BBAAS: Blockchain-Based Anonymous Authentication Scheme for Providing Secure Communication in VANETs

Department of Electronics and Communication, GMR Institute of Technology, Rajam, Andhra Pradesh, India Department of Computer Science and Engineering, University College of Engineering Tindivanam, Tindivanam, Tamilnadu, India Department of Computer Science and Engineering, SRM Institute of Science and Technology, Delhi-NCR Campus, Ghaziabad, Uttar Pradesh, India Department of Computer Science and Engineering, SRM Institute of Science and Technology, Kattankulathur, Chennai, India


Introduction
With the speedy development of smart cities, the VANETs have fascinated extensive attention in both academia and industry. e development of VANETs brings inordinate comfortable and convenient driving experience for vehicle drivers. Two types of communications, the vehicle-to-vehicle (V2V) communication and the vehicle-to-roadside unit (V2R) communication, are established in VANETs to make cooperation between vehicle users and exchange appropriate driving information through the dedicated short-range communication (DSRC) radio [1]. However, due to the unique characteristics of VANETs such as high mobility and dynamic topology, the entire system is susceptible to various kinds of security attacks. Moreover, the security and privacy should be taken into consideration in VANETs seriously. In the traditional authentication schemes, the centralized trusted authority (TA) is responsible for registration, key distribution, and revocation of vehicles. Since the TA is centralized, it is liable to security attacks such as self-tempering with message, leakage of vehicular information, and the spreading of forged information in the VANET system. In addition, a single-point security failure of data storage in the centralized TA may cause the leakage of vehicle users' personal information. Particularly, in VANETs, it is very tough to deal with the dissemination of forged messages from the authorized vehicle users. e dissemination of forged messages from the authorized vehicles in the VANET system not only decreases the driving efficiency but also causes some accidents that can threaten the life of vehicle users [2][3][4].
A specific blockchain-coordinated VANET, as shown in Figure 1, is typically made up of three main bodies: on-board unit-enabled vehicle units, road side units, and blockchain. In depth, the vehicles in the VANET system are mounted with onboard units to gather safety-related messages from other neighbouring vehicles [5,6]. Roadside infrastructure typically refers to roadside units (RSUs) that are used to communicate as transfer nodes. e blockchain is used to maintain the vehicle attributes and authentication information of users in the VANET [7,8]. It is noted here that the authentication information is an important reference to the VANET's reliability. Blockchains enable authenticity to be checked and validated in the VANET with a decentralized consensus algorithm without the intercession of the TA. e authentication information of a vehicle requires to be checked from time to time by virtue of the authentication of vehicles to reauthenticate each vehicle with each RSU as they join the contact ranges of different RSUs, though, despite the fact that the frequent authentication to check the identity of the vehicle units brings additional issues such as enormous communication overhead and computation overhead. In most state-ofthe-art analyses, every time a vehicle reaches a current RSU coverage area, it needs to be reauthenticated by the current RSU, which generates a lot of redundant overhead and diminishes the performance of the VANET system. Owing to the rapid change in the topology of the network, excessive delays will not continue without serious consequences. Subsequently, in order to lower the computational burden of RSUs and the network communication latency, it is important to diminish the redundancy caused by frequent authentication. Moreover, maintaining the reliability of the decentralized, untrusted VANET system and curbing the misconduct of vehicle users are daunting tasks [9]. Additionally, there is an absence of scalability during the anonymous authentication of vehicles, which prompts the incapability to adjust to the changing requests of VANETs.
Our contributions: to overcome the above problems, a blockchain-based anonymous authentication scheme is presented in this paper. e main contributions of this paper are summarized as follows: To propose a blockchain-assisted time-efficient anonymous authentication to initially validate the legitimacy of the vehicle user, the RSUs are considered to be the miners in the proposed system which are able to verify the validity of a vehicle consumer via the consensus process. Moreover, the Merkle hash tree (MHT) is utilized in the system to understand the realtime authentication records. e authentication record can be extended to newly joined vehicles, which significantly upsurges the operability of the VANET system. When a vehicle user is now a valid member of the VANET via the preliminary anonymous authentication, it is suggested to propose a blockchain-assisted successful V2R anonymous handover authentication. e authentication information of a vehicle should be transferred between dissimilar RSUs in order to achieve safe and convenient handover authentication, making the VANET system additionally scalable.
To track the disobedient vehicles, the legitimacy of the vehicle owner can be queried at any time in such a way that the traceability calculation can be accomplished by examining the historical records. e rest of this paper is ordered as follows. Section 2 presents some relative works of this paper. Section 3 presents preliminaries that involve bilinear pairing, CDH problem, the concept of blockchain, and assumptions. Our proposed BBAAS work is presented in Section 4. e security analysis and performance analysis are seen in Sections 5 and 6. e conclusion is ultimately provided in Section 7.

Related Works
e open wireless environment created by VANETs presents significant privacy and security problems that are not appropriate for implementation in real-time applications [10]. Zhang et al. [11] developed an identity-based batch verification (IBV) method for communications such as V2R and V2V in VANETs that used a temperature-proof privacy security unit, and each entity stored the master key of the system generally to generate pseudo-identities. Nevertheless, in each vehicle, keeping the master key of the system could cause efficient attacks and unexpected risks to the system. In addition, this system neglected to take into account the problem of scalability and the resulting overhead of communication. Some privacy problems, such as reliability, anonymity, and traceability, have become the domains to be studied with growing privacy interest in VANETs. An interesting privacy-preserving communication and exact reward given for V2G networks was proposed by Yang et al. in 2011 [12]. ey suggested a form of exact and equal incentive model with good serviceability, where each participating vehicle for each service it provides is compensated by the operator of a V2G network. Taking into account the very unique existence of V2G networks, they made the first attempt to discuss privacy. In 2015, Wang et al. discovered that the framework of Yang et al. was unconfident and suggested the concrete attack model [13]. en, with usable cryptographic primitives, they developed a new traceable privacypreserving communication and precise reward scheme. Regretfully, the unlikability cannot be resolved by Wang et al.'s method. Due to the versatility of the vehicle, the question of privacy protection in V2G networks is more impressive. Han and Xiao examined numerous privacy preservation issues in V2G networks, including privacy of location, privacy recognition, anonymous authentication, billing and payment for privacy preservation, aggregation of concealed data, and publishing of privacy data preservation. Homomorphic encryption, ring signature, group signature, blind signature, third-party anonymity, and anonymity networks are utilized in these techniques [14]. eir paper does not project new schemes, and it is not possible to use the surveyed schemes in anonymous V2G network rewards. A complex key management scheme for location-based services (LBSs) was suggested by Lu et al. [15]. With separate session keys, the LBS session is split into different time slots. A vehicular data authentication scheme [16] is defined afterward, where the probabilistic authentication technique is deployed for the detection of malicious actions. Moreover, community signature-based hash message authentication code (HMAC) is utilized in [17] for the purpose of avoiding computational delay for certificate revocation list (CRL) checking. Similarly, a distributed trust-extended authentication mechanism (TEAM) for distributed V2V communication was developed by Chuang and Lee [18]. Note that the system of transitive trust relationships is used in order to increase the efficiency of authentication. Numerous authentication schemes have been industrialized recently [19,20], highlighting lightweight VANET authentication and protection of privacy. e aforementioned anonymous authentication schemes are somewhat ineffectual and inappropriate for practical VANET environments because of their high-level computational cost, communicational cost, and storage cost. Moreover, most of the existing anonymous authentication schemes were not concentrated on integrity preservation while transmitting the VANET data over the internet. Hence, to meet out these necessities, a new blockchain-based BBAAS anonymous authentication is proposed in this paper.

Preliminaries
In this section, a few vital preliminaries, which include bilinear pairing and computational Diffie-Hellman (CDH) problem, are discussed.

Bilinear Pairing.
Let G 1 and G 2 be two multiplicative groups with the large prime order q. Let e: G 1 × G 2 ⟶ G 2 symbolize a bilinear pairing, pleasing the following requirements: (1) Bilinear: consider two randomly chosen generators Q, S ∈ G 1 and two randomly chosen elements a, b ∈ Z * q ; then, e(aQ, bS) � e(Q, S) ab (2) Nondegeneracy: there is a generator Q ∈ G 1 such that e(Q, Q)is not equal to 1 (3) Computability: consider any two randomly selected points Q, S ∈ G 1 ; the bilinear pairing e(Q, S) could be well calculated within the polynomial period

Computational Diffie-Hellman (CDH)
Problem. e CDH and decisional Diffie-Hellman (DDH) problems are detailed clearly in Definitions 1 and 2, respectively, in this section.
Definition 1. (computational Diffie-Hellman problem in G). Let G be a multiplicative cyclic group of order q, and Q is the generator value of G.
en, for the given values Q, Q a , Q b , where a, b ∈ Z * q , the CDH problem stated that it is computationally intractable to compute the value Q ab .
It is therefore explicitly confirmed that an opponent who is unable to overcome the CDH with a nonnegligible probability has no way of obtaining the protocol's secret values a, b, c ∈ Z * q in G.

Blockchain Concept.
A distributed, decentralized, irreversible, and immutable network framework is blockchain. e key benefit of the blockchain network is that, with very low computing costs, it can effectively deal with anonymous authentication issues [4][5][6][7][8]21]. In this technology, the interaction of TA is completely avoided to evade the outdated centralized structure. Instead, the end user peer-to-peer communication is used to develop the decentralized structure. In order to validate the reliability of the transaction in each node database, blockchain uses the principles of cryptography, timestamp, prehash, Merkle root hash, nonce, and consensus algorithm such that transaction records are verifiable, transparent, irreversible, undeniable, difficult to tamper, immutable, and traceable.
Hash functions are primarily used in blockchain technology for data integrity preservation, consensus calculation for proof of work, linking of blocks with previous block hash, etc. e most commonly used hash functions in blockchain are SHA-256 and RIPEMD160. However, SHA-256 is mostly used to calculate the Merkle root hash from transaction records, whereas RIPEMD (RIPE Message Digest) 160 is mainly utilized to create bitcoin addresses. e block structure with the application of hash function in the calculation of Merkle root hash, which is similar to Merkle hash tree (MHT) mentioned in the data structure, is shown in Figure 2. In the MHT, the hash values of transaction records are calculated and stored in the leaf nodes. In the two leaf nodes, the hash values are taken and hashed in pairs and then stored in the block. As can be seen in Figure 2, until the last hash value is determined as the root hash value of Merkle, this method is repeated. For instance, to get a new hash value hash AB, the hash values of two leaf nodes A and B are again hashed together.

System Model.
In this paper, a blockchain-based anonymous authentication system is proposed for VANETs. e main components of the proposed system include the trusted authority (TA), RSU, vehicles, and the blockchain network.
Trusted authority: the vehicle users are required to submit their original credentials such as address and mail-id to the TA during the time of registration to enter inside the VANET system. After successful authentication in the TA, the TA is accountable to generate the public and private keys for registered vehicles and calculates an authentication code. ese metrics are used to authenticate the vehicles as well as to track malicious vehicles with the assistance of RSUs. Roadside units (RSU): the RSUs verify and anonymously authenticate all the broadcasted transactions of the vehicles. Moreover, the RSUs have the computing power to solve the puzzle to add the new block in the blockchain after successful initial authentication of a vehicle. If a vehicle enters the region of a current RSU after the previous RSU has been authenticated, the current RSU may use the statistics of the previous RSU to conduct handover authentication. Vehicles: the TA provides secret and unique credentials to a vehicle user after his successful registration in the TA. ese credentials of the vehicle user are stored in the on-board unit (OBU) which is equipped in the VANET vehicle to perform communication as well as computation operations in a secure manner during V2V and V2R communications to prevent external security attacks. When a vehicle enters into the coverage of an RSU, initial anonymous authentication or handover authentication needs are required to carry out with the RSU by using authentication code distributed by the TA.

Assumptions.
e following assumptions are employed in this paper in order to establish the structure of the proposed scheme: e trusted authority (TA) is considered to be the VANET system's control center with adequate storage space to maintain the dataset containing the real information of the vehicle user and RSUs e RSUs have high computation capability to successfully perform reauthentication of vehicles in the authentication handover phase based on authentication code transactions It is not possible for the adversaries to compromise more than 50% of the RSUs in the blockchain integrated network e RSUs have adequate storage capacity, and they are different to each other 4. Proposed Scheme e proposed blockchain-supported anonymous authentication system is outlined in this section, containing five phases: system description, system initialization, registration phase, anonymous authentication phase, and handover anonymous authentication phase.

System Description.
e system overview of the proposed scheme is depicted in Figure 3. In this proposed system, the vehicle units are required to directly submit necessary materials which contain vehicle's private information to the nearest TA [22]. Only the TA preserves this private information in its database with high-level confidentiality. is private information will be used by the TA for tracking the vehicle's real identity from the pseudonym identities in case of disputes. In this proposed system, the TA is connected with the blockchain network along with the RSUs. e RSUs and vehicle units need to complete the initial authentication with the TA to get the authentication code as well as the pseudonym identity.  Once the initial authentication process is completed in the TA, based on the authentication code, the RSUs can authenticate the vehicles using the blockchain network when they enter inside the coverage region of RSUs. en, when the vehicle enters into the current RSU communication range, the current RSU authenticates the vehicle based on the handover certificate (OC) given by the previous RSU. Once the authentication is successful in the current RSU, it will give the authentication token to the vehicle.

System Initialization.
e system initialization phase aims to produce secret keys for the TA. e TA generates two cyclic groups G 1 and G 2 with order p satisfying the bilinear map relation e: G 1 × G 2 ⟶ G T . g 1 and g 2 are the generators of the cyclic groups G 1 and G 2 , respectively. Moreover, the TA chooses three cryptographic H 1 , H 2 , H 3 in such a way that H 1 : By randomly choosing the private key β, the TA generates its public key (Q TA ) as Q TA � g β 1 and publishes system parameters {p, g 1 , g 2 , G 1 , G 2 , G T , e, H 1 , H 2 , H 3 ,Q TA }.

Registration.
e offline registration is performed in the TA for the vehicles and RSUs as follows. e vehicle users need to submit all the necessary private information such as phone number, mail-id, and address. Once the private information is successfully submitted and validated by the TA, the TA chooses a random number u i ∈ Z * q for each vehicle user and computes PK v � g u i 1 as the public key of the vehicle user. en, it gives the private key and public key to the vehicle user in a secret manner in the offline mode after its successful registration in the TA. Moreover, the TA computes an authentication code (AC) for each vehicle user at time t as follows: Here, v i ∈ Z * q represents the identity value chosen by the TA to each vehicle user, a i ∈ Z * q represents the identity value given by the vehicle user to the TA during the time of registration, and n represents the number of vehicles. Once the AC is generated, the TA broadcasts vehicle transaction details to all the TAs by encrypting them by mutually agreed session keys among the TAs. All TAs are dedicated to solve the puzzle after getting the broadcast information from the local TA. Once the minor successfully solves the puzzle, a validated AC along with the pseudonym identity is then appended at the end of the blockchain as a new block. Here, the pseudonym identity is also generated by the TA to each vehicle to preserve the real identity from other entities in the network. e TA helps to update and store the AC of a vehicle user in the blockchain.
ese AC values of each vehicle are updated in the blockchain for the investigation of the new RSUs in the VANET. Lastly, all TAs and RSUs save a copy of the updated blockchain in its database when the authenticated AC is attached to the blockchain.

Anonymous Authentication.
e RSUs will authenticate the vehicles in this phase using the AC created by the TA in the registration process. In this phase, it is required for an RSU to validate the legitimacy a vehicle user anonymously when the vehicle reaches network coverage area of that particular RSU. Once the vehicle user enters the first RSU area, he will pass the pseudonym ID to the RSU along with the node number. en, the RSU checks the identity and authentication code of the pseudonym. In this phase, a session key is generated between the RSU and vehicle as follows.
e vehicle user computes SK v � PK u i r , where PK r � g k i 2 is the public key of the RSU and k i is the private key of the RSU. Similarly, the RSU calculates SK r,1 � PK k i v , where PK v � g u i 1 represents the public key of the vehicle user. en, the RSU selects a master key r i ∈ Z * q and calculates SK r � g r i 1 .
is SK r value is kept secret by the RSU. In addition, the RSU calculates PK r,1 � g r i 2 and sends this value to the vehicle user along with a timestamp value T 1 . en, the vehicle user checks the freshness of the timestamp T 1 and computes SK v,1 as Here, ID represents the pseudonym identity of the vehicle user. en, the vehicle computes the session key as SK � e SK v,1 , g 1 . (3) en, the RSU computes If the vehicle's AC is classified as zero, the vehicle is deemed to be revoked, and the RSU will not provide services. A revoked vehicle consumer will not be disguised as an ordinary vehicle due to the blockchain's tamper-resistance feature, and it will not be permitted to share data with the RSU. e session key is created by the RSU as SK � e g 2 , SK r,2 . (5) Proof of correctness: SK � e g 2 , SK r,2 � e g 2 , SK r · SK where z ∈ Z * q represents the random number and PK r+1 � g k i +1 2 represents the public key of the current RSU. After obtaining HK 1 and HK 2 from the preceding RSU, the current RSU sends HK 2 to the vehicle user. en, the current RSU chooses a random number w ∈ Z * q and calculates HK r � g w 1 and HK r,1 � g w 2 . en, HK r is kept as a secret value, and HK r,1 is sent to the vehicle user as a handover code. By receiving HK r,1 and HK 2 , the vehicle computes Lastly, the vehicle user calculates the new session key as SKNV � e HK v,1 , g 1 . (9) en, the current RSU computes the new session key as where k i+1 ∈ Z * q represents the private key of the current RSU.

Security Analysis
In this section, we briefly analyse the security strength of our blockchain-assisted anonymous authentication scheme with respect to various security attacks, anonymity, and forward secrecy.

Lemma 1. Assume an attacker A may possibly intrude upon the mutual authentication between the vehicle and the RSU through a nonnegligible benefit η. In this regard, a challenger C is constructed, which can resolve the CDH problem with η.
Proof. Let us consider that an attacker (A) generates au- with η, where PK r,1 � g r i 2 and T 1 represents the current timestamp. For instance, A will generate a new session key SK � e(SK v,1 , g 1 ) with a different AC of an adversary, and the attacker should pass the RSU's AC verification in the blockchain. However, the attacker cannot create SK H 2 (ID‖AC‖T 1 ‖H1(SKv)) v value of any vehicle user. Moreover, if the attacker tries to change any AC value of the user using the block number, it will reflect in the previous blocks due to previous hash available in the header as shown in Figure 4.
Moreover, the calculation of is the CDH problem, with a complexity of η 0 ≥ η(1 − 1/q)/ qH 1 . is hardness of the CDH problem prevents an adversary from violating the mutual authentication of the RSU and vehicle user in the proposed scheme.
Since the events χ(S)∧χ(D)∧χ(C) and χ(P) are equal, the equation can be rewritten as Pr[χ(S)∧χ (P)] ≥ (η/4) − (Pr[χ(C)]/2). According to Lemma 1, Pr[χ(C)] is negligible. In the proposed work, the values z, w ∈ Z * q were randomly chosen, and HK v,1 � HK r,1 · HK v is calculated. erefore, A could solve a CDH problem with the hardness (η/2) − Pr[χ(C)]. Hence, it is proved that the proposed scheme is session key agreement secure. □ 5.2. Anonymity. In the proposed scheme, the vehicle units are required to directly submit necessary materials which contain vehicle's private information to the nearest TA. Only the TA preserves this private information in its database with highlevel confidentiality. is private information will be used by the TA for tracking the vehicle's real identity from the pseudonym identities in case of disputes. Since the RSUs authenticate the vehicles based on the authentication code and dummy identity available in the blockchain, the real identities are not revealed to other entities in the network at any cost. During the calculation of session key SK � e(SK v,1 , g 1 ) also, the real identities are not disclosed to RSUs. erefore, the proposed scheme achieves authentication with anonymity.

Replay Attack and Man-in-the-Middle
Attack. An adversary can delay the message that is sent between the RSU and the vehicle in this proposed BBAAS method. If the message is delayed, however, then the timestamp attached will be invalid.
en, it will not authenticate the message. If the timestamp is not correct, then without performing other steps, the vehicle or the RSU simply discards the message received. Suppose if the attacker wants to send a message to the current RSU that is authenticated by the previous RSUs, the message would then be ineffective in fulfilling the authentication as well. Both the current RSU and the vehicle can compute a new session key to encrypt the communicating messages. erefore, if the message is not encrypted with the new session key, then also the RSU discards the messages immediately. Moreover, the manin-the-middle attack is also not possible in the proposed scheme due to the linkage of generated AC in the blockchain. Once the AC is generated, it is updated immediately in the blockchain by the TA. Hence, man-in-the-middle attack is meaningless in our proposed scheme.

Nontraceability and Impersonation
Attack. Based on eorem 1 and Lemma 1, A cannot calculate the valid session keys of the vehicle and RSU. Consequently, the proposed scheme can withstand against the impersonation attack. e RSUs choose secret random numbers w, z ∈ Z * q for performing handover authentication in our proposed scheme. Moreover, the RSU selects a master key r i ∈ Z * q and calculates SK r � g r i 1 . Here, this SK r value is kept secret by the RSU. In addition, these are the temporary keys randomly generated. Since no constant values are used for the session key generation, our proposed scheme also achieves nontraceability.

Message Modification Attack.
In this proposed method, the integrity is preserved from malicious uses. To preserve integrity, the preceding block hash value is linked with the Security and Communication Networks 7 next block hash value. If any modifications occurred in any block, it will be reflected to the entire blockchain as shown in Figure 5. Since the miners solved the puzzle and added the new block in the blockchain based on the proof of work, the modifications in any block will be reflected in the TA also. erefore, message modification attack is not possible in our proposed scheme.

Performance Analysis
In this section, the performance of the proposed BBAAS scheme is represented in terms of storage cost, communicational cost, and computational cost.

Storage Cost.
In blockchain technology, the storage overhead is considered as an important parameter in the RSU and TA. Generally, the block header of the single block is approximately 80 bytes [5]. In the blockchain, it is assumed that every new block is generated for every 10 minutes; then, the storage overhead is 80 bytes * 60 minutes/10 minutes * 24 * 365 � 4.2 MB per year. In the BBAAS, the TA requires to store {v i ∈ Z * q , a i ∈ Z * q } in its database for every vehicle user. Moreover, the TA generates AC to each vehicle user. erefore, the maximum storage overhead in the TA side is 4.2 MB + n * (64 + 64 + 64) bits per year, where n represents the number of vehicles registered in the TA per year, 1248 bits. In addition, the storage overhead in the vehicle side in the BBAAS is about 64 + 64 + 64 bits. In this scheme, each vehicle requires to store v i , a i , and ACin its database for every vehicle user. T p : the average amount of time for carrying out a bilinear pairing process≈2.7 ms T mul : the average amount of time for carrying out a point multiplication process≈0.6 ms T mh : the average amount of time for carrying out a map-to-point hash function process≈1.6 ms T add : the average amount of time for carrying out a point addition process≈0.6 ms T exp : the average amount of time for carrying out a modular exponentiation process≈1.6 ms T h : the average amount of time for carrying out a general hash function process≈1.6 ms From Table 1, it is clearly shown that the BBAAS takes one time-consuming bilinear pairing operation, one timeconsuming hashing operation, and one less time-consuming point multiplication operation for anonymous authentication operation.

Computational
From Figure 6, it is very clear to understand that the BBAAS takes only around 490 ms for anonymous authentication of 100 users, whereas the other existing approaches take more than 580 ms for verifying 100 vehicle users, which tells that the BBAAS takes less computational time for anonymous authentication compared to related schemes. Moreover, the computational time of the BBAAS increases linearly as the number of vehicle users increases.

Communication Cost.
In the BBAAS, once the vehicle user enters the region of the first RSU, he will transfer the pseudonym ID along with the node number to the RSU. Here, pseudonym ID is an element of Z * q , and the block number is 32 bits in length. In addition, the RSU calculates PK r,1 � g r i 2 and sends this value to the vehicle user along with a timestamp value T 1 . Here, PK r,1 is an element of G 2 . en, in the BBAAS handover phase, the RSU first computes two handover keys HK 1 and HK 2 . en, these keys are sent to the current RSU. After obtaining HK 1 and HK 2 from the previous RSU, the current RSU sends HK 2 to the vehicle user. erefore, the total communication cost for anonymous authentication is 64 + 32 + 1024 � 1090 bits. en, the computation cost for the handover authentication phase is 1024 + 1024 � 2048 bits. e communication cost of various schemes is listed in Table 2. From Figure 7, it is clearly shown that the communication costs of our proposed BBAAS during the authentication phase and handover authentication phase are less compared to the related existing schemes.  Figure 4: Linkage of previous hash with the current block hash value.    Security and Communication Networks

Conclusions
Recently, there are no anonymous authentication and handover authentication schemes for blockchain-based VANETs that provide provable security to RSUs and vehicle users with less computational cost and communicational cost. Motivated by this, a blockchain-based anonymous authentication scheme is proposed in this paper for providing secure communication in VANETs. In the proposed scheme, the RSUs can effectively authenticate the vehicles in an anonymous manner, and they also perform future communications through the shared session key. Moreover, the integrity of the transmitting message is completely preserved to avoid modification attack due to the support of the blockchain. In addition, the BBAAS provides high-level confidentiality during message transmission in VANETs. e performance analysis section proved that the BBAAS is efficient in terms of computational cost, storage cost, and communication cost, and so, it is highly practical for realtime applications. In future works, it is decided to develop blockchain-assisted ownership exchange protocols which allow the handover of ownership of one vehicle user to another vehicle user in a secure and distributed manner during the time of vehicle reselling.

Data Availability
No data were used to support this study.