Professional Documents
Culture Documents
Abstract—Standards such as the American IEEE 1609, Euro- term C-ITS refers to use of information and communication
pean ETSI ITS-G5, and Japanese ARIB STD-T109 aim to es- technologies (ICT) intelligently. C-ITS comprises a wide range
tablish Cooperative Intelligent Transportation Systems (C-ITS) of technologies, controls, systems, and applications. These have
by enabling Vehicular Ad-Hoc Networks (VANETs). In VANETs,
vehicles communicate with other vehicles and roadside infrastruc- the potential to save lives, time, and money by preventing crashes
ture to support latency-critical applications which increase driver using applications like pre-crash sensing and intersection colli-
awareness of the surroundings. This should result in improved sion avoidance [1].
safety and possibly optimizing traffic. However, to secure VANET One of the main elements of C-ITS is the capability for
communications against message manipulation or replaying, se- heterogeneous vehicles to communicate with one another in
curity standards such as IEEE 1609.2 and ETSI TS 103 097 are
proposed. In this work, we implement the cryptographic primi- an interoperable manner. To establish such Vehicle-to-Vehicle
tives recommended in the IEEE 1609.2 standard to authenticate (V2V) communication, car manufacturers embed devices using
low latency safety critical messages. We evaluate the effect of IEEE 802.11p, called Wireless Access in Vehicular Environment
the implementation using metrics such as CPU clock cycles per (WAVE).
operation, average computation time in milliseconds, and message Equipped vehicles with WAVE can synchronize and hand-
size in bits. We perform a simulation presenting a high-density
highway scenario for the above mentioned C-ITS standards. For shake via beacon messages which periodically share the
each standard, we evaluate the number of safety messages that vehicle’s mobility characteristics with its neighbours [2]. The
can be successfully received within 100 ms latency. We show how detected data, such as road conditions, driving status, and traf-
and to what extent the authentication overhead of latency-critical fic info, is processed and shared with vehicles using beacons
messages may impact on driver safety. Under an assumed traffic within required latency for different purposes such as collision
scenario, we show that a crash is possible, as a result of the evaluated
authentication delay. We show that the recommended algorithms avoidance. Latency defines an allowable time frame from when
with specific parameters can be a potential solution for low latency information is generated for transmission and when it is received.
safety-critical applications in a large scale scenario. Intelligent transportation system (ITS) platforms are now
Index Terms—Cryptography, VANETs broadcast authen- being established around the world. The primary advancements
tication, scalability, ECDSA, ECQV. come from United States (U.S.), Europe, and Japan [3]. Each
of these territories has defined a group of new standards that
I. INTRODUCTION specify different aspects of the C-ITS communications such as
ISTORICALLY, road vehicles were independent and Physical (PHY) and Medium Access Control (MAC) layers, data
H mostly mechanical systems. Current vehicles increasingly
use built-in networks of sensors, actuators and electronic control
structures, and security. Standards are necessary for the C-ITS
elements created by different companies to operate together.
systems. Automated highway systems and Cooperative Intelli- The Institute of Electrical and Electronics Engineers (IEEE)
gent Transportation Systems (C-ITS) are further advances that in United States, the European Telecommunications Standards
permit integration of the operations of multiple vehicles. The Institute (ETSI) in Europe, and Association of Radio Industries
and Businesses (ARIB) in Japan are well known sources with
Manuscript received June 12, 2019; accepted September 28, 2019. Date defined C-ITS standards.
of publication October 4, 2019; date of current version December 17, 2019. A significant potential advantage of V2V technology is the
The work of J. Pieprzyk was supported by the Australian Research Council capability for very low latency broadcast (point-to-multipoint)
under Grant DP180102199 and the Polish National Science Centre (Narodowe
Centrum Nauki) under Grant 2018/31/B/ST6/03003. The work of M. A. R. communications for use in hazardous situations. Most safety-
Baee was supported by the Queensland University of Technology Postgraduate critical applications have latency requirements of 100 millisec-
Research Award scholarship. The review of this article was coordinated by Dr. onds (minimum update rate of 10 hertz) in a communication
F. Bai. (Corresponding author: Mir Ali Rezazadeh Baee.)
M. A. R. Baee, L. Simpson, and E. Foo are with the School of Electrical range of 150 to 500 meters [1]. Such low latency applications
Engineering and Computer Science, Queensland University of Technology, QLD must access the communication channel with the highest priority
4000, Australia (e-mail: mirali.rezazadeh@qut.edu.au; lr.simpson@qut.edu.au; and reliability. Vehicles should process all incoming messages
e.foo@qut.edu.au).
J. Pieprzyk is with the Commonwealth Scientific and Industrial Research within the required latency before they send out a new safety
Organization, Data61, 1466 Sydney, NSW, Australia with Institute of Computer message, otherwise the system efficiency is questionable. That
Science, Polish Academy of Sciences, 01-248 Warsaw, Poland, and also with is, a vehicle needs to receive and process updated information
School of Electrical Engineering and Computer Science, Queensland University
of Technology, QLD 4000, Australia (e-mail: josef.pieprzyk@csiro.au). from surrounding vehicles within the required time-frame to
Digital Object Identifier 10.1109/TVT.2019.2945339 obtain the safety advantage of V2V technology.
0018-9545 © 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
11578 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 12, DECEMBER 2019
To keep C-ITS and Vehicular Ad-hoc Networks (VANETs) operation to be performed by a vehicle for broadcast authenti-
applications secure, mechanisms shall be provided to ensure cation. We analyze and discuss the relationship with handling
both authenticity and the integrity of the data transmitted in low latency and time-critical messages for a real world scenario
beacon messages. Authentication is a necessary feature to ensure at scale. In the final step, we identify the challenges revealed
that a legitimate VANET entity is the source of data commu- by our experimental results and provide suggestions for future
nicated [4]. It is crucial to verify message integrity to detect development.
manipulation of vehicular communications. To meet these goals, The contribution of this paper is fourfold:
the IEEE 1609.2 standard [5] describes security services for ap- 1) The cryptographic overhead of IEEE 1609.2 recom-
plications and management messages. It specifies the algorithms mended algorithms for certificate and message verification
to be used for authentication and cryptographic procedures. is theoretically and practically analyzed.
Clause 5 of the IEEE 1609.2 standard specifies use of the El- 2) By means of simulations, the number of beacons suc-
liptic Curve Digital Signature Algorithm (ECDSA) [6] specified cessfully received in the required interval (for safety-
in Federal Information Processing Standard (FIPS) 186-4 [7] critical applications) within American IEEE 1609, Euro-
to sign and verify messages. In the same clause, the standard pean ETSI ITS-G5, and Japanese ARIB STD-T109 ITS
specifies use of ECDSA or Elliptic Curve Qu-Vanstone (ECQV) standards is evaluated in a realistic traffic scenario.
[8] to ensure that a legitimate entity of VANET is the source of 3) To reduce the number of certificate validations, we apply a
data communicated. Both of the ECDSA and ECQV algorithms certificate list in our simulation scenario to check whether
rely on Elliptic Curve Cryptography (ECC), as described in [9] a received certificate is verified during last one second or
and [10]. There are several different standards covering the not. We estimate the number of certificates that can be
selection of curves to use in ECC. National Institute of Standards subject to renewal in 100 ms.
and Technology (NIST) and Brainpool Standard Curves and 4) The impact of the verification overhead on latency-critical
Curve Generation (Brainpool) are well-known examples. In applications is analyzed, evaluated, and discussed. Under
IEEE 1609.2, three elliptic curves for the cryptographic pro- an assumed traffic scenario, we show how and to what
cesses are defined: NIST P-256, BrainpoolP256r1, and Brain- extent the IEEE 1609.2 recommended authentication al-
poolP384r1 [11], [12]. These curves restrict the secret key gorithms result in delay that may impact driver safety.
size to become 256 bits for NIST P-256 and BrainpoolP256r1, We calculate vehicle displacement during authentication
and 384 bits for BrainpoolP384r1. Other standards such as the operations to determine a possible crash, as a result of the
European ETSI TS 103 097 [13] reference IEEE 1609.2 to ensure delay. Recommendations for mitigation are given.
that the connected vehicles will operate safely, securely and The manuscript is organized as follows. Section II summa-
efficiently. rizes the current C-ITS standards. In Section III, we describe the
Different vehicles may have different computing capabilities IEEE 1609.2 security standard and its recommended authentica-
to support emerging applications such as safety. In-car com- tion algorithms. Section IV overviews the related work. Section
putation is limited due to the requirements of small-scale and V explains the simulation scenarios to evaluate the performance.
low-cost hardware to make VANETs economically viable. These In Section VI, we review the metrics used in our simulation
limitations manifest in the cost-driven to secure modern vehicles application layer. Section VII provides the simulation results.
against cyber attacks, and make the complex cryptographic In Section VIII, we discuss the results, and conclusions are
procedures economically unattractive [14], [15]. Considering presented in Section IX. Please note that all the abbreviations
the limited computation resources of vehicles, the IEEE 1609.2 used throughout the paper are summarized in Table I.
recommendations for authentication should have low computa-
tional overhead such that a large number of signed messages
received in a short time period can be processed before their II. STANDARDIZATION
dedicated deadline, while other applications can be operated The IEEE 802.11p [18] is an amendment to the IEEE 802.11
normally. Wireless Local Area Network (WLAN) standard, to support
In 2011, it was determined that a typical automotive embedded vehicular communications. It has different characteristics than
processor has a clock rate of 400 MHz [16]. Currently, semi- the usual wireless communications. For example, the connection
conductor companies such as the NXP Semiconductors offer times are shorter. IEEE 802.11p protocol uses the Enhanced
a high-performance automotive single chip Dedicated Short Distributed Channel Access (EDCA) MAC sub-layer protocol
Range Communications (DSRC) modem for vehicular commu- designed based on IEEE 802.11e with some modifications. It
nictions. For example, the RoadLINK SAF5400 [17] can relay extends Orthogonal Frequency Division Multiplexing (OFDM)
up to 2000 safety message verifications per second on chip using PHY as used in IEEE 802.11a.
ECDSA with NIST curves 256 bits. That is, it can process 200 The IEEE 1609.4 standard defined the first version of WAVE
authentication request every 100 ms. protocol stack using IEEE 802.11p. The WAVE protocol [19]
The purpose of this paper is to evaluate the performance reserves bandwidth of 75 MHz (in frequency range 5.850 to
impact of applying the authentication procedures described in 5.925 GHz) to use in the U.S. DSRC spectrum band, known
IEEE 1609.2 for each of the three different C-ITS standards. We as Intelligent Transportation Systems Radio Service (ITS-RS).
investigate message size, and determine the average computation The 75 MHz band includes one central Control Channel (CCH)
time and the number of CPU clock cycles per cryptographic and six Service Channels (SCH).
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
BAEE et al.: BROADCAST AUTHENTICATION IN LATENCY-CRITICAL APPLICATIONS: ON THE EFFICIENCY OF IEEE 1609.2 11579
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
11580 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 12, DECEMBER 2019
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
BAEE et al.: BROADCAST AUTHENTICATION IN LATENCY-CRITICAL APPLICATIONS: ON THE EFFICIENCY OF IEEE 1609.2 11581
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
11582 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 12, DECEMBER 2019
instructions the processor can execute per second. Clock T otaldV erif y = u × TV erif y(i) . (8)
cycles are useful, because we can more fairly compare i=1
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
BAEE et al.: BROADCAST AUTHENTICATION IN LATENCY-CRITICAL APPLICATIONS: ON THE EFFICIENCY OF IEEE 1609.2 11583
TABLE III
ECC PERFORMANCE (ECDSA SIGNATURE GENERATION/VERIFICATION AND ECQV CERTIFICATE VERIFICATION OPERATIONS, SINGLE CORE)
The curves NIST P-256, BrainpoolP256r1, and BrainpoolP384r1 are shown as P-256, P256r1, and P384r1 respectively.
TABLE IV
ECC OVERHEAD ON PACKET SIZE (ECC PUBLIC KEY, ECDSA SIGNATURE, AND ECQV PUBLIC KEY RECONSTRUCTION DATA)
The curves NIST P-256, BrainpoolP256r1, and BrainpoolP384r1 are shown as P-256, P256r1, and P384r1 respectively.
Fig. 2. Number of received beacons by vehicle v in the three different C-ITS Fig. 3. Total traveled distance by vehicle v during ECDSA verification using
standards. the three different curves.
of authentication on packet size, the average computation time beacon, a vehicle v passes distance dV erif y . Figs. 3 and 4 show
for signing/verifying, the number of received beacons in every distance traveled T otaldV erif y (in meters) during verification
100 ms for three different C-ITS standards, the number of of Nb beacons from Nv vehicles in communication range, when
renewed certificates in latency, and total distance traveled during vehicle speed u = 1 m/s.
verification that may impact on driver safety. The ECC operations over different curves have different
First, we investigated the number of clock cycles for ECC computation times. The sum of all computation times for both
digital signature generation/verification and ECQV certificate vehicles results an extra delay, which will be added to the driver’s
verification operations (Table III). We practically estimated the reaction time and gives total delay as follows:
cryptographic overhead of ECDSA and ECQV algorithms on
packet size (Table IV).
Nb
T otalDelay = 2 TV erif y(M i) + TV erif y(Ci)
Secondly, we calculated the average number of genera-
i=1
tions/verifications per second by continuously call to signature
generation/validation and ECQV certificate verification func- + TReaction .
tions during one-second. We also evaluated the execution time
for each single run. Table III lists the results of our first and Let t be the time in seconds from when vA brakes. We measure
second evaluation metrics. distance in meters, and take xB (t) to be the position of the front
For the third investigation, we estimated the number of certifi- of vB at time t, where the position of the back of vA at time t is
cates that need to be verified in latency. Results show that up to xA (t). Fig. 6 shows the situation at time t = 0. For vehicle speed
167 certificates can be subject to renewal, and must be validated of u = 30 m/s (108 Km/h), inter-vehicle space Gap = 30 m, and
again in every 100 ms. deceleration value a = 9 m/s2 , we have:
Lastly, we estimated the number of beacons received in every
1000
100 ms by a vehicle v, which is moving in the middle of highway u= × 108 = 30 m/s.
(Fig. 2). During signature/certificate validation of each received 3600
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
11584 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 12, DECEMBER 2019
Fig. 4. Total traveled distance by vehicle v during ECQV verification using the three different curves.
VIII. DISCUSSION
Enabling safety-critical applications in VANETs requires ex-
tensive beaconing exchange between vehicles. Our performance
comparison demonstrates that the maximum number of beacons
received by vehicle v under the application of Japanese ARIB
Fig. 6. Scenario at time t = 0. STD-T109 standard is 222 beacons per 100 ms, many more than
the American IEEE 1609 and European ETSI ITS-G5 standards,
The velocity and position of the back of vA at time t is given by: with 158 and 154 beacons respectively. Processing a greater
number of beacons has obvious benefits for safety applica-
9 tions. The U.S./European IEEE 802.11p suffer much more from
uA (t) = 30 − 9t, xA (t) = 30t − t2 + Gap, shadow fading comparing to Japanese ARIB STD-T109 due to
2
differences in terms of physical layer (5.9 GHz vs. 700 MHz
and the velocity and position of the front of vB at time t is given band), as well as their very different MAC characteristics [33].
by: Therefore, we consider the upper bound to be 222 beacons for
our calculations.
⎧
⎨30, Our results have shown that care is needed when using the
if t ≤ T otalDelay
uB (t) = algorithms recommended by IEEE 1609.2 for authentication of
⎩30 − 9 (t − T otal
Delay ) , if t > T otalDelay , the high amount of received beacons. The verification results in
⎧ a delay in driver notification and allows insufficient driver re-
⎨30t, if t ≤ T otalDelay action time, resulting in potential collisions and serious injuries
xB (t) = (assuming the driver does not react independently). According
⎩30t − 9 (t − T otal 2
2 Delay ) , if t > T otalDelay . to experimental measurements studied in [48], 2% and 5% of
the drivers have thinking times of 0.36 s and 0.43 s respectively,
We solve the equation xA (t) and xB (t) to find any possible which are very close to the T otalDelay calculated in our study.
crash, where vB runs into vA at time t due to verification For a scenario where a driver is relying completely on the safety
overhead of Nb = 222 beacons (upper bound). Fig. 5 shows messages to react on-time, the verification time must be less than
position and speed of vB at accident time. driver reaction time.
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
BAEE et al.: BROADCAST AUTHENTICATION IN LATENCY-CRITICAL APPLICATIONS: ON THE EFFICIENCY OF IEEE 1609.2 11585
The RoadLINK SAF5400 [17] can process up to 200 authen- investigation of ECDSA and EVQV, we used three different
tication request every 100 ms on chip using ECDSA with NIST curves including, NIST P-256, BrainpoolP256r1, and Brain-
curves 256 bits. The upper bound of the received beacons (222 poolP384r1. In addition, we performed a simulation presenting
beacons) in our simulation scenario shows that any possible a high-density highway scenario for three different C-ITS stan-
solution should address verification of 222 messages and 222 dards including IEEE 1609, ETSI ITS-G5, and ARIB STD-T109
certificates: a total of 444 verifications to be performed every to evaluate the number of received beacons within 100 ms
100 ms. Thus, vehicles need faster processors by more than a latency. We generated safety messages in accordance with the re-
factor of two to handle the scenario simulated in this study. lated C-ITS standard. We showed how and to what extent the in-
There are efficient software implementations of public key clusion of IEEE 1609.2 recommended authentication algorithms
signature systems that significantly reduce the computation affects driver reaction time. Finally, we determined whether the
overhead of authentication procedures. One widely used public evaluated authentication delay could result in insufficient time
key high-speed signature scheme is Ed25519 [50]. It is a specific for a driver to receive an alert and react, resulting in a crash. We
instance of the EdDSA family of signature schemes, and speci- showed that using ECDSA and ECQV together over NIST P-256
fied in RFC 8032 [51]. The designers of Ed25519 signature claim curve while verifying certificates after every specific period can
that their scheme beats almost all of the signature generation be a potential solution for low latency safety-critical applications
and verification times by more than a factor of two. The scheme in the above mentioned scenario based on current standard. We
takes only 273364 cycles to verify a signature on Intel’s widely also recommend amendment of faster signature schemes such
deployed Nehalem/Westmere lines of CPUs, approximately as the Ed25519 in IEEE 1609.2 standard to use in vehicular
three times faster than ECDSA signature verification over NIST communications.
P-256 with 715460 cycles measured and evaluated in this study.
Therefore, we strongly recommend amendment to include this REFERENCES
signature scheme in IEEE 1609.2 standard for use in vehicular
[1] “Vehicle safety communications project: Task 3 final report - identify
communications. intelligent vehicle safety applications enabled by DSRC,” Nat. Highway
Results show that if we apply a certificate list to reduce the Traffic Safety Admin. - U. S. Dept. Transp. (USDOT), Tech. Rep. DOT
number of certificate validations, up to 167 certificates (out HS 809 859, Mar. 2005.
[2] K. Z. Ghafoor, J. Lloret, K. A. Bakar, A. S. Sadiq, and S. A. B. Mussa,
of 222 certificates) can be subject to renewal, in 100 ms. A “Beaconing approaches in vehicular ad hoc networks: A survey,” Wireless
check must be performed to determine whether a certificate was Pers. Commun., vol. 73, pp. 885–912, Dec. 2013.
validated in the last one second or not. For each of these 167 [3] M. Annoni and B. Williams, The History of Vehicular Networks. Cham,
Switzerland: Springer International Publishing, 2015, pp. 3–21.
certificates, an extra computation. Note that this extra checking [4] M. Raya and J.-P. Hubaux, “Securing vehicular ad hoc networks,” J.
time during verification process extends the drivers reaction Comput. Secur., vol. 15, pp. 39–68, Jan. 2007.
time. [5] IEEE Standard for Wireless Access in Vehicular Environments–Security
Services for Applications and Management Messages - Amendment
VANETs are highly dynamic environments and vehicles peri- 1, IEEE Std 1609.2a-2017 (Amendment to IEEE Std 1609.2-2016),
odically join and leave highways using enter and exit ways. The pp. 1–123, Oct. 2017.
distance between vehicles continuously changes and they join [6] D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital
signature algorithm (ECDSA),” Int. J. Inform. Secur., vol. 1, pp. 36–63,
different networks unpredictably. Thus, verifying certificates Aug. 2001.
after a specific period (such as one second) alone is not enough. [7] Federal Information Processing Standard (FIPS) 186-4, National Institute
Results show that in terms of efficiency, the ECDSA and of Science and Technology, Jul. 2013.
[8] Standards for Efficient Cryptography Group (secg), Sec4 Elliptic
ECQV are good mix for ensuring authenticity and integrity Curve Qu-vanstone Implicit Certificate Scheme (ECQV). v1.0, Jan.
where they use NIST P-256 curve comparing to Brain- 2013.
poolP256r1 and BrainpoolP384r1 curves which are computa- [9] N. Koblitz, “Elliptic curve cryptosystems,” Math. Comput., vol. 48,
pp. 203–209, 1987.
tionally heavy for a resource constrained device. [10] V. S. Miller, “Use of elliptic curves in cryptography,” in Proc. Ad-
vances in Cryptology, Berlin, Heidelberg, pp. 417–426, Springer-Verlag,
1986.
IX. CONCLUSION [11] S. Turner, D. Brown, K. Yiu, R. Housley, and T. Polk, Elliptic Curve
Cryptography Subject Public Key Information, RFC 5480, RFC Editor,
C-ITS uses ICT intelligently with the potential to increase Mar. 2009.
road safety and reduce the number of accidents. For security, [12] M. Lochter and J. Merkle, Elliptic Curve Cryptography ECC Brainpool
Standard Curves and Curve Generation, RFC 5639, RFC Editor, Mar.
the IEEE 1609.2 standard recommends ECDSA and ECQV 2010.
authentication algorithms to ensure authenticity and integrity [13] Intelligent Transport Systems (ITS); Security; Security Header and Cer-
of received messages. Most latency-critical applications have tificate Formats, Standard ETSI TS 103 097 V1.3.1, European Telecom-
munications Standards Institute, Oct. 2017.
beaconing update rate of 100 ms. Vehicles should validate all [14] K. Han, A. Weimerskirch, and K. G. Shin, “Automotive cybersecurity
the received beacons within latency, before reaching their next for in-vehicle communication,” IQT QUARTERLY, vol. 6, pp. 22–25,
beaconning event. As these authentication mechanisms rely 2014.
[15] J. Siegel, D. Erb, and S. Sarma, “Algorithms and architectures: A case
on mathematical equations, performance of V2V communi- study in when, where and how to connect vehicles,” IEEE Intell. Transp.
cations and safety-critical applications drops significantly, as Syst. Mag., vol. 10, no. 1, pp. 74–87, Jan. 2018.
vehicle numbers increase. In this paper, we investigated the CPU [16] T. Schütze, “Automotive security: Cryptography for car2X communica-
tion,” in Proc. Embedded World Conf., 2011, vol. 3, pp. 4–24.
RDTSC and average computation time for ECDSA signature [17] “NXP Semiconductors; RoadLINK SAF5400 single chip modem.” Ac-
generation/verification, and ECQV certificate validation. During cessed: Aug. 10, 2018. https://www.nxp.com
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
11586 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 68, NO. 12, DECEMBER 2019
[18] IEEE Standard for Information Technology– Local and Metropolitan Area [44] Intelligent Transport Systems (ITS); Vehicular Communications; Basic
Networks– Specific Requirements– Part 11: Wireless Lan Medium Access Set of Applications; Part 2: Specification of Cooperative Awareness Basic
Control (MAC) and Physical Layer (PHY) Specifications Amendment Service, Standard ETSI EN 302 637-2, European Telecommunications
6: Wireless Access in Vehicular Environments, IEEE Std 802.11p-2010 Standards Institute, Sep. 2014.
(Amendment to IEEE Std 802.11-2007), pp. 1–51, Jul. 2010. [45] IEEE Standard for Information Technology–Telecommunications and
[19] R. A. Uzcategui, A. J. D. Sucre, and G. Acosta-Marum, “Wave: A tutorial,” Information Exchange Between Systems Local and Metropolitan Area
IEEE Commun. Mag., vol. 47, no. 5, pp. 126–133, May 2009. Networks–Specific Requirements - Part 11: Wireless Lan Medium Ac-
[20] Intelligent Transport Systems (ITS); European Profile Standard for the cess Control (MAC) and Physical Layer (PHY) Specifications, IEEE Std
Physical and Medium Access Control Layer of Intelligent Transport Sys- 802.11-2016 (Revision of IEEE Std 802.11-2012), pp. 1–3534, Dec. 2016.
tems Operating in the 5 GHz Frequency Band, Standard ETSI - ES 202 [46] G. S. Tian, Y. C. Tian, and C. Fidge, “High-precision relative clock
663, European Telecommunications Standards Institute, Jan. 2010. synchronization using time stamp counters,” in Proc. 13th IEEE Int. Conf.
[21] 700 MHz Band Intelligent Transport Systems, Standard ARIB STD-T109, Eng. Complex Comput. Syst.), Mar. 2008, pp. 69–78.
Association of Radio Industries and Businesses, Jul. 2017. [47] J. Viega and M. Messier, Secure Programming Cookbook for C and
[22] “Federal Information Processing Standard (FIPS) 180-4, National Insti- C++: Recipes for Cryptography, Authentication, Input Validation & More.
tute of Science and Technology, Aug. 2015. O’Reilly Media, 2003.
[23] I. F. Blake, G. Seroussi, and N. P. Smart, Elliptic Curves in Cryptography. [48] W. Hugemann, “Driver reaction times in road traffic,” in Proc. Eur. Assoc.
New York, NY, USA: Cambridge Univ. Press, 1999. Accident Res. Anal. Annu. Conv., Portoro, Slovenija, September 2002.
[24] J. H. Silverman, The Arithmetic of Elliptic Curves, vol. 106. New York, [49] R. Stephenson, “Constant power equations of motion,” Amer. J. Phys.,
NY, USA: Springer Science & Business Media, 2009. vol. 50, no. 12, pp. 1150–1155, 1982.
[25] S. S. Kumar, “Elliptic curve cryptography for constrained devices,” Ph.D. [50] D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang, “High-
dissertation, Ruhr Univ. Bochum, Bochum, Germany, 2006. speed high-security signatures,” J. Cryptographic Eng., vol. 2, pp. 77–89,
[26] P. Dr and C. Meinel, “Digital signatures for automobiles?!,” Mar. 2002. Sep. 2012.
[27] P. Papadimitratos et al., “Secure vehicular communication systems: design [51] S. Josefsson and I. Liusvaara, “RFC 8032: Edwards-curve digital signature
and architecture,” IEEE Commun. Mag., vol. 46, no. 11, pp. 100–109, algorithm (EdDSA),” Request Comments, IETF, Jan. 2017.
Nov. 2008.
[28] M. Raya and J.-P. Hubaux, “The security of vehicular ad hoc networks,”
in Proc. 3rd ACM Workshop Secur. Ad Hoc Sensor Netw. New York, NY,
USA: ACM, 2005, pp. 11–21.
[29] J. Petit, “Analysis of ecdsa authentication processing in vanets,” in Proc.
3rd Int. Conf. New Technol., Mobility Secur., Dec. 2009, pp. 1–5.
[30] J. Petit and Z. Mammeri, “Analysis of authentication overhead in vehicular
networks,” in Proc. Wireless Mobile Netw. Conf, Oct. 2010, pp. 1–6.
[31] J. Petit and Z. Mammeri, “Authentication and consensus overhead in
vehicular ad hoc networks,” Telecommun. Syst., vol. 52, pp. 2699–2712,
Apr. 2013.
Mir Ali Rezazadeh Baee received the B.Sc. de-
[32] G. Calandriello, P. Papadimitratos, J. P. Hubaux, and A. Lioy, “On
gree in computer software engineering from the
the performance of secure vehicular communication systems,” IEEE
Mazandaran University of Science and Technology,
Trans. Dependable Secure Comput., vol. 8, no. 6, pp. 898–912, Nov.
Babol, Mazandaran, Iran, in 2010, and the M.Sc.
2011.
degree in computer science information security from
[33] J. Heinovski, F. Klingler, F. Dressler, and C. Sommer, “Performance
the Universiti Teknologi Malaysia, Skudai, Johor,
comparison of IEEE 802.11p and ARIB STD-T109,” in Proc. IEEE Veh.
Malaysia, in 2014. He is a Sessional Academic
Netw. Conf., Dec. 2016, pp. 1–8.
and Doctoral Candidate, designing authentication
[34] C. Sommer, Z. Yao, R. German, and F. Dressler, “Simulating the influence
and key-management protocols for secure vehicular
of IVC on road traffic using bidirectionally coupled simulators,” in Proc.
communications at the Information Security Disci-
IEEE Comput. Commun. Workshops, INFOCOM Workshops, Apr. 2008,
pline, Queensland University of Technology, Bris-
pp. 1–6.
bane, QLD, Australia. He has over 15 years of experience working in computer
[35] A. Varga, “The omnet++ discrete event simulation system,” in Proc. Eur.
science. His research interests include applied cryptography, complexity and
Simulation Multiconference, 2001.
performance evaluation, network security, and privacy.
[36] D. Krajzewicz, J. Erdmann, M. Behrisch, and L. Bieker, “Recent devel-
opment and applications of SUMO - Simulation of Urban MObility,” Int.
J. Adv. Syst. Meas., vol. 5, pp. 128–138, Dec. 2012.
[37] D. Eckhoff, C. Sommer, and F. Dressler, “On the necessity of
accurate IEEE 802.11p models for IVC protocol simulation,” in
Proc. 75th IEEE Veh. Technol. Conf., Yokohama, Japan, May 2012,
pp. 1–5,.
[38] N. Kudarauskas, “Analysis of emergency braking of a vehicle,” Transport,
vol. 22, no. 3, pp. 154–159, 2007.
[39] The OpenSSL Project, “OpenSSL: The open source toolkit for SSL/TLS.”
www.openssl.org, Apr. 2003.
[40] D. Eckhoff and C. Sommer, “A multi-channel IEEE 1609.4 and 802.11p
EDCA model for the veins framework,” in Proc. 5th ACM/ICST Int. Conf. Leonie Simpson is a Senior Lecturer and Informa-
Simul. Tools Techn. Commun., Netw. Syst. (SIMUTools): 5th ACM/ICST tion Security Researcher at the Information Security
Int. Workshop OMNeT++ (OMNeT++ 2012), Poster Session, Desenzano, Discipline, Queensland University of Technology,
Italy, ACM, Mar. 2012. Brisbane, QLD, Australia. She has been involved in
[41] “Vehicle safety communications applications (VSC-A) final report: Ap- information security research for over 20 years. Her
pendix volume 3 security,” Tech. Rep. DOT HS 811 492D, Nat. High- main research interests include symmetric cryptol-
way Traffic Safety Admin. - U. S. Dept. Transp. (USDOT), Sep. ogy, widely used for data protection. She has exten-
2011. sive experience analysing cryptographic algorithms
[42] Intelligent Transport Systems (ITS); Vehicular Communications; Basic and finding weaknesses that reduce the security pro-
Set of Applications; Definitions, Standard ETSI TR 102 638, European vided. She has applied her knowledge of design flaws
Telecommunications Standards Institute, Jun. 2009. in algorithms to help develop more secure ciphers,
[43] Intelligent Transport Systems (ITS); STDMA Recommended Parameters working in teams with Australian and international researchers. She currently
and Settings for Cooperative ITS; Access Layer Part, Standard ETSI TR studies efficient encryption methods for use in securing data transmissions
102 861, European Telecommunications Standards Institute, Jan. 2012. between small, low-power devices in the rapidly growing Internet of Things.
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.
BAEE et al.: BROADCAST AUTHENTICATION IN LATENCY-CRITICAL APPLICATIONS: ON THE EFFICIENCY OF IEEE 1609.2 11587
Ernest Foo received the Ph.D. degree from the Josef Pieprzyk is a Senior Principal Research
Queensland University of Technology, Brisbane, Scientist with the Commonwealth Scientific and
QLD, Australia, in 2000. He is an Associate Profes- Industrial Research Organization, Data61, Sydney,
sor with School of Information and Communication NSW, Australia, a Professor with Institute of Com-
Technology, the Griffith University, Brisbane, QLD, puter Science, Polish Academy of Sciences, and an
Australia. From 2007 to 2019, he has been a Senior Adjunct Professor with the Queensland University
Lecturer and Researcher at the Information Security of Technology, Brisbane, QLD, Australia. His main
Discipline, Queensland University of Technology, research interests include cryptology and information
Brisbane, QLD, Australia. His research interests can security. He has authored or coauthored five books,
be broadly grouped into the field of secure network edited ten books (conference proceedings), six book
protocols with an active interest in the security of chapters, and more than 300 papers in refereed jour-
industrial controls systems employing machine learning and data mining as nals and refereed international conferences. He is a member of the editorial
well as cryptographic protocols and network simulations. He has authored or boards for International Journal of Information Security (Springer), Journal
coauthored over 90 refereed papers including 20 journal papers. of Mathematical Cryptology (De Gruyter), Open Access Journal of Cryptog-
raphy (MDPI), International Journal of Applied Cryptography (Inderscience
Publishers), Fundamenta Informaticae (IOS Press), International Journal of
Security and Networks (Inderscience Publishers), and International Journal of
Information and Computer Security (Inderscience Publishers).
Authorized licensed use limited to: Technische Hochschule Ingolstadt. Downloaded on April 27,2022 at 08:11:33 UTC from IEEE Xplore. Restrictions apply.