This article has been accepted for inclusion in a future issue of this journal.

Content is final as presented, with the exception of pagination.

IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS 1

A UAV-Assisted Authentication Protocol

for Internet of Vehicles
Junfeng Miao , Zhaoshun Wang, Xin Ning , Senior Member, IEEE, Achyut Shankar ,
Carsten Maple , and Joel J. P. C. Rodrigues , Fellow, IEEE

Abstract— As a component of the Intelligent Transportation transportation industry. It has drawn increased interest from
System (ITS), Internet of Vehicles (IoV) is becoming increasingly the transportation industry as well as academia [1], [2].
important in the management and construction of urban trans- With the assistance of On-Board Units(OBU) and Road Side
portation as it can provide users with a range of applications
related to traffic accident warnings, entertainment information, Units (RSU), IoV can realize the collection, analysis, sharing,
collaborative driving and real-time road information through computing and safe distribution of traffic network information
communication devices on vehicles. However, with the increasing [3], [4]. These features provide a safer and more informative
variety of services in the IoV, the growing demand for user traffic travel experience for drivers and passengers. In the IoV, RSU
and the advances in Unmanned Aerial Vehicle (UAV) technology, is an intermediate node for information exchange between the
UAV is introduced into the IoV as a solution, which can relieve
the pressure on the communication infrastructure in the network, vehicle and the external network. The communication status
provide emergency communication services and improve the of the connection between RSU and the vehicle determines the
performance of network services. Due to the openness of IoV and overall communication performance of the IoV [5]. Therefore,
the high-speed movement of vehicles, authentication and privacy the deployment strategy of RSU becomes an important factor
issues are among the most pressing issues in IoV. Therefore, the in determining the connectivity and timeliness of the IoV.
paper proposes a secure and effective authentication protocol for
UAV-assisted IoV. The protocol utilises elliptic curve cryptogra- In traditional Inteligent Transportion System, the deployment
phy to assure the security of the authentication. The protocol of roadside sensing nodes generally adopts static fixed-point
undergoes proof of security, Burrows-Abadi-Needham (BAN) deployment [6]. But because the structure of the IoV is chang-
logic analysis and informal security analysis to ensure secure ing quickly and dynamically, the deployment will inevitably
and mutual authentication, and have a good resistance to known result in the waste of resources or the shortage of resources in
attacks. Furthermore, performance analysis and comparison are
conducted to evaluate the efficiency of our protocol. The results a certain time. And the deployment for a significant number of
indicate that our protocol has superior advantages in overhead. RSU will make the construction cost of the IoV unaffordable.
And because of the height limit, the quality of communication
Index Terms— Internet of Vehicles, unmanned aerial vehicle,
security, authentication. is easily affected by the surrounding environment of high-rise
buildings, mountains and other obstacles. Once deployed, this
I. I NTRODUCTION location is fixed, and coverage is affected by the location of
deployment. The late high cost of operation and maintenance
I N RECENT years, it has become widely popular with the
advancement of intelligent transportation systems. Because
its information exchange and content sharing rarely require
will seriously restrict the development of the IoV. This is a
huge obstacle for the practical application of the IoV [7], [8].
human intervention, IoV can guarantee traffic safety, improve UAV-based wireless communication auxiliary technology
traffic efficiency and driving experience, and thus become has recently attracted a lot of interest and research due to the
a key factor to promote the development of the intelligent advancement of UAV technology. For some remote areas that
lack basic communication facilities or basic communication
Manuscript received 26 July 2023; revised 31 October 2023 and 6 December facilities are damaged or blocked, UAV can carry communica-
2023; accepted 2 January 2024. The Associate Editor for this article was
A. H. Sodhro. (Corresponding authors: Zhaoshun Wang; Xin Ning.)
tion equipment for temporary coverage and provide emergency
Junfeng Miao and Zhaoshun Wang are with the School of Com- communication services, which has great application prospects
puter and Communication Engineering, University of Science and [9]. In the process of building the IoV, UAV can be deployed
Technology Beijing, Beijing 100089, China (e-mail: miaojunfengwu@
[Link]; zhswang@[Link]).
flexibly. The cost of RSU deployment can be reduced by
Xin Ning is with the Institute of Semiconductors, Chinese Academy of rapidly establishing communication links with ground vehicles
Sciences, Beijing 100083, China (e-mail: ningxin@[Link]). using UAV airborne communication equipment [10], [11].
Achyut Shankar is with the Department of Cyber Systems Engineering,
WMG, University of Warwick, CV7 4AL Coventry, U.K., and also with
Meanwhile, UAV can be flexibly controlled to adjust the
the Centre of Research Impact and Outreach, Chitkara University Institute deployment position according to the changes in ground
of Engineering and Technology, Chitkara University, Punjab 140401, India traffic flow and communication tasks. This effectively reduces
(e-mail: ashankar2711@[Link]).
Carsten Maple is with the Secure Cyber Systems Research Group network construction costs and energy consumption [12],
(SCSRG), WMG, University of Warwick, CV7 4AL Coventry, U.K. [13]. In addition, communication between UAV and ground
(e-mail: cm@[Link]). vehicles is not limited by complex terrain. Due to height
Joel J. P. C. Rodrigues is with COPELABS, Lusófona University, 1749-024
Lisbon, Portugal (e-mail: joeljr@[Link]). and other reasons, simply deploying RSU is vulnerable to
Digital Object Identifier 10.1109/TITS.2024.3360251 buildings and other impacts, making it difficult to meet the
1558-0016 © 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See [Link] for more information.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

2 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

communication quality requirements. UAV has the advantage messages of each vehicle according to the priority of the
of aerial platforms, which can avoid interference, establish media access control layer and the application relevance of
reliable communication links, and improve communication entity security information, but the protocol could not resist
quality [14], [15], [16]. man in the middle attack. Zhong et al. [20] proposed a
Currently, existing UAV assistance solutions mainly focus full aggregation privacy protection authentication protocol
on joint communication and trajectory optimization, while using certificateless aggregation signature to achieve secure
research on ensuring the security and privacy related issues is communication between vehicle and RSU. This protocol used
relatively limited. And due to the use of wireless communica- certificates to ensure the security of authentication. Kumar
tion, the attacker can easily control the communication channel et al. [21] proposed a certificateless authentication system.
and carry out malicious operations such as reading, modifying However, the use of bilinear pairs brought huge computation
and replaying the transmitted information. Therefore, it is overhead. Cui et al. [22] proposed an authentication protocol
necessary to establish secure communication between UAV based on semi-trusted authorisation. The protocol saved a
and vehicles to meet the safety and efficiency requirements of significant amount of storage and computational resources.
communication. So this paper proposes a secure and effective Thumbur et al. [23] proposed a certificateless signature pro-
authentication protocol. Our contributions are described below: tocol without bilinear pairing. However,the protocol could
(1) We present a secure authentication protocol for UAV- not withstand the public key substitution attack. Xu et al.
assisted IoV. The protocol uses elliptic curve cryptography to [24] designed a remote authentication security model built on
ensure a highly secure authentication process. a blockchain. It had the security characteristics. Wu et al.
(2) To validate the security of our protocol, we conduct a [25] designed a new authentication protocol. The protocol
rigorous analysis using security proof and BAN logic. The protected vehicle data and unequivocally established the secu-
results of these analyses show that our protocol meets the rity of the protocol. Yadav and Vijayakumar [26] designed
required security. Furthermore, an informal security analysis a lightweight authentication mechanism for privacy protec-
is performed, which demonstrates the protocol’s resistance to tion based on signatures. The protocol adopted elliptic curve
various malicious attacks. diffie-hellman(ECDH) to encrypt and generate shared keys.
(3) Through comprehensive performance analysis and com- Cui et al. [27] proposed a full session key protocol. The
parison with existing protocols, our protocol has clear advan- protocol used chebyshev polynomial to establish the key. Lu
tages in terms of efficiency and security. et al. [28] proposed a blockchain-based anonymous reputation
The remainder of this article is organized as follows. The system for building a conditionally anonymous and efficient
article’s pertinent research is introduced in section II. The model in vehicular ad hoc networks. Sharma and Chakraborty
system model, threat model and algorithm are introduced in [29] proposed a blockchain-based system for authentication
section III. The section IV illustrates the proposed protocol in in IoV. The protocol reduced reliance on trusted third par-
detail. The section V proves and analyzes the security of the ties and overhead. Qureshi et al. [30] proposed an efficient
protocol. The section VI carries on the function comparison authentication scheme for IoV security applications. The pro-
and the performance analysis. Finally,the section VII summa- posed solution could collect, process, and verify information
rizes the full paper. transmitted to RSU, drones, or vehicles. Aman et al. [31]
proposed an efficient IoV authentication protocol. The pro-
II. R ELATED W ORK posed protocol used physical unclonable function to provide
With the gradual rise of IoV, many scholars have carried out the required security features. In order to reduce the cost of
in-depth research on it. There have been numerous proposed authentication, the protocol adopted a three-laye infrastructure
authentication methods for IoV. architecture. Qi et al. [32] proposed a cloud centric three
Wei et al. [15] proposed two privacy protection based factor authentication and key protocol. This protocol achieved
multi-modal implicit authentication protocols for intelligent three factor authentication, ensuring the security of cloud data
terminal in IoV. The protocol used password and vehicle owner access and providing high security guarantees. Zhang et al.
behavior characteristics as authentication factors to protect the [33] designed an auxiliary communication protocol of intel-
security of intelligent terminal. Tan et al. [16] proposed an ligent UAV to help vehicle safety communication conditions.
efficient UAV certificateless group authentication mechanism. Additionally, the protocol safeguarded the true identities of
The proposed mechanism designed the tethered UAV as the vehicles to stop criminals from obtaining and utilizing those
specific mobilized base station so that the active edge IoV identities.
infrastructure was not needed. Son et al. [17] proposed a
secure and lightweight authentication scheme for UAV-enabled III. P RELIMINARIES
ITS using blockchain and physical unclonable function. This
scheme could resist various attacks, such as tracking and A. System Model
key leakage attacks, and provide perfect forward secrecy. The protocol model applied consists of four entities in
Wu et al. [18] proposed an authentication scheme for edge Figure 1: Trusted Authority (TA), RSU, vehicle and UAV [18],
computing-enabled Internet of Vehicles with drone assistance. [19], [20], [21], [22], [23], [24], [25], [26], [27], [28], [29],
This scheme could maintain identity anonymity. As a mobile [30], [31], [32], [33]. The role of TA is to initialize the system
edge computing server, the roadside unit processed data from and register the UAV, vehicle and RSU. In the system, only
vehicles. Biswas and Mic [19] proposed to authenticate the TA can reveal the true identity of the vehicle. TA obtains its

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIAO et al.: UAV-ASSISTED AUTHENTICATION PROTOCOL FOR INTERNET OF VEHICLES 3

TABLE I
N OTATIONS

(2) Confidentiality of communication data: Confidentiality

means that data cannot be obtained by attackers or other
unauthorized users during transmission. Due to the openness
and transparency of the wireless communication channel, the
data may encounter eavesdropping, interception and tampering
during transmission. Therefore, the protocol needs to establish
a secure communication to ensure the confidentiality during
transmission.
Fig. 1. System architecture.
(3) Attack resistance. The protocol needs to be able to resist
multiple security attacks launched by attackers.
real identity and sends the corresponding identification of the (4) Forward security: It means that if the session key is
malicious vehicle to the RSU. RSU is deployed on the roadside leaked, the session key previously used by the user will not
and has its own communication coverage, which is usually be leaked.
fixed. And it can communicate with communication entities
and cope with the authentication tasks. Vehicle equipped with D. Ellipese Curve Cryptography
OBU can realize communication. UAV is mobile facilities in
the system model and can be deployed in the mission area Ellipese Curve Cryptography (ECC) has the characteristics
on demand. UAV acts as aerial base stations and can provide of small key, fast calculation and high security [26]. Let
wireless network coverage for vehicles. F p represent a finite field of order p, where p is a prime
number. Then the elliptic curve E p (a, b) is defined as y 2 =
x 3 + ax + b(mod p), where a, b ∈ F p , and 27b2 + 4a 3 ̸ =
B. Threat Model 0(mod p). The difficult mathematical problems of elliptic
In the IoV, the communication network is in an open chan- curve cryptosystems:
nel. Attackers can not only steal information in the channel, Elliptic Curve Diffie Hellman Problem (ECDHP). Given any
but also forge information and impersonate nodes. Therefore, a, b, it is difficult to calculate ab P when given P, a P and b P.
this paper conducts security analysis by the Dolev-Yao model
[34]. In the model, an adversary can read, modify, delete, forge IV. P RESENTED P ROTOCOL
and replay through an insecure public channel between the
communicating parties. Based on [28], [29], [30], [31], [32], [33], [38], [39],
[40], [41], [42], the protocol is designed. Table I lists the
parameters.
C. Security Requirement
In this paper, our protocol should provide the following
functions and security attributes [33], [35], [36], [37], [38], A. Initialization
[39], [40], [41], [42]: In the network system of this paper, TA sets up and
(1) Conditional privacy protection: In the protocol, the initializes the whole system. The procedure is as follows: TA
user’s privacy data mainly includes the vehicle identity. When chooses a prime number p. Let E p be an elliptic curve defined
communicating with external entities, if the real identity is over a finite field F p , and TA chooses a group G on E p . TA
disclosed, the attacker can deduce the user’s life mode by selects a secret value s and calculates the public key S = s P,
analyzing the travel frequency of the vehicle. And when user where P is a generator point of the group G. TA selects
has malicious behavior, the trusted authority needs to identify hash functions H . The security parameters of the system are
the user’s real identity and make corresponding punishment. par m = { p, G, P, S, H }.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

4 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

Fig. 2. Flowchart for authentication.

B. Registration
Fig. 3. Authentication process.
1) RSU Registration:
(1) R j selects the identity R I D j and sends it to TA through
a secure channel. C. Authentication and Key Negotiation
(2) After receiving the message, TA picks h at random, and Firstly, Vi performs calculations and sends a request mes-
calculates a j = H (s, R I D j , h). Then a j , h is sent to sage to Uk . Uk will forward the vehicle’s request message and
R j safely. its information to R j for verification. R j verifies whether Uk
(3) When getting the message, R j saves {a j , h} to the and Vi are legal, and then generates corresponding informa-
database. tion. Finally, Uk and Vi complete authentication and establish
2) Vehicle Registration: a session key for secure communication. Figure 2 shows the
flowchart of authentication. Figure 3 shows the authentication
(1) Vi picks the identity V I D i . Then V I D i is safely sent
process. Figure 4 shows the pseudocode for authentication.
to TA.
(2) TA chooses bi ,ci at random, calculates Bi = bi P, V D i = (1) When entering the coverage of Uk , Vi will receive the
H (V I D i , s), temporary identity T I D i = E H (h) (V D i ⊕ identity of its broadcast. Then Vi chooses u i at ran-
ci ), V F i = H (V D i , h), saves V I D i to database and dom and the timestamp T1 . And it calculates Z 1 =
uploads the message {T I D i , ci , Bi } to R j . Finally, TA H (T I D i , U I D k , V F i , T1 ), Z 2 = H (bi , u i ) , Z 3 =
sends {T I D i , V D i , V F i , bi } to Vi through secure chan- H (bi , u i ) P, Z 4 = bi + Z 1 Z 2 . Finally the message
nel. {T I D i , Z 3 , Z 4 , T1 } is sent to Uk .
(3) Vi saves {T I D i , V D i , V F i , bi } to the database. (2) When Uk receives a message from the vehicle, Uk first
checks whether T1 is legitimate. If it is legitimate, then
3) UAV Registration: authentication continues. Uk saves Z 3 , selects vk at ran-
(1) Uk chooses the identity U I D k and safely sends it to TA. dom and the timestamp T2 , and calculates Vk = vk P,
(2) Upon receiving the message, TA calculates V E k = Z 5 = H (U I Dk , V E k , T2 ). Finally, Uk sends the message
H (U I D k , a j ) and sends {V E k } to Uk through secure {T I D i , Z 3 , Z 4 , Vk , Z 5 , U I Dk , T1 , T2 } to R j .
channel. (3) When R j receives the message sent from Uk , R j first
(3) Uk receives the message and saves {V E k } to the database checks whether T2 is legitimate. If it is legitimate,

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIAO et al.: UAV-ASSISTED AUTHENTICATION PROTOCOL FOR INTERNET OF VEHICLES 5

(5) When getting the message, Vi first checks whether T4 is

legitimate. If it is legitimate, then authentication continues.
Vi calculates Z 6′ = H (bi , u i ) N j , T I D inew = H (Z 6′ ) ⊕
′ = H T I D i , T I D inew , V F i , V D i
, Z 6′ , T3 ,


Z 7 , Z 10
′
Z 11 = H (bi , u i ) Vk ,
SKi = H U I Dk , Z 11 ′ , Z′
12 =
H U I D k , SKi , Z 10 , T4 , and verifies that Z 12
′ ′ and Z
12
are equal or not. If they are equal, then Vi verifies the
identity information and session key of Uk . Finally, Vi
updates the temporary identity information.

D. Vehicle Traceability
Suppose the malicious vehicle sends an error message to
R j , R j will communicate with TA to send the temporary
identity T I Di = E H (h) (V Di ⊕ ci ) and ci corresponding to
the malicious vehicle. TA obtains V Di through decryption.
Then TA obtains the real identity information V I Di by
calculating V Di = H (V I Di , s). At this point, TA can obtain
the identity information of the malicious vehicle. Then TA
revokes the legal identity of the vehicle in the database and
notifies R SU j to remove the stored authentication information
{T I D i , ci , Bi }.

V. S ECURITY E VALUATION
A. Proof of Security
This paper provides a formal proof of the proposed protocol
under the random oracle model [32], [33], [40], [41].
Here,we use random oracle queries to simulate a series of
information interactions. Suppose that Via , Ukb and R cj respec-
tively represent the a-th instance of vehicle, the b-th instance
Fig. 4. Pseudocode for authentication. of unmanned aerial vehicle, and the c-th instance of road side
units, where 5i ∈ {Vi , Uk , R j } represents the i-th instance
then authentication continues. R j retrieves T I D i in the participating in the query. It is assumed that enemy A has full
database to get ci and Bi . R j decrypts T I D i by h control over all communications in the network and knows
to get the value V D i . Then R j calculates
V F i′ = the common parameters in the network. A can execute the
H (V D i , h), Z 1′ = H T I D i , U I D k , V Fi′ , T1 and ver- following oracle queries:
ifies Bi = Z 4 P − Z 1′ Z 3 = bi P. If they are equal, Send(5i , M): This query simulates an active attack. A can
then R j verifies the vehicle identity. R j computes send message M to participant instance 5i and receive
V E ′k = H (U I D k , a j ), Z 5′ = H (U I Dk , V E k′ , T2 ), response message.
and verifies that Z 5′ and Z 5 are equal or not. If they E xecute(Via , Ukb , R cj ): This query simulates passive
are equal, R j verifies the identity information of Uk . attacks. During the communication among Via , Ukb and R cj ,
R j chooses two random numbers n j , m i and the cur- A can get the communication information.
rent timestamp T3 , calculates Z 6 = n j H (bi , u i ) P, Reveal(5i ): This query simulates session key disclosure.
T I D inew = E H (h) (V D i ⊕ m i ), Z 7 = H (Z 6 ) ⊕
T I D inew , This means that the session key SK generated by 5i is
Z 8 = n j Vk , Z 9 = H U I D k , Z 8 ,
V E k′ , T3 , Z 10 = obtained by the attacker A.
H T I D i , T I D inew , VF i′ , V D i , Z 6 , T3 ,N j = n j P, and T est (5i ): This query does not simulate attacks, but it is
updates the message T I D inew  , m i , Bi in the database. used to test the semantic security of the session key. If 5i has
Finally R j sends the message Z 7 , Z 9 , Z 10 , N j , T3 to Uk . not established the session key, or T est (5i ) has been asked
(4) When Uk receives the message sent, Uk first checks before, it outputs ⊥. Otherwise, a coin c is tossed. If c = l,
whether T3 is legitimate. If it is within the legal the session key is returned. If c = 0, a random string of the
range, then authentication continues. Uk first selects same length as the session key is returned.
timestamp T4 , calculates Z 8′ = vk N j , Z 9′ = Definition 1 (semantic security of session key): From
H U I D k , Z 8 , V E k , T3 , and verifies that Z 9′ and Z 9 are
′


the requirements of the random oracle model, A should
equal or not. If they are equal,then authentication distinguish between the real session key and the random
continues. Uk computes Z 11 = vk Z 3 , SKk = number of the instance. Through T est query, A will guess c
H (U I Dk , Z 11 ), Z 12 = H (U I D k , SKk , Z 10 , T4 ). Finally according to the information obtained from the query, and get
the message {Z 7 , N j , Z 12 , Vk , T3 , T4 } is sent to Vi . the result c′ . If c′ = c, it indicates that the semantic security

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

6 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

of the protocol’s session key has been damaged. We define {T I Di , Z3 , Z4 , T1 },{Vk , Z5 , U I Dk , T2 }, {Z 7 , Z 9 , Z 10 , N j , T3 }

the ability of A to successfully guess c and win the game as and {Z 7 , N j , Z 12 , Vk , T3 , T4 }. To obtain H (bi , u i )Vk or vk Z 3 ,
event Suc(A), where A can correctly guess that c is defined it is necessary to obtain the secret values H (bi , u i ) and vk .
as the advantage of A in destroying the semantic security of However, the secret values are randomly generated by Vi
the session key, as shown in Formula (1) and Uk , respectively. And A needs to solve the EC D H P
problem in order to calculate the real session key. Let
AdvA = |2Pr [Suc(A)] − 1| (1) Adv EC D H P (t) indicates the advantage of A in solving the
Assuming that AdvA is a negligible for any probability EC D H P problem. Therefore, we can obtain.
polynomial time t, the protocol has the semantic security of |Pr [W3 ] − Pr [W2 ]| ≤ Adv EC D H P (t) (6)
the session key.
Theorem 1: Let A be the attacker who breaks the protocol In Game3 , all randoms are simulated, and A has no
in polynomial time t. Adv EC D H P (t) is the advantage of A in advantage in guessing c. Therefore, it can be obtained that:
solving the EC D H P problem in a probabilistic polynomial 1
time algorithm. A has the advantage of breaking the semantic Pr [W3 ] = (7)
2
security of the protocol session key.
We can get the results from Formula (3)∼(7).
qh2 (qs + qe )2
AdvA ≤ + + 2Adv EC D H P (t) (2) qh2 (qs + qe )2
2l1 p AdvA ≤ + + 2Adv EC D H P (t) (8)
2l1 p
where qs ,qh and qe represent the number of Send query, H ash
query and E xecute query, l1 represents the output length of B. BAN Logical Analysis
the hash function.
Proof: Through a series of Gamei (0,1,2,3), the advan- BAN logic analysis is a logical proof method for analyzing
tage of A in breaking the authentication protocol in prob- authentication protocol [43], [44]. So we use BAN logic to
abilistic polynomial time is deduced. Wi indicates that A perform the security analysis on the proposed protocol. The
correctly guessed the c in the Gamei , and Pr [Wi ] indicates detailed analysis steps are as follows.
the probability of the event Wi occurring. 1) Protocol Idealization:
Game0 : The game simulates a real attack on the protocol Mes 1 : Vi → R j :< T I Di , Z3 , Z4 , T1 >V Fi
by A, and we can get.
Mes 2 : Uk → R j :< Vk , Z5 , U I Dk , T2 >V E k
AdvA = |2Pr [W0 ] − 1| (3) Mes 3 : R j → Uk :< Z7 , Z 9 , Z 10 , N j , T3 >VE′k
Game1 : This game simulates the eavesdropping attack by Mes 4 : Uk → Vi :< Z 7 , N j , Z 12 , Vk , T3 , T4 > Z 11
executing E xecute queries. A runs Reveal and T est queries
2) Protocol Goal:
to determine if the session key is accurate. The session key
S K i = H (U I Dk , H (bi , u i )Vk ) or S K k = H (U I Dk , vk Z 3 ) G 1 : Vi |≡ Vi ↔ Uk
SK
contains the random secret value H (bi , u i ) of Vi and the SK
secret value vk of Uk . Due to not knowing these secret G 2 : Uk |≡ Vi ↔ Uk
values, A is unable to calculate the session key based on SK
G 3 : Vi |≡ Uk | ≡ Vi ↔ Uk
the obtained messages. Therefore, the eavesdropping attacks
SK
will not increase the probability of A winning the Game1 . G 4 : Uk |≡ Vi | ≡ Vi ↔ Uk
Therefore, we can obtain
3) Initial Hypothesis:
Pr [W1 ] = Pr [W0 ] (4) V Fi
A1 : R j |≡ Rj ↔ Vi
Game2 : In this game, attackers can forge an acceptable
A2 : R j |≡ # (Z3 )
message by conducting Send query and H ash query, thereby
actively joining the conversation. In this game, the semantic A3 : R j |≡ Vi ⇒< T I Di , Z3 , Z4 , T1 >
security of the protocol is only threatened when attackers find V Ek
A4 : R j |≡ R j ←→ Uk
the collisions and forge legitimate information. Among them,
based on the birthday paradox principle [40], the collision A5 : R j |≡ # (Vk )
q2
probability output by the Hash function is at most 2l1h+1 . The A6 : R j |≡ Uk ⇒< Vk , Z5 , U I Dk , T2 >
(qs +qe )2 VE′k
collision probability of random numbers is at most 2p . A7 : Uk |≡ Uk ↔ R j
Therefore, we can obtain. A8 : Uk |≡ # N j

qh2 (qs + qe )2 A9 : Uk |≡ R j ⇒ Z 7 , Z9 , Z 10 , N j , T3
|Pr [W2 ] − Pr [W1 ]| ≤ + (5)
2l1 +1 2p SK
A10 : Uk |≡ Vi ⇒ Vi ↔ Uk
Game3 : In this game, A attempts to calculate Z11
the session key S K i = H (U I Dk , H (bi , u i )Vk ) or A11 : Vi |≡ Vi ↔ Uk
SKk = H (U I Dk , vk Z 3 ) by intercepting messages A12 : Vi |≡ # (T4 )

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIAO et al.: UAV-ASSISTED AUTHENTICATION PROTOCOL FOR INTERNET OF VEHICLES 7

A13 : Vi |≡ Uk ⇒< Z7 , N j , Z 12 , Vk , T3 , T4 > According to R16 and A12 , we apply the nonce verification
SK rule to obtain:
A14 : Vi |≡ Uk ⇒ Vi ↔ Uk
4) Proof of Protocol: According to Mes1 , it is easy to get: R17 : Vi |≡ Uk | ≡< Z 7 , N j , Z 12 , Vk , T3 , T4 >

R1 : R j ◁ ⟨T I Di , Z3 , Z4 , T1 ⟩V Fi According to R17 and A13 , we apply the arbitration rule and

get:
From R1 , A1 and message meaning rule, it is easy to get:
R2 : R j |≡ Vi | ∼< T I Di , Z3 , Z4 , T1 > R18 : Vi |≡< Z 7 , N j , Z 12 , Vk , T3 , T4 >
According to R2 and A2 , we apply the nonce verification rule According to R18 and S K i = H U I Dk , Z 12 ′ , we get


to obtain:
SK
R3 : R j |≡ Vi | ≡< T I Di , Z3 , Z4 , T1 > R19 : Vi |≡ Uk | ≡ Vi ↔ Uk
According to R3 and A3 , we apply the arbitration rule and According to R19 and A14 , we apply the arbitration rules and
get: get:
R4 : R j |≡< T I Di , Z3 , Z4 , T1 > SK
R20 : Vi |≡ Vi ↔ Uk
According to Mes2 , it is easy to get:
R5 : R j ◁ < Vk , Z5 , U I Dk , T2 >V E k Through BAN logic analysis, the results show that our
protocol has achieved four goals.
From R5 , A4 and message meaning rule, we can get:
R6 : R j |≡ Uk | ∼< Vk , Z5 , U I Dk , T2 >
C. Security Analysis
From R6 ,A5 , and nonce verification rule,it is easy to get: 1) Mutual Authentication: In the protocol, R j calculates Bi
R7 : R j |≡ Uk | ≡< Vk , Z5 , U I Dk , T2 > and compares it with the value stored. If they are eaual, R j
verifies the identity of Vi . And R j verifies the identity of Uk
According to R7 and A6 , we apply the arbitration rule and by judging whether Z 5′ and Z 5 are equal. Then Uk verifies
get: the identity of R j by verifying whether Z 9′ is equal to Z 9 .
R8 : R j |≡< Vk , Z5 , U I Dk , T2 > Vi completes the identity of certification to Uk by comparing
whether Z 12′ and Z
12 are equal.
According to Mes3 , it is easy to get: 2) Anonymity: The protocol transmits by the temporary
R9 : Uk ◁ < Z 7 , Z 9 , Z 10 , N j , T3 >VE′k identity T I D i = E H (h) (V D i ⊕ ci ) during communication.
Except for the vehicle itself and TA, no one can obtain the
From R9 , A7 and message meaning rule, it is easy to get: real identity of Vi . Therefore, it can be concluded that the
R10 : Uk ≡ R j ∼< Z 7 , Z 9 , Z 10 , N j , T3 > protocol provides anonymity.
3) Conditional Privacy Protection: For conditional privacy
According to R10 and A8 , we apply the nonce verification rule protection, vehicles use anonymous identities to communicate
to obtain: with other entities, and the anonymous identities of vehicles
R11 : Uk |≡ Vi | ≡< Z 7 , Z 9 , Z 10 , N j , T3 > are generated through the secret value of the TA. The attacker
needs to calculate V D i = H (V I D i , s) to obtain the real
According to R11 and A9 , we apply the arbitration rule and identity. But the secret value s and h required for the real
get: identity calculation could not be got. In the protocol, TA is
able to identify malicious vehicles. TA tracks the vehicle’s true
R12 : Uk |≡< Z 7 , Z 9 , Z 10 , N j , T3 >
identity by calculating V D i = H (V I D i , s) to find V I D i .
According to R12 and S K k = H (U I Dk , Z 12 ), we get Therefore, TA could follow and identify malevolent vehicles.
SK 4) Untraceability: In the protocol, communication entities
R13 : Uk |≡ Vi | ≡ Vi ↔ Uk select random numbers and timestamps to calculate authentica-
According to R13 and A10 , we apply the arbitration rule and tion messages, and communicate through different temporary
get: identity for each authentication. So attackers cannot track the
behavior of communication entities. Therefore, the protocol
SK
R14 : Uk |≡ Vi ↔ Uk can provide untraceability.
5) Forward Security: Because each session will randomly
According to Mes4 , it is easy to get:
select a new random secret value, and the session key S K is
R15 : Vi ◁ < Z 7 , N j , Z 12 , Vk , T3 , T4 > Z 11 calculated through the elliptic curve cryptography algorithm.
So, for the difficulty of ECDHP on elliptic curves, it is difficult
From R15 , A11 and message meaning rule, we can get: for an attacker to calculate S K . Therefore, the protocol can
R16 : Vi |≡ Uk | ∼< Z 7 , N j , Z 12 , Vk , T3 , T4 > guarantee forward security.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

8 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

TABLE II
S ECURITY C OMPARISON

6) Vehicle Impersonation Attack: The attacker must com-

pute a valid authentication value {T I D i , Z 3 , Z 4 , T1 }. Whereas
Z 1 is computed from the secret value saved by Vi , and Z 4 is
computed by the elliptic curve cryptography algorithm. So, Fig. 5. Computation overhead.
a valid authentication value is challenging for the attacker to
forge.
7) Replay Attack: In our protocol, each session uses a new authentication, identity updating, conditional privacy protec-
timestamp to ensure that the authentication values generated tion, untraceability, session key negotiation, impersonation
by the current session are based on the new information. attack, replay attack, man in the middle attack and forward
This effectively resists replay attacks. By using the timestamp security, respectively. indicates that the safety requirements
for each session, we can prevent attackers from replaying are met and indicates that the requirements cannot be met.
previously captured authentication values, thereby maintaining Obviously, our protocol meets various security requirements
the security and integrity of the communication process. of the Internet of Vehicles.
8) Man in the Middle Attack: Since the attacker cannot
implement replay attack and impersonation attack, the attacker
cannot pass the authentication if the attacker obtains the B. Computation Overhead
authentication information and tampers with it. Therefore, the
In this paper, we analyze and contrast it with the relevant
protocol can resist man in the middle attacks.
methods. To compare the performance of the protocols more
9) Session Key Negotiation: In the protocol, Vi and Uk
conveniently, TB P represents the time of bilinear pairing
negotiate S K i or S K k . And because S K i or S K k contains
′ or Z , the attacker is hard to obtain S K operation, TECC represents the time of elliptic curve scalar
the secret value Z 11 11 i
multiplication operation, TEC A represents the time of elliptic
or S K k in advance. Therefore, the protocol can realize secure
curve addition operation, TH represents the time for one-way
session key negotiation.
hash function operation, and TD/E represents the time for the
operation of encryption and decryption functions. According to
D. Correctness Discussion [33] and [45], we can get TB P ≈ 4.211ms, TECC ≈ 0.442ms,
The session key is verified as follows. TEC A ≈ 0.0018ms, TH ≈ 0.0001ms and TD/E ≈ 0.0026ms,
respectively. In our protocol, 3TECC ,TEC A and 6T H are
S Ki = H (U I Dk , Z 11
′
)
required for vehicle authentication. The total computation
= H (U I Dk , H (bi , u i )Vk ) overhead is 3TECC + TEC A + 6T H . When the UAV completes
= H (U I Dk , vk Z 3 ) the authentication, it needs to perform 3TECC and 4T H . The
= H (U I Dk , Z 11 ) total computation overhead is 3TECC + 4T H . After the RSU
completes the authentication,it needs to perform 4TECC ,8TH
= S Kk . (9)
and 2TD/E . The total computation overhead is 4TECC +
The correctness of Z 9 is verified as follows. 8TH + 2TD/E . Therefore, the total computation overhead of
our protocol is 10TECC + TEC A + 18TH + 2TD/E . We use the
Z9 = H (U I Dk , Z 8 , V E k′ , T3 ) same method to calculate the other relevant methods, and their
= H (U I Dk , n j Vk , V E k′ , T3 ) computation overhead are 7TD/E + 13TH , TECC + 2TD/E +
= H (U I Dk , vk N j , V E k , T3 ) 31TH , 6TECC + 6TD/E + 22TH , 6TB P + 4TECC + 17TH ,
= Z 9′ (10) 17TECC + 19TH and 7TECC + 3TB P + 18TH . The comparison
results between the time consumed by our protocol and the
existing protocols in the authentication process are shown in
VI. P ERFORMANCE A NALYSIS
the Table III. The computation overhead of [33], [36], and
A. Security Comparison [37] is less than that of our protocols, but these protocols
Table II describes the security performance between our do not meet the security requirements. Figure 5 shows a
protocol and similar protocols. ℜi∈[1,9] represents mutual comparison of the computation overhead of these protocols

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIAO et al.: UAV-ASSISTED AUTHENTICATION PROTOCOL FOR INTERNET OF VEHICLES 9

TABLE III
C OMPUTATION OVERHEAD

TABLE IV TABLE V
C OMMUNICATION OVERHEAD N UMBER OF M ESSAGE

TABLE VI
S TORAGE OVERHEAD

to calculate the other relevant methods, and their communica-

Fig. 6. Communication overhead. tion overhead are 276 bytes, 212 bytes, 304 bytes, 440 bytes,
600 bytes and 968 bytes respectively. The comparison results
of communication overhead are shown in Table IV. From
as the number of vehicles changes. It can be seen that our Figure 6, it can be seen that the communication overhead of
protocol is competitive. [33], [36], [37], and [38] is lower than our protocol. But they
have some safety issues. Compared to other protocols, our
protocol has the least communication overhead.
C. Communication Overhead
At the same time, we evaluate the performance of the
Here, we contrast the proposed protocol’s communica- protocol based on the number of messages transmitted. In
tion overhead with existing similar protocols. According to our protocol, communication between Vi and Uk requires 2
[33], we set that the sizes of one point in G and G 1 messages. Then, communication between Uk and R j requires 2
are 40 bytes and 128 bytes. Assumed the output sizes of messages. Therefore, our protocol requires 4 messages to
identification information, hash function, random number, achieve authentication. Using similar methods, we calcu-
symmetric encryption/decryption and timestamp respectively late that the number of message for other protocols is 4,
are 20 bytes, 20 bytes, 20 bytes,16 bytes and 4 bytes. In our 3, 4, 5, 4 and 4, respectively. In Table V, we list the
protocol, Vi sends authentication message {T I Di , Z 3 , Z 4 , T1 } number of message for all protocols. In [37], there are
to Uk , and its communication overhead is 84 bytes. Uk sends fewer messages than our protocol, but this protocol cannot
authentication message {T I D i , Z 3 , Z 4 , Vk , Z 5 , U I Dk , T1 , T2 } achieve good security performance. Therefore, our protocol is
to R j , and its communication overhead is 168 bytes. R j sends advantageous.
authentication message Z 7 , Z 9 , Z 10 , N j , T3 to Uk , and its


communication overhead is 104 bytes. Uk sends authentication

message {Z 7 , N j , Z 12 , Vk , T3 , T4 } to Vi , and its communi- D. Storage Overhead
cation overhead is 128 bytes. So the total communication In terms of storage overhead, we consider the storage
overhead of our protocol is 484 bytes. We use the same method overhead of vehicle during the authentication process. In our

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

10 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

TABLE VII protocol has better advantages. In this paper, we only con-
E NERGY OVERHEAD sidered one vehicle authentication process. However, we did
not consider the situation of authenticating multiple vehicles
simultaneously. Therefore, in the future, we need to design
a secure and efficient authentication protocol suitable for
multiple vehicles.

R EFERENCES
[1] Z. Lu, G. Qu, and Z. Liu, “A survey on recent advances in vehicular
network security, trust, and privacy,” IEEE Trans. Intell. Transp. Syst.,
vol. 20, no. 2, pp. 760–776, Feb. 2019.
protocol, the main storage overhead for vehicle is identity [2] H. Tan, W. Zheng, Y. Guan, and R. Lu, “A privacy-preserving
attribute-based authenticated key management scheme for accountable
information and authentication parameters. Therefore, we cal- vehicular communications,” IEEE Trans. Veh. Technol., vol. 72, no. 3,
culate that the total storage overhead is 140 bytes. By using pp. 3622–3635, Mar. 2023.
the same method, we calculate the storage overhead for other [3] J. A. Sanguesa, V. Torres-Sanz, P. Garrido, F. J. Martinez, and
J. M. Marquez-Barja, “A review on electric vehicles: Technolo-
protocols to be 100 bytes, 180 bytes, 180 bytes, 316 bytes, gies and challenges,” Smart Cities, vol. 4, no. 1, pp. 372–404,
160 bytes and 316 bytes. Table VI shows the comparison 2021.
results of storage overhead. From the table, it can be seen that [4] I. Ullah, M. A. Khan, N. Kumar, A. M. Abdullah, A. A. AlSanad,
and F. Noor, “Conditional privacy preserving heterogeneous signcryption
the storage overhead of [36] is relatively low. But compared scheme for Internet of Vehicles,” IEEE Trans. Veh. Technol., vol. 72,
to other protocols, our protocol has certain advantages. no. 3, pp. 3989–3998, Mar. 2023.
[5] K. Zrar Ghafoor et al., “Millimeter-wave communication for Internet of
Vehicles: Status, challenges, and perspectives,” IEEE Internet Things J.,
E. Energy Overhead vol. 7, no. 9, pp. 8525–8546, Sep. 2020.
[6] P. Lang, D. Tian, X. Duan, J. Zhou, Z. Sheng, and V. C. M. Leung,
In this section, we evaluate the performance of the protocol “Cooperative computation offloading in blockchain-based vehicular edge
based on energy overhead. The energy overhead model is computing networks,” IEEE Trans. Intell. Vehicles, vol. 7, no. 3,
pp. 783–798, Sep. 2022.
calculated using the equation E energy = E comp +E comm , where
[7] A. Kumar, A. S. Yadav, S. S. Gill, H. Pervaiz, Q. Ni, and R. Buyya,
E comp represents the energy overhead during computation and “A secure drone-to-drone communication and software defined drone
E comm represents the energy overhead during communication network-enabled traffic monitoring system,” Simul. Model. Pract. The-
ory, vol. 120, Nov. 2022, Art. no. 102621.
[49]. Based on the test results [48], as well as the cryptographic
[8] P. Vijayakumar, M. Azees, A. Kannan, and L. J. Deborah, “Dual authen-
operation time, we can calculate the energy overhead of TB P , tication and key management techniques for secure data transmission in
TECC , TEC A , TH and TD/E as 5.8954 m J , 0.6188 m J , vehicular ad hoc networks,” IEEE Trans. Intell. Transp. Syst., vol. 17,
0.00252 m J , 0.00014 m J and 0.00364 m J , respectively. no. 4, pp. 1015–1028, Apr. 2016.
[9] C. Li, X. Fang, X. Zhou, L. Mei, and X. Sha, “Enhanced signalling pro-
Therefore, through calculation, we can obtain E comp . Mean- visioning for UAV-enabled MEC: A GWFRFT-based energy-spreading
while, we calculate E comm according to the following formula: transmission approach,” IET Commun., vol. 14, no. 15, pp. 2524–2531,
E comm = n s E s + nr Er , where n s represents the number of Sep. 2020.
[10] B. Hang, B. Zhang, L. Wang, J. Wang, Y. Ren, and Z. Han, “A user
bytes sent by the communication entity and nr represents the association policy for UAV-aided time-varying vehicular networks
number of bytes received by the communication entity. We with MEC,” in Proc. IEEE Wireless Commun. Netw. Conf. (WCNC),
assume that E s ≈ 5.9µJ and Er ≈ 4.7µJ [48]. Based on the May 2020, pp. 1–6.
analysis of communication overhead, we can calculate E comm . [11] M. Azees, P. Vijayakumar, and L. J. Deboarh, “EAAP: Efficient anony-
mous authentication with conditional privacy-preserving scheme for
Finally, we present the comparison results of energy overhead vehicular ad hoc networks,” IEEE Trans. Intell. Transp. Syst., vol. 18,
with existing protocols in Table VII. Because the energy no. 9, pp. 2467–2476, Sep. 2017.
overhead is related to the computation and communication [12] W. Feng, J. Wang, Y. Chen, X. Wang, N. Ge, and J. Lu, “UAV-
aided MIMO communications for 5G Internet of Things,” IEEE Internet
overhead, based on the previous analysis, we can see that our Things J., vol. 6, no. 2, pp. 1731–1740, Apr. 2019.
protocol has a higher energy overhead compared to [33], [36], [13] Y. Zeng, R. Zhang, and T. J. Lim, “Wireless communications with
and [37]. Compared to other protocols, we can see that our unmanned aerial vehicles: Opportunities and challenges,” IEEE Com-
mun. Mag., vol. 54, no. 5, pp. 36–42, May 2016.
protocol has significant advantages in energy overhead.
[14] X. Li, J. Tan, A. Liu, P. Vijayakumar, N. Kumar, and M. Alazab,
“A novel UAV-enabled data collection scheme for intelligent transporta-
tion system through UAV speed control,” IEEE Trans. Intell. Transp.
VII. C ONCLUSION Syst., vol. 22, no. 4, pp. 2100–2110, Apr. 2021.
[15] F. Wei, S. Zeadally, P. Vijayakumar, N. Kumar, and D. He, “An intel-
For the UAV-assisted IoV, vehicles operate in an open ligent terminal based privacy-preserving multi-modal implicit authenti-
network environment where user privacy and data security cation protocol for Internet of connected vehicles,” IEEE Trans. Intell.
are greatly threatened. Therefore, this paper proposes a secure Transp. Syst., vol. 22, no. 7, pp. 3939–3951, Jul. 2021.
and effective authentication protocol for UAV-assisted IoV. In [16] H. Tan, W. Zheng, and P. Vijayakumar, “Secure and efficient authen-
ticated key management scheme for UAV-assisted infrastructure-less
this protocol, it uses elliptic curve cryptography to complete IoVs,” IEEE Trans. Intell. Transp. Syst., vol. 24, no. 6, pp. 6399–6400,
authentication. Through security proof, BAN logic analysis, Jun. 2023.
and informal security analysis, it is proved that the protocol is [17] S. Son, D. Kwon, S. Lee, Y. Jeon, A. K. Das, and Y. Park, “Design of
secure and lightweight authentication scheme for UAV-enabled intelli-
not only secure, but also has good resistance to known attacks. gent transportation systems using blockchain and PUF,” IEEE Access,
Through functional comparison and performance analysis, our vol. 11, pp. 60240–60253, 2023.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIAO et al.: UAV-ASSISTED AUTHENTICATION PROTOCOL FOR INTERNET OF VEHICLES 11

[18] F. Wu, X. Li, X. Luo, and K. Gu, “A novel authentication scheme [40] D. Wang, D. He, P. Wang, and C.-H. Chu, “Anonymous two-
for edge computing-enabled Internet of Vehicles providing anonymity factor authentication in distributed systems: Certain goals are beyond
and identity tracing with drone-assistance,” J. Syst. Archit., vol. 132, attainment,” IEEE Trans. Depend. Secure Comput., vol. 12, no. 4,
Nov. 2022, Art. no. 102737. pp. 428–442, Jul. 2015.
[19] S. Biswas and J. Mic, “Cross-layer approach to privacy-preserving [41] C. Wang, D. Wang, Y. Duan, and X. Tao, “Secure and lightweight
authentication in wave-enabled VANETs,” IEEE Trans. Veh. Technol., user authentication scheme for cloud-assisted Internet of Things,” IEEE
vol. 62, no. 5, pp. 2182–2192, Jan. 2013. Trans. Inf. Forensics Security, vol. 18, pp. 2961–2976, 2023.
[20] H. Zhong, S. Han, J. Cui, J. Zhang, and Y. Xu, “Privacy-preserving [42] S. A. Eftekhari, M. Nikooghadam, and M. Rafighi, “Security-enhanced
authentication scheme with full aggregation in VANET,” Inf. Sci., three-party pairwise secret key agreement protocol for fog-based vehic-
vol. 476, pp. 211–221, Feb. 2019. ular ad-hoc communications,” Veh. Commun., vol. 28, Apr. 2021,
[21] P. Kumar, S. Kumari, V. Sharma, X. Li, A. K. Sangaiah, and S. H. Islam, Art. no. 100306.
“Secure CLS and CL-AS schemes designed for VANETs,” J. Supercom- [43] M. Burrows et al., “A logic of authentication,” Proc. Royal Soc. A Math.
put., vol. 75, no. 6, Apr. 2019. Phys. Eng. Sci., vol. 8, no. 1, pp. 18–36, 1989.
[22] J. Cui, D. Wu, J. Zhang, Y. Xu, and H. Zhong, “An efficient authentica- [44] Y. Zhang, R. H. Deng, E. Bertino, and D. Zheng, “Robust and universal
tion scheme based on semi-trusted authority in VANETs,” IEEE Trans. seamless handover authentication in 5G HetNets,” IEEE Trans. Depend.
Veh. Technol., vol. 68, no. 3, pp. 2972–2986, Mar. 2019. Secure Comput., vol. 18, no. 2, pp. 858–874, Mar. 2021.
[23] G. Thumbur, G. S. Rao, P. V. Reddy, N. B. Gayathri, and [45] J. Zhang, J. Cui, H. Zhong, Z. Chen, and L. Liu, “PA-CRT: Chinese
D. V. R. K. Reddy, “Efficient pairing-free certificateless signature remainder theorem based conditional privacy-preserving authentication
scheme for secure communication in resource-constrained devices,” scheme in vehicular ad-hoc networks,” IEEE Trans. Depend. Secure
IEEE Commun. Lett., vol. 24, no. 8, pp. 1641–1645, Aug. 2020. Comput., vol. 18, no. 2, pp. 722–735, Mar. 2021.
[24] C. Xu, H. Liu, P. Li, and P. Wang, “A remote attestation security model [46] M. Ma, D. He, H. Wang, N. Kumar, and K.-K. R. Choo, “Efficient
based on privacy-preserving blockchain for V2X,” IEEE Access, vol. 6, and provably secure authenticated key agreement protocol for fog-based
pp. 67809–67818, 2018. vehicular ad-hoc networks,” IEEE Internet of Things J., vol. 6, no. 5,
[25] T.-Y. Wu, Z. Lee, L. Yang, and C.-M. Chen, “A provably secure pp. 8065–8075, Mar. 2019.
authentication and key exchange protocol in vehicular ad hoc networks,” [47] X. Jia, D. He, N. Kumar, and K.-K.-R. Choo, “Authenticated key
Secur. Commun. Netw., vol. 2021, pp. 1–17, Jun. 2021. agreement scheme for fog-driven IoT healthcare system,” Wireless Netw.,
[26] K. A. Yadav and P. Vijayakumar, “LPPSA: An efficient lightweight vol. 25, no. 8, pp. 4737–4750, Nov. 2019.
privacy-preserving signature-based authentication protocol for a vehicu- [48] Y. Sun, J. Cao, M. Ma, Y. Zhang, H. Li, and B. Niu, “EAP-DDBA:
lar ad hoc network,” Ann. Telecommun., vol. 77, nos. 7–8, pp. 473–489, Efficient anonymity proximity device discovery and batch authentication
Aug. 2022. mechanism for massive D2D communication devices in 3GPP 5G Het-
[27] J. Cui, Y. Wang, J. Zhang, Y. Xu, and H. Zhong, “Full session key Net,” IEEE Trans. Depend. Secure Comput., vol. 19, no. 1, pp. 370–387,
agreement scheme based on chaotic map in vehicular ad hoc networks,” Jan. 2022.
IEEE Trans. Veh. Technol., vol. 69, no. 8, pp. 8914–8924, Aug. 2020. [49] F. Li, Y. He, B. Niu, H. Li, and H. Wang, “Match-MORE: An efficient
[28] Z. Lu, W. Liu, Q. Wang, G. Qu, and Z. Liu, “A privacy-preserving private matching scheme using friends-of-friends’ recommendation,”
trust model based on blockchain for VANETs,” IEEE Access, vol. 6, in Proc. Int. Conf. Comput., Netw. Commun. (ICNC), Feb. 2016,
pp. 45655–45664, 2018. pp. 1–6.
[29] R. Sharma and S. Chakraborty, “BlockAPP: Using blockchain for
authentication and privacy preservation in IoV,” in Proc. IEEE Globecom
Workshops (GC Wkshps), Abu Dhabi, United Arab Emirates, Dec. 2018,
pp. 1–6.
[30] K. N. Qureshi, M. A. S. Sandila, I. T. Javed, T. Margaria, and L. Aslam,
“Authentication scheme for unmanned aerial vehicles based Internet of
Vehicles networks,” Egyptian Informat. J., vol. 23, no. 1, pp. 83–93,
Mar. 2022.
[31] M. N. Aman, U. Javaid, and B. Sikdar, “A privacy-preserving and
scalable authentication protocol for the Internet of Vehicles,” IEEE Junfeng Miao is currently pursuing the Ph.D. degree
Internet Things J., vol. 8, no. 2, pp. 1123–1139, Jan. 2021. with the School of Computer and Communication
[32] Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K. R. Choo, “Unified bio- Engineering, University of Science and Technol-
metric privacy preserving three-factor authentication and key agreement ogy Beijing, Beijing, China. His research interests
for cloud-assisted autonomous vehicles,” IEEE Trans. Veh. Technol., include 5G security, information security, and the
vol. 69, no. 9, pp. 9390–9401, Sep. 2020. Internet of Vehicles.
[33] J. Zhang, J. Cui, H. Zhong, I. Bolodurina, and L. Liu, “Intelligent
drone-assisted anonymous authentication and key agreement for 5G/B5G
vehicular ad-hoc networks,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 4,
pp. 2982–2994, Oct. 2021.
[34] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE
Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208, 1983.
[35] Y. Han, W. Song, Z. Zhou, H. Wang, and B. Yuan, “ECLAS:
An efficient pairing-free certificateless aggregate signature for secure
VANET communication,” IEEE Syst. J., vol. 16, no. 1, pp. 1637–1648,
Mar. 2022.
[36] S. A. Chaudhry et al., “A lightweight authentication scheme for 6G-IoT
enabled maritime transport system,” IEEE Trans. Intell. Transp. Syst.,
vol. 24, no. 2, pp. 2401–2410, Feb. 2023.
[37] S. Hussain, K. Mahmood, M. K. Khan, C.-M. Chen, B. A. Alzahrani, Zhaoshun Wang is currently a Professor with the
and S. A. Chaudhry, “Designing secure and lightweight user access to School of Computer and Communication Engineer-
drone for smart city surveillance,” Comput. Standards Interface, vol. 80, ing, University of Science and Technology Beijing,
Mar. 2022, Art. no. 103566. China. His research interests include software engi-
[38] Y. K. Ever, “A secure authentication scheme framework for mobile- neering, software testing, information security, and
sinks used in the Internet of Drones applications,” Comput. Commun., ASIC chip design.
vol. 155, pp. 143–149, Apr. 2020.
[39] A. Lakhan et al., “Dynamic application partitioning and task-scheduling
secure schemes for biosensor healthcare workload in mobile edge cloud,”
Electronics, vol. 10, no. 22, p. 2797, Nov. 2021.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

12 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

Xin Ning (Senior Member, IEEE) received the Carsten Maple is currently a Professor of cyber
B.S. degree from Xinjiang University, Ürümqi, systems engineering with WMG, University of War-
China, in 2012, and the Ph.D. degree in elec- wick. He is also the Principal Investigator of the
tronic circuits and systems from the University NCSC-EPSRC Academic Center of Excellence in
of Chinese Academy of Sciences Beijing, Beijing, Cyber Security Research, University of Warwick.
China, in 2017. He is currently a Professor with the He is also the Transport and Mobility Lead of the
Laboratory of Artificial Neural Networks and High- PETRAS National Center of Excellence for IoT
Speed Circuits, Institute of Semiconductors, Chinese Systems Cybersecurity. He has published more than
Academy of Sciences. His current research inter- 200 peer-reviewed articles and provided evidence
ests include neural networks, intelligent systems, and advice to governments and organizations across
and computer vision. He has published more than the world, including being a high-level scientific
50 papers in journals and refereed conferences (as the first or corresponding advisor for cyber security to the European Commission.
author). He was the Website Chair of the IEEE HPBD and IS 2020 and
the Publication Chair of the IEEE HPBD and IS 2021. He serves as
an Associated Editor for Computational Intelligence and Neuroscience and
Wireless Communications and Mobile Computing. He serves as the Young
Associated Editor for CAAI Transactions on Intelligent Systems and the Guest
Editor for IET Image Processing, IET Computer Vision, Connection Science,
Displays, and Concurrency and Computation: Practice and Experience.

Joel J. P. C. Rodrigues (Fellow, IEEE) received

the [Link]. (Licentiate) degree (five-year) in infor-
matics engineering from the University of Coim-
bra, Portugal, and the [Link]. and Ph.D. degrees
in informatics engineering from the University of
Beira Interior. He is currently a Professor with
COPELABS, Lusófona University, Lisbon, Por-
Achyut Shankar received the bachelor’s degree in tugal. His research interests include sensor net-
computer science and engineering from Dr. M.G.R. works, e-health, e-learning, vehicular communica-
University, Chennai, the master’s degree in com- tions, mobile and ubiquitous computing, and cloud
puter science and engineering from SRM University, technologies. He is also the Leader of the NetGNA
Chennai, and the Ph.D. degree in computer science Research Group ([Link] the Chair of the IEEE ComSoc Tech-
and engineering (wireless sensor networks) from nical Committee on eHealth, the Past-Chair of the IEEE ComSoc Technical
VIT University, Vellore, India. He has been with the Committee on Communications Software, the Member Representative of
Department of Cyber Systems Engineering, WMG, the IEEE Communications Society on the IEEE Biometrics Council, the
University of Warwick, Coventry, U.K.; and the Steering Committee Member of the IEEE Life Sciences Technical Community,
Centre of Research Impact and Outreach, Chitkara and the Officer of the IEEE 1907.1 Standard. He is the Editor-in-Chief of
University Institute of Engineering and Technology, International Journal on E-Health and Medical Communications and the
Chitkara University, Punjab, India. He has published more than 20 research Recent Advances on Communications and Networking Technology and an
papers in reputed international conferences and journals. His research interests Editorial Board Member of several journals, including IEEE Communications
include wireless sensor networks, machine learning, the Internet of Things, Magazine, IEEE C OMMUNICATIONS S URVEYS AND T UTORIALS, Journal
blockchain, and cloud computing. He is a member of ACM. He received the of Computer Networks and Applications (Elsevier), Computer Networks
Research Award for Excellence in Research for the years 2016 and 2017. He (Elsevier), Journal of Vehicular Communications (Elsevier) Transactions
had organized many special sessions with Scopus-indexed international con- on Emerging Telecommunications Technologies (Wiley), and International
ferences worldwide, proceedings of which were published by Springer, IEEE, Journal of Communications Systems (Wiley). He has served as a guest editor
and Elsevier. He is currently serving as a reviewer for IEEE T RANSACTIONS for several journals and has been the general chair and the TPC chair for
ON I NTELLIGENT T RANSPORTATION S YSTEMS , IEEE S ENSORS J OURNAL , many international conferences. He is a member of many international TPCs
and other prestigious conferences. and participated in several international conferences organization.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY WARANGAL. Downloaded on June 23,2024 at [Link] UTC from IEEE Xplore. Restrictions apply.