 2012.

Longhua Guo was born in Shanxi, China, in 1991.He received the B.S. degree in electronic informationengineering from Tianjin University, Tianjin, China,in 2013. He is currently pursuing the Ph.D. degreeat Shanghai Jiao Tong University, Shanghai, China.

He has participated in many national projects forthe National Natural Science Foundation of Chinaand for the National “973” Planning of the Ministryof Science and Technology Program, China. Hiscurrent research interests include sensor networksecurity and social network analysis.

Mianxiong Dong (M’13) received the B.S.,M.S., and Ph.D. degrees in computer scienceand engineering from the University of Aizu,Aizuwakamatsu, Japan.

He is currently an Assistant Professor withthe Department of Information and ElectronicEngineering, Muroran Institute of Technology,Muroran, Japan. He was a Researcher withthe National Institute of Information andCommunications Technology, Tokyo, Japan.He was a Japan Society for the Promotion of

Sciences (JSPS) Research Fellow with the School of Computer Science andEngineering, University of Aizu, and was a Visiting Scholar with the BBCRGroup, University of Waterloo, Waterloo, ON, Canada, supported by theJSPS Excellent Young Researcher Overseas Visit Program from 2010 to2011. In 2007, he was a Visiting Scholar with West Virginia University,Morgantown, WV, USA, for two months. His current research interestsinclude wireless sensor networks, vehicular ad-hoc networks, and wirelesssecurity.

Dr. Dong was a recipient of the Best Paper Award of IEEE HPCC2008and IEEE ICESS 2008. He was selected as a Foreigner Research Fellow(a total of three recipients all over Japan) by the NEC C&C Foundation in2011. He is currently a Research Scientist with the A3Foresight Programfrom 2011 to 2014 funded by the JSPS, NSFC of China, and NRF of Korea.

Kaoru Ota (M’12) received the M.S. degree incomputer science from Oklahoma State University,Stillwater, OK, USA, in 2008, and the Ph.D. degreein computer science and engineering from theUniversity of Aizu, Aizuwakamatsu, Japan, in 2012.

She is currently an Assistant Professor withthe Department of Information and ElectronicEngineering, Muroran Institute of Technology,Muroran, Japan. From 2010 to 2011, she wasa Visiting Scholar with the BBCR Group, Universityof Waterloo, Waterloo, ON, Canada. She was a pres-

tigious Japan Society of the Promotion of Science (JSPS) Research Fellowwith the Graduate School of Information Sciences, Tohoku University, Sendai,Japan, from 2012 to 2013. Her current research interests include wireless sen-sor networks, vehicular networks, and ubiquitous computing.

Dr. Ota was a recipient of the JSPS Grant-in-Aid for Research ActivityStart-up in 2013. She has been with JSPS A3 Foresight Program as one ofthe Primary Researchers since 2011, which is supported by the Japanese,Chinese, and Korean governments. She serves as a Guest Editor for theIEICE Transactions on Information and Systems, Special Section on Frontiersof Internet of Things 2014, an Editor of Peer-to-Peer Networking andApplications (Springer), the Journal of Cyber-Physical Systems, and theInternational Journal of Embedded Systems. She has been actively involved ininternational conferences in the present and past. She is currently the PublicityCo-Chair of the 2014 ICC Workshop on Secure Networking and ForensicComputing and the 2014 IEEE ICCC Workshop on Internet of Things.

610 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 2, APRIL 2017

Qiang Li is an Assistant Professor with theSchool of Electronic Information and ElectricalEngineering, Shanghai Jiao Tong University,Shanghai, China. His current research interestsinclude information security, secret sharing,multiparty computation, and key management.

Tianpeng Ye was born in Jiangsu, China, in 1993.He received the B.S. degree in communicationengineering from Southwest Jiaotong University,Chengdu, China, in 2015. He is currently pursuingthe Graduation degree in information security engi-neering at Shanghai Jiao Tong University, Shanghai,China.

His current research interests include software-defined networks, network function virtualization,and Internet of Things security.

Jun Wu (S’08–M’11) received the Ph.D. degreein information and telecommunication fromWaseda University, Shinjuku, Japan.

He is an Associate Professor of electronic infor-mation and electrical engineering with ShanghaiJiao Tong University, Shanghai, China. He wasa Post-Doctoral Researcher with the ResearchInstitute for Secure Systems, National Instituteof Advanced Industrial Science and Technology,Tokyo, Japan, from 2011 to 2012. He wasa Researcher with the Global Information and

Telecommunication Institute, Waseda University, from 2011 to 2013. Hiscurrent research interests include the advanced computation and commu-nications techniques of smart sensors, wireless communication systems,industrial control systems, wireless sensor networks, and smart grids. He hashosted and participated in several research projects for the National NaturalScience Foundation of China, National 863 Plan and 973 Plan, and the JapanSociety of the Promotion of Science Projects.

Dr. Wu has been a Guest Editor of the IEEE Sensors Journal and a TPCmember of several international conferences including WINCON 2011 andGLOBECOM 2015.

Jianhua Li received the B.S., M.S., and Ph.D.degrees from Shanghai Jiao Tong University,Shanghai, China, in 1986, 1991, and 1998,respectively.

He is a Professor/Ph.D. Supervisor and theVice Dean of the School of Information SecurityEngineering, Shanghai Jiao Tong University. Heis the Director Expert of the Information SecurityCommittee, National High Technology Research andDevelopment Program of China (863 Program),China. He is the member of the committee of infor-

mation security area of the state tenth five-year plan of China. He isa Committee Expert of China State Secrecy Bureau, Shanghai Secrecy Bureau,and the Information Technique Standardization Committee of Shanghai,China. He was the Leader of over 30 state/province projects of China andauthored or co-authored over 200 papers. He has had 6 books published andhas holds approximately 20 patents. He made three standards and has fivesoftware copyrights. His current research interests include information secu-rity, signal process, and computer network communication.

Dr. Li was a recipient of the Second Prize of the National TechnologyProgress Award of China in 2005, the First Prize of the National TechnologyProgress Award of Shanghai in 2003 and 2004, and two First Prizes of theNational Technology Progress Award of Shanghai in 2004.