An Anonymous Handover Authentication Scheme Based on LTE-A ... anonymous hand… · ResearchArticle An Anonymous Handover Authentication Scheme Based on LTE-A for Vehicular Networks

This document is downloaded from DR‑NTU (httpsdrntuedusg)Nanyang Technological University Singapore

An anonymous handover authentication schemebased on LTE‑A for vehicular networks

Xu Cheng Huang Xiaohong Ma Maode Bao Hong

2018

Xu C Huang X Ma M amp Bao H (2018) An anonymous handover authentication schemebased on LTE‑A for vehicular networks Wireless Communications and Mobile Computing2018 6251219‑ doi10115520186251219

httpshdlhandlenet10356106759

httpsdoiorg10115520186251219

copy 2018 Cheng Xu et al This is an open access article distributed under the CreativeCommons Attribution License which permits unrestricted use distribution andreproduction in any medium provided the original work is properly cited

Downloaded on 15 Feb 2021 025904 SGT

Research ArticleAn Anonymous Handover Authentication Scheme Based onLTE-A for Vehicular Networks

Cheng Xu 12 Xiaohong Huang 1 Maode Ma 3 and Hong Bao2

1 Institute of Network Technology Beijing University of Posts and Telecommunications China2Beijing Key Laboratory of Information Service Engineering Beijing Union University China3School of Electrical and Electronic Engineering Nanyang Technological University Singapore

Correspondence should be addressed to Xiaohong Huang huangxhbupteducn

Received 22 October 2017 Accepted 28 May 2018 Published 3 July 2018

Academic Editor Jaime Lloret

Copyright copy 2018 ChengXu et alThis is an open access article distributed under theCreative CommonsAttribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Vehicular networks play an important role in the intelligent transportation systems which have gained technical supports from carindustry Due to the mobility and the broadcast nature of wireless communication security of the vehicular networks is a criticalissue for the academia and industry Many solutions have been proposed to target the security provisioning However most ofthem have various shortcomings Based on the elliptic curve public key cryptography algorithm in this paper we propose a newanonymous roaming authentication protocol for the Long Term Evolution-Advanced (LTE-A) supported vehicular networks Fora vehicular LTE-A network an authentication protocol should be able to fulfill a variety of security requirements which can be metby our proposal and proved by using BurrowsndashAbadindashNeedham (BAN) logic Compared with some existing solutions our schemehas lower communication costs with stronger security functionality The analyses on the security functions and the performanceof the proposed solution show that our scheme is secure and efficient with ability against various types of malicious attacks

1 Introduction

A vehicular ad hoc network (VANET) is a mobile self-or-ganized network in the intelligent transportation system(ITS) It has basic characteristics of a large delay-tolerantnetwork including long communication delays and multipleasynchronous transmission capabilities A vehicular networkis a variety of a mobile ad hoc network (MANET) used inITS [1] It is comprised of vehicle on-board units (OBUs)roadside units (RSUs) which are the fixed units deployed atsides of the road the control center etc An OBU at a vehiclecan equip a GPS device 3G4G communication modulesradar and the car-body-mounted sensory for identificationof its own state road conditions traffic on road status withthe ability to exchange information of the communicationsenvironment which includes the body position movementspeed driving direction states of communications link etc ARSU is a bridge of the vehicle and the Internet The vehicularnetwork not only needs to provide navigation and traditionalservices such as entertainment but also involves the collectionand distribution the traffic safety related information such ascollision warning alarm [2]

Recent research on vehicular network has focused onmajor five areas (1) the collaborative security applicationson the road safety for the vehicles involved [3] (2) datatransmission information distribution and data collationmethods (3) traffic and vehicle movement modeling (4)the physical layer and medium access control (MAC) layercommunications and (5) privacy and identity authenticationThese studies which are aimed at improving traffic andnetwork security the efficiency of traffic and the data com-munication can promote the development of the ITS [4]TheLong Term Evolution-Advanced (LTE-A) wireless systemshave been suggested to be used in the vehicular environmentsto improve the efficiency of the wireless communication invehicular networks With the application of the systemsthe design and deployment of the vehicular networks willneed less network components to obtain a higher systemcapacity and a larger coverage of thewireless communicationIn addition higher data rates low access latency flexiblebandwidth and seamless integration with other existingwireless communication systems could also be achieved[5]

HindawiWireless Communications and Mobile ComputingVolume 2018 Article ID 6251219 15 pageshttpsdoiorg10115520186251219

2 Wireless Communications and Mobile Computing

11 Related Work To provide LTE-A security functionalitya strong user authentication scheme in a mobile networkshould conform to the following requirements including theability of resistance to impersonation attacks foreign agentimpersonation attacks home agent impersonation attacksoffline password guessing attacks and insider attacks It alsoneeds to be user-friendly and ensure user anonymity propermutual authentication local verification etc [6] In [7] asecurity scheme has been proposed which is more suitablefor the resource-limitedmobile deviceswith low-power and itholds the ability against various malicious attacks with manyoutstanding features In the LTE-A networks the EvolvedPacket System Authentication and Key Agreement (EPS-AKA) has been specified in the 3GPP standard to providemutual authentication key management and key materialsrefresh between an eNodeB which can be used as RSU in thevehicle environment and a mobile node which is supposedto be an OBU in the vehicular networks Although the EPS-AKA scheme in the LTE-A networks and some other similarproposals can ensure the mutual authentication and keymanagement in general there are still some vulnerabilitiesexisting in the mobility management in the LTE-A basedvehicular networks Particularly three critical shortcomingsexist in the handover procedures (1) First is lack of backwardsecurity [8] In the LTE-A systems the standard inevitablyinherits the defects of its predecessor UMTS-AKA proto-col without backward-compatibility support and it cannotresist some popular types of malicious attacks such as theredirection and man-in-the-middle attacks At the sametime it has other security weakness as any other EPS-AKAschemes such as the lack of privacy protection and keyforwardbackward secrecy (KFSKBS) with the emergentnew challenges in validation of group communication (2)Second is vulnerability to desynchronization attacks [9] Inthe LTE-A systems the key management can prevent anycompromise of the key(s) or any one piece of isolated networkequipment However by the design there exists a loopholein the handover key management phase which is so-calledthe synchronization attack which is an attack that threatenssecure communication between the mobile node and thenetwork (3) Third is vulnerability to replay attacks [10] Thepurpose of these types of attacks is to destroy the relationshipbetween the OBU and the target eNodeB Generally themobility management entity (MME) generates and sends aninitial key to the service eNodeB In fact the service eNodeBalways derives a new eNodeB key and sends it to the targeteNodeB during any inter-eNodeB handover Therefore theconnection between theOBUand the service eNodeBwill notbe kept and a new handover procedure will start

For the secure handover in the LTE-A networks it isfound that some earlier security schemes are unlikely toprovide user anonymity due to the inherent design flawswhich are also susceptible to playback and simulated attacks[11 12] Then a powerful user authentication scheme for awireless smart card has been designed However it is shownthat the scheme in [11 12] lacks user friendliness and cannotprovide user anonymity and unfairness in key agreement [13]And further an enhanced anonymous authentication schemehas been proposed to achieve the anonymity for a roaming

service in the global mobile networks [14] To remedy someof the weaknesses [9] proposed a novel anonymous authen-tication scheme in the LTE networks It is shown in [15] that arecently proposed protocol named PairHand can outperformother protocols in terms of security and efficiency whichcould be a potential candidate for the deployment in thevehicular networks However these schemes still need toindependently send authentication request messages to thenetwork Secure and efficient handover authentication shouldpossess the following functional attributes [16] subscriptionvalidation server authentication key establishment useranonymity and untraceability conditional privacy preserva-tion provision of user revocation attack resistance periodicsession key updating low communication cost and lowcomputational complexity

By the previous work we have explored that somesecurity schemes are vulnerable to impersonation For LTE-A it needs to provide user friendliness and user anonymitylacking backward security and local verification To remedythe weaknesses we propose a novel anonymous roam-ing authentication scheme (ARHAP) for the LTE-A basedVANETs

12 Our Contributions The ARHAP scheme works basedon the elliptic curve public key cryptography to implementthe secure and efficient handovers between the service andtarget eNodeBs in a LTE-A networkThe outstanding featuresof the ARHAP scheme can be summarized as follows (1)simplification of the generation of session keys to realizesecure and efficient handovers in the LTE-A based VANETsystems (2) the ability to conform to the demand of basicsecurity and privacy protection (3) efficient reduction of thecomputational and communication costs resulting in a betterperformance to be applicable into the VANET systems

The rest of the paper is organized as follows In Section 2we provide a brief introduction on the network architectureand the security requirements In Section 3 we describethe proposed the ARHAP scheme in detail In Section 4we prove the correctness of the ARHAP scheme by usingBAN logic and formally verify the security function of theARHAP scheme under intruder attacks by using AVISPAIn Section 5 we compare the performance of the proposedARHAP scheme with those of other authentication schemesby simulation experiments We have the conclusion of thepaper in Section 6

2 Network Environment and Security Goals

The LTE-A network has its outstanding feature of flexibilityto be deployed It is open secure reliable and easy tooperate [2] Figure 1 shows a VANET working over a LTE-A network infrastructure A LTE-A system consists of acore network named as an evolved packet core (EPC) anda wireless access network named as the evolved-universalterrestrial radio access network (E-UTRAN) E-UTRAN hasmany evolved NodeB each of which can communicate with amobile node [17] The EPC core network is the native all-IP-based and multiaccess network that enables the deploymentand operation of a common network for each kind of 3GPP

Wireless Communications and Mobile Computing 3

target eNodeB

EPC

EPC Evolved packet coreApplication unitAUOn-board unitOBU

MME Mobility management entityHome subscriber serverHSS

OBUOBU

OBU

LTELTE-A

MMEHSS

LTE-A service eNodeB

Figure 1 LTE-A Infrastructure for vehicular network environment

access networks including 2G 3G and LTE The E-UTRANis connected to the EPC core network as the wireless accesspoints which have various layers of the protocol stack tosupport high-bandwidth applications together with real-timeconstraints QoS and high availability to the wireless mobiledevices [18]

The LTE-A system can be deployed as the infrastructurefor vehicular networks to make them work in a more cost-effective way [19] By using the LTE-A systems it is possible toreduce the latency to a fewmilliseconds required for real-timeapplications [20] It has been envisioned to exploit the exist-ing LTE-A infrastructure to support vehicular networkingapplications through an advanced LTE-enabled OBU or byusing smart phones with LTE-A wireless access connectivity[21] In terms of mobility the E-UTRAN supports handoversacross the distinct cells controlled by different eNodeBs in theLTE-A networks when a vehicle travels at a lowmobile speedfrom 0 to 15 kmh or a higher speed The LTE-A systemshave been qualified as a suitable candidate to be used in theVANETs due to many other features of the technology suchas its extraordinary performance in terms of a higher datatransmission rate a lower latency ease of deployment andits infrastructure [22]

When an OBU accesses the EPC the MME needs toconnect with home subscriber server (HSS) to obtain thecorresponding authentication informationThen the mutualauthentication between the OBU and the HSS controlled bysecurity protocols [1 23] can be realized

21 Elliptic Curve Cryptography The elliptic curve cryptog-raphy (ECC) and some relevant mathematical assumptionshave been widely used for the authentication purpose Com-pared with other public key cryptographies elliptic curvecryptosystemhas significant advantages of the small-size keyswith fast calculations [15] The ECC is the system with thehighest encryption intensity for each bit in the known publickey systemThe best algorithm to solve the discrete logarithmproblem on elliptic curve is the Pollard rho method whose

time complexity is complete exponential order where n is thebinary representation of m in equation mP=P+P+ +P=QWhen n=234Q is about 2117 it will take 16x1023MIPS yearsThe advantage of the shorter ECC key is very obvious withthe increase of encryption strength the key length changesa little The ECC works based on the elliptic curve discretelogarithm problem which is a known nondeterministicpolynomial (NP) hard problem It has been widely usedin several encryption schemes in the wireless networkingenvironment to provide the required security functionalityand computational efficiency Thus the use of the ECC canlargely reduce storage and transmission costs which fits wellwith the resource limitations while achieving the goal ofensuring system security

There are three elliptic curve groups that need calcu-lations in designing secure encryption schemes For cyclicadditive group G all elements Q in G have the form Q=rPfor some PisinG In this case we call P a generator of G whererP=P+P+ +P (r times)

For cyclic multiplicative group G119879 all elements y in G119879have the form y=g119896 for some g in G119879 where g is a generatorof G119879 and g119896=g g (k times)

For elliptic curve group let p be a prime number andF119901 denote the field of integers modulo p An elliptic curveE over F119901 is defined as y2=x3+ax+b where a bisinF119901 satisfies4a3+27b2 =0mod p

In order to prove our proposed security protocol weput forward some important calculation problems using theelliptic curve group in designing secure encryption schemes

Problem 1 (computational discrete logarithm (CDL)) GivenR=xP where P RisinG119901 it is easy to calculate R given x and Pbut it is difficult to determine x given P and R

Problem 2 (computational Diffie-Hellman (CDH)) Given PxP yPisin G119901 it is difficult to compute xyPisinG119901

Problem 3 (elliptic curve factorization (ECF)) Given twopoints P and R=xsdotP+ysdotP for 119909 119910 isin 119885119902lowast it is difficult to findxsdotP and ysdotP

22 Security Goals In particular the following securityrequirements should be achieved by any designed securityproposals The security requirements include the following

(1) Anonymous handover and secure key agreementthe authentication and key agreement protocol can realizemutual authentication between the OBU and the LTE-Anetworks The encryption algorithm and integrity protectionis the basic requirement in the process of session keyagreement Therefore anonymous handover can realize theconfidentiality of the OBU identity to prevent attackerstracking the user location Both the OBU at a vehicle and thetarget eNodeB as the RSUs must authenticate each other ina handover procedure After mutual authentication a freshsession key could be generated to provide data confidentialityand integrity in the communication processes between theOBU and the target eNodeB

(2) Privacy preserving the identities of the OBUsshould be hidden from normal message receivers during the


Table 1 Notations used in the ARHAP scheme

Notation Description

OBU MME eNodeB HSSOn-board units equip in vehicle

Mobile management entity evolvedNodeB Home subscriber server

IDX PWX Identity and password of an entity X

P Elliptic curve the basis of order forn

h() Hash function

EK[]DK[]Symmetrical encryption and

decryption of key K

EKDKUnsymmetrical encryption and

decryption of key K Concatenation operationoplus XOR operationSK Session key

handover authentication processWhen the OBU is perform-ing authentications the LTE-A networks cannot reveal theirtrue identities to the public

(3) Attacks resistance the designed scheme should havethe ability to resist various attacks in the LTE-A networksincluding replay attacks redirection attacks andman-in-the-middle attacks

3 Proposed Scheme ARHAP

In this section we describe our proposed ARHAP schemewith the aim of achieving an anonymous handover authenti-cation in vehicular LTE-A networksTheARHAP scheme hasbeen designed with 2 components (1) mutual authenticationand key agreement and (2) handover authentication Sincein a LTE-A based VANET an OBU at a vehicle needs first toconnect the network for the registration and authenticationthe first step of the actions includes initialization registrationauthentication and the session key establishment Once ahandover happens the control of communication changesfrom the current eNodeB to a target eNodeB which needs toperform a mutual authentication between the OBU and thetarget eNodeB

In a LTE-A based VANET the proposed ARHAP schemewill simplify the session key generation using elliptic curvecryptography and can conform to the requirements of secu-rity functionality In addition the privacy of the vehicularcan also be protected in the anonymous roaming handoverauthentication procedure Table 1 lists the notations used inthe proposed scheme

31 Mutual Authentication and Key Agreement The normalprocess of the mutual authentication and key agreementincludes 3 phases initialization registration and authentica-tion and establishment of a session key When the ARHAPscheme starts to work the OBU at a vehicle requires initial-ization of the system parameters It also needs to connectto the EPC to complete the registration to the EPC Onceit initially enters into a new LTE-A based VANET the OBUfirst connects to eNodeB to perform an authentication for

the establishment of a session key After completing themutual authentication theOBUwill execute a fast and securehandover process to change the control of communicationfrom the service eNodeB to the target eNodeB

311 Initialization Phase In this phase an OBU at a vehicleneeds to access the network to obtain the system parameterswhile the MME in its role as the mobility management entityselects the system parameters on behalf of the EPC to provideto the OBU and completes the initialization process

The MME selects a secure elliptic curve on F119901 andrandomly selects c and y and computesC=cP y andC are usedas theMME key S119890119873119900119889119890119861 is used as the private key of eNodeBS119872119872119864 is used as the private key of the MME

Step 1 Choose G1 G2 as 2 loops of an additive group whoseorder is of a large prime number q P1 and P2 are thegenerators of G1 and G2 respectively Ψ is the G2 and G1isomorphism satisfying Ψ (P2)=P1

Step 2 Choose a randomnumber x=119885119902lowast as a private key andcompute Y=xP2 as the public key

Step 3 Choose one-way hash functions h() F1198791() andF119870119864119884()

Step 4 For each OBU and eNodeB distribute public systemparameters G1 G2 q P1 P2 Ψ h F1198791 F119870119864119884

312 Registration Phase In this phase the OBU needs toconnect to the EPC via the HSSauthentication center (AuC)as a representative of theMME to complete the OBU-to-EPCregistration It acts in the following steps

Step 1 An OBU chooses its identity IDOBU and passwordPWOBU and generates a random number r119874119861119880 It thencomputes Z=h(r119874119861119880PW119874119861119880) chooses a failure time stampExd through a secure channel and submits ID119874119861119880ZExd tothe MME

Step 2 After the MME receives the registration request itwill test whether Exd is effective checking if the failure hasresulted in a refusal to the request of registration or if the HSSrequest on the userrsquos authentication vector (AV)s is effective

Step 3 The MME receives an authentication data requestfor the OBU-generated AVs including authentication tokenexpected response and the AVs as authentication dataresponse to the MME

Step 4 The MME receives the authentication data responseand sends the AVs as a certification request to the OBU

Step 5 The OBU receives the authentication request verifiesthe validity of the Auth and then calculates the response(RES) as the authentication response to the MME

Step 6 The MME receives the authentication responseand compares the RES and XRES Booleans forequality Then Q=h(ID119874119861119880y)oplush(PW119874119861119880r119874119861119880) H=


Figure 2 Registration phase

h(ID119874119861119880h(PW119874119861119880r119874119861119880) and C=cP are computed TheMME stores the message Q H C ID119872119872119864r119874119861119880 in a smartcard and submits the smart card data to the OBU through asecure channel Figure 2 illustrates the registration phase

313 Authentication and Session Key Establishment PhaseIn this phase the vehicular user OBU roams into anothereNodeB to access the services from the target eNodeBThe eNodeB and the OBU first need to authenticate eachother via a mutual authentication process to change someinformation and then negotiate to produce a session keyTheauthentication and establishment of session key phase of theproposed scheme proceeds as follows

Step 1 The user at the vehicle inserts its smart cardinto the reader and inputs identity IDOBU and pass-word PWOBU Then 119867lowast=h(ID119874119861119880h(PW119874119861119880r119874119861119880) and Z=h(r119874119861119880PW119874119861119880) will be computed with a checking to judgewhether H=119867lowast If they are equal it means that the OBUis a legitimate vehicular user Otherwise the session will bestopped Next a random number is generated and A=aPR119860119862=aC N=Qoplush(PW119874119861119880r119874119861119880) DID119874119861119880=ID119874119861119880oplush(R119860119862)and V1=h(NR119860119862ID119872119872119864) are computed and the introduc-tory request message ADID119874119861119880CV1ID119872119872119864 is sent toeNodeB though a public channel

Step 2 The eNodeB receives the message A DID119874119861119880CV1ID119872119872119864 and then generates random number b andcomputes B=bP R119861119862=bC W2=E119877119861119862[A B Cert119890119873119900119889119890119861 V1DID119874119861119880] and V2=E119878119890119873119900119889119890119861h(A B Cert119890119873119900119889119890119861 V1DID119874119861119880)Cert119890119873119900119889119890119861 is eNodeBrsquos certificate and E119878119890119873119900119889119890119861 is the privatekey of eNodeBThen eNodeB sent data-messages BW2V2to the MME

Step 3 The MME receives BW2V2 and then computesR119861119862=cB and decrypts D119877119861119862[W2]997888rarrA BCert119865119860V1DID119874119861119880Next signature V2 is verified Only if verification issuccessful does the MME certify eNodeB Then the

MME computes R119860119862=cA ID119874119861119880=DID119874119861119880oplush(R119860119862) and1198811lowast=h(h(ID119874119861119880y)R119860119862ID119872119872119864) Next it computes

whether V1=1198811lowast is verified Only if the verificationis successful the MME certifies the OBU Thenrandom number b is generated D=dP and G119874119861119880=dBoplusR119860119862 are computed followed by computation of W1=h(h(ID119874119861119880y)dBADID119890119873119900119889119890119861ID119872119872119864) W3=E119877119861119862[ID119890119873119861G119874119861119880Cert119890119873119900119889119890119861dAABDW1] and V3=E119878119872119872119864h(ID119890119873119861G119874119861119880Cert119890119873119900119889119890119861dAABDW1) Then the MME sendsW3 V3 to eNodeB

Step 4 The eNodeB decrypts D119877119861119862 [W3]997888rarrID119890119873119861G119874119861119880Cert119890119873119900119889119890119861dAABDW1 Then the signature V3 is veri-fied Only if the verification is successful the eNodeBcertifies the OBU and MME SK=h(bA) is computed andW4=E119878119870[ID119890119873119861DW1] is encrypted and then eNodeB sendsG119874119861119880 W4 to the OBU

Step 5 Upon receiving the message G119874119861119880W4 theOBU computes dB=G119874119861119880oplusR119860119862 and SK=h(bA) anddecrypts D119878119870[W4]997888rarrID119890119873119900119889119890119861 DW1 Then 1198821

lowast=h(NdBADID119890119873119900119889119890119861ID119872119872119864) is computed Next1198821

lowast=W1is verified Only if the verification is successful the OBUcertifies the eNodeB and the MME Then SK=h(aB) andAuth=h(W1aB) are computed and the OBU sends Auth tothe eNodeB

Step 6 After the eNodeB receives Auth it computesAuthlowast=h(W1bA) and then verifies whether Authlowast=AuthOnly if the verification is successful the eNodeB establishes asession key SK=h(bA)

Figure 3 illustrates the authentication and establishmentof session key phase

32 Handover Authentication An OBU in the process ofroaming must perform a handover authentication from thecurrent eNodeB to the target eNodeBThe handover needs to


Figure 3 Authentication and session key establishment phase

perform an authentication between the OBU and the targeteNodeB after exchanges of control information to negotiatea new session key When the connected users disconnectand reconnect to target eNodeB the delay include transmis-sion delay propagation delay and authentication process-ing delay The handover authentication phase proceeds asfollows

Step 1 The OBU sends a handover request to the serviceeNodeB1

Step 2 The eNodeB1 receives the handover request thencomputes SK2=h(SK1120572) sends SK2 to eNodeB2 and sendsthe handover response to the OBU

Step 3 The OBU receives the handover response computesSK2=h(SK1120572) and then selects a random number a119894 andcomputes a119894D The OBU sends a119894D to eNodeB2 as the keyrequest

Step 4 TheeNodeB2 receives a119894D and then selects a randomnumber b119894 and computes b119894D Next the new session key

Sk119894=h(b119894a119894D) is generated and S119894=h(b119894a119894D119878119896119894minus1) is com-puted eNodeB2 sends b119894D S119894 to the OBU

Step 5 The OBU receives b119894D S119894 then computes 119878119894lowast=

h(a119894b119894D119878119896119894minus1) and verifies whether 119878119894lowast=S119894 Only if the

verification is successful the new session key SK 119894=h(a119894b119894d119894P)is rendered valid

Figure 4 illustrates the handover authentication phaseAfter completing the above interactions the OBU and

eNodeB2 share the new session key SK 119894

4 Security Evaluation

In this section the security objectives of the ARHAP schemeare analyzed The BurrowsndashAbadindashNeedham (BAN) logicalong with the results of analysis by using the formal ver-ification tool of automated validation of Internet securityprotocols and applications (AVISPA) is used to confirm thatthe security objectives can be met Analysis shows that theARHAP scheme can work correctly to achieve the securityobjectives In addition a comparative analysis of security


Figure 4 Handover authentication phase

functionality is done against other relevant schemes with theresults to show that theARHAP scheme is secure and efficientin the vehicular networks

41 Proof of Security Objectives At present the most widelyused method of formal analysis of security protocol is theformal logic analysis method It plays an important roleto verify security protocols especially the analysis of theauthentication protocol Cohen et al [24] proposed a kind oflogic expression based on the BAN logic of belief By BANlogic lots of protocols can be verified Furthermore BANlogic has played a significant role for the security protocoldevelopment

The logical symbols and inference rules of BAN logic [25]are described as follows

(1) PQ subjects that is the principal participants in theprotocol

(2) X message(3) K secret key(4) XK message X is encrypted with K(5) P|equivQ P believes Q(6) P⊲X P has received message X(7) P|simX P said X(8) Q997904rArrX Q has the jurisdiction to X(9) (X) X is fresh

(10) P Klarrrarr Q K is the common preshared key of P and Q

BAN logic specifies the message-meaning rules nonce-verification rules jurisdiction rules etc The messages abovethe horizontal line are known as the conditions while thosebelow it are the results deduced from the known conditions

(1) Message-meaning rules P shares the secret key Kwith Q If P receives a message that X encrypted withK then P believes that Q has sent X

(2) Nonce-verification rule if P believes that message Xis fresh and believes thatQ has sent X then P believesthat Q believes X

(3) Jurisdiction rules if P believes Q has sent message Xand P believes that Q believes X then P believes X

(4) Belief-joint rules ifP believesX andY then P believesmessages of a cascade of X and Y If P believes thatQ believes messages of a cascade of X and Y then Pbelieves thatQ believes X or Y If P believes thatQ hassaid X and Y then P believes thatQ has said X or Y ifP believes the message of a cascade of X and Y then Pbelieves X or Y

(5) Freshness-joint rule if P believes that X is fresh Pbelieves the entire message of a cascade with X isfresh

(6) Reception rules if P receives messages of a cascadeof X and Y we consider that P receives X or Y if Preceives the connection of the formula of X and Y weconsider that P receives X or Y P shares secret key Kwith Q If P receives message X encrypted with K wecan infer that P receives X

(7) Additional rules secret key K is fresh If P receivesmessage X encrypted with K and P believes that Pshares secret keyK withQ we can infer thatP believesQ has sent message X and that P believes that Qbelieves P shares secret key K with Q

In the following based on the BAN logic model we willexpress that the mutual authentication and key agreementbetween the OBU and the LTE-A network can be correctlyrealized The proof process is as follows

(1) Protocol Idealization To facilitate the derivation by usingBAN logic analysis the first step is to convert every step ofthe authentication into the idealized form

1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

(2) Initial Assumption The initial assumption is the impor-tant guarantee for the logic analysis on the proposed schemeto be successfully conductedThe assumption includes whichkey is the initial shared which key in some situations tobe trusted and which key generates a new value Initialassumptions for the proposed agreement are the following

1198601 119874119861119880 |equiv(119861)1198602 119890119873119900119889119890119861 |equiv(119860)1198603 119872119872119864 |equiv(119860)1198604 119872119872119864 |equiv(119861)

1198605 119874119861119880 |equiv119872119872119864 997904rArr 119874119861119880119889119861larrrarr 119890119873119900119889119890119861

1198606 119890119873119900119889119890119861 |equiv119872119872119864 997904rArr 119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861

1198607 119872119872119864 |equiv119874119861119880| 997904rArr 1198601198608 119872119872119864 |equiv119890119873119900119889119890119861| 997904rArr 1198611198609 119872119872119864 |equiv119874119861119880| 997904rArr 119868119863119874119861119880

11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861

(3) Protocol Goal The ultimate goal of the proposed schemeis to realize the mutual authentication between the OBU andthe eNodeB and establish a shared session keyThe expressionof the objectives can be expressed by BAN logic as follows

1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861

1198661199001198861198972 119874119861119880 |equiv119890119873119900119889119890119861|equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861

1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861

1198661199001198861198974 119890119873119900119889119890119861|equiv119874119861119880|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861

(4) Protocol Annotations and Target Derivation Based onm1we have

119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)

Based on Statement 1 and A11 by the message-meaningrule

119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩

Based on Statement 2 andA3 by the fresh value validationand freshness verification rules

119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩

Based on Statement 5 andA4 by the freshness verificationrule

119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)


119878119905119886119905119890119898119890119905 8 119874119861119880|equiv119872119872119864|sim⟨119860119861119874119861119880119889119861larrrarr119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 9 119874119861119880|equiv119872119872119864|equiv⟨119860119861119874119861119880119889119887larrrarr119890119873119900119889119890119861⟩

Based on Statement 9 and A5 by the control rule

119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩

Based on SK=h(adB)=h(abdP)

119878119905119886119905119890119898119890119905 11 119874119861119880|equiv⟨119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩ (Goal 1)

Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864


119878119905119886119905119890119898119890119905 13 119890119873119900119889119890119861|equiv119872119872119864|sim⟨119860 119861 119881119864119889119860larr997888rarr

119890119873119900119889119890119861⟩

Based on Statement 13 and A2 by the fresh value valida-tion and freshness verification rules

119878119905119886119905119890119898119890119905 14 119890119873119900119889119890119861|equiv119872119872119864|equiv⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩

Based on SK=h(bdA)=h(abdP)

119878119905119886119905119890119898119890119905 16 119890119873119900119889119890119861|equiv⟨119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩ (Goal

2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

Based on Statement 17 by the message-meaning rule


119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩

Based on Statement 19

119878119905119886119905119890119898119890119905 20 119874119861119880|equiv119890119873119900119889119890119861|equiv⟨119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩

(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩

Based on Statement 22 and A2 by the fresh valuevalidation and freshness verification rules


119890119873119900119889119890119861⟩



(Goal 4)By the logic presentation and derivation we can obtain

Goals 1ndash4 which show that the ARHAP scheme can real-ize the mutual authentication and session key agreementbetween the OBU and the eNodeB

42 Security Analysis In this section we analyze the securityfunctions of the ARHAP scheme to explain that it can resistsome malicious attacks such as replay attacks man-in-the-middle attacks and secrecy attacks

Proposition 4 The ARHAP scheme can make the OBUanonymity

Proof By the ARHAP scheme the OBU sends the accessrequest message A DID119874119861119880 C V1 ID119872119872119864 to the eNodeBwhile the real identity ID119874119861119880 of the OBU is protected byDID119874119861119880 = ID119874119861119880oplush(aC) Based on the computational dis-crete logarithm (CDL) problem any attacker cannot obtainthe random number a from A and cannot retrieve ID119874119861119880from DID119874119861119880 In addition due to the randomness of theparameter a the access request ie A DID119874119861119880 V1 sentby the OBU can be dynamically changed It can avoid theattacker tracing the moving history and the current locationof the OBU Therefore the ARHAP scheme can make theOBU anonymity

Proposition 5 The ARHAP scheme can provide a mutualauthentication and withstand attacks

Proof TheOBU the eNodeB and theMME should authenti-cate each other It requires that theARHAP scheme provides amutual authentication mechanism between any two of them

The ARHAP scheme is able to provide authentication ofthe eNodeB and the MME to the OBU Thus the attackercannot impersonate the OBU to cheat the eNodeB and theMME By the scheme the MME authenticates the OBU byverifying 1198811

lowast=h(h(ID119874119861119880y)R119860119862ID119872119872119864) with the receivedV1 = h(NR119860119862ID119872119872119864) As the attacker cannot possess theOBUrsquos password PWOBU it cannot compute the correctN=Qoplush(PW119874119861119880x119874119861119880) and cannot cheat the MME by forg-ing a request message Due to the one-time random numbera the request message sent by the OBU is dynamicallychanged in each momentThus the attacker cannot cheat theMMEby replaying a previous requestmessage Besides whenan OBU gets into the LTE-A network the authenticationof the eNodeB to the OBU is completely dependent onthe authentication of the MME to the OBU Therefore theattacker cannot cheat MME and eNodeB by masquerading asOBU

The ARHAP scheme can withstand the attacker imper-sonate eNodeB to cheat OBU and MME In our schemethe MME authenticates eNodeB by verifying the computedV2=E119878119890119873119900119889119890119861h(ABCert119890119873119900119889119890119861V1DID119874119861119880) as the attackercannot know eNodeBrsquos private key S119890119873119900119889119890119861 and compute thecorrect eNodeBrsquos digital signature V2 It cannot cheat MMEby masquerading as eNodeB Besides the authentication ofthe OBU to the eNodeB is completely dependent on theauthentication of the MME to the eNodeB Thus attackercannot perform an authentication from the MME and theOBU Therefore the attacker cannot cheat the MME and theOBU by masquerading as an eNodeB

The ARHAP scheme can withstand the attackerimpersonating the MME to cheat the OBU and the eNodeBBy the proposed scheme the eNodeB authenticates theMME by verifying the value of V3=E119878119872119872119864h(ID119890119873119861G119874119861119880Cert119890119873119900119889119890119861dAABDW1) because the attacker cannotknow the private key SMME of the MME to computethe correct digital signature V3 It cannot cheat theeNodeB by masquerading as the MME Besides the OBUcomputes W1=h(h(ID119874119861119880y)dBADID119890119873119900119889119890119861ID119872119872119864)and 1198821

lowast=h(NdBADID119890119873119900119889119890119861ID119872119872119864) to verify theeNodeB The attacker cannot acquire ID119874119861119880 and y it cannotforgeW1 to get the authentication from the OBU Thereforethe attacker cannot cheat the eNodeB and the OBU bymasquerading as the MME

Proposition 6 The ARHAP scheme is able to provide for-wardbackward secrecy

Proof Forwardbackward security means that an attackercannot derive the current session key from the previousgenerated session key By the proposed scheme the sessionkey SKrsquos parameters are generated from theOBU the eNodeBand the HSS They hold random parameters a b d Dueto the difficulty of the elliptic curve discrete logarithm


problem (ECDL) and the computational problem (CDH)the attacker cannot retrieve the correct values of a b daccording to A=aP B=bP D=dP R119860119862= aC= cA and R119861119862=bC= cB In addition since the 2 certifications before andafter are not related the proposed scheme can achieve perfectforwardbackward secrecy

Proposition 7 The ARHAP scheme can provide a localpassword authentication without a verification table

Proof In the vehicles an OBU can get ID and PW intothe terminal to calculate 119867lowast Then it can verify whether119867lowast=H If the validation fails the smart card will interruptthe conversationTherefore the proposed scheme by the useof a smart card to realize a local password authenticationcan effectively avoid unauthorized access By the proposedscheme it is obvious that the OBU the eNodeB and theMME will not maintain any verification table There is noverification table used by the proposed scheme

Proposition 8 The ARHAP scheme can achieve privacyprotection

Proof By the proposed scheme in the registration phasethe OBU uses public key Y to encrypt the real identity forthe transmission Only the MME private key can be usedto decrypt x In the handover process a temporary identityinstead of the real identity is used because only the safe entityMME knows R119894 The attacker cannot deduce the true identityof the OBU from the temporary identity IMSI due to therandom number of R119894 of the OBU which is used to process adifferent unrelated temporary identityTherefore the attackercannot track the OBU path for each OBU handover

Under emergency conditions if the OBU misconductsviolated the law that damages the VANET the MME securityentities will provide the true identity of the OBU to allowarbitration by law enforcement according to the nature of thespecific situation or operationThen theMME can obtain theuserrsquos real identity IMSI by calculation

Proposition 9 The ARHAP scheme can withstand a replayattack

Proof A replay attack before a legitimate access request ADID119874119861119880 CV1 to the eNodeB will finally receive themessageG119874119861119880W4 According to the CDLP problem the attackercannot compute A=aP as a random number of A and theattacker cannot calculate the session key SK=(adB) Hencethe proposed scheme can withstand a replay attack

43 Formal Verification To ensure that our proposed schemecan resist malicious attacks with the design of the securitygoals in mind we use a formal verification tool of AVISPAfor the formal verification of the proposed scheme

The AVISPA works following a complete set of modelchecking technologies It is a standard automatic formalanalysis tools The AVISPA takes the high-level protocolspecification language (HLPSL) as the description tool Bythe HLPS2IF translator it converts the description of theproposed scheme by the HLPSL into an intermediate format

Figure 5 Simulation of intruder attacks

(IF) and then its model detector is used to verify thesecurity functions The AVISPA has four security analysisterminals the On-the-Fly Model Checker (OFMC) theConstraint-Logic-Based Attack Searcher (CLAtSe) the SAT-Based Model Checker (SATMC) and Tree Automata basedon Automatic Approximations for the Analysis of Security(TA4SP) The four security analysis terminals have differentunderlying principles and focuses If a protocol can reach theexpected security goals the results of the security analysisand the corresponding data will be presented If the schemeis verified to be unsafe the terminal will show that it isthe unrealized expected safety goal To formally verify thesecurity functionality of the proposed ARHAP protocol ina LTELTE-A based VANET we use AVISPA to model andverify it

The ARHAP scheme works for the authentication in thehandover procedure from the service eNodeB to the targeteNodeB It is possible for AVISPA to simulate intruders whocan receive and send messages from their knowledge In theHLPSL an intruder is named i and its initial knowledgeis explicitly defined in the specification as the intruderknowledge=) In the process of the execution of theARHAP the HLPSL is used to describe the basic roles ofthe OUB and the eNodeB The result of a simulated intruderattack is shown in Figure 5 We simulate three intrudersattacking the execution of our schemeThe first intruder whocan receive all messages stores them in a knowledge baseThen it decrypts the information as if it has the key and buildsnew messages and sends them to any other eNodeBs Thesecond intruder named i replay an attack before a legitimateaccess request to the eNodeB The third intruder is using atemporary identity instead of a real identity disguised as anOBU to session with eNodeB By the simulation of intruderattacks we can know that the ARHAP scheme is secured

The HLPSL specification has been debugged while it willbe checked for the function of attack detection automaticallyby four checkers in the system If the proposed protocol issafe the checking result will report SAFE in SUMMARY InFigure 6 the test results show that the proposed handoverauthentication scheme is secure We use the backend OFMC


Figure 6 Results reported by the OFMC backend

for falsification and verification for a bounded number ofsessions We present the safety goal as the confidentialityof the key and the random numbers The validation of theOBU and the eNodeB is performed by a hash-chain valueused for rapid certification From the presented results wecan conclude that the proposed scheme can successfullyimplement the anonymity of the OBU provide mutualauthentication withstand various attacks and resist othermalicious attacks such as replay attacks Man-in-the-Middleattacks and secrecy attacks

44 Functionality Comparison It is obvious fromTable 2 thatour scheme has many excellent features and is more securethan other similar authentication schemes The OBU canresist various types of security attacks and achieve anonymitywhen the vehicle is in a VANET-based LTE-A network TheARHAP scheme needs relatively few communications andhas low computational cost

5 Performance Evaluation

In this section we compare the performance of our proposedscheme with several existing schemes The architecture ofthe VANET is the same as the one discussed in Section 2which is the LTELTE-A based VANET Computational andcommunication overheads are two very important perfor-mance indicators In this analysis we are mainly consideringthe computational and communication costs of the ARHAPscheme To obtain the quantitative results we have conductedvarious sets of simulations and compare the ARHAP schemewith several other typical handover authentication protocolsThenetwork environment has almost no difference so that theexperimental data from all protocols under the examinationcan be compared on the same basis

51 Computational Overhead The system configuration ofeach OBU is as follows We computed the execution timeof the above cryptographic operations using MIRACL Itis a famous cryptographic operations library and has beenwidely used to implement cryptographic operations in manyenvironments Each OBU has a basic frequency of 3 GHz

64-bit Intel E5-1607 processorwith thememory of 78GBTheoperations of theOBUs and the eNodeB aremodeled by usingMATLAB R2014b software Based on the models the perfor-mance evaluation is conducted The simulation environmentis established with the following parameters The distancebetween the service eNodeB and the target eNodeB is 300 mThe distance between the MME and the eNodeB is 10 kmThe cryptographic algorithms employed in the simulationare hash function SHA-256 symmetric encryption AES-128and ECDSA-160 The parameter settings and their valuesare listed in Table 3 The computational complexity of delayin two components (1) the mutual authentication and keyagreement and (2) handover authentication It refers to thetime required by network unit to process data includingdata encryption and the time needed to generate the keyObviously processing delays are heavily dependent on theprocessing scheme and computational complexity

The computational cost refers to the time taken by thecryptographic operations in the handover process and thecryptograph computing timeThe LTE [26] standard is beingexpanded bymany schemes Computational cost is an impor-tant measure involved in the handover time delay In thehandover process computational cost mainly includes hashoperation time symmetricdecryption operation time pointscalar multiplication operation time and linear operationtime Those encryption algorithms generally always havelower overheads In Table 4 we summarize the computationalcosts incurred by the ARHAP scheme and by the schemesappeared in [7 15 26]

Although our ARHAP scheme has been proved to besafe against various types of attacks tested other types ofmalicious attacks as well as unknown types of attacks thatcannot be predicted may interrupt the execution of theprotocol during the authentication and key establishmentphases Therefore it is assumed that any type of an attackmay randomly occur at any step of the protocol executionduring the authentication and key establishment phases TheARHAP scheme cannot proceed if an attack successfullyinterrupts its execution With an increasing number ofsuccessful attacks the average total time delay for a successfulexecution of the protocol will be longer The comparison ofthe average total time delay of the tested protocols is shownin Figure 7 The number of executions of the authenticationprocesses is 10000 And in one execution of the process it isassumed that there will be one attack to appear on averageIt is shown that the ARHAP scheme has lower computationaloverhead than that of the other schemes [7 15 26] Assumingthat the probability of successful attacks is 50 the figurereveals that the average total time delay incurred by SEAA[7] scheme or the HashHand [15] scheme is higher while thedelay incurred by the ARHAP scheme is obviously lower

52 Communications Overhead The communications costis the time taken for the message exchanges in the authen-tication processes for the handovers In the process of thehandover authentication the communication goes mainlybetween the OBU and the eNodeB between the eNodeBand the MME and between the service eNodeB and thetarget eNodeB In Table 5 we compare the communication


Table 2 Functionality comparison between the ARHAP scheme and others

ARHAP SEAA[7]

ASUA[12]

NAPP[13]

ESAA[14] HashHand [15] Nframe [23]

User anonymity Yes Yes No Yes No Yes YesMutual authentication Yes Yes Yes Yes No Yes YesAgainst impersonation attack Yes Yes Yes Yes No Yes YesResists eNodeB impersonation attack Yes No Yes Yes No Yes YesResists MME impersonation attack Yes No Yes Yes No Yes YesResists replay attack Yes Yes Yes No No Yes YesResists perfect forward attack Yes Yes Yes Yes Yes Yes YesResists perfect backward attack Yes No No No No Yes YesResists offline password-guessing attack Yes Yes Yes Yes No Yes YesResists insider attack Yes Yes Yes Yes No Yes YesNo verification table Yes Yes Yes Yes Yes Yes YesLocal password verification Yes Yes Yes No No No NoCorrect password change Yes Yes Yes Yes No No No

Table 3 Parameter settings

Parameters Value (bits)xP 1024gxmod p 1024Identity IDx 160Random number 128Hash function h(x) 160Encryptiondecryption 1024

Table 4 Computational cost notations

Notation MeaningTH Hash operation timeTS Symmetricdecryption operation timeTM Point scalar multiplication operation timeTP Linear operation time

Table 5 Comparison of communication costs

Scheme Communication (bits)SEAA [7] 3808HashHand [15] 4480LTE [26] 8350ARHAP 3552

costs of the ARHAP and those of other schemes The resultsshow that a vehicular network requires high frequency ofcommunication between the OBU and the MME The twoschemes of SEAA [7] and HashHand [15] require more timefor the handshaking communications while the communica-tion cost of the ARHAP scheme is concentrated on the shortdistance between the OBU and the eNodeB On the whole itcanmeet the requirements of the communication costs of theOBU in a vehicle with limited resource

[15][26]

Figure 7 Total computational overhead of tested protocols

As shown in Figure 8 the total transmission overheadof the ARHAP scheme is significantly lower than that ofLTE standard [26] The communications overheads of all theauthentication schemes grow linearly with the increase ofthe probability of successful attacks After a successful attackwith 50 probability is reached by the SEAA in [7] thecommunications overhead only slightly exceeds that of theHashHandrsquos [15] Each of the schemes has a larger overheadwhen the probability of successful attacks exceeds 60

53 Comparison of Handover Processes In Table 6 we com-pare the total operation time required for the handoverprocesses between the proposed scheme and other existingschemes Since the standard LTE [26] only has a hashoperation it is computationally fast lacking the requisitesecurity and anonymity LTE [26] is very vulnerable tothe replay man-in-the-middle and secrecy attacks Betweenthe OBU and the eNodeB the SEAA scheme mainly uses


Table 6 Comparison of the duration of handover processes

Scheme OBU eNodeBSEAA [7] 6TH+0TS+3TM+0TP 5TH+4TS+5TM+0TP

HashHand [15] 5TH+2TS+TM+3TP 5TH+3TS+TM+2TP

LTE [26] 4TH+0TS+0TM+0TP 2TH+0TS+0TM+0TP

ARHAP 2TH+2TS+3TM+TP 3TH+TS+2TM+TP

[15][26]

Figure 8 Total communications overhead of protocols

hash operation and point scalar multiplication operationwhich need to increase computational ability for the OBUThe HashHand [15] improves the security functionality withefficiency But it needsmore linear and symmetricdecryptionoperations The ARHAP scheme uses a hash calculation sothat the lower handover time inherent in the hash functionsreduces the computational overhead in the overall certifica-tion process

The operations of the OBUs and the eNodeB are modeledusing MATLAB R2014b software The computational cost ismodeled as an unknown function (UF) which can be gotfrom the equation UF= r1T119867+ r2T119878+ r3T119872+ r4T119875+r5 inwhich r1 r2 r3 r4 and r5 are random numbers Meanwhilethe TH TS TM and TP are all called unknown functions fortesting The computing process of UF is as follows Firstlyone number from the set [r1 r2 r3 r4 r5] is generatedrandomly and the other numbers are set to the fixed valueas 1 Secondly two numbers from the set [r1 r2 r3 r4 r5]are generated randomly and the other numbers are 1 Thisprocess will continue until all the numbers in the set [r r1r2 r3 r4 r5] are generated randomly Since more numbersin the set [r1 r2 r3 r4 r5] are generated randomly thehigher probability of successful attacks can be obtained Atthe same time the corresponding complexity and the valueof UF will be also increased Figures 9 and 10 complementthe information in Table 6 It is obvious that from 0 to 50of the probability of successful attacks the time consumptionfor the handover between the OBU and the eNodeB incurred

[15][26]

Figure 9 Handover time consumption of an OBU

by the ARHAP scheme is obviously less than that for theSEAA [7] and the HashHand [15] schemes And it is alittle bit higher than that for the LTE [26] Due to thelimited bandwidth available in various new mobile networks(eg body area sensor networks BSNs and vehicle-to-gridnetworks) minimal communication overhead is required forany deployed security solution HashHand [15] provides a keyupdate mechanism It is very similar with ARHAP We findthat from 50 to 90 of the probability of successful attacksthe computational cost of the modular operation is still highHowever ARHAP has included the password verificationwhich has improved anonymity security and efficiency Aslight increase in overhead is justifiable It is clear that areliable authentication scheme design should adopt suitablecryptographic operations with less computational overheadin order to achieve better performance and efficiency

6 Conclusions

In this paper we have proposed an anonymous handoverauthentication scheme for the LTE-A based VAVETs Basedon the technique of the ECC the proposed scheme cansuccessfully achieve the security requirements including theanonymous handover and the secure key agreement privacypreserving and the ability to resist various malicious attacksBy using BAN logic we have proved that the ARHAP schemecanmeet the security requirements in the handover processesin the VANETs Furthermore the ARHAP scheme is provedto correctly realize a mutual authentication between an OBUand a target eNodeB in the handover process with the abilityagainst various malicious attacks Compared with other


[15][26]

Figure 10 Handover time consumption of eNodeB

existing authentication schemes the ARHAP scheme has amuch better performance and can be applied to LTELTE-A based VAVETs We conclude that the proposed protocolcan efficiently reduce the computational and communicationcosts

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This work was supported in part by Joint Funds of NationalNatural Science Foundation of China and Xinjiang underGrant U1603261 in part by the State Key Program of NationalNatural Science Foundation of China under Grant 91420202and in part by the Project of High-level Teachers in BeijingMunicipal Universities in the period of the 13th five-year planunder Grant IDHT20170511

References

[1] J Cheng J ChengM Zhou F Liu S Gao and C Liu ldquoRoutingin internet of vehicles a reviewrdquo IEEETransactions on IntelligentTransportation Systems vol 16 no 5 pp 2339ndash2352 2015

[2] YQiuMMa andXWang ldquoAproxy signature-based handoverauthentication scheme for LTE wireless networksrdquo Journal ofNetwork and Computer Applications vol 83 pp 63ndash71 2017

[3] J Zhou M Ma Y Feng and T N Nguyen ldquoA symmetrickey-based pre-authentication protocol for secure handover inmobile WiMAX networksrdquoThe Journal of Supercomputing vol72 no 7 pp 2734ndash2751 2016

[4] Z Hameed Mir and F Filali ldquoLTE and IEEE 80211p forvehicular networking a performance evaluationrdquo EURASIPJournal on Wireless Communications and Networking vol 1 pp1ndash15 2014

[5] GAraniti C CampoloMCondoluci A Iera andAMolinaroldquoLTE for vehicular networking a surveyrdquo IEEECommunicationsMagazine vol 51 no 5 pp 148ndash157 2013

[6] D He C Chen S Chan and J Bu ldquoSecure and efficienthandover authentication based on bilinear pairing functionsrdquoIEEETransactions onWireless Communications vol 11 no 1 pp48ndash53 2012

[7] D Zhao H Peng L Li and Y Yang ldquoA secure and effectiveanonymous authentication scheme for roaming service inglobal mobility networksrdquo Wireless Personal Communicationsvol 78 no 1 pp 247ndash269 2014

[8] C Lai H Li R Lu and X Shen ldquoSE-AKA a secure andefficient group authentication and key agreement protocol forLTE networksrdquo Computer Networks vol 57 no 17 pp 3492ndash3510 2013

[9] C-K Han and H-K Choi ldquoSecurity analysis of handover keymanagement in 4G LTESAE networksrdquo IEEE Transactions onMobile Computing vol 13 no 2 pp 457ndash468 2014

[10] M Taha L Parra L Garcia and J Lloret ldquoAn Intelligenthandover process algorithm in 5G networks The use case ofmobile cameras for environmental surveillancerdquo in Proceedingsof the 2017 IEEE International Conference on CommunicationsWorkshops ICC Workshops 2017 pp 840ndash844 Paris FranceMay 2017

[11] D He S Chan C Chen J Bu and R Fan ldquoDesign andvalidation of an efficient authentication schemewith anonymityfor roaming service in global mobility networksrdquo WirelessPersonal Communications vol 61 no 2 pp 465ndash476 2011

[12] D-J He M-D Ma Y Zhang C Chen and J-J Bu ldquoAstrong user authentication scheme with smart cards for wirelesscommunicationsrdquoComputer Communications vol 34 no 3 pp367ndash374 2011

[13] C-T Li and C-C Lee ldquoA novel user authentication and privacypreserving scheme with smart cards for wireless communica-tionsrdquo Mathematical and Computer Modelling vol 55 no 1-2pp 35ndash44 2012

[14] H Mun K Han Y S Lee C Y Yeun and H H ChoildquoEnhanced secure anonymous authentication scheme for roam-ing service in global mobility networksrdquo Mathematical andComputer Modelling vol 55 no 1-2 pp 214ndash222 2012

[15] D He S Chan and M Guizani ldquoHandover authenticationfor mobile networks Security and efficiency aspectsrdquo IEEENetwork vol 29 no 3 pp 96ndash103 2015

[16] M Taha J M Jimenez A Canovas and J Lloret ldquoIntelligentAlgorithm for Enhancing MPEG-DASH QoE in eMBMSrdquoNetwork Protocols and Algorithms vol 9 no 3-4 p 94 2018

[17] M F Feteiha and H S Hassanein ldquoEnabling cooperative relay-ingVANET clouds over LTE-A networksrdquo IEEE Transactions onVehicular Technology vol 64 no 4 pp 1468ndash1479 2015

[18] 3GPP ldquoTechnical Specification Group Services and SystemAspects Service requirements for Home Node B (HNB) andHome eNode B (HeNB) (Rel 11)rdquo 3GPP TS 3GPP TS 22220V1160 3rd Generation Partnership Project 2012

[19] 3GPP ldquoTechnical Specification Group Core Network and Ter-minals Access to the 3GPP Evolved Packet Core (EPC) vianon-3GPP access networks (Rel 11)rdquo 3GPP TS 3GPP TS 24302V1140 3rd Generation Partnership Project 2012

[20] 3GPP ldquoTechnical Specification Group Services and SystemAspects Service requirements for Machine-Type Communica-tions (MTC) (Rel 12)rdquo 3GPP TS 3GPP TS 22368 V1200 3rdGeneration Partnership Project 2012

[21] C Wang M Ma and L Zhang ldquoAn Efficient EAP-Based Pre-Authentication for Inter-WRANHandover in TVWhite SpacerdquoIEEE Access vol 5 pp 9785ndash9796 2017


[22] A Vinel ldquo3GPP LTE versus IEEE 80211pWAVE which tech-nology is able to support cooperative vehicular safety applica-tionsrdquo IEEE Wireless Communications Letters vol 1 no 2 pp125ndash128 2012

[23] A Fu N Qin Y Wang Q Li and G Zhang ldquoNframe Aprivacy-preserving with non-frameability handover authenti-cation protocol based on (t n) secret sharing for LTELTE-AnetworksrdquoWireless Networks vol 23 no 7 pp 2165ndash2176 2017

[24] M Cohen andM Dam ldquoLogical Omniscience in the Semanticsof BAN Logicrdquo in Proceedings of the Foundations of ComputerSecurity Workshop pp 121ndash132 2003

[25] J Liu Q Li R Yan and R Sun ldquoEfficient authenticated keyexchange protocols for wireless body area networksrdquo EURASIPJournal on Wireless Communications and Networking vol 2015pp 1ndash11 2015

[26] 3GPP ldquoTechnical Specification Group Service and SystemAspects 3GPP System Architecture Evolution (SAE) Securityarchitecture (Rel 12)rdquo 3GPP TS 3GPP TS 33401 V12100 3rdGeneration Partnership Project 2013

Research ArticleAn Anonymous Handover Authentication Scheme Based onLTE-A for Vehicular Networks

Cheng Xu 12 Xiaohong Huang 1 Maode Ma 3 and Hong Bao2

1 Institute of Network Technology Beijing University of Posts and Telecommunications China2Beijing Key Laboratory of Information Service Engineering Beijing Union University China3School of Electrical and Electronic Engineering Nanyang Technological University Singapore

Correspondence should be addressed to Xiaohong Huang huangxhbupteducn

Received 22 October 2017 Accepted 28 May 2018 Published 3 July 2018

Academic Editor Jaime Lloret

Copyright copy 2018 ChengXu et alThis is an open access article distributed under theCreative CommonsAttribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Vehicular networks play an important role in the intelligent transportation systems which have gained technical supports from carindustry Due to the mobility and the broadcast nature of wireless communication security of the vehicular networks is a criticalissue for the academia and industry Many solutions have been proposed to target the security provisioning However most ofthem have various shortcomings Based on the elliptic curve public key cryptography algorithm in this paper we propose a newanonymous roaming authentication protocol for the Long Term Evolution-Advanced (LTE-A) supported vehicular networks Fora vehicular LTE-A network an authentication protocol should be able to fulfill a variety of security requirements which can be metby our proposal and proved by using BurrowsndashAbadindashNeedham (BAN) logic Compared with some existing solutions our schemehas lower communication costs with stronger security functionality The analyses on the security functions and the performanceof the proposed solution show that our scheme is secure and efficient with ability against various types of malicious attacks

1 Introduction

A vehicular ad hoc network (VANET) is a mobile self-or-ganized network in the intelligent transportation system(ITS) It has basic characteristics of a large delay-tolerantnetwork including long communication delays and multipleasynchronous transmission capabilities A vehicular networkis a variety of a mobile ad hoc network (MANET) used inITS [1] It is comprised of vehicle on-board units (OBUs)roadside units (RSUs) which are the fixed units deployed atsides of the road the control center etc An OBU at a vehiclecan equip a GPS device 3G4G communication modulesradar and the car-body-mounted sensory for identificationof its own state road conditions traffic on road status withthe ability to exchange information of the communicationsenvironment which includes the body position movementspeed driving direction states of communications link etc ARSU is a bridge of the vehicle and the Internet The vehicularnetwork not only needs to provide navigation and traditionalservices such as entertainment but also involves the collectionand distribution the traffic safety related information such ascollision warning alarm [2]

Recent research on vehicular network has focused onmajor five areas (1) the collaborative security applicationson the road safety for the vehicles involved [3] (2) datatransmission information distribution and data collationmethods (3) traffic and vehicle movement modeling (4)the physical layer and medium access control (MAC) layercommunications and (5) privacy and identity authenticationThese studies which are aimed at improving traffic andnetwork security the efficiency of traffic and the data com-munication can promote the development of the ITS [4]TheLong Term Evolution-Advanced (LTE-A) wireless systemshave been suggested to be used in the vehicular environmentsto improve the efficiency of the wireless communication invehicular networks With the application of the systemsthe design and deployment of the vehicular networks willneed less network components to obtain a higher systemcapacity and a larger coverage of thewireless communicationIn addition higher data rates low access latency flexiblebandwidth and seamless integration with other existingwireless communication systems could also be achieved[5]

HindawiWireless Communications and Mobile ComputingVolume 2018 Article ID 6251219 15 pageshttpsdoiorg10115520186251219











target eNodeB

EPC



OBUOBU

OBU

LTELTE-A

MMEHSS

























h() Hash function


decryption of key K








































































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References






































target eNodeB

EPC



OBUOBU

OBU

LTELTE-A

MMEHSS

























h() Hash function


decryption of key K








































































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References





























target eNodeB

EPC



OBUOBU

OBU

LTELTE-A

MMEHSS

























h() Hash function


decryption of key K








































































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References



































h() Hash function


decryption of key K








































































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References













































































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References





























































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References














































1198981 119874119861119880 997888rarr 119872119872119864 ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References





























1198982 119890119873119900119889119890119861 997888rarr 119872119872119864 ⟨119861⟩119878119890119873119900119889119890119861

1198983 119872119872119864 997888rarr 119874119861119880 ⟨119860 119861 119868119863119890119873119900119889119890119861 119874119861119880119889119861larrrarr

119890119873119900119889119890119861⟩ℎ(119868119863119874119861119880119910)

1198984 119872119872119864 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119889119860larr997888rarr

119890119873119900119889119890119861⟩119878119872119872119864

1198985 119890119873119900119889119890119861 997888rarr 119874119861119880 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870

1198986 119874119861119880 997888rarr 119890119873119900119889119890119861 ⟨119860 119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870






11986010 119874119861119880 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986011 119872119872119864 |equiv119874119861119880ℎ(119868119863119874119861119880119910)larr997888997888997888997888997888997888997888rarr 119872119872119864

11986012 119890119873119900119889119890119861 |equiv|119875119872119872119864997888997888997888997888rarr 119872119872119864

11986013 119872119872119864 |equiv|119875119890119873119900119889119890119861997888997888997888997888997888rarr 119890119873119900119889119890119861


1198661199001198861198971 119874119861119880 |equiv119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861


1198661199001198861198973 119890119873119900119889119890119861|equiv119874119861119880 119878119870larr997888rarr 119890119873119900119889119890119861



119878119905119886119905119898119890119905 1 119872119872119864 ⊲ ⟨119860 119868119863119872119872119864⟩ℎ(119868119863119874119861119880119910)


119878119905119886119905119890119898119890119905 2 119872119872119864|equiv119874119861119880|sim⟨119860 119868119863119872119872119864⟩


119878119905119886119905119890119898119890119905 3 119872119872119864|equiv119874119861119880|equiv⟨119860 119868119863119872119872119864⟩

Based on m2

119878119905119886119905119890119898119890119905 4 119872119872119864 ⊲ ⟨119861⟩119878119890119873119900119889119890119861


119878119905119886119905119890119898119890119905 5 119872119872119864|equiv119874119861119880|sim⟨119861⟩


119878119905119886119905119890119898119890119905 6 119872119872119864|equiv119874119861119880|equiv⟨119861⟩

Based on m3

119878119905119886119905119890119898119890119905 7 119881119864 ⊲ ⟨119860 119861 119881119864119889119861larrrarr 119890119873119900119889119890119861⟩ℎ(119868119863119881119864119910)






119878119905119886119905119890119898119890119905 10 119874119861119880|equiv⟨119874119861119880119889119861larrrarr 119890119873119900119889119890119861⟩



Based on m4

119878119905119886119905119890119898119890119905 12 119890119873119900119889119890119861⊲⟨119860119861119874119861119880119889119860larr997888rarr119890119873119900119889119890119861⟩119878119872119872119864



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩


119878119905119886119905119890119898119890119905 15 119890119873119900119889119890119861|equiv⟨119874119861119880119889119860larr997888rarr 119890119873119900119889119890119861⟩



2)


Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References





























Based on m5

119878119905119886119905119890119898119890119905 17 119874119861119880 ⊲ ⟨119860 119861 119881119864119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩



(Goal 3)Based on m6

119878119905119886119905119890119898119890119905 21 119890119873119900119889119890119861⊲⟨119860119861 119874119861119880119878119870larr997888rarr 119890119873119900119889119890119861⟩119878119870



119890119873119900119889119890119861⟩



119890119873119900119889119890119861⟩













































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References
























































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References









































ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References






























ARHAP SEAA[7]

ASUA[12]

NAPP[13]










[15][26]










[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References


































[15][26]




[15][26]



6 Conclusions



[15][26]





Acknowledgments


References





























[15][26]





Acknowledgments


References


































Documents

An Anonymous Handover Authentication Scheme Based on LTE-A ... anonymous hand… · ResearchArticle An Anonymous Handover Authentication Scheme Based on LTE-A for Vehicular Networks