International Journal of Intelligent Systems

Volume 2025, Issue 1 2539516

Research Article

Open Access

Multidomain Secure Communication and Intelligent Traffic Detection Model in VANETs

Qikun Zhang

orcid.org/0000-0002-6117-5686

School of Computer and Communication Engineering , Zhengzhou University of Light Industry , Zhengzhou , 450001 , China , zzuli.edu.cn

Search for more papers by this author

Mengqi Liu,

Corresponding Author

Mengqi Liu

[email protected]

orcid.org/0000-0001-9576-6903

School of Cyber Science and Engineering , Southeast University , Nanjing , 210000 , China , seu.edu.bd

Search for more papers by this author

Ping Li,

Ping Li

orcid.org/0009-0001-2298-4923

School of Information Security , Sanmenxia College of Social Administration , Sanmenxia , 472000 , China

Search for more papers by this author

Junling Yuan,

Junling Yuan

orcid.org/0000-0001-6734-9256

School of Computer and Communication Engineering , Zhengzhou University of Light Industry , Zhengzhou , 450001 , China , zzuli.edu.cn

Search for more papers by this author

Hongfei Zhu,

Hongfei Zhu

orcid.org/0000-0003-0706-0834

Key Laboratory of Big Data Intelligent Computing , Chongqing University of Posts and Telecommunications , Chongqing , 400065 , China , cqupt.edu.cn

Search for more papers by this author

Qikun Zhang,

Qikun Zhang

orcid.org/0000-0002-6117-5686

School of Computer and Communication Engineering , Zhengzhou University of Light Industry , Zhengzhou , 450001 , China , zzuli.edu.cn

Search for more papers by this author

Mengqi Liu,

Corresponding Author

Mengqi Liu

[email protected]

orcid.org/0000-0001-9576-6903

School of Cyber Science and Engineering , Southeast University , Nanjing , 210000 , China , seu.edu.bd

Search for more papers by this author

Ping Li,

Ping Li

orcid.org/0009-0001-2298-4923

School of Information Security , Sanmenxia College of Social Administration , Sanmenxia , 472000 , China

Search for more papers by this author

Junling Yuan,

Junling Yuan

orcid.org/0000-0001-6734-9256

School of Computer and Communication Engineering , Zhengzhou University of Light Industry , Zhengzhou , 450001 , China , zzuli.edu.cn

Search for more papers by this author

Hongfei Zhu,

Hongfei Zhu

orcid.org/0000-0003-0706-0834

Key Laboratory of Big Data Intelligent Computing , Chongqing University of Posts and Telecommunications , Chongqing , 400065 , China , cqupt.edu.cn

Search for more papers by this author

First published: 29 May 2025

https://doi.org/10.1155/int/2539516

Academic Editor: Zhiyuan Qi

Share a link

Email
Wechat
Bluesky

Abstract

Vehicular ad-hoc network (VANET) plays a vital role in the intelligent transportation system. It is crucial to ensure secure communication among entities in the VANET for realizing an efficient transportation system. In this scenario, the current communication scheme is vulnerable to the leakage of private information from entities. The research primarily centers on single-domain vehicular networks, with only a limited number of researchers exploring cross-domain authentication among vehicle entities. Cross-domain communication schemes have received little attention from scholars. Furthermore, there are issues, including the susceptibility of in-vehicle conversations to eavesdropping, the vulnerability of long-distance transmissions to interruptions, and the exposure of wireless networks to traffic attacks. To address these issues, a multidomain secure communication and intelligent traffic detection model in VANET is proposed. This model offers several notable advantages as follows: (1) It employs a key self-verification algorithm for local computation and authentication of entity keys. This approach mitigates the risks of identity impersonation attacks and key leakage results from third-party key escrow. (2) A multidomain communication scheme is devised to categorize vehicle-to-vehicle (V2V) scenarios into intradomain and interdomain, which correspond to situations where the communicating parties are within the same domain and across different domains, respectively. (3) We propose the implementation of new session message encryption algorithms for V2V communication. This involves generating dynamic random keys to ensure secure data sharing and facilitates long-distance cross-domain communication among vehicles. (4) An intelligent two-layer traffic detection paradigm is proposed to improve the efficiency of detecting attack traffic in vehicular networks. This paper provides security proofs and performance analysis of the proposed scheme. The experimental results demonstrate that within the communication module, the comparative scheme exhibits high computational demands and significant delays, whereas our approach provides superior security and better computational performance. Compared to the traditional detection model, our two-layer detection paradigm reduces model training time by 69–4477 ms and testing time by 9–1469 ms.

1. Introduction

One of the application scenarios of intelligent transportation systems (ITSs) is vehicular ad-hoc network (VANET) [1]. VANET is a vehicle communication network that facilitates traffic warnings, automated driving, enhanced driving comfort, and road traffic information retrieval. It is a self-organizing, cost-effective, and open network structure built on the road [2].

1.1. Research Motivation

Represented by the literature [3], it has been criticized for its lengthy authentication process [4] and vulnerability to privacy leakage [5]. In many existing schemes, terminal keys are directly assigned by the authority, which increases the risk of key loss during the distribution process. Encrypted communication within VANETs, literature [6] incurs a high cost and long-time consumption for communication security [7], and the scheme is homogeneous and cannot be adapted to multiple application scenarios. Several researchers have proposed solutions for VANET environments vulnerable to attacks, but the scenario has higher requirements for the detection efficiency of the model. Balancing higher detection accuracy and shorter detection time through simple and implementable machine learning [8] poses a challenge. The above concerns can be summarized as follows:

•
Due to the majority of data transmission occurring over wireless networks, VANETs are susceptible to identity spoofing attacks. To combat such attacks, authentication technology serves as a powerful tool [9]. It is worthwhile for researchers to consider how to use this technology to make terminal privacy information more secure.
•
Intercepting messages transmitted in the public channel is easy for hackers [10], and it is urgent to protect communication security in resource-constrained VANET environments.
•
While large-scale VANETs can offer drivers a wealth of detailed and diverse information, they also become more attractive targets for hacking attacks [11]. While exploring solutions for attack traffic detection, researchers are confronted with the challenge of balancing detection performance and detection efficiency. This conflict has become a prominent topic of the study.

Consequently, the identification of vehicles, ensuring secure communication between them, and detecting attacks within the network have emerged as difficult and pressing issues in the ongoing research on secure communication in vehicle self-organized networks. Failing to address these three problems adequately can result in significant property damage and even pose threats to human lives [12].

1.2. Our Contribution

Therefore, a multidomain secure communication and traffic detection model for VANET is proposed. Three critical issues in VANET are investigated as follows: authentication techniques based on privacy-preserving, establishment of secure channels for vehicle communication, and attack detection on the network through traffic monitoring. The main contributions of this paper are outlined as follows:

•
A multidomain secure communication and traffic detection model in VANET is proposed. An authentication module, a secure communication module, and a detection module are included in the model. The authentication module provides authentication functions for both vehicle-to-roadside unit (V2R) and vehicle-to-vehicle (V2V) communications within the same domain. The communication module facilitates V2V communication. Lastly, the detection module works to improve the efficiency of flow detection.
•
Decentralized key generation is implemented in the proposed scheme, eliminating the need for key assignment by a central authority. Instead, a key self-verification algorithm is employed to validate the public and private keys of entities, including roadside units (RSUs) and vehicles. This approach significantly mitigates the security risks of large-scale key leakage due to attacks on the key generation center and impersonation attacks due to key interception during key distribution.
•
Cross-domain secure channels are established. Communication schemes are distinguished as intradomain and interdomain. The intradomain scheme caters to communicating parties within the same domain, while the interdomain scheme accommodates communication between communicating parties in different domains. To enhance communication security, dynamic random keys are utilized. The scheme demonstrates excellent scalability and high security, making it suitable for diverse application scenarios.
•
A two-layer traffic detection paradigm is employed to more efficiently detect attacks in VANETs. The traffic detection process is divided into two steps, and four machine learning algorithms are tested and evaluated. The results demonstrate that the proposed scheme yields a significant reduction in time requirements, including both training and detection time, while slightly enhancing the overall detection performance compared to the original algorithm with only one step.

1.3. Organization

The remainder of the paper is structured as follows. Section 2 discusses the related research work, and Section 3 presents the fundamentals used in this paper. Section 4 outlines the system model and initializes the system. Sections 5 and 6 are the authentication module and secure communication module, respectively. Section 7 is the detection module. The performance analysis of the three modules is shown in Section 8. Finally, the conclusion is presented in Section 9.

2. Related Work

Three key directions relevant to this paper are summarized as follows: the authentication scheme, communication scheme, and traffic detection scheme. This section provides an overall review of the schemes proposed by other researchers.

2.1. Authentication

In the literature [3], a software-defined networking (SDN)–based comprehensive framework is proposed to address the challenge of providing ubiquitous and reliable connectivity among high-speed vehicles in the context of 5G. The framework incorporates an authentication protocol based on elliptic curve ciphers (ECCs) to ensure end-to-end privacy protection. Considering the inherent high mobility of vehicles, the authors of literature [13] introduce a combined proof and certification scheme for verifying the electronic control unit (ECU) firmware installed in vehicles. This scheme enables the RSU’s edge server (ES) to verify the integrity of the ECU firmware as a vehicle passes through an RSU. To mitigate the risk of unauthorized visitors exploiting legitimate authentication, the authors of literature [14] present a dual authentication scheme for the internet of vehicles (IoV). This scheme incorporates trust assessment in the authentication protocol, evaluating a vehicle’s reputation based on its historical interaction behavior. The authors in literature [15] shift the authentication computation to registration, eliminating most of the computational tasks at the terminal. The protocol is shown to be secure under the decision bilinear Diffie–Hellman (DBDH) problem assumption and performs very well in performance analysis. A hash-based lightweight and anonymous authentication scheme is designed in literature [16]. It can address the aforementioned restrictions and enhance the effectiveness of authentication in vehicle-to-infrastructure (V2I) architecture. This scheme effectively combines identity, password, and biometric to enhance resistance against impersonation, denial of service (DoS), and privileged insider attacks. The authors of literature [17] introduce a lightweight, conditional privacy-preserving authentication and key agreement model. This model utilizes symmetric keys to minimize computation and communication overhead during the process. It also addresses the issue of a single point of failure by employing a multitrusted authority (TA) approach. In addition, the model supports the revocation of identities for illegal vehicles. By combining the advantages of attribute encryption and authentication, the authors of literature [18] propose an authenticated asymmetric group key agreement (AGKA) based on attribute encryption. Attribute encryption and authentication techniques ensure the security of the group key protocol and protect individual privacy. In addition, the protocol transfers the computation and communication loads to powerful servers to reduce the workload of smart terminals under unbalanced mobile networks. To provide a secure and efficient transmission mechanism for data over public channels, the authors of literature [19] propose a privacy-preserving intervehicular authentication protocol for VANETS using physical unclonable function (PUF). It is more reliable, convenient, and practical for secure data transmission in VANETs.

However, the majority of these schemes rely on traditional authoritative centers or trusted authorities for authentication, which may limit the robustness of VANET. Moreover, the utilization of traditional key escrow technology in these schemes poses risks such as key leakage, key interception, and counterfeit attacks.

2.2. Communication

In the context of secure communication within smart cities, the authors of literature [6] present a two-level authentication key exchange scheme utilizing ECC technology. The first level involves authenticating the cluster heads (CHs), while the second level requires the verified CHs from the first level to authenticate vehicles and facilitate message exchange between the CHs and vehicles. The authors of literature [20] establish a lightweight and efficient group communication channel between sensor nodes. Taking the CHs as a bridge node, it realizes that the sensor nodes in different clusters have the same group key information and negotiate a pair of asymmetric group keys to realize cross-cluster secure communication. The cluster communication adopts an asymmetric encryption mechanism. It realizes the group-secure communication mechanism in which the message sender is not constrained. The authors of literature [21] propose a protocol that establishes a session key between vehicles and RSUs using lightweight cryptographic primitives. It employs a pseudonym mechanism to maintain the anonymity of legitimate vehicles while allowing malicious vehicles to be tracked. Moreover, it does not require a TA to verify the identities between vehicles and RSUs. The authors of literature [22] propose an AGKA protocol between intelligent information system terminals for mobile edge computing networks. AGKA is used to realize the group-secure communication mechanism in which message senders are not constrained in this protocol. In the literature [23], a group key agreement (GKA) protocol is suggested to establish a secure communication channel for intelligent terminals. The protocol offers scalability and dynamic configurability by allowing users to adjust the privacy level based on their preferences. The authors of literature [24] introduce a computationally efficient privacy-preserving identity-based recognition model. Identity-based cryptography (IDC) and ECC are employed to ensure message origin, message integrity, nonrepudiation, and vehicle identity anonymity in V2V communication.

Some schemes, including the aforementioned communication schemes, aim to enhance security but often come with drawbacks such as increased computational complexity, costs, and time consumption. However, in the VANET scenario, where vehicles move swiftly, long delay solutions are not viable. Furthermore, existing communication schemes treat all vehicle terminals in the network equally, resulting in similar communication consumption for both nearby and distant vehicles.

2.3. Detection

Literature [25] develops a lightweight security protocol for radio frequency identification (RFID)–based vehicular cloud computing (VCC) using hash functions and Henon mapping. This protocol can resist physical attacks on RFID tags, and its security against various attacks is verified using the Scyther simulation tool. The authors of literature [26] employ the Bat algorithm with group division and binary difference mutation to select typical features. A weighted voting mechanism based on the random forest (RF) algorithm is established, allowing for adaptive weight changes of samples during stream classification. This approach demonstrates effective feature selection and achieves accurate classification. To improve detection performance, the authors of literature [27] introduce a cognitive memory–guided autoencoder constructed using a deep neural network. The model capitalizes on the advantages of an autoencoder and enhances the storage capability of normal feature patterns through a memory module. The memory module is constrained by feature reconstruction loss and feature sparsity loss, resulting in improved discriminative power and superior detection performance. Addressing different attack types, the authors of literature [28] propose an adaptive approach to generate the optimal number of hidden layers and neurons per layer through multiple iterations of the genetic algorithm. The detection model achieves a high detection rate by adapting to the specific attack characteristics. Using the SDN controller as a foundation, the authors of literature [29] detect intrusions by analyzing host logs and network traffic, employing signature-based, anomaly-based, and machine learning–based detection methods. The approach successfully combines different detection techniques to enhance intrusion detection effectiveness. In the literature [30], the authors construct a real testbed to simulate network attacks and design intrusion detection systems (IDSs). Attacks targeting backdoors, command injections, and structured query language vulnerabilities are injected into the system. A machine learning–based anomaly detection system is employed to analyze the detection of the aforementioned attacks. The authors of literature [31] propose a gradient hybrid leader–based optimization (HLBO) algorithm based on the HLBO algorithm to identify distributed DoS (DDoS) attack detection easily in an optimized manner. In the literature [32], flows are categorized into “easy flows,” which are detected in the first stage, and “hard flows,” which are detected in the second stage. The objective is to minimize the time required for classifying encrypted streams while maintaining a high level of accuracy in stream classification.

As summarized above, researchers have made progress in the field of VANETs traffic detection. However, their schemes often focus on optimizing the internal structure of algorithms while overlooking the importance of adjusting the detection processes.

2.4. Our Scheme

To address the aforementioned issues, we present a multidomain secure communication and traffic detection model in VANETs. In this model, we replace traditional key certification authorities with a key self-verification algorithm, mitigating the risks associated with key leakage and interception. Two communication schemes are designed to cater to both near-range and long-range V2V communication scenarios, thereby further reducing the communication overhead in near-range interactions. To meet the low-latency requirements of VANET scenarios, we scale down the consumption while ensuring security. In addition, we propose a two-layer traffic detection scheme that significantly reduces the training and detection time of the model.

3. Preliminaries

3.1. Elliptic Curve and Bilinear Pairings

The definition of an elliptic curve E/F_p is given. Let p and q be large prime numbers. An elliptic curve E/F_p is defined by the equation y² = x³ + a₁x + b₁(mod p), while a₁, b₁, x, y ∈ F_p. The set of all the points on the curve together with a “point at infinity” O forms an additive group under the point addition operation. Let G₁ be a subgroup of order q, where q ≥ (2^k + 1) (k is the safety parameter), and g₀ is a generator of G₁. Scalar multiplication is defined as ng₀ = g₀ + g₀ + ⋯+g₀(n times), where .

The definition of bilinear mapping [33] is given. Let G₂ represent the multiplicative cyclic group and have the same large prime order q. However, calculating the discrete logarithms on G₁ and G₂ is difficult. e refers to a computable bilinear mapping function, denoted as e : G₁ × G₁⟶G₂, with the following properties:

Property 1: Bilinearity: For any two elements u and v of the group G₁, and , there is e(au, bv) = e(u, v)^ab.
Property 2: Nondegeneracy: There exists a generating element g₀ of G₁ and a unit element 1 of G₂, satisfying e(g₀, g₀) ≠ 1.
Property 3: Computability: For any two elements u and v on the group G₁, there exists an efficient algorithm to compute e(u₁ + u₂, v) = e(u₁, v)e(u₂, v).

3.2. Bilinear Mapping Complexity Assumptions

The following assumptions are made for the additive group G₁:

•
Discrete logarithm problem (DLP): Assume that , given and g₀, it is difficult to compute an unknown .
•
Computational Diffie–Hellman problem (CDHP): Given g₀ ∈ G₁ and elements (ag₀, bg₀), it is difficult to calculate abg₀ when is unknown.
•
Bilinear CDHP (BCDHP): Given elements g₀, ag₀, bg₀, cg₀ ∈ G₁, it is difficult to calculate when is unknown.
•
Inverse CDHP (Inv-CDHP): Given g₀, ag₀, abg₀ ∈ G₁, where , it is difficult to calculate (ab/a)g₀.

3.3. Multilinear Mapping

Consider an additive group G₁ with a generating element g₀, and a multiplicative cyclic group G_T. G₁ and G_T share the same large prime order q. We define

as a multilinear mapping if it satisfies the following properties [34]:

Property 1: Multilinearity: For g₁, g₂, …, g_k ∈ G₁ and , there is .
Property 2: Nondegeneracy: There exist g₁, g₂, …, g_k ∈ G₁, which satisfy e₁(g₁, g₂, …, g_k) ≠ 1.
Property 3: Computability: For g₁, g₂, …, g_k ∈ G₁, there exists an efficient algorithm to compute e₁(g₁, g₂, …, g_k).

3.4. Multilinear Mapping Complexity Assumptions

The following assumptions exist for the additive group G₁:

•
Multilinear CDHP (MCDHP): Given elements g₁, g₂, …, g_k, g_k+1 ∈ G₁ and (a₁g₁, a₂g₂, …, a_k+1g_k+1), it is difficult to calculate when are unknown.
•
Inverse MCDHP (Inv-MCDHP): For g₀, a_ig₀, a_ia_jg₀ ∈ G₁(i, j = 1, 2, …, k, and i ≠ j), known a_ig₀, a_ia_jg₀, where , it is difficult to calculate a_jg₀.

K.Gen is a key generation function K.Gen(1^λ)⟶(C_pk, C_sk), and λ is a security parameter. Cloud runs this function to obtain the public/private key pair (C_pk, C_sk), where , C_pk = C_skg₀.

Table 1 offers a description of frequently recurring symbols.

Table 1. Symbols and descriptions.

Symbol	Description
G₁	Additive group on elliptic curves E/F_p
G₂, G_T	Multiplicative cyclic groups on elliptic curves E/F_p
g₀	The generating element of G₁
e	Bilinear mapping
e₁	Multilinear mapping
H₁(·), H₂(·), H₃(·), H₄(·)	Collision-resistant hash functions
(C_pk, C_sk)	Public/private key pairs of the cloud
(PK_k, SK_k)	Public/private key pairs of RSU_k
(pk_k,m, sk_k,m)	Public/private key of vehicle m located in domain k of the RSU

4. System Model and Initialization

4.1. System Model

A multidomain secure communication and traffic detection model in VANETs is proposed, as depicted in Figure 1. The model consists of four types of entities: cloud, ES, RSU, and vehicle. The entities are described as follows:

Cloud is a trustworthy cloud platform responsible for generating public parameters and master keys within the system. It plays a crucial role in verifying the identity of both RSU and vehicle entities and authenticating their public and private keys. Furthermore, the cloud assists authenticated RSUs in establishing the communication alliance domain.
ES serves as the intermediary link connecting each RSU to the cloud. In comparison to the cloud, ES is in closer proximity to the system terminals, enabling quick responses to terminal requests. Each ES is responsible for managing a cluster of geographically proximate RSUs. It possesses computational capabilities and can locally cache frequently requested resources to ensure rapid responses to terminal demands. Long-distance information forwarding is facilitated by the ESs, and specific transmission channels exist between different ES clusters.
RSU has a fixed communication range, called a domain, which is widely distributed in real traffic scenarios. Each domain is managed by a unique RSU, and each RSU is responsible for a single domain. The RSU verifies the identities of vehicles within its domain and forwards communication requests from legitimate vehicles to terminals within the domain or other RSUs. Each RSU is managed by a unique ES.
Vehicle, serving as the terminal of the system, is required to authenticate its identity to the RSU within its domain. Depending on the specific communication request, the vehicle can establish communication with other terminals in the same domain or with terminals in other domains by the assistance of the RSU.

Details are in the caption following the image — **Figure 1**
Open in figure viewer PowerPoint

System model.

The model is designed with three functional modules: the authentication module, the secure communication module, and the detection module. The authentication module provides authentication functions for vehicle terminals. Specifically, vehicles authenticate themselves to the RSU responsible for managing the domain, and vehicles within the same domain authenticate each other. The communication module facilitates the establishment of secure communications for vehicle terminals. It enables terminals within the same domain and across different domains to establish secure communication channels. These two function modules have strict sequential requirements, and only the RSUs and vehicles that have completed the authentication module can utilize the communication function. The detection module continuously operates from the system’s initiation. It is responsible for detecting traffic within the system, identifying malicious and aggressive traffic, and reporting such incidents to the respective RSU within the domain. The detection module plays a vital role in ensuring the ongoing safe operation of the system.

4.2. Initialization

All entities within the model require initialization, which can be summarized as follows: system parameter generation, terminal key self-verification, and alliance domain establishment. In this paper, it is assumed that there are a total of P vehicles distributed across R domains. The identification (ID) information of both the RSU and the vehicle, which consists of a fixed-length string, is registered with the relevant government department, such as the ministry of transportation. It is assumed that the cloud is aware of the ID for each RSU and vehicle. In addition, , , H₃ : G_T⟶G₁, and are the four collision-resistant hash functions utilized in the model.

Cloud initiates the key generation function, K.Gen(1^λ), to generate the public/private key pair (C_pk, C_sk) for cloud, where and C_pk = C_skg₀. The system parameters {C_pk, q, G₁, G₂, G_T, g₀, e, e₁, H₁, H₂, H₃, H₄} are also generated by the cloud.

4.2.1. Terminal Key Self-Verification

In traditional schemes, terminal keys are usually generated by a trusted third party and transmitted to the terminals through a dedicated channel. Nonetheless, these channels are susceptible to the presence of numerous stealthy adversaries that attempt to eavesdrop on the key transfer process. Once an attacker gains access to a terminal’s key, the potential damage is evident. Moreover, third parties holding a significant number of terminal keys become vulnerable to coordinated attacks by malicious actors. Any compromise in this context can lead to the breach of confidentiality for a substantial number of endpoint keys within the system, as depicted in Figure 2(a).

In this context, we propose a key self-verification algorithm, as shown in Figure 2(b). The key is computed by the terminal itself, and subsequently, the terminal provides evidence to the cloud to verify the correctness and authenticity of the key. The process involves the following steps: After the system parameters are generated, the terminals (which include both RSU and vehicle entities) proceed to actively confirm their identity with the cloud. Let us take terminal L_k(1 ≤ k ≤ R + P) as an example.

1.
The terminal L_k selects a random positive integer and computes SK_k = H₁(ID_k)τ_k, PK_k = SK_kg₀, and t_k = τ_kC_pk, where SK_k is the private key and PK_k is the public key. The message {PK_k, t_k} is sent to the cloud by terminal L_k.
2.
After receiving the message {PK_k, t_k}, the cloud calculates and ϑ_C,k = H₁(ID_k)g₀ according to the sender’s identifier. Equations and are verified by the cloud. If it holds, the PK_k is secretly saved by the cloud as the public key of terminal L_k, and the PK_k is associated with the identification information ID_k.

At this point, the key of terminal L_k is certified by the cloud. For the convenience of readers, in the following, (PK_k, SK_k) is used to denote the public/private key of the RSU_k, and (pk_k,m, sk_k,m) is used to represent the public/private key of the mth vehicle in domain k. The process is described in Algorithm 1.

4.2.2. Alliance Domain Establishment

After RSU_k(1 ≤ k ≤ R) complete key self-verification, they are ready to establish a communication alliance domain with the help of the cloud.

1.
The cloud calculates the parameter y_PKk = e₁(PK₁, PK₂, …, PK_k−1, PK_k+1, …, PK_R) and generates the signature . The message {y_PKk, sig_Ck} is then delivered to RSU_k by the cloud.

It should be noted that the parameter y_PKk is exclusively used by RSU_k to calculate the federated domain key in subsequent steps, and each RSU is assigned different parameters. For RSU_i in domain i, the cloud computes the parameter y_PKi = e₁(PK₁, PK₂, …, PK_i−1, PK_i+1, …, PK_R) and generates the signature , and the message {y_PKi, sig_Ci} is sent to RSU_i. Similarly, the cloud computes the required information for each authenticated RSU in turn and sends the information accordingly.

Algorithm 1: Key self-verification algorithm.

for k in {1, 2, …, R + P}
1. L_k ⟶ Cloud
select
compute SK_k = H₁(ID_k)τ_k, PK_k = SK_kg₀ and t_k = τ_kC_pk
send {PK_k, t_k}
2. Cloud
compute ϑ_C,k = H₁(ID_k)g₀ and
verify and
storage PK_k
end

2.
Once the message arrives at its destination, its authenticity and correctness must be checked first by the receiver. Equation is verified by RSU_k. If it holds, the verification passes. Then, with its private key SK_k, RSU_k calculates the session key of the alliance domain as
()

Similarly, the alliance domain session key can also be computed by RSU_i as

()

The above steps are summarized in Algorithm 2. By following these steps, each RSU can compute the same alliance domain session key, denoted as s₁ = s₂ = ⋯ = s_R (the proof is described in Theorem 3 in Section 8.1.1). In the subsequent discussion, s₀ will be used to represent the session key of the alliance domain.

Algorithm 2: Establishment of communication alliance domain.

for k in {1, 2, …, R}
1. Cloud ⟶ RSU
compute y_PKk = e₁(PK₁, PK₂, …, PK_k−1, PK_k+1, …, PK_R) and
send {y_PKk, sig_Ck}
2. RSU
verify
compute
end

5. Authentication Module

In the VANET scenario, attackers are skilled at exploiting weak points, particularly the identities of legitimate entities that are exposed in the open network. Legitimate entities are cautious and do not readily trust entities other than themselves. Before exchanging information, any two entities must verify each other’s identities. Hence, this authentication module provides two functions: first, the authentication of the vehicle with the RSU of the domain it is in, which needs to be performed by every vehicle participating in the VANET; second, the authentication of the vehicle with other vehicles in the same domain, which is required when the vehicles in the same domain establish communication. All vehicles must adhere to the logical rule of “authentication before communication.” Only authenticated vehicle terminals can obtain the parameters for subsequent communication functions.

5.1. Authentication Between Vehicle and Local Domain RSU

Each RSU is responsible for verifying the legitimacy of the vehicle identities within its domain. Vehicles need to identify themselves to the RSU where they are located. This authentication process is not limited to unidirectional identity verification from the RSU to the vehicle. The vehicle also needs to verify the authenticity of the RSU to ensure that it is indeed the legitimate RSU managing the domain.

Suppose there are γ vehicles in the domain i currently. The public and private keys of RSU_i are denoted as PK_i and SK_i, where

, PK_i = SK_ig₀. The public/private key pair for the mth vehicle terminal U_i,m(1 ≤ m ≤ γ) in domain i are (pk_i,m, sk_i,m), where

, pk_i,m = sk_i,mg₀. The authentication process of RSU_i and U_i,m is as follows:

1.
RSU_i randomly selects and calculates f = 1/(s₀ + SK_i), F_i = f_iβ_ig₀ and ρ_i,m = β_ipk_i,m(1 ≤ m ≤ γ). The message {PK_i, F_i, ρ_i,m} is sent by RSU_i to U_i,m(1 ≤ m ≤ γ) located in the domain i.
Note: Each vehicle terminal in domain i receives the same parameters PK_i and F_i, except for the last parameter, which differs, and the vehicle terminal U_i,n receives ρ_i,n = β_ipk_i,n.
2.
After receiving the message {PK_i, F_i, ρ_i,m}, U_i,m calculates and verifies . If the equation holds, then U_i,m computes sig_i,m = (1/(sk_i,m))η_i,m and sends the message {pk_i,m, sig_i,m} to RSU_i.
3.
After vehicle RSU_i receives the message, it first checks equation . If this equation holds, RSU_i considers U_i,m as a member of this domain, and two-way authentication is completed. Subsequently, RSU_i will process legitimate requests from this member.

In the above step, bidirectional authentication between RSU and vehicle is achieved through the equations and . This approach effectively prevents hackers from impersonating RSUs to deceive the trust of vehicles. Compared to traditional unidirectional authentication schemes, our scheme greatly enhances authentication security.

5.2. Authentication Between Vehicles in the Same Domain

Before establishing communication between the two vehicles located within the same domain, authentication must be completed. Let us consider the example of a vehicle terminal U_i,m in domain i, which intends to establish communication with another vehicle terminal U_i,l also within the same domain.

1.
U_i,m calculates sig_m,l = sk_i,mpk_i,l and M_i,m = H₂(sig_m,l) ⊕ η_i,m. The message {sig_m,l, M_i,m, pk_i,m} is sent by vehicle U_i,m to vehicle U_i,l. Here, η_i,m is the parameter obtained by U_i,m in Section 5.1.
2.
After receiving the information {sig_m,l, M_i,m, pk_i,m}, U_i,l calculates M_i,l = H₂(sk_i,lpk_i,m) and checks the equation according to the parameter η_i,l obtained by U_i,l in Section 5.1 (note: η_i,l = η_i,m). If the equation holds, the U_i,m is an authenticated vehicle by RSU_i and U_i,l can consider negotiating the session key with it later. If M_i,l ⊕ M_i,m ≠ η_i,l, subsequent communication requests of U_i,m will be rejected by U_i,l.

6. Secure Communication Module

The registered and authenticated vehicles within the system can securely share data, exchange information, and collaborate on calculations by establishing a secure channel between them. The communication between vehicles can be categorized into two types: communication between vehicles within the same RSU domain and communication between vehicles distributed across different RSU domains. In this paper, the secure communication technology between vehicles involves establishing secure communication by encrypting session information through online negotiation of a common session key between vehicles. The establishment of session keys between vehicles can further be divided into two scenarios: establishing session keys between vehicles within the same RSU domain and establishing session keys between vehicles distributed across different RSU domains. The following sections describe these two types of secure communication schemes in detail.

6.1. Intradomain Vehicle Terminal Communication

6.1.1. Session Key Establishment Between Vehicles in a Common RSU Domain

The communication key for intradomain vehicles is generated using a combination of “dynamic random” and “negotiation” techniques. “Dynamic random” refers to key parameters that are dynamically generated and have a random nature. These parameters are issued by the RSU responsible for managing the domain. “Negotiated” refers to key parameters that are jointly negotiated by the two communicating parties. Let us take an example of establishing communication between vehicle U_i,m in domain i and vehicle U_i,l in the same domain. The following steps outline the process:

1.
At moment t, RSU_i chooses a random number and generates the current timestamp time_i,t. RSU_i calculates DRKey_i,t = H₁(H₂(PK_i)||u_i,t||time_i,t). Among them, a random number can make the key random, making it impossible for external attackers to infer the key through the regulation; a timestamp is used to ensure the dynamic nature of the key, which can effectively prevent attackers from brute-force cracking. The RSU_i transmits DRKey_i,t, which is the component of the session key for the future [t, t + t₀) time period of the domain, to the authenticated vehicle terminals within the same domain.
DRKey_i,t is a component of the session key for vehicles in domain i, which is valid for a fixed interval period t₀ (i.e., for time [t, t + t₀)). At the moment (t + t₀), RSU_i will regenerate a new random number and calculate a new according to the above process, where is the timestamp of moment (t + t₀). is valid for time [t + t₀, t + 2t₀).
2.
Vehicle U_i,m send message to vehicle U_i,l. This message indicates that U_i,m requests to establish a session key with U_i,l.
3.
After receiving the message , vehicle U_i,l checks whether the DRKey_i,t in the message is the same as it received from RSU_i. If it is the same, the parameter η_i,l obtained in the authentication phase is used as the negotiation part, i.e., neg_i,l = η_i,l. U_i,l calculates the session key SesKey_i,m,l = H₁(H₄(DRKey_i,t‖H₂(neg_i,l))) and sends the ready status to U_i,m.
4.
After vehicle U_i,m completes Step (2), it calculates the session key SesKey_i,m,l = H₁(H₄(DRKey_i,t‖H₂(neg_i,m))). Once U_i,m receives the ready state from vehicle U_i,l, they are ready to start communication using the session key SesKey_i,m,l.

By combining dynamic random key parameters issued by the RSU and the negotiation process between vehicles, the confidentiality and integrity of intradomain communication are enhanced. The intradomain session key negotiation process is shown in Figure 3.

6.1.2. Secure Communication Between Vehicles in a Common RSU Domain

Suppose that the vehicle terminal U_i,m sends a message m_i,m,l to U_i,l. The process of establishing secure communication between vehicle terminal U_i,m and U_i,l is as follows.

Session message encryption: The message sender U_i,m encrypts the message using the session key SesKey_i,m,l negotiated in Section 6.1.1, that is, calculates MES_i,m,l = m_i,m,l ⊕ SesKey_i,m,l. The message {MES_i,m,l, pk_i,m} is then sent to vehicle U_i,l.

Session message decryption: After receiving the message {MES_i,m,l, pk_i,m}, vehicle U_i,l determines that the other party is the vehicle U_i,m according to pk_i,m and decrypts the message using the session key SesKey_i,m,l negotiated with U_i,m. U_i,l calculates m_i,m,l = MES_i,m,l ⊕ SesKey_i,m,l and obtains the decrypted message m_i,m,l.

6.2. Interdomain Vehicle Terminal Communication

6.2.1. Session Key Establishment Between Vehicles in Different RSU Domains

The communication key for interdomain vehicles is composed of two parts: “dynamic + attribute.” “Dynamic” refers to the time stamp time when the communication is established. Adding a timestamp prevents the key from being brute-force cracked by an attacker effectively. “Attributes” refers to the attributes Attr owned by the vehicle terminal. Attributes include those that come with the vehicle terminal itself and those created by the vehicle’s user. A vehicle belonging to the same manufacturer has the same Attr attribute, for example, {Benz, Toyota, and Volkswagen, …}. Each vehicle can customize its relational network, for example, {fammily, friends, colleagues, …}, and the vehicles in the same relational network have the same attribute.

Suppose that vehicle terminal U_i,m located in domain i is a friend of vehicle terminal U_j,n located in domain j. Both of them have the same attribute “friends” and now U_i,m wants to establish communication with U_j,n.

1.
Vehicle U_i,m calculates A_i,m = H₁(friends) and . U_i,m sends the message to the RSU_i.
2.
After RSU_i receives the message , it calculates and verifies the following equation:
()
If equation (3) holds, RSU_i confirms that U_i,m is the member of this domain. Then, RSU_i signs the message of member U_i,m with the session key of the alliance domain. RSU_i computes , and and sends the message to RSU_j. If equation (3) does not hold, RSU_i rejects to sign, and it will not be forwarded to RSU_j either. Finally, the information is forwarded by RSU_j to the vehicle terminal U_j,n.
3.
Upon receiving the message , U_j,n initially computes and verifies whether the following equation:
()
holds, thereby ensuring the integrity of the message. After the verification passes, U_j,n verifies the following equation:
()
using the session public key pk₀ of the federated domain and the public key pk_i,m of U_i,m. If the equation is verified, it indicates that U_i,m is a vehicle terminal authenticated by the RSU_i, and A_i,m is a ciphertext attribute that has been verified and signed by the RSU_i. According to A_i,m, vehicle U_j,n can determine the attribute used by U_i,m as friends. U_j,n sends the readiness status to U_i,m and calculates the session key SesKey_i,m,j,n = H₁(time‖friends) based on the current timestamp and explicit attribute.
4.
After vehicle U_i,m receives the ready state from U_j,n, it calculates the session key SesKey_i,m,j,n = H₁(time‖friends) using the same method. SesKey_i,m,j,n is subsequently utilized as the key for the session between vehicle terminals U_i,m and U_j,n, which belong to different domains.

Vehicles with the same attributes can communicate using their exclusive keys. Therefore, the scheme is highly scalable as well as highly secure and can be adapted to a variety of application scenarios. The interdomain session key negotiation process is shown in Figure 4.

6.2.2. Secure Communication Between Vehicles in Different RSU Domains

We suppose that the vehicle terminal U_i,m sends a message m_i,m,j,n to U_j,n. The process of establishing secures communication between vehicle terminal U_i,m and U_j,n is as follows.

Session message encryption: the message sender U_i,m encrypts the message using the session key SesKey_i,m,j,n negotiated in Section 6.2.1, that is, calculates MES_i,m,j,n = m_i,m,j,n ⊕ SesKey_i,m,j,n. The message {MES_i,m,j,n, pk_i,m} is then sent to vehicle U_j,n.

Session message decryption: After receiving the message {MES_i,m,j,n, pk_i,m}, vehicle U_j,n determines that the other party is the vehicle U_i,m according to pk_i,m and decrypts the message using the session key SesKey_i,m,j,n negotiated with U_i,m. U_j,n calculates m_i,m,j,n = MES_i,m,j,n ⊕ SesKey_i,m,j,n and obtains the decrypted message m_i,m,j,n.

7. Detection Module

The rise of VANET has attracted significant attention from attackers. Hackers are likely to launch various malicious attacks. For instance, they can manipulate data and send false information to unsuspecting vehicles, resulting in intentional accidents. In addition, hackers can launch flooding attacks on RSUs, overwhelming them with excessive requests and impeding their ability to handle legitimate requests from other vehicles. Moreover, hackers may infiltrate the network and stealthily extract substantial amounts of sensitive information. Undoubtedly, these actions pose a severe threat to the security of VANET.

Considering that VANET scenarios are more vulnerable to attacks, our secure communication model contains the detection module compared to traditional communication schemes. The primary function of this module is to discern between malicious and normal traffic, promptly intercepting and reporting any malicious activity. The detection of network anomalies constitutes a pivotal area of research [35], emphasizing the significance of effectively detecting and preventing attacks. Fortunately, the hackers’ attack differs from the honest terminals’ behavior. If an attack is launched, it will leave a corresponding trace. There are many current schemes for classifying and detecting DoS traffic. However, what we propose is a detection paradigm that can be applied to other scholars’ research models. In this section, the data preprocessing is first described and then the proposed traffic detection mechanism is presented.

7.1. Data Preprocessing and Dataset Description

The KDDCUP’99 dataset [36, 37] is derived from the DARPA 1998 dataset and has undergone preprocessing. The KDDCUP’99 dataset is widely used in research in areas such as machine learning, especially in the study of anomaly detection and IDSs [38–40]. The dataset contains normal and anomalous connection data from simulated network traffic, and these records are labeled as normal or under attack. It is presented as a “linkage-by-link” dataset. Given its extensive application in diverse studies, including the present one, the KDDCUP’99 dataset is selected for analysis purposes. In the KDDCUP’99 dataset, the training set of the mentioned dataset contains 23 different attacks in addition to normal traffic. Figure 5 provides a detailed breakdown of the attack categories to which these attacks belong. The 23 attacks can be categorized into four main types: probe, DoS, user to root (U2R), and remote to local (R2L).

•
Probe: This category includes activities related to surveillance and probing. These activities involve attempting to gather information about the target system or network.
•
DoS: Attacks falling under this category aim to disrupt or disable the target host or network by overwhelming its resources or services, rendering them unavailable to legitimate users.
•
U2R: Attacks classified as U2R involve unauthorized users attempting to gain elevated privileges, such as superuser or root access, on the local system.
•
R2L: Attacks falling under this category involve unauthorized access to a target system from remote machines. The objective is to gain unauthorized access to the local system or network.

Excessive data dimensionality hampers effective detection capabilities. Hence, there is a need to distinguish the feature variables that have a greater impact on the classification effect. In contrast to other machine learning algorithms, RF not only distinguishes traffic classes but also enables the measurement of feature importance [41, 42].

Let J variables be X₁, X₂, …, X_J, respectively, and calculate the VIM score statistic for each of these J variables.

denotes the average amount of change in node split impurity for the jth variable across all trees in RF. The Gini index is used as an evaluation indicator and is calculated as

()

where K is the number of classes in the self-help sample set and

is the probability estimate of the node m samples belonging to class k.

With the sample being dichotomous data (K = 2), the Gini index of node m is

()

where

is the probability estimate that the sample belongs to any class at node m.

The importance of variable X_j at node m is denoted by

, that is, the amount of change in the Gini index before and after the branching of node m is

()

where GI_l and GI_r denote the Gini index of two new nodes split by node m, respectively.

If variable X_j appears M times in tree i, then the importance of variable X_j in tree i is

()

The Gini importance of the variable X_j in the RF algorithm is defined as

()

where n is the number of classification trees in the RF algorithm.

The significance of each variable was assessed, and the variables were subsequently ranked in descending order based on their ratings. The model was trained by progressively incorporating the second, third, and subsequent important variables alongside the first one until the training was optimal.

7.2. Two-Layer Flow Detection

DoS attacks are a prevalent form of cyberattack. The DoS attack aims to overwhelm a target host by inundating it with a large volume of malicious packets, thereby consuming its available resources. Consequently, the targeted host must allocate resources to handle these pointless and anomalous packets. As a result, legitimate packets may not receive timely responses from the host, leading to increased network delays or even packet drops [43]. SYN flood and teardrop attacks are among the commonly observed types of DoS attacks.

In the present network landscape, DoS attacks stand out as the most common and constitute a significant portion of the overall number of attacks [44–46]. Unlike other forms of cyberattacks that aim to enable unauthorized access or escalate existing privileges, DoS attacks have a distinct objective of disrupting the targeted service’s functionality. Hackers employ DoS attacks to create vulnerabilities for subsequent real attacks, as the system is likely to become inaccessible following a DoS attack. It is very effective and necessary to identify DoS attacks.

The detection paradigm is divided into two steps as follows (shown in Figure 6).

Level 1: When confronted with unknown traffic, the detection system initially assesses whether the traffic constitutes a DoS attack. If the traffic is classified as a DoS attack, the detection system intercepts it and reports it to the RSU responsible for the domain. The RSU will then deny the request associated with the malicious traffic. On the other hand, if the traffic is not identified as a DoS attack, it proceeds to the next level of detection.
Level 2: After the Level 1 detection phase, the remaining traffic includes normal traffic and other types of attack traffic. These attack types may include U2R attacks, DNS spoofing attacks, man-in-the-middle (MITM) attacks, and others. In Level 2, the detection system further analyzes the retained traffic and classifies it into different categories, such as normal traffic, URLs, DNS requests, and various types of attack traffic.

This two-layer detection paradigm aims to increase the efficiency of detecting malicious traffic. Identifying the illegal traffic in the shortest possible time is crucial in the VANET scenario.

8. Performance Evaluation

Evaluating secure communication models for VANETs involves considering multiple aspects. In this paper, the evaluation focuses on several key factors: the correctness and security of vehicle authentication and communication, computational complexity and consumption time compared to other schemes, and the efficiency of the proposed two-layer traffic detection scheme.

8.1. Correctness and Security Analysis

8.1.1. Correctness Analysis

Theorem 1. Legitimate terminals, including RSUs and vehicles, can authenticate their identities with the cloud. Terminal L_k(1 ≤ k ≤ R + P) transmit authentication information to the cloud. Cloud verifies that the equation holds, and if it does, there is a correspondence between the public and private keys of the terminal. The public key of the terminal is legitimized.

Proof 1. Since the public key PK_k = SK_kg₀ and parameters t_k = τ_kC_pk of terminal L_k are sent to the cloud, the cloud can calculate ϑ_C,k = H₁(ID_k)g₀ and based on the L_k′s ID_k. According to the properties of the bilinear map, it can be concluded that

()

Therefore, the cloud verifies that the above equation is equivalent to verifying the correspondence between the public and private keys of the terminal. For unregistered terminals, the cloud cannot verify their identity.

Theorem 2. During the establishment process of the alliance domain, RSU_k(1 ≤ k ≤ R) has the capability to authenticate the identity of the cloud. The cloud generates exclusive parameters for each RSU within the alliance domain and subsequently signs these parameters. RSU then verifies equation . If the equation is valid, the verification process is deemed successful.

Proof 2. The calculation results of y_PKk = e₁(PK₁, PK₂, …, PK_k−1, PK_k+1, …, PK_R) and are sent to RSU_k by cloud. Cloud’s public key C_pk is public in the system, and RSU_k uses C_pk to verify the received messages. From the properties of bilinear mappings, we have

()

Therefore, RSU validation of the above equation is equivalent to verifying the identity of the “cloud.” A passed verification would indicate that the received parameters and signature are legitimate.

Theorem 3. Based on Theorem 1 and Theorem 2, RSU_i(1 ≤ i ≤ R) can further negotiate the private key s_i of the alliance domain, and each of the RSU computes the same alliance domain session key, that is, s₁ = s₂ = ⋯ = s_i = ⋯ = s_R.

Proof 3. Let us take the key negotiation process of RSU_i as an example. Cloud sends parameter y_PKi = e₁(PK₁, PK₂, …, PK_i−1, PK_i+1, …, PK_R) to the RSU_i that match Theorem 1. After checking the information by Theorem 2, RSU_i uses its own private key SK_i to compute the private key of the federated domain. By the properties of multilinear mappings, we have

()

For RSU_k, the received message is y_PKk = e₁(PK₁, PK₂, …, PK_k−1, PK_k+1, …, PK_R), and the private key SK_k is used to calculate the private key of the federated domain as

()

Similarly, we can get .

Therefore, RSUs belonging to the same federated domain can compute the same federated domain private key.

Theorem 4. The RSU and the vehicle terminals in this domain can achieve two-way authentication. Vehicle U_i,m(1 ≤ m ≤ γ) can verify the identity of RSU_i(1 ≤ i ≤ R) by equation , and RSU_i verifies the identity of vehicle U_i,m by equation .

Proof 4.

1.
The vehicle U_i,m verifies the identity of RSU_i. RSU_i computes ρ_i,m = β_ipk_i,m by using the public key of the vehicle and sends a message {PK_i, F_i, ρ_i,m} to U_i,m. After receiving the information, the vehicle U_i,m calculates . By the nature of the bilinear mapping, the vehicle U_i,m can verify that
()
2.
RSU_i verifies the identity of vehicle U_i,m. After U_i,m verifies the identity of RSU_i, it computes sig_i,m = (1/(sk_i,m))η_i,m and sends the message {pk_i,m, sig_i,m} to RSU_i. By the nature of the bilinear mapping, RSU_i can verify that
()

Therefore, the two-way authentication between the RSU and the vehicle terminal in this domain can be achieved by equations and .

Theorem 5. When a vehicle in this domain needs to send messages to a vehicle outside the domain, the RSU can verify the legitimacy of the identity of the vehicle in this domain.

Proof 5. The vehicle terminal U_i,m sends the message {RSU_j, pk_i,m, pk_j,n, A_i,m, δ_i,m} to RSU_i, indicating that it wants to communicate with the vehicle U_j,n of the domain j. RSU_i computes and verifies by the properties of bilinear mappings that

()

Therefore, when the local domain vehicle needs to send information to the extradomain vehicle, the RSU can verify the legitimacy of the local domain vehicle’s identity by the above equation.

Theorem 6. The vehicle terminal receives information from other domain members that can verify the authenticity of the information. The information of U_i,m is forwarded to the vehicle U_j,n, which can verify the information by the equation .

Proof 6. After U_j,n receives the message , it first verifies the integrity of the message using hash operations. Then, U_j,n verify the equation by the session public key of the federation domain and the public key of the message sender. According to the property of bilinear mapping, we get

()

Therefore, equation is proved. The recipient can verify the legitimacy and authenticity of the message by this equation.

8.1.2. Security Analysis

Theorem 7. RSUs not verified to cloud cannot become members in the federation domain, and vehicle terminals need to be verified to RSUs, so that they can communicate with other terminals.

Proof 7.

1.
The cloud system stores the PK of an authenticated RSU. Once RSUs are successfully authenticated, the cloud system calculates the parameters required and sends them to each respective RSU. Importantly, the cloud system does not record or transmit the public keys of unauthenticated RSUs. According to Theorem 3, unauthenticated RSUs cannot calculate the federated domain key using their own private keys, even if they obtain the public keys of other domains. This ensures that the security of the federated domain is maintained. If a malicious node attempts to compute the session key of the federation domain, it would be equivalent to solving the DLP, which is a computationally challenging task.
2.
In the process of authentication from the vehicle terminal to the RSU in this domain, the RSU and the vehicle verify each other’s identity. The verification process involves parameters η = βg₀, which is used to establish secure communication. Vehicles without certification cannot obtain parameter η. The RSU can choose a new random number instead of β, when the parameter β is used for a long time or is at the risk of leakage. For intradomain communication, the parameter η is used as a component of the session key and is not available to vehicles that are not authenticated to the RSU. For interdomain communication, the information sent by the vehicle to the terminals in other domains needs to be forwarded by the RSU to reach the receiver. If the vehicle is not authenticated, the RSU does not forward the communication request message of that vehicle and does not waste resources by uploading false information to the channel.

Theorem 8. Resistant to MITM attacks. In a MITM attack, an attacker intercepts the original message and alters its content before forwarding it to the intended recipient. However, the proposed model has mechanisms in place to detect and identify maliciously tampered messages. These mechanisms help ensure the integrity and authenticity of the messages, making it difficult for attackers to successfully carry out MITM attacks.

Proof 8. Take the example of establishing communication between two vehicles U_i,m and U_j,n of different domains. Suppose an attacker launches an attack on the process of establishing communication between U_i,m and U_j,n.

1.
Suppose a hacker intercepts a message {RSU_j, pk_i,m, pk_j,n, A_i,m, δ_i,m} sent from U_i,m to RSU_i on the channel, tampers the original message A_i,m with A_i,m , and sends the tampered message {RSU_j, pk_i,m, pk_j,n, MA_i,m, δ_i,m} to RSU_i. After receiving the message, RSU_i calculates and verifies . From Theorem 5, it follows that
()
As a result, RSU_i can correctly identify false information and achieve resistance to MITM attacks.
2.
Suppose the hacker intercepts the message sent by RSU to RSU_j on the channel and tampers the original message pk_i,m to Mpk_i,m. The message is sent by the hacker to RSU_j, and RSU_j forwards the message to U_j,n.

U_j,n implements the MITM attack according to two ways: (a) using hash operations to verify the integrity of the information. U_j,n computes and confirms that h_j,n ≠ h_i,m. U_j,n refuses to establish communication. (b) Using the reverse computational difficulty assumption. From Theorem 6, U_j,n verifies the following equation:

()

Authentication fails and U_j,n refuses to establish communication.

Therefore, the receiver U_j,n can correctly identify false information and achieve resistance to MITM attacks.

8.2. Communication Performance Evaluation

8.2.1. Computational Complexity Analysis

Certain contemporary communication schemes rely on simplistic operations such as exclusive OR (XOR) or hash, which may offer relatively better performance. However, cryptographic schemes built upon bilinear and multilinear mappings offer the potential for more advanced security attributes and capabilities. The advantage of bilinear mappings lies in their foundation on mathematically complex problems that have undergone extensive scrutiny within both computer science and cryptography disciplines. Consequently, they are regarded as significantly resilient to attacks and possess robust mathematical security. Furthermore, bilinear mappings enable the implementation of more sophisticated cryptographic functions, including attribute-based encryption and digital signatures, which cannot be achieved using XOR and hashing operations.

Let MtP be the map-to-point hash operation, GeZ be the group G elements to the power of the domain Z elements, bm be the bilinear map operation, paecc be the addition operation on elliptic curves, ZeZ be the domain Z elements to the power of the domain Z elements, mul be the scalar multiplication operation, and hash be the ordinary hash operation.

Tables 2 and 3 analyze in detail the computational aspects of this paper and literature [14, 47] in the resource-constrained environment. Table 2 focuses on the computations performed on the sender side, while Table 3 outlines the computations required on the receiver side. It is important to note that operations consuming less time, such as heterogeneous and addition operations, are not included in the statistics since their time consumption is considered negligible.

Table 2. Sender computation analysis.

		Authentication	Communication	Total
Literature [47]		—	1 paecc + 1 mul + 1 hash	1 paecc + 1 mul + 1 hash

Literature [14]		1 MtP + 1 GeZ + 1 bm + 1 paecc + 1 hash	1 MtP + 2 bm + 3 ZeZ + 1 hash	2 MtP + 1 GeZ + 3 bm + 3 ZeZ + 1 paecc + 2 hash

Our	Intra	1 paecc + 1 hash	3 hash	1 paecc + 4 hash
Our	Inter	—	1 paecc + 2 mul + 3 hash	1 paecc + 2 mul + 3 hash

Table 3. Receiver computation analysis.

		Authentication	Communication	Total
Literature [47]		—	2 paecc + 1 hash	2 paecc + 1 hash

Literature [14]		1 MtP + 1 GeZ + 1 bm + 1 paecc + 1 hash	1 MtP + 2 bm + 3 ZeZ + 1 hash	2 MtP + 1 GeZ + 3 bm + 3 ZeZ + paecc + 2 hash

Our	Intra	1 paecc + 1 hash	3 hash	paecc + 4 hash
Our	Inter	—	2 bm + paecc + 4 hash	2 bm + paecc + 4 hash

In contrast to the communication schemes proposed in the literature [14, 47], which are the same for any two vehicles, this paper distinguishes vehicle communication based on two cases. In the first case, vehicle terminals within the same domain utilize an intradomain communication scheme, while in the second case, terminals from different domains employ an interdomain communication scheme. It is worth mentioning that communication vehicles in close proximity generate fewer computational requirements compared to long-range communication scenarios.

Observing Table 2, the authors of literature [47] do not design the authentication process. Instead, after obtaining the public and private keys, the sender sends the message to the receiver, who verifies the message. In literature [47], the sender uses 1 paecc, 1 mul, and 1 hash operations. Compare to the intradomain scheme in this paper, the authors of literature [47] use 2 hash and 1 mul. Compared to the interdomain scheme in this paper, the authors of literature [47] use 3 hash and 1 mul. In our intradomain scheme, the computation on the sender side is mainly spent on the authentication process, which is the consumption incurred to verify the sender’s identity. In our interdomain scheme, the authentication process is shown in the authentication and communication process to the RSU, where the sender needs only 1 paecc, 2 mul, and 3 hash operations to make a secure communication with another terminal. The sender in the literature [14] uses a variety of operations, in addition to the paecc, mul, and hash operations mentioned above, and in addition, uses the MtP, GeZ, bm, and ZeZ operations, which are not used by the sender in either this paper or the scheme in the literature [47].

Let us observe Table 3. In the literature [14], the computation on the receiver side is the same as on the sender side, because the negotiation of the key between the two sides requires the receiver side to send the information to the RSU in the same way. After the RSU verifies the vehicle’s identity to the trusted agency, the parameters used to calculate the communication key are sent to the sender and the receiver. In the scheme proposed in [47], the receiver uses 2 paecc and 1 hash operations to authenticate the sender and calculate the communication key. The receiver uses 1 more paecc operation and no mul operation than the sender. In our intradomain scheme, the computation of the receiver is equal to the sender; in our interdomain scheme, the receiver uses 2 bm and 1 hash operations and 2 mul operations than the sender.

8.2.2. Time Analysis of Calculation Consumption

The time consumption of the operations used in Tables 2 and 3 was tested with the JPBC cryptographic library (JPBC-2.0.0 Version) in the Java programming language on Windows 10 operating system using an Intel(R) Core(TM) i5-8500 CPU @ 3.00 GHz processor. The JPBC is a pairing-based cryptography library with high flexibility and functionality. It is used in the experimental part of many cryptography papers [48–50]. This paper employs the Type A curves from the JPBC library. Type A curves are commonly utilized in constructing cryptographic schemes related to bilinear maps, which involve the finite field Z_q and the group G. Generally, the larger the bit-length r bit of the order in Z_q, the larger the element space in Z_q, and the larger the bit-length q bit of the order in the group G, the more difficult it is to attack the cryptographic algorithms based on the group G. However, this also entails higher computational costs and storage requirements. Due to the limitations of the experimental conditions, we set r = 128 and q = 512. Therefore, such values enable research under the existing experimental conditions while ensuring the security and operability of the cryptographic algorithms to a certain extent.

Let TM_MtP be the time consumed of MtP operation, TM_GeZ be the time consumed of GeZ operation, TM_bm be the time consumed of bm operation, TM_paecc be the time consumed of paecc operation, TM_ZeZ be the time consumed of ZeZ operation, TM_mul be the time consumed of mul operation, and TM_hash be the time consumed of hash operation. The single consumption times of the above operations are shown in Table 4.

Table 4. Calculation time.

Operation	Consumption time (ms)
TM_MtP	19.9310
TM_GeZ	6.3454
TM_bm	3.7263
TM_paecc	0.0345
TM_ZeZ	0.0109
TM_mul	0.0003
TM_hash	0.0002

Table 5 compares the computational time consumed by the schemes during the communication process. The literature [14] takes the longest time, and it is because one MtP operation and one GeZ operation are used. The MtP operation requires mapping a message to a point of an elliptic curve, which means substituting the message as an x-coordinate into the elliptic curve equation and calculating the corresponding y-coordinate. This computation process is much slower than the traditional hash operation, and therefore takes longer. GeZ operation is the second most time-consuming after MtP operations. The consumption time of the literature [47] is 0.0338 ms less than our intradomain scheme, 7.4194 ms less than our interdomain scheme, and 114.8036 ms less than the literature [14]. However, in the scheme of [47], there is no process of mutual authentication of each other’s identity between the sender and the receiver, as it is vulnerable to impersonation attacks.

Table 5. Comparison of communication calculation time.

		Operation	Consumption time (ms)
Literature [47]		3 paecc + 1 mul + 2 hash	0.1042

Literature [14]		4 MtP + 2 GeZ + 6 bm + 6 ZeZ + 2 paecc + 4 hash	114.9078

Our	Intra	2 paecc + 2 hash	0.0704
Our	Inter	2 bm + 2 paecc + 2 mul + 6 hash	7.5236

The intradomain communication scheme in this paper mainly uses paecc and hash operations, and a total computation time of 0.0704 ms is consumed by the receiver and the sender. It is not necessary to use bilinear mapping operations to authenticate messages, because there is a mutual authentication process between the communicating parties. The DRKey is added to the key, which makes the communication key dynamic and random. Therefore, the security of our scheme is guaranteed. Our interdomain communication scheme consumes a total of 7.5236 ms and uses 2 bm, 2 paecc, 2 mul, and 7 hash operations, where 2 bm are used to verify that the sender is a verified terminal by RSU. We use hash operations to verify that the information has not been maliciously tampered with by the attacker. The scheme proposed in this paper does not use time-consuming operations taking full account of security.

8.3. Performance Analysis of Flow Detection

8.3.1. Experimental Setup

This part of the experiment was conducted using Jupyter (Python Version 3.9.12) on a Windows operating system, utilizing a Core i7-8565U CPU with 16 GB of RAM and a clock speed of 1.99 GHz.

Neural networks and deep learning have gradually evolved on the basis of machine learning. Therefore, it is of great significance to study machine learning algorithms. Furthermore, compared to the various techniques derived later, the analytical features and analysis process of machine learning are clear and explainable [51]. We consider testing the proposed method on four machine learning algorithms: support vector machines (SVMs), RF, logistic regression (LR), and decision tree (DT). SVM, which demonstrates excellent performance in high-dimensional spaces, is particularly well-adapted to handling complex datasets. RF exhibits remarkable accuracy and typically provides highly precise prediction results for large- scale datasets. LR, characterized by low computational complexity, is fast and consumes minimal storage resources during the classification process. The structure of the DT model is intuitive, rendering it easy to understand and interpret.

In this paper, the hyperparameters are tuned and optimized using the grid search (GridSearchCV) of the scikit-learn library. A 5-fold cross-validation (i.e., cv = 5) with scoring method “accuracy” is used to perform the task in parallel using all available CPU cores on the computer (i.e., n_jobs = −1). It divides the range of hyperparameter values into grid points and then performs an exhaustive search for all combinations of hyperparameters at these grid points. The test ranges are chosen after several experiments, and the test ranges and results are displayed in Table 6. In the SVM, the penalty coefficient C is 50 in the first stage and 150 in the second stage. RF uses “entropy” to measure dataset’s purity in both stages, with the maximum depth of trees being 30. The number of DTs in the forest is 50 in the first stage and 75 in the second stage. In the LR model, the penalty parameters are 1 and 100, respectively, and the regularization parameter is of the “l2” type. In the DT model, the maximum depth of trees is 30 and none, respectively; the minimum number of samples required for each leaf node is 1 and 5, respectively; and the minimum number of samples required for node splitting is 2. The hyperparameters not mentioned above are set to default values.

Table 6. Selection of hyperparameters.

	Parameter name	L1		L2
	Parameter name	Test range	Result	Test range	Result
SVM	C	[0.1, 1, 10, 50, 100]	50	[10, 50, 100, 150, 200]	150

RF	Criterion	[“Gini,” “entropy”]	Entropy	[“Gini,” “entropy”]	Entropy
	max_depth	[None, 10, 30, 50]	30	[None, 10, 30, 50]	30
	n_estimators	[25, 50, 75, 100, 125]	50	[10, 25, 50, 75, 100]	75

LR	C	[0.01, 0.1, 1.0, 5]	1	[1, 10, 100, 500]	100
LR	Penalty	[“l1,” “l2”]	l2	[“l1,” “l2”]	l2

DT	max_depth	[None, 10, 30, 50]	30	[None, 10, 30, 50]	None
	min_samples_leaf	[1, 5, 8, 10]	1	[1, 5, 8, 10]	5
	min_samples_split	[2, 5, 8, 10]	2	[2, 5, 8, 10]	2

A training set of 60,000 items and a test set of 30,000 items were randomly selected from the dataset. The data distribution is shown in Table 7.

Table 7. Data distribution.

Class	Training dataset		Testing dataset
Class	Num	Percentage (%)	Num	Percentage (%)
Normal	21,715	36.19	10,434	34.78
Probe	4107	6.84	2377	7.92
DoS	33,000	55.00	15,650	52.17
U2R	52	0.09	39	0.13
R2L	1126	1.88	1500	5.00

8.3.2. Analysis of Detection Performance

The importance of variables is determined by using the RF algorithm. The features are ranked based on their weights, with higher weights indicating a higher importance. Based on this ranking, the optimal number of features needed to achieve the best classification performance is determined, and the results are presented in Table 8. To evaluate the performance, the classification results of the original machine learning algorithms (e.g., SVMs, RF, LR, and DT) are compared with the proposed two-layer traffic detection scheme. The original machine learning algorithms are referred to as “ORIGINAL,” while the proposed two-layer traffic detection scheme is referred to as “OUR.” Table 9 illustrates the effectiveness comparison of the ORIGINAL and OUR methods in detecting the five types of traffic.

Table 8. Number of features.

Algorithm	Features’ number
Algorithm	ORIGINAL	OUR
SVM	5	L1	36
SVM	5	L2	5

RF	20	L1	17
RF	20	L2	39

LR	33	L1	33
LR	33	L2	31

DT	22	L1	28
DT	22	L2	4

Table 9. Performance comparison of ORIGINAL and OUR.

Algorithm	DoS			Normal			Probe			U2R			R2L
Algorithm	ORIGINAL	OUR	Change	ORIGINAL	OUR	Change	ORIGINAL	OUR	Change	ORIGINAL	OUR	Change	ORIGINAL	OUR	Change
SVM	15,546	15,625	+79	10,293	10,298	+5	2215	2353	+138	0	0	/	0	157	+157
RF	15,551	15,632	+81	10,246	10,280	+34	2373	2374	+1	0	0	/	20	178	+158
LR	15,623	15,629	+6	10,224	10,178	−46	2331	2355	+24	14	17	+3	225	393	+168
DT	15,496	15,642	+146	9577	10,348	+771	2353	1901	−452	0	0	/	140	0	−140

In the proposed scheme, the detection of DoS attack traffic is carried out in the first phase. Table 9 illustrates that all OUR algorithms show improved performance in detecting DoS attacks compared to the ORIGINAL approach. Among them, OUR DT algorithm shows the most significant enhancement. Compared to the ORIGINAL, OUR DT algorithm correctly identified 146 DoS flows, and only 8 DoS flows were not identified. Followed by the fact that our RF algorithm and SVM algorithm detected 81 and 79 more data streams, respectively, which means that the difficulty of the enemy’s attack is increased. As for the ORIGINAL LR algorithm, it has already achieved a high level of accuracy with 15,623 correct classifications, which could explain the relatively limited improvement observed in OUR LR algorithm.

The second phase of the proposed scheme focuses on detecting normal, probe, U2R, and R2L traffic. Regarding the detection of normal traffic, OUR DT algorithm exhibits a significant improvement. Specifically, OUR DT correctly identifies 10,348 instances of normal traffic, making it the algorithm with the highest number of correctly classified normal traffic instances. However, OUR LR algorithm shows a small degradation in detecting normal traffic compared to the ORIGINAL approach, as it misclassifies a small number of normal instances as attack vectors. OUR SVM and RF algorithms demonstrate a slightly improved detection performance for normal traffic. In terms of detecting probe traffic, there is a minor improvement observed in OUR LR and RF algorithms, while OUR DT algorithm experiences a remarkable decrease in performance. SVM improved the most, detecting 138 more probe flows. As for the detection of U2R traffic, OUR algorithm shows a slight improvement in LR, and no change in SVM, RF, and DT algorithms. In the case of R2L traffic, both OUR SVM, RF, and LR algorithms exhibit improved detection performance. However, it is worth noting that OUR DT algorithm is not as effective as the original DT in the second detection stage.

8.3.3. Analysis of Detection Time Consumption

In the VANET application scenario, which has great potential, the requirements for detection efficiency are demanding. When the terminal is communicating, the detection module’s efficiency needs to match the speed of message delivery. The detection system must intervene before the receiver receives the hazard information. Therefore, it is necessary to analyze the detection consumption time of the proposed model.

The models need to be trained before they can be tested. In this paper, we compare the time overhead in two aspects: training time and testing time. Since the proposed scheme is divided into two phases, the elapsed time should be the sum of the time required for both phases. Table 10 provides a detailed description of the training time and testing time for this scheme (data with “0” in the table do not really take no time but take so little time that they are almost negligible.)

Table 10. Two-layer traffic detection scheme time overhead.

Algorithm	Phase	Training time (ms)	Testing time (ms)	Total training time (ms)	Total testing time (ms)
SVM	L1	907	353	2210	748
SVM	L2	1303	395	2210	748

RF	L1	656	51	1455	140
RF	L2	799	89	1455	140

LR	L1	1139	3	1422	5
LR	L2	283	2	1422	5

DT	L1	126	0	132	0
DT	L2	6	0	132	0

We still compare the training time and testing time of the ORIGINAL algorithm with the proposed two-layer traffic detection scheme. Figure 7 presents the comparison of training time consumption. Our four algorithms in the proposed scheme significantly reduce training time compared to the original. The DT algorithm reduces it by 69 ms, the RF algorithm by 107 ms, the SVM algorithm by approximately one-third, and the LR algorithm by 75.89% of the original.

Figure 8 illustrates the comparison of testing time. The proposed two-layer detection scheme significantly reduces testing time for the four original machine learning algorithms. The most notable improvement is observed in our SVM algorithm, reducing test time from 2217 to 748 ms. Our RF algorithm’s testing time is reduced to 43.09% of the original. For the LR algorithm, our scheme saves 11 ms, and for the DT algorithm, its detection time is almost negligible.

8.3.4. Summary of Detection Function

The proposed two-layer traffic detection scheme shows a significant reduction in elapsed time, including model training and traffic detection, while also slightly improving detection performance. The number of correct classifications for each algorithm is summarized in Table 11. In the first stage, all algorithms demonstrated improved detection performance, with the DT algorithm achieving the highest detection rate of 99.95% among the four. In addition, the DT algorithm showed favorable results in the detection time analysis, requiring only 126 ms for training and negligible testing time. Therefore, the DT algorithm can be used in the first phase to detect DoS attacks in the VANET scenario.

Table 11. Classification of the correct traffic comparison.

Algorithm	ORIGINAL	OUR	Change
SVM	28,054	28,433	+379
RF	28,190	28,464	+274
LR	28,417	28,572	+155
DT	27,566	27,891	+325

In the second detection phase, the DT algorithm performs significantly worse than the other algorithms and is therefore not recommended in the second phase of detection. The SVM, RF, and LR algorithms have different detection performances for different traffic. However, an overall analysis reveals that the detection performance is on the rise. The LR algorithm, as the algorithm with the highest number of correct classifications, takes 283 ms to train the model and only 2 ms for testing. Therefore, the LR model can be considered in the second stage of detection to distinguish the attack types other than DoS attacks.

9. Conclusion

Aiming at the security problems in the VANET scenario, a multidomain secure communication and traffic detection model is proposed. This model uses a key self-verification algorithm to replace the authoritative central distribution of keys in traditional schemes. In addition, two types of communication, intradomain and interdomain, are designed to minimize communication overhead. Furthermore, a two-layer traffic detection approach is introduced, testing four machine learning algorithms that effectively reduce training and testing time for the model. In the future, our team will continue to improve the existing models, optimize them for specific machine learning algorithms, and implement the proposed models in real VANET scenarios. We are committed to coming up with new proposals for VANETs.

Conflicts of Interest

The authors declare no conflicts of interest.

Funding

This work was supported by the National Natural Science Foundation of China (Grant no. 61971380), the Key Technologies R&D Program of Henan Province (Grant nos. 242102211078, 252102211089, 252102211112, 242102211098, and 242102210135), the Science and Technology Research Program of the Chongqing Municipal Education Commission (Grant no. KJQN202300617), and the research funding of the Key Laboratory of Big Data Intelligent Computing (Grant no. BDIC-2023-B-006).

Open Research

Data Availability Statement

The JPBC open-source library is used. It has been labeled in the paper. The experimental environment and the experimental data used are all provided in the paper. The experimental results of the paper can be reproduced through the already labeled code sources and the experimental environment and data provided in the paper.

References

1 Grover J., Security of Vehicular Ad Hoc Networks Using Blockchain: A Comprehensive Review, Vehicular Communications. (2022) 34, https://doi.org/10.1016/j.vehcom.2022.100458.
10.1016/j.vehcom.2022.100458
Google Scholar
2 Dhamgaye A. and Chavhan N., Survey on Security Challenges in VANET, International Journal of Computer Science & Network. (2013) 2, no. 1.
Google Scholar
3 Garg S., Kaur K., Kaddoum G., Ahmed S. H., and Jayakody D. N. K., SDN-Based Secure and Privacy-Preserving Scheme for Vehicular Networks: A 5G Perspective, IEEE Transactions on Vehicular Technology. (2019) 68, no. 9, 8421–8434, https://doi.org/10.1109/TVT.2019.2917776.
10.1109/TVT.2019.2917776
Google Scholar
4 Ren J., Cheng Y., and Xu S., Edppa: An Efficient Distance-Based Privacy Preserving Authentication Protocol in Vanet, Peer-to-Peer Networking and Applications. (2022) 15, no. 3, 1385–1397, https://doi.org/10.1007/s12083-022-01297-5.
10.1007/s12083-022-01297-5
Google Scholar
5 Naren, Gaurav A., Sahu N., Dash A. P., Chalapathi G. S. S., and Chamola V., A Survey on Computation Resource Allocation in Iot Enabled Vehicular Edge Computing, Complex & Intelligent Systems. (2021) 8, no. 5, 3683–3705, https://doi.org/10.1007/s40747-021-00483-x.
10.1007/s40747-021-00483-x
Google Scholar
6 Dua A., Kumar N., Das A. K., and Susilo W., Secure Message Communication Protocol Among Vehicles in Smart City, IEEE Transactions on Vehicular Technology. (2018) 67, no. 5, 4359–4373, https://doi.org/10.1109/TVT.2017.2780183, 2-s2.0-85038817974.
10.1109/TVT.2017.2780183
Web of Science® Google Scholar
7 Khadidos A. O., Shitharth S., Manoharan H., Yafoz A., Khadidos A. O., and Alyoubi K. H., An Intelligent Security Framework Based on Collaborative Mutual Authentication Model for Smart City Networks, IEEE Access. (2022) 10, 85289–85304, https://doi.org/10.1109/ACCESS.2022.3197672.
10.1109/ACCESS.2022.3197672
Google Scholar
8 Alani M. M. and Awad A. I., An Intelligent Two-Layer Intrusion Detection System for the Internet of Things, IEEE Transactions on Industrial Informatics. (2023) 19, no. 1, 683–692, https://doi.org/10.1109/TII.2022.3192035.
10.1109/TII.2022.3192035
Google Scholar
9 Li F., Cui Y., Wang J., Zhou H., Wang X., and Yang Q., Lattice-Based Batch Authentication Scheme With Dynamic Identity Revocation in Vanet, International Journal of Intelligent Systems. (2022) 37, no. 11, 9442–9460, https://doi.org/10.1002/int.23004.
10.1002/int.23004
Web of Science® Google Scholar
10 Ali I., Hassan A., and Li F., Authentication and Privacy Schemes for Vehicular Ad Hoc Networks (VANETs): A Survey, Vehicular Communications. (2019) 16, 45–61, https://doi.org/10.1016/j.vehcom.2019.02.002, 2-s2.0-85062913660.
10.1016/j.vehcom.2019.02.002
Web of Science® Google Scholar
11 Zaidi K., Milojevic M. B., Rakocevic V., Nallanathan A., and Rajarajan M., Host-Based Intrusion Detection for Vanets: A Statistical Approach to Rogue Node Detection, IEEE Transactions on Vehicular Technology. (2016) 65, no. 8, 6703–6714, https://doi.org/10.1109/TVT.2015.2480244, 2-s2.0-84982273121.
10.1109/TVT.2015.2480244
Google Scholar
12 Sharma S. and Kaul A., A Survey on Intrusion Detection Systems and Honeypot Based Proactive Security Mechanisms in Vanets and Vanet Cloud, Vehicular Communications. (2018) 12, 138–164, https://doi.org/10.1016/j.vehcom.2018.04.005, 2-s2.0-85046450858.
10.1016/j.vehcom.2018.04.005
Web of Science® Google Scholar
13 Alladi T., Chakravarty S., Chamola V., and Guizani M., A Lightweight Authentication and Attestation Scheme for In-Transit Vehicles in Iov Scenario, IEEE Transactions on Vehicular Technology. (2020) 69, no. 12, 14188–14197, https://doi.org/10.1109/TVT.2020.3038834.
10.1109/TVT.2020.3038834
Web of Science® Google Scholar
14 Liu Y., Wang Y., and Chang G., Efficient Privacy-Preserving Dual Authentication and Key Agreement Scheme for Secure V2v Communications in an Iov Paradigm, IEEE Transactions on Intelligent Transportation Systems. (2017) 18, 2740–2749, https://doi.org/10.1109/tits.2017.2657649, 2-s2.0-85014809900.
10.1109/TITS.2017.2657649
Web of Science® Google Scholar
15 Zhang Q., Wang X., Yuan J. et al., A Hierarchical Group Key Agreement Protocol Using Orientable Attributes for Cloud Computing, Information Sciences. (2019) 480, 55–69, https://doi.org/10.1016/j.ins.2018.12.023, 2-s2.0-85058941323.
10.1016/j.ins.2018.12.023
Web of Science® Google Scholar
16 Saleem M. A., Li X., Mahmood K., Shamshad S., Alenazi M. J. F., and Das A. K., A Cost-Efficient Anonymous Authenticated and Key Agreement Scheme for V2I-Based Vehicular Ad-Hoc Networks, IEEE Transactions on Intelligent Transportation Systems. (2024) 25, no. 9, 12621–12630, https://doi.org/10.1109/TITS.2024.3383670.
10.1109/TITS.2024.3383670
Google Scholar
17 Wei L., Cui J., Zhong H., Bolodurina I., and Liu L., A Lightweight and Conditional Privacy-Preserving Authenticated Key Agreement Scheme With Multi-Ta Model for Fog-Based Vanets, IEEE Transactions on Dependable and Secure Computing. (2023) 20, no. 1, 422–436, https://doi.org/10.1109/TDSC.2021.3135016.
10.1109/TDSC.2021.3135016
Google Scholar
18 Zhang Q., Gan Y., Liu L., Wang X., Luo X., and Li Y., An Authenticated Asymmetric Group Key Agreement Based on Attribute Encryption, Journal of Network and Computer Applications. (2018) 123, 1–10, https://doi.org/10.1016/j.jnca.2018.08.013, 2-s2.0-85053073037.
10.1016/j.jnca.2018.08.013
Web of Science® Google Scholar
19 Umar M., Islam S. H., Mahmood K., Ahmed S., Ghaffar Z., and Saleem M. A., Provable Secure Identity-Based Anonymous and Privacy-Preserving Inter-Vehicular Authentication Protocol for VANETS Using PUF, IEEE Transactions on Vehicular Technology. (2021) 70, no. 11, 12158–12167, https://doi.org/10.1109/TVT.2021.3118892.
10.1109/TVT.2021.3118892
Google Scholar
20 Zhang Q., Li Y., Zhang Q. et al., A Self-Certified Cross-Cluster Asymmetric Group Key Agreement for Wireless Sensor Networks, Chinese Journal of Electronics. (2019) 28, no. 2, 280–287, https://doi.org/10.1049/cje.2018.05.010, 2-s2.0-85064167925.
10.1049/cje.2018.05.010
Web of Science® Google Scholar
21 Saleem M. A., Li X., Mahmood K. et al., Provably Secure Conditional-Privacy Access Control Protocol for Intelligent Customers-Centric Communication in VANET, IEEE Transactions on Consumer Electronics. (2024) 70, no. 1, 1747–1756, https://doi.org/10.1109/TCE.2023.3324273.
10.1109/TCE.2023.3324273
Google Scholar
22 Zhang Q., Zhu L., Wang R. et al., Group Key Agreement Protocol Among Terminals of the Intelligent Information System for Mobile Edge Computing, International Journal of Intelligent Systems. (2022) 37, no. 12, 10442–10461, https://doi.org/10.1002/int.22544.
10.1002/int.22544
Web of Science® Google Scholar
23 Zhang Q., Zhu L., Li Y. et al., A Group Key Agreement Protocol for Intelligent Internet of Things System, International Journal of Intelligent Systems. (2022) 37, no. 1, 699–722, https://doi.org/10.1002/int.22644.
10.1002/int.22644
CAS Web of Science® Google Scholar
24 Bansal U., Kar J., Ali I., and Naik K., Id-ceppa: Identity-Based Computationally Efficient Privacy-Preserving Authentication Scheme for Vehicle-To-Vehicle Communications, Journal of Systems Architecture. (2022) 123, https://doi.org/10.1016/j.sysarc.2021.102387.
10.1016/j.sysarc.2021.102387
Google Scholar
25 Saleem M. A., Li X., Mahmood K., Tariq T., Alenazi M. J. F., and Das A. K., Secure RFID-Assisted Authentication Protocol for Vehicular Cloud Computing Environment, IEEE Transactions on Intelligent Transportation Systems. (2024) 25, no. 9, 12528–12537, https://doi.org/10.1109/TITS.2024.3371464.
10.1109/TITS.2024.3371464
Google Scholar
26 Li J., Zhao Z., Li R., and Zhang H., Ai-Based Two-Stage Intrusion Detection for Software Defined Iot Networks, IEEE Internet of Things Journal. (2019) 6, no. 2, 2093–2102, https://doi.org/10.1109/JIOT.2018.2883344, 2-s2.0-85057396694.
10.1109/JIOT.2018.2883344
Web of Science® Google Scholar
27 Lu H., Wang T., Xu X., and Wang T., Cognitive Memoryguided Autoencoder for Effective Intrusion Detection in Internet of Things, IEEE Transactions on Industrial Informatics. (2022) 18, no. 5, 3358–3366, https://doi.org/10.1109/TII.2021.3102637.
10.1109/TII.2021.3102637
Google Scholar
28 Zhang Y., Li P., and Wang X., Intrusion Detection for Iot Based on Improved Genetic Algorithm and Deep Belief Network, IEEE Access. (2019) 7, 31711–31722, https://doi.org/10.1109/ACCESS.2019.2903723, 2-s2.0-85064680305.
10.1109/ACCESS.2019.2903723
Web of Science® Google Scholar
29 Zaheer A., Asghar M. Z., and Qayyum A., Intrusion Detection and Mitigation Framework for Sdn Controlled Iots Network, 2021 IEEE 18th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET). (2021) 147–151, https://doi.org/10.1109/HONET53078.2021.9615458.
10.1109/HONET53078.2021.9615458
Google Scholar
30 Zolanvari M., Teixeira M. A., Gupta L., Khan K. M., and Jain R., Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things, IEEE Internet of Things Journal. (2019) 6, no. 4, 6822–6834, https://doi.org/10.1109/JIOT.2019.2912022, 2-s2.0-85070188457.
10.1109/JIOT.2019.2912022
Web of Science® Google Scholar
31 Balasubramaniam S., Vijesh Joe C., Sivakumar T. A. et al., Optimization Enabled Deep Learning-Based DDoS Attack Detection in Cloud Computing, International Journal of Intelligent Systems. (2023) 2023, no. 1, 16–2023, https://doi.org/10.1155/2023/2039217.
10.1155/2023/2039217
Google Scholar
32 Wang Y., He H., Lai Y., and Liu A. X., A Two-Phase Approach to Fast and Accurate Classification of Encrypted Traffic, IEEE/ACM Transactions on Networking. (2023) 31, no. 3, 1071–1086, https://doi.org/10.1109/tnet.2022.32099793209979.
10.1109/TNET.2022.3209979
Google Scholar
33 Zhang Q., Li Y., Wang R., Liu L., Tan Y., and Hu J., Data Security Sharing Model Based on Privacy Protection for Blockchain-Enabled Industrial Internet of Things, International Journal of Intelligent Systems. (2020) 36, no. 1, 94–111, https://doi.org/10.1002/int.22293.
10.1002/int.22293
CAS Google Scholar
34 Zhang F., From Bilinear Pairings to Multilinear Maps, Journal of Cryptologic Research. (2016) 18, https://doi.org/10.13868/j.cnki.jcr.000122.
10.13868/j.cnki.jcr.000122
Google Scholar
35 Bhuyan M. H., Bhattacharyya D. K., and Kalita J. K., Network Anomaly Detection: Methods, Systems and Tools, IEEE Communications Surveys & Tutorials. (2014) 16, no. 1, 303–336, https://doi.org/10.1109/SURV.2013.052213.00046, 2-s2.0-84894646147.
10.1109/SURV.2013.052213.00046
Web of Science® Google Scholar
36 Shone N., Ngoc T. N., Phai V. D., and Shi Q., A Deep Learning Approach to Network Intrusion Detection, IEEE Transactions on Emerging Topics in Computational Intelligence. (2018) 2, no. 1, 41–50, https://doi.org/10.1109/TETCI.2017.2772792.
10.1109/TETCI.2017.2772792
Google Scholar
37 Stolfo S., Fan W., Lee W., Prodromidis A., and Chan P., Cost-based Modeling for Fraud and Intrusion Detection: Results from the Jam Project, Proceedings DARPA Information Survivability Conference and Exposition. (2000) 2, 130–144, https://doi.org/10.1109/DISCEX.2000.821515, 2-s2.0-84962238645.
10.1109/DISCEX.2000.821515
Google Scholar
38 Jiang L., Gu H., Xie L., Yang H., and Na Z., ST-IAOA-XGBoost: An Efficient Data-Balanced Intrusion Detection Method for WSN, IEEE Sensors Journal. (2025) 25, no. 1, 1768–1783, https://doi.org/10.1109/JSEN.2024.3489623.
10.1109/JSEN.2024.3489623
Google Scholar
39 Sedhuramalingam K. and Saravanakumar N., A Novel Optimal Deep Learning Approach for Designing Intrusion Detection System in Wireless Sensor Networks, Egyptian Informatics Journal. (2024) 27, https://doi.org/10.1016/j.eij.2024.100522.
10.1016/j.eij.2024.100522
Google Scholar
40 Verma A., Saha R., Kumar G., and Conti M., PETRAK: A Solution against DDoS Attacks in Vehicular Networks, Computer Communications. (2024) 221, 142–154, https://doi.org/10.1016/j.comcom.2024.04.025.
10.1016/j.comcom.2024.04.025
Google Scholar
41 Verikas A., Gelzinis A., and Bacauskiene M., Mining Data with Random Forests: A Survey and Results of New Tests, Pattern Recognition. (2011) 44, no. 2, 330–349, https://doi.org/10.1016/j.patcog.2010.08.011, 2-s2.0-77958064179.
10.1016/j.patcog.2010.08.011
Web of Science® Google Scholar
42 Yang K., Hou Y., and Li K., Importance Scores of Random Forest Variables and Their Research Progress, 2015, https://www.paper.edu.cn/releasepaper/content/201507-212.
Google Scholar
43 Ning P., Liu A., and Du W., Mitigating Dos Attacks against Broadcast Authentication in Wireless Sensor Networks, ACM Transactions on Sensor Networks. (2008) 4, no. 1, 1–35, https://doi.org/10.1145/1325651.1325652, 2-s2.0-41849094781.
10.1145/1325651.1325652
Google Scholar
44 Kim D. and An S., Pkc-Based Dos Attacks-Resistant Scheme in Wireless Sensor Networks, IEEE Sensors Journal. (2016) 16, no. 8, 2217–2218, https://doi.org/10.1109/JSEN.2016.2519539, 2-s2.0-84962054066.
10.1109/JSEN.2016.2519539
Web of Science® Google Scholar
45 Gao S., Peng Z., Xiao B., Hu A., Song Y., and Ren K., Detection and Mitigation of Dos Attacks in Software Defined Networks, 28, IEEE/ACM Transactions on Networking, 2020, no. 3, 1419–1433, https://doi.org/10.1109/TNET.2020.2983976.
10.1109/TNET.2020.2983976
Google Scholar
46 Suto K., Nishiyama H., Kato N., Nakachi T., Fujii T., and Takahara A., Thup: A P2p Network Robust to Churn and Dos Attack Based on Bimodal Degree Distribution, IEEE Journal on Selected Areas in Communications. (2013) 31, no. 9, 247–256, https://doi.org/10.1109/JSAC.2013.SUP.0513022, 2-s2.0-84883444015.
10.1109/JSAC.2013.SUP.0513022
Google Scholar
47 Ali I., Chen Y., Ullah N., Kumar R., and He W., An Efficient and Provably Secure Ecc-Based Conditional Privacy-Preserving Authentication for Vehicle-To-Vehicle Communication in Vanets, IEEE Transactions on Vehicular Technology. (2021) 70, no. 2, 1278–1291, https://doi.org/10.1109/TVT.2021.3050399.
10.1109/TVT.2021.3050399
Web of Science® Google Scholar
48 Yang X. and Liu J., HA-med: A Blockchain-Based Solution for Sharing Medical Data with Hidden Policies and Attributes, IET Information Security. (2024) 2024, no. 1, https://doi.org/10.1049/2024/2498245.
10.1049/2024/2498245
Google Scholar
49 Zhou Y., Cao L., Qiao Z. et al., A Novel Cloud-Assisted Authentication Key Agreement Protocol for VANET, IEEE Transactions on Vehicular Technology. (2024) 73, no. 9, 13526–13541, https://doi.org/10.1109/TVT.2024.3390654.
10.1109/TVT.2024.3390654
Google Scholar
50 Hu J., Shen Z., Chen K. et al., TAAC: Secure and Efficient Time-Attribute-Based Access Control Scheme in SDN-IoT, IET Information Security. (2024) 2024, no. 1, https://doi.org/10.1049/2024/8059692.
10.1049/2024/8059692
Google Scholar
51 Liu B., Ding M., Shaham S., Rahayu W., Farokhi F., and Lin Z., When Machine Learning Meets Privacy: A Survey and Outlook, ACM Computing Surveys. (2021) 54, no. 2, 1–36, https://doi.org/10.1145/3436755.
10.1145/3436755
CAS Web of Science® Google Scholar

All articles

Multidomain Secure Communication and Intelligent Traffic Detection Model in VANETs

Abstract

1. Introduction

1.1. Research Motivation

1.2. Our Contribution

1.3. Organization

2. Related Work

2.1. Authentication

2.2. Communication

2.3. Detection

2.4. Our Scheme

3. Preliminaries

3.1. Elliptic Curve and Bilinear Pairings

3.2. Bilinear Mapping Complexity Assumptions

3.3. Multilinear Mapping

3.4. Multilinear Mapping Complexity Assumptions

4. System Model and Initialization

4.1. System Model

4.2. Initialization

4.2.1. Terminal Key Self-Verification

4.2.2. Alliance Domain Establishment

5. Authentication Module

5.1. Authentication Between Vehicle and Local Domain RSU

5.2. Authentication Between Vehicles in the Same Domain

6. Secure Communication Module

6.1. Intradomain Vehicle Terminal Communication

6.1.1. Session Key Establishment Between Vehicles in a Common RSU Domain

6.1.2. Secure Communication Between Vehicles in a Common RSU Domain

6.2. Interdomain Vehicle Terminal Communication

6.2.1. Session Key Establishment Between Vehicles in Different RSU Domains

6.2.2. Secure Communication Between Vehicles in Different RSU Domains

7. Detection Module

7.1. Data Preprocessing and Dataset Description

7.2. Two-Layer Flow Detection

8. Performance Evaluation

8.1. Correctness and Security Analysis

8.1.1. Correctness Analysis

8.1.2. Security Analysis

8.2. Communication Performance Evaluation

8.2.1. Computational Complexity Analysis

8.2.2. Time Analysis of Calculation Consumption

8.3. Performance Analysis of Flow Detection

8.3.1. Experimental Setup

8.3.2. Analysis of Detection Performance

8.3.3. Analysis of Detection Time Consumption

8.3.4. Summary of Detection Function

9. Conclusion

Conflicts of Interest

Funding

Open Research

Data Availability Statement

References

Figures

References

Related

Information