Efficient Privacy-Preserving Data Sharing for Fog-Assisted Vehicular Sensor Networks.

Vehicular sensor networks (VSNs) have emerged as a paradigm for improving traffic safety in urban cities. However, there are still several issues with VSNs. Vehicles equipped with sensing devices usually upload large amounts of data reports to a remote cloud center for processing and analyzing, causing heavy computation and communication costs. Additionally, to choose an optimal route, it is required for vehicles to query the remote cloud center to obtain road conditions of the potential moving route, leading to an increased communication delay and leakage of location privacy. To solve these problems, this paper proposes an efficient privacy-preserving data sharing (EP 2 DS) scheme for fog-assisted vehicular sensor networks. Specifically, the proposed scheme utilizes fog computing to provide local data sharing with low latency; furthermore, it exploits a super-increasing sequence to format the sensing data of different road segments into one report, thus saving on the resources of communication and computation. In addition, using the modified oblivious transfer technology, the proposed scheme can query the road conditions of the potential moving route without disclosing the query location. Finally, an analysis of security suggests that the proposed scheme can satisfy all the requirements for security and privacy, with the evaluation results indicating that the proposed scheme leads to low costs in computation and communication.

1. Introduction

Vehicular sensor networks (VSNs) [1,2,3], that is, a combination of wireless communication given by vehicular ad hoc networks [4] and the sensing devices installed in the vehicle, can improve traffic conditions in urban cities, and have recently received considerable attention. In VSNs, the vehicles equipped with sensing devices can record a myriad of data reports on the road conditions and environment situations, and these data reports need be uploaded to the remote cloud center [5,6] for processing and analyzing. In addition, vehicles often need to query the road conditions of potential moving routes at remote cloud centers. However, uploading a large amount of data reports to the cloud data center consumes heavy bandwidth, and leads to an increased communication delay.

Recently, fog computing [7] has been proposed to extend the capabilities of cloud computing [8] near vehicles [9], which can locally handle the data reports uploaded by vehicles. These new properties will bring about benefits such as location awareness and low latency. Fog computing has already been used to provide low latency services in vehicular sensor networks, such as navigation services [10] and surface condition monitoring [11].

A typical architecture of fog-assisted vehicular sensor networks (F-VSNs) [12,13,14] contains the trusted authority, cloud center, fog nodes, and vehicles. The trusted authority is responsible for generating system parameters, and the registration of all entities (cloud center, fog nodes and vehicles). The cloud center provides centralized control with strong computing power and large storage capacity from a remote location. Fog nodes have available computing, storage, and communication resources [15], which is deployed at the edge of networks with physical proximity to vehicles, playing as the bridge across the vehicles and the cloud center. Vehicles are installed with a variety of smart sensors that can sense road conditions and environmental parameters. F-VSNs allows some computations and processing to be performed at the fog nodes, greatly reducing the consumption of communication time and energy.

Although F-VSNs brings a great deal of benefits and conveniences, there still exist several issues in terms of data collection and data query. Specifically, vehicles generate a large amount of sensory data reflecting the road conditions and environment situations, and need to upload the sensory data to cloud center for further processing and analyzing, which brings heavy computation and communication costs. To solve this problem, data aggregation technology, which is designed to aggregate multiple data into one report, has recently received more and more attention.

However, using the existing data aggregation schemes [16,17,18,19,20,21,22] cannot determine the number of data reports produced in each road segment, and cannot compute the average sensory data in each road segment. To solve the problem, the scheme [23] exploits the Chinese remainder theorem and Paillier cryptosystem to calculate the average sensory data in each segments; however, it brings heavy computation and communication costs. In addition, to choose an optimal route, vehicles often query about the road conditions of the potential moving routes, but the query reports uploaded by vehicles are tightly associated with the query location, and thus the query location could be disclosed.

The oblivious transfer [24,25], homomorphic encryption technology [26,27], and proxy re-encryption technique [23] have been exploited to hide the query location. However, it is worth noting that the computation and communication costs by the schemes [24,25] is directly proportional to the data dimension, the schemes [26,27] do not support the scenario with high vehicle density, and the scheme [23] needs heavy computation and communication costs.

1.1. Our Contributions

To solve the aforementioned problems, this paper proposes an efficient privacy-preserving data sharing (EPDS) scheme for fog-assisted vehicular sensor networks. The main contributions of this paper are as follows:

First, the proposed EPDS scheme exploits the super-increasing sequence [20] for achieving multi-dimensional data aggregation, while calculating the average sensory data in each road segment, greatly saving on the resources of communication and computation.

Secondly, by utilizing the modified oblivious transfer [28], the proposed EPDS scheme is able to query about the road conditions of the potential moving routes without disclosing the query location.

Thirdly, an analysis of security indicates that the proposed EPDS scheme is proven to be secure under elliptic curve discrete logarithm (ECDL) assumption in the random oracle model and satisfies all the requirements for security and privacy.

Finally, the performances of computation and communication in costs are evaluated through quantitative calculations, with the results that the proposed EPDS scheme is of more efficiency than others.

1.2. Organization

This paper is organized as follows. The related work is surveyed in Section 2. We introduce the background in Section 3. The concrete scheme is proposed in Section 4. Section 5 provides an analysis of the security. In Section 6, the performance evaluation is performed. Section 7 concludes the paper.

2. Related Works

Some works closely related to this paper are briefly reviewed below.

In F-VSNs, massive sensory data is produced in each data dimension, and needs to be uploaded for further processing and analysis; data aggregation schemes [16,17,18,19,20,21,22,23] have received considerable attention recently, and are roughly classified into two categories: single-dimensional data aggregation [16,17,18,19] and multi-dimensional data aggregation [20,21,22,23]. Zhuo et al. [16] introduced a data aggregation scheme, which protects each involved entity’s identity privacy, and allows the requester to examine the correctness of the obtained results. Rabieh et al. [17] employed the data aggregation technique to find out the routes for the vehicle to be in each road segment; however, it only can calculate the data aggregation result, and cannot recover the content in each data dimension.

Xu et al. [18] constructed a privacy-preserving data aggregation scheme that can classify messages based on where and when the sensor data is collected, and aggregate the data collected in the same area and period. Sun et al. [19] designed a data aggregation mechanism considering data integrity and access control. However, the schemes [16,17,18,19] are unable to determine the number of the data reports produced in each data dimension, and further fail to calculate the average sensory data in each data dimension. Lin et al. [20] integrated the perturbation technique and super-increasing sequence to combine multiple aggregated data into one data report to improve the energy efficiency.

Lu et al. [21] employed the homomorphic Paillier encryption, one-way hash chain technique and Chinese remainder theorem to achieve lightweight multi-dimensional data aggregation. On the basis of the super-increasing sequence and modified homomorphic Paillier encryption, Wang et al. [22] introduced a multi-subtasks aggregation scheme, in which each aggregated datum is mapped to a specific area and period. Kong et al. [23] designed a privacy-preserving multi-dimensional data sharing scheme using the Chinese remainder theorem and modified Paillier encryption, with counting the number of the sensory data collected at each segments and calculating the average sensory data in each segment.

Although schemes [20,21,22,23] are able to calculate the average sensory data in each data dimension, they bring heavy computation costs and communication overhead. In addition, the query vehicle usually wants to know the road conditions of the potential moving route, which could lead to that the query location being disclosed in the data query process, the schemes in [23,24,25,26,27] have been proposed to solve this problem.

Ghinita et al. [24] and Paulet et al. [25] employed the oblivious transfer to hide query location in the data query process, but the communication cost of schemes [24,25] is directly proportional to the data dimension. Zhu et al. [25,26] utilized an improved homomorphic encryption technology to protect the query location in location-based services, but it do not support scenarios with a high vehicle density. Kong et al. [23] utilized the proxy re-encryption technique to hide the query location, but it does not support queries of whole network sensory data during the data query phase.

To sum up, from the review above, the available data aggregation schemes [16,17,18,19,20,21,22,23] either fail to determine the number of data reports produced in each data dimension or bring heavy computation and communication costs. In addition, the communication costs of the existing schemes [23,24,25,26,27] are either directly proportional to the data dimension or bring heavy communication costs in the data query process.

To address the issues above, we propose an EPDS scheme for fog-assisted vehicular sensor networks, which can not only reduce the computation and communication costs, but also calculate the average sensory data in each road segment. Additionally, the proposed EPDS scheme can query the road conditions of potential moving routes without disclosing the query location.

3. Background

3.1. System Model

The system model is presented in Figure 1, which is composed of five entities: trusted authority (), cloud center (), the data collection vehicle , fog node , and the data query vehicle . The road area is divided into m segments, and each segment k is represented by a unique two-dimensional identifier , approximating of the location coordinates [23]. As to readability, the definitions of notations employed in this study are illustrated in Table 1.

Figure 1

System model.

Table 1

Notations

Symbol	Definition
TA	Trusted authority
CC	Cloud center
(s,P_pub)	TA’s public key and private key
(x,P_cc)	CC’s public key and private key
V_i	The i-th data collection vehicle
(ID_i,PID_i)	V_i’s real identity and pseudo identity
(x_i,R_i)	V_i’s private key
FN_j	The j-th fog node
ID_j	FN_j’s identity
(x_FN_j,R_FN_j)	FN_j’s private key
V_q	The data query vehicle
(ID_q,PID_q)	V_q’s real identity and pseudo identity
(x_q,R_q)	V_q’s private key
(u_k,v_k)	Identifier of the segment k
d	Maximum value of sensory data
m	The total number of segments
n	The total number of fog nodes
δ	The total number of vehicles
|d|	Maximum length of sensory data
φ	The vehicles’ sharing key
di,kj	The sensory data captured by V_i at segment k under FN_j
ei,kj	If di,kj>0, then ei,kj=1; If di,kj=0, then ei,kj=0.
H_i	Eight one-way hash functions, H_i:{0,1}^*→Zq*,i=1,2,···,7,H_8:{0,1}^*→{0,1}^|d|-1.
⊕	The exclusive OR operation
p,q	Two large prime numbers
F_p	The finite field over p
G	An additive group with the order q on the elliptic curve E over F_p
P	A generator of G

The wireless connections between the vehicles and the fog nodes are brought about by the Institute of Electrical and Electronics Engineers (IEEE) 802.11p standard [29]. The connections between the fog nodes and are achieved via either the wired links or other links with low transmission delay and high bandwidth.

: A fully trusted entity, which is responsible for the management of the security parameters for the system and the registration of the cloud center, fog nodes, and vehicles, and periodically updates the system information.

: An honest-but-curious entity, which is responsible for providing centralized control with powerful storage and computing capabilities from a remote location. In addition, it can perform computational analytics from data reports uploaded by the fog nodes, and distribute data to all fog nodes for further sharing with vehicles [30].

: It is equipped with smart sensors, periodically formatting a data report from the collected sensory data and uploading the data report towards the fog node.

: This consists of a road side unit and an edge server [13], and aggregates the data reports uploaded by the data collection vehicles under its communication range and transmits the aggregated data report towards . Meanwhile, each fog node manages one or more segments, and can assist in sharing the sensory data to the query vehicle [31].

: To choose an optimal route, usually sends a query report to the fog node, then the fog node returns a response report to .

In our system model, we assume the fog node is honest-but-curious, i.e., it is able to correctly execute the operations defined in the protocol; however, it also can try to violate the privacy of the vehicle through analyzing the vehicle’s data report and query report; meanwhile, we assume neither the fog nodes nor the query vehicles can collude with each other in the proposed EPDS scheme. Additionally, we assume there exists an attacker, which can eavesdrop on the data transmission and launch attacks.

3.2. Security Requirement

The following security requirements should be achieved.

Authentication and data integrity: The proposed EPDS scheme should guarantee that any reports are not modified during the transmission process, and can detect any modification of the reports; moreover, any entity in F-VSNs should be able to be authenticated to ensure the reliability of the data source.

Confidentiality: To ensure the privacy of sensory data, the proposed EPDS scheme should provide confidentiality, i.e., no attacker can obtain the sensory data from data report.

Location privacy preservation: To protect vehicle’s query location, it is important not to disclose the query location to fog nodes that provide location-based services in the data query process.

Identity privacy preservation: Apart from the , any entities should not trace or recognize the identity of the data collection vehicle by analyzing the received data reports.

Traceability: should be able to reveal the identity of the malicious vehicle uploading the bogus data report.

Unlinkability: Apart from the , neither fog nodes nor the malicious vehicles can determine whether the two data reports are from the same vehicle.

Resistance to attacks: The proposed EPDS scheme should be able to withstand various popular attacks such as the modification attack, replay attack, impersonation attack, and man-in-the-middle attack.

3.3. Elliptic Curve

Let be a finite field with a prime number p. The elliptic curve E over defined as the set of all points meeting , where and [32,33].

An infinity point O, and other points on E, form an additive cyclic group with the order q and generator P. Let and , the scalar multiplication over is described as (k times).

3.4. Security Assumption

ECDL problem [34,35]: Given two elements , the ECDL problem is to find an integer such that .

ECDL assumption [34,35]: It is hard for any probabilistic polynomial-time algorithm to solve ECDL problem with non-negligible probability.

4. The Proposed Scheme

The proposed EPDS scheme includes system initialization, registration, data collection, and data query phases. Note that the data flows in the data collection and data query phases are shown in Figure 2.

Figure 2

Data flows in the data collection and data query phases.

4.1. System Initialization

produces all system parameters through executing the following steps.

randomly chooses a large prime number p, and selects a non-singular elliptic curve E defined by , where .

picks a group of E with the prime order q and a generator P.

randomly chooses as its master key and computes its public key .

chooses eight one-way hash functions , , .

chooses a super-increasing sequence , such that , (), where are large prime numbers and d is the maximum value of the data. Then, assigns prime number towards segment k.

publishes the system parameters .

4.2. Registration

All vehicles, fog nodes, and cloud centers register with .

sends the identity to the in secure channel.

After confirming the identity , randomly chooses and computes and sets , where represents the valid period of .

randomly chooses and computes

randomly chooses a sharing key , and transmits the pseudo identity , the private key and the sharing key to in a secure channel.

sends the identity to the in a secure channel.

randomly chooses and computes

sends the private key to in a secure channel.

randomly chooses and computes .

sends the private key x and public key to in a secure channel.

4.3. Data Collection

The data collection phase includes three processes: data gathering, data aggregation, and data reading.

4.3.1. Data Gathering

gathers sensory data in a short period of time, e.g., every five minutes: (i) if there is a sensory data obtained at road segment k under , i.e., , then ; (ii) if there is no sensory data obtained at road segment k under , i.e., , then .

produces a data report through executing the following steps:

formats and into and .

randomly selects , and computes

randomly picks and calculates where is current timestamp.

transmits the data report towards , as shown in Figure 2 (①).

4.3.2. Data Aggregation

Supposing w vehicles upload the data reports to , where . can aggregate data reports through executing the following steps:

checks whether is valid and is fresh for each . If is not valid or is not fresh, will be rejected. Otherwise, performs the batch verification using small exponent test [36]. randomly selects a set of small numbers and checks whether the following equation holds

If it does hold, computes

randomly picks and calculates where is current timestamp.

transmits the aggregated data report towards , as shown in Figure 2 (②).

4.3.3. Data Reading

After receiving from respectively, executes the following steps:

checks whether is fresh for each . If is not fresh, will be rejected. Otherwise, randomly chooses a set of small numbers and performs the batch verification using small exponent test [36]. verifies whether the following equation holds

If it does hold, calculates

By solving the discrete log of and with the base P, utilizing the Pollard’s lambda algorithm [37], can obtain

distributes and to all fog nodes for further sharing with vehicles.

4.4. Data Query

The data query vehicle intends to query the data captured at segment c with the identifier at the . The phase includes three processes: query generation, data response, and response reading.

selects two random numbers and calculates

randomly picks and calculates where is the current timestamp.

transmits the query report towards , as shown in Figure 2 (③).

After receiving , checks whether is valid and is fresh. If is not valid or is not fresh, will be rejected. Otherwise, verifies whether the following equation holds

If it does hold, selects two random numbers and calculates

randomly picks and calculates where is the current timestamp.

transmits the response report towards , as shown in Figure 2 (④).

After receiving , checks whether is fresh. If is not fresh, will be rejected. Otherwise, verifies whether the following equation holds

If it does hold, calculates

By solving the discrete log of with the base P, utilizing the Pollard’s lambda algorithm [37], can obtain .

By calling the Algorithm 1, can achieve the average sensing data captured at segment c.

5. Security

This section depicts the security proof of the proposed EPDS scheme in the random oracle model. Additionally, a security evaluation and comparison on the proposed EPDS scheme and schemes of [17,19,23,25,26] is conducted.

5.1. Security Model

The security model of the proposed EPDS scheme can be found in the Appendix A.

5.2. Security Proof

The security proof of the proposed EPDS scheme can be found in the Appendix B.

5.3. Analysis and Comparison of Security Requirement

Authentication and data integrity: Based on Theorem 2, no polynomial-time attacker is able to fake a valid data report owing to the ECDL assumption. Therefore, authentication and data integrity can be ensured in the proposed EPDS scheme.

Confidentiality: Based on Theorem 1, without the cloud center’s private key x, any attacker is unable to compute the sensing data and , and thus confidentiality can be ensured in the proposed EPDS scheme.

Location privacy preservation: Based on Theorem 1, without the the data query vehicle’s private key , no attacker can obtain the query location from , , , , and hence the location privacy can be guaranteed in the proposed EPDS scheme.

Identity privacy preservation: On the basis of the proposed EPDS scheme, the identity of is only contained in the pseudo identity , where , and . To extract the identity of , the attacker has to compute . However, it is impossible to solve for any attacker to obtain without knowing and s. Therefore, the identity privacy is guaranteed in the proposed EPDS scheme.

Traceability: In accordance with the proposed EPDS scheme, can adopt its own master key s to calculate , and find out the identity of from the pseudo identity involved in the data report, with the proposed EPDS scheme satisfying the traceability.

Unlinkability: On the basis of the proposed EPDS scheme, the data reports generated by any vehicle are random, and any attacker cannot link the two data reports sent by the same vehicle, with the proposed EPDS scheme realizing the traceability.

Resistance to attacks: The proposed EPDS scheme is able to withstand the networks attacks in the following:

Modification attack: Based on Theorem 2, any polynomial attacker is unable to forge a valid data report with modification on data reports found.

Replay attack: On the basis of the proposed EPDS scheme, the timestamp is contained in the data report. By examining freshness of the timestamp, the verifier is able to bear any replay attacks.

Impersonation attack: From Theorem 2, no attacker can fabricate a legal data report without vehicle’s private key.

Man-in-the-middle attack: The analysis of the modification attack shows that any modification of the data reports on transmission is able to be found.

Security comparisons of schemes [17,19,23,25,26] and the proposed EPDS scheme are displayed in Table 2. S1, S2, S3, S4, S5, S6, S7, S8, S9, and S10 are used to represent authentication and data integrity, confidentiality, location privacy preservation, identity privacy preservation, traceability, unlinkability, the modification attack, the replay attack, the impersonation attack, and the man-in-the-middle attack, respectively.

Table 2

Security comparisons. Efficient privacy-preserving data sharing (EPDS), √ represents “satisfy” and × denotes “does not satisfy”.

Security	S1	S2	S3	S4	S5	S6	S7	S8	S9	S10
Rabieh et al.’s scheme [17]	√	√	×	×	×	√	√	√	√	√
Sun et al.’s scheme [19]	√	√	×	√	√	√	√	√	√	√
Kong et al.’s scheme [23]	√	√	√	×	×	√	√	×	√	×
Paulet et al.’s scheme [25]	×	√	√	×	×	√	×	×	×	×
Zhu et al.’s scheme [26]	√	√	√	×	×	√	√	×	√	×
EP^2DS	√	√	√	√	√	√	√	√	√	√

In accordance with Table 2, Rabieh et al.’s scheme [17] is able to provide location privacy preservation, identity privacy preservation, and traceability. Sun et al.’s scheme [19] cannot achieve location privacy preservation. Kong et al.’s scheme [23] cannot achieve identity privacy preservation, traceability, the replay attack, and the man-in-the-middle attack. Paulet et al.’s scheme [25] cannot achieve authentication and data integrity, identity privacy preservation, traceability, the modification attack, the replay attack, the impersonation attack, and the man-in-the-middle attack. Zhu et al.’s scheme [26] cannot achieve identity privacy preservation and traceability, the replay attack, and the man-in-the-middle attack. In contrast, all security requirements are able to be satisfied in the proposed EPDS scheme.

6. Performance Evaluation

We analyze the computation and communication costs of these schemes [17,19,23,25,26] and the proposed EPDS scheme, and evaluate their performance.

To realize a fair comparison, we compare these schemes [17,19,23,25,26] with the proposed EPDS scheme under the 80-bit security level [38]. Regarding the pairing-based schemes [17,19,23,25,26], we choose a bilinear pairing , where is an additive group defined by the generator P with order q on the super singular elliptic curve with the embedding degree 2, q is 160-bit Solinas prime number and p is 512-bit primer number meeting . With regard to the proposed EPDS scheme, we pick a group , where is produced by the generator P with the order q on an elliptic curve with a prime order q, where q, p are 160 bits prime number and , b is 160-bits random prime number.

The running time of the operations is able to be derived by making use of the MIRACL Crypto SDK [39]. We run the experiment on a 64-bit Windows 10 operating system with 2.53 GHz, an i7 CPU and 4 GB memory. Table 3 lists the average running time for these operations.

Table 3

Runtime of cryptographic operation (millisecond).

Notations	Descriptions	Runtime
T_sm	Scalar multiplication operation in G	0.3851
T_log	Solving the DL operation mod p	0.6438
T_e	The exponentiation operation in G_1	2.0289
T_m	The multiplication operation in G_1	1.4293
T_h	Map to point hash function operation	3.5819
T_p	Bilinear pairing operation in G_1	10.3092

6.1. Computation Costs

The computation costs of the proposed EPDS scheme and these schemes [17,19,23,25,26] are displayed in Table 4.

Table 4

Comparison of computation costs.

Scheme	Data Collection Phase			Data Query Phase
	V_i	FN	CC	V_a	FN
[17]	2T_m+2T_e	T_m+T_e+(w+1)T_p	T_e+(n+1)T_p	−	−
	= 6.9164 ms	= 10.3092w+13.7674 ms	=10.3092n+2.0289 ms
[19]	2T_m+T_e+T_h	(w+3)T_m+4T_p	T_m+nT_e+2T_p	−	−
	= 15.1967 ms	= 1.4293w+45.5247 ms	=2.0289n+11.7385 ms
[23]	4T_m+4T_e	2wT_m	6nT_m+4nT_e	10T_m+7T_e	9T_m+7T_e
	= 13.8328 ms	= 2.8586w ms	=16.6914n ms	=28.4953 ms	=27.0660 ms
[25]	−	−	−	5T_m+9T_e	6mT_m+(8m+ )Te
				=25.4066 ms	=24.8070m+6.0867 ms
[26]	−	−	−	2T_p+5T_e	4T_p+4T_m
				=30.7629 ms	=46.9540 ms
EP^2DS	5T_sm	(w+3)T_sm	(n+3)T_sm+2T_log	11T_sm+2T_log	8T_sm
	=1.9255 ms	=0.3851w+1.1553 ms	=0.3851n+2.4429 ms	=5.5237 ms	=3.0808 ms

In the data collection phase, for Rabieh et al.’s scheme [17], requires running two multiplication operations in and two exponentiation operations in , thus the total time is = 6.9164 ms. requires executing one multiplication operation in , one exponentiation operation in , and bilinear pairing operations in , and thus the total time is = 10.3092w+13.7674 ms. requires executing one exponentiation operation in and bilinear pairing operations in , and hence the total time is ms.

For Sun et al.’s scheme [19], requires running two multiplication operations in and one exponentiation operation in and one map to point hash function operation, thus the total time is = 15.1967 ms. requires executing multiplication operations in and four bilinear pairing operations in , so the total time is = 1.4293w +45.5247 ms. requires executing one multiplication operation in , n exponentiation operations in and two multiplication operations in , and hence the total time is ms.

For Kong et al.’s scheme [23], requires running four multiplication operations in and four exponentiation operations in , thus the total time is = 13.8328 ms. requires executing multiplication operations in , so the total time is = 2.8586w ms. requires executing multiplication operations in and exponentiation operations in , and hence the total time is ms.

For the proposed EPDS scheme, needs to run five scalar multiplication operations in , and therefore the total time is = 1.9255 ms. requires executing scalar multiplication operations in ; accordingly, the total time is = 0.3851w+1.1553 ms. requires executing scalar multiplication operations in and two solving the DL operations; therefore, the total time is = 0.3851n+2.4429 ms.

In the data query phase, for Kong et al.’s scheme [23], requires running ten multiplication operations in and seven exponentiation operations in , so the total time is = 28.4953 ms. needs to run nine multiplication operations in and seven exponentiation operations in , the total time is thus = 27.0660 ms. For Paulet et al.’s scheme [25], requires running five multiplication operations in and nine exponentiation operations in , the total time is thus = 25.4066 ms. needs to run multiplication operations in and exponentiation operations in , the total time is thus = 24.8070m +6.0867 ms.

For Zhu et al.’s scheme [26], requires running five exponentiation operations in and two bilinear pairing operation in , the total time is thus = 30.7629 ms. needs to run four multiplication operations in and four bilinear pairing operation in , the total time is thus = 46.9540 ms.

For the proposed EPDS scheme, needs to run eleven scalar multiplication operations in and two solving the DL operations, and hence the total time is = 5.5237 ms. needs to run eight scalar multiplication operations in , thus the total time is = 3.0808 ms.

Figure 3 clearly demonstrates the comparison result of computation costs in the data collection phase. Figure 3a shows that the computation costs of is 1.9255 ms, which decreases by 72.2%, 87.3%, and 86.1% compared with that by Rabieh et al.’s scheme [17], Sun et al.’s scheme [19], and Kong et al.’s scheme [23], respectively. As shown in Figure 3b, the computation costs of increase linearly with the number of vehicles, with the proposed EPDS scheme having a lower slope compared with Rabieh et al.’s scheme [17], Sun et al.’s scheme [19], and Kong et al.’s scheme [23]. From Figure 3c, we can see that the computation costs of grows linearly with the number of fog nodes, and the proposed EPDS scheme has a lower slope compared with Rabieh et al.’s scheme [17], Sun et al.’s scheme [19], and Kong et al.’s scheme [23].

Figure 3

Computation costs in the data collection phase. (a) Computation costs of (b) Computation costs of vs. number of vehicles; (c) Computation costs of vs. number of .

Figure 4 clearly indicates the comparison result of the computation costs in the data query phase. From Figure 4a, we can know that the computation costs of in the proposed EPDS scheme are 5.5237 ms, which decreases by 80.6%, 78.3%, and 82.0% compared with that by Kong et al.’s scheme [23], Paulet et al.’s scheme [25], and Zhu et al.’s scheme [26], respectively. Figure 4b shows the correlation between the computation cost of and the number of segments m, we can see that the computation cost of in the EPDS scheme is the smallest compared with Kong et al.’s scheme [23], Paulet et al.’s scheme [25], and Zhu et al.’s scheme [26]. The computation costs of in the proposed EPDS scheme are 3.0808 ms, which decreases by 88.6% and 93.4% compared with Kong et al.’s scheme [23] and Zhu et al.’s scheme [26]. Furthermore, unlike Paulet et al.’s scheme [25], the computation cost of in the EPDS scheme does not increase with the number of segments m.

Figure 4

Computation costs in the data query phase. (a) Computation costs of (b) Computation costs of vs. number of segments.

6.2. Communication Costs

The communication costs of the proposed EPDS scheme and these schemes [17,19,23,25,26], are evaluated in this subsection. We mainly consider the data report size, query report size, and response report size. As mentioned above, the lengths of the elements in , , and are 160 bits (20 bytes), 160 bits (20 bytes), 1024 bits (128 bytes), and 2048 bits (256 bytes), respectively, assuming that the length of timestamp and identity are 32 bits (4 bytes). The comparison results of communication costs are illustrated in Table 5.

Table 5

Comparison of the communication costs.

Scheme	Data Collection Phase	Data Query Phase
	Data Report Size	Query Report Size	Response Report Size
Rabieh et al.’s scheme [17]	260 bytes	−	−
Sun et al.’s scheme [19]	516 bytes	−	−
Kong et al.’s scheme [23]	1152 bytes	1152 bytes	1664 bytes
Paulet et al.’s scheme [25]	−	256 bytes	256m+128 bytes
Zhu et al.’s scheme [26]	−	324 bytes	320 bytes
EP^2DS	172 bytes	172 bytes	148 bytes

In the data collection phase, for Rabieh et al.’s scheme [17], the data report size is 260 bytes, as

For Sun et al.’s scheme [19], the data report size is 516 bytes, as

For Kong et al.’s scheme [23], the data report size is 1152 bytes, as

For the proposed EPDS scheme, the data report size is 172 bytes, as

In the data query phase, for Kong et al.’s scheme [23], the query report size is 1152 bytes, as

The response report size is 1664 bytes, as

For Paulet et al.’s scheme [25], the query report size is 256 bytes, as

The response report size is 256m+128 bytes, as

For Zhu et al.’s scheme [26], the query report size is 324 bytes, as

The response report size is 320 bytes, as

For the proposed EPDS scheme, the query report size is 172 bytes, as

The response report size is 148 bytes, as

The results from the comparison of communication costs in the data collection phase are illustrated in Figure 5. In terms of the data report size, the proposed EPDS scheme requires 172 bytes, which is decreased by 33.8%, 66.7%, and 85.1% compared with that for Rabieh et al.’s scheme [17], Sun et al.’s scheme [19], and Kong et al.’s scheme [23], respectively.

Figure 5

Comparison of the data report size.

The result from the comparison of communication costs in the data query phase is shown in Figure 6. Regarding the query report size, from Figure 6a, we can see that the proposed EPDS scheme requires 172 bytes, a decrease of 85.1%, 32.8%, and 46.9% compared with that by Kong et al.’s scheme [23], Paulet et al.’s scheme [25], and Zhu et al.’s scheme [26], respectively. Figure 6b shows the correlation between the response report size and the number of segments m, and we can see that the response report size in the EPDS scheme is the smallest compared with Kong et al.’s scheme [23], Paulet et al.’s scheme [25], and Zhu et al.’s scheme [26]. The proposed EPDS scheme requires 148 bytes, which is decreased by 91.1% and 53.8% compared with that of Kong et al.’s scheme [23] and Zhu et al.’s scheme [26], respectively. Furthermore, unlike Paulet et al.’s scheme [25], the response report size in the EPDS scheme does not increase with the number of segments m.

Figure 6

(a) Comparison of the query report size; (b) Comparison of the response report size.

7. Conclusions

This paper proposes an efficient privacy-preserving data sharing scheme for fog-assisted vehicular sensor networks. Based on the super-increasing sequence, the proposed EPDS scheme is able to format the data reports captured at different road segments into one report, while calculating the average sensory data in each road segment, greatly saving on the resources of communication and computation. Furthermore, by exploiting the modified oblivious transfer technology, the proposed EPDS scheme also can query the road conditions of the potential moving route in the data query phase without disclosing the query location. Finally, an analysis of security displays that the proposed EPDS scheme can satisfy all the requirements for security and privacy, with the performance evaluation suggesting that the proposed EPDS scheme is more efficient in computation and communication costs compared to the existing schemes of [17,19,23,25,26]. Accordingly, the proposed EPDS scheme is more appropriate for achieving data sharing in fog-assisted vehicular sensor networks. In future work, we will consider using blockchain technology to achieve decentralization and privacy protection.