A Lightweight Authentication with Dynamic Batch-Based Group Key Management Using LSTM in VANET

Due to its complexity and mobility, VANET (vehicle ad hoc network) security has long plagued the development of the IoT industry. It is still a big challenge for users to decide the trustworthiness of an anonymous message or the preservation of personal information. Group signature is widely used in VANET anonymous authentication, but the existing solutions suﬀer from high computation costs in certiﬁcate revocation list (CRL) checking and signature veriﬁcation process. In our scheme, we develop a lightweight protocol based on hashing functions and group keys, which escapes from the heavy computation cost. Then, we propose a dynamic batch-based group key distribution process, which is based on long short-term memory (LSTM) neural network to predict traﬃc ﬂow and calculate the weight to determine the right time for key update. In this way, our method will signiﬁcantly reduce computation delay and communication overhead. The security and performance analyses show that our scheme is more eﬃcient in terms of authentication speed while keeping conditional privacy in VANET.


Introduction
As a critical component of the intelligent transportation system [1], VANETs' main goal is providing safety assurance and comfort service for passengers [2,3]. Vehicles form a particular type of network in which they have no fixed position. Besides, they can authenticate other vehicles around them to form a network and do some necessary communications. High mobility of nodes is the main feature of such networks enabling nodes to frequently change their pattern. ese kinds of rapid changes bring many network security issues. Considering the insecurity in VANET, designing a secure communication solution is the most urgent challenge in this field [4]. A VANET security model mainly consists of three components, TA (trusted authority), RSU (roadside unit), and OBU (onboard unit). e TA provides internet connectivity and stores important information such as the real identity of all the vehicles and RSUs. TA is also responsible for generating public parameters. RSUs are distributed along the road and used to manage OBUs within their communication range. OBU is a temper-proof device, which is attached to a vehicle to help communicate with other infrastructures through wireless communication. Figure 1 shows the VANET communication pattern.
Information exchange in VANET is ongoing all the time between vehicles and infrastructure such as alarm signals, traffic information, weather conditions, multimedia material, or any other kind of data. Besides, applications on VANET can provide passengers convenience, safety information, and other attractive features. However, security issues bring lots of concerns as it is hard to balance the demand of low latency and high security. e insecurity caused by serious consequences of cyberattacks will incur countless threats, and vulnerabilities due to high mobility network feature rapidly changing network topology and an open environment. As such, a secure scheme must be proposed with robust and reliable security measurements to prevent malicious activities and preserve users' privacy [5].
(i) Message authentication: Authentication ensures that a message is trustable. If the message spread in VANET has not been authenticated, the users cannot judge the traffic situation or make wrong decisions. (ii) Privacy preserving: It is, perhaps, the most critical security thing to protect personal security. e leakage of personal information may result in malicious crimes. In VANET, nodes are communicating in a public channel. erefore, anonymity must be guaranteed. (iii) Traceability: While hiding the real identity of the user, the TA or some other trusted authority should have the ability to reveal the real identity of the nodes. If a malicious node sends a fake message and leads to accidents, this malicious node should be identified by a trusted authority. at is also an essential issue in group signature.
In VANET, we should have the conditional privacy of the nodes, that is, the combination of the vehicle's privacy preservation and its traceability. When a vehicle enters an area, if it has a desire to send some message or request some service, it should keep anonymity at first. ere are many schemes to guarantee anonymity, for example, schemes based on a large number of anonymous keys or based on a unique identity. e group signature [7] is an anonymous authentication scheme that forms a group with a set of users, while the users remain anonymous to each other. e group incorporates multiple group private keys with one group public key, called "group key." Each group member can anonymously sign messages on behalf of the whole group, and the real identity can be revealed by the group manager. erefore, the group signature can effectively achieve conditional privacy preservation for VANET communication [8].
Although group signature is widely used in VANET to realize anonymous authentication, the existing solutions suffer from long computation delays in the signature verification process and CRL checking. is problem is severe when the CRL becomes very large. [9]. e CRL holds all the revoked anonymous keys. e increase in anonymous keys makes the CRL volume becomes large, which significantly increases the time of authentication. Because that before verifying the signature, vehicles should verify a large CRL to check whether the signer is revoked or not. As a result, these schemes cannot meet the requirement of verifying a large number of messages in VANET. In the literature, many revoking methods have been proposed, perhaps we can use an ID-based method to avoid the revoking process. In addition, many authentication schemes use bilinear-pairing or elliptic curves for implementation. e computation pressure sometimes can be very high. We should have a robust and lightweight protocol to fit the large-scale network environment.
In urban areas, if a vehicle wants to request some service like weather conditions, traffic situations, or deliver some information with surrounding nodes, it can form a group with other vehicles. ey share the same group key at a specific time. Only the legal members can preserve the group key, and in this way, they can have a trusted relationship. In urban areas with a large density of vehicles, vehicles frequently enter and exit the area. Many protocols update the group key whenever a vehicle comes in and out of the area. If the calculation of the updating phase is not that novel and efficient, the calculation stress and the frequent communication overhead will bring much pressure. So we need a novel solution that handles the overhead and efficiency at the same time. Furthermore, we do not consider the periodical beacon message, and group signatures generally do not apply to this type of message but are suitable for slightly longer communication needs. ese communications are ideal for requesting services and passing personalized information.
As stated above, the RSU registers with the TA in its range at first, and a RSU usually belongs to only one TA's range. Vehicles also register to TA. Next, if the vehicle does not have urgent communication desire, it will wait to get a new group key in a time slot. If it has a strong desire to send messages, it sends a request to RSU. en, RSU will judge the urgency of messages and decide whether to trigger a new group key update at once. So we have a dynamic adjustment strategy.

1.2.
Contributions. ·We propose a lightweight authentication protocol without any complex computation and also a simple group key generation and verification process. In our scheme, RSU plays the role of generating group keys. We can achieve both anonymity and traceability.
·We design a dynamic batch-based group key updating method to reduce the communication cost and the frequency of the group key updating phase. Our method is based on priority, which can fit the need of urgent communication and reduce communication overhead. security analysis and performance comparison. Section 6 concludes the study.

Related Work
Vehicle authentication schemes can be generally divided into two categories, and there are certificate-based protocols that use public and private key pairs, and ID-based protocols, where the user's public key can be computed from the user's identity (i.e., e-mail address and IP address). However, TA and RSUs must keep all the public and private key pairs of vehicles. Each vehicle also needs a large storage space to store the public and private key pairs [10]. Zhang et al. [11,12] took advantage of the ID-based protocol and proposed two ID-based privacy-preserving authentication protocols. e ID-based authentication protocols found in [13] deal with the need for complex certificate management. However, these protocols still have high computation costs.
In the literature, we have known that the earlier certificate-based protocols store the public and private key pairs of the vehicles. ey also need an efficient public and private key management solution to manage, distribute, and revoke all public key certificates. e ID-based protocols are considered to overcome the problems of certificate-based protocols. However, these protocols are usually computationally complex and time-consuming, because these protocols are implemented either using the elliptic curve [10] or the bilinear pairing [13]. e bilinear pairing is known as a time-consuming operation when compared to other cryptographic functions like hashing and elliptic curve operations that are costly too.
Chaum et al. and van Heyst [7] introduced a group signature for anonymous authentication, which uses several group private keys attached to one group public key. Under this scheme, the users can verify the validity of the group signature without knowing the real identity of other group members, and the real identity can be revealed when needed. Any pair of signatures created by the same group user cannot be linked by any third party except the legal group manager, and group members can verify any signed message using the group public key.
Although group signature is an excellent technique for VANET's privacy preservation, it still suffers from large computation overhead in the signature verification process. e short group signature (SGS) scheme was introduced by Boneh et al. [14], which is one of the most important GS schemes in the literature. Lin et al. [15] implement SGS and identity-based signatures for securing VANETs, in which all the OBUs form a group and have a unique private key to sign the messages. Lu et al. [16] used group signatures with the RSU, where each RSU uses its group private key to update the short lifetime certificate of the OBUs. Calandriello et al. [17] use group signatures at the OBU level, where OBUs use their group private keys for signing short lifetime certificates for themselves. e public keys in the generated short lifetime certificates are used to sign the outgoing messages. In [18], the trusted authority (TA) generates and manages the group keys. In [19], the TA is designed to classify the users and distribute the group keys to the group of users, and keys will be updated during the revocation process. ese schemes will lead to a large load on the trusted authority. e above group signature schemes neglect the significant computation overhead embedded in them.
In group communications, a novel protocol is required to generate and manage a group key that can be used to secure data sent from group members to all users that are members of the same group. Multicast groups are very dynamic, because of the joining of new members and the leaving of old members, and the group key manager has to handle group membership changes by regenerating and redistributing new group keys. Generally, after each membership change, the group key should be updated through an appropriate rekeying phase, such that a new vehicle cannot compute the old group key (backward secrecy [19]), and a leaving vehicle cannot compute the new group key (forward secrecy [19]). In many schemes, the group key is refreshed immediately after any join or leave events, and such events' number is often proportional to the number of changes in membership events. If the updating phase frequently happens in a congested urban area, the group key may have expired when it has not been used yet. ese operations may cause many communication costs in vain.
us, a batch process algorithm must be proposed according to the traffic flow.
Artificial intelligence has played an important role in many scenarios such as weather reporting [20], game strategy [21], and cognitive radionetworks [22]. Long shortterm memory (LSTM) is introduced as the nonlinear dynamic soft-sensing method for predicting traffic flow [23]. First, multiple consecutive real-time samples of a batch process are used as the query samples. During the similarity calculation stage, three similarity measurements are adopted including the information of the distance, angle, and trend to take the traffic rendezvous into consideration [24]. For each individual measurement, historical trajectories with larger similarity measurements are collected as the online modeling samples. Hence, several LSTM soft sensor models can be constructed with the extracted batch trajectories and used for the quality prediction of online query samples. To integrate the quality prediction results of different submodels, weighting parameters of different similarity measurements are defined and calculated based on the cross-validation strategy. Finally, the weighted sum of each prediction result is judged as the ensemble result of the real-time batch trajectory.
Another important security thing is that if there is a malicious node that does not send the timely message to key generator, it can secretly keep this key for a long time. In fact, it has already left this region or delivered this key. ese kinds of problems can also be found in data access control schemes [25]. Many protocols have not solved this problem, and their leaving updating phase cannot actually judge the vehicle leaving time. ey usually depend on honest vehicles to send leaving messages to key generator, which cannot prevent malicious nodes.
From the above state-of-the-art solutions, we could see that verification in VANET still faces the problem of efficiency. Besides, due to the uncertainty of the vehicles, it is Security and Communication Networks 3 also hard to use batch authentication to reduce the time cost.
Another drawback is the bottleneck on TA for most schemes that need TA to undertake most of the computation works to generate keys. We propose a scheme tailored for very dynamic ad hoc networks. Time is dynamically partitioned in any length slot. Each slot has a unique group key, and although users asynchronously join, the group manager will decide the beginning of the time slot according to users' message priority. Although this kind of method introduces a delay, it also allows to reduce the number of rekeying acts. In our scheme, RSUs play the role of the group manager, which can release the burden of TA and reduce communication costs between TA and RSUs. We assume that RSU is equipped with the highly trusted platform modules since it is a key component in the key generation and management processes.

Lightweight Protocol
It is known that certificate-based protocol requires lots of storage at TA and vehicles, and a complex certificate and key management process. ID-based protocols do not need to do this, but they are often time-consuming. Since they either use bilinear pairing or the elliptic curve, which is known as time-consuming, in our protocol, we use the lightweight hash function to overcome these problems, which can also provide the same security. e general cryptographic hash function is lightweight and is often considered impracticable to reverse. If we only know the output of a hash function, it is infeasible to compute the input value of that hash function. Even if a slight change in input has occurred, the output value will have a big difference. So our protocol has little computation cost, since operations like XORing and hashing are very lightweight.
Our protocol is divided into seven phases: 1, System initialization; 2, RSU registration phase; 3, Vehicle registration phase; 4, Vehicle authentication phase; 5, Group key generation phase; 6, Vehicle joining phase; 7, Vehicle leaving phase. Figure 2 provides an overview of the authentication process.
e notations in Table 1 are used in our protocol.

System Initialization.
In our protocol, TA is considered fully trusted and initializes all the system's parameters. During the registration phase, TA delivers these parameters to RSUs and vehicles. e initialization phase is as follows.
(1) TA selects a large prime number q and a finite field Z * q . (2) TA selects a secure hash function H, where H:

RSU Registration.
e RSU i , i ∈ 1, 2, 3, . . . , n { }, sends the information about itself to which it is securely belonged to the TA. TA then gives a unique identity ID r i and two secret keys SK r i and Sv r i to the RSU i through a secure channel, which is usually wired. e SK r i is a shared key between the TA and the RSU i , and the Sv r i is used for the RSU i and vehicle's communication.
So RSU gets Z * q , q, H, SK r i , Sv r i , ID r i from TA.

Vehicle Registration
(1) e V j , j ∈ 1, 2, 3, . . . , m { } registers to the TA. (2) e V j selects a unique identity ID v j , which is associated with its real identity, such as license plate, and then securely sends it to TA. (3) TA then sends Z * q , q, H, Q � H(Sv r i ) to V j through a secure channel, and Q is a list, which is used for vehicle to check the RSUs' trustworthiness. ese RSUs are within this TA's region.

Vehicle Authentication
Phase. When a vehicle enters an RSU's domain, it should send an authentication message to RSU to prove that he is legal and get some regional-related message. Only the vehicle has passed the authentication, and it can get the group key. e vehicle's authentication with RSU has the following steps: (1) e vehicle V j chooses a random number s v j as his secret, computes

and then sends
A v j to RSU in a public channel. (2) e RSU chooses a random number c r i , then computes (3) Once V j receives the message, and it calculates , to verify the RSU's message. If the N * v j does not match the N v j , the message might be modified, and the vehicle refuses the message.
which Tv j is the current timestamp. e V j chooses a random number a v j and computes and also compute Dv Dv * j � Dv j , and the massage has not been modified. en, the RSU j calculates S r i � En SK ri (ID * v j ), which means ID * v j is encrypted with SK r i . SK r i is a shared key between RSU i and TA. ey communicate with each other in a secure channel. (7) e TA checks the ID v j registered list, if it finds ID v j � ID * v j , and then returns true to RSU; otherwise, it returns to false. Only then V j is authenticated by RSU and TA.
When V j received these messages from RSU i , it searches its Q list to find whether there exists a Q r i according to RSU i 's ID and also computes H(H(Sv r i )‖a) using its own a to verify RSU's identity.

Group Key Generation.
e group key generation process is associated with vehicles' movement and time slots. When the region of RSU has no vehicles, the key generation phase is linked with the first vehicle, which is different from the situation that the region already has some vehicles inside.
Assume that there are initially no vehicles in the region of RSU i , when V 1 enters into this region and passes the authentication, at any time it wants to send an anonymous message, it should ask for a group key as follows: Tag is a sign that indicates the level of information urgency.
, then RSU i choose two random numbers z 0 ∈ Z * q , G 0 ∈ Z * q , and compute GK 1 � a v 1 · z 0 · G 0 modq as the first new group key. Subsequently, RSU i chooses a timestamp T r 1 and computes , and then RSU i unicasts GK 1 ′ , T r 1 , and Rt 1 to V 1 . (3) When V 1 received these messages from RSU i , it searches its Q list to find a Q r i which has been already sent by RSU i during authentication phase according to RSU i 's ID. en, V 1 calculates GK 1 � (GK 1 ′ ⊕a v 1 ) · a v 1 modq and also calculates Rt 1 � Rt 1 , and V 1 accepts GK 1 as the group key.
3.6. Vehicle Joining Phase. Assume that in a time slot, a set of vehicles have passed the authentication. ere are two situations for group key generation. One is that at the end of the time slot baseline, RSU generates a new group key, unicast it to newly joining vehicles, and multicast it to vehicles, which are already in the group. e other one is that a new vehicle urgently wants to send or request an anonymous message, and it can send a message to RSU to report its desire. RSU then judges the emergency level and dynamically adjusts the time slot; subsequently, unicasting and multicasting phases are the same.
So we will divide this phase into two parts.
and unicasts GK ' , Rt j , T to V j , where j ∈ 1, 2, 3, ..., n { }, T is the current timestamp. When receiving these messages, each V j calculates GK � H(T � � � � � R * j )⊕GK ' to get the updated key GK and also calculates Rt j � Rt * j , and then, V j accepts the GK as the group key. RSU also calculates GK ' ′ � (GK −1 · GKmodq)⊕GK and ′ j , T to old vehicles. On receiving the message, old vehicles in that group use the old group key GK to compute the new one: GK � (GK ' ′ ⊕GK) · GKmodq, and computes . If the result equals Rt ' ′ j , then the GK is accepted as the new group key; otherwise, it refused to accept.

Urgent Conversation Group Key Generation.
Suppose that a vehicle has passed the authentication, however, it finds that the group key has just updated a moment ago through timestamp, and the time slot has just begun. At that moment, it wants to start an urgent group conversation, and it can send a request message to RSU to ask for group key updating. e urgent vehicle does the following steps: e vehicle sends M, tag, T, σ j to RSU, where M is the urgent message, and tag is the level for emergency. T is the timestamp, and σ j � H(R * j � � � � � ID j ).
After verification, RSU keeps judging the tag value until it reaches the limited level. en, the new generation phase will be triggered and time slot will be dynamically adjusted. e dynamic adjustment solution will be discussed in detail in section 4.
Following steps are the same as (1) normal group key generation's all four steps.

Vehicle Leaving Phase.
In VANET's communication, vehicles will periodically send beacon messages to inform others that it is still in that region. We suppose that if we did not receive a vehicle's beacon message in 3 cycles, the RSU thinks that node has already left this region. Each cycle is about 2s in general. When RSU thinks that a vehicle has left his region, it triggers a group key updating phase. e leaving updating phase is as follows: (1) e RSU selects a random number n ∈ Z * q and computes GK t � n · GK as the new group key, where GK is the old group key in use. For each vehicle in that group, RSU computes GK t ′ � GK⊕H(Tt||R j ), Q r i � H(Sv r i ), and Rt t � H(R j ||Tt||GK t ||Q r i ). en, RSU sends Rt t , GK t ′ , Tt to all vehicles. (2) After receiving the message, each V j searches its Q list to find whether there exists a Q r i according to if the result matches Rt t , and then, V j accepts GK t as the updated group key.

Dynamic Time Slot Adjustment
In this section, we discuss the time slot adjustment in detail.
In many works of literature, to reduce communication costs, we usually aggregate a set of vehicles' authentication processes, which is known as "batch" authentication. Many of them use mathematical methods, which may lead to a large number of calculations. A more straightforward approach is to use time slot, in which we split time into intervals. RSU generates different keys in each interval. is introduces a delay, maybe half of the slot time generally, but allows to reduce the number of rekeying events. Note that our slot's length is different according to different situations. So, this will achieve efficiency and cost a balance.
Suppose we are in a large density of vehicle environment, if the frequency of key update is very fast, for example, we encrypt the message with key A and send it out. After the destination receives it, the key A may be expired, so a lot of time is spent on group key verification phase, which is not worth the candle.
Next, we will discuss the dynamic time slot strategy from the aspect of the vehicle initiating the request and the departure of the vehicle.

LSTM Model for Traffic Trajectory Prediction.
Our model consists of three steps: data unfolding, similarity measurements, and ensemble quality prediction. For each RSU, the historical dataset is collected by recent traffic flow, which includes distance, angle, and trend in its area. Considering the storage capacity of the RSU, the dataset can be stored on the cloud within the stipulated time. After implementing data normalization of the historical dataset X H , RSU also needs to collect the real-time query sample as x q , x q+1 , . . . , x q+n−1 . With the dataset and the real-time sample, we tried to calculate different similarity measurements and extract the modeling trajectories for each strategy on the cloud. After modeling trajectories have been proposed, we further need to construct online local soft-sensing models as y � f b (x) for different strategies.
From the above models, the predicted results of different models can be further proposed: , y q+1,b , . . . , y q+n−1,b . (1) en, we use cross-validation strategy to determine the weight η b , which will be used in next step. With all the above results, we can get the weighted sum of local models as follows: y q , y q+1 , . . . , y q+n−1 . (2)

Joining Phase's Urgent Request.
In general situations, we assume that the time slot baseline is 10 seconds. If a vehicle has already passed the authentication, and it has a desire to send anonymous messages at some time when the next time slot has not come yet, it sends a request to RSU in the following format: M is the message the vehicle wants to broadcast, Tag is the symbol that denotes the emergency level, and T req is the current time.
We divided the message emergency level into five degrees, represented by the value of the Tag, 5 is the highest level, and 1 is the lowest level. e higher the level, the more urgent the message is. e critical message is, for example, someone wants to report road condition, or wants to know road condition ahead of him. Another message like requesting multimedia resources is not that urgent. Each Tag's value ranges from a predefined time slot t ′ .
However, it should be noted that the value of the Tag is not determined by the user. Trusted authorities should have an agreement in advance on the weight of various messages. Five levels are sufficient to cover most message levels.
In addition, we limit the number of the vehicle's requests to three times in one RSU region, to avoid malicious nodes sending too many requests.
On receiving R, RSU first computes ΔT � T next − T req , and the T next denotes the time of next key update, which is no more than a certain time slot t. So ΔT ranges from the beginning of the time slot to the end of it. en, RSU computes W � ΔT + Tag, so W is associated with both t and t ′ . en, we use the weight η b defined by LSTM to set the threshold value to trigger the key updating phase.
e RSU performs the following steps when receiving request messages: (i) RSU has a request queue Queue, when the request message arrives, and RSU appends ΔT to R and puts them into Queue. (ii) RSU then gets W and compares W with η b , and if there is still under η b , RSU then waits for other requests. After each message arrives, W will be accumulated, so finally we get an accumulated ΣW, if at the end of the time slot, ΣW still failed to reach η b , and then, RSU starts a new updating phase. (iii) If the ΣW reaches η b , RSU starts updating phase at once.

Leaving Phase's Updating Strategy.
Because we cannot exactly judge a vehicle's leaving time, we think that if we have not received vehicle's beacon broadcast message within three cycles, the vehicle has already left this region. At that time, a new group key updating phase will be triggered. At this part, we do not use the 10-second strategy, because that we want to forbid a vehicle from keeping a valid group key when it is not in that region. is is more influential than entering the area but not yet having a group key. e updating steps are the same as Part III, 3.7 the vehicle leaving phase. After the group key's updating, a new time slot will begin.

Analysis and Comparison
We divide this section into three parts, the first part is the security analysis of the authentication, the second part is the computational cost comparison of our authentication process with another process, and the third part is the group key request's average waiting delay. We compare the execution time of the cryptographic operations using JPBC [26], which is a famous cryptography library and has been widely used to implement cryptographic operations in many environments. Our hardware platform consists of an Intel(R) Core(TM) i5-6600K processor with 3.50 GHz clock frequency, 16 gigabytes memory, and runs Windows 10 operating system. e execution times of the above cryptographic operations are listed in Table 2.

Security Analysis
(1) Authentication: When authenticating with RSU, the vehicle V j should use its own ID v j to compute VID v j . en, RSU i verifies ID v j 's legality with help of TA. e communication between TA and RSU i is considered to be safe. In this way, the legality of the vehicle can be verified because the ID of the vehicle has only been confirmed by TA during registration and is only held by a legitimate vehicle.
to get a v j and sends Q r i � H(Sv r i ), P r i � H(H(Sv r i )||a) to V j , Because TA has already sent a list Q to V j , in this way V j can authenticate RSU at the same time. After authentication, in group key generation phase, V j can use this Q r i to validate RSU's legality.
(2) Traceability: If an abnormality is found, the RSU will report the abnormal vehicle's ID to the TA using the secret SK r i between TA and him, and then, TA will take sanctions. For the vehicles that do not correctly report their position or other information, the RSU first will identify the exact position of the vehicle and report the vehicles' ID to the nearby RSU by its trajectory. For the vehicles that do not have a consistent trajectory, RSU cannot search within its area but to report the ID of the vehicle to TA and other RSU nearby. (3) Replay attack: e timestamp T is used to protect the replay attack and keep the freshness of authentication, RSU will also send Rt j � H(R v j ||GK||T||Q r j ) to vehicle, and then, the vehicle will detect replay attack after verifying Rt j .

Security and Communication Networks
(4) Backward and forward secrecy: e new group key generation is associated with the old group key and a random number, such as GK � r · GK, the newly joined vehicle cannot compute the old key because they do not know the old group key and that random number, and therefore, backward secrecy is guaranteed. A leaving vehicle, even if he keeps the old group key, will not know the random number, so forward secrecy is guaranteed. (5) Impersonation attack: If a malicious node wants to impersonate a vehicle, it cannot pass the authentication without knowing the legal ID of the vehicle, and this ID is securely delivered to the vehicle during registration with TA. If a third party wants to impersonate RSU, it should have the legal Sv r i to compute H(H(Sv r i )||a) to obtain the vehicle's trust. us, we can resist the impersonation attack.

Authentication Process Computation Comparison.
In this part, we compare our scheme with EAAP [27], Zhang et al. [28], Lo and Tsai [13], and M. Bayat [29] schemes. First, we have some notations for running times of operations: Next, we give the different execution steps for each scheme and compare their execution time with ours. e total time includes authentication message generation time and authentication message verification time but neglects the nondominant operations.
In EAAP, J. Zhang, and M. Bayat et al.'s articles, they use at least one pairing operation and one map to point hash function, which is known as time-consuming operations. Complex operations bring higher security but result in more computation costs. Considering that OBU has limited computing power, in some scenarios, we can reduce communication pressure by using some secure and fast operations like hashing.
From Table 3 and Figure 3, we can clearly see that our authentication scheme has the lowest computation cost, for which we do not have those complicated operations.

Batch Group Key Request Waiting Delay Analysis.
In this part, we compare the average delay time for newly joining vehicles' group key request at different vehicle joining densities. Suppose the average delay time is significantly less than the cycle time, the vehicle needs to request some information. In this case, we think the dynamic adjustment strategy is considered feasible. Besides, we think that the group key update caused by the vehicle leaving event will not affect the user's experience, so no test analysis will be conducted.
In the experiment, we let the vehicles randomly enter the area at a frequency of 10, 20, 30, and 50 vehicles every 10 seconds. e protocol will dynamically adjust the slot time based on the baseline slot. e algorithm pseudo-code used in the experiment is as follows. Next, we will explain it in detail.
In a baseline time slot, we assume that vehicles randomly enter the area at a different frequency. When some vehicles need to send requests or share information, they initiate   requests to the RSU. en, RSU judges the weights according to the method described in section 3, part A. Whenever a request arrives, the RSU puts its weight W value into the entering queue. When the sum of W reaches a threshold value, then RSU triggers a new group key update.
Tnext denotes the next slot starting time, Treq denotes the moment when the vehicle sends a request. Δn denotes the number of the vehicles, which send request messages. When the new updating phase has been triggered, we calculate the waiting time Δt m for every newly joining car who sends request to RSU and add them up. At last, we get the average waiting time in this time slot. e next figure shows the average waiting time at different vehicle entering rates.
In Figure 4, v-d denotes vehicle density. From the experimental results, we can see that as the vehicle density increases, the key update time becomes faster, and the average waiting time of the new requesting vehicle becomes shorter. When the enter frequency is 50 vehicles in 10 seconds, the average waiting time is less than 1.5s, which is generally less than the ordinary communication frequency. In this study, we just consider nonperiod messages, which are usually longer than the 1-to 2-second cycle time of the beacon message. So, we can say that the protocol meets the requirement.  W � ΔT + Tag; (6) queue.add(W); (7) for(int m � 0; m < queue.size(); m++) (8) { int sum+ � queue.get(m) (9) if(sum ≥ 7){ (10) then trigger a new update; (11) Tnew � current time; } (12) break;

Conclusions
In this study, we first describe a lightweight authentication protocol, which is less complex and has a lower computation overhead. is protocol can achieve the same security as traditional protocols. RSU plays the role of group manager and authenticates vehicles with the help of the TA. We also have a simple group key generation and authentication process, which overcomes lots of problems in group authentication. Second, to reduce the communication cost and the frequency of the group key updating phase, we design a dynamic batch-based group key generation method that can fit the need of urgent communication and reduce communication overhead. In the urban area, if the entry and exit of each vehicle cause a group key update, the intensive vehicle makes the update of the group key very frequent, so we make a decision whether to immediately update the group key based on the urgency of the message and the time difference from the new slot. To achieve a balance in this way, we introduce an LSTM method to predict the trajectory of each vehicle to divide the message into different groups and use batch key management. e experiment results show that our authentication protocol has a smaller computation overhead, and under the dynamic time slot adjustment strategy, the vehicle's average waiting time is short, within a tolerable communication cycle.

Data Availability
e data used to support the findings of this study are available from the authors upon request.

Conflicts of Interest
e authors declare that they have no conflicts of interest.