Elsevier

Vehicular Communications

Volume 16, April 2019, Pages 85-93
Vehicular Communications

Blockchain based secure data sharing system for Internet of vehicles: A position paper

https://doi.org/10.1016/j.vehcom.2019.03.003Get rights and content

Highlights

  • We present a method based on fair blind signatures and threshold secret sharing to realize conditional privacy in vehicles.

  • Our scheme not only prevents the acceptance of a fake message, but also mitigates the throughput limitation of blockchain.

  • We design a reward mechanism to encourage vehicles to broadcast announcement messages and maintain the blockchain(s).

Abstract

One of the benefits of Internet of Vehicles (IoV) is improved traffic safety and efficiency, for example due to the capability to share vehicular messages in real-time. While most of the vehicular messages only need to be shared by nearby vehicles, some messages (e.g., announcement messages) may need to be more broadly distributed, for example to vehicles in a wider region. Finding a single trusted entity to store and distribute such messages can be challenging, and vehicles may not be inclined to participate (e.g., generation and distribution of announcement messages) unless they can benefit from such participation. In addition, achieving both security and privacy can be challenging. In this paper, we propose a blockchain based secure data sharing system to address the above challenges in an IoV setting. Specifically, in our system, announcement messages are stored using blockchain. To encourage/incentivize participation, vehicles that faithfully broadcast the announcement messages and/or contribute to the block generation will be rewarded by some cryptocurrency. Our system is also designed to be privacy-preserving and realizes both priori and posteriori countermeasures.

Introduction

In an Internet of Vehicles (IoV) setting, vehicles are equipped with wireless communication modules and various sensors that allow a vehicle to collect and broadcast information, such as location, speed and road condition, to other vehicles and road-side units (RSUs) in the vicinity. Such communications are also respectively known as vehicle-to-vehicle and vehicle-to-roadside communications [1], [2], [3]. For instance, when it is detected that the emergency brake is applied in vehicle X, a warning signal will be sent to nearby vehicles in real-time so that other vehicles, particularly the vehicles that are in front, behind or beside vehicle X can take the appropriate actions. Not all information need to be sent in real-time, such as announcement messages [4] relating to road condition (e.g., icy road and flooding). On receiving such messages, vehicles may choose an alternative route. Such an announcement message usually needs to be distributed to vehicles in a wider region and does not require real-time processing.

There are, however, a number of known security challenges [5], [6], [7], [8]. For example, an attacker may broadcast fake information to mislead other vehicles. Hence, ensuring the authentication, non-repudiation and authenticity of messages (see Section 2.1) in IoV is crucial. Vehicle privacy is also another critical challenge, in the sense that vehicle's sensitive information (e.g., drivers' location history and identities) should not be revealed to other vehicles in the network. However, vehicle privacy and security are somewhat conflicting, as a ‘perfect privacy’ environment may result in the message generators not being able to be identified. In other words, such a feature can prevent an investigation of a misbehaving vehicle from taking place; thus, the need for conditional privacy. That is, one or several (cooperative) entities may reveal the true identity of a message generator only if a fake/fabricated message is found.

In the literature, conventional digital signatures combined with pseudonyms [9], [10] or group signatures [11], [12], [13] are widely employed to guarantee the security of alert signals. Such an approach is usually referred to as a posteriori countermeasure, where punitive action will be taken against users who were found to be publishing fake messages [14]. Another approach to secure the vehicular messages is called a priori countermeasure [4], [14], which mainly aims to prevent the acceptance of a fake message. Threshold mechanisms are usually used to realize a priori countermeasure in IoV [4]. Although priori countermeasures may guarantee stronger security in comparison to posteriori countermeasures, the former is not suited for securing the alert signals due to the exacting real-time requirement. A priori countermeasure is more suited for enhancing the security of announcement messages in IoV, where the real-time requirement is much less stricter than that in a posteriori countermeasure and advanced cryptographic tools may be applied to prevent a fake message in the first place.

In this paper, we focus on the security of announcement messages in IoV. Several priori schemes have already been designed to secure announcement messages in IoV, and some of these schemes may also achieve the posteriori property [4], [14], [15]. However, there remains a number of challenges that have not been resolved. For example, how do we efficiently distribute an announcement message to vehicles in a wide region (e.g., within a county or to neighboring counties)? In an ad-hoc network, finding a single trusted entity to store and distribute the announcement messages is also challenging, in practice. Also, how are we going to motivate vehicles to generate and forward the announcement messages to other vehicles, unless there is a way that the participating vehicles can benefit from such activities?

We posit the potential of blockchain in designing solutions to address these discussed challenges. Blockchain [16], [17] is a distributed database that stores time-ordered data. All participants work together to maintain the distributed database in a decentralized network. Specifically, blockchain enables trusted, and privacy-preserving data storage without trusting any organization. Besides, blockchain is equipped with an incentive mechanism, which can be used to motivate users to maintain the blockchain.

There are, however, challenges in applying blockchain directly in IoV. For example, anonymity in existing blockchain systems is either too strong or too weak. In the Bitcoin system [16], users use their public keys as their addresses. Thus, an attacker can determine the true identity of a user by analyzing a large quantity of transactional information related to the public key of the targeted user. Other blockchain systems, like Zerocoin and Monero [18], [19], protect users' privacy using zero-knowledge proof [20] or ring signature [21]. In IoV, vehicles' privacy should be conditional. If either zero-knowledge proof or ring signature is applied, then it would be challenging to reveal the true identity of a vehicle. In addition, most current blockchain systems have a low throughput. In the Bitcoin system, a new block is generated every ten minutes and only seven transactions per second can be handled [16]. In a large-sized (or busy) IoV deployment (e.g., in a dense city such as Shanghai and New York City), vehicles may generate thousands of messages in a short period of time. Hence, we need a blockchain system that can store a large number of messages quickly.

To overcome the above challenges, we propose a blockchain-based secure data sharing system for IoV. In our system, the IoV is divided into multiple regions. A parent blockchain and an auxiliary blockchain for each region are deployed to store the messages. The parent blockchain is managed by all the entities in the system, while each auxiliary blockchain is maintained by the entities in a region and is used to increase the throughput of the parent blockchain.

To realize conditional privacy in vehicles, we present a method based on fair blind signatures and threshold secret sharing. With the proposed method, vehicles can anonymously sign announcement messages. When a fabricated or malicious message is found, multiple organizations can cooperate to trace the true identity of the message sender. We also design a mechanism to achieve both priori and posteriori countermeasures. In our system, threshold technique (and multi-signature scheme [22]) is adopted to achieve the priori countermeasure (and the posteriori countermeasure, respectively). An announcement message is regarded as a trustworthy one, if and only if, the number of message generators (signers) reaches a threshold. As to the posteriori countermeasure, an announcement message should be signed using a multi-signature scheme, which decreases the number of messages that should be stored. If the announcement message is later found to be fake/fabricated, then the true identity of the message sender can be retrieved by using the conditional privacy property of our system. Therefore, our mechanism not only prevents the acceptance of a fake message, but also mitigates the throughput limitation of blockchain.

Finally, we also design a punish-reward mechanism. To encourage vehicles to broadcast announcement messages and maintain the blockchain(s), a vehicle that broadcasted a true announcement message or contributed to the block generation will be rewarded using cryptocurrency (in the context of this paper, some VCoins). On the contrary, if an announcement message is later found to be fake, the message generator should be punished, such as a monetary penalty paid using VCoin. This can be viewed as a supplement to our posteriori countermeasure.

We note that, for the blockchain, we mainly designed a new architecture for secure data sharing for VANET. In the architecture, we call the used cryptocurrency Vcoin. To improve the scalability of the whole system, we suggested using a sharding-style blockchain. Our architecture can be instantiated using any sharding-style blockchain. Ethereum or EOS style blockchains [23], [24] are all possible alternatives. We note that different instantiations may have different advantages. For instances, the advantage of EOS is zero transaction fee and is faster than Ethereum. However, Ethereum has better performance for decentralization than EOS. We also remark that the key contribution of this paper is the structure (i.e., architecture for secure data sharing for VANET), rather than any potential performance gains.

The rest of the paper is organized as follows. Section 2 introduces our security model and the relevant security tools. Our proposed secure data sharing system is presented in Section 3, whose security and efficiency evaluation is presented in Section 4. Section 5 concludes this paper.

Section snippets

Security model and security tools

In this section, we will describe the security model and the security tools (i.e., smart contract, fair blind signature scheme (FBSS), threshold secret sharing and multi-signature) that will be used in our system.

High-level description

As shown in Fig. 1, the proposed blockchain based secure data sharing system for IoV consists of vehicles, roadside units (RSUs), traffic management authority (TMA), issuers, tracers and law enforcement department (LED).

The entire IoV is divided into multiple regions according to their geographic locations. For example, each county or state can be viewed as a region. In each region, an issuer is employed to issue credentials for the vehicles in this region by using an FBSS. The latter is used

Security analysis

In this section, we show that our system is secure in the model defined in Section 2.1.

We first show that our system achieves authenticity. In fact, in our system, both prior countermeasure and posteriori countermeasure are adopted to prevent malicious vehicles from sending/distributing fake messages. As to the prior countermeasure, in our system, PBFT is used when there are sufficient vehicles around. Therefore, in this case, 33% of all nodes can be malicious in our system. In the most cases,

Conclusion

IoV will be increasingly common as more vehicles and other infrastructure become Internet-connected, the cost of Internet lowers and Internet connectivity becomes more commonplace. Hence, the need for secure data sharing will also be of ongoing interest.

In this paper, we proposed a blockchain based secure data sharing system for IoV, which is designed to facilitate vehicles to broadcast announcement message and enable trusted announcement message storage. Our system also realizes both

Acknowledgement

This work is supported by the National Key R&D Program of China (No. 2017YFB0802000), by the NSF of China under Grants 61572198, 61321064, by the Fundamental Research Funds for the Central Universities.

References (34)

  • D. Boneh et al.

    Short group signatures

  • L. Zhang et al.

    A scalable robust authentication protocol for secure vehicular communications

    IEEE Trans. Veh. Technol.

    (2010)
  • X. Lin et al.

    GSIS: a secure and privacy-preserving protocol for vehicular communications

    IEEE Trans. Veh. Technol.

    (2007)
  • Q. Wu et al.

    Balanced trustworthiness, safety, and privacy in vehicle-to-vehicle communications

    IEEE Trans. Veh. Technol.

    (2010)
  • M.H. Au et al.

    Anonymous announcement system (AAS) for electric vehicle in VANETs

    Comput. J.

    (2017)
  • S. Nakamoto

    Bitcoin: a peer-to-peer electronic cash system

  • L. Zhang

    Key management scheme for secure channel establishment in fog computing

    IEEE Trans. Cloud Comput.

    (2019)
  • Cited by (0)

    View full text