Software defined networking with pseudonym systems for secure vehicular clouds

2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2560902, IEEE Access

1

Software Defined Networking with PseudonymSystems for Secure Vehicular Clouds

Xumin Huang, Rong Yu, Member, IEEE, Jiawen Kang, Ning Wang, Member, IEEE,Sabita Maharjan, Member, IEEE, and Yan Zhang, Senior Member, IEEE

Abstract—The vehicular cloud is a promising new paradig-m where vehicular networking and mobile cloud computingare elaborately integrated to enhance the quality of vehicularinformation services. Pseudonym is a resource for vehiclesto protect their location privacy, which should be efficientlyutilized to secure vehicular clouds. However, only a few ex-isting architectures of pseudonym systems take flexibility andefficiency into consideration, thus leading to potential threatsto location privacy. In this paper, we exploit software-definednetworking technology to significantly extend the flexibilityand programmability for pseudonym management in vehicularclouds. We propose a software-defined pseudonym system wherethe distributed pseudonym pools are promptly scheduled andelastically managed in a hierarchical manner. In order to decreasethe system overhead due to the cost of inter-pool communications,we leverage the two-sided matching theory to formulate andsolve the pseudonym resource scheduling. We conducted extensivesimulations based on the real map of San Francisco. Numericalresults indicate that the proposed software-defined pseudonymsystem significantly improves the pseudonym resource utilization,and meanwhile, effectively enhances the vehicles’ location privacyby raising their entropy.

I. INTRODUCTION

With the rapid development of wireless communica-tion technologies [1], [2], vehicles can utilize vehicle-to-infrastructure and vehicle-to-vehicle communications with thehelp of on-board devices to form vehicular networks. However,many emerging mobile applications require larger and securestorage [3] and complex computation, and brings new resourcechallenges to vehicular networks, e.g., vehicle platoon [4],real-time video streaming application [5]–[8] and vehicularaugmented reality, social media sharing [9], [10]. To meet thegrowing demands of radio and computing resources, vehicularnetworks take the advantages of cloud computing and areevolving towards vehicular clouds. From a system-level view,idle resources in vehicles, network infrastructures (e.g., road-side unit (RSU)) and cloud infrastructures (e.g, data center)can be recruited to form a vehicular cloud system. A typicalvehicular cloud system [11] consists of three different levels asfollowing. 1) At the bottom level, cooperative vehicles createa vehicular cloud. 2) At the middle layer, a set of adjacent

Xumin Huang, Rong Yu, and Jiawen Kang are with School of Automation,Guangdong University of Technology, China. Email: {xumin.huang, yurong,jiawen.kang.cn}@ieee.org.

Ning Wang is with the Center for Communications Systems Research,University of Surrey, U.K. Email: [email protected].

Sabita Mahajan and Yan Zhang (corresponding author) are with Simula Re-search Laboratory and University of Oslo, Norway. Email: [email protected],[email protected].

RSUs form a local cloud. 3) At the top layer, central cloudmanages resources in the system. While ubiquitous wirelesscommunication of pervasive cloud computing greatly facilitatethe formation and functioning of vehicular cloud, privacy andsecurity challenges remain to be addressed for this new domain[12], [13].

To secure vehicular clouds, we focus on pseudonym, whichis an essential resource for vehicles to protect location privacy[14]. Most of the privacy protection schemes are implementedon the basis of pseudonyms, e.g., group signature, silent pe-riod, and mix-zone [14]. Vehicles should periodically changetheir pseudonyms to avoid being continuously tracked. More-over, a third-party cloud service provider may pose potentialthreats to the vehicles because of data leakage [15]. Thisfurther highlights the importance of pseudonyms for vehiclesto protect privacy in vehicular clouds. Vehicles need to possesssufficient pseudonyms to be able to frequently change foranonymity.

Moreover, with the increasing number of vehicles,pseudonym management in vehicular clouds has become achallenging problem. The drawbacks of a previous centralizedapproach to manage pseudonyms mainly include two aspects:a heavy computing workload for the central cloud and abig backhaul delay for the vehicles. These vulnerabilitiesconfine the pseudonym system capacity, and also result inlow utilization of pseudonyms. Consequently, the pseudonymsmay not be sufficient to maintain the location privacy of thevehicles. To this end, a new pseudonym system with highflexibility and efficient pseudonym utilization is necessary. Weexploit Software Defined Networking (SDN) to significantlyenhance the flexibility and programmability for pseudonymmanagement in vehicular clouds. Software defined networkingis a novel technology to control the network in a logicallycentralized, programmable and systematic approach by decou-pling the physical data plane and the abstract control plane[16]. The potential of centralized knowledge, programmabilityand flexibility in SDN can satisfy the requirements of vehicularclouds and simplify pseudonym management, especially whenthe number of vehicles is high.

In this paper, we propose a Software-Defined PseudonymSystem (SDPS), where distributed pseudonym pools are de-ployed, quickly scheduled and elastically managed in a hier-archical manner. Besides, to decrease the system overhead dueto the cost of inter-pool communications, we leverage the two-sided matching theory to formulate and solve the pseudonymresource scheduling. The main contributions of this paper aresummarized as follows.

www.redpel.com +917620593389




• We propose a software-defined pseudonym system witha hierarchical architecture, which leverages the SDNtechnology to provide flexibility and programmability forpseudonym management.

• We develop the two-sided matching theory to solvepseudonym resource scheduling problem, which matchesthe optimal pseudonym transmitters and receivers todecrease the system overhead due to the cost of inter-pool communications.

• Numerical results show that the proposed software-defined pseudonym system significantly improves thepseudonym resource utilization, and effectively strength-ens the vehicles’ location privacy.

The rest of this paper is organized as follows. Section IIpresents the related work. We describe a new observationabout delay on pseudonym distribution approaches in SectionIII. A hierarchical architecture of software-defined pseudonymsystem is proposed in Section IV. Section V discusses thepseudonym-allocation problem, and we introduce the two-sided matching theory to solve this problem in Section VI.Performance evaluation of our proposed scheme is providedin Section VII. Finally, Section VIII concludes this paper.

II. RELATED WORK

Recently, a few studies have investigated the combinationof cloud computing and vehicular networks. The authorsin [11] presented a hierarchical architecture to organize thecloud resources in a vehicular network, consisting of threelayers: vehicular cloud, RSU cloud, and central cloud. In[17], the authors pointed out that the way of network serviceprovisioning changes when integrating the mobile cloud modelinto vehicular networks. The Vehicular Ad hoc Networks(VANET) Cloud, a new cloud computing model for VANET asintroduced in [18], consists of three layers: client layer, cloudlayer and communication layer. [19] proposed a new two-tier BUS-VANET that enables less delivery delay and higherdelivery rate than those of the traditional VANET.

Along with the system architectures and design principles,some researchers have shown great interest in the resourceallocation problem in vehicular clouds. Due to uncertainty ofthe vehicles’ behavior, the variation of available computationresources in vehicular clouds cannot be neglected. To addressthis problem, the authors in [20] proposed an optimal com-putation resource allocation scheme. The dynamic vehicularclouds make a decision about whether or not to locally processa service request. Then the computing resource allocationproblem in a vehicular cloud is formulated as a semi-Markovdecision process to maximize the total long-term reward of thevehicles. The authors in [11] focused on resource allocationand formulated the competition among virtual machines as anon-cooperative game. Similarly, RSU cloud resource manage-ment models in [21] employed SDN technology to decreasevirtual machine migration, and minimize the number of servicehosts and the infrastructure routing delay.

SDN is emerged as a promising approach for providing acentralized control method for global resource management incloud computing environment. The authors in [22] combined

SDN framework with cloud computing for cloud resourceoptimal control. A resource sharing strategy is designed withglobal optimum in the control plane and executed by eachcloud service provider in the data plane. [23] exploited SD-N technology to allow the flexible allocation of bandwidthcoordinated with virtual machine provisioning to minimizeusers costs. An optimal bandwidth provisioning and routingdecision on virtualized routers are made by a SDN controllerand then implemented on the physical network. Similar workon bandwidth allocation based on SDN was studied in [24] forguaranteeing quality of service. SDN bridges the gaps throughunified network abstraction and programmability, which alsocan be utilized for overcoming todays limitations in vehicularnetworks [25]. Through utilizing SDN framework to managethe cloud resources in vehicular clouds, a new paradigm of 5G-enabled vehicular networks was proposed in [26]. With SDNtechnology reconfiguring resources, an efficient RSU cloudresource management scheme aiming to minimize reconfigu-ration overhead was proposed in [21]. In this paper, we alsoconsider that SDN can be to coordinate among vehicles andallocate efficiently all kinds of resources in vehicular clouds.

Pseudonym is crucial for vehicles to protect their locationprivacy when forming a vehicular cloud for inter-vehicularcommunication [14]. Vehicles need sufficient pseudonymsto frequently change for location privacy preservation. Theschemes for pseudonym distribution can be broadly catego-rized into two groups. I) A centralized pseudonym pool dis-tributes pseudonyms to vehicles. In [27], each vehicle obtains48830 pseudonyms at a time, and uses these pseudonyms overa long time (e.g., one year). II) Distributed pseudonym poolsdistribute pseudonyms to vehicles by distributed pseudonympools. In [28], the vehicles periodically obtain a certain num-ber of resource (keys or pseudonyms) from local managers.

For efficient generation and management of pseudonyms,we adopt a distributed approach that distributed local cloudwith a pseudonym pool generates and manages pseudonyms.This approach can reduce pseudonym distribution delay andbalance the computing workload in vehicular clouds. Toimprove pseudonym utilization efficiency and to provideflexibility on pseudonym management, we propose a newpseudonym system, SDPS, for vehicular clouds. The vehiclesare mobile in both time and space, consequently causingdifferent pseudonym demands in time and from differentpseudonym pools. To address this issue, we design an efficientpseudonym scheduling and distribution scheme using the two-sided matching theory.

III. A NEW OBSERVATION ON PSEUDONYM DISTRIBUTION

In this section, we first introduce two pseudonym manage-ment approaches in detail. Furthermore, we make an observa-tion about pseudonym distribution and find out the advantagesof distributed pseudonym management approach.

A. Two Pseudonym Management Approaches

In the centralized pseudonym management approach, acentralized pseudonym pool stores all pseudonyms and cer-tificates, and distributes them to the vehicles for privacy

2





protection. Vehicles request and obtain pseudonyms throughRSUs. All the vehicles send pseudonym requests with digitalsignatures to nearby RSUs after encryption. The RSUs decryptand verify the pseudonym requests, and transmit these requeststo the central manager after encrypting and adding signaturesof the RSUs. The central manager decrypts and verifies thesignatures generated by the RSUs and the vehicles. The centralmanager encrypts the pseudonyms and transmits them to theRSUs. After decryption and verification, the RSUs send thepseudonyms to the vehicles.

For distributed pseudonym-management, there is a localauthority and a pseudonym pool in the local cloud. Vehiclesrequest pseudonyms from the local clouds. The process ofpseudonym distribution in the distributed approach is simpler.The local authorities generate and manage their pseudonymsin their own pseudonym pools. A vehicle sends an encryptedrequest with signature to its nearby RSU, which delivers therequests to a local authority. The local authority decryptsand verifies the request, and then distributes the encryptedpseudonyms to the vehicle. The vehicle verifies and receivesthe pseudonyms from the RSU. We observe that there areless handshake protocols and data transmission delay in thedistributed approach. Besides, for central pseudonym man-agement approach, all the pseudonyms include correspondingpublic and private keys and certificates. This brings a heavycomputing workload to the central cloud from pseudonymsgeneration to revocation. A distributed pseudonym manage-ment approach can be helpful to balance this computingworkload.

B. An Experiment about Pseudonym Distribution

In this subsection, we compare the distribution delay ofpseudonyms in different pseudonym management approaches.We select a map of the West University Place and BraeswoodPlace, Houston [29] as observation areas. Twelve RSUs aredeployed in this map according to the scheme proposed in[30]. There are four local clouds in the experiment, eachconsisting of four adjacent RSUs. Some of the vehicles aremobile within the region of interest. We consider that therequest for pseudonyms from the vehicles in different localclouds follows a Poisson process. The average key size is 1024bits in RSA algorithm [31]. The time taken to execute basicoperations in our experiment is referred from [32].

Fig. 1 shows that the distribution delay increases with theincrease in average arrival rate of the vehicles that requestpseudonyms. The pseudonyms distribution delay in the central-ized approach is higher compared to the distributed approach.Moreover, it is clear that the computing overhead of basicoperations of pseudonyms management (e.g., signing, encrypt-ing and decrypting) in the centralized pseudonym managementapproach is higher than that in the distributed approach sincethere are more handshake protocols in the former. The centralauthority manages pseudonyms of all the vehicles, while thelocal authorities only manage a part of the vehicles. Therefore,the distributed approach is more efficient than the centralizedapproach because of smaller distribution delay and lowercomputation overhead.

400 600 800 1000 1200 1400 16000

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

Average arrival rate of vehicles

Pse

udon

ym d

istr

ibut

ion

dela

y (s

)

Central pseudonym management systemDistributed pseudonym management system

Fig. 1: The distribution delay comparison of distributed andcentralized management.

IV. SOFTWARE-DEFINED PSEUDONYM SYSTEMS

In this section, we propose a software-defined pseudonymsystem, where distributed pseudonym pools are deployed,scheduled and elastically managed in a hierarchical manner.

A. SDN for Pseudonym Management

SDN has emerged as a novel approach to control the net-work in a centralized, programmable and systematic manner.The core concept of SDN is the separation between the controlplane and the data plane. By decoupling these two planes,network intelligence and state can be logically centralized andthe data forwarding is abstracted from applications [33]. Theflexibility of SDN can be an important advantage for cloudresource allocation to meet dynamic demands, and to improveresource utilization in vehicular clouds [21].

We exploit SDN technology to increase the flexibility andprogrammability for pseudonym management in vehicularclouds. To deploy SDN, a communication protocol betweenthe control plane and the data plane is required. We use theOpenFlow protocol, which is the defacto standard protocolfor SDN. It consists of OpenFlow controller and OpenFlowswitches. We design the pseudonym resource scheduling strat-egy in the control plane. Utilizing this strategy, the OpenFlowcontroller defines pseudonym forwarding rules for every Open-Flow switch in the pseudonym (data) plane. Some benefits ofleveraging SDN in the context of pseudonym management areas follows.

• Globalization: The centralized controller obtains globalknowledge about pseudonym resource, i.e., demand andconsumption rates of all local clouds. With these informa-tion, an optimal resource scheduling strategy is designedto allocate the pseudonyms on demand efficiently.

• Flexibility: SDN technology brings flexibility and pro-grammability into the vehicular clouds for pseudonymmanagement. Pseudonyms can be flexibly managed ac-cording to the heterogeneous characteristics of vehicularnetworks, such as mobility, topology and capability.

3





Central CloudData centerRegistration

authority

OpenFlow controller

OpenFlow switch

Pseudonym pool

Local data center

Pseudonym resource

Instruction communication

Data transfer

Co

ntro

l pla

ne

Da

ta p

lan

e

Local Cloud

Vehicular Cloud

RSU RSU RSU

Fig. 2: A hierarchical architecture of SDPS in vehicularclouds.

• Simplicity: By decoupling the pseudonym resource con-trols (control plane) and pseudonym forwarding functions(data plane), SDN simplifies pseudonym management.This goal can be achieved even if the number of vehiclesis high.

B. A Hierarchical Architecture for SDPSFig. 2 shows a hierarchical architecture for SDPS in ve-

hicular clouds, which is divided into data plane and controlplane. The vehicular clouds in this paper have three-layerclouds: central cloud, local cloud and vehicular cloud. Thereare a registration authority, a data center and an OpenFlowcontroller in the central cloud. The registration authoritymanages the digital certificates of all entities, e.g., vehicles,RSUs, OpenFlow switches, and pseudonym pools. The regis-tration authority is in charge of monitoring the behaviors ofall entities to ensure system security [27]. The data centerscollect and store the status information of all local clouds.These information include traffic flow, and the deploymentinformation of pseudonyms, which are used to design the op-timal pseudonym resource scheduling strategy. Some adjacentRSUs and a remote data center form a local cloud, includinga pseudonym pool with an OpenFlow switch. A group ofcooperative vehicles create a vehicular cloud to share vehicularresources.

Pseudonym is utilized in frequent vehicle-to-vehicle andvehicle-to-infrastructure communication for location privacypreservation. For example, when nearby vehicles in mo-tion constitute a dynamic vehicular cloud, inter-vehicle com-munication is normally required. For location privacy p-reservation, the vehicles without sufficient pseudonyms send

Control

plane

Data

planeForward among

pseudonym pools

Forward to

vehicles

OpenFlow switch

Check OpenFlow

switches

Define a pseudonym

flow table

Pseudonym-flow

table

Status information of

OpenFlow switches

Develop an optimal

resource scheduling

strategy

OpenFlow

controller

Fig. 3: Control plane and data plane in SDPS.

pseudonym requests to nearby RSUs. The local cloud sched-ules pseudonyms generated by its pseudonym pool to supportthe demands from vehicles. Generally, the pseudonym de-mands from vehicles in different local clouds may change overtime. This means that there exists redundant or on-demandpseudonym resource among the local clouds.

In the SDPS, pseudonyms are generated by local pseudonympools and transferred to other pseudonym pools in differentlocal clouds when necessary. The pseudonyms are managed bythe local clouds that distribute them. When some pseudonymsare distributed to a vehicle, these pseudonyms will be attachedwith signatures of the local clouds to indicate the manager.For example, a vehicle obtains some pseudonyms from thelocal cloud LC1. LC1 signs the pseudonyms and the vehiclemay enter another local cloud, e.g., LC2 . LC2 verifies thesignatures of the pseudonyms to authenticate the vehicle. Ifthe vehicle wants to request new pseudonyms from LC2,LC2 need to inform LC1 to perform revocation of the formerpseudonyms distributed to the vehicle. Then LC2 distributesnew pseudonyms to the vehicle.

The OpenFlow controller collects and analyzes the globalstatus information in vehicular clouds. To improve pseudonymutilization, the global controller makes an optimal pseudonymresource scheduling strategy, and then OpenFlow switches for-ward pseudonym flow. A pseudonym-flow table is designed bythe controller and sent to every OpenFlow switch. OpenFlowswitches receive the pseudonym-flow table, and forward thepseudonyms to vehicles or other pseudonym pools accordingto the flow rules. The system consists of the following SDNcomponents.

• OpenFlow controller: In the control plane, the Open-Flow controller is the logical central intelligence of thevehicular clouds, which controls the network behavior

4





of the entire system. The controller designs the optimalpseudonym resource scheduling strategy and generatesa detailed pseudonym-flow table for every OpenFlowswitch.

• OpenFlow switch: In the data plane, the pseudonympools equipped with OpenFlow switches are controlledby the OpenFlow controller to perform actions. Theyare stationary elements of data plane, which are respon-sible for forwarding pseudonym flow, e.g., forwardingpseudonyms to local vehicles or other pseudonym pools.

More details about functions of data plane and control planeare shown in Fig. 3 and are described next.

• Data plane: The pseudonym pools in local clouds gener-ate pseudonyms at a constant rate. There is an OpenFlowswitch in every pseudonym pool, and every OpenFlowswitch communicates with the OpenFlow controller. Ac-cording to flow rules in a pseudonym-flow table designedby the OpenFlow controller, a pseudonym pool maydistribute the pseudonyms to relative RSUs to makevehicles anonymous for privacy preservation in its cover-age. On the other hand, it can also transmit redundantpseudonyms to others, or receive a certain number ofpseudonyms from others. Therefore, the data plane isresponsible for performing pseudonym flow forwardingtasks in this system. Besides, status information aboutOpenFlow switches are also uploaded to the controllerfor checking.

• Control plane: The OpenFlow controller in the cen-tral cloud obtains global information about all thepseudonym pools and pseudonym requests from vehicles.The OpenFlow controller makes the optimal pseudonymresource allocation strategy among pseudonym pool-s. A pseudonym-flow table is also designed by thecontroller, and then it decides how the pseudonymsare forwarded in the vehicular clouds. The formatof an item in a pseudonym-flow table is shown as:PID From To Time . Here, “PID” denotes

the identification of pseudonym. “From” and “To”indicate where the pseudonym is generated from andtransmitted to, respectively. To can be an address of anRSU or other pseudonym pools. “Time” is the timestampof pseudonym generation. The goal of the pseudonym-flow table is to maximize the utilization of pseudonymresource by transmitting redundant pseudonyms to thepseudonym pools that fall short of pseudonyms. Dueto the cost of inter-pools communication, the redundantpseudonyms should be well scheduled and transferredfrom pseudonym transmitters to receivers among thepseudonym pools. To efficiently match transmitters andreceivers, we use two-sided matching theory to obtain theoptimal result after multi-rounds matching.

V. PROBLEM FORMULATION

In our model, the pseudonym pools with OpenFlow switchesform a network as an undirected graph G = G(V,E). Thenetwork of the pseudonym pools includes m nodes (i.e.,pseudonym pools) and n node pairs (i.e., edges and links).

The pseudonym pools in local clouds are denoted by V ={P1, P2, ..., Pm}. The set of edges E represents the undirectedpseudonym transmission links. The pseudonym data packetscan be transmitted between two connected pseudonym poolsvia wired link with smaller cost. During the transmission ofpseudonym data packets, the data packet loss per distanceunit is l [34]. Then the weights of edges are calculated bythe total pseudonym transmission loss (denoted as c) betweentwo connected pseudonym pools. Here, c = l • d, where dis the distance between two connected pseudonym pools. Allthe pseudonym pools are connected with each other. UsingDijkstra’s algorithm, the link with minimum communicationcost between any two pseudonym pools can be determined.Defining a symmetric matrix M=Dijkstra(G) as the inter-pool minimum communication cost matrix, the element of thematrix, mi,j(i ̸= j), represents the minimum communicationcost between pseudonym pool Pi and pseudonym pool Pj . Tomake this paper clear, we use m(Pi, Pj) to replace mi,j .

At the beginning of an observation period t (i.e., a timewindow), a pseudonym pool Pi possesses a certain amountof residual pseudonym resource Rt

i . Each pseudonym poolgenerates pseudonyms at a constant rate, θi. The averageconsuming rate of pseudonym resource of Pi in the followingtime (denoted as λt

i) can be estimated from the historicalrecords by statistical methods. During time interval T , ifRt

i > (λti − θi)T , Pi has a certain amount of redundant

pseudonym resource. Otherwise Pi lacks pseudonym resource.Let rti represent the difference between the amount of requiredresources and the amount of actual resources as follows,

r(Pi) =∣∣Rt

i + θiT − λtiT

∣∣ . (1)

Pi shares idle pseudonyms with other pseudonym pools or re-ceives pseudonyms from others. We represent the pseudonympool offering pseudonyms to others as OP, and the pseudonympool receiving pseudonyms from the OPs as RP.

In an SDPS, a pseudonym resource scheduling problemincludes three considerations.

• 1) OPs are rational to determine that how many idlepseudonyms can be offered to RPs after considering boththe current and future demands.

• 2) To decrease the system overhead, OPs prefer to offertheir idle pseudonyms to some proper RPs with smallerinter-pool communications cost.

According to this principle, an optimal pseudonym resourceallocation strategy among the pseudonym pools can be de-signed.

VI. SOLUTION FOR PSEUDONYM RESOURCE SCHEDULING

A. The Optimal Strategies for OPs

For OPs, they offer a certain amount of idle pseudonyms toothers according to a predefined utility function. The utilityfunction of an OP, OPi, consists of two components: thesatisfaction function and the cost function. The satisfactionfunction St

i is defined as

Sti = wi log(1 + ρtix

ti). (2)

5





Here, xti (xt

i ≥ 0) represents the amount of pseudonymresource that OPi would like to offer to others in time periodt. wi is the willingness of OPi, which is determined by itsgeographical advantage in G. wi can be expressed by

wi =k∑

j ̸=i

m(Pi, Pj), (3)

where k is a predefined constant. The form of wi is similarto the closeness centrality in [35]. Clearly, less pseudonymtransmission loss between OPi and other pseudonym poolsstimulates OPi to share its idle pseudonyms. The redundantlevel in the current time period of OPi is denoted by

ρti = aRt

i + θiT

λtiT

, (4)

where a is the redundant level gain and is predefined by thepreference of pseudonym pools. OPi is willing to offer morepseudonyms to others for higher utility, when it possesses moreidle pseudonyms. But OPi should take its demand level ofthe next time period (denoted as γt

i ) into consideration whenoffering idle pseudonyms to others. γt

i is defined as

γti = b

λt+1i

λti

, (5)

where b is the redundant level gain, that can be predefined.The cost of OPi offering resources to others is proportionalto γt

i . Thus, the utility function of OPi can be expressed as

uti = wi log(1 + ρtix

ti)− γt

ixti. (6)

Next, to obtain the optimal solution, we analyze the charac-teristic of the utility function. Differentiating ut

i with respectto xt

i, we get

∂uti

∂xti=

wiρti

(1+ρtix

ti) ln 2

− γti ,

∂2uti

∂xti2 = − wiρ

t2i

(1+ρixti)

2 ln 2< 0.

The utility function is concave, so we can obtain its maximalvalue by leveraging ∂ut

i

∂xti= 0. Thus, the optimal amount of idle

pseudonyms offering to others (denoted as xt∗i ) is expressed

asxt∗i =

wi

γti ln 2

− 1

ρti. (7)

For the sake of fairness, xt∗i is constrained by r(OPi) as

follows,

xt∗i = min(r(OPi),

wi

γti ln 2

− 1

ρti). (8)

B. Two-sided Matching among Pseudonym Pools

After calculating the optimal number of idle pseudonymsprovided by the OPs, a global controller in the central clouddecides how to allocate these pseudonyms to the RPs. The OPstransfer their idle pseudonyms to appropriate RPs for less costof the inter-pool communications. It is a matching problembetween the RPs and the OPs to decide that how to match anoptimal RP for every OP, which aims at decreasing the systemoverhead due to the cost of inter-pool communications.

We use a simple and efficient two-sided matching theorybased on Gale-Shapley algorithm to solve the problem ofoptimal pseudonym resource allocation [36]. RPs, as theinviters, will propose to the invitees OPs according to theirown preference lists (denoted as PL(Pi)). The PL is gener-ated and stored according to communication cost of differentpseudonym pools. In the preference list of RP i, OP j isarranged in the ϕi

j th order. Conversely, in the preference listof OP j , RP i is arranged in the φj

i th order. The preferencelists are described as follows:

OPj = PL(RPi, ϕij),

RPi = PL(OPj , φji ).

(9)

We take a pseudonym pool network consisting of two OPsand three RPs as an example. The preference lists of OPs andRPs are given as follows.

OP1 : {RP2, RP1, RP3};OP2 : {RP2, RP1, RP3};RP1 : {OP2, OP1};RP2 : {OP2, OP1};RP3 : {OP1, OP2}.

For simplicity, we consider that every RP demands the equalamount of pseudonyms and the redundant pseudonym resourceof every OP only can satisfy one RP. In the first round ofmatching procedure, every RP proposes to its favorite OPaccording to its preference list. In the first round of result,every OP chooses the favorite one from the existing invitersaccording to the preference list. More details are shown asfollows.

1st round procedure 1st round resultRP1 → OP2 RP1 →RP2 → OP2 RP2 ↔ OP2

RP3 → OP1 RP3 ↔ OP1

OP1 chooses to match with RP3 temporally because thatRP3 is the only inviter for OP1 in the first round. OP2 chooseto match with RP2 because that RP2 is prior to RP1 in thepreference list of OP2. Then RP1 has to choose the next OPin its preference list in the next round. Similarly, the secondround procedure and result are listed as

2nd round procedure 2nd round procedureRP1 → OP1 RP1 ↔ OP1

RP2 ↔ OP2 RP2 ↔ OP2

RP3 ↔ OP1 RP3 →After being rejected by OP2, RP1 proposes to OP1 in thesecond round. Due to the priority of RP1, OP1 prefers to breakthe previous matching result with RP3, and then receives theinvitation from RP1. As a result, RP3 has to stay alone in thisround. Although RP3 tries to propose OP2 subsequently, theresult in the second round is stable because that both OP1 andOP2 do not want to change their current inviters. Thus, twostable matches between RP1, RP2, RP3 and OP1, OP2 areformed and satisfy the requirement of the two-sided matching.According to the above example, we know that, to decrease thesystem overhead due to the cost of inter-pool communications,

6





the matching problem between RPs and OPs can be solved bya two-sided matching problem.

We use a binary variable, µ(RPi, OPj), to denote the finalmatching result. When the binary value is 1, it means that thepseudonym pools are matched. There may exist many roundsduring the process of two-sided matching. Every matchinground includes the following three stages.

1) Stage 1: The inviters propose to the invitees. RPs requestpseudonym resource and send queries to the first OP in theirpreference lists. Every OP that act as the invitee selects the bestpartner according to its own preference list. When multipleRPs propose to the same OP, the OP selects the best RP fromthe proposers. If an RP is rejected by any OP, the RP willpropose to the next OP in the RP’s preference list until it isaccepted or is rejected by all the OPs in its preference list.

Theorem 1: µ(RPi, OPj) = 1 will exist if and only ifϕij∑

s=1µ(RPi, PL(RPi, s)) +

φji∑

s=1µ(PL(OPj , s), OPj) = 0.

Proof: RPi proposes to OPj , which means that RPi

has already been rejected by those OPs that whose or-ders are prior to ϕi

j . The rejections are expressed byϕij∑

s=1µ(RPi, PL(RPi, s)) = 0. OPj accepts RPi, only

if OPj has no better proposer but RPi, which impliesφj

i∑s=1

µ(PL(OPj , s), OPj) = 0. This means that for RPi, it

has been rejected those OPs that are better than OPj inits preference list. So OPj is the best choice of RPi atthat time. Conversely, for OPj , the acceptation of RPi isdone because that there is no better inviter than RPi. Then,µ(RPi, OPj) = 1 will exist if and only if both RPi and OPj

have been matched with their own best partner. In summary,the final outcome of matching is the optimal two-sided result,because both inviters and invitees have been matched withtheir own best partner. The matching result is stable sinceboth the inviters and the invitees have no better choice [36].

2) Stage 2: OPs decide the amount of transmittedpseudonym resource. If µ(RPi, OPj) = 1, the amount ofpseudonym resource transmission between RPi and OPj

(denoted as t(RPi, OPj)) depends on m(RPi, OPj), x(OPj)and r(RPi). For decreasing transmission cost, the amount oftransmitted pseudonym resource is given by,

t(RPi, OPj) =

r(RPi) +m(RPi, OPj), r(RPi)+

m(RPi, OPj) < x(OPi);x(OPi), m(RPi, OPj) < x(OPi) ≤

r(RPi) +m(RPi, OPj);0, x(OPi) ≤ m(RPi, OPj).

(10)The actual amount of pseudonym resource received by RPi isequal to min(t(RPi, OPj)−m(RPi, OPj), 0).

3) Stage 3: Updating the members of inviters and in-vitees. If µ(RPi, OPj) = 1 and RPi obtains enoughpseudonym resource, which satisfies min(t(RPi, OPj) −m(RPi, OPj), 0) = r(RPi), RPi will split from the set ofRPs. Otherwise, RPi will update its resource status informa-

tion as follows,

r(RPi) = r(RPi)−min(t(RPi, OPj)−m(RPi, OPj), 0),(11)

and then joins into the next matching round. Thus, a new setof RPs occurs. OPj will update the status information afteroffering pseudonym resource to RPi, as

r(OPj) = r(OPj)− t(RPi, OPj). (12)

If OPj cannot offer enough amount of pseudonyms forany RP in the next round, which satisfies x(OPj) ≤min(m(RP,OPj)), it will split from the set of OPs. Oth-erwise, it still stay in OPs. When the set of RPs or OPs isempty, the matching process ends.

C. Pseudonym-flow Table

The optimal pseudonyms allocation strategy can be per-formed in terms of designing a detailed pseudonym-flowtable for every OpenFlow switch. For a local cloud, it firstsatisfies the local pseudonym demands and then transfersredundant pseudonyms to others. The local clouds transferpseudonyms to local vehicles or other local clouds in a batch.For instance, several pseudonyms are generated in OPi andpackaged together in time slot t. We denote this pseudonympackage as pti. According to the optimal pseudonym resourceallocation strategy, OPi should transfer ti,j (the number ofpseudonym packages) to RPj (j = 1, 2, 3...N). If there existsa local pseudonym request at this time, pti will be delivered tothe local requester otherwise it will be transferred to RPs or bestored in local pseudonym pool when

∑ti,j = 0. Following

this principle, a detailed pseudonym-flow table of OPi can bedesigned according to Algorithm 1.

VII. NUMERICAL RESULTS

In this section, we evaluate the performance of the proposedpseudonym resource scheme in an actual urban area of SanFrancisco. The latitude is from 37.73619 to 37.81505, andthe longitude is from -122.51431 to -122.36731. As shown inFig. 4, the observed area is approximately 11.03 × 7.6km2,which is divided into 8 grids (local clouds) according to thespatial distribution of vehicle hotspots in Fig. 5 [37]. Thecoverage of each local cloud is about 11 km2. In an urbanarea, the vehicles often take familiar routes in a specifiedtime period, such as similar trajectories from home to work inthe day time [38]. We also deploy 8 pseudonym pools in theobserved area shown in Fig. 4, whose locations are restrictedby the geographical conditions and the traffic load of eachlocal cloud. The pseudonym pools 1, 2, 3 and 4 are deployedin the commercial areas. And the pseudonym pools 5, 6, 7 and8 belong to the residential areas. This deployment strategy oflocal clouds follows the spatio-temporal distributions of thevehicles.

In this paper, we use the OpenFlow protocol to deploy theSDN [16]. Every pseudonym pool connects with an OpenFlowswitch, which is responsible for forwarding the pseudonymflow. A global OpenFlow controller is deployed at a remotecloud, which acts as the central cloud. There exists a data

7





Algorithm 1 Pseudonym distribution algorithm// An element denoted as A[j] in an array A[N ] indicateshow many pseudonym packets this OP, OPi, has transferredto RPj+1.

1: Initialize an array A[N ] = 0 and j = 0.2: while t ∈ T do3: Generate a pseudonym package, pti.4: if there is a local pseudonym request then5: Deliver pti to the local requester.6: else7: Initialize Flag ← 0.

8: whileN−1∑k=0

A[k] <N∑

k=1

ti,k AND Flag do

9: while j < N AND Flag do10: if A[j] < ti,j+1 then11: Transfer pti to RPj+1.12: A[j]← A[j] + 113: Next RP, j ← j + 114: if j == N then15: Initialize again, j ← 016: end if17: end if18: end while19: end while20: if

N−1∑k=0

A[k] ==N∑

k=1

ti,k then

21: Store pti locally.22: end if23: end if24: Next time slot,t← t+ 125: end while

center in the central cloud, which collects global real-timestatus information of the network. The OpenFlow controllercan access to the global information for predictions, analysesand decisions. According to pseudonym-flow rules designedby the OpenFlow controller, pseudonym resource is scheduledamong the pseudonym pools.

The pseudonym pools communicate with each other throughwired communication technologies. For simplicity, the trans-mission cost of pseudonyms (i.e., package dropout rate) is setto 1 unit/km and the generating rate of each pseudonym poolcan be equal, denoted by θ [14]. According to the vehicularstatistic data in [37], we set that the pseudonyms consumingprocess of each pseudonym pool follows a Poisson process,which the mean value ranges from 100 to 400 units per minutewith an observation time period (i.e., 1 hour).

Actually, the wired connections among the pseudonympools are restricted by geographical conditions. For example,pseudonym pool 7 is screened on three sides by three hills.It cannot directly connect to pseudonym pool 4, 6 and 8since there are some geographical obstructions, such as hillsand lakes. The network construction expense is too highto establish communication links across the hills. Thereforepseudonym pool 7 only establishes network connectivity withpseudonym pool 1 to decrease the network construction ex-pense. The nearby pseudonym pools without geographical

Fig. 4: The connection of pseudonym pools in the real mapof San Francisco.

Fig. 5: Spatial distribution of vehicle hotspots.

obstructions are directly connected with each other. Somepseudonym pools, that are far away from others, can alsoconnect with each other through multi-hop transmission, e.g,pseudonym pools 2 and 6.

A. Performance Comparison of Different Approaches

To further analyze the performance of our proposed ap-proach, we consider a typical scenario of unbalanced demandsof pseudonyms among pseudonym pools. The pseudonympools are divided into two sides: four pseudonym pool-s receiving pseudonyms from OPs (denoted as RP ={P1, P2, P3, P4}) and four pseudonym pools that offerpseudonyms to others (denoted as OP = {P5, P6, P7, P8}).The pseudonym generating rate of each pseudonym pool is100 units/minute. During the observation period of 1 hour, ifthe pseudonyms consuming rates of the RPs range from 300to 400 units/minute, it indicates that the RPs are busy. Whileif pseudonym consuming rates of the OPs range from 100 to200 units/minute, it indicates that the RPs are idle.

The pseudonym pools cooperate to share idle pseudonymsusing two-sided matching theory. During the observation time,

8





0 1 2 3 4 5 6 7 80

20

40

60

80

100

120

Pseudonym pool

Pro

babi

lity

of c

hang

ing

pseu

dony

ms

(%)

Without cooperationWith cooperationAverage value without cooperationAverage value with cooperation

Fig. 6: The performance comparison with respect to theprobability of obtaining pseudonyms from pseudonym pool.

0 1 2 3 4 5 6 7 80

0.5

1

1.5

2

2.5

3x 10

4

Pseudonym pool

Tot

al n

umbe

r of

ser

vice

d ve

hicl

es

Without cooperationWith coopeationAverage value without cooperationAverage value with cooperation

Fig. 7: The performance comparison of the total number ofserved vehicles.

the probability of vehicles obtaining pseudonyms from apseudonym pool is expressed by POi = min(1− Rt

i+θiTλtiT

, 1).Fig. 6 shows the performance comparison of different ap-proaches with respect to the probability of vehicles obtainingpseudonyms from pseudonym pools. From this figure, OPsare always able to satisfy the demands of the vehicles duringobservation time. It means that idle pseudonym resourcesharing has no influence on the performance of OPs sincethe OPs have enough pseudonyms to satisfy pseudonym de-mands of local vehicles. Moreover, RPs are able to improvePOi through obtaining some pseudonyms from OPs with thehelp of pseudonym-sharing. As a result, the performance ofthe whole network is improved when the pseudonym poolscooperate with each other. The average value of probabilityin our proposed approach is about 28% higher than thatwithout pseudonym-cooperation. Similar improvement can beobserved in Fig. 7, where the performance index is the totalnumber of served vehicles. The average value of the total

50 100 150 200

12.8

13

13.2

13.4

13.6

13.8

14

14.2

14.4

14.6

θ

Ave

rage

ent

ropy

of v

ehic

les

in th

e sy

stem

Without cooperationWith cooperation

Fig. 8: The performance comparison of different approacheswith respect to privacy entropy.

50 100 150 200 2500

10

20

30

40

50

60

70

θ

Sys

tem

ove

rhea

d

NPPM SchemeOur Scheme

Fig. 9: The performance comparison of different approacheswith respect to system overhead.

number of served vehicles with our proposed scheme is 40%higher than that without cooperation scheme.

Generally, the level of location privacy is quantified as theuncertainty of the information related to a specific vehicle.Here, the uncertainty is described by privacy entropy H . Themaximum H of a local cloud is given by Hm = log2(|S|)[39]. Here, |S| represents the total number of served vehicles,which can obtain the needed pseudonyms. Fig. 8 shows thatthe improvement of the average entropy of vehicles withcooperation is influenced by the pseudonyms generating rateθ. When the generating rate of pseudonyms is 50 units/minute,the maximum improved entropy is 12% in our scheme. Thisemphasizes the importance of pseudonym-cooperation amongpseudonym pools to improve the privacy entropy of vehicleswhen the pseudonym-generating rate is low. As the generatingrate of the pseudonym pools increases, the change of averageentropy is not obvious. It is because most of the pseudonympools can gradually satisfy the vehicles’ demands by them-

9





selves.Fig. 9 shows system overhead comparison between our

proposed scheme with the existing scheme [14]. One of theexisting schemes only schedules pseudonym resource amongnearby local clouds, which is called as Nearby PseudonymPools Matching (NPPM) scheme in this paper. Fig. 9 showthat our proposed scheme has less system overhead than thatof the NPPM scheme. It is because that pseudonym resourcein our scheme is scheduled via a global optimal way. In ourscheme, the two-sided matching theory is utilized to decreasessystem overhead due to cost of inter-pool communication-s. While the NPMM scheme can only schedule a part ofpseudonym resource among the nearby pseudonym pools,which generally takes more pseudonym-scheduling times tosatisfy pseudonym demand. Especially, when θ decreases, thenumber of pseudonym-scheduling times is increasing leadingto bigger system overhead.

B. Impacts of Different System ParametersFig. 10 shows the total amount of pseudonyms offered by

OPs with respect to different system parameters. Here, we setthe system parameters as [k, a, b] = [100, 1, 0.5]. The totalamount of offered pseudonyms by OPs increases when thegenerating rate of pseudonyms θ increases. The figure showsthat OPs can offer more idle pseudonyms when they generatemore pseudonyms. The amount of offered pseudonyms isinfluenced by the following predefined parameters, k, a, b andθ. Fig. 10(a) shows the higher value of willingness constant(k) brings more pseudonyms offered by OPs, when othersystem parameters are fixed. Fig. 10(b) shows that when theredundant level constant (a) increases, the total amount ofoffered pseudonyms also increases. But Fig. 10(c) shows thatthe total amount of pseudonyms offered by OPs is decreasedwhen OPs pay much more attention to predicted demand level(b) of the next time period. In summary, the system parameters,θ, k and a, are beneficial to increase the total amount ofpseudonyms offered by OPs. While the pseudonym demandsof the next time period brings negative influence to thetotal amount of offered pseudonyms. When the pseudonym-generation rate is high, the OPs are willing to share their idlepseudonyms to others. Otherwise, the OPs are not willing toshare pseudonyms even if k, and a are higher. Apparently, theOPs should first satisfy their own demand of pseudonyms, andthen consider to help others.

VIII. CONCLUSIONS

In this paper, we have proposed a software-definedpseudonym system, which exploits SDN technology to sched-ule and manage the pseudonyms among distributed pseudonympools. We have designed a hierarchical architecture of SDPSfor scheduling pseudonym resource from a global perspec-tive. To decrease the system overheads due to the cost ofinter-pool communications, we adopted a two-side matchingtheory to formulate and solve the matching problem amongthe pseudonym pools. Through extensive numerical result-s, we have illustrated that SDPS is efficient in improvingpseudonym-utilization, and that it also effectively strengthensthe location privacy of the vehicles.

50 100 150 200 2500

0.5

1

1.5

2

2.5

3

3.5x 10

4

θ

Tot

al a

mou

nt o

f offe

ring

pseu

dony

ms

k=50,a=1,b=0.5k=100,a=1,b=0.5k=150,a=1,b=0.5

(a) Different values of willingness constant (k).

50 100 150 200 2500

0.5

1

1.5

2

2.5

3x 10

4

θ

Tot

al a

mou

nt o

f offe

ring

pseu

dony

ms

k=100,a=0.5,b=0.5k=100,a=1,b=0.5k=100,a=5,b=0.5

(b) Different values of redundant level constant (a).

50 100 150 200 2500

0.5

1

1.5

2

2.5

3

3.5x 10

4

θ

Tot

al a

mou

nt o

f offe

ring

pseu

dony

ms

k=100,a=1,b=0.3k=100,a=1,b=0.5k=100,a=1,b=0.7

(c) Different values of demand level constant (b).

Fig. 10: Performance comparison of the total amount ofpseudonyms offered by OPs with respect to different k, a

and b.

IX. ACKNOWLEDGMENT

The work is supported in part by programs of NSFC underGrant nos. 61422201, 61370159 and U1201253, U1301255,

10





the Science and Technology Program of Guangdong Provinceunder Grant no. 2015B010129001, Special-Support Project ofGuangdong Province under grant no. 2014TQ01X100, HighEducation Excellent Young Teacher Program of GuangdongProvince under grant no. YQ2013057, Science and Technol-ogy Program of Guangzhou under grant no. 2014J2200097(Zhujiang New Star Program), and is partially supported bythe projects 240079/F20 funded by the Research Council ofNorway.

REFERENCES

[1] S. Xie and Y. Wang, “Construction of tree network with limited deliverylatency in homogeneous wireless sensor networks,” Wireless personalcommunications, vol. 78, no. 1, pp. 231–246, 2014.

[2] J. Shen, H. Tan, J. Wang, J. Wang, and S. Lee, “A novel routing protocolproviding good transmission reliability in underwater sensor networks,”Journal of Internet Technology, vol. 16, no. 1, pp. 171–178, 2015.

[3] Y. Ren, J. Shen, J. Wang, J. Han, and S. Lee, “Mutual verifiable provabledata auditing in public cloud storage,” Journal of Internet Technology,vol. 16, no. 2, pp. 317–323, 2015.

[4] M. Gerla, E. K. Lee, G. Pau, and U. Lee, “Internet of vehicles: Fromintelligent grid to autonomous cars and vehicular clouds,” in Internetof Things (WF-IoT), 2014 IEEE World Forum on, pp. 241–246, March2014.

[5] X. Jiang, X. Cao, and D. H. C. Du, “Multihop transmission and retrans-mission measurement of real-time video streaming over dsrc devices,” inWorld of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014IEEE 15th International Symposium on a, pp. 1–9, June 2014.

[6] J. Li, X. Li, B. Yang, and X. Sun, “Segmentation-based image copy-move forgery detection scheme,” Information Forensics and Security,IEEE Transactions on, vol. 10, no. 3, pp. 507–518, 2015.

[7] B. Gu, V. S. Sheng, K. Y. Tay, W. Romano, and S. Li, “Incrementalsupport vector learning for ordinal regression,” Neural Networks andLearning Systems, IEEE Transactions on, vol. 26, no. 7, pp. 1403–1416,2015.

[8] Z. Pan, Y. Zhang, and S. Kwong, “Efficient motion and disparityestimation optimization for low complexity multiview video coding,”Broadcasting, IEEE Transactions on, vol. 61, no. 2, pp. 166–176, 2015.

[9] M. Tinghuai, Z. Jinjuan, T. Meili, T. Yuan, A.-D. Abdullah, A.-R.Mznah, and L. Sungyoung, “Social network and tag sources based aug-menting collaborative recommender system,” IEICE TRANSACTIONSon Information and Systems, vol. 98, no. 4, pp. 902–910, 2015.

[10] F. Zhangjie, S. Xingming, L. Qi, Z. Lu, and S. Jiangang, “Achievingefficient cloud search services: multi-keyword ranked search over en-crypted cloud data supporting parallel computing,” IEICE Transactionson Communications, vol. 98, no. 1, pp. 190–200, 2015.

[11] R. Yu, Y. Zhang, S. Gjessing, W. Xia, and K. Yang, “Toward cloud-basedvehicular networks with efficient resource management,” Network, IEEE,vol. 27, no. 5, pp. 48–55, 2013.

[12] Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamicmulti-keyword ranked search scheme over encrypted cloud data,” IEEETransactions on Parallel and Distributed Systems, vol. 27, pp. 340–352,Feb. 2016.

[13] P. Guo, J. Wang, B. Li, and S. Lee, “A variable threshold-valueauthentication architecture for wireless mesh networks,” Journal ofInternet Technology, vol. 15, no. 6, pp. 929–936, 2014.

[14] J. Petit, F. Schaub, M. Feiri, and F. Kargl, “Pseudonym schemes invehicular networks: a survey,” Communications Surveys & Tutorials,IEEE, vol. 17, no. 1, pp. 228–255, 2015.

[15] Y. Park, C. Sur, and K.-H. Rhee, “Pseudonymous authentication forsecure v2i services in cloud-based vehicular networks,” Journal ofAmbient Intelligence and Humanized Computing, pp. 1–11, 2015.

[16] D. Kreutz, F. M. Ramos, P. Esteves Verissimo, C. Esteve Rothenberg,S. Azodolmolky, and S. Uhlig, “Software-defined networking: A com-prehensive survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76,2015.

[17] E. Lee, E.-K. Lee, M. Gerla, and S. Y. Oh, “Vehicular cloud networking:architecture and design principles,” Communications Magazine, IEEE,vol. 52, no. 2, pp. 148–155, 2014.

[18] S. Bitam, A. Mellouk, and S. Zeadally, “Vanet-cloud: a generic cloudcomputing model for vehicular ad hoc networks,” Wireless Communi-cations, IEEE, vol. 22, no. 1, pp. 96–102, 2015.

[19] X. Jiang and D. H. Du, “Bus-vanet: A bus vehicular network integratedwith traffic infrastructure,” Intelligent Transportation Systems Magazine,IEEE, vol. 7, no. 2, pp. 47–57, 2015.

[20] K. Zheng, H. Meng, P. Chatzimisios, L. Lei, and X. Shen, “Ansmdp-based resource allocation in vehicular cloud computing systems,”Industrial Electronics, IEEE Transactions on, vol. 62, no. 12, pp. 7920–7928, 2015.

[21] M. A. Salahuddin, A. Al-Fuqaha, and M. Guizani, “Software-definednetworking for rsu clouds in support of the internet of vehicles,” Internetof Things Journal, IEEE, vol. 2, no. 2, pp. 133–144, 2015.

[22] J. Ding, R. Yu, Y. Zhang, S. Gjessing, and D. H. Tsang, “Serviceprovider competition and cooperation in cloud-based software definedwireless networks,” Communications Magazine, IEEE, vol. 53, no. 11,pp. 134–140, 2015.

[23] J. Chase, R. Kaewpuang, W. Yonggang, and D. Niyato, “Joint virtualmachine and bandwidth allocation in software defined network (sdn) andcloud computing environments,” in Communications (ICC), 2014 IEEEInternational Conference on, pp. 2969–2974, June 2014.

[24] A. V. Akella and K. Xiong, “Quality of service (qos)-guaranteednetwork resource allocation via software defined networking (sdn),” inDependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12thInternational Conference on, pp. 7–13, Aug. 2014.

[25] Z. He, J. Cao, and X. Liu, “Sdvn: Enabling rapid network innovationfor heterogeneous vehicular communication,” IEEE Network MagazineSpecial Issue on Software Defined Wireless Networks, 2015.

[26] R. Yu, J. Ding, X. Huang, M. T. Zhou, S. Gjessing, and Y. Zhang,“Optimal resource sharing in 5g-enabled vehicular networks: A matrixgame approach,” IEEE Transactions on Vehicular Technology, to bepublished, 2016.

[27] M. Raya and J.-P. Hubaux, “Securing vehicular ad hoc networks,”Journal of Computer Security, vol. 15, no. 1, pp. 39–68, 2007.

[28] Y. Sun, Z. Feng, Q. Hu, and J. Su, “An efficient distributed key man-agement scheme for group-signature based anonymous authentication invanet,” Security and Communication Networks, vol. 5, no. 1, pp. 79–86,2012.

[29] U.S. Census Bureau. ”TIGER, TIGER/Line and TIGER-Related Prod-ucts”. [Online]. Available: http://www.census.gov/geo/www/tiger/.

[30] Y. Sun, X. Lin, R. Lu, X. Shen, and J. Su, “Roadside units deploymentfor efficient short-time certificate updating in vanets,” in Communica-tions (ICC), 2010 IEEE International Conference on, pp. 1–5, IEEE,2010.

[31] K. Singh, P. Saini, S. Rani, and A. K. Singh, “Authentication and privacypreserving message transfer scheme for vehicular ad hoc networks(vanets),” in Proceedings of the 12th ACM International Conferenceon Computing Frontiers, CF ’15, (New York, NY, USA), pp. 58:1–58:7,ACM, 2015.

[32] D. Huang, S. Misra, M. Verma, and G. Xue, “Pacp: An efficientpseudonymous authentication-based conditional privacy protocol forvanets,” Intelligent Transportation Systems, IEEE Transactions on,vol. 12, no. 3, pp. 736–746, 2011.

[33] H. Kim and N. Feamster, “Improving network management with soft-ware defined networking,” Communications Magazine, IEEE, vol. 51,no. 2, pp. 114–119, 2013.

[34] G. Baltoglou, E. Karapistoli, and P. Chatzimisios, “Iptv qos and qoemeasurements in wired and wireless networks,” in Global Communi-cations Conference (GLOBECOM), 2012 IEEE, pp. 1757–1762, Dec.2012.

[35] G. Sabidussi, “The centrality index of a graph,” Psychometrika, vol. 31,no. 4, pp. 581–603, 1966.

[36] D. Gale and L. S. Shapley, “College admissions and the stability ofmarriage,” American mathematical monthly, pp. 9–15, 1962.

[37] M. A. Hoque, X. Hong, and B. Dixon, “Analysis of mobility patternsfor urban taxi cabs,” in Computing, Networking and Communications(ICNC), 2012 International Conference on, pp. 756–760, IEEE, 2012.

[38] Y. Li, D. Jin, Z. Wang, P. Hui, L. Zeng, and S. Chen, “A markov jumpprocess model for urban vehicular mobility: modeling and applications,”Mobile Computing, IEEE Transactions on, vol. 13, no. 9, pp. 1911–1926,2014.

[39] K. Sampigethaya, M. Li, L. Huang, and R. Poovendran, “Amoeba:Robust location privacy scheme for vanet,” Selected Areas in Commu-nications, IEEE Journal on, vol. 25, no. 8, pp. 1569–1589, 2007.

11





Xumin Huang is now a Ph.D. student of net-worked control systems in Guangdong Universityof Technology, China. His research interests mainlyfocus on network performance analysis, simulationand enhancement in wireless communications andnetworking.

Rong Yu [S’05, M’08] received his Ph.D. degreefrom Tsinghua University, China, in 2007. He is afull professor Guangdong University of Technology(GDUT) now. His research interest mainly focuseson wireless communications and networking, in-cluding cognitive radio, wireless sensor networks,and home networking. He is the co-inventor ofover 10 patents and author or co-author of over 70international journal and conference papers. Dr. Yuis currently serving as the deputy secretary generalof the Internet of Things (IoT) Industry Alliance,

Guangdong, China, and the deputy head of the IoT Engineering Center,Guangdong, China. He is the member of home networking standard committeein China, where he leads the standardization work of three standards.

Jiawen Kang received the M.S. degree from theGuangdong University of Technology, China, in2015. He is now pursuing his Ph.D. degree inGuangdong University of Technology, China. Hisresearch interests mainly focus on resource man-agement, security and privacy protection in wirelesscommunications and networking. He is the author orco-author of 15 papers published in journals, maga-zines, and proceedings of international conferences.

Ning Wang [M12] received the M.E. degree inelectronic engineering from Nanyang University,Singapore, and the Ph.D. degree in electronic en-gineering from the University of Surrey, Guildford,U.K., in 2000, and 2004, respectively. Since 2009,he has been the Principal Investigator for severalEU and U.K. Research Grants in the areas of futureinternet design and network management and con-trol. He is currently a Reader with the Institute forCommunication Systems, University of Surrey. Hiscurrent research interests include information-centric

networking, network resource management and optimization, and smart gridcommunications.

Sabita Maharjan [M’09] is currently a Post-Doctoral Fellow with Simula Research Laboratory,Fornebu, Norway. She received her M.E. degreefrom the Antenna and Propagation Laboratory, Toky-o Institute of Technology, Tokyo, Japan, in 2008, andPh.D. degree in Networks and Distributed Systemsfrom Simula Research Laboratory and Universityof Oslo, Norway, in 2013. Her research interestsinclude wireless networks, network security and re-silience, smart grid communications, cyber-physicalsystems, machine-to-machine communications and

software defined wireless networking.

Yan Zhang [SM’10] is currently Head of Depart-ment, Department of Networks at Simula ResearchLaboratory, Norway; and an Associate Professor(part-time) at the Department of Informatics, Uni-versity of Oslo, Norway. He received a Ph.D. degreein School of Electrical & Electronics Engineering,Nanyang Technological University, Singapore. Heis an associate editor or on the editorial board ofa number of well-established scientific internationaljournals, e.g., Wiley Wireless Communications andMobile Computing (WCMC). He also serves as the

guest editor for IEEE Transactions on Smart Grid, IEEE Transactions onDependable and Secure Computing, IEEE Transactions on Industrial Infor-matics, IEEE Communications Magazine, IEEE Wireless Communications,IEEE Network, IEEE Systems and IEEE Internet of Things. He serves aschair positions in a number of conferences, including IEEE PIMRC 2016,IEEE Cloudcom 2016/2015, IEEE CCNC 2016, IEEE ICCC 2016, WICON2016, and IEEE SmartGridComm 2015. He serves as TPC member fornumerous international conference including IEEE INFOCOM, IEEE ICC,IEEE GLOBECOM, and IEEE WCNC. His current research interest include:wireless networks and reliable and secure cyber-physical systems (e.g., smartgrid, transport, healthcare). He has received 8 Best Paper Awards. He is asenior member of IEEE, IEEE ComSoc, IEEE VT society, IEEE PES andIEEE Computer society. He is a Fellow of IET.

12

