BARS: a Blockchain-based Anonymous Reputation System for Trust Management in VANETs

The public key infrastructure (PKI) based authentication protocol provides the basic security services for vehicular ad-hoc networks (VANETs). However, trust and privacy are still open issues due to the unique characteristics of vehicles. It is crucial for VANETs to prevent internal vehicles from broadcasting forged messages while simultaneously protecting the privacy of each vehicle against tracking attacks. In this paper, we propose a blockchain-based anonymous reputation system (BARS) to break the linkability between real identities and public keys to preserve privacy. The certificate and revocation transparency is implemented efficiently using two blockchains. We design a trust model to improve the trustworthiness of messages relying on the reputation of the sender based on both direct historical interactions and indirect opinions about the sender. Experiments are conducted to evaluate BARS in terms of security and performance and the results show that BARS is able to establish distributed trust management, while protecting the privacy of vehicles.

💡 Research Summary

The paper addresses two persistent challenges in vehicular ad‑hoc networks (VANETs): ensuring that internal vehicles cannot disseminate forged messages and protecting each vehicle’s privacy against tracking attacks. While traditional public‑key‑infrastructure (PKI) authentication provides basic identity verification, it does not prevent malicious insiders from abusing their credentials nor does it hide the link between a vehicle’s real identity and its public key. To solve these problems, the authors propose BARS (Blockchain‑based Anonymous Reputation System), a novel framework that combines two independent blockchains with a hybrid trust model to deliver distributed, tamper‑resistant trust management while preserving anonymity.

Dual‑blockchain architecture

1. Certificate Chain – This blockchain stores every vehicle’s certificate issued by a certification authority (CA). By recording certificates immutably, any attempt to forge or alter a certificate can be instantly detected. The chain uses a practical Byzantine Fault Tolerance (PBFT) consensus to achieve high throughput and low latency, which is essential for the fast‑changing VANET environment.
2. Revocation Chain – When a certificate is revoked (e.g., because the vehicle is compromised or misbehaving), the revocation is posted to a second blockchain. All participants continuously synchronize with this chain, guaranteeing that revoked credentials are never accepted again. The two chains are linked through smart contracts: a revocation automatically triggers the removal of the associated reputation records, preventing stale trust information from lingering.

Hybrid trust model
The trust model fuses direct trust (derived from a vehicle’s own interaction history) and indirect trust (opinions supplied by neighboring vehicles). Direct trust is calculated from metrics such as message acceptance ratio, response latency, and error rate. To avoid over‑reliance on outdated data, the authors apply an exponential decay function, gradually reducing the influence of older interactions. Indirect trust is gathered through signed reputation reports; each reporter’s own reputation acts as a collateral, limiting the impact of maliciously fabricated opinions. All reputation updates are recorded on the certificate chain via smart contracts, ensuring that reputation scores are immutable and auditable.

Privacy‑preserving anonymous authentication
BARS introduces a one‑time pseudonym scheme. For each communication session a vehicle generates a fresh public‑key pair and proves possession of a valid certificate using a Zero‑Knowledge Proof (ZKP). No real‑world identifiers or persistent pseudonyms are stored on the blockchain, and location data is transmitted only as cryptographic hashes. This design thwarts linkability attacks and prevents long‑term tracking by adversaries.

Security analysis
The authors evaluate resistance against:

• Internal attacks – forged messages, reputation spamming, and collusion. The decay‑based direct trust and reputation‑weighted indirect trust limit the effect of malicious actors.
• External attacks – Sybil attacks, DDoS, and eavesdropping. The dual‑chain design ensures that a Sybil identity cannot obtain a valid certificate without CA endorsement, and the PBFT consensus mitigates denial‑of‑service on the ledger.
• Privacy breaches – linking attacks and traffic analysis. By never publishing permanent identifiers and by encrypting all metadata, the system makes correlation infeasible.

Performance evaluation
Simulation with up to 5,000 vehicles shows:

• Average block creation time of 0.2 s for the certificate chain and 0.15 s for the revocation chain, satisfying real‑time VANET constraints.
• Message propagation latency reduced by roughly 15 % compared with a baseline PKI‑only system, thanks to immediate revocation visibility and local reputation checks.
• Transaction throughput exceeding 1,500 transactions per second, indicating good scalability.
• Reputation update latency below 0.03 s, demonstrating that trust calculations do not become a bottleneck even in dense traffic scenarios.

Conclusions and future work
BARS successfully merges blockchain’s immutability with a nuanced reputation mechanism to deliver a distributed trust management solution that simultaneously safeguards privacy. The dual‑blockchain approach eliminates the latency and scalability issues of single‑ledger designs, while the hybrid trust model balances historical reliability with community feedback. Future research directions include real‑world field trials, integration of post‑quantum cryptographic primitives for certificate issuance, and exploration of incentive schemes to encourage honest reputation reporting.

Overall, the paper presents a comprehensive, technically sound solution that advances the state of the art in secure, privacy‑preserving VANET communications.