Professional Documents
Culture Documents
1, JANUARY 2019
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 35
(DSRC) protocol [3] over the wireless channel. Some applica- vehicles nearby to divert from their chosen routes by sending
tions of VANET arbitrarily allow certain vehicles to broadcast them fake messages, and thus secure a rather traffic-free road,
safety messages (e.g. Vehicle speed, traffic accident infor- which enables him or her to drive faster. If the warning system is
mation) to other vehicles nearby (denoted as vehicle-vehicle vulnerable to attacks by malicious users, then the accuracy in the
or V2V communications) and to RSU (denoted as vehicle- calculation of its trust level decreases, and thus the trust level
infrastructure or V2I communications). The intelligent trans- becomes unreliable. Experienced drivers would learn how to
portation system (ITS) is served by an International Standard ignore the fake warning messages generated by such systems.
IEEE 802.11p that works in the 5.9 GHz band, reserved for it Improper handling of message transmissions also can lead to
[4]. ITS ensures road safety by sharing information among the different kinds of attacks, besides leading to leaking driver’s
other devices deployed for this task. Once the driver receives sensitive data (e.g. driving habit, traveling route, etc.). Thus,
any warning message from any party, he or she may suitably both security and privacy are important concerns in designing
reschedule his or her traveling routes. VANET’s applications.
Recently, the systems involved in issuing warning message Anonymous Counting Problem: In the scenario, shown in
have been discussed in [5]. If the detection unit is made more Fig. 1, two initial problems are pointed out in the trust level warn-
sensitive to detecting the warning event, its acceptance rate of ing system: counting and anonymity. Counting, which means
false positive reports may increase. However, at the same time, counting the popularity of the warning messages, received on
it is also possible that a malicious user injects false data and the same event, is one of the main features of trust level calcula-
generates a fake warning. Applying trust may be a good solution tion. Once the counting feature is achieved, the other statistical
for solving the problems caused by malicious user and the errors calculations (e.g. sum and average) can be accomplished.
in the detection unit. In [6], the authors establish trust level as In the Unfixed Identity Signing (UIS) (e.g. pseudo identity)
a measure of confidence in warning message system. They also approach, each warning message is signed by a randomly picked
define trust and enumerate the reasons that necessitate trust. pseudo identity. And, if the same source reports multiple warn-
In the reputation-based mechanism, presented in [7], two ing messages on the same event, it results in over counting.
challenges are identified: 1) RQ1 - How and which parame- To achieve exact counting, Fixed Identity Signing (FIS) can be
ters are to be used in evaluating reputation and 2) RQ2 - How to used to sign warning messages generated from the same source,
assign the initial trust values. In warning systems, the trust level but it leaks driver’s identity through eavesdropping. There-
can be calculated by using all the warning information, reported fore, conventional UIS and FIS cannot achieve counting and
on a particular event. It is to be noted that the contents of two anonymity simultaneously. FIS includes two approaches: Real
warning messages need not be identical, even though they refer Identity Signing (RIS) and One Pseudonym Signing (OPS). RIS
to the same warning event. Even then, they can be linked, based can be rejected straight away, because signing by a real iden-
on the message contents (e.g. event type, location and time). tity leads to leaking driver’s identity. OPS can mask the real
The trust level of a warning is considered high if many nodes identity, but if the pseudonym is misused, a malicious outsider
send positive reports, and this is possible when the majority of can still track it. If an adversary can eavesdrop all the traffic
the users are legitimate. Alert warnings are generated only when throughout an area [12] and link up any specific pseudonym to
the trust level meets the assigned threshold. The nearby drivers the target driver’s identity (e.g. by capturing car plate number
can react to such warnings and take decisions, depending on through a camera), the adversary can trace the targeted driver’s
their needs. Researchers had put in a lot of effort in finding traveling route under OPS. Therefore, the challenge taken up for
ways for achieving meaningful trust levels [6], [8], [9]. Their this study is to design a secure and privacy-preserving solution
approaches are broadly of two categories: 1) statistical formula that can 1) achieve exact counting that enables precise trust level
and 2) decision flow. For statistical approach, the researchers calculation and simultaneously 2) protect drivers’ privacy from
suggest different factors, such as node reputation, event type, such high-level eavesdroppers. This challenge is termed here
event location, entity location, time, etc. For decision flow ap- as Anonymous Counting Problem. To the best of the authors’
proach, they suggest different kinds of logical decisions. For knowledge, this is the first that an attempt is made to overcome
example, if the vehicle and RSU report positive, the warning anonymous counting problem in the background of trust level
event is always to be trusted. warning system in VANET.
In the same reputation-based mechanism, three more chal-
lenges are identified: 1) RQ3 - How do the trust values adopt
to the changes in dynamic factors; 2) RQ4 - How to protect the C. Contributions
trust/reputation values from collusion and deception problems; This novel scheme is called Conditional Distinguishable
and 3) RQ9 - How to evaluate the reputation of a community in Pseudo Identities (CDPD) scheme. In summary, this study has
a dynamic environment. These are the main challenges that are led to four major contributions: 1) Security: CDPD achieves
discussed in this paper. Most of the existing reputation schemes properties of integrity, authentication, and non-repudiation; 2)
on VANET do not consider the security and privacy concerns. Privacy: CDPD overcomes the anonymous counting problem by
VANET inherits all the discovered and undiscovered perfor- conditional anonymity, which has the benefits of distinguishabil-
mance hurdles and security threats from distributed networks ity of OPS and avoiding the possibility of eavesdropper tracking,
[10], [11]. A selfish user may perform some malicious acts to as in the UIS. The same source produces different hash digests in
derive certain benefits. For example, a selfish user may prod the the warning message. All this becomes possible by embedding a
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
36 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
unique credential into all pseudo identities of the user. Besides, to follow similar preloading strategy and found that it works
there are three restricted privacy levels and abilities, which are efficiently, because it uses bilinear mapping [23]. An efficient
delivered in three types. 3) Efficiency: For efficiency, CDPD conditional privacy protocol, using bilinear map pairing, is pro-
relies on bilinear map property. Randomized batch verification posed in [24]. In addition to these, there are several other ways
enhances security level and effectiveness. Proof of pairing equa- to further protect driver’s privacy, e.g. shuffling keys to hide
tion is also given. 4) Time-slotted Feature: CDPD’s time-slotted drivers’ identity [25], [26]. No doubt, these schemes achieve
feature constrains the influence of the malicious user. a high standard of privacy, but they require an RSU nearby
to work. A preloading pseudo identities strategy is suggested
D. Organization to provide mobility. Besides, the design proposed here provides
conditional privacy feature [27], assuming that the RSU is semi-
The remaining part of the paper is organized as follows:
trusted.
Section II summarizes some of the existing security and
Three existing cryptographic approaches are proposed for
privacy-preserving approaches, relating to anonymous counting
achieving threshold property. The first and second approaches
problem; Section III presents the system model and the
can be considered threshold-security-based approaches, in that
assumptions made for trust level warning system, following
they generate a warning message only when enough number of
the adversary model, system requirements and definition of
users’ reports agree. The first approach is Threshold Security
bilinear map; Section IV explains in detail the methodology
(TS), a.k.a. Threshold cryptography [28]. The (t, n)-threshold
adopted in designing the proposed scheme; Section V explains
signature scheme requires that at least t vehicles among n au-
how security requirements are achieved; Section VI analyzes
thenticated vehicles be available for creating the signature to
the time complexity of the proposed scheme; Section VII
sign a warning message. However, this approach cannot give
evaluates the trust level accuracy by simulation and comparison
flexibility in calculating trust level; in other words, it fixes a
of the results of this study with those of two existing secure
threshold that cannot be changed. Also, it carries out threshold
threshold-based approaches; Finally, Section VIII presents the
checking on the generator side. The second approach is Parallel
conclusions drawn from this study.
Threshold Security (PTS) approach [28]. In which the system
administrator may set multiple thresholds, for example, three
II. RELATED WORK thresholds, instead of only one, as in the case of TS. The ap-
Drivers usually need a summary of road situation, not a spe- proach can therefore present low, medium and high trust levels
cific individual report. The summary of road situation motivates of a warning event. But the disadvantage of this approach is that
data aggregation issues in the vehicular network. Secure data the drivers cannot set up the thresholds, and thus the approach
aggregation scheme, with probabilistic counting, can generate is not flexible enough to suit different users’ preferences. Also,
cooperative collision warning [13], [14], but such a scheme in practice, it is difficult to set too many thresholds, as they re-
rigidly requires that the messages are identical, to form a multi- quire too much computation and network bandwidth. Also, the
signature. The probabilistic counting feature also requires that a threshold checking is done on the generator side. The third ap-
sufficient number of nodes agree with the aggregated data. This proach is the announcement-based approach, which usually uses
method allows the receiver to roughly estimate the popularity of a pseudonym to hide the driver’s identity in broadcasting an an-
the reports, but not the precisely counted value. Therefore, data nouncement. The authors of [1] provide a scheme, which is both
aggregation may not suit all the trust level warning systems. threshold- and announcement-based. In this scheme, threshold
Some recent surveys summarize the general problems and checking is done on the receiver side. The drawback of this
solutions, relating to VANET security, privacy, and trust approach is that it cannot overcome anonymous counting prob-
[15]–[18]. One of the highlighted notorious trust-related attacks lem, because the same source produces the same hash value in
on ad hoc network is the Sybil Attack. The malicious node pre- one part of the vehicular messages, each time the identity leaks.
tends itself as several nodes that try to sign a warning event twice To overcome this problem, this paper proposes a conditional
[17]. One of the solutions proposed can detect Sybil Attack, if distinguishable pseudo-identities scheme.
malicious vehicle pretends as multiple and distinct vehicles [19]. Another problem that may arise in warning systems is net-
A similar concept is adopted for the scheme proposed here to work flooding, which may occur if there is multi-hopping com-
check whether two messages are linkable. RSU can perform munication between many nodes. In such situations, flooding-
same source testing to ascertain, whether or not two warning resilient broadcast [29] can be applied, but their designs should
messages are generated from the same source, while preserving not overlap the one in use, because each of them serves a differ-
driver’s privacy. ent purpose.
General privacy problems and requirements of VANET are
investigated in [20]. It is found that two privacy-aware crypto-
graphic primitives are commonly applied in VANET, namely III. PROBLEM STATEMENTS
group signature and pseudonyms techniques [21], [22]. Both of In this section, the system model and assumptions are ex-
them provide anonymity. A pseudonym is commonly used, be- plained first and then possible adversary attacks highlighted.
cause group signature cannot meet the high-efficiency require- After that, the requirements to overcome anonymous count-
ment. The scheme proposed here adopts the privacy-preserving ing problem in a secure and privacy-preserving scheme are
technique, based on pseudonyms. Many researchers proposed summarized.
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 37
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
38 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
the maximum number of the supported users depends on the it can be verified if the identity belongs to the current time
maximum possible bit pattern of pseudo identity and number of slot, because no other time slot can be used for the current
pseudo identity to be assigned to each user. These parameters time slot. The time-slot feature diminishes the number of
can be set up by the system administrator. Besides, pseudo iden- valid identities for a given time slot, and thus reduces Sybil
tity can be updated over time, i.e., each vehicle receives a new attack. Thus, the time-slot feature limits the influence of
set of pseudo identities per month. The scheme thus achieves malicious insider on trust level calculation.
scalability. To achieve independence of mobility patterns, the All attacks mentioned in Section III-B can be resolved or
scheme presented here is not proposed to rely on any of the minimized by the system’s features, detailed above.
existing RSUs.
To achieve trust level calculation under anonymous counting
problem, the general requirements are expanded to five security D. Bilinear Map
and privacy concerns as detailed below: The scheme proposed here relies on a cryptographic opera-
1) Integrity and Authentication: Not all messages received tion, called pairing, and this operation is defined on two cyclic
by the system are automatically modified to verify data groups, using a bilinear map [34]. A brief explanation is pre-
accuracy and completeness; only those messages received sented below on what bilinear map is.
from authenticated parties (including vehicles, RSU and Let G be a cyclic additive group and GT be a cyclic multi-
TA) are verified and stored. Also, all authenticated recip- plicative group. Both groups G and GT have the same prime
ients can verify that the messages they receive are gen- order q. Bilinear pairing on (G, GT ) is a map ê : G × G → GT ,
erated from authenticated parties. Thus, integrity and au- which is called the bilinear map that satisfies the following prop-
thentication requirement of the warning system saves the erties:
end users from forged and impersonated attacks. 1) Bilinear: ∀R, S, T ∈ G and ∀a, b ∈ Z, ê(R + S, T ) =
2) Non-Repudiation: This requirement refers to the provi- ê(R, T ) · ê(S, T ) = ê(R, S + T ). Also ê(aR, bR) =
sion of proof of origin. The sender cannot deny sending ê(R, bR)a = ê(aR, R)b = ê(R, R)ab .
the warning message, because it bears his or her signa- 2) Non-Degenerate: There exists R, S ∈ G such that
ture. But, it is hard to ascertain whether a wrong warning ê(R, S) = 1GT .
message is caused by a forged message or by an error in 3) Computable: ê can be efficiently computed.
detection unit in real-time. Therefore, the system cannot The objective of using bilinear map is to enhance the effi-
straight away blacklist malicious vehicles identity, with- ciency. In this paper, the format of pseudo identity is designed
out due investigation. Thus, the warning system requires for using bilinear map. It relies on a discrete logarithm prob-
non-repudiation. lem (DLP), which is computationally hard, i.e. given that the
3) Privacy: The identity of warning message sender should point S = aR, there exists no efficient algorithm that can yield
be kept anonymous from eavesdroppers. Therefore, not a, from the given R and S. Both R and S can be transferred
all the hash values of any part of the vehicular messages in public without worrying about the exposure of a to any at-
sent from the same source should be the same. Once this tacker. In terms of property 3 and in this kind of cryptographic
guideline is followed, outsiders or even authenticated ve- scheme, computing ê(R, S) is the most expensive operation in
hicles will have no way for linking two or more warning each pairing operation.
messages, if they are from the same source. Thus, tracking
attack can be avoided.
4) Conditional Anonymity: There are three anonymity lev- IV. PROPOSED SOLUTIONS
els on three different authenticated network entities; from This section presents the proposed secure and privacy-
the highest to the lowest, they are as follows: a) TA can preserving announcement-based scheme, using conditional dis-
trace, distinguish and verify messages; b) RSU can only tinguishable pseudo identities (CDPD), to overcome anonymous
distinguish and verify messages; c) vehicle can only ver- counting problem. The scheme relies on a cryptographic oper-
ify messages. Traceability, distinguishability, and veri- ation, called pairing. This operation is defined on two cyclic
fiability are defined as follows: Traceability means the groups with a map, called bilinear map [34]. By virtue of bilin-
recipient can trace any message by revealing the real ear property, pseudo identity and signature can be verified by
identity of the sender, so that the driver cannot avoid pairing. In wireless networks, bilinear map pairing is adopted
liability; distinguishability means the recipient can ascer- commonly, because it is more efficient than the traditional en-
tain whether two or more warning messages are sent by cryption method (e.g. RSA). Also, randomized batch verifi-
the same source; this ability can minimize the influence of cation can verify messages from different owners at once to
Sybil attack, because the recipient can check whether the enhance security level and efficiency. Proofs of pairing equa-
received messages (even those signed by using different tions are given. For the sake of clarity, multiplication sign ×
pseudo identities) are generated from the same sender, and is included between two points, instead of point multiplication.
thus blacklist the sender of the messages, if necessary. H(M ) is a MapToPoint [35] hash value on message M . h(M )
5) Time-Slotted Feature: The malicious user may perform is a one-way hash value of message M . All notations are listed
Sybil attack using all possible identities to create warning in Table I. The proposed scheme contains the following six
messages of a fake warning event. By applying time slot, modules:
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 39
A. System Setup
The TA sets up a conventional public key infrastructure (PKI)
scheme for TA, RSU, and vehicle to facilitate initial communi-
cation among them. An RSU and a vehicle OBU can get initial
system parameters, a pair of public and private keys pair, and
certificates through the PKI. The TA chooses bilinear groups G,
GT that satisfy bilinear map properties. Assuming that P is the
generator of G. TA randomly picks sen c ∈ Zq as encryption-
based system master secret, where Zq is a large integer. Only
RSUs preload this secret through TA for the use of the cre-
dential. TA picks another ssig ∈ Zq as signature-based system
master secret and computes Ppu b = ssig P as public parameter.
This secret is used for verifying identity and signature. Both
OBUs and RSUs preload this secret through TA. The TA sets
its secret key T SK and assigns itself the identity T RID:
r T RID = T SK × P
T RID and P are preloaded into every OBUs and RSUs from
TA through conventional PKI.
B. RSU Setup
Each RSU Ri , it communicates with TA through conven-
tional PKI. Ri transfers its location RLi to TA. The sys-
tem assigns Ri the secret key RSKi and identity RRIDi ,
and the TA generates its certificate RCi . Any entity can use
TA’s public key to verify this RSU’s credential in the future.
1) System Setup: TA sets up a conventional public key infras- TA replies to Ri with sen c , ssig , P, RSKi , RCi and all other
tructure (PKI) scheme for all parties, including RSU and RSUs’ credentials through conventional PKI. The following are
vehicle OBU. It sets up parameters and generates system the mathematical equations of some components used in this
master secrets, besides assigning itself the identity and subsection:
preloads to all RSUs and vehicles. r RRIDi = RSKi × P
2) RSU Setup: RSU communicates with TA through conven- r RCi = < RRIDi , RLi , T SIGT S K (RRIDi ||RLi ) >,
tional PKI; TA generates RSU credential and its secret where TA’s signature is T SIGT S K (RRIDi ||RLi ) =
key, and transfers them, along with system master secrets, H(RRIDi ||RLi ) × T SK.
to RSU.
3) Vehicle Startup: Vehicle OBU communicates with TA
C. Vehicle Startup
through conventional PKI. It receives RSUs’ credential,
the system master secrets and the pool of pseudo identities In vehicle Vi startup, the driver inputs the real identity V RIDi
from TA. and password to Vi ’s OBU. Vi ’s network module transfers the
4) Warning Message Generation: After detecting a warning, real identity and password to TA through conventional PKI. If
vehicle OBU randomly picks a pseudo identity within the they are found valid, TA can generate unique credential and
time slot and generates a warning. Then, it broadcasts the time-slotted pseudo identities for Vi , following the steps shown
warning with signature to the nodes nearby. below.
5) Warning Message Verification: After receiving the warn- To generate unique credential U Ci for Vi , TA picks a random
ing, the recipient (driver) verifies it and calculates the number rcr e and generates TA’s signature on the credential U Ci :
trust level of the warning event; the driver then reacts to r U Ci = < U Ci1 , U Ci2 > = < rcr e P , T SIGT S K (rcr e P )
the warning, based on the trust level. >, where T SIGT S K (rcr e P ) = H(rcr e P ) × T SK
6) Same Source Testing by RSU: After verifying the warning TA ensures that the random number rcr e is not used in gen-
message, RSU tests this warning message with all the erating another credential. Each vehicle is assigned only one
other received warning messages, relating to the same unique credential, embedded into pseudo identities, to achieve
warning event to check if they are all generated from non-repudiation property. So, this credential can be used for
the same source. If the warning message fails to pass the same source testing by RSU.
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
40 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
In each pseudo identity V P IDij of Vi , the embedded U Ci , ing message, such that all authenticated parties, which contains
which is asymmetric, is encrypted by using a random session ssig , can verify the warning message. Then, warning message’s
key K, to avoid tracking attack. To perform the encryption, TA signature σi on Ti and Mi , is signed as:
generates a random session key K to symmetrically encrypt r σi = V SKij 1 + V SKij 2 + h(Ti ||Mi )V SKij 3
(denoted as S EN C) U Ci . Another random number x is then The broadcast warning message is < V P IDij , Mi , Ti , σi >.
generated for encrypting K. The following is the definition of
encrypted credential ECij : E. Warning Message Verification
r ECij = < ECij 1 , ECij 2 , ECij 3 > = < xP, K + xP ×
Any recipient (vehicle or RSU), close to the warning owner
sen c , S EN CK (U Ci ) >
may receive the warning message < V P IDij , Mi , Ti , σi >.
Each pseudo identity V P IDij is assigned an encrypted cre-
Before calculating the trust level of the warning message, the
dential ECij , using bilinear map property. As U Ci is encrypted
recipient needs to verify it, following the steps given below.
by sen c , TA transfers sen c to RSUs only, and thus only RSUs and
Warning message can be ignored if timestamp Ti is outdated or
TA can obtain U Ci from ECij . It is to be noted that TA needs to
Ti is not in the range of T Sq . To verify pseudo identity V P IDij ,
ensure that, for counting purpose, each ECij is unique for each
encrypted credential ECij and time slot T Sq are verified by
time slot. This can be verified by checking if S EN CK (U Ci )
checking whether equality (1) holds:
is repeatedly used.
Now, it will be explained how to add a time-slotted feature to ê(V P IDij 3 , P ) = ê(H(ECij ||T Sq P ), T RID) (1)
each pseudo identity. For example, to add a (k, q) time-slotted
feature to an M -long pseudo identity approach, the M length Proof of correctness:
of time (e.g. a month) can be divided into time-slots of a valid L.H.S.
period of ΔT . Once can get q = M ÷ ΔT number of time slots. = ê(T SK × H(ECij ||T Sq P ), P )
The time range of any time slot T Sq is as follows: = ê(H(ECij ||T Sq P ), T SK × P )
r T Sq =< q × ΔT, (q + 1) × ΔT > = R.H.S.
T Sq is stored as the number q. For each q time slot of Vi , It is to be noted that the recipient can verify more than one
TA assigns k pseudo identities. A pool of pseudo identities pseudo identity in a batch [22], [36]. For this study, the idea of
is generated in size D, where D = k × q is the total number randomized batch verification is adopted [37]–[39] by adding
of pseudo identities for each vehicle Vi . TA generates pseudo a set of small value vectors V eca = (V eca1 , V eca2 , ..., V ecan )
identity V P IDij thus: into batch verification, where each vector is a small random
r VP IDij = < VP IDij 1, VP IDij 2 , VP IDij 3 > = < ECij, value. They are applied into a randomized batch for n pseudo
T Sq , T SIGT S K (ECij ||T Sq P ) >, where TA’s signature identities verification. Such verification involves the checking
on the pseudo identity V P IDij is T SIGT S K (ECij whether equality (2) below holds:
||T Sq P ) = H(ECij ||T Sq P ) × T SK n
It is to be noted that encrypted credential ECij and time ê (V ecai × V P IDij 3 ), P
slot T Sq are embedded and signed together. An unbreak- i=1
able linkage between encrypted credential ECij and time slot n
T Sq is maintained in the pseudo identity V P IDij . While = ê (V ecai × H(ECij ||T Sq P )), T RID (2)
generating pseudo identities, TA records the matching be- i=1
tween real identities, unique credential and pseudo identities as
< V RIDi , U Ci , V P IDij > and stores it in its local database. Proof of correctness:
L.H.S.
It gives traceability of TA. TA replies vehicle with Vi , ssig , P ,
= ê( ni=1 (V ecai × T SIGT S K (ECij ||T Sq P )), P )
a pool of pseudo identities V P IDij and all RSUs’ certificates
through conventional PKI. = ê( ni=1 (T SK × V ecai × H(ECij ||T Sq P )), P )
= ê(T SK × ni=1 (V ecai × H(ECij ||T Sq P )), P )
n
= ê( i=1 (V ecai × H(ECij ||T Sq P )), T SK × P )
D. Warning Message Generation = R.H.S.
If vehicle Vi detects a warning event, it creates a warn- Random small value vectors are generated on the recipient
ing message Mi . For example, if the format of Mi is side. With randomized property, the adversary cannot prepare
< T ype, Content, Location, T ime, SuggestionIf Exists > some fake pseudo identities or signatures that can cancel those
and the warning is generated with a current Timestamp Ti , then random values. Thus, the randomized solution can defend adap-
Vi randomly picks a pseudo identity V P IDij in T Sq where tive chosen-identity and chosen-message attack (CID-CMA).
Ti is in the time range of T Sq . Vi and generates signing key CID-CMA attack is considered to be the strongest security no-
V SKij : tion of Identity-based Security (IBS) scheme. CID-CMA secu-
r V SKij = < V SKij 1 , V SKij 2 , V SKij 3 > = < ssig rity means that the adversary is allowed to ask for the private
V P IDij 1 , ssig V P IDij 2 , ssig H(V P IDij3) > keys of arbitrary identities and signatures of arbitrary messages
Vi should avoid using the same pseudo identity repeatedly [37]. In batch verification of CDPD, the adversary wins if he
to sign warning message to hide Vi ’s identity. It is to be noted or she can output pseudo-identity-based signatures for warning
that signature-based system secret ssig is used in signing warn- messages and pseudo identities, such that neither the private
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 41
keys of those pseudo identities nor the signatures on those mes- areas, without any RSUs nearby, when the recipient receives two
sages for those pseudo identities are asked for. different warning messages, he or she has to assume that they
After validating pseudo identities, the recipient can continue are from different sources. But, without same source testing,
to verify the signature of one warning message by checking the trust level calculation may go wrong, if any Sybil attack is
whether equality (3) below holds: impending. However, the situation is still acceptable because, in
rural areas, the vehicles are generally so few that they would not
ê(σi , P ) = affect the trust level calculation much. If the recipient finds any
ê(V P IDij 1 + V P IDij 2 + h(Ti ||Mi )H(V P IDij 3 ), Ppu b ) suspicious warning messages, he or she can request the RSU,
(3) whenever he or she comes across one, to perform the same
source testing to ensure message’s reliability.
Proof of correctness: Extension 1 - Action Report: Announcement of driver’s action
L.H.S. may also be useful to the vehicles nearby, or the central system,
= ê(V SKi1 + V SKi2 + h(Ti ||Mi )V SKi3 , P ) to analyze the current road situations. In this case, driver’s
= ê(V SKi1 , P )ê(V SKi2 , P )ê(h(Ti ||Mi )V SKi3 , P ) action can be broadcast in the same way as a warning message,
= ê(sV P IDij 1 , P )ê(sV P IDij 2 , P ) except for changing the content of the message. The action
ê(h(Ti ||Mi )sH(V P IDij 3 ), P ) record can be in the following format: < T ype, Location,
= ê(V P IDij 1 , P pub)ê(V P IDij 2 , P pub) T ime, DriverActionDone >. In this case, the system needs
ê(h(Ti ||Mi )H(V P IDij 3 ), P pub) to reserve more pseudo identities for the vehicle.
= R.H.S.
Similar to verifying pseudo identities verification, the recipi- F. Same Source Testing by RSU
ent can verify the signature of n warning message by randomized When the RSU Ri receives a warning message, it first carries
batch verification. The recipient generates another set of small out the warning verification steps, just as OBU does. Now, it
value vectors V ecb = (V ecb1 , V ecb2 , ..., V ecbn ). This verifica- will be shown how Ri performs same source testing, after the
tion involves the checking whether equality (4) below holds. above checking. Same source testing is a test to ascertain if two
n n warning messages are generated from the same source. First, it
ê (V ecbi × σi ), P = ê (V ecbi × (V P IDij 1 is assumed that Ri has already stored all the previously verified
i=1 i=1
warning records, which are not outdated, in its local database.
To decrypt credential ECij , which is V P IDij 1 , ECij 1 is multi-
plied by Ri , which is xP by its encryption-based system master
+ V P IDij 2 + h(T i||M i)H(V P IDij 3 ))), P pub (4)
secret sen c (i.e. to obtain xP × sen c ), and then the product is
subtracted from ECij 2 to obtain session key K:
Proof of correctness: r K = K + xP × sen c −ECij 2
L.H.S. Then, U Ci can be obtained. To protect vehicle’s identity, RSU
= ê( ni=1 (V ecbi V SKi1 + V ecbi V SKi2 should not store the credential but use it only for same source
+V ecbi h(T i||M i)V SKi3 ), P ) testing.
= ê( ni=1 (V ecbi sV P IDij 1 ), P ) It may please be recalled that U Ci = < U Ci1 , U Ci2 > =
n
ê( i=1 (V ecbi sV P IDij 2 ), P ) < rcr e P, T SIGT S K (rcr e P ) >, Ri verifies credential U Ci by
ê( ni=1 (V ecbi h(T i||M i)sH(V P IDij 3 )), P ) checking whether equality (5) below holds:
= ê( ni=1 (V ecbi V P IDij 1 ), P pub) ê(T SIGT S K (rcr e P ), P ) = ê(H(rcr e P ), T RID)
n (5)
ê( i=1 (V ecbi V P IDij 2 ), P pub)
Proof of correctness:
ê( ni=1 (V ecbi h(T i||M i)H(V P IDij 3 )), P pub)
L.H.S.
= R.H.S.
= ê(T SK × H(rcr e P ), P )
Trust Level Calculation: If the signature also is valid, the
= ê(H(rcr e P ), T SK × P )
OBU trusts this warning message. The recipient stores the warn-
= R.H.S.
ing message as a record in its local database. All vehicles keep
Similar to pseudo identities and signatures, recipient can pick
receiving different warning messages while traveling, and each
a set of small value vectors V ecc = (V ecc1 , V ecc2 , ..., V eccn )
warning message corresponds to one warning event. So, when
to verify more than one credential by randomized batch verifi-
a vehicle receives a new warning message, OBU updates trust
cation. Such verification involves the checking whether equality
level accordingly. Once the trust level meets the threshold (e.g.
(6) below holds:
five positive warning messages for a particular warning event), n
the car-alert system will warn the driver. The design proposed
here allows various methods to calculate the trust level, and ê (V ecci × T SIGT S K (rcr e P )), P
counting is one of them. The threshold can be set up by the i=1
driver or the system. If any received warning message con-
n
tains an embedded suggestion, e.g., change the route, then the = ê (V ecci × H(rcr e P )), T RID (6)
alert system may also suggest this action to the driver. In rural i=1
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
42 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 43
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
44 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 45
TABLE III
SIMULATION OF THREE SECURITY METHODS
Fig. 4. Number of victims in terms of distance between the crash spot and the
pathway (400 m) joins the main road at 350 m away from the intersection.
starting point of the main road. A traffic accident (e.g. car crash)
occurs at the end point of the main road. Each vehicle has its
random entering time and traveling route. By default, 80% of
the drivers keep driving along the main road to reach their desti-
nation, considering that as the shortest path, whereas 20% of the
drivers prefer to drive along the pathway. Each vehicle is 4.5 m
long, and its maximum speed is 50 km/hr. Each vehicle can
detect the warning accident within 40 m by its detection unit,
based on some real detection systems and publication [44]–[46].
Each simulation starts with the occurrence of a traffic accident
at the end point of the road. Each normal vehicle travels along
its default traveling route. The vehicles obey the system and try
to detect the warning event, broadcast warning message, and
warn the vehicles behind. However, as the road is a one-way Fig. 5. The first beneficiary in terms of the distance between the crash spot
one, the drivers cannot drive back to the intersection, and hence and the intersection.
they will just stop one behind the other, in front of the crash spot.
Their warning messages can benefit only those vehicles, which
are behind them. Each of those vehicles, behind them, tries to was used to simulate the warning accident event and to han-
collect all the warning messages and calculate the trust level dle the warning message transmission accordingly. TRACI was
of the warning event. Once the trust level meets the threshold, chosen as the interface of SUMO in generating and modifying
the driver trusts the warning event and reacts suitably (e.g. if the dynamically the behavior of cars for different road conditions.
driver trusts the warning, he or she changes the traveling route to The simulation was repeated 10 times for 10 different random
the pathway to avoid getting stuck in a traffic jam). The specific cases in each of the following sets of experiments and the values
percentage of the warning event depends on the driver’s decision obtained were averaged for each measure.
on trust level. The performances of the three security methods- where,
TS, PTS and CDPD-were compared in each set of experiments. p = Number of Positive Verification Messages
Six set-ups of driver’s trust decision on the three security meth- n = Counting Threshold of Threshold Security
ods were evaluated and the results are shown in Table III. Three d = Percentage-based Threshold
different thresholds-3, 5 and 8-were picked up for TS scheme, m = Minimum Counting Threshold
based on the suggestion in [2] that the reasonable number of
verifiers could be between 3 and 10. These three set-ups are
designated as TS[3], TS[5], TS[8]. The 4th set-up is from Par- B. First Set of Experiment - Real Warning Evaluation Without
allel Threshold Security method with three thresholds, as in the Malicious Users
case of TS, and this is designated as PTS[3,5,8] [2]. To eval- In the first set of experiment, there is no malicious user. As-
uate the performance of CDPD, two thresholds are picked up: suming that a real warning event existed, the number of victims
threshold 70% CDPD[5,0.7] and threshold 90% CDPD[5,0.9], (i.e. the number of vehicles that were caught up in the traffic
the Minimum Counting Threshold being 5. As CDPD calculates jam) was evaluated (see Fig. 4) and similarly the ID number of
trust level by percentage, the scheme would be effective only the first beneficiary (i.e. the first vehicle that changed the orig-
when there are enough vehicles, which is assumed to be 5 for inal route from the main road to the pathway)(see Fig. 5), by
this study. Simulation was applied to these 6 set-ups. Traffic modifying the distance between the intersection and the crash
simulation suite, Simulation of Urban Mobility (SUMO) [43], spot. The performance of a security method is considered to be
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
46 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
YEUNG et al.: ANONYMOUS COUNTING PROBLEM IN TRUST LEVEL WARNING SYSTEM FOR VANET 47
scheme relies on bilinear-map and corresponding randomized [15] H. Hasrouny, A. E. Samhat, C. Bassil, and A. Laouiti, “VANET security
batch verification to enhance its security and effectiveness. The challenges and solutions: A survey,” Veh. Commun., vol. 7, pp. 7–20,
2017.
performance of CDPD was compared with that of threshold se- [16] M. N. Mejri, J. Ben-Othman, and M. Hamdi, “Survey on VANET security
curity and parallel threshold security methods. CDPD’s decen- challenges and possible cryptographic solutions,” Veh. Commun., vol. 1,
tralization and precise counting features contribute to an overall no. 2, pp. 53–66, 2014.
[17] R. Mishra, A. Singh, and R. Kumar, “VANET security: Issues, chal-
better performance, in terms of processing time and trust level lenges and solutions,” in Proc. Int. Conf. Elect., Electron., Optim. Techn.,
accuracy. It thus helps the drivers in reacting quickly to warning Mar. 2016, pp. 1050–1055.
events and taking appropriate decisions. In future work, it is [18] L. Bariah, D. Shehada, E. Salahat, and C. Y. Yeun, “Recent advances in
VANET security: A survey,” in Proc. IEEE 82nd Veh. Technol. Conf.,
proposed to simulate a real map situation and evaluate the effec- Sep. 2015, pp. 1–7.
tiveness of different trust methods. To achieve a higher privacy [19] X. Lin, “LSR: Mitigating zero-day sybil vulnerability in privacy-
standard, a new approach that does not rely on the assumption preserving vehicular peer-to-peer networks,” IEEE J. Sel. Areas Commun.,
vol. 31, no. 9, pp. 237–246, Sep. 2013.
of trusted authority (TA) may be needed. Some users may not [20] J. Petit, F. Schaub, M. Feiri, and F. Kargl, “Pseudonym schemes in ve-
trust any party, as though no TA exists, but they still insist on hicular networks: A survey,” IEEE Commun. Surv. Tut., vol. 17, no. 1,
ensuring road safety. A de-centralized approach is needed to pp. 228–255, Jan.–Mar. 2015.
[21] T. W. Chim, S.-M. Yiu, L. C. K. Hui, and V. O. K. Li, “MLAS: Multiple
defend this kind of traffic surveillance by TA. level authentication scheme for VANETs,” Ad Hoc Netw., vol. 10, no. 7,
pp. 1445–1456, 2012.
[22] T. W. Chim, S. M. Yiu, L. C. K. Hui, Z. L. Jiang, and V. O. K. Li, “Specs:
Secure and privacy enhancing communications schemes for VANETs,”
in Ad Hoc Networks (Lecture Notes of the Institute for Computer Sci-
REFERENCES ences, Social Informatics and Telecommunications Engineering 28), Jun
[1] L. Chen, S.-L. Ng, and G. Wang, “Threshold anonymous announcement Zheng, Shiwen Mao, ScottF. Midkiff, and Hua Zhu, Eds., Berlin, Ger-
in VANETs,” IEEE J. Sel. Areas Commun., vol. 29, no. 3, pp. 605–615, many: Springer, 2010, pp. 160–175.
Mar. 2011. [23] C.-I. Fan, R.-H. Hsu, and C.-H. Tseng, “Pairing-based message authenti-
[2] C. S. Eichler, “Solutions for scalable communication and system security cation scheme with privacy protection in vehicular ad hoc networks,” in
in vehicular network architectures,” Ph.D. dissertation, Technical Univer- Proc. Int. Conf. Mobile Technol., Appl., Syst., 2008, Paper 82.
sity of Munich, München, Germany, 2009. [24] D. Huang, S. Misra, M. Verma, and G. Xue, “PACP: An efficient pseudony-
[3] H. Oh, C. Yae, D. Ahn, and H. Cho, “5.8 GHz DSRC packet communi- mous authentication-based conditional privacy protocol for VANETs,”
cation system for ITS services,” in Proc. IEEE 50th Veh. Technol. Conf., IEEE Trans. Intell. Transp. Syst., vol. 12, no. 3, pp. 736–746, Sep. 2011.
Sep. 1999, pp. 2223–2227. [25] A. Tomandl, H. Federrath, and F. Scheuer, “VANET privacy by ‘defending
[4] IEEE Standard For Information Technology—Local and Metropolitan and attacking’,” in Proc. 6th Joint IFIP Wireless Mobile Netw. Conf.,
Area Networks—Specific Requirements—Part 11: Wireless Lan Medium Apr. 2013, pp. 1–7.
Access Control (mac) and physical layer (phy) specifications amendment [26] H. Artail and N. Abbani, “A pseudonym management system to achieve
6: WirelessAccess in Vehicular Environments, IEEE Standard 802.11p- anonymity in vehicular ad hoc networks,” IEEE Trans. Dependable Secure
2010 (Amendment to IEEE Standard 802.11-2007 as amended by Comput., vol. 13, no. 1, pp. 106–119, Jan. 2016.
IEEE Standard 802.11k-2008, IEEE Standard 802.11r-2008, IEEE Stan- [27] U. Rajput, F. Abbas, and H. Oh, “A hierarchical privacy preserving
dard 802.11y-2008, IEEE Standard 802.11n-2009, and IEEE Standard pseudonymous authentication protocol for VANET,” IEEE Access, vol. 4,
802.11w-2009), pp. 1–51, Jul. 2010. pp. 7770–7784, 2016.
[5] A. Buchenscheit, F. Schaub, F. Kargl, and M. Weber, “A VANET-based [28] L. Chen, Q. Lit, K. M. Martin, and S.-L. Ng, “A privacy-aware reputation-
emergency vehicle warning system,” in Proc. IEEE Veh. Netw. Conf., based announcement scheme for VANETs,” in Proc. IEEE 5tj Int. Symp.
Oct. 2009, pp. 1–8. Wireless Veh. Commun., Jun. 2013, pp. 1–5.
[6] M. Mejia and R. Chaparro-Vargas, “Distributed trust and reputation [29] H.-C. Hsiao et al., “Flooding-resilient broadcast authentication for
mechanisms for vehicular ad-hoc networks,” in Vehicular Technologies— VANETs,” in Proc. 17th Annu. Int. Conf. Mobile Comput. Netw., New
Deployment and Applications, Dr. Lorenzo Galati Giordano (Ed.), York, NY, USA, 2011, pp. 193–204.
London, U.K.: Intech, 2013. [30] J. R. Douceur, “The sybil attack,” in Proc. Int. Workshop Peer-to-Peer
[7] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad, “A survey on trust and Syst., 2002, pp. 251–260.
reputation models for web services: Single, composite, and communities,” [31] J. T. Chiang and Y. C. Hu, “Cross-layer jamming detection and mitigation
Decis. Support Syst., vol. 74, pp. 121–134, 2015. in wireless broadcast networks,” IEEE/ACM Trans. Netw., vol. 19, no. 1,
[8] M. Fogue, P. Garrido, F. J. Martinez, J.-C. Cano, C. T. Calafate, and pp. 286–298, Feb. 2011.
P. Manzoni, “Analysis of the most representative factors affecting warn- [32] Y. Liu, P. Ning, H. Dai, and A. Liu, “Randomized differential DSSS:
ing message dissemination in VANETs under real roadmaps,” in Proc. Jamming-resistant wireless broadcast communication,” in Proc. IEEE IN-
IEEE 19th Int. Symp. Model., Anal. Simul. Comput. Telecommun. Syst., FOCOM, Mar. 2010, pp. 1–9.
Jul. 2011, pp. 197–204. [33] F. G. Mrmol and G. M. Prez, “Trip, a trust and reputation infrastructure-
[9] A. J. Sophia, “A score based trustworthy declaration scheme for VANETs,” based proposal for vehicular ad hoc networks,” J. Netw. Comput. Appl.,
Int. J. Eng. Res. Appl., vol. 4, pp. 542–544, Mar. 2014. vol. 35, no. 3, pp. 934–941, 2012.
[10] M. Raya, P. Papadimitratos, and J.-P. Hubaux, “Securing vehicu- [34] A. Menezes, “An introduction to pairing-based cryptography,” Mathemat-
lar communications—assumptions, requirements, and principles,” Proc. ics Subject Classification, Primary 94A60, 1991.
IEEE, vol. 13, no. 5, pp. 8–15, Oct. 2006. [35] D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil
[11] V. H. LA and A. CAVALLI, “Security attacks and solutions in vehicular Pairing,” in Proc. 7th Int. Conf. Theory Appl. Cryptol. Inf. Sec., Adv.
Ad hoc networks: a survey,” in Proc. Int. J. AdHoc Netw. Syst., vol. 4, Cryptol., 2001, pp. 514–532.
no. 2, pp. 1–5, Apr. 2014. [36] C. Zhang, R. Lu, X. Lin, P. H. Ho, and X. Shen, “An efficient identity-
[12] B. Wiedersheim, Z. Ma, F. Kargl, and P. Papadimitratos, “Privacy in inter- based batch verification scheme for vehicular sensor networks,” in Proc.
vehicular networks: Why simple pseudonym change is not enough,” in IEEE 27th Conf. Comput. Commun., Apr. 2008, pp. 816–824.
Proc. 7th Int. Conf. Wireless On-demand Netw. Syst. Serv., Feb. 2010, [37] J. K. Liu, T. H. Yuen, M. H. Au, and W. Susilo, “Improvements on an
pp. 176–183. authentication scheme for vehicular sensor networks,” Expert Syst. Appl.,
[13] Q. Han, S. Du, D. Ren, and H. Zhu, “SAS: A secure data aggregation vol. 41, pp. 2559–2564, 2014.
scheme in vehicular sensing networks,” in Proc. IEEE Int. Conf. Commun., [38] J. Zhang, M. Xu, and L. Liu, “On the security of a secure batch verification
May 2010, pp. 1–5. with group testing for VANET,” Int. J. Netw. Secur., vol. 16, pp. 313–320,
[14] R. W. van der Heijden, “Sedya: Secure dynamic aggregation 2014.
in VANETs,” Aug. 2012. [Online]. Available: https://dl.acm.org/ [39] R. Xue, T. Cao, and D. Lin, “Security analysis of some batch verifying
citation.cfm?id=2462119 signatures from pairings,” Int. J. Netw. Secur., vol. 3, pp. 138–143, 2006.
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.
48 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 1, JANUARY 2019
[40] Q. Wu, L. C. K. Hui, C. Y. Yeung, and T. W. Chim, “Early car colli- Tat Wing Chim received the B.Eng., M.Phil., and
sion prediction in VANET,” in Proc. Int. Conf. Connected Vehicles Expo, Ph.D. degrees in information engineering, electri-
Oct. 2015, pp. 94–99. cal and electronic engineering and computer science
[41] A. Kalam and K. Aboobaker, “Performance analysis of authentication from The University of Hong Kong, Hong Kong, in
protocols in vehicular ad hoc networks (VANET),” Royal Holloway, Uni- 2002, 2004, and 2011, respectively. From 2011 to
versity of London, Egham, U.K., Tech. Rep. 2010. 2013, he was a Post-doctoral Fellow, funded by Prof.
[42] T. W. Chim, S.-M. Yiu, L. C. Kwong Hui, and V. O. K. Li, “OPQ: Victor O.K. Li, with the Department of Computer
OT-based private querying in VANETs,” IEEE Trans. Intell. Transp. Science, The University of Hong Kong. He is cur-
Syst., vol. 12, no. 4, pp. 1413–1422, Dec. 2011. [Online]. Available: rently a Lecturer in the same department. His research
https://ieeexplore.ieee.org/document/5898413 interests include information security and network
[43] D. Krajzewicz, G. Hertkorn, C. Rössel, and P. Wagner, “Sumo (Simulation routing.
of Urban Mobility)-an open-source traffic simulation,” in Proc. 4th Middle
East Symp. Simul. Model., 2002, pp. 183–187.
[44] S. Tanaka, K. Yamada, T. Ito, and T. Ohkawa, “Vehicle detection based on
perspective transformation using rear-view camera,” vol. 2011, Art. no.
279739.
[45] A. O. Ors, “RADAR, camera, LiDAR and V2X for autonomous cars,”
[Online]. Available: https://blog.nxp.com/automotive/radar-camera-and-
lidar-for-autonomous-cars, Accessed on: Jan. 12, 2018.
[46] Banner Engineering Corp, “Vehicle Detection Sensors,”
[Online]. Availbale: https://www.bannerengineering.com/us/en/products/ Siu Ming Yiu received the Ph.D. degree in computer
capabilities/vehicle-detection.html, Accessed on: Nov. 1, 2017. science from The University of Hong Kong, Hong
Kong. He is currently an Assistant Professor in the
same department. His research interests include in-
formation security, cryptography, and bioinformatics.
He was the recipient of the Best Teacher Award of
Checuk Yu Yeung received the B.Eng. and Ph.D. the department as well as the university.
degrees in computer science from The University
of Hong Kong, Hong Kong. His research interests
include information security and data analytic. He
is currently carrying out research in VANET and
e-learning.
Authorized licensed use limited to: Lancaster University. Downloaded on February 28,2021 at 02:16:39 UTC from IEEE Xplore. Restrictions apply.