Anonymous-authentication scheme based on fog computing for VANET

Privacy protection in vehicular ad hoc networks (VANETs) has always been a research hotspot, especially the issue of vehicle authentication, which is critical to ensure the safe communication of vehicles. However, using the real identity in the process of authentication can easily result in a leak of the privacy information of the vehicles. Therefore, most existing privacy-protection schemes use anonymous authentication and require one-to-one communication between vehicles and the trusted authority (TA). However, when the number of vehicles is too large, network congestion can take place. In addition, the process of updating the anonymous by the TA or the vehicle itself, can result in both poor real-time performance and leakage of the system master key. To solve these problems, this study proposes a fog-computing-based anonymous-authentication scheme for VANETs; the scheme reduces the communication burden of the TA by enabling self-authentication between vehicles and road-side units (RSUs), thus improving the vehicle-authentication efficiency. For updating the anonymous, we design a fog-computing-based pseudonym-updating and -tracking strategy, which guarantees real-time communication and reduces the instances of re-authentication interactions for legitimate vehicles. The experimental results show that the scheme not only meets the privacy-protection requirements of VANETs but also offers better performance than that of the existing anonymous-authentication schemes.


Introduction
The vehicular ad hoc network (VANET) is a core component of the intelligent transportation system and plays an indispensable role in many aspects such as improving communication efficiency and reducing traffic accidents [1]. The nodes of VANET comprise the following two parts: the onboard unit (OBU), which is installed in vehicles and the road-side unit (RSU), which is located on the road-side [2]. Using the OBU, vehicles can achieve the vehicle-to-vehicle, vehicle-to-infrastructure, and broadcast communications [3] for comfortable and safe services (e.g., weather information, entertainment-related internet service, and traffic accidents) [4]. However, owing to the characteristics of the open network environment and dynamic network topology, the VANET faces many challenges in the field of secure communication. As the precondition of secure communication, the authentication of vehicles guarantees the legitimacy of each communication node for vehicles to achieve secure communication. Therefore, the authentication of vehicles is particularly important in the VANET. However, there are still some challenges: 1) how to implement an efficient and secure authentication scheme between the vehicles and RSU [5]; 2) how to protect the privacy of users during the process of authentication. Therefore, designing an efficient and secure anonymous-authentication scheme has wide applications [6][7].
In recent years, researchers have proposed many authentication schemes for VANET in order to address this problem. Most of these schemes achieved security authentication based on anonymous. Meanwhile, to avoid tracking attacks, vehicles need to change their pseudonyms frequently. At the beginning, these existing schemes can verify the identities of vehicles in the VANET, by which malicious vehicles could be prevented from communicating with other legitimate vehicles or RSUs, and, thus, the privacy information of the vehicles could also be protected. However, it is difficult to accomplish efficient authentication when the number of authentication requests increases in a short time, and if the certificate revocation list (CRL) is large. Subsequently, the transmission delay gets longer when the size of the CRL becomes larger [8]. During this period, malicious vehicles can continually compromise the VANET. Also, broadcasting the CRL to other vehicles will disclose the privacy information of the revocation vehicles, as the legal vehicles have all the pseudonyms of the revoked vehicles. Considering the issues of inefficient authentication and costs caused by the CRL, many related scholars proposed several efficient authentication schemes using the hash message authentication code (HMAC), which prevents the attackers from changing the content of the messages sent by legitimate vehicles or RSUs [9]. Moreover, if an anonymous vehicle in the VANET system becomes malicious, its privacy should be revoked by the trusted authority (TA) and revealed to other vehicles [10], so that it can no longer be anonymous; this is done to protect the performance of the system. Thus, the revocation scheme has been considered as very essential to retain other users as honest in the VANET [11].
In this study, we proposed a novel authentication scheme that leverages fog-computing architecture to protect the privacy of vehicles (i.e., achieving anonymity) for the VANET. The following are the main contributions of this study: 1. A two-way anonymous-authentication scheme, which is based on anonymity, is designed, in which the RSU and the vehicle do not need the TA in order to participate in the process of identity authentication, thereby reducing the burden of the trusted center, as well as the authentication delay.
2. By introducing fog computing to generate and update the anonymity of vehicles, legitimate vehicles do not need to authenticate all the RSUs in the driving period, thereby reducing the times of authentications between legitimate vehicles and RSUs.
The rest of this paper is structured as follows: Section 2 details the related work; Section 3 provides the system model; Section 4 presents the proposed scheme; Section 5 provides the security analysis of this paper. Section 6 analyses the performance of the proposed protocol. Finally, Section 7 concludes this paper.

Related work
The existing authentication schemes for the VANET are mainly based on pseudonyms in order to achieve efficient and secure anonymous authentication.
Lu et al. [12] proposed a pseudonym-based effective conditional privacy-protection protocol, which is based on bilinear mapping, to obtain the conditional privacy of vehicles. However, the RSU has high latency while generating pseudonyms. In addition, the RSU is usually vulnerable to physical attacks and hazards, thereby not guaranteeing security very well. Huang et al. [13] proposed an efficient pseudonymous authentication-based conditional privacy protocol for VANETs (PACP), in which the TA first generates a long-term pseudonym for vehicles, following which the vehicles obtain a "token" from the RSU. Finally, the vehicles generates its own pseudonym to achieve anonymous communication. However, the limitation of PACP is that during token generation, the RSU does not know any information regarding vehicles, and it is the only entity to generate tokens in the VANET; therefore, the complete reliability of tokens cannot be guaranteed. Furthermore, Skim et al. [14] proposed a pseudonymbased conditional privacy-protection authentication protocol, which improves the efficiency of node-identity authentication by reducing the time-consuming mapping operation. However, the frequent authentication process increases not only the computation cost and authentication delay but also the burden for the authentication agency. In addition to privacy protection, how to achieve effective authentication of vehicles is also an important challenge for the contemporary VANET. Therefore, researchers proposed pseudonym-based batch authentication schemes, such as the revocable group batch authentication scheme (RGB) [15], the anonymous batch authentication and key agreement [16], and the authentication scheme for VANETs with batch verification (BVV) [17] under the random oracle model.
In addition, for designing anonymous VANET authentication scheme based on pseudonym, some papers choose group signature to achieve anonymous authentication of the node identity. Among them, Lin et al. [18] introduced group signature into the VANET for the first time, thereby preventing the leakage of the user's privacy information in the process of identity authentication. However, in the entire process, frequent group key updates increase the computational overhead; therefore, the scheme cannot meet the high efficiency requirements of the VANET. Furthermore, Zhong et al. [19] proposed an efficient group signature scheme with revocation (GSR), which combines the subset cover framework with Camenisch-Stadler. However, the group signature scheme also faces some open security problems; i.e., group administrators are not protected, and the selection of relevant vehicle group administrators may endanger the privacy of all the group members.
However, the pseudonym-based authentication scheme does not face the security threat caused by the group signature scheme, and the former is more efficient than the latter [20]. However, in the pseudonym-authentication-based VANET, one-to-one communication is required between vehicles and the TA. In addition, when the number of vehicles is too large, network congestion is caused easily. Besides, the process of anonymous update by the TA or by the vehicle itself can easily cause both poor real-time performance and leakage of the system master key.
In this study, we provide a fog-computing-based anonymous-authentication scheme for the VANET; the scheme reduces the communication burden of the TA by performing self-authentication between vehicle and RSUs, thereby improving the efficiency of vehicle authentication. For an anonymous update, we design a fog-computing-based pseudonym-updating and tracking strategy, which guarantees real-time communication and reduces the instances of reauthentication interactions for legitimate vehicles.

System model
The system model of this study is depicted in Fig 1, which consists of three major layers, namely, the cloud layer, the fog layer, and vehicles.
1. Cloud layer: It is the trust authority of the entire system and has the powerful ability to calculate and store a large amount of information. Clouds mainly include the TA, computing resources, and storage resources. In this study, first, the TA is responsible for registering and managing the local authorities (Las) and vehicles, as well as allocating certification and system parameters to them simultaneously. Second, it also exposes the true identities (TIDs) of the vehicles in a traffic dispute.
2. Fog layer: In cloud computing, the elements of the network infrastructure (such as RSU and base station) are deployed near the edge of the network, and they are interconnected to form a fog layer. In the network infrastructure, there is a dedicated local fog server to connect to the Internet wirelessly, and to provide a wireless interface for vehicles to access computing and storage resources. These fog servers use the network-function virtualization technology in order to virtualize the physical resources in the fog infrastructure, to build virtual machines for computing instances. In addition, to realize flexible resource allocation among fog servers, virtual machines are dynamically created, migrated, loaded, and destroyed according to different network states, by using the network technology defined by software [21]. On the basis of these technologies, the fog layer is implemented in the real scene. In this study, each fog mainly consists of five parts, namely, the LA, RSU, base station, computing resources, and storage resources. The LA is responsible for generating and updating the anonymous information of vehicles and, subsequently, recording it in the storage resources of the corresponding fog layer, thereby distributing the anonymous information to the corresponding vehicles through RSU, and, thereafter, uploading the generated anonymous information to the cloud layer. The RSU is a fixed roadside communication unit, which communicates with the LAs and vehicle through both wired and wireless networks. This study assumes that the RSU is completely trusted and is used to verify the validity of the vehicle identity, and that the anonymity generated by the LAs is forwarded to the vehicle. 3. Vehicles: Each vehicle is equipped with an OBU, which shares some value information (for example, traffic safety warnings) with RSUs and other legitimate vehicles, through wireless communication technology. Each OBU possesses a tamper-proof device for storing public keys, private keys, and other sensitive and confidential information. In addition, a global positioning system (GPS) provides the location information of vehicles.

Attack model
Owing to the openness of network environment in the VANET, it is inevitable to face the following attacks: 1. Impersonation attack: Attackers may pretend to be a legal vehicle or RSU in order to cheat other legal nodes.
2. Message repudiation attack: When the authorities reveal the real identity of the attacker, the attacker can repudiate the malicious information sent previously.
3. Error message attack: Attackers send some error messages to affect the judgment of users, which, in turn, may lead to accidents.
4. Privacy attack: Attackers obtain sensitive information of vehicles by analyzing the content of messages.
5. Message replay attack: Attackers replay valid messages that had been sent previously, to disturb transportation.
For the above-mentioned attacks, the authentication feature can resist the impersonation attack; the traceability feature can resist the message non-repudiation attack; the integrity and unforgeability features can resist the error message attack and the message replay attack; and the anonymity feature can resist the privacy attack.

Definitions and assumptions
Discrete Logarithm (DL) Problem. Let P be the generator of G 1 , for a 2 z � p . Given P and aP, compute a.
The probability of D DL success is defined as follows: A is a negligible value for all the PPT algorithm D DL . Computational Diffie-Hellman (CDH) problem Let P be the generator of G 1 , for all a; b 2 z � p . Given (P, aP, bP), compute abP by using the probabilistic polynomial time algorithm A. The probability of A success is defined as follows: is a negligible value for all the PPT algorithm A.

Proposed system
As depicted in Fig 2, the main design of this system is the anonymous-authentication scheme. It includes the following two processes: system initialization, and efficient and secure authentication scheme. The summary of the symbols used in this paper is provided in Table 1.

System initialization
Cloud layer. TA: It generates the public parameters, namely, G 1 ; G 2 ; G; q; P; e; and p, and initializes the system by using the following steps [22]: 1. TA chooses a random number, c TA 2 z � q , as the private key, SK TA = ψ TA , and computes the corresponding public key, PK TA = ψ TA P.

TA chooses hash functions
3. TA chooses a security symmetric cryptographic, E K (�), publishes the system parameters, namely, G 1 ; G 2 ; G; q; P; e; p; PK TA ,H(�),h(�) and E K (�), following which it downloads the system parameters into fog layer and vehicles.
Fog layer. LA: The cloud layer distributes the TID, private key, public key, etc. to the LAs as follows: 1. TA chooses a random number, ε i 2 z � p , as its private key and computes the corresponding public key, PK LA i ¼ ε i P.
2. TA computes the certification parameters, RSU: The cloud layer distributes the TID, private key, public key, etc. to the RSUs as follows: 1. TA chooses a random number, r i 2 z � p , as its private key and computes the corresponding public key, PK R i ¼ r i P.
2. TA computes the certification parameters, Vehicles. TA distributes the pseudonym, private key, public key, etc. to the vehicles as follows: 1. TA computes the certification parameters, 2. TA chooses a random number, r i 2 z � p , as vehicles' private key, SK V i ¼ r i , then generates the public key, PK 0 V i ¼ r i P, and pseudonym, FID 0

Efficient and secure authentication scheme
This study proposes an anonymous-authentication scheme, which is based on pseudonym and fog computing, to meet the efficiency and security requirements in the VANET. First, we design a self-checking authentication, instead of the traditional authentication with reliable authority, thereby improving the efficiency of illegal vehicle authentication. Furthermore, fog computing is introduced to realize anonymous management, reduce the number of authentications, and improve the efficiency of authentication.
In this scheme, the authentication process between the fog layer and the vehicle does not require the participation of the cloud layer. In addition, the vehicles are divided according to the following two categories: 1) Situation 1: the previous vehicles have not been certified by other RSUs in the fog layer; and 2) Situation 2: the previous vehicles have been certified by other RSUs in the fog layer. For the vehicles in Situation 1, it can be authenticated by anonymity and authentication parameters, including five information exchanges. However, in Situation 2, the vehicle can be quickly validated by checking the anonymous tracking table, requiring only two rounds of information alternation. Simultaneously, both the authentication processes can achieve anonymous authentication. The information-exchange model and both the main authentication process are depicted in Figs 4, 5 and 6, respectively. In addition, the detailed authentication process is as follows:  RSUs broadcast the messages: RSUs broadcast messages periodically as follows: Vehicles authenticate the RSUs. When vehicle V i drives into the domain of RSU i , the former could receive M 1 and verify it as follows: • V i receives M 1 and verifies the timestamp TS first by computing |CT−TS|<Δt, (Δt is the expected network-transmission delay).
• V i obtains PK R i ; L R i , and hðL R i Þ from M 1 , and, thereafter, it verifies s SK TA ðPK R i ; L R i ; hðL R i ÞÞ by using PK TA .
• V i obtains the current geographic location, L V i , from the GPS in vehicles and, subsequently, computes DL ¼ jL R i À L V i j and determines ΔL � 600.
Upon completing the entire process, V i completes the authentication for RSU i . RSUs authenticates the vehicles. Situation 1: The vehicle had not been authenticated by other RSUs previously. (see Fig 4) • V i selects a random number, N 1 , and, thereafter, sends the message, M 2 : ðTS; E PK R i ðN 1 ; HðFID 0 V i ÞÞ; HMAC N 1 ð�ÞÞ, to RSU i of the fog layer.
• RSU i obtains N 1 from M 2 and verifies HMAC N 1 ð�Þ first; subsequently, it selects a random number, a i 2 z � p , computes T R i ¼ aP and finally sends the message, • V i receives M 3 and verifies HMAC N 1 ð�Þ; subsequently, it selects a random number, b i 2 z � p , to compute T V i ¼ bP and 4 and, subsequently, verifies HMAC N 1 ð�Þ, following which it calculates the parameters, If formula (1) holds, RSU i completes the authentication for V i . Meanwhile, the fog layer begins to provide anonymous management services. Thus, When RSU i completes the authentication of vehicle V i , RSU i sends the pseudonym of vehicle authentication, as well as the corresponding public key and certificate {FID 0 V i ; PK 0 V i } to the local authentication, LA m , in the fog layer. • LA m generates w numbers of anonymities fFID k are pseudonyms corresponding to the private key and pseudonym certificate) for vehicle V i and, subsequently, sends them to vehicle V i through RSU i . Simultaneously, LA m uploads fFID k Table 2) to TA in the cloud layer.
• TA updates and stores the corresponding pseudonym tracking table of vehicles in the storage resource(the anonymous tracking table is depicted in Fig 5.), and, thereafter, sends to the fog layer. All the RSUs in the fog layer share the updated anonymous table of vehicle V i through fog calculation in order to reduce the authentication process of other RSUs except that of RSU i .
• RSU updates the new anonymous table of vehicle V i and deletes the previous anonymous table.
Situation 2: The vehicle had previously been authenticated by other RSUs. (see Fig 6) • V i sends the message, • RSU i receives M 2 , first verifies TS and HMAC N;1 (�), and then verifies s SK LA ðFID k V i ; PK k V i Þ. If the verification is successful, the anonymous vehicle is validated according to the pseudonym tracking table sent by the TA.  Fig 7), to TA in the cloud layer after discovering illegal vehicles. the illegal vehicle  according to the anonymous tracking table in the storage resources. 3. Finally, TA tracks the TID of the vehicle, TID Vi , by computing

Security analysis
In this section, we will provide the security analysis of this study.  Anonymous-authentication scheme based on fog computing for VANET

Authentication
The authentication of the proposed scheme is proved using the following two aspects. Authentication of RSU. When a vehicle drive into the domain of an RSU, the former must first authenticate the identity of the latter. In this study, the authentication of the RSU is achieved by the signature and geographic location.
According to the message M 1 sent by the RSU, vehicles first verify signature s SK TA , following which the vehicles compute DL ¼ jL R i À L V i j, and finally determine whether ΔL�600 to ensure the legitimacy of the RSU.
In this process, the signature s SK TA is generated by the TA, and the private key of the TA, SK TA , is known only to the TA without any transmission. Therefore, any attacker cannot obtain SK TA and forge the signature. Thus, only the legitimate RSU has the signature, s SK TA .
In addition, the value of ΔL is calculated using the geographic location of the RSU and vehicles. If the signature, s SK TA ; is correct, the geographic location of the RSU, L R i ;in M 1 is also correct. Meanwhile, the geographic location of vehicles, L V i ; is obtained from the GPS in the vehicle. Therefore, ΔL must be not be more than 600 m (the communication range of the RSU is approximately 600 m). Consequently, when s SK TA is correct and ΔL�600, the identity of the RSU is legal. Authentication of vehicles. Situation 1: The vehicle had previously been authenticated by other RSU.
If the adversary wants to impersonate a legal vehicle to get authenticated by the RSUs, it must generate a valid message, M 4 , and send it to the RSUs. According to M 4 , the RSUs will verify the legality of the vehicular identity on the basis of formula (2) and K V in message, M 4 . One has If formula (2) is workable, the identity of the vehicles is legal. Situation 2: The vehicle had previously been authenticated by other RSUs. If the vehicle had previously been authenticated by RSU i−1 , then RSU i only needs to authenticate it according to the anonymous tracking table sent by the cloud.
Theorem: Assuming that H is a random oracle, the DL and CDH assumptions are valid, and the identities of the vehicles in this scheme are authenticated.
Proof: If an adversary, A, could impersonate a real identity of a legal vehicle, TID V , and generate a valid message, M 4 , then it must be able to compute the valid value of the parameter S V = sP = ψ TA Q V P = ψ TA H 1 (TID V )P. The advantage of the success of A is Adv M4 A . Constructing two algorithms, D CDH and D DL , to solve the CDH and DL problems, respectively.

Game 1:
Setup: According to the section system initialization, D DL generates the public parameters, namely, G 1 ; G 2 ; P; q; e; G; p; g; PK TA ; H 1 ð�Þ; hð�Þ; and E k ð�Þ, and sends them to A. Subsequently, A could query D DL up to q DL times. Query:

1.
A queries what is TID V equal to?
2. D DL defines s = H 1 (TID V )P and returns it to A.
Challenge 1: 1. After A received s, it inputs (P,s) to obtain H 1 (TID V ) by D DL ; 2. A inputs (P,PK TA ) to obtain ψ TA ; In the above-mentioned process, the advantage of the success of A is Adv DL

Game 2:
Setup: According to the section system initialization, D DL generates the public parameters, G 1 ; G 2 ; P; q; e; G; p; g; PK TA ; H 1 ð�Þ; hð�Þ; and E k ð�Þ; and sends them to A. Thereafter, A could query D CDH up to q CDH times. Query:

1.
A queries what is TID V equal to?
2. D CDH defines s = H 1 (TID V )P and returns it to A.

Challenge 2:
After A receives s. it inputs (P, PK TA , s) to obtain H 1 (TID V ) by D CDH . In the above-mentioned process, the advantage of the success of A is Adv CDH A ¼ q CDH � Adv CDH . In summary, the advantage of A generating the valid message, M 4 , i.e., the advantage of successfully calculating the valid parameter S V is as follows: According to the section definitions and assumptions, the advantage of D DL successfully solving the DL problem and that of D CDH successfully solving the CDH problem, in polynomial time, can be neglected. Thus, the advantages of A successfully generating a valid message, M 4 , is also negligible.
Therefore, the identity of the vehicle in Situation 1 satisfies the authentication requirement of the node identity. However, if the vehicle had previously been authenticated by RSU i±1 (Situation 2), then the latter only needs to authenticate the former according to the anonymous tracking table sent by the cloud.

Anonymity of vehicles
The anonymity of the proposed scheme is realized by the anonymous management of cloud and fog.
Sensitive information such as FID V i is included in the information sent by vehicles. In clouds, because the private key of the TA is secure, except for that of vehicles, only the TA knows the real identity of the vehicles; therefore, attackers cannot forge pseudonyms issued by clouds. In addition, only the TA in the cloud can reveal the relationship between vehicle anonymity and real identity, when illegal vehicles are found. In the fog layer, the RSU can authenticate the vehicle anonymously without knowing the real identity of the vehicle. Simultaneously, because the LA generates a pseudonym without obtaining the real name of the legitimate vehicle and uploads the pseudonym to the cloud, it cannot be traced back to obtain the real name of the vehicle. Therefore, no attacker can obtain the real identity of the vehicle.

Traceability
Vehicles communicate with the RSU by using their anonymities, and some malicious vehicles may send false information to cause traffic accidents. In this situation, the cloud layer can reveal the identity of the vehicles with the help of the TA and the storage resources of the cloud layer.
After receiving the anonymous, {FID m V j ; PK m V j ; s SK LA ð�Þ}, of the irregular vehicle V sent by the RSU, the cloud finds the initial anonymous, {FID 0 V i ; PK 0 V i }, of vehicle V in the anonymous tracking table of the storage resources. Thereafter, the initial anonymity is sent to the TA. When the TA receives {FID 0 V i ; PK 0 V i }, it obtains the real name, TID V , of the illegal vehicle according to the following formula: Thus, the traceability of the proposed scheme is achieved.

Message integrity and unforgeability
In the VANET, messages are more likely to become invalid requests, such as packet loss or bogus messages forged by attackers, as the communication model between the vehicles and RSU or among the vehicles, is based on wireless communication. To ensure the integrity of the messages, most existing schemes utilize HMAC or signature. In this study, the integrity of the messages can be achieved using HMAC because of its lightweight overhead.
In this study, the unforgeability of the messages is achieved by s SK TA or HMAC N 1 ð�Þ. In message M 1 , the signature, s SK TA ; is generated by the TA by using its private key SK TA . Because SK TA is only held by the TA, attackers cannot compute it according to the public key PK TA = ψ TA P. Thus, s SK TA cannot be unforged by attackers. In messages M 2 −M 5 , N 1 is the shared key between the vehicles and RSU. Vehicles encode it using the public key of the RSU and then send it back. However, only the RSU can decode it using its private key, SK RSU , and obtain N 1 . Thus, attackers are unable to gain N 1 and forge messages.

Performance evaluation
In this section, we evaluate the performance of the proposed scheme. First, we compare the proposed scheme with the existing schemes in terms of computation and communication costs. In addition, we evaluated the average delay of the proposed scheme.

Computation cost analysis and comparison
According to reference [23], the computation cost mainly depends on the following three parameters: first, the time taken to execute a pairing operation, T p ; second, the time taken to execute one-point multiplication over an elliptic curve, T m ; and third, the time taken to execute a MapToPoint hash function, T h , where T p = 1.6 ms, T m = 0.6 ms and T h = 2.7ms. This paper does not consider other operations requiring low computational costs, such as the HMAC operation (executing time is 0.006 ms).
Because this study divides vehicles into two categories, both of which have has been mentioned previously, the number of vehicles needed to be verified, n, includes the number of vehicles in Situation 1, n 1 , and that in Situation 2, n 2 ; therefore, n = n 1 +n 2 . Furthermore, Table 3 and Fig 8 objectively illustrate the comparison between our proposed scheme and other existing schemes, in terms of the verification time. From Fig 8, it can be observed that our proposed scheme requires lower computational cost. Especially, when the number of vehicles, n, is equal to 100, the CPAS, RGB, and BVV take 780.6, 968.1, and 1030 ms, respectively. Whereas the proposed scheme takes only 448 ms (n 1 = 30%n, n 2 = 70%n), or 744 ms (n 1 = 60% n,n 2 = 40%n).

Communication-cost analysis and comparison
In this paper, the communication cost is represented by the size of messages. In this section, we mainly focus on the additional communication cost, such as the cost associated with signature, certification, and pseudonym. As shown in Table 4, the additional sizes of messages are 101 bytes for CPAS [14], 63 bytes for RGB [15], 280 bytes for BVV [17], and 76 bytes for our proposed scheme. In addition, Fig 9 compares the communicational cost of the proposed scheme with those of some existing schemes. From the figure, we can see that the communicational cost of the proposed scheme is lower than that of each CPAS and BVV.

Experiment and simulation
To ensure the authenticity and feasibility of the experiment, the relevant parameters of this experiment are based on the real data provided by the federal government of the United States [24]. All the simulation parameters are listed in Table 5.
Average delay. This study uses formula (4) From Fig 10, it can be clearly seen that the average delays of both the RGB and proposed scheme are less than those of the CPAS and BVV, with the same number of vehicles. In  Anonymous-authentication scheme based on fog computing for VANET addition, our proposed scheme is the most efficient of all the schemes mentioned when the number of vehicles ranges from 20 to 30. Furthermore, when the number of vehicles is more than 30, our proposed scheme becomes more efficient than CPAS and BVV as well.
Packet-loss rate. In addition to analyzing the average delay of the proposed scheme, the packet-loss rate of the proposed scheme is compared with that of various schemes, under two states, i.e., static and dynamic states (see Table 6). As depicted in Figs 11 and 12, the proposed scheme also has some advantages with respect to the packet-loss rate.

Conclusions
This study presented a fog-computing-based anonymous-authentication scheme for the VANET. In the proposed scheme, vehicles are divided according to two situations. According to the different above-mentioned situations, the RSUs in the fog layer are authenticated using pseudonyms. The pseudonym management of the vehicles is achieved via fog computing, which improves the performance after entering the first authentication, thus realizing both privacy protection and efficient authentication.