Sage Journals: Discover world-class research

Abstract

Location-based services has been widely applied in cloud-enabled Internet of vehicles. Within these services, location privacy issues have captured significant attention. Vehicles use the technology of anonymity to implement occultation, the location is not revealed. In this process, large-scale data transmissions can reduce the quality of services. In order to ensure location privacy and high-quality services, the cloud manager customizes virtual machines for vehicles to support location-based services according to the vehicles’ demands. To achieve better performance, this article presents a conditional anonymity method that does not use bilinear pairings to address the problem of privacy disclosure by using discrete logarithm problem and Diffie–Hellman problem. Moreover, asymmetric key algorithms are used in the Internet of vehicles environment to reduce the cost. To guarantee secure data transmission in Internet of vehicles, the batch validation technique is used to address data integrity. Our theoretical security analysis and experiments show that the proposed scheme is secure in compared attack models, such as impersonation attacks, replay attacks, the man-in-the-middle attacks, and so on. Our proposed scheme ensures the security requirements such as message authentication, location privacy protection, and traceability, while lowering transmission and computation cost.

Keywords

Internet of vehicles location-based services conditional anonymity batch validation quality of services

Introduction

With the rapid development of wireless communication technologies, Internet of vehicles (IoV) is expected to provide new ways to enhance the traffic safety, road environment, and entertainment for drivers and passengers,^1,2 as is shown in Figure 1. Although IoV brings many useful services, it makes people’s privacy and security suffer from unprecedented threats. Due to the wireless communication mode, adversaries against IoV could control communication channels easily. Attackers could easily intercept, modify, replay messages transmitted in IoV, and steal sensitive information such as identity, location, and preferences, making it vulnerable to many kinds of attacks.

Figure 1.

System architecture of IoV.

Location-based services (LBS) can provide personalized services based on location information of moving objects and has already been widely used in public safety services, transportation, entertainment, and many other areas.³ However, there are potential threats to location privacy when the vehicles obtain LBS from third-party service providers (SPs). It is reported that the US Sense Network handles more than 4 billion location data every day,⁴ which could extract user habits, age, beliefs, income, and other property information, and the leakage of location information may also result in users being tracked and even causing more serious consequences. There are a variety of methods available for location privacy protection, for example,⁵ focused on the anonymity-based approaches that can mitigate the location tracking of a target by providing the target with an anonymity set. Such approaches consider anonymity in terms of unlink-ability. And an obfuscation operator which offers high assurances on obfuscation uniformity was proposed in Perazzo and Dini,⁶ even in case of imprecise location measurement. But location privacy protection and high-quality services are always a contradiction.

In order to provide high-quality services, the cloud manager first customizes virtual machines (VMs) for vehicles to support LBS according to the vehicles’ demands.⁷ Moreover, a major concern that hinders IoV application is cost. The Lee and Lai⁸ and Bayat et al.⁹ are currently a better solution to improve security and improve computational efficiency, but these schemes use bilinear pairing operations. Bilinear pairing is a complex operation among modern encryption algorithms. To reduce the cost of the large-scale data transmissions, compared with the previous studies, our work does not use bilinear pairings, thus greatly reducing the computation cost. In this article, we propose a quality of services (QoS)–based location privacy protection method (QBPP) for LBS in cloud-enabled IoV. Our main contributions in this article are summarized as follows: (1) We propose a conditional anonymity scheme to balance location privacy and QoS. (2) The function of batch verification is considered in solving security and privacy-preserving problems in IoV and ensures the data integrity. (3) We further conduct a security analysis to demonstrate that the QBPP satisfies a variety of security requirements. (4) To improve performance, the QBPP reduces the computation and transmission cost by means of VMs and without using bilinear pairings.

This research aims to explore the location privacy protection issues by proposing the QBPP in cloud-enabled IoV. The article is organized as follows. The “Introduction” section briefly introduces the background of IoV and related potential issues. In section “Related work,” the article presents some related works of recent years that make contributions to the location privacy protection. In the “Definition” section, we summarize some definitions including network model, security requirements, and challenges that are faced within the location privacy protection in IoV. In the “Scheme design” section, we propose a QBPP method for LBS in cloud-enabled IoV. In the “Simulation” section, simulation results verify the effectiveness of resisting location privacy leakage. The “Conclusion” section concludes the article and highlights our future work.

Related work

Currently, various threats to the location privacy are motivating researchers to conduct research on protection techniques and methods. And some practical privacy protection technologies have been proposed. In order to ensure the vehicle location not be exposed, the essence of privacy protection technology is to unify the way of cryptography to hide the real identity of the vehicle and confuse one-to-one identity mapping relationship used in the communication. Here we give comparisons among the schemes based on k-anonymity, the schemes based on mix-zone, and the schemes based on signature and certificate.

The schemes based on k-anonymity

K-anonymity was proposed in 2002,¹⁰ which had been widely accepted and extended to a variety of privacy protection models. Most recent researches offer personalized location k-anonymity, followed by appropriate algorithm to implement cloaking. Location privacy is associated with location anonymity. The higher degree of location anonymity means the higher degree of privacy protection, however, increasing the time and space overhead to a certain extent, which leads to the degradation of QoS. AMOEBA¹¹ provides location privacy by utilizing the group navigation of vehicles. The grouping vehicles mitigate the location tracking of any target vehicle. The group concept also provides robust anonymous access to prevent the proﬁling of LBS applications accessed by any target vehicle, so as to balance the trade-off between safety/liability and location privacy. However, AMOEBA did not take into account the mobility of the vehicle. Mishra et al.¹² proposed multi-party secure computation, according to the center location of member’s collection to hide the real location of the user, which can effectively resist internal and external attacks. But to obtain such a central location, the value of K is often required to be large. Once the value of K is large, the QoS relatively declines. Simultaneously, it increases the computation and communication overhead. What’s more, when the K value is small, the center point will exist deviation, leading to the result that the QoS is still not preferable.

The schemes based on mix-zone

Mix-zones are areas of the map where users cannot be tracked and change their pseudonym. By carefully placing and dimensioning such mix-zones, it is possible to thwart the adversary from linking two consecutive pseudonyms of the same user. In order to prevent continuous tracking, in the pseudonym scheme based on mix-zones,^13,14 vehicles are equipped with unrelated multiple pseudonyms, which can be replaced periodically to achieve privacy protection. A particular location mix-zone presented that vehicles changed their pseudonyms in the mix-zone and chose different paths to get confused.¹⁵ In addition, the mix-zone scheme based on silent periods¹⁶ created its own mix-zone without cooperation with other vehicles and third-party parties (TTP). The basic idea is that the vehicle changed the pseudonym in such a quiet period. When the speed does not drop below the speed threshold (such as 30 km/h), vehicles do not send the message to the server center. Lu et al.¹⁷ presented an effective pseudonym changing at social spots (PCS) strategy to achieve the provable location privacy. However, this threat model primarily only considers that an adversary can track a vehicle in a spatial–temporal way and did not consider the QoS.

In general, there is a certain risk for the completion of the pseudonym exchange at a large number of social points of vehicles. In addition, the coordination of silent periods among cars and the probability of successful replacement of pseudonym are issues that need to be emphatically considered. More importantly, a particular location mix-zone cannot avoid the shortcomings of easy tracking.

The schemes based on signature and certificate

To address security and privacy issues in IoV, Raya and colleagues^18,19 designed a conditional privacy-preserving authentication scheme using anonymous certificates, which modified Public Key Infrastructure (PKI) to implement functions of authentication and integrity. Public and private key pairs and corresponding certificates are downloaded into the On-board Unit (OBU) in the process of communication. In order to implement the features of authentication and security, the true identity of the vehicle is hidden by random selection of group of key pairs. Nonetheless, the agreement is also confronted with some challenges: (1) The storage of public and private key pairs and corresponding certificates requires large space of vehicle to hold them. (2) The authority also demands space considerably to store the vehicle certificates. (3) If anonymity is realized, when an attacker sends an error message, the authority is difficult to find his true identity from all certificates. Even if it is to be found, a lot of overhead time is spent. To some degree, it is not worth it.

To figure out the problem that we mentioned in Raya and Hubaux’s scheme, Lu et al.²⁰ proposed a new scheme whose main idea is anonymous certificates which were obtained from Road-Side Unit (RSU). The certificates here are not the same as above, which are temporary. To prevent attackers from tracking vehicles based on the certificates that are likely to be used for a long time, the vehicle can also be in place of anonymous certificate frequently. However, the frequent connections with RSUs will reduce the whole efficiency. To overcome this drawback, Freudiger et al.²¹ used the integration of anonymous certificates and mix-zones generating a new program. Similarly, the storage of mass certificates will also bring out large overhead. As a result, Zhang et al.²² established a privacy preservation scheme for Vehicular Ad hoc Networks (VANETs) by using the Hash Message Authentication Code (HMAC), where the key for the HMAC is generated through a key agreement protocol executed between the vehicles and the RSU.

To solve the problem of certificate management, Zhang et al.^23,24 combines identity-based public key cryptography, where the concept of the system was first proposed by Shamir²⁵ in 1984. Among the scheme, the identity (such as name, email, and phone number) of the user in the identity-based public key cryptography is his or her public key and private key. Neither the RSU nor the vehicle in Zhang et al.’s scheme needs to store the certificates. Besides, batch verification triggers a lower verification cost. But, as Lee and Lai⁸ pointed out, the idea of Zhang et al. is so fragile that it is vulnerable to the replay attack. Besides, it is unable to meet with the property of non-repudiation. Later, Chim et al.²⁶ found that Zhang et al.’s scheme cannot defend against the impersonation attack. So Chim improved privacy protection mechanisms, and proved that his mechanism was much better than previous researches in communication cost because it has lower cost. However, in recent research, Shim²⁷ found that Chim’s scheme was easy to suffer from the impersonation attack. Recently, Zhang et al.²⁸ and Bayat et al.⁹ have generated the anonymous identity and digital signature by modification, which greatly improved the computing performance, but it was still challenged by Liu et al.²⁹

According to the literature reviews, each scheme has its own advantages. However, potential risk exists due to reasons of not taking the QoS and overhead issues into account. Moreover, the previous studies cannot meet with the property of all kinds of attacks. The QBPP keeps both the location privacy protection and QoS. And the QBPP is an attack-resistance scheme. It is worth mentioning that using VM for transmitting the data greatly reduces the overhead.

Definition

The research problems mentioned in this article will be described in detail, including network model, security requirements, and challenges.

Network model

QBPP exploits powerful computation and storage capabilities in the cloud environment with entities including vehicles, LBS providers, Local Cloud, and Central Cloud, as shown in Figure 2. These entities are described as follows.

Figure 2.

Network model.

Central Cloud: A central cloud is established among a group of dedicated servers on the vehicular network. There is a trusted registration authority in the central cloud, which manages certificates for all entities. The registration authority could be a government transport department or an international trusted organization, which could generate some system parameters that were distributed to other entities.

Local Cloud: A local cloud is a kind of VM in the road, which improves server management flexibility and high availability. The use of VMs improves the utilization of computing resources. Different VMs can provide different services and guarantee the isolation of multiple VMs of different application services. The traditional TTP communication is not efficient and has limited computing power, which is not conducive to expansion. In a local cloud, there are some local cloud servers attached to the RSUs and a cloud manager. The cloud manager of a local cloud manages the local computing and storage resources. A vehicle accesses a local cloud by vehicle-to-infrastructure communications during driving.

LBS provider: LBS providers offer various LBS utilizing computation resources (e.g. navigation service). To ensure services’ continuity and reduce system cost, it is necessary for vehicles to use Live Virtual Machines (LVMs)³⁰ to obtain high-quality LBS during driving.

Vehicles: Vehicles can request some services from LBS providers. Each vehicle entity applies its own certificate from the registration authority in order to confirm its qualifications, even takes on some punishments when doing something bad. For example, vehicles forge false traffic jam scenes. Then, the illegal behavior of the vehicle can be broadcasted for a period of time or even the vehicle can be revoked.

Security requirements proposed for location privacy protection

To highlight the level of location privacy protection, we propose five important security requirements: message authentication, location privacy preservation, un-linkability, attack-resistance, and traceability.

Message authentication: Vehicles can check the validity of messages, which were sent by SP, so as to protect them from not being tampered with.

Location privacy preservation: When requesting services, vehicle submits the pseudonyms instead of real location information.³¹

Un-linkability: The identity of a vehicle and other front and rear vehicles’ location information should not be associated with a real information. Hence, the vehicle cannot be tracked by observing the location of front and rear vehicles.

Attack-resistance: The privacy protection scheme could resist many common attacks, such as impersonation attacks, replay attacks, the man-in-the-middle attacks (MIMA), and so on.

Traceability: The cloud manager can analyze the real information of the vehicle if necessary, to extract its original identity and location. For instance, a malicious vehicle attempts to mislead others by sending false information.³²

Challenges

The contradiction: privacy protection and QoS

The level of privacy protection conflicts with QoS. The higher QoS will be provided when we get the more precise location information. However, sensitive location information may be misused or leaked by compromised or malicious providers, resulting in sensitive data leakage.

Real-time processing for the frequently updated object location

It is important to ensure the real-time processing of service requests.³³ The longer response time results in more continuous location information and the information is called user track that should be protected and must be processed in the multidimensional space.³⁴

Scheme design

Security and privacy issues cannot be neglected when vehicles obtain LBS from third-party SP, who may attack the location of the mobile user directly or sell information to other people or organizations in private for some interests. Therefore, when a user requests services, it is the pseudonym location of the user rather than the user’s true information that the user puts to use. Finally, the user receives the service information sent by SP. In this process, the true location of the user is blocked, which ensures that SP only gets the location set, thus privacy can be protected in this way. In addition, in order to ensure high-quality services, VM filters the best services for users according to the real location of user, which is tracked by VM from anonymous location set. Here, we assume that VM is trustworthy, which is managed by central cloud. Because in the cloud management module, there is a trusted management module for the management of the VM, and the cloud platform can perform behavior monitoring on the running VM, the resource can perform effective trusted management.

When request services are provided for the users, LBS records user’s location by the trace file. Each trace file entry is a triple, like <id, loc, con>. In this triple, id refers to the identity of the user. Loc stands for the location information where the user makes a request, yet, con represents the services information that provides for the user. The entire communication process is divided into two parts within this context. First, the user asks SP to raise service request. Second, SP will transmit the corresponding content back to the user, shown in Figure 3. Therefore, the QBPP will be detailed in the following section.

Figure 3.

System working status.

User → SP

In order to protect the location privacy of users, it is necessary to hide their locations when requesting for some services. The steps are as follows.

(a) Initialization

VM selects two random number r₁, r₂ as secret key, and r₁ is only aware to user and VM, r₂ is only aware to VM and SP. Then integrate vehicle’s id, location set (loc’) and con into message c₁.

Vehicle generates a pair of secret key (public key: PU_a, private key: PR_a), and exposes the public key to other sides. The same as VM and SP generate public and private key {(PU_t, PR_t), (PU_s, PRs)}.

(b) Encryption and Decryption

Step 1: User uses PU_t to encrypt c₁ and r₁, as cipher text E₁ = PU_t(c₁||r₁); VM decrypts E₁ with PR_t to get r₁ and c₁.

Step 2: VM integrates loc’ and con into message c₂; VM uses PU_s encrypting c₂ and r₂, as cipher text E₂ = PU_s(c₂||r₂); SP decrypts E₂ with PR_s to get r₂ and c₂.

SP →user

Since the SP receives the user’s location set where the real location of the user is included in, VM can filter the best services according to the precise location of the user when the SP sends the service content set to the user. Similarly, the best services user will get are encrypted by PUa. Then the user uses its own private key PRa to decrypt the message. Meanwhile, to avoid the attacker intercepting the message and adding own ideas, SP generates a signature to the message.

Ready Work

First, we provide three computation methods in the article, and three corresponding problems are addressed:

(a) Discrete logarithm problem

Given a prime number p and a primitive element a of the finite field Z_p, for an integer b on the Z_p, find a unique integer c, such that $a^{c} \equiv b (\mod p)$ . In general, for large prime numbers, calculating the discrete logarithm problem (DLP) solution is difficult and there is not a polynomial time algorithm (PTA) for solving the DLP.

(b) Diffie–Hellman Problem

The effectiveness of the Diffie–Hellman key exchange algorithm relies on the difficulty of computing DLP. Given a prime number q and an integer a, a is a primitive root of q, the user A selects a random number X_a as the private key, then calculates the public key $y = a^{Xa} \mod q$ , which is open to the public. X_a is confidential, so attackers can only solve the DLP to get the key.

It is symbolically represented as $H (M)$ . Given an any length message M, returns a fixed-length hash value h, that is $h = H (M)$ . HMAC is said to be secure if the following properties are satisfied:

Given M, it is easy to calculate h.

Given h, calculating M is difficult.

Given M, it is infeasible to find another message M’ that satisfies $H (M) = H (M')$ .

The notations and descriptions are listed in Table 1.

2. Initialization definitions

Table 1.

Notations and descriptions.

Symbols	Descriptions
p, q	Two prime numbers
E	The equation of elliptic curve y² = x³ + ax + b, where a, b ∈ Fp.
G	Consisting of all points on the elliptic curve E
P	The generator of G
Discrete logarithm	Given two random points P and Q on E, the task of the DL problem is computing an integer x to satisfy the equation Q = x · P
Diffie–Hellman	Given two random points Q and R on E, where Q = x · P, R = y · P and x, y are two unknown integers
x	The private key of the system
Ppub	The public key Ppub = x · P
RLOC	The real location of vehicle
ALOC	The anonymous location of vehicle
Hash functions h₁, h₂, h₃	h ₁: G → Zq; h₂: {0, 1}∗→ Zq; and h₃: {0, 1}∗× {0, 1}∗× G × {0, 1}∗→ Zq
M_i	The reply of service request
T_i	Timestamp
sk_i	Message-issued key
β_i	Summary of the message
⊕	The exclusive-OR operation
\|\|	The message concatenation operation

VM generates parameter list and the following steps are executed by the VM.

(a) VM selects two large prime numbers p and q and defines an elliptic curve E whose equation is y ² = x ³ + ax + b, where a, b ∈ Fp.

(b) VM selects a generator P, which starts up group G consisting of the whole points on the elliptic curve E.

$P_{pub} = x \cdot P$ (1)

(d) VM selects three hash functions h₁, h₂, and h₃, which is secure in this system, where h₁: G → Zq; h₂: {0, 1}*→ Zq; and h₃: {0, 1}* × {0, 1}* × G × {0, 1}*→ Zq.

(e) VM distributes private key x, which is downloaded to the vehicle.

(f) VM sends parameters {p, q, a, b, P, P_pub, h₁, h₂, h₃} to SP.

3. Vehicle location anonymity and SP message signature

M_i represents a reply for user. Then, SP sends message ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}}$ to VM. According to the accurate location information, the precise result can be returned to the user. Here follows the signature steps.

(a) Vehicle randomly generates w_i∈Zq* and computes

$ALO C_{i, 1} = w_{i} \cdot P$ (2)

$ALO C_{i, 2} = RLOC \oplus h_{1} (w_{i} \cdot P_{pub})$ (3)

$α_{i} = h_{2} (ALO C_{i} | | T_{i})$ (4)

$s k_{i} = w_{i} + α_{i} \cdot x$ (5)

where T_i is timestamp and

$ALO C_{i} = {ALO C_{i, 1}, ALO C_{i, 2}}$ (6)

Then, vehicle sends {ALOC_i, sk_i, T_i} to SP.

(b) SP randomly generates r_i∈Zq*, and computes

$R_{i} = r_{i} \cdot P$ (7)

$β_{i} = h_{3} (ALO C_{i} | | T_{i} | | R_{i} | | M_{i})$ (8)

$σ_{i} = s k_{i} + β_{i} \cdot r_{i}$ (9)

4. Message authentication

(a) Single verification of single message

SP sends message ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}}$ , verifier uses $parmas = {p, q, a, b, P, Ppub, h_{1}, h_{2}, h_{3}}$ to verify whether the following equation holds when receiving the message

$σ_{i} \cdot P = ALO C_{i, 1} + α_{i} \cdot P_{pub} + β_{i} \cdot R_{i}$ (10)

Before that, we must check the freshness of T_i. If it is not fresh, we refuse the message, otherwise, we accept it. Then, the verifiers validate the equation. The left and right sides of the equation being equal means that the verifiers agree to provide the required services or transmit the message. On the contrary, it is rejected. Next, we give the proof

$\begin{matrix} σ_{i} \cdot P & = (s k_{i} + β_{i} \cdot r_{i}) \cdot P \\ = (w_{i} + α_{i} \cdot x + β_{i} \cdot r_{i}) \cdot P \\ = w_{i} \cdot P + α_{i} \cdot x \cdot P + β_{i} \cdot r_{i} \cdot P \\ = ALO C_{i, 1} + α_{i} \cdot P_{pub} + β_{i} \cdot R_{i} \end{matrix}$

(b) Batch certification

SP sends a plurality of request messages

${M_{1}, ALO C_{1}, T_{1}, R_{1}, σ_{1}}$

${M_{2}, ALO C_{2}, T_{2}, R_{2}, σ_{2}}$

$\begin{matrix} {M_{3}, ALO C_{3}, T_{3}, R_{3}, σ_{3}} \\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ {M_{n}, ALO C_{n}, T_{n}, R_{n}, σ_{n}} \end{matrix}$

Similarly, the verifiers use parameters for authentication.

First, the verifiers check the freshness of T_i, where i = 1, 2, …, n. Once it is not fresh, we refuse it, otherwise, accept it.

The verifiers randomly choose a vector v = {v₁, v₂, …, v_n}, v_i is a small random integer and because of small value, it has less computation cost. So, we only verify the equation

$\begin{matrix} (\sum_{i = 1}^{n} V_{i} \cdot σ_{i}) \cdot P = \sum_{i = 1}^{n} (V_{i,} ALO C_{i, 1}) + \\ (\sum_{i = 1}^{n} (v_{i}, α_{i})) \cdot P_{pub} + \sum_{i = 1}^{n} (V_{i} \cdot β_{i} \cdot R_{i}) \end{matrix}$ (11)

Here follows the proof

$\begin{matrix} (\sum_{i = 1}^{n} V_{i} \cdot σ_{i}) \cdot P \\ = (\sum_{i = 1}^{M} V_{i} \cdot (s k_{i} + β_{i} \cdot r_{i}) \cdot P) \\ = (\sum_{i = 1}^{n} V_{i} \cdot (w_{i} + α_{i} \cdot x + β_{i} \cdot r_{i}) \cdot p) \\ = \sum_{i = 1}^{n} (v_{i} \cdot (w_{i} \cdot P + x_{i} \cdot x \cdot p + β_{i} \cdot r_{i} \cdot P)) \\ = \sum_{i = 1}^{n} (v_{i} \cdot ALOCi, 1 + v_{i} \cdot α_{i} \cdot Ppub + v_{i} \cdot Ri \cdot β i) \\ = \sum_{i = 1}^{n} (V_{i,} ALO C_{i, 1}) + (\sum_{i = 1}^{n} (v_{i}, α_{i})) \cdot Ppub \\ + \sum_{i = 1}^{n} (V_{i} \cdot β_{i} \cdot R_{i}) \end{matrix}$

Security analysis

First, we adopt Asymmetric Cryptographic Algorithm when user requests SP for the service. In this algorithm, vehicle, VM, and SP keep each private key that can uniquely decode the cryptographic message encrypted by public key. The primary feature of Asymmetric Cryptographic Algorithm system lies in using different secret key for encryption and decryption. Its main features also exist in:

Simple secret key allocation

We do not need to elicit decryption key through encryption key and the entities keep the decryption key itself.

Low preservation amount of secret key

A network with N users needs N(N– 1) / 2 keys in symmetric key, but it is hard to manage many keys. By contrast, asymmetrical secret key is easy to be managed due to N communication members only need to produce N pairs of secret keys.

The permission of privacy protection between unacquainted people

Both sides in communication must have adequate trust in symmetric key. Once the secret key is revealed, the confidentiality and integrity of data cannot be guaranteed. But in asymmetrical secret key system, the communication in both sides do not need to transmit the secret key in advance or any other promise and the system can ensure the data transmission of any two sides.

Second, to analyze the service content from SP, we set two characters, the vehicle V and the attacker A. In addition, we propose a Lemma 1:

The scheme is secure in any attack models in the presence of DLP.

Ready Work

VM generates system parameters and private key, which will be sent to attacker A. VM chooses a random number $r \in Zq *$ , then returns r to attacker A. Then, SP generates the service content and sends the content to attacker A.

2. Proof of Lemma

We give the hypotheses that A forges the message ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}}$ . Given a DLP $Q = x \cdot P$ . VM sets the private key, and sends $parmas = {p, q, a, b, P, Ppub, h_{1}, h_{2}, h_{3}}$ to attacker A.

When receiving the message, the system randomly chooses number $σ_{i}, α_{i}, β_{i} \in Zq *$ and a point $ALO C_{i, 1}$ . V must compute the equation

$ALO C_{i, 1} = σ_{i} \cdot P - α_{i} \cdot P_{pub} - β_{i} \cdot R_{i}$ (12)

V keeps $(ALO C_{i}, T_{i}, α_{i})$ and $(ALO C_{i}, T_{i}, R_{i}, M_{i}, β_{i})$ , where $ALO C_{i} = {ALO C_{i, 1}, ALO C_{i, 2}}$ . Then the message ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}}$ is sent to A. The following step is to verify whether equation (10) holds. In addition, adversary A outputs another message ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}'}$ at this time, we conclude that

$σ_{i}' \cdot P = ALO C_{i, 1} + α_{i}' \cdot P_{pub} + β_{i} \cdot R_{i}$ (13)

That is, $(σ_{i} - σ_{i}') \cdot P = σ_{i} \cdot P - σ_{i}' \cdot P = ALO C_{i, 1} + α_{i} \cdot P_{pub} + β_{i} \cdot R_{i} - (ALO C_{i, 1} + α_{i}' \cdot P_{pub} + β_{i} \cdot R_{i})$

$= (α_{i} - α_{i}') \cdot P_{pub}$

$= (α_{i} - α_{i}') \cdot x \cdot P$

In this case, we could get

$(σ_{i} - σ_{i}') = (α_{i} - α_{i}') \cdot x mod q$

V outputs $(α_{i} - α_{i}') / (σ_{i} - σ_{i}')$ as the answer of DLP. However, it is difficult to solve DLP. We have not found the PTA that can calculate it. While DLP has been solved here, it is contradicted with what we have known. Therefore, the assumption is not supported and this scheme is a secure and attack-resistance model.

Interpretation of security requirements

(a) Message Authentication ³⁵

Based on Lemma 1, it is easy to see that no one can forge an effective message while DLP is too difficult to address. Therefore, the verifier only needs to ensure whether equation (10) holds. Thus, our scheme can provide message authentication.

(b) Location Privacy Preservation

The real location of vehicle is hidden among $ALO C_{i}$ and knowing equations (1), (2), (3), and (6), to extract the real location information of vehicle, equation (3) must be calculated

$Wi \cdot Ppub = Wi \cdot x \cdot P$ (14)

$ALO C_{i, 1} = w_{i} \cdot P$ (15)

If the attacker wants to obtain location information, he or she must solve Diffie–Hellman Problem (DHP). Thus, this model can provide location privacy preservation according to the hardness of DHP.

The real location ALOC of vehicle is hidden among $ALO C_{i}$ . VM can withdraw the real location of vehicle by using private key and compute the equation

$RLOC = ALO C_{i, 2} \oplus h_{1} (x \cdot ALO C_{i, 1})$ (16)

With equations (1), (2), and (3), we give the proof as follows

$\begin{matrix} RLOC = ALO C_{i, 2} \oplus h_{1} (x \cdot ALO C_{i, 1}) \\ = RLOC \oplus h_{1} (w_{i} \cdot P_{pub}) \oplus h_{1} (x \cdot ALO C_{i, 1}) \\ = RLOC \oplus h_{1} (w_{i} \cdot x \cdot P) \oplus h_{1} (x \cdot w_{i} \cdot P) \\ = RLOC \oplus 0 \\ = RLOC \end{matrix}$

(d) Un-linkability

Due to the randomness of numbers $w_{i} \in Zq *$ and $r_{i} \in Zq *$ and equations (2), (3), (4), (5), (7), (8), and (9), the adversary cannot be associated with the same location or the same anonymous signature.

(e) Attack-resistance

The scheme could resist the impersonation attack, the modification attack, the replay attack, the MIMA, and the steal authentication table attack.

Impersonation Attack

If the attacker wants to fake legal vehicle so as to obtain the request services sent by the user, he or she must generate information ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}}$ to satisfy the equation. The attacker is not able to generate such a set of impersonation messages as described in Lemma 1.

Modification Attack

According to the previous proof, we can conclude that ${ALO C_{i}, R_{i}, σ_{i}}$ is a digital signature of ${M_{i}, T_{i}}$ . Any change of the message will be verified by the equation using Lemma 1.

Replay Attack

Timestamp is included in ${M_{i}, ALO C_{i}, T_{i}, R_{i}, σ_{i}}$ , as previously mentioned, ${ALOCi, Ri, σ i}$ is a digital signature of ${Mi, Ti}$ . We can check whether the message can be replayed by verifying the freshness of timestamp T_i.

MIMA

According to the analysis of message authentication, this scheme can reject the MIMA as it can provide the authentication between the sender and the receiver.

Stolen Table attack

The entities keep their own secret key so that they do not need to balance the storage overhead and capacity, in which case, attackers are unable to conduct sensitive attack through stealing proof list.

Security performance comparison

According to the security analysis and what Table 2 shows, there is no such a method that can satisfy the five security requirements, while the QBPP can provide this five security requirements.

Table 2.

Security performance comparison.

Scheme	Message authentication	Location privacy preservation	Traceability	Un-linkability	Attack-resistance
Shim²⁷	√	√	√	×	×
Zhang et al.²²	√	√	√	√	×
Raya et al.¹⁸	√	√	√	√	×
Bayat et al.⁹	√	√	√	√	×
Our scheme	√	√	√	√	√

Simulation

Based on the high popularity, the openness and strong scalability of NS-2³⁶ and mobile scene generation tool VanetMobiSim,³⁷ this article expands network simulation for routing layer, a transport layer, and the data link layer. The data packets are sent among the moving vehicles, VM, and SP. The basic parameters used in the simulation experiment are as follows: 802.11p protocol, bandwidth 10 Mbps, and the maximum transmission distance 1 km. In the simulation experiment, the number of vehicles is set to a maximum of 100, and a total of 20 rounds of simulations are performed. The experimental values are the average of 20 rounds of simulation. In this section, the program we designed gives a discussion in terms of the computation cost, average delay, transmission cost, and verification delay.

Analysis of computation cost

Next, we give three effective definitions of Tmul, Tmtp, and Tpar. Tmul indicates the time required to perform one-point multiplication over an elliptic curve. Tmtp indicates the time required to compute one Map to Point hash function, and Tpar indicates the time required to perform one pairing operation. We can know that Tmul, Tpar, Tmtp computation time were 0.6, 4.5, and 0.6 ms from Lu et al.¹⁷ As discussed above, the computation time required by Tmul and Tmtp was far lower than that required by Tpar. What’s more, for other operations, such as a hash operation, whose operation is 2чs, which could be ignored. Therefore, this article mainly uses the above parameters as the main parameters, yet the rest of the computation cost are negligible. Table 3 shows the computation cost that the scheme has incurred when completing the authentication of single vehicle.

Table 3.

Comparison of computation cost.

Scheme	Computation costs
Shim’s CPAS²⁷	5 Tmul + 3 Tpar
Zhang’s IBV²³	7 Tmul + 3 Tpar + 3 Tmtp
Raya’s ESA¹⁹	7 Tmul + Tpar + 3 Tmtp
Bayat’s SAS⁹	5Tmul + Tpar + Tmtp
Our scheme	5 Tmul + 3 Tmtp

Based on the results shown in Table 3, we can see that the QBPP for location privacy protection in IoV is equipped with lower computation cost compared with the other four schemes proposed by the previous researchers.

Analysis of average delay

The average delay is affected by many parameters. Here, we analyze the impact of the average delay relative to the speed and the number of vehicles. The formula used is as follows

$Amd = \frac{1}{N_{v} \cdot N R_{n}} \cdot \sum_{n \in v} \sum_{m = 1}^{N R_{n}} (T_{sign} + T_{trans} + T_{verify})$ (17)

Among them, $Amd$ denotes the average message delay, $N_{v}$ denotes the number of vehicles, $N R_{n}$ denotes the number of service requests, $T_{sign}$ denotes the time required to sign a message, $T_{trans}$ denotes the message transmission time, and $T_{verify}$ denotes message verification time. When $N_{v}$ increases, $N R_{n}$ increases, resulting in the increase of processing time and response time. Hence, $T_{trans}$ increases.

Figure 4 describes the influence of vehicles’ number versus delay, along with the increase of vehicles’ number, the delay of our scheme is the lowest.

Figure 4.

Impact of vehicles’ number versus delay.

Figure 5 describes the influence of vehicles’ speed versus delay. As can be seen in the figure, when the vehicle speed increases from 10 to 50 km/h, the number of interactions between vehicles increases per unit time. Excessive network traffic makes the vehicle data exchange delay increase. However, our scheme still bears the minimum transmission delay. For Raya, Shim, Zhang, Bayat’s scheme, the delay is significantly increased due to the impact of the vehicle speed and packet loss.

Figure 5.

Impact of vehicles’ speed versus delay.

Analysis of transmission cost

Transmission cost is the main indicator to measure the performance. Here, we use sending a single message or n messages as a measure where the message length of a public key certificate is 64 bytes, the pseudonym is 21 bytes, the signature is 42 bytes, and anonymous key is 83 bytes. This article only relates signature and anonymity, so the total message length is 42 + 21 = 63 bytes, while in Raya’s agreement, the whole length is 64 + 83 = 147 bytes. Similarly, in Zhang’s and Shim’s agreement, the total length are 42 · 2 = 84 bytes, 21 + 42 + 83 = 146 bytes, and the message length of Bayat is same as ours, as shown in Table 4.

Table 4.

Comparison of transmission cost.

Scheme	Single message	N messages
Raya’s ESA¹⁹	147	147n
Shim’s CPAS²⁷	146	146n
Zhang’s IBV²³	84	84n
Bayat’s SAS⁹	63	63n
Our Scheme	63	63n

Analysis of verification delay

To reflect the efficient performance by using HMAC in batch authentication, as described in Figure 6, we can observe that with the increasing number of requests, the verification delay gets longer while our scheme has the best performance.

Figure 6.

Impact of request number versus verification delay.

Conclusion

Recently, in wireless communication service market, IoV is considered as an important domain. LBS is featured with a supporting technology in vehicular networks. As privacy protection is a crucial problem, we have proposed a QBPP method for LBS in cloud-enabled IoV. Moreover, the conditional anonymity is proposed to balance the trade-off between location privacy and QoS. Furthermore, to achieve better performance, the function of batch verification of multiple messages is included in our scheme. The security analysis demonstrates that the proposed scheme can overcome the weakness of previous schemes. Our scheme yields a better performance by lowering computation and transmission cost and reducing average delay due to no bilinear pairings and the use of VM.

As future research, we plan to address the continuous challenges related to LBS along with the development of IoV. There are several interesting problems that are worthy of further study, such as secure frameworks of live VM migration for LBS.

Footnotes

We would also like to thank the anonymous reviewers for their constructive comments and helpful suggestions.

Handling Editor: Carlos Calafate

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research,authorship,and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research,authorship,and/or publication of this article: This work is supported by the National Natural Science Foundation of China under Grant No. 61272001 and No. U1405255,and the Natural Science Research in Jiangsu Higher Education under 17KJA413001.

ORCID iD

Ting-ting Li

References

Zhang

Zhou

Srinivasan

et al . Detecting attacks smartly in vehicle cloud computing. In: Ubiquitous intelligence & computing, advanced and trusted computing, scalable computing and communications, cloud and Big data computing, Internet of people, and smart world congress, Toulouse, 18–21 July 2016, pp.245–252. New York: IEEE.

Kang

Huang

et al . Location privacy attacks and defenses in cloud-enabled Internet of vehicles. IEEE Wire Comm 2016; 23(5): 52–59.

Zhang

Gjessing

et al . Toward cloud-based vehicular networks with efficient resource management. IEEE Netw 2013; 27(5): 48–55.

Kim

Dummy information for location privacy in location based services. Patent 8559927B2, USA, 2012.

Pﬁtzmann

Waidner

Networks without user observability—design options. In: Advances in cryptology—EUROCRYPT’85 (LNCS 219), Linz, 9–11 April 1985, pp.245–253. Berlin: Springer-Verlag.

Perazzo

Dini

A uniformity-based approach to location privacy. Comput Comm 2015; 64(C): 21–32.

Tang

You

et al . Long-term location privacy protection for location-based services in mobile cloud computing. Soft Comput 2016; 20(5): 1735–1747.

Lee

Lai

YM.

Toward a secure batch verification with group testing for VANET. Wire Netw 2013; 19(6): 1441–1449.

Bayat

Barmshoory

Rahimi

et al . A secure authentication scheme for IoV with batch verification. Wire Netw 2014; 21(5): 1–11.

10.

Sweeney

k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl-Based Syst 2002; 10(5): 557–570.

11.

Sampigethaya

Huang

et al . AMOEBA: robust location privacy scheme for VANET. IEEE J Sel Area Comm 2007; 25(8): 1569–1589.

12.

Mishra

Trivedi

Shukla

A glance at secure multiparty computation for privacy preserving data mining. Int J Comput Sci Eng 2009; 1(3): 171–175.

13.

Papadimitratos

Buttyan

Holczer

et al . Secure vehicular communication systems: design and architecture. IEEE Comm Mag 2008; 46(11): 100–109.

14.

Aijaz

Bochow

Dötzer

et al . Attacks on inter-vehicle communication systems: an analysis. In: Proceedings of the 3rd international workshop on intelligent transportation, WIT, Hamburg, 14–15 March 2006, pp.189–194.

15.

Jahan

Sharmy

Jahan

et al . Design of a secure sum protocol using trusted third party system for secure multi-party computations. In: Proceedings of the 6th international conference on information and communication systems (ICICS), Amman, Jordan, 7–9 April 2015. New York: IEEE.

16.

Buttyán

Holczer

Weimerskirch

et al . SLOW: a practical pseudonym changing scheme for location privacy in VANETs. In: Vehicular networking conference, Tokyo, Japan, 28–30 October 2010, pp.1–8. New York: IEEE.

17.

Luan

et al . Pseudonym changing at social spots: an effective strategy for location privacy in VANETs. IEEE Trans Veh Technol 2012; 61(1): 86–96.

18.

Raya

Papadimitratos

Hubaux

JP.

Securing vehicular communications. IEEE Wire Comm 2006; 13(5): 8–15.

19.

Raya

Hubaux

JP.

Securing vehicular ad hoc networks. J Comput Secu 2007; 15: 39–68.

20.

Lin

Zhu

et al . ECPP: efficient conditional privacy preservation protocol for secure vehicular communications. In: Proceedings of the 27th conference on computer communications (INFOCOM), Phoenix, AZ, 13–18 April 2008, pp.1229–1237. New York: IEEE.

21.

Freudiger

Raya

Felegyhazi

et al . Mix-zones for location privacy in vehicular networks. In: ACM workshop on wireless networking for intelligent transportation systems (WiN-ITS), Vancouver, BC, Canada, 14 August 2007. New York: ACM.

22.

Zhang

Lin

et al . RAISE: an efficient RSU-aided message authentication scheme in vehicular communication networks. In: International conference on communications (ICC ’08), Beijing, China, 19–23 May 2008, pp.1451–1457. New York: IEEE.

23.

Zhang

Lin

et al . An efficient identity-based batch verification scheme for vehicular sensor networks. In: International conference on computer communications, Phoenix, AZ, 13–18 April 2008, pp.246–250. New York: IEEE.

24.

Zhang

Tapolcai

On batch verification with group testing for vehicular communications. Wire Netw 2011; 17(8): 1851–1865.

25.

Shamir

Between gratitude and gratuity: an analysis of tipping. Ann Tour Res 1984; 11(1): 59–78.

26.

Chim

Yiu

Hui

LCK

et al . VSPN: VANET-based secure and privacy-preserving navigation. IEEE Trans Comput 2014; 63(2): 510–524.

27.

Shim

KA.

${\cal CPAS$: an efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Trans Veh Technol 2012; 61(4): 1874–1883.

28.

Zhang

Liu

On the security of a secure batch verification with group testing for VANET. Int J Netw Secur 2014; 16(5): 1229–1237.

29.

Liu

Yuen

Man

et al . Improvements on an authentication scheme for vehicular sensor networks. Exp Syst Appl 2014; 41(5): 2559–2564.

30.

Aiash

Mapp

Gemikonakli

. Secure live virtual machines migration: issues and solutions. In: International conference on advanced information networking and applications workshops, Victoria, BC, Canada, 13–16 May 2014, pp.160–165. New York: IEEE Computer Society.

31.

Wang

Yao

Gong

et al . A trigger-based pseudonym exchange scheme for location privacy preserving in VANETs. Peer Peer Netw Appl 2018; 11: 548–560.

32.

Zeadally

et al . An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans Inf Foren Sec 2015; 10(12): 2681–2691.

33.

Liu

Xie

Wang

Personalized extended (α, k)-anonymity model for privacy-preserving data publishing. Concur Comput Prac Exp 2016; 29: e3886.

34.

Xie

Wang

Efficient privacy-preserving processing scheme for location-based queries in mobile cloud. In: First international conference on data science in cyberspace, Changsha, China, 13–16 June 2016, pp.424–429. New York: IEEE Computer Society.

35.

Liu

Wang

Chen

H-H.

Message authentication using proxy vehicles in vehicular ad hoc networks. IEEE Trans Veh Technol 2015; 64(8): 3697–3710.

36.

Issariyakul

Hossain

Introduction to network simulator 2 (NS2). Boston, MA: Springer, 2012, pp.21–40.

37.

Fiore

Filali

Bonnet

Vehicular mobility simulation with VanetMobiSim. Simulation 2011; 87(4): 275–300.

QBPP: Quality of services–based location privacy protection method for location-based services in cloud-enabled Internet of vehicles

Abstract

Keywords

Introduction

Related work

The schemes based on k-anonymity

The schemes based on mix-zone

The schemes based on signature and certificate

Definition

Network model

Security requirements proposed for location privacy protection

Challenges

The contradiction: privacy protection and QoS

Real-time processing for the frequently updated object location

Scheme design

User → SP

SP →user

Security analysis

Interpretation of security requirements

Security performance comparison

Simulation

Analysis of computation cost

Analysis of average delay

Analysis of transmission cost

Analysis of verification delay

Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References