Research Article A Novel Authentication Scheme for …downloads.hindawi.com/journals/ijdsn/2013/827084.pdfResearch Article A Novel Authentication Scheme for V2I Communication ... (WSM)

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2013, Article ID 827084, 10 pageshttp://dx.doi.org/10.1155/2013/827084

Research ArticleA Novel Authentication Scheme for V2I CommunicationBased on WAVE Unicast Services

Atthapol Suwannasa, Somnuk Puangpronpitag, and Wirat Phongsiri

Faculty of Informatics, Mahasarakham University, Mahasarakham 44150, Thailand

Correspondence should be addressed to Somnuk Puangpronpitag; [email protected]

Received 15 July 2013; Revised 8 October 2013; Accepted 23 October 2013

Academic Editor: Deyun Gao

Copyright © 2013 Atthapol Suwannasa et al. This is an open access article distributed under the Creative Commons AttributionLicense, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properlycited.

One of the most challenging issues in vehicular network designs is security matter. Particularly, there have been several potentialattacks (e.g., message alteration, eavesdropping, privacy violation, and replay) on Vehicle to Infrastructure (V2I) communication.Most previous studies have based on Public Key Infrastructure (PKI) and authentication in broadcast services. By relying on thePKI solutions, cryptographic overhead and the management difficulties of public key certificates can be problematic. Furthermore,broadcast services can cause network flooding. Hence, this paper proposes a novel authentication scheme based onWAVE unicastservices to reduce the PKI overhead between vehicles and Road Side Units (RSU). The new scheme is based on Pairwise TransientKey (PTK) procedures with a few extra authentication steps. To evaluate the new scheme, we have experimented on a NetworkSimulator (NS-2) under both city and highway scenarios. The experimental results have demonstrated that our new schemeintroduces only smallWAVE ShortMessage (WSM) delay.The new scheme is also flexible to use in various scenarios under differentroad situations.

1. Introduction

In recent years, vehicular networks have been investigatedby academic researchers and industrial laboratories. The cre-ation of vehicular networks is to provide connectivity amongvehicles, resulting in road safety improvement and trafficmanagement.These features are very significant in IntelligentTransport Systems (ITS). In a vehicular network, there aretwo wireless terminals, namely, Road Side Unit (RSU) andOn-Board Unit (OBU). The RSUs may be connected withtheir infrastructures or other RSUs and located at impor-tant parts along roadside. The OBUs are wireless devices,equipped in vehicles to communicate with RSUs and otherOBUs. To support ITS, the IEEE 802.11p Dedicated ShortRange Communications (DSRC) [1] has been standardizedfor Wireless Access in Vehicular Environments (WAVE),including Vehicle to Vehicle (V2V) and Vehicle to Infras-tructure (V2I). WAVE Short Message Protocol (WSMP)[2] specifies the format of WAVE Short Messages (WSM),exchanged over V2V and V2I.

Security issues in vehicular networks are very crucial dueto the sensitivity ofWAVEmessages in daily life (e.g., accident

alerting, traffic jam warning, and traffic light notification). AfewmaliciousWSMs can even create an enormous damage topeople and vehicles. Furthermore, privacy must be preservedto protect user private information (e.g., driver’s name andlicense number). The privacy preservation requires somesecurity schemes. Nevertheless, providing theWAVE securityis still a challenging task due to the characteristics of vehicularnetworks (e.g., high speed mobility and large coverage area).

Generally, security schemes are considered separatelybetween V2V andV2I [3] due to the differences of communi-cation models. In particular, sender authentication, messageintegrity check, andmessage encryption forV2I have recentlybeen focused by several previous studies. However, there arestill several unsolved issues.

Most previous V2I authentication and privacy schemes[3–6] havemainly relied on broadcast communication, whichcauses network flooding. Boban et al. [7] have evaluatedthe achievable unicast performance over WAVE servicesunder both city and highway environments. Their evaluationresults have demonstrated that unicast communication hasthe ability to provide a reliable WAVE service and preventsthe network flooding. Furthermore, Huang-Fu et al. [8] have

2 International Journal of Distributed Sensor Networks

proposed mechanisms based on the unicast service that canreduce 40–90 percent of network traffic overhead. However,there is no security scheme defined in all previous unicast-based mechanisms to protect against several security threats.

So far, there have been a lot of security protocols toprevent several potential attacks in vehicular networks, suchas IEEE 1609.2 [9], GSIS [3], IBV [6], and so on. Yet, mostof them still have some drawbacks.The IEEE 1609.2 standardwith the support of Elliptic Curve Digital Signature Algorithmis designed to support security services on WAVE. However,cryptographic overhead and the management difficulties ofpublic key certificates are still the big concerns [5, 10]. GSIScan only support the authentication between RSUs and theOBUs of some emergency vehicles. It has not been designedfor the OBUs of any normal vehicles. In IBV, anOBU’s privatekey is generated by a tamperproof device (deployed at eachvehicle) to sign a message, lunched by an OBU. Yet, IBV hasnot defined a method to secure a message from an RSU.

Hence, in this paper, we mainly focus on V2I authentica-tion scheme to solve the cryptographic overhead problem andthe management difficulties of public key certificates prob-lem. Furthermore, we focus on securing and authenticatingWSMs from both directions (RSUs to OBUs and OBUs toRSUs). Our design is also based onWAVE unicast services toavoid network flooding. This work is also an extended workfrom our previous work in [11] to enhance the vehicle driver’sprivacy issues. To evaluate the flexibility of our scheme indifferent communication scenarios, we simulate our newdesign in both city and highway environments using NS-2.

The rest of this paper is organized as follows. We firstintroduce the background and related work in Section 2. InSection 3, our scheme is proposed. Section 4 analyzes ourscheme in several security requirements including authen-tication, nonrepudiation, integrity, and availability. In Sec-tion 5, our scheme has been simulated and evaluated onNS-2.Finally, Section 6 concludes this paper.

2. Background and Related Work

2.1. Vehicular Network Communication. In vehicular net-works, the IEEE 802.11p [1] has been standardized to supporta wide range communication. The IEEE 802.11p is designedforDSRC radio to supportWAVEdata transmission in rangesup to 1,000m with vehicle velocities in several environments(e.g., urban, highway, and rural). WAVE is a multichannelsystem that operates among one Control CHannel (CCH)and multiple Service CHannels (SCHs). WAVE managementmessages and WSMs are transmitted by using the CCH. IPdata packets (e.g., Internet access, voice over IP, and videostreaming) are transferred under a SCH. WSMs can also bedelivered over both CCH and SCHs.

The WSMP is used to rapidly deliver a WSM for datatransmission and a WAVE Service Advertisement (WSA) forsignal controlling [2, 12]. TheWSA is broadcasted to providethe information of available ITS services, offered by an RSU.A Provider Service Identifier (PSID) is used to identify eachITS service.

2.2. WAVE Unicast Services. In the WAVE unicast services,each ITS server must track the addresses of OBUs. Hence,a mobility management technique is also necessary fortracking.

Basic Mobility Management (BMM) and LocationEstimation-based Mobility Management (LEMM) have beenproposed to provide WAVE unicast services in [8, 13]. ForBMM, all RSUs are partitioned into several Location Areas(LAs) [8]. The LA consists of one or more RSUs and it isidentified by a Location Area Identity (LAI) [14]. A LocationServer is deployed to maintain the RSUs and LAs mapping.In an LA, RSUs broadcast a WSA (PSID service) to OBUs.If the OBU has subscribed to the PSID service, it thenidentifies this service over the SCH. After that, the RSUsallocate radio resources to support this service operation.The OBU then sends a registration WSM under the unicastmode through the RSU to the Location Server. It then mapsthe OBU’s MAC address to the LAI, which is covered withinthe RSU. Finally, this mapping information is stored in theLocation Server’s database. The Location Server can sendWSMs to the OBU using this LAI. If the OBU enters a newLA, it performs another registration to update new LAI.For LEMM, positioning systems (e.g., GPS) are deployed toestimate the OBU’s location of a high-speed vehicle.

Although both mechanisms can effectively reduce thenetwork overhead of the broadcast behavior, there is noproposed authentication scheme to secure the unicastWSMs.So, it is vulnerable to several attacking techniques.

2.3. Security Issues between OBUs and RSUs. According toRaya et al. [10], vehicular networks are vulnerable to severalsecurity threats. In a communication without cryptographicmechanisms, an attacker can deliberately generate falseinformation and transmit to victims. The attacker can alsoeavesdrop the victims’ personal data. Furthermore, messagemodification, fabrication, and replay can cause misunder-standing to a victim. Hence, security schemes are very crucialto protect against all aforementioned problems.

The IEEE 1609.2 standard [9] is a set of security servicesfor WSM data and applications. In the IEEE 1609.2, securitysystems rely on Public Key Infrastructure (PKI) with the sup-port of Elliptic Curve Digital Signature Algorithm (ECDSA).However, an RSU can communicate with hundreds of OBUsin a high density traffic road, in which there may be roughly180 vehicles keeping within the RSU’s coverage area [6]. So,the management difficulties of public key certificates underPKI may be unacceptable. In addition, driver identification,certificate revocation, cryptography overhead, and privacyprotection are additional concerns about the standard. More-over, the hardware costs would be very expensive to verify adigital signature for every incoming message [4].

Lin et al. [3] have proposed a security protocol (viz.,GSIS), based on a group signature and an identity-basedsignature. The group-based signature is deployed to providesecurity inV2V,while the identity-based is deployed to securecommunication in V2I. This protocol integrates identity-based signature [15] to signmessages, lunched by RSUs. Afterreceiving the messages, OBUs verify the signature to ensure

International Journal of Distributed Sensor Networks 3

its authenticity. However, the protocol is not defined howto verify messages created by general OBUs. In fact, thegeneral OBUs can contact an RSU to request or report someinformation, such as traffic jam, road under accident, and soon.

Zhang et al. [6] have proposed an Identity-based BatchVerification (IBV) scheme to sign messages created by OBUs.A tamperproof device is equipped in a vehicle to generatean OBU’s private key for signing each message, lunched bythe OBU. A Real IDentity (RID) and a password are usedto authenticate and activate the tamperproof device. Thepassword can be the signature of the RID signed by a TrustAuthority (TA). However, drivers have to contact the TA, ifthey want to change the device’s password. So, it is probablyinfeasible to use. Furthermore, this technique has not yetdefined a method to sign a message, lunched by an RSU.

A lightweight authentication scheme has been proposedin [16] to secure the handoff process in IEEE 802.11p fornonsafety related application. However, there are enormousnumbers of keys appearing at RSUs. This scheme has notdefined keymanagement processes after completing commu-nication. Hence, the RSUmay store hundreds of keys that canhugely degrade the RSU performance.

In [11], we have proposed an authentication scheme inV2I communication based onWAVEunicast services under acity environment. To exchange WSMs with minimum cryp-tographic overhead, a symmetric encryption is deployed bycreating Pairwise Transient Keys (PTKs). We have designedtwo PTKs, namely, 𝑝𝑟𝑒-𝑝𝑡𝑘 and 𝑝𝑡𝑘. The 𝑝𝑟𝑒-𝑝𝑡𝑘 has beendesigned for the authentication procedures, while the 𝑝𝑡𝑘has been designed to secure unicast WSMs. A driver’s licenseplate number is used as a component to generate a 𝑝𝑟𝑒-𝑝𝑡𝑘key. This part of the design can be a security weakness sinceattackers can easily eavesdrop the license plate number inplaintext.

3. Proposed Design

To countermeasure the potential security threats with mini-mum authentication overhead, we propose a novel authen-tication scheme for V2I communication based on WAVEunicast services. In our scheme, there are two types of unicastWSMs, including authentication WSMs and ITS WSMs. TheauthenticationWSM is to authenticate a legitimate driver anda vehicle (an OBU). The ITS WSM is to transfer informationfor supporting the ITS (e.g., traffic jam alertingmessages) andto update the OBU’s address for location tracking accordingto WAVE unicast services. The notations in our proposedscheme are listed in Table 1. Figure 1 presents an overviewscenario of our scheme.

To reduce authentication operations at an RSU andthe workload of an authentication server, all RSUs in thescenario are partitioned into several LAs. We assume that thecommunication of RSUs with their infrastructures and thecommunication between RSUs are secure and trustable. Thedetails of our keys procedures are discussed as follows.

In our design, there are three key types, namely, pre-pairwise transient key (𝑝𝑟𝑒-𝑝𝑡𝑘), pair-wise transient key (𝑝𝑡𝑘),

Table 1: Notations and descriptions.

Notations DescriptionsLA Location Area𝑝𝑡𝑘𝑖

OBU i’s Pairwise Transient Keypre-ptk 𝑎

𝑖, pre-ptk 𝑏

𝑖OBU i’s pre-ptk a, OBU i’s pre-ptk b

driver𝑖

The driver’s license plate numberrskOBU Random short key from an OBUrskRSU Random short key from an RSU𝑡𝑖

The timestamp of 𝑝𝑡𝑘𝑖

AM Address Mapping serviceIDUC WAVE unicast service ID (PSID)IDRSU Road Side Unit IDIDOBU Vehicle IDH ( ) Hashing function𝑝𝑡𝑘𝑖( ) Encrypted data using

pre-ptk 𝑎𝑖( ) Encrypted data using pre-ptk 𝑎

𝑖

pre-ptk 𝑏𝑖( ) Encrypted data using pre-ptk 𝑏

𝑖

OBU

Authenticationserver

ITS services server

1

32 4

4

MessageMessage

RSU3

Time t1

RSU1

RSU2

Authentication

for securing LAaptk

ptk

for securing LAb

LAb

Backbone network

Time t3Time t 2

AuthenticationLAb

LAa

Figure 1: An overview of system architecture in our scheme.

and random short key (rsk). When an OBU enters a firstLA in a vehicular network, a first 𝑝𝑟𝑒-𝑝𝑡𝑘 (𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎

𝑖) is

created to secure an rskOBU from the OBU. The second𝑝𝑟𝑒-𝑝𝑡𝑘 (𝑝𝑟𝑒-𝑝𝑡𝑘 𝑏

𝑖) is then generated to secure an rskRSU

from an RSU. After that, the OBU and the RSU exchangethe keys (rskOBU and rskRSU). By using the exchanged keysas a component, a 𝑝𝑡𝑘 (𝑝𝑡𝑘

𝑖) is then generated to secure

unicast WSMs in the LA. By using this technique, there isno extra operation for the authentication server when theOBU travels to RSUs in the same LA.The key rsk is randomlygenerated into six characters, consisting of numbers andalphabet characters.When theOBUmoves to a newLA, it hasto perform a new authentication to generate another 𝑝𝑡𝑘

𝑖for


RSUOBU AuthenticationserverA.1. Initialization

A.2. Service announcement

and distributes in LA

A.2.2. Service matching

A.9. decrypt

Auth

entic

atio

n

A.2.1. WSA (MAC RSU , MACBROADCAST , IDUC , SCH numbr)

Data = [IDOBU , pre-ptk ai(“AUTH REQUEST”, driveri, rskOBU )])

to decrypt

A.4. WSM (MACOBU , MACRSU , IDUC ,

IDOBU , password

driveri, password

A.6. generates (ptki,ti)

A.7. generates pre-ptk bi

Data = [pre-ptk bi(“200 OK”, IDRSU , rskRSU ,ti)])

A.8. WSM (MACRSU , MACOBU , IDUC ,

A.10. generates ptki

A.3. generates pre-ptk ai

A.5. generates pre-ptk ai

Figure 2: An authentication process for generating a PTK.

that LA.The keys used in our scheme are based on symmetricencryption with username and password concept. Hence,there is no extra PKI encryption and certificate managementoverhead. Furthermore, by using unicast services, our designcan effectively reduce the undesirable effects of the broadcastbehaviors.

In [11], a driver’s license plate number is transferred inplaintext under WSMP from a source OBU to a destinationRSU. This license plate number is deployed to query its pass-word for generating the RSU side 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎

𝑖. The weakness

of this procedure is that the driver’s personal data (driver’slicense plate number) can be eavesdropped.This problem cancause a serious concern of his/her privacy. In this paper, thenew authentication procedures have been therefore designedto solve this problem.

In our authentication scheme, there are twomain securityprocedures as follows.

3.1. Authentication Procedures. In our design, a legitimatedriver must register to subscribe ITS services from an ITSwebsite. This website is protected by traditional web security.It may be a government’s website operated with a transporta-tion database. This database stores important informationof the driver (e.g., the driver’s license plate number andits password pair) and the information of his/her vehicle(e.g., vehicle ID and its password pair). After completing theregistration process, the legitimate driver has username andits password pair to access the ITS services in each RSU.

There are two pairs of username/password, which areused to generate a key 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑏

𝑖and 𝑝𝑡𝑘

𝑖. A driveri and its

password pair and an IDOBU and its password pair are definedin (2) and (3). This technique can mitigate nonrepudiationproblem because of the specific authentication data of thedriver and his or her vehicle (the non-repudiation will befurther discussed in Section 4). When an OBU enters an LA(e.g., LA

𝑎at time 𝑡

1in Figure 1), the OBU has to complete the

following steps (as shown in Figure 2) to generate a 𝑝𝑡𝑘𝑖.

Step A.1. The OBU initiates a unicast service by recoding theservice PSID (i.e., IDUC). The OBU has to be a member ofthis service. If an RSU supports this service, it allocates radioresources and announces the service IDUC by sending aWSAto the OBU (described further in Step A.2).

Step A.2. The RSU intermittently broadcasts the WSA to theOBU in Step A.2.1. In thisWSA, the source address (src) is theRSU’sMAC address (MACRSU).The destination address (dst)is the broadcast MAC address (MACBROADCAST). The RSU’sID is IDRSU. The PSID is IDUC, and the last field is a SCHnumber. The OBU can then receive the WSA for matchingwith the unicast service IDUC in Step A.2.2. In this matchingprocess, if the OBU is a member of the service, the SCH isidentified for this service. When the OBU enters a new LA, ithas to perform this step again for initiating a unicast servicein that LA.


Step A.3. In path (1) Figure 1, 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎𝑖is generated

to encrypt an authentication request message, driver𝑖and

rskOBU. The encrypted value is placed into the data payloadof an authentication WSM in Step A.4. The key 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎

𝑖

is based on a hashing function as shown in the followingequation:

𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎𝑖= 𝐻 ((IDOBU, password) , IDRSU, IDUC) (1)

𝑝𝑟𝑒-𝑝𝑡𝑘 𝑏𝑖= 𝐻 ((driver

𝑖, password) ,

(IDOBU, password) , IDRSU, IDUC, rskOBU) .(2)

Step A.4. The OBU sends the authenticationWSM to authen-ticate at the RSU. The data payload also contains an IDOBUand the encrypted value, including the authentication requestmessage (i.e., type “AUTH REQUEST”), the driver

𝑖, and

the rskOBU. The RSU forwards this authentication WSMwith its IDRSU to the authentication server. After that, theauthentication server generates 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎

𝑖by querying the

password of the IDOBU from its database to decrypt theauthentication WSM to get the driver

𝑖. The authentication

server then queries the password of the driver𝑖and replies

the driver𝑖and its password pair and the IDOBU and its

password pair back to the RSU. In this step, the informationfrom the driver’s license plate number (driver

𝑖) is encrypted

before sending from the OBU to the RSU. In our new design,although an attacker can eavesdrop the authenticationWSM,the attacker cannot decrypt it to get the driver

𝑖and the rskOBU

due to having no valid key. This technique can effectivelyreduce the privacy concern comparing to the proposedscheme in [11].

Step A.5. The RSU receives the driver𝑖and its password pair

and the IDOBU and its password pair from the authenticationserver. The RSU then has all required data to generate thekey 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑎

𝑖. This key is finally generated to decrypt for

obtaining rskOBU.

Step A.6. The RSU-side 𝑝𝑡𝑘𝑖is generated as defined in (3).

This 𝑝𝑡𝑘𝑖with a timestamp 𝑡

𝑖is distributed to all RSUs (such

as RSU2and RSU

3in LA

𝑏in Figure 1) to secure the unicast

service IDUC in the LA. The key 𝑝𝑡𝑘𝑖is used until the OBU

enters a new LA or until it expires. The timestamp 𝑡𝑖is

used to check an expiration time of the 𝑝𝑡𝑘𝑖. This expiration

time is predefined as threshold 𝐿. When the difference of 𝑡𝑖

and current timestamp is larger than threshold 𝐿, the 𝑝𝑡𝑘𝑖

is obsoleted. After that, the OBU has to reauthenticate toreceive a new key. In our scheme, we define threshold 𝐿 =20 minutes. If it is too small, the key will be frequentlychanged. So, it can increase the security. However, it mayaffect the RSU performance. To be used in a real worldenvironment, threshold 𝐿 should be configured as a suitablevalue depending on an RSU’s performance:

𝑝𝑡𝑘𝑖= 𝐻 ((driver

𝑖, password) , (IDOBU, password) ,

IDRSU, IDUC, rskOBU, rskRSU, 𝑡𝑖) .(3)

Step A.7. To send a reply message back to the OBU, 𝑝𝑡𝑘𝑖is not

used in this step because the OBU has no 𝑡𝑖value and rskRSU

to generate the OBU side 𝑝𝑡𝑘𝑖for decryption. So, the RSU-

side 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑏𝑖is created as shown in (2) to encrypt data, 𝑡

𝑖,

and rskRSU for sending back to the OBU.

Step A.8.TheRSU generates the key rskRSU to be a componentof the key 𝑝𝑡𝑘

𝑖. In this step, the RSU already has both the keys

rskOBU and rskRSU. The RSU sends an authenticated WSMback to theOBU.ThisWSMconsists of the src (MACRSU), thedst (MACOBU), IDUC, and the data field.The data is encryptedby the 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑏

𝑖including the reply message (i.e., type “200

OK”), IDRSU, rskRSU, and 𝑡𝑖.

Step A.9 and Step A.10. The OBU side 𝑝𝑟𝑒-𝑝𝑡𝑘 𝑏𝑖is then

generated to decrypt the authenticated WSM data receivedfrom Step A.8. The OBU then obtains the key rskRSU togenerate the OBU side 𝑝𝑡𝑘

𝑖. Hence, there are the 𝑝𝑡𝑘

𝑖keys

in both the OBU and the RSU for securing ITS WSMs forthe service IDUC. When the key 𝑝𝑡𝑘

𝑖expires at the RSU, the

OBU cannot use this key to communicate with the RSU. So,it is obsoleted at the OBU.The OBU then has to complete theprocedures in Figure 2 for a new Pairwise Transient Key.

3.2. Security Procedures between OBUs and RSUs. To securecommunication between the OBU and the RSU, the key𝑝𝑡𝑘𝑖, generated from Steps A.6 and A.10, is used to

encrypt/decrypt ITS WSM data for service IDUC. The OBUhas to update a current connectedRSU to anAddressMapping(AM) service by completing Steps B.4–B.6 (Figure 3). Thesesteps are activated, when the authentication process (asdefined in Figure 2) is done or the OBU moves to a newRSU in the same LA. Steps B.7–B.9 are used to send an ITSmessage of service IDUC to the OBU.

Step B.1 and Step B.2.The OBU has to perform Steps B.1 andB.2 to subscribe the AM service. This service is used to mapthe MACOBU and the connecting IDRSU. It is necessary totrack the OBU’s location.

Step B.3. The key 𝑝𝑡𝑘𝑖, generated in Step A.10 in Figure 2, is

used to encrypt ITSWSM data from the OBU side (Steps B.4and B.9).

Step B.4.TheOBUsends an ITSWSMto theRSU for updatingits address. The data payload contains the request message(i.e., “UPDATE”), IDOBU, and IDRSU.TheRSU forwards thesedata to the ITS server. In AM service at the ITS server, theMACOBU and the IDRSU pair is mapped and stored in AMcache. When the OBU enters a new RSU, it has to performthis step again to update theMACOBU and the new IDRSU pairin AM cache.

Step B.5.The 𝑝𝑡𝑘𝑖key, created in Step A.6, is used to encrypt

the ITSWSM data, generated by the RSU side (Steps B.6 andB.8).


RSUOBU

B.7. Address Mapping

ITS serviceserver

ITS msg, MACOBU , IDRSU

IDOBU , complete

B.8. WSM (MACRSU , MACOBU , IDUC , Data = [ptki(“ITS msg”, IDRSU )])

B.9. WSM (MACOBU , MACRSU , IDUC , Data = [ptki(“200 OK”, IDOBU)])

B.6. WSM (MACRSU , MACOBU , IDUC , Data = [ptki(“200 OK”, IDRSU )])

B.4. WSM (MACOBU , MACRSU , IDUC , Data = [ptki(“UPDATE”, IDOBU ,

B.1. Initialization and B.2. service announcement

Secu

re u

nica

st W

SM w

ithPTK

IDRSU )])

B.5. uses A.6. ptki

B.3. uses A.10. ptki

Figure 3: The operations for securing a WAVE unicast message.

Step B.6.The RSU generates a WSM and sends it back to theOBU. The WSM data message (i.e., “200 OK”) and IDRSU areencrypted by the 𝑝𝑡𝑘

𝑖key.

Step B.7. When the ITS server needs to send an ITS message(e.g., traffic jam warning message) to the OBU, the MACOBUand IDRSU pair is obtained from the AM cache. The ITSmessage with the MACOBU and IDRSU pair is sent to the RSU.After that, the RSU converts the received data into a WSMformat to forward to the OBU accordingly.

Step B.8. The RSU forwards the ITS message as the WSMformat under unicast communication to the OBU by usingMACOBU, obtained from Step B.7 as the destination. TheWSM data payload contains the ITS message and IDRSU,which are encrypted by 𝑝𝑡𝑘

𝑖.

Step B.9. When the OBU receives the ITS WSM, it uses theOBU side 𝑝𝑡𝑘

𝑖to decrypt the message. The OBUs then send

a WSM reply back to the RSU. The WSM data payload isencrypted by the 𝑝𝑡𝑘

𝑖including the reply message (i.e., “200

OK”) and the IDOBU. Conversely, the OBU can use the 𝑝𝑡𝑘𝑖

to secure messages for reporting some road situations to theRSU.

If the OBU cannot receive the ITSWSM (no reply back tothe RSU), the following operations are activated. In Figure 1,when the message in path (3) cannot reach the OBU, theprocess of path (4) is activated. In this process, RSU

2has to

forward the message to its neighbors, and RSU3sends the

message received from RSU2to the OBU. If the OBU has still

not received the message, the current RSU (that received themessage) must keep forwarding the message until arriving atthe OBU or until the OBU enters a new LA. Hence, thereis no extra operation for the ITS server, when this situationhappens.

4. Security Analysis

The proposed scheme has been designed to secure V2Icommunication. By using the PTK procedures, the WSMscan be transmitted between OBUs and RSUs with minimumcryptographic overhead without introducing the manage-ment difficulties of public key certificates. So, this schemeis better than the traditional PKI-based schemes. The novelauthentication scheme primarily satisfies the requirementsof authentication, non-repudiation, integrity, and availability.The analysis of these security requirements is discussed asfollows.

Authentication.The authentication procedures with two pairsof username/password have been proposed. To identify thepermission of a legitimate user and an OBU, RSUs have toauthenticate the OBU and the legitimate driver by using anOBU’s ID (as a username), its password, and an encrypteddriver’s license plate number. To generate a 𝑝𝑡𝑘, the pass-words of the driver’s license plate number and the OBU’s IDare used together with other components as described in theaforementioned procedures. Hence, we can authenticate botha vehicle (OBU) and its driver.

Nonrepudiation. Each unicast WSM data payload isencrypted by a Pairwise Transient Key. This key is generatedby using the specific authentication data of an OBU and alegitimate driver. So, when a driver (as an attacker) sendsa false message to an RSU (e.g., reporting fake traffic jaminformation), the RSU can decrypt to get the message andthe driver of the source OBU. So, the driver cannot repudiatethe unicast WSM, encrypted by his or her 𝑝𝑡𝑘.

Integrity. Message alteration and source modification cancause a serious damage to drivers, passengers, and vehicles.


To prevent the message alteration and the source modifica-tion, a unicast WSM is encrypted using a Pairwise TransientKey. When the WSM is modified, the specific PairwiseTransientKey for the originalWSMcannot be used to decryptthe modified WSM.

Availability. Two pairs of username/password and randomshort keys are used to generate a 𝑝𝑡𝑘 with a timestamp. Byusing these components, each key is changed in different LAs.Furthermore, each 𝑝𝑡𝑘 key has a specific expired time. TheRSU can check the expiration time by computing the periodbetween the timestamp of a 𝑝𝑡𝑘 and the current timestamp.So, it is tolerant to brute-force attack. The message encryptedwith the expired 𝑝𝑡𝑘 will be dropped at the destination. AllRSUs in our scheme are partitioned into several LAs.The key𝑝𝑡𝑘 is designed to be used in the same LA, and it is renewed ina new LA. So, the OBU also has the keys to secure the unicastWSMs all over communication. Hence, scalability problemscan be reduced. In addition, there is no extra operation at theauthentication server, when the OBU travels in the same LA.

The possible potential attacks in vehicular networks havebeen presented in [10]. The most potential attacks can beeavesdropping, message alteration, privacy violation, andreplay. By using these attacking techniques, an attacker canconfuse victim drivers with fake information that can damagethe drivers, passengers, and vehicles. Here, we analyze oursecurity scheme to protect against the most potential attacks.

Eavesdropping. A driver authentication can be completed,when an authentication request message is successfullydecrypted. By using this technique, attackers cannot eaves-drop to get the password. The passwords (of OBUs anddrivers) have never been sent across the network. At theRSUs, the passwords of OBUs and the drivers are stored inlocation server’s database. Each OBU has also stored its ownpassword and entered driver’s password. Furthermore, whenan attacker eavesdrops a WSM, the information in the datapayload cannot be decrypted at the attacker’s side becausethere is no valid victim’s 𝑝𝑡𝑘 to decrypt.

Message Alteration. When a unicast WSM is altered by anattacker or encrypted by a fake key, the destination of theunicast WSM cannot decrypt to obtain the information dueto the alteration of the WSM payload. If the decryption fails,this WSM may be illicitly altered. So, it will be dropped. Inaddition, the attacker cannot fake an RSU’s messages to avictim (OBU) because the attacker has no valid victim’s 𝑝𝑡𝑘to encrypt the messages.

Privacy Violation.We have proposed the new authenticationprocedures to improve the privacy concern in [11]. If weuse a plaintext license plate number, privacy preservationcould be failed. In this new scheme, the license plate numberis encrypted before sending to authenticate at the LocationServer.This license plate number is used to query its passwordto be used as a component of the 𝑝𝑡𝑘. So, the driver can alsobe automatically authenticated, when the WSMs (exchangedbetween the OBU and the RSU) are successfully decryptedusing the 𝑝𝑡𝑘.

Table 2: Simulation configuration.

Parameters Configuration valueSimulation scenario City HighwaySimulation area 5,500m × 5,500m 100m × 20,000mNumber of RSUs 16 nodes 10 nodesNumber of OBUs 20–350 nodes 10, 20, 30 nodes/kmVehicle velocities 3.5–20m/s 16–30m/sRadio range 1,000mPause time 0 sWSM packet size 512 bytesLocation Area (LA) size 1–4 nodes

Replay. An attacker eavesdrops and replays a unicast WSMencrypted by the current𝑝𝑡𝑘 of a legitimate driver to a victim.The victim then replies another encrypted unicast WSMback to the attacker. Although the victim can decrypt theencrypted message, the reply message cannot be decrypted atthe attacker’s side due to having no correct 𝑝𝑡𝑘. Furthermore,the victim does not consider the messages, encrypted by theexpired 𝑝𝑡𝑘.

5. Evaluation

In this section, our scheme has been experimented on theNetwork Simulator (NS-2) (release 2.35) [17]. In [11], we havefocused on a city environment only. However, our scheme isactually designed to support in both highway environments(where vehiclesmove very fast) and city environments (wherevehicles move slowly). In this paper, we have extended theperformance evaluation of our scheme to cover the highwayenvironment scenario.TheNS-2 based IEEE 802.11p is modi-fied to simulate our scheme. To create vehicles movement, anNS-2 traffic generator has been developed using JAVA. Thisgenerator creates movement scripts and other parameters asdiscussed in what follows. The goal is to test whether or notour new scheme can be flexible to use in both highway andcity scenarios.

City Scenario. The traffic generator deploys a Manhattanmodel [18] to simulate the city environment. The probabilityof remaining on the same street is 0.5, and the probability ofturning left or right is 0.25. Each node is randomly assignedthe path of routes for traveling. The vehicle velocities arerandomly generated between 3.5 and 20m/s (12.6–72 km/h)to typically simulate a traffic behavior in the city scenario.Furthermore, the density of the vehicles on the road is amain factor to impact the vehicular network performance. So,there are different numbers of nodes (OBUs) introduced (asshown in Figure 4). The city scenario simulation parametersare shown in Table 2.

Highway Scenario. In the traffic generator, we assume a three-lane highway of 20 kilometers length in one direction. Thevehicles (simulation nodes) move to the end of the highway.The velocity of the vehicles is a main factor to evaluate theperformance in highway environments. We have measured


1

2

3

4

5

6

7

20 75 130 185 240 295 350

Aver

age a

uthe

ntic

atio

n W

SM d

elay

(ms)

The number of nodes in the simulation area

Without ITS WSM trafficWith ITS WSM traffic

(a)

0

10

20

30

40

50

60

70

20 75 130 185 240 295 350

Aver

age I

TS W

SM d

elay

(ms)

The number of nodes in the simulation area

(b)

Figure 4: Performance comparison using the different numbers of nodes in the city environment scenario: (a) average authentication WSMdelay in millisecond with and without ITS WSM background traffic; (b) average ITS WSM delay in millisecond.

the performance with different vehicle velocities.The averagevelocities are faster than the city scenario. In addition, thedifferent numbers of nodes can cause the different resultsof the evaluation. In the normal behavior of a highwayenvironment, the density of nodes is smaller than a cityenvironment.However, the nodes density is still an importantfactor to affect the vehicular network performance. So, weconsider different average numbers of nodes/km (including10, 20, and 30 nodes/km). Table 2 presents the simulationparameters of the highway scenario.

According to Emmelmann et al. [19], packet size of100 bytes is long enough to distribute the WSM safety relatedmessage. Yet, due to security overhead, the packet size is likelylonger. An average packet size of 500 bytes has been used in[20] to evaluate the IEEE 802.11p performance, since it is areasonable average packet size including data and securityinformation. So, we choose a packet size of 512 bytes forcovering our security overhead in each unicast WSM.

In order to evaluate the performance of our scheme, wefocus on the authentication WSM delay and the ITS WSMdelay. The WSM delay is the most important factor for theevaluation. It can indicate whether or not our scheme canprovide a reliable service. The goal is also to test whether ornot the authenticationWSMand the ITSWSM in our schemecauses too high delay. The performance evaluation metricsand results are discussed as follows.

5.1. Authentication Delay. The authentication delay in differ-ent densities of the OBU nodes is a main factor to evaluatethe efficiency of an authentication scheme. In our evaluation,we havemeasured the delay of the authenticationWSM(fromthe OBU beginning to send an authentication request to theRSU until replying back the authenticatedWSM to theOBU).

We consider the number of nodes separately between the cityand highway.

5.1.1. Evaluation Results in the City Scenario. The simulationresults are shown in Figure 4(a) with error bars that representthe 95% Confidence Interval. According to the figure, withthe increase of traffic load (i.e., increasing the numbersof nodes in the simulation area), we can find that theauthentication delay increases. However, when the trafficload becomes large, the WSM authentication delay increasesnegligibly (e.g., 350 nodes with around 4ms) comparing tothe light traffic (e.g., 20 nodes with around 3ms). In caseof the traffic load growing up, the results with ITS WSMbackground traffic aremore volatile (the variation of the errorbars) than the results without ITS WSM background traffic.This is due to the interruption by the background traffic indifferent road situations. However, the results are applicable,even if the traffic load becomes large.

The improvement of our new authentication schemecannot significantly change the evaluation results in thecity scenario because the concept of WSM transmissionremains the same as proposed in [11]. However, this newauthentication scheme has been improved to be the bettersolution in terms of security and privacy as discussed inSection 4.

5.1.2. Evaluation Results in the Highway Scenario. We havesimulated a highway scenario with different vehicle velocitiesand numbers of nodes/km. The simulation results with errorbars that represent the 95% Confidence Interval are shownin Figure 5(a). The results of the average authenticationWSM delay are negligible. The maximum value with thepeak error bar is around 4ms. The results of the higher


Average velocity (m/s)16 20 24 30

10nodes/km20nodes/km30nodes/km

Aver

age a

uthe

ntic

atio

n W

SM d

elay

(ms) 3.9

3.7

3.5

3.3

3.1

2.9

2.7

2.5

(a)

Aver

age I

TS W

SM d

elay

(ms)

Average velocity (m/s)16 20 24 30

28

24

20

16

12

8

4

0

10nodes/km20nodes/km30nodes/km

(b)

Figure 5: Performance comparison using the different average vehicle velocities in the highway environment scenario: (a) averageauthentication WSM delay in millisecond with the different numbers of nodes/km; (b) average ITS WSM delay in millisecond with thedifferent numbers of nodes/km.

velocity nodes (e.g., 24 and 30m/s) in the larger traffic density(e.g., 30 nodes/km) are more volatile (the variation of theerror bars) than the slower velocity nodes in the smallertraffic density. When the traffic density becomes large, thenumber of WSM packets then increases. So, it can increasethe probability of the packets from a node interrupting eachother and can make the variation of the error bars dependingon the road situations. Even after increasing the velocity, thedifferences of the authentication delays are still negligible.Thevelocity may have little effect on the results due to the smallnumber of authentications in the Location Area design.

5.2. Unicast ITS WSM Delay. Packet delay of the unicastITS WSM is also important to evaluate the efficiency of oursecurity procedures. In our simulation, RSUs periodicallysend ITS WSM traffic (e.g., traffic jam alerting) in unicastmode to OBUs. So, we simulate the unicast ITSWSMs and letthe RSUs intermittently send the messages to the OBUs. TheOBUs then reply themessages (“200OK”) back to the RSUs asunicast WSMs. The ITS WSM delay in each communication(from the source address beginning to send an ITS WSMuntil receiving at the destination address) has been used tomeasure the efficiency of the security procedures.

5.2.1. Evaluation Results in the City Scenario. The experimen-tal results with error bars that represent the 95% ConfidenceInterval are shown in Figure 4(b). It can be seen that the ITSWSM delay ratio and the error bars ratio grow up when thetraffic load becomes large. This is reasonable because whenthe traffic load increases, there are more numbers of packettransmission. However, the ITS WSM delay does not varya lot. This delay is still smaller than the maximum delay

of 100ms, discussed in [19] to be able to provide a reliableservice.

5.2.2. Evaluation Results in the Highway Scenario. Figure 5(b)shows the results with error bars that represent the 95% Con-fidence Interval. A slower velocity nodemust take longer timeto travel to the end of the highway than a faster velocity node.So, with the slower velocity node, the probability to receivethe ITS WSMs is higher. When the average velocity is 16m/swith the largest number of nodes/km (e.g., 30 nodes/km)in the simulated highway, the average ITS WSM delay isapproximately 16ms, and the error bar is more volatile thanother node densities. The slower velocity node takes longertime to travel in the highway. So, it can increase a chance toreceive WSMs. Also, the ITS WSM delay can be increaseddue to interrupting by several WSMs from many nodes indifferent road situations. However, in the same velocity of16m/s, the delays are still negligible in the smaller density(e.g., 10 and 20 nodes/km) due to fewer packets at the lighttraffic density.

For the high velocity (e.g., 24, and 30m/s) nodes, theaverage ITS WSM delays are smaller than the slower velocitynodes. When the nodes move very fast, the chance to receivethe ITS WSMs is low. So, the small number of packetscan decrease the delays. However, the experimental resultsdemonstrate that our scheme introduces very small delay invarious road situations.

6. Conclusions

In this paper, a novel authentication scheme based onWAVE unicast services has been proposed for V2I. With


Pairwise Transient Key (𝑝𝑡𝑘) schemes, authentication, non-repudiation, integrity, and availability can be achieved with-out introducing the overhead of PKI. An improvement ofauthentication procedures has been proposed to increasesecurity and privacy. By using the unicast communication,theWAVEmessages can be effectively transmitted with smalldelay. To support unicast services, an address mapping with𝑝𝑡𝑘 security schemes has been designed to track the locationsof the OBUs.

To test whether or not our new scheme can be flexibleto use in both highway and city scenarios, the experimentalresults have been done using NS-2. The experimental resultshave demonstrated that the unicast WSM delay can be keptquiet low in both simulated scenarios.

Acknowledgments

This research has been funded by Thailand Research Fund(RSA5080013), National Research Council of Thailand, andMahasarakham University.

References

[1] “IEEE Standard for Information technology—telecommunica-tions and information exchange between systems—Local andmetropolitan area networks—Specific requirements—Part 11:wireless LANmedium access control (MAC) and physical layer(PHY) specifications amendment 6: wireless access in vehicularenvironments,” 2010.

[2] “IEEE draft standard for wireless access in vehicular environ-ments (WAVE)—networking services,” IEEE P1609. 3/D9, pp.1–133, 2010.

[3] X. Lin, X. Sun, P.-H. Ho, and X. Shen, “GSIS: a secure andprivacy-preserving protocol for vehicular communications,”IEEE Transactions on Vehicular Technology, vol. 56, no. 6, pp.3442–3456, 2007.

[4] H. Hartenstein and K. P. Laberteaux, “A tutorial survey onvehicular ad hoc networks,” IEEE Communications Magazine,vol. 46, no. 6, pp. 164–171, 2008.

[5] X. Lin, R. Lu, C. Zhang,H. Zhu, P.-H.Ho, andX. Shen, “Securityin vehicular ad hoc networks [security in mobile ad hoc],” IEEECommunications Magazine, vol. 46, no. 4, pp. 88–95, 2008.

[6] C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen, “An efficientidentity-based batch verification scheme for vehicular sensornetworks,” in Proceedings of the 27th IEEE CommunicationsSociety Conference on Computer Communications INFOCOM,pp. 816–824, April 2008.

[7] M. Boban, O. Tonguz, and J. Barros, “Unicast communicationin vehicular ad hoc networks: a reality check,” IEEE Communi-cations Letters, vol. 13, no. 12, pp. 995–997, 2009.

[8] C.-C. Huang-Fu, Y.-B. Lin, and N. Alrajeh, “Mobility man-agement of unicast services for wireless access in vehicularenvironments,” IEEEWireless Communications, vol. 19, no. 2, pp.88–95, 2012.

[9] “IEEE Trial-use standard for wireless access in vehicularenvironments—security services for applications and manage-ment messages,” IEEE Std 1609. 2-2006, pp. 1–105, 2006.

[10] M. Raya, P. Papadimitratos, and J.-P. Hubaux, “Securing vehic-ular communications,” IEEE Wireless Communications, vol. 13,no. 5, pp. 8–15, 2006.

[11] A. Suwannasa and S. Puangpronpitag, “A fast and efficientauthentication scheme for WAVE unicast services in vehicularnetworks,” in In Proceedings of The IEEE International Confer-ence onUbiquitous and Future Networks, pp. 240–245, DaNang,Vietnam, July 2013.

[12] “IEEE draft standard for wireless access in vehicular environ-ments (WAVE)—multi-channel operation,” IEEE P1609. 4/D9,2010.

[13] C.-C. Huang-Fu, C.-L. Chen, and Y.-B. Lin, “Location trackingfor WAVE unicast service,” in Proceedings of the IEEE 71stVehicular Technology Conference (VTC ’10), May 2010.

[14] Y. B. Lin and A. C. Pang, Wireless and Mobile All-IP Networks,John Wiley & Sons, New York, NY, USA, 2005.

[15] A. Shamir, “Identity-based cryptosystems and signatureschemes,” in Proceedings of Advances in Cryptology, vol. 196, pp.47–53, New York, NY, USA, 1985.

[16] Z. Zhang, A. Boukerche, and H. Ramadan, “Design of alightweight authentication scheme for IEEE 802.11p vehicularnetworks,” Ad Hoc Networks, vol. 10, no. 2, pp. 243–252, 2012.

[17] “The Network Simulator-ns-2,” http://www.isi.edu/nsnam/ns/.[18] F. Bai, N. Sadagopan, andA.Helmy, “Important: a framework to

systematically analyze the impact of mobility on performanceof routing protocols for adhoc networks,” in Proceedings ofthe 22nd Annual Joint Conference on the IEEE Computer andCommunications Societies, pp. 825–835, April 2003.

[19] M. Emmelmann, B. Bochow, and C. C. Kellum, VehicularNetworking Automotive Applications and Beyond, Wiley, 1stedition, 2010.

[20] S. Eichler, “Performance evaluation of the IEEE 802.11p WAVEcommunication standard,” in Proceedings of the IEEE 66thVehicular Technology Conference (VTC ’07), pp. 2199–2203,October 2007.

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttp://www.hindawi.com Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation http://www.hindawi.com

Journal ofEngineeringVolume 2014

Submit your manuscripts athttp://www.hindawi.com

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

The Scientific World JournalHindawi Publishing Corporation http://www.hindawi.com Volume 2014

SensorsJournal of


Modelling & Simulation in EngineeringHindawi Publishing Corporation http://www.hindawi.com Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks


Documents

Research Article A Novel Authentication Scheme for …downloads.hindawi.com/journals/ijdsn/2013/827084.pdfResearch Article A Novel Authentication Scheme for V2I Communication ... (WSM)