ASPA: Advanced Strong Pseudonym based Authentication in Intelligent Transport System

Intelligent Transport System (ITS) uses the IEEE 802.11P standard for the wireless communication among vehicles. A wireless ad hoc network of vehicles is established to improve road safety, comfort, security, and traffic efficiency. Wireless communication in ITS leads to many security and privacy challenges. Security and privacy of ITS are important issues that demand incorporation of confidentiality, privacy, authentication, integrity, non-repudiation, and restrictive obscurity. In order to ensure the privacy of vehicles during communication, it is required that the real identity of vehicles should not be revealed. There must be robust and efficient security and privacy mechanisms for the establishment of a reliable and trustworthy network. Therefore, we propose Advanced Strong Pseudonym based Authentication (ASPA), which is a distributed framework to handle the security and privacy issues of vehicle communications in ITS. ASPA only allows vehicles with valid pseudonyms to communicate in ITS. Pseudonyms are assigned to vehicles in a secure manner. The pseudonym mappings of vehicles are stored at different locations to avoid any chance of vehicle pseudonyms certificates linkability. In addition, the most recent communication pseudonyms of a malicious vehicle are revoked and are stored in the Certificate Revocation List (CRL) that results in small size of the CRL. Therefore, the CRL size does not increase exponentially. The distributed framework of ASPA guarantees, the vehicles privacy preservation in the real identities mapping and revocation phase. The empirical results prove that ASPA is robust and efficient with low computational cost, overhead ratio, average latency, and an increased delivery ratio.


I. Introduction
Intelligent Transport System (ITS) is one of the derived forms of Information and Communication Technology (ICT) that is established on vehicular communication. ITS enabled vehicles allow ITS users to obtain updated information of traffic situations. ITS reduces the cost of fuel in traveling and results in efficient driving [1][2][3]. Deficiency in driving seriousness and population growth results in un-necessary delays, congestions, and accidents in journeys [1,4]. Delays in traveling, road accidents, and congestions can be reduced through ITS [5].
vehicles to take part in ITS network and should preserve the real identities of authorized vehicles in communication. Advanced Strong Pseudonym based Authentication (ASPA) in ITS is an improved form of our preliminary contribution [7]. In this paper, the proposed framework is designed to be more robust and scalable by further reducing the computational costs.
The contributions of this paper are as follows: • A novel framework is proposed to involve multiple authorities for pseudonyms formation.
• The single authoritative behavior of the certificate authority is eliminated through distributed trust management methodology.
• The linkability of pseudonyms mapping at a single authority level is eliminated.
• A novel conditional revocation scheme is proposed in which upon malicious/awful activity only, a malicious vehicle is revoked through distributed mapping.
• The proposed framework is implemented using different security techniques.
• To examine the usefulness, appropriateness, and robustness of the proposed framework, it is analyzed through pervasive simulations and security analysis.
The rest of the paper is structured as: Related work is presented in Section II. The preliminaries of the proposed framework are discussed in Section III. The proposed revocation process is discussed in Section IV. In Section V performance analysis is discussed. Security analysis is presented in Section VI. In Section VII conclusion and future work is presented.

II. Related work
Intermittent communication in an ITS network requires reliable verification of the authenticity and integrity of safety messages or beacons [30]. Researchers have been actively working in ITS to preserve the real identities of vehicles. However, still, there is a big challenge for researchers to develop efficient and scalable security and privacy schemes. Generally, in ITS, privacy protection approaches are classified into Pseudonym Based (PB) schemes and Ring Signature Based (RSB)/Group Signature Based (GSB) approaches.
In most PB schemes, asymmetric/public key cryptography is used. In these schemes, the message is signed through the private key, while the signature is verified through the corresponding public key. Generally, in these approaches, a CA issues certificates along with pseudonyms and the mapping between the pseudonym and the real identity is performed by the CA.
Raya et al. [16] suggested a bulk of pseudonyms generation and its distribution to the vehicles. The source vehicle randomly selects a pseudonym from the bulk and signs the message through its private key, the receiving vehicle verifies the authenticity of the messages through the corresponding public key certificate. In case of a malicious activity, the CA maps the real identity of the vehicle. However, CA is a single threat model having all mapping information of vehicles. The authors of [31] presented a scheme that provides bulk of pseudonyms certificates to the vehicle. However, in this scheme the storage overhead is high. Similarly, in order to revoke bulk of pseudonyms, CRL size grows exponentially. Therefore, to reduce the size of CRL, hash chain idea is suggested by Sun et al. [32]. However, computation of hash chains incurs an additional computational cost.
Calandriello et al. [33] presented a scheme in which a common key pair is provided to vehicles that can be compromised. In addition, each time it is verified that the message is from a revoked vehicle or not. This produces an extra overhead. Rajput et al. [34] presented an approach in which RSUs take part in pseudonym generation and is prone to side channel attacks. Boneh et al. [35] and Zhang et al. [36] presented identity based verification schemes. In these approaches, tamper proof devices are used for pseudonym based identity certificates generation and storage. However, these schemes are prone to Sybil and colluding attacks. Lue et al. [37] discussed conditional privacy preserving protocol that allows RSUs to provide short time pseudonym keys to vehicles. However, RSU can be attacked easily due to its nature of deployment. Singh et al. [38] presented a scheme for beacons verification, anonymous credentials and camenish lysyanskaya signature is used. However, in this scheme, the computational and communication overheads are high.
Lefevre et al. [39] proposed an approach that allows direct linkability between the pseudonym and real identity of a vehicle. However, this linkability can jeopardize the privacy of vehicles. Schaub et al. [24] suggested a scheme in which the Registration Authority (RA) is responsible for the mapping of a pseudonym and is a single point of attack. Alheeti et al. [40] presented an approach that can prevent only external attacks. However, this scheme is vulnerable to internal attacks.
Kamat et al. [41] suggested the idea of a Trusted Authority (TA), which issues pseudonym certificates to vehicles. In this scheme, TA is a single threat model, because TA is responsible for pseudonym certificates generation and revocation. In addition, revocation information of vehicles are stored on base stations that are positioned in open areas and can easily be targeted. Wang et al. [42] discussed an approach that allows Key Management Centre (KMC) to keep all the vehicles information. KMC is a single threat model because it contains all the relevant information of vehicles. Kumar et al. [43] presented a pseudonym scheme, however the scheme provides low privacy.
TSO et al. [44] presented the idea of Certificate Less -Public Key Cryptography (CL-PKC) scheme to reduce the signature generation computational overhead and storage requirements. However, this scheme lacks support for revocation of malicious vehicles and is prone to active and passive attacks. Horng et al. [45] discussed an approach for V2I communication but lacks support for revocation of malicious vehicles. In addition, the signature authentication process can be performed by RSUs. However, RSUs are located in open infrastructure and are prone to side channel attacks [46].
In RSB/GSB schemes [47][48][49], vehicles group are formed and the public key certificates are used to check the authenticity of vehicles in a group. The group keys are used to hide the real identity of a vehicle in a group from other members of the group. In RSB/GSB schemes, the messages for a group are signed through a respective ring/group key. However, there is a limitation of scalability in RSB/GSB approaches. Shamir et al. [48] presented an early scheme of GSB in which RSU is used to sign and authenticate messages. However, due to side channel attacks, RSUs cannot be allowed to actively participate in ITS communication.
Zhang et al. [49] discussed a scheme to manage a group in which RSU acts as a group manager. However, due to its nature of deployment RSUs can be compromised. Liu et al. [50] presented a revocable ring signature scheme to secure ITS. However, this scheme is not scalable because it is for a particular ring/group. The work proposed in [51] suggested for vehicles security and privacy, revocable ring signature. However, this approach incurs high overhead due to the timely distribution of CRL among all vehicles, as the CRL size is increasing exponentially. Zhu et al. [52] presented a GSB approach, however, the scheme is not scalable. Hu et al. [53] proposed a hybrid approach of security but is prone to side channel attacks [1].
In GSB schemes there are issues of scalability, group management, pairing based computational costs, and full trust on the group manager. Similarly, most PB approaches suffer from high computational costs, communication overheads, security threats, and storage requirements, due to large size of CRL and bulk of pseudonyms in the vehicle OBU. Related work shows that reliable and efficient trustworthy schemes are still a big challenge for the researchers. In this paper, the next section presents a new framework, Advanced Strong Pseudonym based Authentication (ASPA), to generate pseudonyms in a distributed manner with a higher degree of secure communication among vehicles and service providers. In the proposed framework, vehicles privacy is addressed efficiently.

III. Preliminaries
This section consists of the proposed ASPA framework, assumptions, design objectives, security tools, privacy metrics, the ASPA protocol, and the attack model.

A. ASPA framework
Secure communication in ITS requires the protection of actual identities of vehicles. In the ASPA framework, the real identities of vehicles cannot be revealed by a single authority. In addition, in the case of an awful behavior, malicious vehicles should be revoked and accountability should be performed. In order to avoid linkability, the ASPA framework is implemented in a distributed manner to use fictitious identities and certificates. The ASPA framework consists of: • Vehicular Manufacturing Company (VMC): An initial pseudonym is provided by the VMC to the vehicle in a secure link. In order to limit the single authoritative behavior of CA, the ASPA framework considers the manufacturing industry. In the ASPA framework, the real identity of a vehicle is hidden from the CA. In the proposed framework the vehicle interaction is considered only once with the VMC or if ownership of the vehicle is changed.
• Certification Authority (CA): After successful verification of the vehicle from the VMC, the CA issues Long Term Certificate (LTC) to the vehicle in a secure channel. The expiration time of a vehicle LTC in a normal situation is one year or the CA can set it in the field of the timestamp. Therefore, the vehicle can interact with the CA for the LTC after every year or as given in the timestamp field.
• Long Term Certification Authority (LTCA): After a trustworthy authentication process, the LTCA issues a Pseudonym Certificate (PC) in a secure channel to the vehicle. The expiration time of a vehicle PC in a normal situation is six months or the LTCA can set it in the field of timestamp but must be less than the LTC lifetime. Therefore, the vehicle can interact with LTCA for the PC after every six months or as given in the timestamp field.
• Pseudonym Provider (PP): The Short term Communication Pseudonyms (SPCs) are provided by the PP or cascaded PPs in a secure channel to the vehicle. This is done after a trustworthy authentication process. In order to get SPCs for V2V communication, the interaction of the vehicle with PP is frequent.
• Source vehicle: The safety messages/beacons originator (Vi), uses its private key to sign the safety messages and disseminate them. The SPC and the corresponding public key are appended with the sign beacons.
• Receiving vehicle: The receiving vehicle (Vj) verifies the beacons/safety messages through the SPC. The verification of the signature is performed through the corresponding public key. In case of spurious beacons, the Vi is reported for revocation from ITS to PP, CA, and Law Enforcement Organization (LEO). The Vj discards a beacon, if a beacon signature is not verified.
In the proposed framework of ASPA, the SPCs validity is between 10 to 50 milliseconds. The SPCs validity lifetime is kept small to ensure un-linkability of communication pseudonyms. In case, if a vehicle is detected awful, no more SPCs can be issued to the vehicle. Furthermore, all the previously issued SPCs should be isolated from ITS network. The LEO can reveal the real identity of a vehicle only after detection of an awful activity. In case, if the vehicle ownership changes, all the issued certificates should be revoked. This revocation should provide inaccessibility of the previous private communication and real identity protection. The new owner requires the repetition of steps from VMC to PP as discussed in Section III-F.

B. Assumptions
It is inferenced that the real identity of a vehicle is disclosed by the VMC to LEO once a vehicle is found malicious. All the aforementioned entities should have secure and trustworthy communication. A PP will be detached, if it is compromised. In the ASPA framework for V2X communications, RSUs act as routers. RSUs do not actively participate in the generation of communication pseudonyms. This is because of side channel attacks. A vehicle can request for pseudonyms from the authorities directly using 4G/5G/Internet or through RSUs. In order to provide un-linkability of SPCs by the attacker, there will be a number of PPs. All the functional entities in the proposed ASPA framework, clocks are synchronized. This synchronization is required because of timestamps in the secure communication.

C. Design objectives
The design objectives of the proposed ASPA framework are as follows: • Reduced computational cost: The computational cost of the proposed framework will be reduced, to efficiently work in more complex scenarios. Therefore, the ASPA becomes more robust and scalable.
• Confidentiality and authentication: The communication between vehicles and all the service providers will be encrypted. Similarly, without disclosure of the true identity of a legitimate vehicle, it will be verified and authorized. The receiving vehicle will authenticate a source vehicle and its beacons without disclosure of its valid identity.
• Integrity of communication: If beacons are altered, the beacons signature will not be verified. Therefore, unproven beacons will be shredded and discarded.
• Non-repudiation: If a signature is verified, this will show the authenticity of source vehicle beacon. In this case, the communication cannot be refused.
• Revocation: If a vehicle or a pseudonym is revoked, again it will not be used in the ITS.
• Restrictive obscurity: Restrictive obscurity is rendering in the ASPA framework. The privacy of a vehicle will be preserved if it follows the ASPA rules. Only in case of an awful activity, the real identity of a vehicle will be revealed/disclosed.

D. Security primitives
ASPA implements a sequence of secret and public key cryptographic strategies. Secret Key Cryptography (SKC) processes are more efficient than Public or Asymmetric Key Cryptography (AKC) processes. However, the non-repudiation service cannot be provided only through SKC. Therefore, to address security and privacy features efficiently, we merge the SKC and AKC strategies. In ASPA framework, for SKC, we implement Advanced Encryption Standard (AES) and for AKC, two schemes are implemented. One of the AKC schemes is Rivest, Shamir, and Adleman (RSA), while the other scheme is the Digital Signature Algorithm (DSA).
A key pair of private and public keys are generated through the vehicle OBU. The signature is generated through the private key, the corresponding public key is transmitted along with beacons to verify the authenticity of beacons at the receiving vehicle. The following two methods are considered to generate the key pairs, which are as follows:

Method 1
• The generation of two random prime numbers is performed. For instance, a and b are generated, n is calculated, such that: • The computation of public key (pb) is performed through Eq (2). Where, Greatest Common Divisor (GCD) between pb and totient function (φ(n)) is 1. where, • The computation of private key (pr) is performed through Eq (4).

Method 2
• Generate a prime number of size 2X, where X = 128 bits.
• Generate a number b such that: • Calculate c, such that: where, such that: Similarly, • Generate a private key such that: • Calculate public key such that: Therefore, private key is {pr} and public key is {pb}.
In the proposed ASPA framework, AES uses 128 bits (16 bytes) data block and secret key size is 128 bits (16 bytes). In case, if the safety message size is more than 16 bytes, the Cipher Feedback Mode (CFM) scheme is implemented [54]. In case of smaller size of a data block from 16 bytes, padding is considered to make the size of data block compatible with the key size. For the first block of data, a random number known as a nonce (N) is exclusive OR (XOR) after encryption process. Similarly, the previous block of ciphertext acts as a random number for the next block of plain text. Fig 3, shows the ASPA, CFM process. The message will be authenticated, after an ITS-S (vehicle or server) gets the secured message.

E. Privacy metrics
A trustworthy privacy scheme should guarantee a high level of obscurity. A range of metrics are discussed, to assess the level of privacy through pseudonyms. The metrics that will be used for evaluation are as following: • Anonymity set size: The size of Anonymity Set (AS) is the number of the vehicles that are included in the AS [55]. In security and privacy schemes, the AS size should be larger than one. However, the AS metric assumes the entire range of vehicles is adequately being the victim. Therefore, as discussed in [56], the AS metric cannot be examined to express that the attacker, targeted how many vehicles in the network. Therefore, preferably of AS, entropy is suggested [56].
• Entropy of the AS size: Information theory provides the concept of entropy. Entropy describes anxiety in a random variable. The number of vehicles are shown by a random variable. For instance, the probability of a random variable N is as follows: Where, j in Eq (13) shows a possible range of vehicles, which can be viewed by N, with probability y j >0. The probability y j shows the contents of the messages that can be associated with the vehicles. Therefore, the entropy can be measured through Eq (14).
In Eq (14), y j shows a vehicle probability, while j represents the attacked vehicles. If all vehicles have the same attack probability, the AS has a uniform distribution of probabilities. The entropy maximum value can be achieved by Eq (15).
For instance, in an ITS, if the number of the vehicles is 25 and we inference that there is an equal probability for all vehicles to be attacked, then y j = 1/25, y j = 0.04 and 4.64 is the entropy. A greater AS size is achieved through a high value of entropy. In ITS, as the vehicles are increasing, there will be an increase in the entropy.
• Anonymity level: If there is no past information of vehicles AS with an attacker, the following difference can be used to describe the attacked data: (H max −H(N)). Where H(N) is the sufficient AS size and the ultimate entropy is H max . The degree of entropy i.e., d is suggested by Diaz [14] that is a normalized amount in [0, 1] range. Therefore, Eq (16) is used to calculate the degree of anonymity.
The proposed ASPA framework tries to address a high level of anonymity through a robust and distributed mechanism.

F. ASPA proposed protocol
The VMC pre-loads an ITS-S (vehicle) with a secret key. The vehicle requests through the secret key from the VMC for an initial pseudonym. Furthermore, the vehicle requests for LTC from CA. The credentials of the vehicle are checked by the CA in CRL. If the vehicle does not exist in the CRL, Algorithm 1 is executed. The notations used in the ASPA protocol are given in Table 1 The proposed ASPA protocol elaborates that: • Step 1: The request of the vehicle from the VMC is performed through K VVMC for an initial pseudonym.
• Step 2: The vehicle gets an initial pseudonym through KVVMC from the VMC.
• Step 3: It shows the request of the vehicle for the LTC from the CA through Pk CA .
• Step 4: The authentication of the vehicle is performed by the CA from the VMC through Pk VMC . • Step 5: The vehicle is verified or declined by the VMC through Pk CA .
• Step 6: After the vehicle is successfully verified from the VMC, the CA issues LTC to the vehicle through KV. If the vehicle is found malicious, the CA reports it to LEO for accountability.
• Step 7: The LTCA is informed by the CA through Pk LTCA about the LTC.
• Step 8: It shows the request of the vehicle for PC from the LTCA through Sk 1 . The LTCA checks both the tokens that are forwarded by the vehicle and the CA. If the tokens are verified, then Step 9 is executed.
• Step 9: The vehicle gets a PC from the LTCA through Sk 1 .
• Step 10: PP or cascaded PPs are informed by the LTCA regarding the PC of the vehicle in a secure link.
• Step 11: It shows the request of the vehicle for SPCs from PP through Sk 2 . This request is based on the PC that is issued by the LTCA.
• Step 12: The PP verifies the request of the vehicle and issues SPCs through Sk 2 for V2X communication.
The vehicle registration process pseudo code is discussed in Algorithm 2. Once PP or cascaded PPs issue, SPCs to the vehicle, the vehicle communicates through SPCs with other vehicles and RSUs as shown in Fig 5. If a bogus beacon is received from a V i , V j reports LEO regarding Vi revocation. The revocation process of a malicious vehicle is discussed in Section IV.

G. Attack model
In the attack model of ASPA framework, different threats are considered. In the proposed framework, VMC issues initial pseudonym to the vehicle in an encrypted channel. Therefore, the internal or insider attacker at CA, LTCA or PP cannot obtain the real identity of a vehicle. Similarly, after obtaining LTC, PP, and SPCs, the VMC is unaware of the valid identity of a vehicle during V2X communication. Furthermore, an external attacker cannot obtain any private information, because of encrypted and pseudonymized communication. All the communication in the proposed framework is encrypted and integrity protected, therefore, active and passive attacks are limited. Similarly, if the beacon contents are altered or a bogus message is inserted, the beacon signature cannot be authenticated.
Theorem A: The proposed framework is semantically protected against active and passive threats.
Proof: Let during the communication, an attacker gets an encrypted and pseudonymized message. In order to find the valid key, the attacker has to go through 2 128 (3.4x10 38 ) keys. Where, the key size in the proposed framework is 128 bits. If there is a very powerful system with an attacker in the worst case that can compute 10 6 decoding per microsecond. The total required time is (5.4x10 18 ) years, which is impractical in ITS. It is extremely difficult for an attacker to eavesdrop the communication without the key. Further to enhance the proposed framework security, the nonce (N) is also used. Therefore, without the key and the nonce, it is impossible for an attacker to eavesdrop the communication. The proposed framework implements a distributed mechanism with strong security and privacy strategies.
Similarly, if an attacker tries to insert a bogus message or alter the contents of the message, the message signature cannot be authenticated and un-authenticated beacons are simply discarded. For an attacker that wants to launch active attacks, he/she needs in real time, the generation of key pairs. However, for keys generation, the attacker should have prior knowledge of the parameters as elaborated in Section III-D. Therefore, it is impractical to generate the keys that eliminate the active attacks concept. The ASPA implements strong privacy and security strategies among the vehicles and service providers that guarantee a high level of privacy.
Entropy is used to evaluate theorem A. Entropy elaborates the security of messages in a network. The discrete set of probabilities that can be expressed in case of ITS [14,56] is given below: and, The Shannon entropy further provides a technique to evaluate the probabilities, which measures the average minimum number of bits required to encrypt a text of symbols, based on its frequency in the text and is given by: numBits = [H(X)]. Where, H(X) represents the protected information. Highly secure communicated information can be represented through a high value of entropy. The high value of entropy ensures that passive and active attacks are impossible.
In ITS, information theory provides that for neighboring vehicles, the probabilities are as following: Oðx; yÞ ¼ fðx þ 1; yÞ; ðx À 1; yÞ; ðx; y þ 1Þ; ðx; ðy À 1Þg: In Eq (19), the coordinates of the vehicle are represented by x and y. The vehicle private key total weights corresponding probabilities are as following: Zðx; yÞ ¼ P ði;jÞεOðx;yÞ HðXÞ � Wððx; yÞ; ði; jÞÞ: ð20Þ The key security, normal values at an iteration t + 1 is represented by its neighboring normal values average weights at a previous iteration t and is given in Eq (21 The proposed framework security primitives guarantee a higher level of privacy i.e.: where H(X) shows the amount of secured information, H max represents the maximum entropy, and d represents the level of security and privacy. For instance, if there are 50 vehicles and it is inferenced that there is an equal probability for all vehicles to be targeted, then p x i ð Þ ¼ 1 50 ; p x i ð Þ ¼ 0:02, and the entropy is 5.64. Similarly, H max = Log 2 |N| = 5.64, and d = 1. As discussed in Section III-E, d is a normalized quantity in the range of [0, 1]. ASPA framework guarantees a higher level of security and privacy for varying number of vehicles.

IV. Revocation in ASPA
A malicious vehicle revocation and resolution process of the proposed ASPA framework is shown in Fig 6. Its steps are as follows: • Step 1: The receiving vehicle of a bogus beacon (V j ) that is affected, updates PP regarding the V i (malicious vehicle). The SPCs are revoked and are broadcasted by the PP. The revoked broadcasted SPCs of V i cannot be authenticated. Therefore, honest vehicles cannot be misguided.
• Step 2: The V j updates CA for the revocation of V i .
• Step 3: The V j updates LEO regarding Vi revocation from ITS and its accountability.
• Step 4: PP or cascaded PPs are informed by CA regarding not issue more SPCs and are directed to send the V i pseudonymous information to LTCA.
• Step 5: CA is asked by LEO regarding V i revocation from ITS and its real identity mapping.
• Step 6: The LTC is revoked by the CA after the LTCA replies. The LTCA is asked to revoke PC after PP replies and reports back regarding the pseudonym of Vi.
• Step 7: LTCA receives the pseudonym information of Vi from PP.
• Step 8: After receiving the PC of Vi, LTCA reports back to CA regarding Vi pseudonym.
• Step 9: LEO receives the pseudonym information from CA.
• Step 10: LEO forwards the pseudonym information of V i to VMC for the mapping of its real identity.
In this mechanism, the V i real identity can be disclosed. According to the laws of a particular country, the LEO takes action. The revocation and resolution protocol steps are presented in Algorithm 3.  The beacons along with pseudonyms are kept in the vehicle OBU for a short time period. The beacons are authenticated quickly through pseudonyms and the public key. The vehicle (V i ) signs the beacon through its private key, while the corresponding public key is linked with beacons, therefore, the communication cannot be refused. The signature verification process and the pseudonyms with beacons ensure the services of integrity and non-repudiation. Algorithm 4 shows the pseudo code of a malicious vehicle revocation and resolution process. In the proposed frame work of ASPA, the exponential growth of CRL is controlled through revocation of the most recent communication pseudonyms. Therefore, the revoked pseudonyms cannot be authenticated. Furthermore, a distributed/targeted attack cannot be carried out on a vehicle, as beacon consists of public key for the signature verification along with SPC. All the communication pseudonyms are provided through secure channels as discussed in Section III-F. Once a malicious vehicle or pseudonym is revoked, it cannot take part in the ITS. However, if V j does issue a false positive claim, the LEO has its LTC pseudonym information. The LEO can take action against V j because in this case, V j is acting as a malicious vehicle. Therefore, LEO presents the LTC of V j to CA and gets the pseudonym information of V j . The LEO enquires from VMC for the real identity of V j . The CA revokes LTC of V j , LTCA revokes the PC of V j , and PP is not required to issue more SPCs. In this way V j can be revoked from the ITS network. According to the laws of a particular country, the LEO takes action.
Algorithm 4 Pseudo code of ASPA revocation and identity mapping 1: if V j reports to LEO 2: if V j reports to CA 3: if V j reports to PP 4: PP revokes the valid SPCs of V i 5: LEO requests CA for mapping the factual identity of V i 6: CA revokes LTC and LTCA revokes PC 7: PP sends the available information of V i to LTCA 8: LTCA sends the available information to CA 9: CA reports back to LEO regarding V i 10: LEO requests VMC to reveal the original identity of V i 11: end if 12: end if 13: end if

V. Performance analysis
The proposed framework of ASPA is evaluated through Opportunistic Network Environment (ONE) simulator [7,57]. A core i7 laptop with 8GB RAM is used for the evaluation of the proposed framework. The experiments are performed 200 times. In order to perfectly evaluate the proposed framework, different speeds and network scenarios are considered. The parameters, which are considered in the simulations, are listed in Table 2. In order to analyze the performance of ASPA, the network parameters that are given below are analyzed.
• Average latency = Average (Message delivered time-Message created time) • Overhead ratio = (Relayed messages-Delivered messages) / Delivered messages • Delivery ratio = Delivered messages / Relayed messages

A. Average latency
The effect of average latency in different scenarios of sparse and dense networks with variable speeds of the proposed ASPA framework is shown in Fig 7. The results elaborate that without ASPA, ASPA with RA, ASPA with DA, and ASPA with RD network scenarios have no significant differences. In all forms of beacons, the same trend is observed. However, in Fig 7(A), the average latency increases. The reason for this increase is that vehicles with slow speed are advancing slowly and get congested. Therefore, more beacons have received that results to utilize more bandwidth. In all type of scenarios, less than one millisecond's average latency is observed. Only in a sparse scenario of ASPA with RD, 1.1 milliseconds average latency is observed. Furthermore, in Fig 7(B) reduction in average latency is not smooth. The reason for this staircase is that vehicles with medium speeds are moving in the range of 51-80 km/h. Therefore, the distances among the vehicles are varying. Sometimes, due to less and more distances more or less beacons are received. In case of more beacons, more bandwidth is utilized. Similarly, in case of less beacons, less bandwidth is utilized.
In summary, implementation of the proposed framework in sparse network scenarios points to an increase in the average latency. While in dense network scenarios the average latency is either stable or reducing. The security and privacy layer does not affect communication.

B. Overhead ratio
It is important to show the effect of overhead ratio/communication overhead with and without ASPA. The results retrieved during the simulations as shown in Fig 8 provide similar trends in all type of scenarios. A high overhead ratio is observed, when vehicles received more beacons. This is due to minimum distances among vehicles and more collisions. In all experiments, less than 2% communication overhead between ASPA and without ASPA is observed, which is negligible when considering security and privacy features.

C. Delivery ratio
The delivery ratio is an important parameter that shows the appropriateness of the proposed ASPA framework. The results shown in Fig 9 follow no change in the status of delivery ratio with the implementation of ASPA. In medium and high speed scenarios, Fig 9(B) and 9(C), the delivery ratio either increases or remains stable. This is due to less bandwidth being occupied to accommodate moderate number of beacons, when there is an increase in the vehicles distances. While in Fig 9(A), the delivery ratio reduces after the number of vehicles goes beyond 75. The reason for this decrease is that the vehicles with slow speeds get closer and acquire more beacons. More bandwidth is required for more beacons and beacons are dropped. Therefore, the implementation of the security and privacy primitives in ASPA does not disturb the beacons delivery ratio.

D. Computational cost analysis
The ASPA computational cost is evaluated and presented in Tables 3, 4 and 5, respectively. The beacon generation time is less than 4 milliseconds. Similarly, the beacon authentication time is less than one millisecond. Therefore, in the proposed framework of ASPA, vehicles efficiently generate and authenticate a large number of messages. In case of acquiring LTC and PC, a vehicle average time requirement is less than 4 milliseconds, respectively. Similarly, in the case of SPCs, the average time required is less than 5 milliseconds. Therefore, the efficient deployment of ASPA endorses service providers to efficiently process a large number of requests, simultaneously.

E. Analysis of messages sizes
This subsection provides an analysis of the variously used security primitives in the process of pseudonyms generation and vehicle revocation. Table 6 shows the field sizes of the security primitives that are used in the proposed framework. During the registration phase of the ASPA framework, the sizes of messages between an ITS-S (vehicle) and the service providers are shown in Table 7. Similarly, during a malicious vehicle revocation and real identity tracing, the message sizes between the vehicle and the authorities are shown in Table 8.
The results show that in all type of scenarios with security and privacy, there is no significant difference when compared with the scenarios of without security and privacy deployment. To further evaluate the behavior of ASPA suitability, the ASPA is implemented with different speeds in sparse and dense scenarios. No generous difference without security and privacy primitives and with ASPA is observed. This shows the real performance of the ASPA framework.

F. Comparison with existing schemes
This subsection compares ASPA with the current PB and RSB/GSB approaches. In ASPA, the need for long communication pseudonyms pool and CRL large size is eliminated. A malicious vehicle, once revoked cannot be registered in the proposed framework. In addition, there is no need to keep a long pool of pseudonymous communication. In ASPA, it is ensured that if any of the servers are compromised, no useful information can be leaked. The criteria for high, medium, and low categorization is presented in Table 9, while ASPA is compared with existing security and privacy approaches in Table 10.
The low computational costs and communication overheads of ASPA prove that it is an efficient and scalable framework. Furthermore, the security and privacy analysis is discussed in Section VI.

VI. Security and privacy analysis
This section reviews the ASPA framework security and privacy services. Furthermore, different attack scenarios are examined.

A. Security and privacy services
ASPA is a lightweight and trustworthy framework with restrictive obscurity. Due to the distributed mechanism, no single authority can know the vehicles real identities. The following security and privacy services are offered by the ASPA framework.
1. Confidentiality and privacy: The communication pseudonyms are acquired by vehicle through a secure channel. Therefore, the pseudonyms to pseudonym and pseudonym to real identity mapping are provided by the service authorities in a distributed and controlled way. No service authority can have access to the full mappings. Here, a hybrid approach of SKC and AKC are implemented for performance and security.

B. Attack scenarios
Privacy and security in the ASPA framework is evaluated using the following attack scenarios: 1. Vehicles and authorities use encrypted communication. Therefore, the communication cannot be eavesdropped by attackers.
2. It is impractical for an adversary to obtain SPCs, without PC. Similarly, an attacker cannot obtain PC without LTC. It is also impossible for an attacker to get LTC without the endorsement of VMC.
3. In case, if a PP is attacked, no valuable information regarding the vehicles real identities can be leaked. As the PP maintains encrypted and pseudonymized information.
4. In case, if LTCA is attacked, no valuable information regarding the vehicles real identities can be leaked. As the LTCA maintains encrypted and pseudonymized information.

5.
Similarly, in case, if CA is attacked, no useful information regarding the vehicles real identities can be leaked. The CA contains pseudonymized and encrypted information. 6. In ASPA, once a vehicle gets SPCs and if there is a successful attack on the VMC database. The attacker cannot collect any effective information about the vehicle real identity. As the vehicle is utilizing fictitious identities in the communication and the VMC database contains encrypted information.
7. Similarly, if an adversary attempts to inject a fake beacon or alter a beacon, the beacon signature cannot be authenticated.
The ASPA framework provides maximum privacy and restrictive anonymity because it is capable of handling all the above attacks.

VII. Conclusion and future work
In ITS, due to intermittent connectivity and dynamic topology, security and privacy is a serious concern. In ASPA, multiple authorities are involved in pseudonyms generation to stay off articulation between pseudonyms and real identity mapping in an illegal way. Even in a malicious vehicle revocation phase, the real identity is preserved from the certificate authorities.  Table 7. ASPA registration process messages sizes.

Steps Size in bytes
Step 1 112 Step 2 144 Step 3 80 Step 4 80 Step 5 2 Step 6 180 Step 7 90 Step 8 154 Step 9 180 Step 10 90 Step 11 154 Step 12 74 https://doi.org/10.1371/journal.pone.0221213.t007 ASPA can work efficiently in more complex scenarios and eliminate the concept of colluding attacks. The results present a stable increase in the delivery ratio. Similarly, in the results, overhead ratio and average latency are decreasing. ASPA with DA is one of the best approaches in terms of reduced computational overheads. In future, ASPA will be extended to work with multiple PPs and eventually it will be integrated with the cloud environment to form Internet of ITS-Ss.
Methodology: Qazi Ejaz Ali. Table 8. ASPA revocation and resolution process messages sizes.

Parameters High Medium Low
Computational cost > 10 ms 5.