Due to the customers’ growing interest in using various intelligent and connected devices, we are surrounded by the Internet of Things (IoT). It is estimated that the number of IoT devices will exceed 60 billion by 2025. One of the primary reasons for such rapid growth is the Internet of Vehicles (IoV). Internet of Vehicles (IoV) has evolved into an emerging concept in intelligent transportation systems (ITS) that integrates VANETs and the IoT to enhance their capabilities. With the emergence of IoV and the interest shown by customers, Vehicular Ad hoc NETworks (VANETs) are likely to be widely deployed in the near future. However, for this to happen, wide participation of vehicle owners in VANET is needed. The primary concerns of vehicle owners to participate in VANET are privacy and security. In this paper, we present a Certificateless and REused-pseudonym based Authentication Scheme for Enabling security and privacy (CREASE) in VANETs. One of the ways to preserve the privacy of vehicles/drivers is to allow vehicles/drivers to use pseudo identities (pseudonyms) instead of their real identities (such as VIN number or driving license number) in all communications. The pseudonym used by a vehicle needs to be changed frequently to prevent the vehicle from being tracked. Our scheme uses Merkle Hash Tree and Modified Merkle Patricia Trie to efficiently store and manage the pseudonyms assigned to a vehicle. This enables a vehicle to pick and use a random pseudonym from a given set of pseudonyms assigned to it as well as change its pseudonym frequently and securely to ensure privacy. Unlike many of the existing schemes, our scheme does not use certificates and certificate revocation lists for authentication. Moreover, it allows vehicles to get a set of pseudonyms only once from the trusted authority. We present a formal proof of correctness of our scheme and also compare our scheme with some of the other contemporary schemes to show the effectiveness of our scheme.
- Intelligent transportation systems
- Privacy-preserving authentication