WIRELESS COMMUNICATIONS AND MOBILE COMPUTING

Wirel. Commun. Mob. Comput. 2016; 16:643–655

Published online 19 November 2014 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/wcm.2558

RESEARCH ARTICLE

Privacy-preserving authentication schemes for

vehicular ad hoc networks: a survey
Huang Lu1 and Jie Li2*
1
Yokohama Research Laboratory, Hitachi, Ltd.,Yokohama, Kanagawa, 244-0817, Japan
2
Faculty of Engineering, Information and Systems, University of Tsukuba, Tsukuba Science City, Ibaraki, 305-8573, Japan

ABSTRACT
Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security
is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter-
vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of
the private information and the attacks on their privacy. There is a number of research work focusing on providing the
anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the
privacy-preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA
schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a
comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and
future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.
KEYWORDS
vehicular ad hoc network; survey; authentication scheme; privacy preservation; key cryptography
*Correspondence
Jie Li, Faculty of Engineering, Information and Systems, University of Tsukuba, Tsukuba Science City, Ibaraki, 305-8573, Japan.
E-mail: lijie@cs.tsukuba.ac.jp

1. INTRODUCTION  Delay constraint is strict in the VANET commu-

A vehicular ad hoc network (VANET) is a mobile net-
work that employs moving vehicles as nodes to provide
communications among vehicles and nearby fixed road-
side units (RSUs) [1]. A VANET is similar to a mobile
ad hoc network (MANET), which turns every participating
vehicle into a wireless router or node and allows vehicles
in an approximately 300-m range to discover and connect
with each other [2,3]. A VANET is distinguished from
MANETs for the points as follows.
 Because of high speed movement of vehicles and fre-
quently disconnected network caused by high speed
movement, a VANET has highly dynamic topologies.
 Vehicular nodes in a VANET have sufficient energy
and storage for communication, and the vehicles have
longer transmission range compared with the ones
in MANETs.
 VANETs are subject to geographical type of com-
munication with mobility modeling and prediction on
predefined roads.
nication; for example, in collision avoidance and
life-critical-related situations.
As mobile wireless devices and wireless networks become
increasingly influential in recent years, the demand for
vehicle-to-vehicle (V2V) communication and vehicle-to-
RSU (V2R) communication increases continuously.
Vehicular ad hoc networks are utilized for a broad range
of safety applications (such as collision warnings and traf-
fic information) and non-safety applications (such as road
navigation and mobile infotainment). Because of the pos-
sibility of accidents and life-critical situations, the secure
exchange of information among vehicles is essential [4].
Security issues have received a great attention in VANETs.
Authentication is a crucial security service for VANETs
in both inter-vehicle and vehicle–RSU communication. On
the other hand, vehicles/drivers have to be protected from
the misuse of their private information and the attacks on
their privacy, where they are capable of being investigated
from accidents or liabilities. Especially, the safety applica-
tions require a strong mutual authentication, because most
of the safety-related messages may contain life-critical
information [5]. Thus, privacy-preserving authentication

Copyright © 2014 John Wiley & Sons, Ltd. 643

Privacy-preserving authentication schemes for VANETs: a survey
Figure 1. An illustration of VANET architecture.
(PPA) is required for routing and secure communications in
VANETs, which prevents malicious vehicles from abusing
anonymous authentication techniques to achieve malicious
goals or escape from their liabilities.
In this paper, different from general security solutions,
we specifically provide a survey on the PPA schemes pro-
posed for VANETs, by emphasizing classifications of the
existing literature, developing a perspective on PPA, and
evaluating trends. So far, many PPA schemes have been
proposed for VANETs in the literature in recent years; for
example, [6–12]. We investigate and summarize the char-
acteristics of PPA, and categorize the existing PPA schemes
by their key cryptographies and the mechanisms of pri-
vacy preservation. Furthermore, we address the open issues
and challenges for PPA to promote further research under
this topic and to help vehicular industry develop/adopt the
appropriate PPA schemes for practical use.
The rest parts of this survey are organized as follows.
Section 2 introduces the network architecture and issues
of PPA, as well as provides the attack models against
PPA and the objectives of designing the PPA schemes in
VANETs. Section 3 categorizes the existing solutions of
the PPA schemes in VANETs, by investigating the authen-
tication key cryptographies and the privacy preservation
mechanisms, respectively. In Section 4, several relatively
representative PPA schemes are reviewed with the high-
lighted motivation and overview. Furthermore, a general
comparative summary of the existing PPA schemes is
given for the various approaches discussed in Section 3.
Section 5 points out the open issues and challenges for the
future research in PPA for VANETs. Section 6 concludes
this paper.
644 Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
H. Lu and J. Li
2. VANET ARCHITECTURE,
REQUIREMENTS, AND OBJECTIVES
OF PPA
This section describes the fundamental network architec-
ture and components in the PPA schemes for VANETs.
The potential threats to authentication and vehicle pri-
vacy, as well as the objectives of PPA for VANETs, are
introduced afterwards.
2.1. VANET architecture
A VANET with guaranteed security basically consists of
three network components as shown in Figure 1: vehicles
(users), RSUs, and regional trusted authorities (RTAs). A
user can be a vehicle or its driver; even the passengers of
the vehicle could be users. In order to achieve physical
level security, usually, vehicles in a VANET are equipped
with tamper-resistant trusted components or tamper-proof
device [13]. RSUs are immobile and act as gateways to
a VANET, which enables vehicles to establish connec-
tions with the outside networks [14]. Conventionally, the
VANET is separated into different regions (e.g., states or
provinces), and an RTA is assumed to be assigned in an
individual region. The RTA is a trusted party in a VANET
for security, which provides an authenticated recognition
to each vehicle in the network and is queried for investiga-
tion in case of any disputes in the network. The RSUs assist
the RTA in queries for discovering, connecting, and revok-
ing vehicles and in tracking the real identities of vehicles
[15]. In most of the PPA schemes for VANETs, the main
functions of an RTA are as follows.
 An RTA acts as a certificate authority (CA), who gen-
erates cryptographic keys and domain parameters for
DOI: 10.1002/wcm
H. Lu and J. Li
the RSUs and vehicles for mutual authentication in
its region, and delivers these keys to them over secure
channels. Upon the similar responsibilities, the CA
may have different names in the various existing PPA
schemes, such as the membership manager (MM) [6]
and the Motor Vehicles Division (MVD) [9].
 It manages a list of the vehicles of which participa-
tions have been revoked, updates the list periodically,
and advertises the list to the network to isolate the
compromised vehicles.
 If a message sent by a vehicle creates a problem on the
road, the RTA is responsible for tracing and identify-
ing the source of the message to resolve the dispute.
The wireless communication in VANETs is classified
mainly into V2R communication and V2V communica-
tion. Other communications are usually assumed to be
secure in the existing PPA schemes through secure chan-
nels, such as inter-RSU communication and RSU–RTA
communication.
2.2. Authentication and privacy
requirements
The desired secure and trustful data exchange plays a cru-
cial role in data communication, which must be satisfied
with several security requirements. It is essential to ensure
the data accuracy during communication in VANETs,
because the exchanged data may affect driving and vehic-
ular movements that related to user safety. Issues and
their attack models against PPA are introduced in the next
section. Authentication and privacy preservation are essen-
tial to effective security, which may sometimes conflict
with each other. Because access control is generally based
on the identities of users, a desired user authentication
should not violate the privacy requirement of its identity.
According to the previous point of view, it is desir-
able to identify all the vehicles in a VANET and preserve
their privacy at first. Thus, it is necessary to authenticate
the vehicles, which are about to establish communication
in the VANET, to assure authenticity. Meanwhile, it is
required to discover the specific vehicles, which delivered
messages and have to undertake the corresponding respon-
sibility. A desired VANET fulfills the requirements of both
authentication and privacy preservation at the same time.
Based on Standler [16], we provide the definition of PPA
for VANETs in the succeeding text.
Definition 1. In VANETs, PPA is any process, by which
a system verifies the approved identity of a user (vehicle)
that wishes to access it, whereas its confidential private
information related to the user of reasonable sensitivities
will not be disclosed.
This definition describes the basic demand on the
requirements of conditional privacy preservation and
traceability in PPA, in which the confidential user
information managed in a private place will not be dis-
Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/wcm
Privacy-preserving authentication schemes for VANETs: a survey
closed to the third parties without the legal permissions.
There exist many researches in the literature focusing on
the commitment of the requirements in PPA. We study the
related work in the next section, and their objectives are
to provide required conditional privacy by using trustful
electronic credentials instead of real identities.
2.3. Attacks on authentication and privacy
Once the V2R or V2V communication has been estab-
lished for VANETs, many attacks can compromise the
wireless communication channels. Thus, mechanisms
resisting these attacks are required in PPA for VANETs.
In this section, we investigate the attacks on authentica-
tion and privacy preservation, respectively. We also explain
how they can be triggered and the potential consequences.
Attacks on authentication: There are two following
attacks related to authentication in VANETs [17].
(i) Impersonation attack: The attacker pretends to be
other entities. This attack can be performed by
stealing other vehicular entities’ credentials. As a
consequence, some warnings sent to a specific entity
would be sent to an undesired one.
(ii) Sybil attack: The attacker uses different identities
at the same time. In this way, for example, a sin-
gle attacker could pretend vehicles to report the
existence of a false bottleneck in traffic.
Attacks on privacy: Attacks on privacy over VANETs
are related to illegally gathering the sensitive information
about vehicles [17]. As there is a relation between a vehi-
cle and its driver, the exposure of a vehicle’s sensitive
information/situation could affect its driver privacy.
(i) Identity revealing attack: Getting the owner’s iden-
tity of a given vehicle could put its privacy at risk.
Usually, a vehicle’s owner is also its driver, so
it would simplify getting personal data about that
person.
(ii) Location tracking attack: The location of a vehicle
in a given moment or the path followed during a
period is considered as personal data. It allows the
attacker to build the vehicle’s profile and, therefore,
tracking its driver.
Mechanisms resisting the attacks described earlier are
required in PPA for VANETs, where they must satisfy the
trade-off between privacy and traceability.
2.4. Objectives of PPA
The primary objective of PPA is providing mutual authen-
tication among vehicles in VANETs. However, the access
of authentication may lead to exposing the information of
vehicles or drivers, such as location, user IDs, and driving
patterns, which is an important interference to driver pri-
vacy. Therefore, it is essential to preserve driver privacy in
645
Privacy-preserving authentication schemes for VANETs: a survey
the access control of authentication. Another crucial goal
in PPA is guaranteeing the real-time constraint in VANETs,
which is related to the delay overhead introduced in PPA
process. Besides authentication and privacy preservation,
some other objectives are considered and preferred in the
existing work for the effective and efficient PPA. In this
survey, we incorporate the common objectives in the exist-
ing PPA schemes and focus on the following points in the
PPA schemes for VANETs.
 Anonymity: Anonymity is to achieve user privacy
in VANETs. Individual users (vehicles or drivers)
should be protected against passive attacks from
unauthorized observations; that is, eavesdropping
on communication.
 Non-repudiation: In VANETs, non-repudiation is
related to a fact that if a vehicle sends a message, the
vehicle cannot deny that the message was sent by it.
Conventionally, by producing digital signatures for a
message, the entity cannot later deny the message.
 Time constraint: Because of the high mobil-
ity of vehicular movement, strict time constraint
is required in VANETs, which means that the
lower the delay overhead, the more efficient the
timely communication.
 System independency: Because of the possibility of
infrastructure unavailability in VANETs, including
RSUs and RTAs, the desired PPA schemes should not
query and access infrastructures so frequently.
 Availability: The solution of a new PPA scheme
is desired neither to overload the communication
and computation ability of a VANET nor to largely
increase the network throughput. Meanwhile, the PPA
scheme should not induce new threats to the primitive
VANET system.
3. CLASSIFICATION OF THE
PPA SCHEMES
There is a number of research work related to PPA in
VANETs during the last decade. Because the particular
actual identities of vehicles are confidential for privacy
preservation in PPA, authentication is generally based
on the encryption/decryption technologies. Thus, in this
section, we categorize the PPA schemes by authentication
key cryptographies and privacy preservation mechanisms
respectively as follows.
3.1. Categorization on authentication
The common objectives of these PPA schemes are to lower
communication overhead, preserve node anonymity, iso-
late the misbehaving nodes, and non-repudiation. In this
survey, according to the key cryptographies applied for
authentication in VANETs, we can categorize the existing
PPA schemes as follows.
646 Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
H. Lu and J. Li
(i) Symmetric-key-based authentication (SKBA)
schemes: The SKBA schemes use symmetric key
cryptographies for message authentication, such as
in [7] and [18]. In conventional SKBA schemes,
each node uses its own key or a shared group
key for creating/verifying message authentication
codes (MACs).
(ii) Asymmetric-key-based authentication (AKBA)
schemes: The AKBA schemes use public key
cryptographies or digital signatures for sign-
ing/verification in authentication. The public/private
key pair can be the group-based public key with
multiple corresponding private keys or the node’s
own public key with the individual private key for
the digital signature. Meanwhile, according to the
probability and frequency of infrastructure access
(e.g., RSUs and RTAs), we can further categorize
AKBA schemes as follows.
 Public-key-infrastructure-based (PKI-based) authen-
tication schemes: The PKI-based schemes require
infrastructure access frequently to verify certificates,
revoke keys, or gather new keys, such as in [6]
and [19]. Conventional PKI-based schemes require
additional communication to manage the certificate
revocation lists, which causes heavy overheads.
 Identity-based (ID-based) authentication schemes:
the ID-based schemes have been proposed to reduce
communication overheads by using ID-based cryp-
tosystems in authentication, such as in [20] and [9].
Conventional ID-based schemes simplify the certifi-
cate management process by using the vehicle’s iden-
tity in signing and verification of digital signatures.
3.2. Categorization on privacy preservation
In VANETs, vehicles usually do not want their private
information such as name, position, moving routes, and
user data to be revealed against illegal tracing and user pro-
filing. Thus, the authorization of the third parties, anony-
mous communications, or the anonymity of user identities
should be supported to preserve privacy in VANETs [21].
On the other hand, when traffic accidents or certain crimes
occur, vehicle anonymity should be conditional and the
identity information has to be revealed by the legal author-
ity to establish the liability of accidents or crimes, which is
so-called conditional privacy [4]. In this survey, according
to the different mechanisms applied for privacy preserva-
tion in VANETs, we categorize the mechanisms for privacy
preservation as follows.
(i) Authorization-based privacy preservation (ABPP):
The mechanisms used in ABPP usually apply
anonymous key management to preserve privacy
in authentication, such as in [22] and [23].
Anonymous key pairs, which do not contain any
information of vehicle IDs, are certificated by the
RTA or CA. In this way, the relationship between the
DOI: 10.1002/wcm
H. Lu and J. Li
anonymous key pairs and the actual vehicle iden-
tity cannot be discovered by a third party without a
special authorization. Normally, a vehicle will man-
age a set of anonymous keys to prevent tracking.
The key point in ABPP is the distribution of autho-
rized materials among authorities, where authorities
access the database of key management and match
anonymous key pairs with the real vehicle identities.
(ii) Pseudonym-based privacy preservation (PBPP):
The usage of pseudonyms to achieve vehicle
anonymity is a superior solution for privacy preser-
vation to PPA [5], which intimately links a real-
world ID to the corresponding pseudonyms, such
as in [20] and [24]. The pseudonym may be gener-
ated by RSUs, RTAs, the vehicle itself, or even can
be downloaded from a trusted site periodically. The
adoption of pseudonyms in PPA conceals the real-
world identity of vehicles; even though peer vehi-
cles cannot identify the sender of a specific message,
it is still able to authenticate the sender. By fre-
quently updating the pseudonyms during commu-
nication, PBPP defends legitimate vehicles against
location tracing and user profiling.
Both ABPP and PBPP prevent malicious vehicles from
abusing anonymous authentication techniques to achieve
malicious goals or escape from their liabilities. An ideal
PPA scheme in VANETs must have a mechanism to val-
idate authenticated transmissions and conditional privacy
preservation. In Figure 2, we draw an intuitional chart to
illustrate the techniques and mechanisms used in the PPA
schemes, and their categorizations.
4. OVERVIEW AND COMPARISON
OF THE PPA SCHEMES
In this section, representatively, several highly cited
approaches of PPA for VANETs are reviewed. The moti-
vation and overview of each scheme are highlighted.
Moreover, a general up-to-date comparative summary of
the existing PPA schemes is given, based on the various
approaches discussed in the last section.
Figure 2. Techniques and mechanisms used in the PPA schemes.
Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/wcm
Privacy-preserving authentication schemes for VANETs: a survey
4.1. PPA scheme highlights
So far, a number of the PPA schemes for VANETs
have been proposed. In order to present the features and
characteristics of different types of the PPA schemes
for VANETs, here, we introduce relatively representa-
tive and highly cited PPA schemes selectively. For bet-
ter understanding, we study one PPA scheme for each
type of the PPA schemes categorized in the last section;
that is, the SKBA–ABPP schemes, the SKBA–PBPP
schemes, the AKBA–ABPP schemes, and the AKBA–
PBPP schemes, respectively.
4.1.1. TSVC: SKBA–PBPP scheme.
An SKBA–PBPP scheme, the timed efficient and secure
vehicular communication (TSVC) scheme, has been pro-
posed for VANETs with privacy preservation by X. Lin et
al. [7]. TSVC aims at minimizing the packet overhead.
The communication and computation overhead of TSVC
is reduced because of the short MAC tag attached in each
packet for the packet authentication, by which a fast hash
operation is required to verify each packet.
The TSVC is based on Timed Efficient Stream Loss-
tolerant Authentication (TESLA) [25] that needs to per-
form symmetric MAC operation at the receiver to authen-
ticate the source of the message. Each vehicle generates
a hash chain h1 , h2 , : : : , hn , initiated from a random seed
S. Each element in the hash chain is in charge of generat-
ing a number of MAC codes for a number of messages as
the cryptographic keys, which will be released after a short
disclosure delay ı. The authentication process in TSVC
scheme is illustrated in Figure 3.
 For an arbitrary sender O, it generates the MAC tags
of the messages using hj as the encryption keys. In
the data packet sent by O, where Mj is the safety
message, PVID is the pseudo ID of vehicle O, and
Tj is the time when the sender sends the data packet.
 Then, the sender O prepares the first key release
packet kr_P1 , by signing the commitment of the
hash chain h1 , where h1 is the key to generate the
MAC tag for message M1 , CertO is the currently
647
Privacy-preserving authentication schemes for VANETs: a survey
Figure 3. An illustration of the TSVC scheme, redraw from the work in [7].
used anonymous public key certificate, SKO is the
corresponding private key to CertO , T 0 is the time
when the sender sends the key release packet, and
index represents the index of the current hash value
in the hash chain.
 On receiving the first data package from the sender,
the receivers will then store the information such as
the PVID and T1 in order to synchronize the later
packets that are sent by the same source.
 When receiving data packet Pj , j > 1, the receivers
simply put the received packet in the buffer without
trying to verify them. As soon as the next key release
packet kr_Pj arrives, the receivers will start to verify
the previous data packet.
Enlightened by TESLA authentication protocol, the TSVC
scheme only needs to perform symmetric MAC operation
at the receiver, which is sufficient to authenticate the source
of the message.
4.1.2. VAST: SKBA–ABPP scheme.
An SKBA-ABPP scheme, the VANET authentication
scheme using TESLA++ (VAST), has been proposed by
Studer et al. [18]. VAST provides multi-hop authentica-
tion in VANETs, by migrating the TESLA protocol [25] to
VANETs, named TESLA++, to achieve efficient message
verification and its management in authentication.
In TESLA++ of VAST, it requires the receiver vehicle
to store a self-generated MAC of the received message
MAC code. The message and the MAC key will not be
revealed until the key expiration. For the privacy preserva-
tion, vehicles may use a given key chain from the trusted
authority for the MAC in TESLA++ to achieve privacy
in authentication. Note that VAST combines TESLA++
with the elliptic curve digital signature algorithm (ECDSA)
signatures, where ECDSA is utilized for message non-
repudiation if necessary. ECDSA is only performed when
a certain application queries non-repudiation or TESLA++
authentication fails. In the proposed TESLA++, the sender
first sends the message’s MAC MACS along with the key
648 Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
H. Lu and J. Li
index i, and when the key expires, it sends the correspond-
ing message M, key Ki , and i. The receiver first computes
the MAC MACR using a local secret key KRecv . This value
is stored and later used for comparison in verification, and
the message is accepted if MAC is identical. The illus-
tration of VAST is shown in Figure 4, where the sender
broadcasts an authenticated message M.
 Receivers perform two types of verification:
(1) A TESLA++ verification in steps 7, 8,
and 9.
(2) The digital signature verification in step
10 when the application requires non-
repudiation or step 13 when TESLA++
authentication fails (possibly due to a lost
MAC) and if CPU utilization is below cer-
tain thresholds. The thresholds provide flex-
ibility within VAST, such that VANET’s
system designers can mold the scheme to
meet application needs.
 TESLA++ provides authentication and a filter of the
data broadcast during times of high computational
load. The previously received and recorded MAC
(steps 2 to 5) ensures the validity of the message and
the signature, while the hash chain ensures that the
proper key is used (step 7).
 Under VAST, the digital signature is authenticated
using TESLA++ (steps 7 to 9) before it is veri-
fied, preventing the majority of computational and
memory-based denial of service (DoS) attacks.
 In the case where the receiver has no record of the
TESLA++ MAC, the receiver will only verify the
signature of the message if the extra computation
will not lead to a DoS (until step 12).
DOI: 10.1002/wcm
H. Lu and J. Li Privacy-preserving authentication schemes for VANETs: a survey

Figure 4. An illustration of the VAST scheme, redraw from the work in [18].

Figure 5. An illustration of the GSIS scheme, redraw from the work in [6].

4.1.3. GSIS: AKBA–ABPP scheme.
An AKBA–ABPP scheme, by integrating the techniques
of group signature and identity-based signature (GSIS), has
been proposed for VANETs by X. Lin et al. [6]. GSIS
provides node anonymity while allowing for revocable
privacy; meanwhile, it does not require extensive and
robust infrastructure support.
In GSIS, group signature is used to secure the communi-
cation between vehicles, where messages can securely and
anonymously be signed by senders. It provides anonymity
of the signer and non-repudiation of authorized third par-
ties. A signature scheme using ID-based cryptography
is adopted in RSUs to ensure authenticity, which uses
the identity of each RSU as the public key for sign-
ing messages sent by RSUs. The GSIS scheme for V2V
authentication contains five phases as illustrated in
Figure 5, which is similar to V2R authentication.
 The first phase is the membership registration, in
which an MM generates the vehicle’s private key.

Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd. 649
DOI: 10.1002/wcm
Privacy-preserving authentication schemes for VANETs: a survey
 The second phase consists of signing a message.
For any given message, a vehicle signs the message
as a function of both the group public key and the
vehicle’s private key.
 Verification of a received message is processed in
the third phase. A time stamp is first verified, and
if passed, signature verification is processed using
the group public key and certain system parameters.
If the message fails at any of verification steps, the
message is simply dropped.
 The fourth phase is for the membership traceabil-
ity, which occurs whenever there is a query and the
real ID of the message signer is needed. This phase
consists of three steps. In the first step, a tracing
manager first checks the validity of the signature and
then generates vehicle’s private key, and then sends
the query message to the MM in the second step. In
the third step, the MM looks up the actual ID of the
vehicle for investigation.
 The last phase is the membership revocation.
4.1.4. PACP: AKBA–PBPP scheme.
An AKBA–PBPP scheme, the pseudonymous
authentication-based conditional privacy (PACP) scheme,
has been proposed for vehicular communications by D.
Huang et al. [9]. The construction of PACP is based
on pairing of identity-based encryption, which is a
mathematical structure based on elliptic curve cryp-
tosystem assumptions. The main contribution of PACP
is to allow vehicles to generate provably anonymous
and computationally efficient pseudonyms to ensure
conditional privacy.
In PACP, vehicles interact with RSUs to help them
generate pseudonyms for anonymous authentication and
provide conditional privacy to the vehicles in VANETs.
Pseudonym generation for a vehicle requires three types
of entities; namely, the vehicle, the MVD (i.e., the RTA
or CA), and the RSU. The interaction between these three
entities is illustrated in Figure 6.
 A vehicle Va provides the required identity informa-
tion to the MVD as part of the registration process
(step (1)).
 Then, the MVD issues Va a ticket (step (2)). The
ticket uniquely identifies Va ; however, it does not
reveal Va ’s true identity.
 When moving on the road, Va authenticates itself
with the nearest RSU and obtains a pseudonym
token (steps (3) and (4)).
 Then, Va uses the token to generate its pseudonyms
(step (5)). Note that the RSU does not learn any
private information of the vehicle.
As a result, the RSU is unaware of the vehicle’s true iden-
tity, and only can map a ticket to a pseudonym token and
the generated pseudonym. For authentication, PACP con-
sists of three building blocks based on an identity-based
650 Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
H. Lu and J. Li
Figure 6. An illustration of the PACP scheme, redraw from the
work in [9].
encryption scheme [26]; namely, registration, generation,
and extraction.
4.2. PPA schemes: security analysis
The security efficacy of the PPA schemes relies on the
applied cryptographies and key managements in different
encryption algorithms, where the encryption algorithm is
secure if the corresponding cipher-text cannot be decrypted
without the corresponding keys. However, the security of
the encryption algorithms cannot be compared because of
different encryption types, key/cipher sizes, and algorithm
steps. Thus, in this paper, in order to analyze the security
of the existing PPA schemes, we investigate the cases when
an adversary (attacker) exists in the network introduced in
Section 2.3, and detail the solutions and countermeasures
against various adversaries and attacks.
4.2.1. Solutions to attacks on authentication.
In the PPA schemes, authentication is guaranteed by
applied cryptographies, which deal with this attack model
on PPA. According to the classifications in Section 3,
in SKBA schemes, symmetric key cryptographies are
applied for message authentication, where the messages
are usually protected by authentication codes. Whereas
in AKBA schemes, asymmetric key cryptographies are
applied for message authentication, where messages are
usually bounded with the corresponding digital signa-
tures. Both the authentication codes and the digital sig-
natures withstand the attacks on authentication, based on
the applied cryptographies and the corresponding encryp-
tion keys. In this way, the adversaries cannot generate the
correct authentication codes or digital signatures for the
recipients to trigger the attacks on authentication.
4.2.2. Solutions to attacks on privacy.
In the PPA schemes, privacy preservation is guaranteed
by applied anonymity techniques, which deal with this
attack model on PPA. For ABPP mechanisms, anonymous
DOI: 10.1002/wcm
H. Lu and J. Li Privacy-preserving authentication schemes for VANETs: a survey

Table I. Comparative summary of the existing PPA schemes.

Related security requirements

Key cryptographies Mechanism
PPA scheme for for privacy Non- Time System
(in chronological order) authentication preservation Anonymity repudiation constraint independency

GSIS [6], 2007 PKI-based AKBA ABPP Yes Yes  Low

Hybrid [27], 2007 PKI-based AKBA PBPP Yes Yes 4 High
ECPP [22], 2008 ID-based AKBA ABPP Yes Yes 4 Low
Kamat et al. [28], 2008 ID-based AKBA PBPP Yes Yes  Low
PPGCV [29], 2008 SKBA ABPP Yes No 4 High
PPAA [30], 2008 ID-based AKBA PBPP Yes Yes 4 High
TSVC [7], 2008 SKBA PBPP Yes No  Low
Zhang et al. [31], 2008 ID-based AKBA ABPP No No  Low
Xi et al. [32], 2008 PKI-based AKBA PBPP Yes No 4 Low
RAISE [8], 2008 SKBA PBPP Yes Yes  Low
Choi et al. [33], 2009 ID-based AKBA ABPP Yes Yes  Low
TACK [34], 2009 PKI-based AKBA PBPP Yes Yes 4 Low
VAST [18], 2009 SKBA ABPP No Yes 4 High
ESAP [35], 2010 ID-based AKBA PBPP Yes Yes  Low
PASS [19], 2010 PKI-based AKBA PBPP Yes Yes 4 Low
Salem et al. [36], 2010 PKI-based AKBA ABPP No No 4 Low
Sun et al. [20], 2010 ID-based AKBA PBPP Yes Yes  Low
Tan [37], 2010 ID-based AKBA PBPP Yes Yes 4 High
Biswas et al. [38], 2011 ID-based AKBA ABPP No Yes  Low
PACP [9], 2011 ID-based AKBA PBPP Yes Yes  Low
Chaurasia et al. [39], 2011 PKI-based AKBA ABPP No No  Low
MAPWPP [40], 2011 ID-based AKBA PBPP Yes Yes  Low
PAACP [23], 2011 PKI-based AKBA ABPP No Yes 4 Low
Burmester et al. [41], 2012 SKBA PBPP Yes Yes 4 Low
Lu et al. [24], 2012 ID-based AKBA PBPP Yes No  High
SPA [42], 2012 PKI-based AKBA ABPP Yes Yes 4 High
LPP [43], 2012 PKI-based AKBA PBPP Yes Yes  Low
CPAS [10], 2012 ID-based AKBA PBPP Yes Yes  Low
ACPN [44], 2013 ID-based AKBA PBPP Yes Yes  High

key managements are applied for privacy preservation,
where the certificated anonymous key pairs are usually
used for authentication. Whereas for PBPP mechanisms,
vehicle anonymity is used for privacy preservation, where
the corresponding vehicular pseudonyms are usually gen-
erated for cryptographies in authentication. The adoption
of the ABPP and PBPP mechanisms conceals the real-
world identities of vehicles in the VANET communica-
tions, which defend the legitimate vehicles against location
tracing and user profiling from the adversaries.
4.3. PPA schemes: summary
and comparison
For an overall recognition and identification to the develop-
ment of the PPA schemes, so far, we provide an up-to-date
comprehensive summary of the existing PPA schemes in
the literature shown in Table I. We arrange the existing
PPA schemes in a chronological order in the table, in
which their categories and security requirements are listed
based on the explanations in Sections 2 and 3. We then
categorize them by the key cryptographies and privacy-
preserving mechanisms applied in these PPA schemes,
based on the classifications in Section 3. As mentioned in
the last section, the security efficacy of the PPA schemes
relies on the applied cryptographies and key managements
in different encryption algorithms, which is hard to com-
pare. Thus, we mainly focus on the feasibility in VANETs
and the computational efficiency of the PPA schemes, in
the comparative summary of the existing PPA schemes.
In Table I, “yes/no” indicates whether or not the pro-
posed scheme satisfies the related security requirements
to PPA. “/4” indicates whether or not the proposed
PPA scheme is efficient in communication and compu-
tation to meet the time constraint in VANETs, where
 means low delay overhead and 4 means high delay

Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd. 651
DOI: 10.1002/wcm
Privacy-preserving authentication schemes for VANETs: a survey H. Lu and J. Li

Table II. Acronyms and notations in Table I.

Character Explanation

AKBA : Asymmetric-key-based authentication

SKBA : Symmetric-key-based authentication
ABPP : Authorization-based privacy preservation
PBPP : Pseudonym-based privacy preservation
Yes/no : Whether or not the proposed scheme satisfies the related security
requirements to privacy-preserving authentication.
/4 : Whether or not the proposed scheme is efficient in communication
and computation to meet the time constraint in VANETs.
High/low : The level of infrastructure support for privacy-preserving
authentication in the proposed scheme.

Table III. Summary of characteristics in the four categories of privacy-preserving authentication (PPA).

Related security requirements

PPA types Anonymity Non-repudiation Time constraint System independency

SKBA-ABPP schemes 4  4 
SKBA-PBPP schemes  4  4
AKBA-ABPP schemes 4  4 
AKBA-PBPP schemes  4  4

overhead. “High/low” indicates the level of infrastructure
support for PPA in the proposed scheme, where “high sys-
tem independency” means that the proposed scheme needs
comparatively less infrastructure access, in both protocol
initialization and PPA process of communication, and vice
versa. The values of the summarizing items in Table I are
decided based on our opinions on the references, which are
related to the steps of verification calculations and the com-
plexity of cryptographies. For convenience, the acronyms
and notations used in Table I are listed in Table II.
Additionally, based on the study of the PPA schemes
in Table I, we can further sum up the characteristics in
each type of the PPA schemes categorized in Figure 2
of Section 3; that is, the SKBA–ABPP schemes, the
SKBA–PBPP schemes, the AKBA–ABPP schemes, and
the AKBA–PBPP schemes in the following Table III. Sim-
ilarly, to the notations in Table I, “/4” indicates whether
or not this type of the PPA schemes are adequate or poten-
tial to achieve the related security requirements, where 4
means that the corresponding type of the PPA schemes still
has room to develop.
5. OPEN ISSUES AND
CHALLENGES FOR VANET PPA
The current IEEE (the Institute of Electrical and Electron-
ics Engineers) standard for VANET security, IEEE 1609.2
[45], provides guidelines as a framework for secure mes-
sage formats and message process in VANETs. However,
IEEE 1609.2 does not provide any specific security proto-
col for use. Although a number of PPA schemes have been
proposed, several challenges are still needed to be dealt
with for the practical PPA of secure communications in
VANETs.
Infrastructure-free design of PPA: Most of existing work
in designing PPA schemes requires infrastructure (RSUs,
RTAs, etc.) access and support for protocol initializa-
tion, authentication, or privacy preservation. Especially,
mechanisms achieving conditional privacy preservation in
the existing PPA schemes are mainly realized by of the
trusted authority assistance. Generally, the less frequent
the infrastructure support, the higher the system indepen-
dency. Infrastructure-free design of PPA is crucial, where
infrastructure support is unavailable for certain scenarios in
VANETs, for example, at rural countryside or in disaster.
Therefore, because of the possible crisis of infrastructures,
designing an infrastructure-free PPA scheme is an open
issue in VANETs.
Trust in PPA: Trust in authentication and communica-
tion is another research issue in VANETs, which refers
to trustworthiness of the authenticating vehicles. Tech-
niques in PPA can guarantee and identify the data origin
by cryptographies; however, the sensing data might be fal-
sified or juggled by adversaries when being sensed. Thus,
the original vehicle, who transmitted the false data, can-
not be trusted any more. In such cases, detecting the
malicious data in the authentication process is challeng-
ing and necessary with other techniques [46]; meanwhile,
the untrustworthy vehicle should be isolated from the
VANET system.
Evaluation metrics and testbeds for security: Currently,
the performance evaluation of VANETs, especially for
security and authentication, still lacks for metrics, simula-
tors, and realistic testbeds. In the existing PPA schemes,
security is evaluated in analysis, rather than real imple-
mentations in simulations or testbeds. Even for the security

652 Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/wcm
H. Lu and J. Li
analysis, there does not exist the standard metrics for
the analysis and evaluation of security yet. Therefore, the
security aware simulations and good metrics are required
in the future research, for examining security levels and
overheads of the PPA schemes in VANETs.
Combination with other networks: Along with the
deployment especially on roads, VANETs are expected to
be integrated with other types of wired or wireless net-
works, for the purpose of a wide range of urban network
connections. In this situation, vehicles in a VANET need
to authenticate with identities in other networks, such as
Internet, cellular, and sensor networks. This is challenging,
because of the combination of the VANET PPA schemes
with different authentication schemes and techniques used
in other networks [21,46,47].
6. CONCLUSION
There have been a number of research work focusing
on providing the anonymous authentication with privacy
preservation in VANETs. In this paper, we have carried
out a survey of PPA schemes for VANETs and studied the
development of PPA. We have categorized and summa-
rized the existing PPA schemes with different aspects in
authentication key cryptographies and privacy preservation
mechanisms. Lastly, we have addressed the open issues and
challenges that can be further investigated in the desired
PPA schemes for VANETs, which indicate that PPA is still
a good trend of research for effective security in VANETs.
ACKNOWLEDGEMENTS
This work has been partially supported by Grand-in-Aid
for Scientific Research from Japan Society for Promo-
tion of Science (JSPS) and Research Collaboration Grant
from NII.
REFERENCES
1. Zeadally S, Hunt R, Chen YS, Irwin A, Hassan A.
Vehicular ad hoc networks (VANETS): status, results,
and challenges. Telecommunication Systems 2012;
50(4): 217–241.
2. Li F, Wang Y. Routing in vehicular ad hoc networks:
a survey. IEEE Vehicular Technology Magazine 2007;
2(2): 12–22.
3. Shi Z, Beard C, Mitchell K. Analytical models for
understanding space, backoff and flow correlation in
CSMA wireless networks. Wireless Networks 2013;
19(3): 393–409.
4. Raya M, Pierre J. Securing vehicular ad hoc networks.
Journal of Computer Security 2007; 15 (1): 39–68.
http://jcs.stanford.edu [accessed on October 3, 2012].
5. Dok H, Fu H, Echevarria R, Weerasinghe H. Pri-
vacy issues of vehicular ad-hoc networks. International
Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/wcm
Privacy-preserving authentication schemes for VANETs: a survey
Journal of Future Generation Communication and Net-
working 2010; 3(1): 17–32.
6. Lin X, Sun X, Ho PH, Shen X. GSIS: a secure and
privacy-preserving protocol for vehicular communi-
cations. IEEE Transactions on Vehicular Technology
2007; 56(6): 3442–3456.
7. Lin X, Sun X, Wang X, Zhang C, Ho PH, Shen X.
TSVC: timed efficient and secure vehicular communi-
cations with privacy preserving. IEEE Transactions on
Wireless Communications 2008; 7(12): 4987–4998.
8. Zhang C, Lin X, Lu R, Ho PH, Shen X. An efficient
message authentication scheme for vehicular commu-
nications. IEEE Transactions on Vehicular Technology
2008; 57(6): 3357–3368.
9. Huang D, Misra S, Verma M, Xue G. PACP: an
efficient pseudonymous authentication-based condi-
tional privacy protocol for VANETs. IEEE Trans-
actions on Intelligent Transportation Systems 2011;
12(3): 736–746.
10. Shim KA. CPAS: an efficient conditional privacy-
preserving authentication scheme for vehicular sensor
networks. IEEE Transactions on Vehicular Technology
2012; 61(4): 1874–1883.
11. Choi J, Jung S. Unified security architecture and pro-
tocols using third party identity in V2V and V2I net-
works. Wireless Communications & Mobile Computing
2012; 12(15): 1326–1337.
12. Almulla M, Zhang Q, Boukerche A, Ren Y. An
efficient k-means authentication scheme for digital
certificates revocation validation in vehicular ad hoc
networks. Wireless Communications & Mobile Com-
puting 2014; 14(16): 1546–1563.
13. Raya M, Papadimitratos P, Hubaux JP. Securing vehic-
ular networks. IEEE Wireless Communications Maga-
zin 2006; 13(5): 8–15.
14. Shi Z, Beard C, Mitchell K. Competition, coopera-
tion, and optimization in multi-hop CSMA networks
with correlated traffic. International Journal of
Next-Generation Computing 2012; 3 (3): 228–246.
http://www.innovationunlimited.net/ojs/index.php/ijngc
[accessed on October 3, 2012].
15. Shi Z. Stochastic Modeling, Correlation, Competi-
tion, and Cooperation in a CSMA Wireless Network.
ProQuest, UMI Dissertation Publishing: Ann Arbor,
Michigan, USA, 2011.
16. Standler RB. Privacy law in the USA, 1997. Avail-
able from: http://www.rbs2.com/privacy.htm [accessed
on October 3, 2012].
17. Fuentes JM, González-Tablas AI, Ribagorda A.
Overview of security issues in vehicular ad-hoc net-
works. Handbook of Research on Mobility and Com-
puting: Evolving Technologies and Ubiquitous Impacts
653
Privacy-preserving authentication schemes for VANETs: a survey
2011: 894–911, Available from: http://hdl.handle.net/
10016/9395 [accessed on October 3, 2012].
18. Studer A, Bai F, Bellur B, Perrig A. Flexible,
extensible, and efficient VANET authentication. Jour-
nal of Communications and Networks 2009; 11 (6):
574–588, Available from: http://www.jcn.or.kr/home/
journal/ [accessed on October 3, 2012].
19. Sun Y, Lu R, Lin X, Shen X, Su J. An efficient
pseudonymous authentication scheme with strong pri-
vacy preservation for vehicular communications. IEEE
Transactions on Vehicular Technology 2010; 59 (7):
3589–3603.
20. Sun J, Zhang C, Zhang Y, Fang Y. An identity-
based security system for user privacy in vehicular
ad hoc networks. IEEE Transactions on Parallel and
Distributed Systems 2010; 21(9): 1227–1239.
21. Nacher M, Calafate CT, Cano JC, Manzoni P. An
overview of anonymous communications in mobile ad
hoc networks. Wireless Communications and Mobile
Computing 2012; 12(8): 661–675.
22. Lu R, Lin X, Zhu H, Ho PH, Shen X. ECPP: efficient
conditional privacy preservation protocol for secure
vehicular communications. In Proceedings of the IEEE
INFOCOM, Vol. 2008, Phoenix, AZ, USA, 2008;
1229–1237.
23. Yeh LY, Chen YC, Huang JL. PAACP: a portable
privacy-preserving authentication and access control
protocol in vehicular ad hoc networks. Computer Com-
munications 2011; 34(3): 447–456.
24. Lu H, Li J, Guizani M. A novel ID-based authenti-
cation framework with adaptive privacy preservation
for VANETs. In Proceedings of the ComComAp 2012,
Hong Kong, China, 2012; 345–350.
25. Perrig A, Canetti R, Tygar JD, Song D. The TESLA
broadcast authentication protocol. RSA CryptoBytes
2005; 5 (2): 2–13. http://repository.cmu.edu/epp/62
[accessed on October 3, 2012].
26. Boneh D, Franklin M. Identity-based encryption from
the Weil pairing. In Advances in Cryptology - CRYPTO
2001, LNCS, Vol. 2139, 2001; 213–229.
27. Calandriello G, Papadimitratos P, Hubaux JP, Lioy A.
Efficient and robust pseudonymous authentication in
VANET. In Proceedings of ACM VANET’07, Montreal,
Canada, 2007; 19–28.
28. Kamat P, Baliga A, Trappe W. Secure, pseudonymous,
and auditable communication in vehicular ad hoc net-
works. Security and Communication Networks 2008; 1
(3): 233–244.
29. Wasef A, Shen X. PPGCV: Privacy Preserving Group
Communications Protocol for Vehicular Ad Hoc Net-
works. In Proceedings of IEEE ICC’08, Beijing, China,
2008; 1458–1463.
654 Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
H. Lu and J. Li
30. Tsang PP, Smith SW. PPAA: peer-to-peer anonymous
authentication. In Appl. Cryptogr. Netw. Secur. - ACNS
2008, LNCS, Vol. 5037, New York, NY, USA, 2008;
55–74.
31. Zhang C, Liu R, Ho PH, Chen A. A location pri-
vacy preserving authentication scheme in vehicular
networks. In Proceedings of IEEE WCNC, Vol. 2008,
Las Vegas, NV, USA, 2008; 2543–2548.
32. Xi Y, Sha KW, Shi WS, Schwiebert L, Zhang T. Proba-
bilistic adaptive anonymous authentication in vehicular
networks. Journal of Computer Science and Technol-
ogy 2008; 23(6): 916–928.
33. Choi J, Jung S. A security framework with strong non-
repudiation and privacy in VANETs. In Proceedings of
IEEE CCNC’09, Las Vegas, NV, USA, 2009; 1–5.
34. Studer A, Shi E, Fan B, Perrig A. TACKing together
efficient authentication, revocation, and privacy in
VANETs. In Proceedings of IEEE SECON’09, Rome,
Italy, 2009; 1–9.
35. Weerasinghe H, Fu H. ESAP: efficient and scal-
able authentication protocol with conditional privacy
for secure vehicular communications. In Proceedings
of IEEE GLOBECOM 2010 Workshops, Miami, FL,
USA, 2010; 1729–1734.
36. Salem FM, Ibrahim MH, Ibrahim II. Non-interactive
authentication scheme providing privacy among
drivers in vehicle-to-vehicle networks. In Proceedings
of ICNS, Vol. 2010, Cancun Mexico, 2010; 156–161.
37. Tan Z. A privacy-preserving mutual authentication
protocol for vehicle ad hoc networks. Journal of
Convergence Information Technology 2010; 5 (7):
180–186.
38. Biswas S, Misic J, Misic V. ID-based safety message
authentication for security and trust in vehicular net-
works. In Proceedings of ICDCSW 2011 Workshops,
Minneapolis, MN, USA, 2011; 323–331.
39. Chaurasia BK, Verma S. Infrastructure based authen-
tication in VANETs. International Journal of Multi-
media and Ubiquitous Engineerin 2011; 6 (2): 41–
53. http://www.sersc.org/journals/IJMUE/ [accessed
on October 3, 2012].
40. Behera S, Mishra B, Nayak P, Jena D. A secure and
efficient message authentication protocol for vehicular
ad hoc networks with privacy preservation (MAP-
WPP). In Proceedings of IEEE IMSAA, Bangalore,
Karnataka, India, 2011; 1–6.
41. Burmester M, Magkos E, Secure Chrissikopoulos V,
Privacy-preserving timed vehicular communications.
International Journal of Ad Hoc and Ubiquitous Com-
puting 2012; 10(4): 219–229.
42. Zhang J, Cui Y, Chen Z. SPA: self-certified PKC-based
privacy-preserving authentication protocol for vehicu-
lar ad hoc networks. International Journal of Security
DOI: 10.1002/wcm
H. Lu and J. Li
and Its Applications 2012; 6 (2): 409–414. http://
www.sersc.org/journals/IJSIA/ [accessed on October
3, 2012].
43. Shen AN, Guo S, Zeng D, Guizani M. A lightweight
privacy-preserving protocol using chameleon hashing
for secure vehicular communications. In Proceed-
ings of IEEE WCNC 2012, Shanghai, China, 2012;
2543–2548.
44. Li J, Lu H, Guizani M. ACPN: a novel authentica-
tion framework with conditional privacy-preservation
and non-repudiation for VANETs. IEEE Transac-
tions on Parallel and Distributed Systems 2013, DOI:
10.1109/TPDS.2014.2308215.
45. IEEE 1609.2, trial use standard for wireless access in
vehicular environments (WAVE)—security services for
applications and management messages, 2006.
46. Leligou HC, Trakadas P, Maniatis S, Karkazis P,
Zahariadis T. Combining trust with location informa-
tion for routing in wireless sensor networks. Wireless
Communications and Mobile Computing 2012; 12(12):
1091–1103.
47. Hsieh WB, Leu JS. Anonymous authentication proto-
col based on elliptic curve Diffie–Hellman for wire-
less access networks. Wireless Communications and
Mobile Computing 2014; 14(10): 995–1006.
AUTHORS’ BIOGRAPHIES
Huang Lu studied in Harbin Institute
of Technology, Harbin, China, before
he went to Japan for overseas exchange.
He received the BS degree in Informa-
tion and Network Science from Chiba
Institute of Technology, Chiba, Japan,
the MS and the PhD (Eng) degrees
in Computer Science from University
Wirel. Commun. Mob. Comput. 2016; 16:643–655 © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/wcm
Privacy-preserving authentication schemes for VANETs: a survey
of Tsukuba, Tsukuba, Japan, in 2007, 2009, and 2014,
respectively. Since April 2014, he has been a researcher
at the Yokohama Research Laboratory, Hitachi, Ltd.,
Yokohama, Japan. His research interests include com-
puter networks, wireless communications, network secu-
rity, and computational engineering. He is a member
of IEEE.
Jie Li received the BE degree in Com-
puter Science from Zhejiang Univer-
sity, Hangzhou, China, and the ME
degree in Electronic Engineering and
Communication Systems from China
Academy of Posts and Telecommuni-
cations, Beijing, China. He received
the Dr Eng degree from the Univer-
sity of Electro-Communications, Tokyo, Japan. He has
been with the University of Tsukuba, Japan, where he
is a professor in the Faculty of Engineering, Informa-
tion and Systems. His research interests are in mobile
distributed computing and networking, cloud computing
and big data, OS, network security, modeling, and per-
formance evaluation of information systems. He received
the best paper award from IEEE NAECON ’97. He is
a senior member of IEEE and ACM, and a member of
Information Processing Society of Japan (IPSJ). He has
served as a secretary for Study Group on System Eval-
uation of IPSJ and on several editorial boards for IPSJ
Journal and so on, and on Steering Committees of the SIG
of System EVAluation (EVA) of IPSJ, the SIG of DataBase
System (DBS) of IPSJ, and the SIG of MoBiLe com-
puting and ubiquitous communications (MBL) of IPSJ.
He has been a co-chair of several international sym-
posia and workshops. He has also served on the program
committees for several international conferences such as
IEEE ICDCS, IEEE INFOCOM, IEEE GLOBECOM, and
IEEE MASS.
655
Copyright of Wireless Communications & Mobile Computing is the property of John Wiley
& Sons, Inc. and its content may not be copied or emailed to multiple sites or posted to a
listserv without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.