Delegating Authentication to Edge: A Decentralized Authentication Architecture for Vehicular Networks

Abstract

Secure and efficient access authentication is one of the most important security requirements for vehicular networks, but it is difficult to fulfill due to potential security attacks and long authentication delay caused by high vehicle mobility, etc. Most of the existing authentication protocols, either do not consider attacks like single point of failure or do not focus on reducing authentication delay. To address these issues, we introduce an edge-assisted decentralized authentication (EADA) architecture, which provides secure and more communication-efficient authentication by enabling an authentication server to delegate its authentication capability to distributed edge nodes (ENs) such as roadside units (RSUs) and base stations (BSs). Under the architecture, we propose a threshold mutual authentication protocol that supports fast handover, which involves two scenarios, Auth-I and Auth-II. Auth-I only happens once when a vehicle tries to access the network for the first time, while Auth-II happens when a vehicle seamlessly roams between two ENs, i.e., handover. Specifically, for Auth-I, each vehicle can be cooperatively authenticated by $t$ out of $n$ ENs with identity-based signature techniques to obtain an authentication token and the involved ENs can be efficiently authenticated in a batch by the vehicle. For Auth-II, the vehicle can utilize the token as its private credential to achieve fast handover based on identity-based signature without interacting with multiple ENs, which further reduces the authentication delay significantly. In addition, we design a flexible method to support dynamic joining and leaving of ENs without the assistance of a trusted center. We demonstrate that the proposed protocol is secure and efficient through security analysis and performance evaluation.