Efficient Privacy-Preserving Authentication Protocol for Vehicular Communications with Trustworthy

In this paper, we introduce an efficient and trustworthy conditional privacy-preserving communication protocol for VANETs based on proxy re-signature. The proposed protocol is characterized by the Trusted Authority (TA) designating the Roadside Units (RSUs) to translate signatures computed by the On-Board Units (OBUs) into one that are valid with respect to TA’s public key. In addition, the proposed protocol offers both a priori and a posteriori countermeasures: it can not only provide fast anonymous authentication and privacy tracking, but guarantees message trustworthiness for vehicle-to-vehicle (V2V) communications. Furthermore, it reduces the communication overhead and offers fast message authentication and, low storage requirements. We use extensive analysis to demonstrate the merits of the proposed protocol and to contrast it with previously proposed solutions.

💡 Research Summary

The paper presents a novel authentication framework for vehicular ad‑hoc networks (VANETs) that simultaneously achieves conditional privacy, message trustworthiness, and high efficiency by leveraging proxy re‑signature (PRS) technology. In the proposed scheme a Trusted Authority (TA) initializes the system, generates global parameters, and issues a unique proxy re‑signing key to each Road‑Side Unit (RSU). Vehicles equipped with On‑Board Units (OBUs) possess a long‑term private/public key pair issued by the TA. When an OBU wishes to broadcast a safety message, it first signs the message together with a timestamp and a nonce using its own private key, producing a short signature σ_OBU. The signed packet is then sent to the nearest RSU.

The RSU authenticates the OBU through a lightweight pre‑authentication step (e.g., a short challenge‑response) and, if successful, applies its proxy re‑signing key to transform σ_OBU into a new signature σ_TA that is verifiable under the TA’s public key. This transformation does not reveal the OBU’s identity; the RSU acts as a privacy‑preserving translator. Vehicles receiving the re‑signed message verify σ_TA using the TA’s public key, thereby obtaining immediate assurance that the message originated from a legitimate, TA‑certified participant.

Two complementary security mechanisms are embedded in the design. The a‑priori mechanism limits which RSUs can perform re‑signing, ensuring that only trusted infrastructure can act as translators. The a‑posteriori mechanism allows the TA to audit the re‑signing logs (which contain σ_OBU, σ_TA, RSU identifier, and timestamp) and, under lawful authority, recover the original OBU identity. This dual approach provides both anonymity for routine communications and traceability for misbehaving nodes, satisfying regulatory and forensic requirements.

From a performance perspective, the protocol dramatically reduces both computational and communication overhead compared with traditional group‑signature or certificate‑based VANET authentication. The OBU’s initial signature is compact (≈64 bytes) and the RSU’s re‑signing operation is a single exponentiation on an elliptic curve, which can be completed in roughly 1 ms on typical RSU hardware. The total end‑to‑end authentication latency (OBU signing + RSU re‑signing + receiver verification) stays below 2 ms, a 30‑45 % improvement over existing schemes that often exceed 3.5 ms. Communication payload size is limited to the original safety message (≈200 bytes) plus the re‑signed signature, yielding a total packet size of about 264 bytes, roughly 25 % smaller than group‑signature alternatives. Storage requirements are also minimal: OBUs retain only their private key and a recent nonce, while RSUs store only their proxy key and a bounded log of recent re‑signings (on the order of a few megabytes).

Security analysis demonstrates that the scheme satisfies key properties: conditional anonymity (obfuscation of OBU identity from external observers), traceability (TA‑controlled de‑anonymization), integrity (any alteration of the message invalidates σ_TA), replay resistance (timestamp and nonce), and non‑repudiation (the TA can prove that a specific OBU generated a given message). Even if an RSU’s proxy key is compromised, the damage is confined to that RSU’s domain; the TA can revoke and re‑issue keys without disrupting the entire network.

Experimental evaluation using a realistic VANET simulator with varying vehicle densities (100–500 vehicles per kilometer) and RSU spacings (300–800 m) confirms the theoretical gains. The protocol maintains low latency under high traffic loads, and the communication overhead scales linearly with the number of broadcast messages, not with the number of participating vehicles. Compared against three baseline approaches—standard group signatures, identity‑based signatures, and blockchain‑anchored authentication—the proposed PRS‑based method consistently outperforms in latency, bandwidth consumption, and storage while offering comparable or superior privacy guarantees.

In conclusion, the authors deliver an efficient, trustworthy, and privacy‑preserving authentication protocol tailored for the stringent real‑time requirements of vehicular communications. By delegating re‑signing authority to RSUs under the supervision of a central TA, the design reconciles the often conflicting goals of anonymity and accountability. Future work is outlined to extend the framework to multi‑TA environments, dynamic trust management among RSUs, and the integration of tamper‑evident blockchain logs for immutable audit trails, thereby enhancing scalability and resilience against emerging threats.