A Fair Blind Signature Scheme to Revoke Malicious Vehicles in VANETs

: With the rapid development of IoT (Internet of Things), VANETs (Vehicular Ad-Hoc Networks) have become an attractive ad-hoc network that brings convenience into people’s lives. Vehicles can be informed of the position, direction, speed and other real-time information of nearby vehicles to avoid traffic jams and accidents. However, VANET environments could be dangerous in the absence of security protection. Because of the openness and self-organization of VANETs, there are plenty of malicious pathways. To guarantee vehicle security, the research aims to provide an effective VANET security mechanism that can track malicious vehicles as necessary. Therefore, this work focuses on malicious vehicles and proposes an anonymous authentication scheme in VANETs based on the fair blind signature to protect vehicle security.


Introduction
The rapid development of wireless communication technology has enabled mobile ad-hoc networks to be widely adopted in the ubiquitous Internet of Things, along with the rise of VANETs (Vehicular Ad-Hoc Networks). As the infrastructureless and decentralized nature of VANET, it is easy to suffer from various malicious attacks. The smart vehicles can be classified into cooperative or malicious ones with the help of machine learning techniques, such as support vector machine [Wahab, Mourad, Otrok et al. (2016)], extreme learning machine [Xiang, Zhao, Li et al. (2018)], etc. But, privacy-preserving is a challenge and the main threat that VANETs face is also the issue of privacy. The previous research of VANETs mainly focus on authentication [Calandriello, Papadimitratos, Hubaux et al. (2007); Han, Sang and Bae (2017) ;Lin, Sun, Ho et al. (2007); Oulhaci, Omar, Harzine et al. (2017); Tian and Qiang (2012)] defense against Sybil attacks [Feng, Li, Chen et al. (2017); Hussain and Oh (2014); Wu (2017) ;Zhang, Liang, Lu et al. (2014)] along with DDoS attack prevention [Biswas, Mišić and Misic (2012) ;Hamieh, Ben-Otheman and Mokedad (2009) ;Hussein, Elhajj, Chehab et al. (2017)]. In 2011, hackers successfully invaded a vehicle through Bluetooth and wireless network technology. In July 2013, a company engineer successfully caused a vehicle brake failure by controlling its speed and making the engine stop. In March 2014, a security consultant put forward inherent password security vulnerabilities in the 2014 Black Hat ASIA conference in Singapore, which would lead to the leaking of the personal information of the driver. Additionally, on February 9, 2015, Massachusetts Senator Ed Markey published a report about risks of VANETs, which disclosed although more and more vehicle manufacturers wanted to apply wireless sensor devices and applications in vehicles, they would be unable to prevent hackers from impairing vehicular security [Markey (2015)]. In VANETs, there are two main communication types: V2V (Vehicle to Vehicle) and V2I (Vehicle to Infrastructure). Hartong et al. [Hartong, Goel and Wijesekera (2007)] proposed an algorithm that was based on the geographic location concept [Denning and Macdoran (1996)], which used the vehicle location, the speed and travelling time information as factors to protect the communication of V2I. In 2008, Zhang et al. [Zhang, Lu, Ho et al. (2008)] presented a pseudonym application based on blind signature technology for vehicles between two Remote Sensing Utilities (RSUs), which can prevent infrastructure from peeking into the trails of vehicles, but unable to revoke a malicious vehicle. Feng [Feng (2010)] used Combined Public Key (CPK) and blind signature to propose a pseudonym generation scheme to satisfy security and privacy requirements, which is more efficient in computation and communication cost. Proxy Blind Signature Scheme (PBSS) [Tian and Qiang (2012)] proposed a signature scheme based on blind signature and proxy multi-signature certification technology, which solved authentication problems between the nodes. The use of two signature technologies realized onboard interactivity authentication and improved communication safety. Experimental results show PBSS can meet the on-board node mobility and complexity, as well as the authentication efficiency and offering good performance. However, these articles do not provide traceability capability for VANETs, especially when a vehicle abuses the blind signature. Essentially, the malicious vehicle can abuse the anonymity of the blind signature to commit an array of fraudulent behaviors. The question is how to constrain abusive behaviors in reality? It was never addressed in the abovementioned articles. This work proposes a lightweight anonymous authentication scheme, which can be used to track anonymity abuse in VANETs. Comparing with previous anonymous authentication schemes in VANETs, the proposal is the only one that can achieve privacy protection, authentication and traceability.

Overview of fair blind signature
Conventional blind signature is that the signers of the document never know what they have signed, which may cause blind abuse. Some malicious users will use the feature of the blind mechanism to cheat the signer to sign unwilling contents. As opposed to blind signature, fair blind signature [Stadler, Piveteau and Camenisch (1995)] adds a trusted third party to avoid this phenomenon because the trusted third party is able to supervise the signing process. Upon finding the signed contents are tampered with, it can track the malicious user in a timely fashion. Compared to blind signature mechanism, the revocable anonymity is brought into the Fair blind signature mechanism, in which the authority can link an issuing session to the resulting signature and track a signature to the user who possesses it.
3 System architecture Fig. 1 illustrates a communication scenario and mode between the vehicles, Trust Managers (TMs) and RSUs. Communication mode includes communication amongst the vehicles and between vehicles and infrastructures. In this figure, it mainly introduces the communication between the vehicles, infrastructure, TMs and information transmission mode. , along with the RSU in the VANET. In our scheme, before a vehicle engages into daily traffic, it must register at the TM. In this process, firstly the vehicle signs the message using its own identity information, and then sends it to the nearby TM. The process generates the parameters of the signature process, transmission information and the signature algorithm. After the TM receives this information, it will verify whether the information is from the authentic vehicle. Then the TM uses the same signature algorithm to sign information, and then sends it back to the vehicle. After the vehicle receives the returning information, it will check whether these messages have changed or not. If not, it will send this signature to the RSU, which the vehicle will keep for future use. The RSU then starts its verification if there is the true signature of TM, it will complete the blind signing, and transmit the final signature to the vehicle.  .The public key of vehicles in the region are disclosed during running. As per the above introduction, before vehicles connect with the RSU they must have a registration process, so that they can use signatures from a local TM to represent their identities to connect with the RSU. The registration process includes the two steps: 1. The vehicle will sign its own privacy information and send it to the local TM. Then the TM verifies and registers it. If successful, TM will sign the information and return it to the vehicle; 2. After the vehicle has received the TM's signature, it will check whether the signature is tampered with or not. If the information has not been tampered, the vehicle will use the TMs' signatures as its identity certificate to communicate with RSUs anonymously. In addition, the TM also distributes a different electronic license to each vehicle.

System initialization phase
Use a set R to denote these RSUs in the region, . R stores the public key ( ) e N PK , , private key d as well as the two prime numbers p and q . Besides, R chooses a secure hash function H( ).

Registration at TM of vehicles
In this process, the TM gives each vehicle a valid license before driving on-road and storing related information about the vehicle. Then the vehicle will sign its own information and send it to the local TM for registration. Assume the vehicle is denoted as Vi: 1. Vi randomly selects a number r, 1<r<N, and calculates 3. After vehicle Vi has received (m, DSA (m)) from TM, it will verify whether its information has been modified or not. If the information has not been tampered with, the vehicle Vi sends (m, DSA (m)) to a certain RSU, which Vi will communicate in future.

After receiving '
S from R, the vehicle Vi will calculate N r S S mod / ' = , where S is the signature of the transmitting information signed by R.

Verification
The verification process begins by processing the blind factor γ to obtain the inverse of γ, then according to the blind factor γ to restore the message S. Next, the public key e is used to verify the signature. Finally, ) (m h S e = is calculated to verify whether the information has been tampered or altered by an external party. 4. Once the infrastructure R finds the transmitted message is incorrect, it can track the real vehicle with the help of the TM.

Analysis of experimental results
In order to verify the validity of the scheme, the simulation experiment was carried out. C++ language is used to develop experiments on a Microsoft Windows 7 system with a 2.6 Ghz Intel Core i5 processor and 4 GB memory. The experimental data set is generated by the algorithm of Thomas Brink [Brinkhoff (2002)] and widely recognized by the mobile data management industry. Oldenburg mobile network (5*5km) is used as the input to generate mobile data sets and communication node objects. According to the VANET security standard of IEEE 1609.2 [IEEE Standard (2006)], the definition of message format is described in Tab. 2.  Fig. 12 shows the impact of the message transmission distance to the receiving rate. As transmission distance increases, the success rate of messages decreases. , the success receiving rate of messages is greater than 90%. Therefore, we take the number of messages contain a blind signature z=4. Under this condition, system is able to meet the verification requirements of most of the vehicle authentications. Tab. 3 compares our scheme with the PBSS [Tian and Qiang (2012)] in anonymity, authentication and trace-ability. PBSS adopts the distributed proxy blind signature, which can avoid forgery attacks and meet authentication security, but not considering privacy protection and traceback of anonymous abusers.

Conclusions
In this paper, an anonymous authentication scheme based on the fair blind signature is proposed for communication between vehicles and RSU in VANETs, along with the relative merits of the scheme against alternative communication approaches. A simulation experiment was then conducted to assess the merits of the Fair blind signature scheme, which includes an evaluation of the success receiving rate of messages. From the security analysis and experimental results, the proposed scheme is proven to possess anonymity, traceability and authentication functionalities. In the future, it should be an interesting issue to transmit the signature by steganography [Zhang, Qin, Zhang et al. (2018)] because of its excellent imperceptible in human sense system and statistic [Yang, Luo, Lu et al. (2018)].