A Dual Mode Privacy-Preserving Scheme Enabled Secure and Anonymous for Edge Computing Assisted Internet of Vehicle Networks

This paper adopts Named Data Network technology for data delivery/forwarding over the Internet of Vehicles (IoVs) and proposes an NDN-based architecture for IoVs based on mobile edge computing(MEC). Advanced research has demonstrated the considerable benefits of introducing MEC into IoVs, but comes with issues such as insufficient security and privacy protection problems. To address these issues, we propose a dual-mode privacy-preserving framework for the security layer of the proposed network architecture. Specifically, we construct a privacy protection identity-based broadcast proxy re-encryption scheme to provide privacy to a set of vehicles with data requests. Furthermore, we use a federated learning scheme based on local differential privacy in the proposed NDN-based architecture for MEC-empowered IoV to achieve high-speed response and decision making. Simulation results demonstrate that our proposed scheme performs effectively.


INTRODUCTION
The explosion of data from a variety of intensive vehicle applications (e.g.driving safety, traffic efficiency, infotainment, etc.) is promoting the development of more advanced Internet of Vehicles (IoV) technologies [3].Mobile edge computing (MEC) solutions for IoV are considered cost-effective due to their ability to process data in real-time and reduce the storage burden.Emerging MEC technologies are able to merge available storage and compute resources from different vehicles and roadside resource-rich infrastructures to build powerful distributed mobile computing systems that maximize the potential resources of the surrounding vehicles or roadside infrastructures [5].
However, a prominent issue is the difficulty of maintaining a reliable and efficient wireless network between vehicle clusters and edge computing resources.Besides, existing TCP/IP implementations for IoVs need to allocate the IP address of the vehicle to maintain the path to route in highly dynamic environments, hence it may not be well used for content delivery in MEC-empowered IoVs.Since the communications in MEC-empowered IoVs are dynamic and intermittently available, a workable solution is that the in-network devices (e.g.vehicles and MEC devices) Satisfy service requests with in-network caches.The Named Data Networking (NDN) [15] is considered as a viable alternative to enable data delivery/forwarding for IoVs [7].Besides, the NDN network architecture has endogenous security because it needs to verify the binding between the name and the content.By employing NDN in IoVs, the shortcomings of IP-based solutions can be avoided and we will realize instant content transmission.
Edge computing migrates computations from the cloud of the end adjacent to the vehicle node, and directly processes and makes decisions on the data locally, thereby avoiding the long-distance propagation of data in the network to a certain extent, and reducing the risks of privacy leakage.However, because the edge device obtains the user's first-hand data, it is very likely to be used to analyse sensitive private data.In the IoV edge computing scenario, the edge server lacks effective encryption or desensitization measures compared to the traditional cloud centre.Once it is attacked, Session: V2X and IoV DIVANet '21, November 22-26, 2021, Alicante, Spain sniffed, or corroded by hackers, the stored data (e.g., real-time traffic information ) will be leaked.In addition, as an honest-butcurious semi-trusted proxy server, the MEC device's own security and privacy leakage issues are also worthy of attention.An effective solution is to implement proxy re-encryption (PRE) [2], which is a solution for storing cloud data securely and flexibly and sharing it with recipients.In order to be more convenient in practice, an identity-based PRE (IPRE) was proposed [4], in which the receiver's recognizable identity can serve as a public key.In traditional PRE and IPRE, a single receiver is provided.When there are more than one receivers, the data owner have to repeat the key generation step, which will increase the computational cost.To address this issue, the identity-based broadcast PRE (IBPRE) was proposed [14] to generated the re-encrypt key for a group of receivers.
Using the intelligent analysis and decision-making capabilities of artificial intelligence (AI), many AI learning algorithm frameworks are applied to edge devices to perform prediction tasks and part of training tasks with real-time requirements [13].The above high resource requirements have prompted the development of dedicated AI chips for running machine learning applications for MEC-empowered IoV edge devices.As a result, the dedicated AI chips can reversely Empower the substantial increase in the computing capabilities of edge terminal devices, and provide physical support for the privacy-preserving schemes in MEC-empowered IoVs.Homomorphic encryption is an effective solution designed to solve data privacy and trustworthiness issues.By implementing homomorphic encryption in the AI-empowered mobile edge computing for IoVs [9], a vehicular user can encrypt the local data of the requested service to achieve "absolutely secure" edge computing services.During the whole process, the initial data of the vehicular user will not be leaked to the MEC server.A practicable solution is to use homomorphic encryption methods in federation learning for the protection of weights [1].
In this paper, we propose an NDN-based architecture for the MEC-empowered IoVs.Based on the proposed network architecture, we propose a dual-mode privacy protection framework at the security layer, including 1) a privacy-preserving IBPRE scheme based on Lagrange interpolation [8] that acts on the content transmission process from the data owner to the MEC server to the vehicle, and 2)a privacy protection federated learning scheme based on homomorphic encryption [11] in proposed NDN-based architecture for MEC-empowered IoVs to achieve a high-speed response and decision making process.

NDN-BASED VEHICULAR EDGE NETWORK ARCHITECTURE
As already stated, the NDN structure avoids the hassle of addressing the current IP architectures.Besides, to be more capable in, e.g., time-varying, intermittent connection, and mobility, the network architecture ought to have the ability to control data security and storage the data to the edge of the consumer, which is indispensable in MEC-empowered IoVs.With this motivation, we propose an NDN-based architecture for MEC-empowered IoVs as shown in Fig. 1.AI-empowered roadside units (RSUs) in the physical layer are deployed along the road and act as edge servers.The roadside clouds

Physical Layer
IoV devices  consisting RSUs provide intelligent vehicles with communication, caching, and diverse computing resources to support the fascinating application layer programs.At meanwhile, one or a group of intelligent vehicles with robust storage and computing capabilities can also serve as an edge cloud.Intelligent vehicles travelling on the road at a certain speed and direction are the main generators of computing tasks and content requests.Suggested architecture can serve intelligent vehicles and provide privacy support in three ways: 1) offloading computationally intensive tasks to a central cloud, 2) offloading immediate and small tasks to an edge cloud or an in-vehicle cloud, 3) requesting popular contents stored in the RSU cache.The remaining layers and related components are described below.

Strategy Layer
The policy layer is designed to perform corresponding strategies for providing name-based data delivery and to struggle with the mobility of data and devices on the data plane.
• Naming: The naming mechanism hides the underlying heterogeneous devices and the details of heterogeneous networks and only exposes the unified interface to the upper layer.Upper-layer application designers can communicate by calling the unified interface provided by NDN without caring about the heterogeneity of the underlying devices and the network in IoVs.
• Caching: In-network caching promotes the NDN layer responds to vehicle requests by caching content in edge service providers.However, traditional NDN separates content from its original owner, causing the original content owner to get out of hand who can cache their content and where it will be cached.In addition, the copying and redistribution of content have the risk of infringing the copyright of the content and the privacy of users.• Routing: NDN routing schemes, Interest and Data packets forwarding strategy by combining various techniques may help IoVs to overcome mobility issues thus improve the Quality of Service, and Quality of Experience for users in IoVs.

NDN Layer
In the NDN layer, the service model uses the exchange mechanism of Interest packets and Data packets to ensure communication and supports network management at the control plane by using only content names rather than host addresses.The application file is divided into multiple contents.Each node in the framework has three important data components: 1)Content Store (CS) is designed to cache the Data packets, 2) Pending Interest Table (PIT) keeps track of the responding progress towards the requested vehicles, 3)Forwarding Information Base (FIB) is a routing table depend on the selected protocol.FIB aims to select a optimized path to relay interests towards the content source (i.e., original content provider or node with content cache).

Security Layer
Security is a built-in layer in NDN, it provides content-based security and trust model (NDN separates the content credibility from the host credibility and channel credibility) by maintaining the security binding of the name and content, which fundamentally solves the content security issue and thus there is no overhead for maintaining a secure transmission channel of the content.The content security is the basis of the caching mechanism of NDN layer.In MEC-empowered IoV scenarios, due to the calculation, storage, and energy consumption limitations of a vehicle equipment, the security layer is required to provide lightweight signature generation and verification algorithms as well as encryption and decryption algorithms.Further, privacy protection schemes according to different dimensions are also necessary.

A DUAL-MODE PRIVACY-PRESERVING FRAMEWORK IN MEC-EMPOWERED IOVS
According to different service requirements, the dual-mode privacy protection framework in AI-enhanced mobile edge computing for IoV includes two main schemes: 1) proxy re-encryption scheme with privacy-preserving, 2) privacy protection federated learning scheme based on homomorphic encryption.

System Model of Content Delivering in MEC-empowered IoV
The system model in Fig. 2 consists of a remote service provider (RSP) in cloud center, a private key generator (PKG), a data owner Secret key (e.g., an intelligent vehicle), some edge proxy service providers (EP-SPs) in roadside cloud and data sharers (vehicles who requesting content).When the system is idle, the data owner ID can generate some encrypted contents (e.g.Software update packages) with the proxy re-encryption scheme and sign them using an identity-based signature [12] and transmit to the EPSPs as caching in advance (following a probabilistic caching scheme in [10]).When the RSP intends to share data with a group of vehicles (e.g.V 1 = {id 1 , id 2 , id 3 } who generate interest request packets within a given limit, it will generate and send to the EPSP1 a re-encryption key rk i d → V 1 and indicate that the corresponding data is permitted to be shared with the vehicles in V 1 .After that, EPSP1 re-encrypts the data with the re-encryption key and sends the re-encrypted ciphertext to the specific vehicles V 1 = {id 1 , id 2 , id 3 }.Finally, any of the vehicles in V 1 = {id 1 , id 2 , id 3 } can recover the data packets using the specified private key generated by PKG according to its id during the registration.

PIBPRE: Privacy-Preserving Identity-Based Broadcast Proxy Re-encryption
For two cyclic groups G and G T , with q denoting their prime order, we output the parameters.(q, G, G T , e) for a bilinear map.
The mapping e : G × G → G T has three properties: 1) ∀a, b ∈ Z, and (д, h) ∈ G 2 , e(д a , h b ) = e(д, h) ab , 2)∀д, h 1 G , there exists e(д, h) 1 G T , 3)∀д, h ∈ G, e(д, h)is efficiently computable.Fig. 3 is the procedure chart of privacy-preserving PIBPRE.The premise is that the EPSP knows the identity of the authorised receiving vehicles V = id 1 , id 2 , ...., id n .The number of vehicles in the set V is n.The EPSP computes n points (x 1 , y 1 ), (x 2 , y 2 )..., (x n , y n ) for the vehicles in V .Then the EPSP build the following polynomial depend on Lagrangian interpolation,  When any of the requesting vehicles id i in the group V need to decrypt, calculate its x coordinate value, and thus obtain the corresponding y coordinate value.Afterwards, vehicle id i can recover the plaintext.
The proposed PIBPRE scheme uses several algorithms as described here. •

Security and Privacy Analysis of PIBPRE
In the NDN-based architecture for the MEC-empowered IoV network, the security mechanism is applied to the content itself.Therefore, content delivery and caching may not require communication security.In addition, NDN can promote content access during the movement of vehicles, because vehicles no longer deliver data through the constantly changing IP when their move (i.e., the nodes are not directly addressable), which reduces the efficiency of Denial of Service (DoS) attacks.In data-centric MEC-empowered IoV, popular content is mainly cached on devices that perform forwarding operations (e.g., EPSPs in our system).The PIBPRE we have adopted and applied can be proven to be secure against S-CPA, which means that it can easily protect the cached content in the data-centric MEC-empowered IoV.Then the remaining security issues are concentrated on the component itself.

Homomorphic Encryption for Federated Learning in MEC-empowered IoV
Considering the AI-empowered mobile edge computing for IoV, privacy and data security concerns may result in vehicles and MEC servers being reluctant to disclose their datasets, thus denying them the benefits of large-scale deep learning on federated datasets.In practice, the optimized machine learning model does not require too many resources during the inference process.Therefore, in order to ensure that in-vehicle applications obtain inference results with very low latency, we can place training on the AI-enabled MEC server, and put the inference on the vehicles, to achieve high-speed response to business changes and make decisions.To this end, we tried to implement a privacy protection federated learning system based on homomorphic encryption in our NDN-based architecture for MEC-empowered IoV.
The privacy protection federated learning scheme based on homomorphic encryption is shown in Fig. 4. Establish secure communication between vehicles through NDN to achieve the integrity of ciphertexts.The initial (random) weight W дlobal to run the local neural network is initialized by a vehicle id 1 who also sends дlobal is also a vector constituting the i-th part of W дlobal .Each processing unit updates the weight parameters according to дlobal −a •G (i) based on the additive homomorphism, where a the learning rate.For each requested vehicle, download and decrypt with the key sk to obtain the weight parameter W (j) (wherej ∈ [1, n pu ]), and then acquire the weight vector W дlobal .Utilizing n pu processing units to simultaneously update the gradients in parallel, which can significantly speed up the training progress of federated learning.

PERFORMANCE EVALUATION
• Experimental Setup: We implement our proposed PIBPRE scheme using Crypto and PBC library and perform our experiment on a computer with a 1.The detailed simulation results are presented as follows: We have compared PIBPRE with the state-of-the-art broadcast proxy reencryption schemes [2,14] and AES-GCM scheme in terms of generation time of re-encrypt key and re-encryption time.The generation times of the ReKeyGen and ReEnc algorithms and their cumulative results are shown from left to right in Fig. 5.The left one provides the re-encrypt key generation time in PIBPRE and the comparison schemes.The results show that our proposed PIBPRE has a minimal generation time for the ReKeyGen function, which verifies the validity of the re-encryption method based on the Lagrange interpolation polynomial theorem.The middle one provides the re-encryption time for PIBPRE and the comparison schemes.The re-encryption time of PIBPRE is less than the PRE scheme while more than the AES-GCM scheme and IBPRE scheme.That is because PIBPRE needs more time to re-encrypt cipher-text as we built the polynomial using each receiver's identity.However, both the AES-GCM and IBPRE schemes require that each receiver know the identity of other receivers in the same group, thus cannot guarantee the privacy of the receivers.For the PRE scheme, it needs to re-encrypt cipher-text repeatedly for different receivers, so it consumes the longest time.to provide low encryption overheads while protecting the identity privacy of vehicles.
For the offloading process in federated learning using homomorphic encryption, defined the total time consumption includes the data encryption time and the time to calculate the encryption dispersion but does not include the time spent running a copy of the federated learning-based network.We set up 40% of the vehicles with a computational offloading requirement and the computational task is a 10-dimensional vector.After generating the data vector, the requesting vehicle encrypts each element in the vector and sends the encryption results to an EPSP that can provide it with federated learning services.The average encryption and the time taken to calculate the encryption discretization are given in Fig. 6 as a function of the number of vehicles, respectively.As can be seen Fig. 6, encryption time increases linearly with number of vehicles.This is because the number of necessary cryptographic operations and tasks in the encryption process are linearly correlated.In contrast, the time required to calculate the encryption discretization does not change significantly as the number of vehicles increases.

CONCLUSIONS AND FUTURE WORK
In this article, we first propose an NDN-based architecture for MEC-empowered IoVs that can safely and efficiently coordinate edge computing and caching.In addition, a dual-mode data sharing mechanism is proposed to enhance security and vehicle identity privacy. 1) Addressing the insecurity of roadside proxy servers and the privacy of vehicle identities during content delivery through a novel privacy-based approach called PIBPRE, which enables the proposed architecture to be rapidly secure in terms of content delivery.
2) The implementation of a federated learning scheme based on homomorphic encryption enables the proposed architecture to respond and make decisions securely and with a high speed during the computational offloading process.Numerical results indicate that the effectiveness of the proposed scheme has been validated.As future work, the following research challenges have been identified: • The evaluation of PIBPRE with other caching and dissemination approaches.• The usage of efficient security solutions that provide computational offloading for no-delay-tolerance applications.

Figure 4 :
Figure 4: The privacy protection federated learning system for MEC-empowered IoV.

Figure 5 :Figure 6 :
Figure 5: Generation time of ReKeyGen and ReEnc with different number of recivers.