A Secure and Efficient Lightweight Vehicle Group Authentication Protocol in 5G Networks

. When mobile network enters 5G era, 5G networks have a series of unparalleled advantages. Therefore, the application of 5G network technology in the Internet of Vehicles (IoV) can promote more intelligently vehicular networks and more e ﬃ ciently vehicular information transmission. However, with the combination of 5G networks and vehicular networks technology, it requires safe and reliable authentication and low computation overhead. Therefore, it is a challenge to achieve such low latency, security, and high mobility. In this paper, we propose a secure and e ﬃ cient lightweight authentication protocol for vehicle group. The scheme is based on the extended chaotic map to achieve authentication, and the Chinese remainder theorem distributes group keys. Scyther is used to verify the security of the scheme, and the veri ﬁ cation results show that the security of the scheme can be guaranteed. In addition, through security analysis, the scheme can not only e ﬀ ectively resist various attacks but also guarantee security requirements such as anonymity and unlinkability. Finally, by performance analysis and comparison, our scheme has less computation and communication overhead.


Introduction
It is an inevitable trend that all things are connected. With the development of the IoV, vehicular networks are becoming more and more important in modern life [1]. By the continuous increase of motor vehicles, road traffic has become gradual complex, which results in higher requirements for the IoV [2,3]. As mobile cellular networks rapidly develop, 5G networks have officially entered our lives. Due to the characteristics of 5G networks (high speed, low latency, high reliability, and wide coverage) and the newly concomitant technologies (millimeter wave communication, MIMO, D2D, etc.), it greatly improves the mobile Internet field of IoV [4][5][6]. Supporting Internet of Vehicles services through 5G network technology can overcome the limitations of current IoV. Recently, more attention is paid on the integration of 5G technology and the IoV [7].
The deepening application of 5G technology provides a strong guarantee for the vehicular networks. The current research of vehicular networks focuses on driving safety, improving the trafficefficiency of vehicles, ensuring the safe and efficient communication between vehicle and vehicle (V2V) and vehicle and roadside infrastructure (V2I), and realizing the vehicle safety applications such as emergency braking warning [2]. This can effectively avoid vehicle collisions or reduce the personal injury caused by traffic accidents. Vehicular network communication mainly relies on Cellular Vehicle to Everything (C-V2X) [8]. Through the communication among vehicle to vehicle, vehicle to person, vehicle to infrastructure, and vehicle to network, it can ensure the driving safety and comfort and drive the realization of automatic driving.C-V2X includes two standards: Long-Term Evolution Vehicle to Everything (LTE-V2X) and 5G Vehicle to Everything (5G-V2X). Compared with the two standards, the performance of 5G-V2X is better than that of LTE-V2X [9]. LTE-V2X has insufficient delay and reliability, while 5G-V2X has the advantages of long coverage time, low delay and high reliability. It can obtain various state information of the road timely and accurately, interact with each other in real time, and complete the driving task better. It is the key technology of the future of the Internet of vehicles application, especially the autonomous driving and overtake, which require very low network latency [10]. At the same time, as a kind of ultrareliable and low-latency communications (URLLC), it requires safe and reliable authentication and low computation overhead [11,12]. Therefore, a better solution is to use group key agreement (GKA) in vehicle group [13]. In this way, the vehicle group communicate safely. So, our paper mainly studies the key agreement scheme between groups in the Internet of Vehicles under the 5G networks. In addition, due to the openness of the wireless channel, the signal exposed in the open environment is likely to be stolen, interfered, or even modified by the attacker, which brings adverse effects to the vehicular networks [14][15][16][17].
This paper proposes a vehicle group authentication protocol based on extended chaotic mapping in 5G networks. This solution enables the participating vehicles to communicate securely through the group key in the 5G networks. Therefore, this paper mainly does the following work: (1) This paper proposes a vehicle group authentication scheme under the 5G network architecture. In order to protect the security of RSU, the shared key will be updated. In addition, this scheme is a lightweight authentication scheme based on extended chaotic mapping and distributes group key through Chinese remainder theorem (2) This paper verifies the security of the scheme by using the Scyther tool (3) By comparing the existing schemes, this scheme can effectively reduce the computation and communication overhead Other parts of this paper are as follows. Section 2 reviews the related research work of this paper. Section 3 introduces the preliminary knowledge of this paper. Section 4 introduce a lightweight and secure vehicle group authentication protocol in detail. We carried out security and performance analysis, respectively, in Sections 5 and 6. Finally, Section 7 summarizes the full paper.

Related Work
At present, in order to solve the problems faced by vehicular networks, the scholars have proposed many authentication schemes for vehicular networks. The following mainly introduces from three aspects: group signature authentication, group key agreement, and based on trusted authority.
First, we introduce the authentication protocol based on group signature. In 2011, Huang et al. [18] proposed an anonymous batch identity authentication and key agreement protocol in the Internet of Vehicles. The scheme could not only authenticate request messages from multiple vehicles but also carry out key agreement. Cui et al. [19] proposed a solution based on software without relying on any special hardware. In the batch verification stage, it adopted cuckoo filtering and binary search methods, which achieved a higher success rate than previous solutions. Vijayakumar et al. [20] proposed a privacy preserving anonymity scheme with high computational efficiency. At the same time, an efficient anonymous batch authentication protocol was introduced to authenticate multiple vehicles on the road of the Internet of Things, which reduced the authentication time and was more efficient in certificate and signature verification. These schemes can complete the certification of vehicle group. However, these schemes will bring higher verification costs, thereby affecting the performance of the schemes.
Next, we introduce the related group key agreement. In 2016, Han et al. [21] established an efficient group authentication scheme by adopting a self-certification without certification authority. The scheme could set up groups between roadside units and vehicles. In [22], Vijayakumar et al. proposed a dual group key scheme, which distributed the group keys to each vehicle and ensured that the group keys were updated. In [23], Vijayakumar et al. proposed an effective anonymous group key distribution protocol, which can safely distribute the group key to the vehicle group. The RSU can use the group key to send location-based information to the vehicle group in a secure way. In 2018, Cui et al. [24] proposed a conditional privacy preserving authentication scheme based on hash function. The scheme distributed group keys through the mechanism of the Chinese remainder theorem (CRT) and provided update mechanism for vehicles to join and leave. Zhang et al. [25] proposed an identity authentication scheme based on the Chinese remainder theorem (CRT). This scheme avoided the use of bilinear pairing operations and solved the leakage problem of side channel attacks, and both safety and performance were guaranteed. In [26], Lai et al. proposed a lightweight group access authentication scheme based on message authentication code aggregation technology, which could resist DoS attacks. In 2019, Zhang et al. [27] proposed a group key agreement protocol, in which directional attribute layering was used. Shi et al. [28] proposed a password-based conditional confidentiality authentication and group key generation protocol. The protocol provided the generation of group keys, and the calculation and communication overheads were small. In 2020, Gharsallah et al. [29] proposed a scheme to authenticate a group of vehicles in 5G networks. The protocol supported group authentication of vehicle equipment in 3GPP network. Cui et al. [13] proposed a session key agreement scheme based on chaotic mapping. In this scheme, the fog server was introduced, and the chaotic mapping algorithm was used for group key agreement between vehicles. In this group, vehicles could communicate with each other through group key. Zhang et al. [30] proposed a privacy preserving authentication framework based on edge technology in 5G-enabled vehicular networks. In this scheme, edge computing was used to calculate and verify on vehicles, so as to achieve the communication between vehicles. Ouaissa et al. [31] proposed an authentication protocol for a large number of vehicle equipment following 5G-AKA authentication framework. The protocol used ECDH algorithm to establish the key and authenticate the identity, which ensured the information security and integrity. Although the scheme could resist a variety of attacks, the computation overhead was relatively large. Although these schemes reduced the cost of verification, some schemes had a large computation and communication overhead, which affected the performance of the schemes.

Wireless Communications and Mobile Computing
Thirdly, we introduce the authentication protocol based on trusted authority. Azees et al. [32] proposed an effective anonymous authentication scheme. The scheme provided a conditional tracking mechanism to prevent malicious vehicles from entering the VANET. Zhang et al. [33] proposed a many-to-many authentication and key agreement scheme for security authentication between multiple vehicles and CSP. Under the premise of information leakage, this scheme could prevent illegal access and provide key security. In 2019, Cui et al. [34] proposed a lightweight authentication protocol based on reputation system for 5G-enabled vehicular networks. The authority was responsible for reputation management, and vehicles with low reputation score could not participate in communication, which significantly reduces the possibility of untrusted vehicles entering IoV. Huang et al. [35] proposed a new privacy preserving authentication scheme based on 5G software-defined vehicular networks. This scheme uses 5G software to define the advantages of the network, so that the vehicle certification process will only need light-weighted hash operation, thus greatly reducing the computation overhead. Li et al. [36] proposed a lightweight authentication scheme. In this scheme, only hash function and XOR operations are used to realize vehicle identity authentication and anonymity. Wang et al. [37] proposed a lightweight authentication protocol that could avoid emergency vehicles in VANET. After the first authentication with the nearest roadside unit, the scheme could complete the mutual authentication with the subsequent roadside unit without repeating the cumbersome calculation. Although these schemes can resist various attacks and ensure the safety of vehicles, they are not suitable for vehicle group authentication, and some schemes have relatively large computation overhead.

System Model.
This paper mainly studies the vehicle communication in the same RSU range in V2V communication. As shown in Figure 1, the specific system model includes the following communication entities.
5G core (5GC): 5GC controls the entire 5G-V2X network and provides mobile data connection and services. 5GC is divided into access and mobility management function (AMF), security anchor function (SEAF), authentication server function (AUSF), authentication credential repository and processing function (ARPF), and unified data management (UDM) [38]. AMF is responsible for handling connection and mobility management tasks. SEAF is used for authentication and communication. AUSF performs identity verification. ARPF calculates authentication data and keys. UDM carries functions related to data management. According to literature [38], UDM should be protected from physical attacks. In addition, in order to ensure the security of vehicle identity, the security is provided and insured by technical and legal [39]. In order to simplify the certification process and facilitate research, they are collectively referred to as 5GC.
Trusted authority (TA): TA is a completely trusted public organization, which is mainly responsible for system ini-tialization, generation of public parameters, and registration for other entities participating in communication. In the registration stage, TA generates the pseudonym of the vehicle, then records the real identity of the vehicle, and shares the data with 5GC through the secure channel [29]. When a malicious vehicle is found, the 5GC can directly identify the opponent by searching for the malicious vehicle.
Roadside unit (RSU): RSU is an important communication entity in the system. It acts as a roadside unit to communicate with the vehicle in real time.
Vehicles: Each vehicle has an on-board unit (OBU), and each OBU has an antitampering device to protect secret information. It is responsible for collecting relevant information and transmitting other vehicles and RSU.

Security Requirements.
The main goal of this article is to design a lightweight, safe, and effective vehicle group communication solution in the 5G networks to ensure the safe communication of the vehicular networks. Therefore, here are the security requirements to be met [13, 29-31, 34-37, 40-45].
(1) Anonymity: the true identity of the vehicle must not be disclosed to any organization or user other than the authority and 5GC. To ensure that the attacker cannot obtain the true identity of the vehicle from the transmitted data, the vehicles participating in the communication should use fake identities (2) Message authentication and integrity: in the process of vehicle communication, the authenticity and integrity of the transmitted data should be guaranteed. The receiver can confirm that the received content is a true and complete message by authenticating the sender, rather than a message forged or modified by others (3) Traceability: when there is a malicious vehicle that releases false information, the authority can quickly trace the real identity of the malicious vehicle and broadcast its real identity to the outside world (4) Unlinkability: the attacker cannot link different messages of the same vehicle through intercepted transmission data.
(5) Common attack resistance: it can resist common attacks such as replay attacks, man-in-the-middle attacks, and modification attacks in the Internet of Vehicles

Chebyshev Chaotic Mapping.
Bergamo et al. [46] clearly proposed that public-key cryptographic algorithms designed based on the semigroup characteristics of Chebyshev polynomial did not satisfy security. Therefore, the solution in this paper adopts the more secure extended Chebyshev polynomial proposed by Zhang [47], which is defined as follows: Definition 1. Let n be a positive integer, x ∈ ð−∞,+∞Þ, n -order Chebyshev polynomial is defined as: T n x ðÞ= cos narccos x ðÞ ðÞ mod P: ð1Þ

Wireless Communications and Mobile Computing
The iterative relation of Chebyshev polynomial is as follows: where T 0 ðxÞ =1,T 1 ðxÞ = x mod P, n ≥ 2, and P is a large prime [48]. Here, the value of the extended Chebyshev polynomial is T n ðxÞ = yðmod pÞ, given x, y, and a large prime number p, then solve for n ′ so that T n′ ðxÞ = yðmod pÞ, which is a discrete logarithm difficult problem.

System Setup.
In this stage, TA generates public parameters and master private key for the system and preloads the public parameters to the RSU and vehicle. TA selects large prime numbers p and q, randomly selects a secret value s TA ∈ Z * q as the system key, selects x ∈ ð−∞,+∞Þ, and {G} is a prime number generation library, which contains infinite nonrepeated positive integers, and these positive integers are prime numbers to each other. The numbers are randomly selected for use and then discarded after use. This ensures that each number is not reused. Finally, TA publishes the system parameters fp, q, P TA , x, H 1 , H 2 , fGgg.

Registration.
At this stage, the vehicle and RSU obtain the required system parameters from TA and register with TA. The specific registration process is as follows.
(1) RSU registration RSU i first safely sends the network messages connected with TA.TA assigns unique identity EID i to RSU i , selects secret value e i ∈ Z * q , and sends (EID i , e i )t oRSU i through secure channel. e i is shared by RSU i and TA, and {EID i ,e i } is stored in TA.
(2) Vehicle registration The vehicle U j first sends its real identity VID j to TA through secure channel. TA selects n j ∈ Z * q , and calculates PID j = H 1 ðVID j ks TA kn j Þ. TA stores VID j in the database, then sends PID j to the vehicle U j and saves it to the OBU j .
Here, the registration data stored in TA are shared with 5GC through secure channel.

Access Authentication
(1) When RSU i detects that there is a group communication between vehicles, it broadcasts a group access authentication notification message to the surroundings (2) When the vehicle receives the notification, the OBU j of the vehicle that needs to access the network first generates a random number h j ∈ Z * q , a prime number y j ∈ fGg, and current timestamp T j and calculates.  3 to get VID j , y j , MAC j , and then 5GC looks for the database to find the VID j .Ifitfinds the VID j , then proceed to the next steps; otherwise, the authentication is terminated. 5GC calculates MAC j ′ = H 2 ðVID j kA j 2 ′ kA j 1 k PID j kT j Þ, and verifies whether MAC j ′ and MAC j are equal. If they are equal, the validity of the vehicle is verified, and the certification continues. 5GC reselects n new j , e new i ∈ Z * q , calculates PID new j = H 1 ðVID j k s TA kn new j Þ and updates database {EID i , e new i }. 5GC selects current timestamp T TA and the random values g j , v i ∈ Z * q , and calculates F j 1 = T g j ðxÞ , 5GC selects group key MK ∈ Z * q for vehicle group and a random number 1ð mod y j Þ, and obtains S = ∑ n j=1 P j t j Y j mod Y through Chinese remainder theorem. Finally, 5GC calculates the certification confirmation value CCV j = H 2 ðVID j kMKÞ and gets the group authentication confirmation value CCVS = ⊕ n j=1 CCV j , and hashes it to get HCCVS = H 1 ðCCVSkRÞ. Then, 5GC sends the message   Figure 2: Authentication process of the proposed protocol. 6 Wireless Communications and Mobile Computing (5) After receiving the message sent by 5GC, RSU i first verifies whether the timestamp T TA is within the legal range. If the timestamp is valid, RSU i calculates Then, it verifies whether F i 5 ′ and F i 5 are equal. If they are equal, it uses e new i to update the secret value e i .At the same time, RSU i extracts the HCCVS, R and saves them to the database. Finally, the message {GID i , S, F j 1 , F j 3 , T TA } is forwarded to the corresponding vehicle (6) When the corresponding message is received in the group vehicles, the OBU j first verifies whether the timestamp T TA is the legal. If the timestamp is valid, it calculates P j ′ = S mod y j , ðMKkMAC TA Þ = P j ′ ⊕ H 1 ðA j 2 kVID j kT TA Þ and obtains the vehicle group key MK and MAC TA .Then, ifies whether MAC TA ′ and MAC TA are equal. If they are equal, OBU j certifies 5GC. At this time, it can know that OBU j gets the group key MK and updates PID new j . OBU j calculates OCCV j = H 2 ðVID j kMKÞ and sends the message {OCCV j }toRSU i (7) When RSU i receives the messages from the group vehicles, it calculates OCCVS = ⊕ n j=1 OCCV j , HCCVS = H 1 ðOCCVSkRÞ. And it verifies whether it is equal to the stored value HCCVS. If they are equal, it means that the group vehicles have been approved. Then, RSU sends OCCVS to 5GC and at the same time sends a successful authentication notification message to vehicular members (8) After 5GC receives the sent message, it verifies whether OCCVS and CCVS are equal. If they are equal, the group members are successfully authenticated

Formal Verification with Scyther Tool.
Here, we use the Scyther tool to verify our protocol, which is a formal verification tool for security protocols [52]. There are many models in the Scyther, such as standard Dolev-Yao model, CK model, and eCK model. By using the Scyther to model our protocol, the Scyther can effectively discover potential security issues. The tool evaluates the confidentiality and authenticity of protocol information by writing protocol roles. Moreover, the tool provides a friendly graphical user interface, which is convenient to analyze and verify the com-plex attack scenarios on the target protocol. Authentication statement in Scyther is as follows: Alive, Weakagree, Niagre, and Nisynch are used to detect malicious attacks such as replay attacks, reflection attacks, and man-in-the-middle attacks [53]. In this scheme, there are four roles: GV, RSU, 5GC, and TA. Since the protocol proposed in this paper is secure in the registration phase, we only consider the security in the access authentication phase. In the process of verification, we choose Dolev-Yao model to test, because attackers can carry out related attacks by controlling the network in this model. The simulation results based on Scyther are shown in Figure 3. It can be concluded from the results that our scheme successfully meets all the requirements of the Scyther confidentiality and authentication and resists attacks.

Security Analysis.
According to the safety requirements given in the previous chapter, the following safety analysis is given.
(1) Anonymity: this is an important aspect of vehicle privacy protection. In our proposed scheme, vehicles have communicated through the use of pseudonym PID j = H 1 ðVID j ks TA kn j Þ. And in the communication process, we hide the real identity in A j 3 = H 1 ð A j 2 kT j kPID j Þ ⊕ ðVID j ky j kMAC j Þ, and only by using the secret value s TA can restore the real identity of the vehicle. Therefore, the anonymity of the vehicle can be guaranteed (2) Message authentication and integrity: the communication entities in the scheme verify each other's legitimacy by verifying the message authentication code, so the scheme can provide message authentication.
Since the generation of the message authentication code is based on the extended Chebyshev polynomial DH problem, the message authentication code is secure. Therefore, the integrity of the message can be verified (3) Traceability: once a message is disputed, according to the report message sent by the malicious vehicle and the pseudoidentity, TA can trace back the true identity of the malicious vehicle by calculating ð (4) Unlinkability: because the scheme uses random numbers and timestamps, the messages transmitted over the network are different. In addition, since the pseudoidentity of the vehicle is dynamically updated, the attacker cannot confirm that they are from the same sender.
(5) Resistance to common attacks: the proposed scheme should be able to resist the following common types of attacks: (a) Resistance replay attack: since a timestamp is attached to the message, by checking the validity 7 Wireless Communications and Mobile Computing of the timestamp, the entities participating in the authentication can find out whether message replay has occurred (b) Resistance modification attack: in our proposed scheme, the message authentication code is calculated by the secret value held by the corresponding entity. And the secret value is updated dynamically. Therefore, the entity can verify whether the message has been modified (c) Resistance man-in-the-middle attack: according to the analysis of the previous message authentication and modification attacks, once an attacker intercepts and maliciously changes the message in transmission, the entity verifies that the message authentication code in the message cannot be passed. This can be quickly found that the transmission content has been changed (d) Resist counterfeit attacks: in order to disguise a legitimate vehicle to send a request message, the adversary needs to send correct A j 3 = H 1 ð A j 2 kT j kPID j Þ ⊕ ðVID j ky j kMAC j Þ and MAC j = H 2 ðVID j kA j 2 kA j 1 kPID j kT j Þ.A s analyzed above, it is impossible to extract the true identity of the vehicle from the intercepted

Performance Analysis
By computation overhead and communication overhead, we evaluate the performance of the scheme. Here, we will mainly compare the performance of some schemes similar to our proposed scheme, so our main comparison schemes are [13,30,31,33]. Here, n represents the number of vehicles in the group.  Table 3, we have calculated the computation cost of the related schemes.
As can be seen from Figure 4, compared with other schemes, our scheme has the least computation overhead. When the number of vehicles are increasing, the advantage will be more obvious.

Communication Overhead.
Before analyzing related protocols, we first define the size of relevant parameter in the   protocol. Assume that the key size based on the ECC algorithm is 256 bits, the size of Chebyshev chaotic map is 128 bits, the size of hash value is 128 bits, the size of identity information is 128 bits, the size of timestamp is 32 bits, and the size of random number is 128 bits [54]. Calculation of the communication overhead for the above schemes is shown in Table 4.
As can be seen from Figure 5, our scheme has obvious advantages in communication overhead by comparing with other schemes [30].

Conclusion
As the communication among vehicle groups involves the problems of low delay, safety, and efficiency in the 5Genabled vehicular networks, we propose a lightweight and secure vehicle group authentication protocol. The scheme is based on the extended chaotic mapping algorithm to achieve authentication, and the group key is distributed through the Chinese remainder theorem, so that the vehicle groups will communicate through the group key. In order to protect the security of RSU, the shared key will be updated. In addition, the security of the scheme is verified by the Scyther tool, and the verification results show that the security of the protocol can be guaranteed. And through the security analysis, the scheme can not only effectively resist all kinds of attacks but also ensure the anonymity, unlinkability, and other security requirements. Finally, by comparing the computation overhead and communication overhead with related schemes, our scheme has less overhead. In the future research work, we will start to study the group management scheme based on aggregation authentication. With the development of 5G communication technology, an effi-cient scheme is designed to meet the needs of security and privacy.

Data Availability
The data used to support the findings of this study are included within this article.

Conflicts of Interest
The authors declare that there is no conflict of interest regarding the publication of this paper.