Certificateless Aggregate Signature Scheme with Conditional Privacy Protection in Vehicle Networking

Real-time road navigation information update in vehicle networking plays an extremely important role in safe driving and alleviating traffic congestion, but how to protect user privacy from leakage is a major challenge when updating real-time navigation information. In order to solve this problem effectively, a certificateless aggregate signature scheme with real-time navigation information update function is proposed, which is suitable for vehicle networking. In the scheme, when the navigation company needs to access the data, the fog node aggregates the signature message of the vehicle broadcast and uploads it to the trusted center, and then feeds it back to the navigation company after batch verification by the trusted center. The trusted center generates temporary pseudonyms for vehicle users, realizes the anonymity of user identity, and meets the requirements of conditional privacy protection. The aggregate signature technology is used to reduce the computing and communication overhead. Finally, based on the discrete logarithm difficulty problem in the elliptic curve, it is proved that the scheme satisfies the existence and can not be forged under the adaptive selection message attack. The results of numerical analysis show that the scheme has some advantages in terms of computational cost.


Introduction
With the rapid development of sensor technology and artificial intelligence technology, traditional cars have been combined with information technology to derive a more safe and intelligent driving environment-vehicle networking (Internet of vehicles, VANETs [1]). VANETs is an important part of smart city, which provides data support for the update of real-time road navigation information. Effective navigation information can help drivers make choices more timely and accurately, thus reducing the incidence of traffic accidents, It plays a very important role in alleviating traffic congestion, safe driving and so on [2].
In order to update the real-time road navigation information and obtain the traffic status of the corresponding road section timely and effectively, some schemes [3][4] have been proposed in recent years, in which vehicle users agree to upload their collected road condition information to the navigation company, but this also increases the risk of user privacy disclosure. In the efficient identity-based conditional privacy protection authentication in vehicle networking scheme proposed in reference [5], the privacy protection is realized by generating pseudonyms for vehicle users, which solves the risk of privacy disclosure of vehicle users' identity. In the process of registration, the trusted center (Trusted-Authority, TA) generates pseudonyms for vehicle users. Vehicle users can use pseudonyms to communicate with each other to protect their privacy, but when they break the law, TA can restore their true identity through their pseudonyms and achieve conditional privacy protection.
In addition, if the authenticity of the information in the vehicle networking environment can not be guaranteed, it will lead to serious communication security problems. VANETs often uses message signature technology to realize the legitimacy and authenticity of messages. At the same time, in order to reduce the communication overhead in VANETs, some scholars have proposed an aggregate signature scheme [6]. Aggregate signature technology can compress the signature messages of multiple users into a signature message for processing, so as to improve the authentication efficiency of messages, which is very suitable for VANETs communication environment. In reference [7], an aggregate signature scheme based on PKI is proposed, but the management and maintenance of certificates will cause great overhead, so it is not suitable for VANETs. Based on elliptic curve cryptosystem and general one-way hash function, an effective identity-based conditional privacy protection authentication scheme in VANETs is proposed in reference [8]. Although it solves the problem of certificate management, it has the problem of key escrow. A malicious key generation center can easily impersonate a user to sign, which brings a serious security threat to the system. Using certificateless cryptosystem to construct signature scheme [9][10] can solve the problem of key escrow. A certificate-free aggregate signature scheme in VANETs is proposed in references [11][12][13][14]. The key generation center only generates part of the user's private key, and the user randomly selects a secret value and part of the private key to form his own complete private key to ensure the security of the signature. However, the scheme proposed in reference [14] involves bilinear pairing operation, which not only increases the difficulty of calculation, but also brings great communication burden to the VANETs communication environment. In order to solve this problem, references [15][16] proposed a certificateless aggregate signature scheme without bilinear pairs for VANETs communication environment, and constructed a lighter aggregate signature scheme based on elliptic curve discrete logarithm problem, which greatly improved the computational efficiency. Unfortunately, the scheme proposed in reference [16] cannot resist class II A adversary attacks.
Based on the above situation, this paper proposes a secure and effective aggregate signature scheme based on certificateless cryptosystem. The main work is as follows: • Certificateless cryptosystem can effectively solve not only the problem of certificate management in PKI cryptosystem, but also the problem of key escrow in identity-based cryptosystem. Therefore, based on the certificateless cryptosystem, this paper proposes a secure and efficient real-time road navigation information update scheme suitable for VANETs environment, which can not only ensure security, but also effectively reduce the communication burden of VANETs environment.
• The conditional privacy protection of vehicle user information is realized by generating temporary pseudonyms for vehicle users. Users do not have to worry about divulging their privacy in the process of communication. when users have illegal activities, TA can restore the true identity of users through pseudonyms and track them.
• An efficient and secure aggregate signature scheme is constructed based on the elliptic curve discrete logarithm difficulty problem. The scheme does not involve bilinear pairing operation in the construction process, so it has the advantage of lightweight, and is more suitable for the computing needs of fast response and low delay in VANETs. It can greatly shorten the signature time of the client, reduce the computational overhead and improve the application efficiency.
• The scheme of this paper realizes the confidentiality, integrity, reliability, identity authentication and non-repudiation of data, and gives strict security proof. The experimental numerical analysis shows that the scheme has obvious efficiency advantages.

Difficult Problems
Elliptic curve discrete logarithm problem (ECDLP): Suppose G is an additive cyclic group, P is the generator of the group G , and the order of G is q , P QG  . Given P and Q , it is difficult to find the integer a that satisfies ap Q = .

System Model of Scheme
In the scheme of safe and efficient road condition navigation information update system in this paper, the navigation company sends the road condition information task that needs to be collected to TA, after receiving the task, TA will send the information to the vehicle users in the range through the fog node. the vehicle users in the range will collect the corresponding information according to the task after receiving the task, and then send the corresponding information to the fog node after the collection is completed. After receiving the signature message from the vehicle user, the fog node will authenticate the legality of the signature message, and after verifying the legality, it will aggregate the signature message and send it to the trustworthy center TA. After receiving the message, TA will authenticate the signed message in batches, and if the message is legal, it will return the message to the navigation company, otherwise it will be discarded and the corresponding illegal users will be investigated. The system model, shown in figure 1, consists of five entities: • Navigation company: the navigation company needs a lot of real-time information to update the navigation information dynamically, but the navigation company itself does not have this ability, so it sends the corresponding tasks to the trusted center TA, and then updates the corresponding navigation information according to the information fed back by TA.
• Trusted center TA: trusted center TA is considered to be completely credible and is generally served by government agencies. In the scheme of this paper, TA is mainly responsible for the registration of vehicles and fog nodes. at the same time, in order to protect the privacy of vehicles, false identities will be generated for vehicles in the process of registration, but when a vehicle violates the law, TA can also obtain his real identity from his false identity and investigate his corresponding responsibility. In addition, the trusted center will authenticate the aggregate signature messages sent by the fog node in batches, and send them to the navigation company after the authentication is passed.
• Key Generation Center (KGC): KGC is considered to be semi-trusted and is mainly responsible for system parameter establishment and key generation. When it receives the vehicle pseudo-identity information sent by the trusted center, it will execute the key generation algorithm to generate a part of the private key for the vehicle user.
• Fog nodes: fog nodes are generally distributed on both sides of the road, which are used to broadcast task information issued by TA and collect messages signed by vehicle users. Fog nodes are registered in TA. After collecting the signature message of the vehicle in the range, it will first verify the validity of the message, if the legitimate fog node will aggregate it, and send the aggregated message to the trusted center TA. • Fog node registration phase: The fog node executes the algorithm to complete the registration. The fog node selects its own secret value * iq RZ  and calculates its public key And broadcast its public key, then send its own public key and identity information R ID to TA through a secure channel.
• Vehicle registration stage: The vehicle needs to be registered at the trusted center. In order to achieve conditional privacy protection, TA will generate a false identity for the vehicle. When the vehicle uses the false identity for communication, it will not disclose its real identity information, but when the vehicle has illegal behavior, TA can restore its true identity through its false identity and investigate the corresponding responsibility of the vehicle. Let The temporary pseudonym of the vehicle is • Task distribution: The navigation company sends the road sections that need to collect information to the trusted center, and the trusted center sends the corresponding tasks to the fog nodes of the corresponding road sections, and the fog nodes will broadcast the tasks after receiving the tasks. vehicles that meet the task requirements will sign the corresponding information and send it to the fog node, and the fog node will aggregate the signed messages after authentication and send them to the trust center.
• Data collection and upload: (2) Fog node aggregation signature phase: After receiving the signature messages from n vehicle users, the fog node will first verify whether each vehicle user's signature message is legal, for legal signature messages the fog node will aggregate them, for illegal signature messages, the fog node will discard them and report them to TA for illegal tracking. First of all, the fog node calculates the 5  the navigation company. Otherwise, the message is discarded and the illegal users are tracked down. Navigation information update: after receiving the message sent by the trusted center, the navigation company will update the navigation information of the corresponding road section in time, which can greatly alleviate the traffic pressure and reduce the incidence of accidents.

Security Proof
The aggregate signature scheme in this paper is based on the certificateless cryptosystem. According to the security model proposed in reference [17], the security of this scheme considers two different adversaries, the first common adversary I A and the second super adversary II A .

Theorem 1:
In the random prediction model, if there is an ordinary adversary I A who can win the game with a non-negligible probability  in polynomial time, then there must be a challenger who can solve the ECDLP problem with the following advantages: represents the corresponding number of hash prediction machine queries, cu q represents the number of user prediction machine queries, and k q represents the number of partial private key queries of the user.
Proof: Assuming that an ordinary adversary I A can win the game with the non-negligible advantage  , that is, successfully forge the valid signature of the target user i VID , then we think that the challenger C who interacts with it can successfully solve the ECDLP problem. C and I A interact with each other according to the following steps.
• Initialization phase: Challenger executes the algorithm to build the system, and makes K QP = , challenger disclose the system parameters, and establish and maintain the following four lists.     AT to the 1 L list. Make • Output stage: Finally, the adversary I A outputs a forged signature of ( , , ) VID A m , at this time, if m VID VID  , the challenger declares failure, otherwise, the challenger finds the following signature message from the signature prophecy machine: ( , ( , ), , , ) If the challenger wins the game, there will be: The adversary can reconstruct a new valid signature ( , ( , ), , , ) s h in polynomial time, that is, the following equation holds: According to equations (1) and (2), Challenger C can calculate: By equation (3) Among them, 12 [ | ] pr E E  = Through the analysis and calculation of the game process: Therefore, we can draw the following conclusion from equations (4) and (5) Obviously, if Challenger C can successfully forge a signature with advantage  , then the challenger can solve the ECDLP problem. However, in the random prophecy model, the ECDLP problem is a difficult problem, that is to say, the opponent's advantage does not exist. That is to say, the scheme in this paper can resist the forgery attack of adversary. Proof complete. In order to compare the computational efficiency of the scheme more clearly, a simulation experiment is carried out in a memory environment with Intel Core i5-7500 processor, 3.0GHz frequency and 8GB. As shown in figures 2 and 3, the computational efficiency of the scheme proposed in this paper is compared with that of references [6,14,16]. The results show that the scheme proposed in this paper has obvious advantages over the scheme proposed in references [6,14] in terms of signature algorithm and verification algorithm, and is basically the same as that in reference [16]. However, the scheme proposed in reference [16] can not resist class II A adversary attacks, so its security is not as good as that of this scheme. In addition, this scheme uses aggregate signature technology, which further reduces the computing overhead, so that it can meet the VANETs environment with high communication and computing overhead.     Aiming at the problem of security and privacy in the updating of road navigation information in VANETs, a certificateless aggregate signature scheme with conditional privacy protection based on certificateless cryptosystem is proposed, and the security of the scheme is expressed by strict security proof. The conditional privacy protection of vehicle users is realized by generating temporary pseudonyms. The bilinear pairing operation is not used in the construction process of the scheme, and the aggregate signature technology is used to greatly reduce the computational cost of the scheme. Through the performance analysis and comparison with other schemes, this scheme has obvious advantages over the competitive schemes in terms of security and computational efficiency, and is suitable for VANETs application environment.