Cryptographic Solution Based Secure Elliptic Curve Cryptography Enabled Radio Frequency Identification Mutual Authentication Protocol for Internet of Vehicles

Internet of Vehicles (IoV) is one of the most active research disciplines in Intelligent Transportation Systems (ITS), intending to improve VANET (Vehicular-Ad-hoc Network) capabilities. The main objective of IoV is to enhance the safety of passengers by incorporating various advanced information and communication technologies thus, ease the driving experience of passengers and enhances traffic efficiency. IoV has numerous key technologies, and one of them is Radio-Frequency Identification Technology (RFID) which has a plethora of applications in IoV like automatic toll collection, intelligent parking, data dissemination, tracking the location of the vehicle, etc. which enhances the overall performance of IoV networks. Along with this, RFID devices are resource-constrained, thus security and privacy are a major concern and also IoV is a real-time sensitive network where security is of utmost importance. Keeping in mind the security perspective, the concept of Elliptic-Curve Cryptography (ECC) is taken into consideration. So, in this paper, we have proposed a Cryptographic solution-based secure ECC-enabled RFID mutual authentication protocol for IoV. The proposed protocol is comprised of three phases: Setup Phase, Tag Authentication Phase, and Server Authentication Phase. Security evaluation of the proposed protocol is performed by taking into consideration the analysis of security requirements as well as security attacks. Also, the simulation of the proposed protocol is done using the AVISPA tool and the results indicate that the proposed protocol is safe against various malevolent attacks. Performance evaluation of the proposed protocol is computed based on parameters i.e. storage requirements, communication cost, and computational cost. Results indicate that the proposed protocol contributes to high performance and security and has low computational cost than other existing authentication protocols. A novel Blockchain-based security framework for RFID-enabled IoV has also been proposed to further enhance the security of the IoV network.


I. INTRODUCTION
The concept of the Internet of Vehicles (IoV) has boosted the automotive industry due to the incorporation of smartness by merging the technologies like IoT (Internet of Things) and VANETs (Vehicular-Ad-hoc Network) [6]. It has led to the vision of smart transportation and smart cities as it gives beforehand information regarding any casualties like traffic accidents or other life-threatening scenarios. Due to this, cities will be properly organized so the quality of life will be improved and casualties will also be minimized [7].
One of the core technologies of IoV is RFID technology as it ensures road safety and efficient traffic management which is the main objective of IoV networks. RFID is a widely adopted technology in IoV networks due to a plethora of applications [8]: i. Automatic toll collection. ii.
Numerous vehicles moving at high speeds are identified. iii.
Tracking the location of the vehicle. iv.
Intelligent parking system. v.
Distant vehicle identification. vi.
Traffic-flow monitoring vii.
Data dissemination between vehicles. RFID is an automatic identification technology that relies on wireless communication using radio waves for data transmission [9,10]. An RFID system is composed of three primary components [11,12] as shown in Fig.1. They are mentioned below: i. Tags: It consists of a small microchip with limited data storage and limited logic functionalities. RFID tags are fixed on objects to verify the uniqueness of an object. ii.
Readers: RFID readers transmit a radio signal to interrogate the tag. iii.
Electronic database (Server): Databases stores tag related information Tags are further classified into two categories based on powering techniques [13].
Active Tags: Such tags have their transmitter and power source. Active tags are large, expensive and have a longer read range, and thus are suitable for tracking of large-objects.
Passive Tags: The electromagnetic energy sent from the RFID reader powers these tags, and have no internal power source. These tags have a shorter read range, small in size, less expensive, and more flexible than active tags. So, passive tags are suitable for low-cost items.
As RFID technology relies on wireless communication, so it is vulnerable to various security threats. Compromising the security of RFID impacts the security of the IoV system which may lead to hazardous results. IoV is a real-time dynamic network in which security and privacy are a major concern, so RFID based IoV system must be secure from all security attacks. Various authentication schemes are suggested by researchers to secure the RFID-based systems but all have limitations as some focus on preventing the security attacks while few focus on computational resources of RFID tags.

A. MOTIVATION
RFID devices are resource-constrained thus, it is essential to maintain a paradox between security and efficiency in the design of authentication protocol for RFID-based vehicular systems. RFID tags have less computational power and low memory due to limited logic gates. Therefore, few factors are required to be considered in the design of RFID-based authentication protocol for IoV: Authentication cost must be taken into consideration for practical implementation, Number of logic gates determines the Tag's computing overhead where tag have 5000-1000 logic gates of which only 2000-3000 can be used for encryption and decryption [14].
So, RFID authentication schemes for IoV networks should be able to authenticate fast while also protecting the privacy of users.
Keeping in view the above factors, we have employed the concept of Elliptic-Curve Cryptography (ECC) which is a popular light-weight public-key cryptographic algorithm due to its smaller key size and offers high security which is perfect for resource-constrained devices. In this paper, we have designed a cryptographic-based secure ECC-enabled RFID authentication protocol for the Internet of Vehicles which offers strong security.

B. MAIN CONTRIBUTIONS OF THIS ARTICLE
The main contributions of this article are mentioned below: 1) In this paper, the applicability of RFID technology in IoV is explored to enhance its performance. 2) Proposed a Cryptographic-solution-based secure ECCenabled RFID authentication protocol for Internet of Vehicles. 3) Security analysis of the proposed protocol is evaluated based on security requirements and its ability to mitigate the security attacks in the IoV system. 4) Formal verification of proposed is done using simulation software: AVISPA 5) Performance analysis of the proposed protocol is done based on parameters i.e. security requirements, communication cost, and computational cost and results indicate that our proposed protocol is better thus provides strong security and enhances the effectiveness of IoV networks. 6) Proposed a Blockchain-based novel security framework for RFID-enabled IoV.

C. PAPER ORGANIZATION
The workflow of the whole paper is as follows: Section II discusses the related work in which existing authentication protocols are discussed. Section III elaborates the background of ECC and its important functionalities where all the basic features of ECC are discussed. Section IV explains the proposed cryptographic-solution-based ECC-enabled secure RFID authentication protocol for the Internet of Vehicles. Section V mentions the security evaluation of the proposed protocol in which analysis of different security requirements and security attacks are done. Section VI is the simulation analysis of the proposed protocol using AVISPA which indicates that the protocol is safe using different backends. Section VII discusses the performance analysis of the proposed protocol in terms of three parameters-Storage Requirements, Communication Cost, and Computational Cost and results are compared with the existing 4 authentication protocols. Section VIII proposes a Blockchain-based novel security framework for RFID-enabled IoV. Section IX is the conclusion section which summarizes the whole paper.

II. RELATED WORK
RFID devices are resource-constrained as they have low memory and low computational power due to limited logic gates and thus the security and privacy are a major concern [9].
Numerous RFID authentication protocols are suggested by researchers keeping in view the computational and operational cost of tags.
Authors in [15] have classified the RFID authentication protocols into 4 major classifications based on the operational and computational cost of tags: Class-I: It is also known as 'full-fledged class'. This category relies on Classical cryptography-based techniques, Cryptographic One-way function, etc. It has a large computational overhead.
Class-II: This category of the class is also known as 'Simple'. It supports Random number generation and Hashfunctions etc.
Class-III: It is also known as 'lightweight'. This category of class supports simple operations like checksum, pseudorandom number generation, etc. It doesn't support hash functions.
Class-IV: This category is also known as 'ultralightweight'. It relies on simple bit-wise operations like OR, AND, XOR, rotation, permutation, etc. on tags. It has the lowest overhead in terms of computation and storage. This category of authentication protocol requires only 300 logic gates for implementation so these schemes are quite efficient.
Minimalist Cryptography-based authentication protocol is proposed by authors in [16] for low-cost RFID tags. It is independent of traditional cryptographic primitives. It uses the concept of multiple pseudonyms and relies on the rotation of a tag for authentication. It also takes into account one-time pads across multiple tag-verifier sessions to retain the secrecy.
Authors in [17] proposed an authentication protocol for lowcost RFID tags known as LMAP. Tag identification, Mutual Authentication, Index Pseudonym Updating, and Key Updating are the different steps of the proposed protocol. It relies on lightweight operations i.e. Addition mod 2 m (+), Bitwise AND (/\). Bitwise XOR ( ) and Bitwise OR (\/). It takes into account the concept of index pseudonyms. It ensures Mutual Authentication, Data Integrity, Data Confidentiality, Tag Anonymity, and security against various security attacks like replay attacks, man-in-the-middle attacks, etc. But the proposed LMAP protocol is prone to full-disclosure attacks and desynchronization attacks.
Authors in [18] proposed a hash-based RFID Authentication protocol. It ensures security against various attacks like replay attacks, impersonation, and eavesdropping, etc. It is suitable for scenarios where the computational load is heavy and the number of tags is large. Authors in [19] have done the cryptanalysis of the paper proposed by authors in [18] and claim that the proposed protocol is prone to untraceability attacks and tag information leakage.
Low-Cost Location Privacy Authentication protocol for RFID is proposed by authors in [20] to achieve high efficiency with minimal cost. It consists of 3 phases-Initialization Phase, Authentication Phase, and Updation Phase. It uses a hash function that is embedded in the tag and the same hash function is also used on the server-side. It ensures that the proposed scheme is feasible, resists replay attacks, and achieves forward secrecy.
A mutual authentication protocol for RFID is designed by authors in [21] to enhance the security of RFID. The initialization Phase and Authentication Phase are the two phases of the proposed protocol. It relies on the concept of Pseudo-random numbers and Cyclic-Redundancy Check (CRC). It ensures forwards secrecy, anonymity, privacy and also resists DoS attacks. Authors in [22] have done the cryptanalysis of the authentication protocol proposed by authors in [21]. They have pointed that the proposed protocol has various security failures i.e. prone to identity impersonation attacks (both tag and backend database), autodesynchronization attacks, non-forward security tracking, and failed unequivocal identification.
Authentication and Privacy are the core requirements in RFID security and among all the authentication protocols, ECC-based RFID authentication protocols are assumed to be more suitable because ECC provides high security even with smaller key size and perform efficient computations. Few prominent ECC-based RFID authentication protocols are discussed below: A secure ECC-based RFID authentication protocol is proposed by authors in [3] in which ID-verifier transfer protocol is also integrated. The setup Phase and Authentication Phase are the two phases in the proposed protocol. It satisfies all the security goals like Mutual authentication, Anonymity, Forward security, etc., and resists various security attacks like Cloning attacks, Replay attacks, DoS attacks, etc. Although, the proposed scheme is prone to impersonation attacks.
Authors in [4] designed a lightweight ECC-based RFID authentication protocol to overcome the limitations in the existing schemes. It makes use of simple and lightweight operations like Addition mod 2 m , Elliptic Scalar Multiplication, and Bitwise XOR, etc. It shows all strong security properties and its performance is measured based on parameters i.e. Storage Cost, Computational Cost, Communication Cost. Results indicate that the proposed scheme is quite suitable for practical applications. However, it is vulnerable to active tracking attacks.
A new ECC-based RFID authentication protocol for E-Health systems is proposed by authors in [2] to enhance their computational performance. Authentication and Setup are the two phases of the proposed protocol. Hash operation, Bitwise XOR, Elliptic Scalar Multiplication, Addition mod 2 m, etc. are the prominently used lightweight operations used in the proposed protocol. The proposed protocol satisfies all security requirements and is secure against all security threats. Results indicate that it outperforms the existing protocols in terms of less computational cost, less communication cost, and less storage cost.
Efficient and Lightweight ECC-based Authentication protocol for RFID systems is designed by authors in [23]. It is classified into 3 phases-Initial Setup Phase, Server Authentication Phase, and Tag Authentication Phase. The protocol's main distinguishing feature is that it is entirely dependent on ECC operations, with only two message exchanges between the tag and the reader. The results show that the technique is feasible enough to be deployed in RFIDenabled scenarios to enhance safety and reliability. Authors in [24] designed a secure ECC-based RFID mutual authentication protocol to eliminate the current RFID vulnerabilities. The initialization Phase and Authentication Phase are the two main stages in the proposed protocol. It relies on the two core concepts of the ECC algorithm-ECDLP (Elliptic Curve Discrete Logarithmic Problem) and ECFP (Elliptic Curve Factorization Problem). A temporary secret key is used to encrypt the transmitted messages and is generated using Elliptic-Curve Diffie Hellman (ECDH) agreement protocol. The proposed protocol relies on less number of operations and results indicate that it outperforms in terms of time complexity as compared to other similar protocols and also provides strong security properties.
RFID authentication protocol based on ECC is presented by authors in [5]. The proposed protocol consists of 3 phases-Set up Phase, Authentication Phase, and Updation Phase. It includes simple lightweight operations like Bitwise XOR, Elliptic Scalar Multiplications. It satisfies all the security requirements and resists different security attacks. Also, the results indicate that the proposed protocol outperforms the other existing protocols as it has a higher security level and less computational overhead.

III. BACKGROUND OF ELLIPTIC CURVE RYPTOGRAPHY (ECC) AND ITS IMPORTANT FUNCTIONALITIES
Our proposed protocol relies on the concepts of ECC. So, in this section, ECC is discussed in brief regarding its security features and other functionalities.
Elliptic Curve Cryptography was introduced in 1985 by Neal Koblitz and Victor S. Miller [25]. ECC is an asymmetric key cryptosystem based on the concept of elliptic curves.
A set of points that satisfy a specific mathematical equation is known as an elliptic curve, and it is represented by the generic equation given below [26]: (1) where a and b are constants.
• Trapdoor Function-Each public-key cryptographic algorithm has its trapdoor function. A trapdoor function is a one-way function that difficult to compute in the reverse direction and is simple to compute in one direction.
• Elliptic-Curve Discrete Logarithmic Problem (ECDLP): It is one of the hard problems in the foundation of ECC. Let Ep (a,b) is an Elliptic curve. And consider the equation Q = kP where P, Q are the two points that lie on the Elliptic curve and k<n. ECDLP illustrates that if k and P are known, then it is easy to compute the value of Q. But if the values of Q and P are known, then it's extremely difficult to calculate the value of k [24]. It is a one-way function i.e. Trapdoor function of ECC.
• Elliptic Scalar Multiplication: New point on the curve can be computed by multiplying a point on the curve by a number. If P is a point on the elliptic curve then the value of another point, Q can be computed by Q kP = =P+P+……P (k times).

A. UNIQUE FEATURES OF the ECC
The unique features of ECC that make it different from other public cryptosystems are mentioned below: 1) The most distinguishing feature of ECC is that it provides the same security with a 160-bit key as the RSA algorithm provides with a 1024-bit key size. Table 1 shows the comparison of key sizes of RSA and ECC with equivalent security [27].
2) It is the most popular algorithm among public key cryptosystems due to the creation of smaller, faster, and efficient cryptographic keys [28].
3) ECC is highly suited to devices with limited resources, like mobile phones, RFID devices, and cryptocurrencies, etc. due to its small key size. 4) ECC offers a better tradeoff-High security with short and fast keys. 5) Due to its lightweight nature, ECC is widely used in various applications. E.g., Bitcoin uses ECC, For safe web browsing via SSL/TLS, this is the preferred form of authentication.

SECURE ECC -ENABLED RFID MUTUAL AUTHENTICATION PROTOCOL FOR INTERNET OF VEHICLES (IoV)
In this section, the proposed ECC-based RFID mutual authentication protocol for IoV is discussed. RFID technology plays a key role in the IoV environment as it ensures road safety and efficient traffic management due to numerous applications i.e., automatic toll collection, identification of high-speed movement of multiple vehicles, tracking the location of vehicle, intelligent parking system, etc. [8]. Due to these applications, RFID based authentication protocol for IoV is proposed to enhance the efficiency and overall performance of IoV networks.
RFID systems consist of three entities-Readers, Tags, and Servers where the reader acts as an intermediate agent for Table 1.Comparison of Key Sizes of ECC and RSA [27] information exchange between server and tag. So, the proposed protocol takes into consideration only two entities i.e., Servers and Tags for the implementation purpose. The communication between Server and Reader is assumed to be secure while communication between Tag and Reader is assumed to be insecure.

A. DIFFERENT PHASES OF THE PROPOSED PROTOCOL
Proposed protocol consists of three phases: 1) Phase-1: Set up Phase 2) Phase 2: Tag Authentication Phase

3) Phase 3: Server Authentication Phase
The proposed protocol relies on the basic concepts of ECC for a public and private key-pair generation. Simple lightweight operations of ECC i.e., ECC scalar multiplication, point addition, hash operation are used in the proposed protocol. The different notations used in the proposed protocol are mentioned in Table 2.

1) PHASE-I: SET UP PHASE
It is one of the important phases of the proposed protocol. Following are the different steps involved in this phase:  Table 2.
Step 2: Along with this, public-private key pair calculation is also done in this phase using ECC-based operations. The server chooses a random number At the end of this phase, Server and Tag are equipped with the following entities: Server: • Elliptic curve parameters -(G, a, b, n, q) • Its Private-Public key pair-(PrS , PS) • Public and Private-key of Tag-(PrT , PT). RFID Tag: • Elliptic curve parameters -(G, a, b, n, q) • Its Private-Public key pair -(PrT , PT) • Public-key of Server-(PS)

2) PHASE-II: TAG AUTHENTICATION PHASE
This is the most crucial step in the mutual authentication of Tag and Server. During this phase, the Server authenticates the Tag, and if the tag seems to be legitimate then, only the data communication is continued otherwise the connection is terminated.
Different steps involved in the Tag Authentication Phase are elaborated below and is shown in Fig. 2.
• Step-1: A random number is generated by the server, * 1 n sZ  and then it computes S1 using ECC scalar multiplication of s1 and G, thus 1 1 .

T t G =
(3) • Step-4: After this, Tag computes its two secret keys i.e. TP1 and TP2 using ECC scalar multiplication. Value of TP1 is calculated using scalar multiplication of its random value, t1 and S1 thus, TP1 = t1.S1 (4) and Value of TP2 is calculated using scalar multiplication of its random value, t1 and public-key of Server, PS thus, TP2 = t1 . PS.
Step-5: Finally the Tag computes the value of AT token which involves one-way Hash-function and Point Addition was authenticated in the last phase will now authenticate the Server as mutual authentication is a must before actual data operations i.e., 12 () Server generates random number t1 Tag generates random number.
• Step-6: Tag then sends the value of 1 { , } T AT to the server for authentication purpose.
• Step-7: In this step, Server performs different operations to authenticate the Tag. Initially, Server computes the value of SP1 and SP2 i.e., 21 .
S Pr SP T = . (8) • Step-8:Then, the Server uses these computed values to retrieve the Tag value PT using the following equation: Then, the server searches the computed value of in the database. If the same value is found, then the server confirms that the tag is legitimate. In case of successful tag authentication, the next phase will be continued by the server i.e., Server Authentication Phase otherwise the connection is terminated due to an illegitimate tag.
Algorithm 1 shows in detail the above steps of the Tag Authentication Phase.

3) PHASE-II: SERVER AUTHENTICATION PHASE
This phase of the proposed protocol proceeds after the Tag Authentication Phase. In this phase, the legitimate tag which was authenticated in the last phase will now authenticate the Server as mutual authentication is a must before actual data transmission takes place.
The steps of the Server-Authentication Phase are mentioned below and is shown in Fig. 3: • Step-1: In this step, the Server computes the value of AS token using a one-way hash function, ECC scalar multiplications, and Point addition operation. Thus, the value of 11 1 . ( ) .

T T S A H S Pr
Ts P = + + (10) • Step-2: Server sends the computed value of {} S A to the desired Tag.

V. SECURITY EVALUATION OF PROPOSED PROTOCOL
In this section, the security evaluation of the proposed protocol is discussed in two aspects-the ability to mitigate the security attacks in the IoV system and analysis of security requirements.
The strength of our proposed protocol is discussed in terms of these security requirements i.e., Mutual Authentication, Anonymity, Availability, Scalability, and Forward Secrecy.
Also, our proposed protocol resists the prominent security attacks that exists in the IoV and RFID system: Replay attack, DoS attack , Tag Masquerading Attack, Server Spoofing Attack and Cloning Attack.

A. ANALYSIS OF SECURITY REQUIREMENTS
Different security requirements satisfied by the proposed protocol is discussed in this section.
In order to sustain the security requirements, following are the few assumptions: i) All the random numbers generated by Tag and Server i.e. t1 and s1 are fresh in every session. ii) Server's private key, S Pr is unknown to except the Server. iii) Tag's private-public key pair i.e. (PrT , PT) are unknown to everyone except the Tag and Reader. iv) Server's public key i.e. S P and G being common tag.

MUTUAL AUTHENTICATION BETWEEN SERVER AND TAG
Mutual authentication between two entities is one of the important security requirements in authentication protocols.

1) ANONYMITY
Anonymity is also an important security requirement in authentication protocols as it ensures that identity is not revealed to everyone.
Our proposed protocol relies on the freshness of random numbers as in each run, pseudo-random numbers (t1, s1) are generated. Also, these random numbers are used in further calculations i.e. . So, different values will be generated in each run thus, it will prevent the attacker from predicting the Tag's identity. Thus, our proposed protocol ensures the protection against anonymous behavior of Tags and Server.

2) SCALABILITY
Scalability is a desirable property in all systems which enables the system to adapt to increasing demands. RFID authentication protocol should also be scalable with an increasing number of Tags. In Step-8 of our Tag Authentication Phase. The server extracts the value of PT from received AT and then searches the matched value in the database. So, the Server doesn't need to search the tag's identity linearly thus, it saves the computation cost while the number of tags increases.
Thus, our proposed protocol provides scalability with an increased number of tags.

3) AVAILABILITY
In our proposed protocol, based on Assumption (iii), the IDverifier of Tag i.e. PT is secure and the attacker can't access it Also, its value is the same in the exchanged messages and thus, the server and tag are constantly synchronized.
Thus, the proposed protocol ensures the availability of a property.

4) PERFECT FORWARD SECURITY
Forward Security ensures that previously transmitted information should not be traced using the present transmission information.
In our proposed protocol, if it is assumed that adversary (A) predicts the private-public key pair of Tag (PrT, PT) by physical attacks, still adversary cannot predict the further calculations as they are based on fresh temporary generated random values. So, the adversary can't predict the transmitted messages and can't use this information later.
Thus, our proposed protocol ensures perfect forward security.

B. ANALYSIS OF DIFFERENT SECURITY ATTACKS
IoV network is a real-time dynamic network comprised of Vehicles, RSUs, personal devices, etc. and it includes a huge amount of sensitive data. Security is one of the important concerns in such networks as these networks are delay tolerant and any misleading action can result in hazardous actions i.e. loss of lives. The main objective of IoV is to ensure road safety and traffic efficiency but nothing is ideal, several security attacks still exist in such networks.
So, in this paper, the proposed protocol is designed in such a way that it must mitigate the security attacks which are possible in IoV and RFID systems.
In this section, the efficacy of the proposed ECC-based RFID authentication protocol to prevent the security attacks in the IoV system is discussed:

1) PREVENTION AGAINST REPLAY ATTACK
A replay attack is an active attack in which a malicious user deliberately transmits the information repeatedly.
In our proposed protocol, suppose the adversary intercepts the intermediate tokens calculated in the both tag and server authentication phase i.e., 1 2 ()

2.
Step-3 Step-4 Check if If yes, Then Server is Legitimitate in each session as these two tokens are computed using random numbers ( 1 t , 1 s ). Thus, the proposed protocol resists the Replay attack.

2) PREVENTION AGAINST DENIAL-OF-SERVICE (DOS) ATTACK
DoS attack is an active attack in which the malicious user prevents the legitimate users from accessing the specific resources/service.
In our proposed protocol, Tag's ID-verifier PT is securely transmitted to the server and the attacker can't access it as mentioned in Assumption(i). Also, its value is the same and thus, the tag and server are constantly synchronized. Thus, the proposed protocol resists the DoS attack.

3) PREVENTION AGAINST TAG MASQUERADING ATTACK
A masquerading attack is an attack where an attacker pretends to be a legitimate user to access the resources for which he is not authorized.
In our proposed protocol, if an adversary tries to attempt the tag masquerading attack then it will masquerade the identity of the tag. So, in step 6 of the Tag authentication phase, where the tag sends {AT, T1}to the server for authentication then it has to generate the valid AT otherwise the server will not be able to authenticate it as it matches the entry with the database entry. But, the valid value of AT cannot be generated by the adversary as he doesn't know the value of Tag's verifier, PT. Thus, our proposed protocol resists the Tag Masquerading attack.

4) PREVENTION AGAINST SERVER SPOOFING ATTACK
The term 'Server Spoofing' refers to an attack in which an attacker pretends to be the server to take advantage.
In our proposed protocol, if the attacker masquerades as the server, then in step 1 of the Server Authentication phase, an attacker needs to generate a valid AS. But it is not possible for the attacker as the value of AS cant is generated without knowing the private-key of Tag which is known only to tag and a legitimate server. Thus, the proposed protocol resists the Server Spoofing attack.

5) PREVENTION AGAINST CLONING ATTACK
Cloning attacks are possible if a set of tags share the same secret key and utilize it for authentication.
In our proposed protocol, each tag has its unique private key (PrT) and ID-verifier (PT). In case, the attacker captures the unique keys of a particular tag, then it cannot use the same keys to derive the keys of other tags. Thus, our proposed protocol resists the cloning attack.

VI. SIMULATION OF PROPOSED PROTOCOL USING AVISPA: FORMAL ANALYSIS
For the formal verification of cryptographic protocols, the AVISPA tool is used which is widely used for the evaluation of security protocols [29]. This tool is used to check whether the cryptographic protocol is SAFE or UNSAFE from active and passive security attacks [30].
In AVISPA, protocols are specified using "High-level Protocol Specification language (HLPSL)". The HLPSL specification is converted to 'Intermediate Format' (IF) using the HLPSL2IF translator. IF is a lower-level language than HLPSL and is thus directly read by backends of AVISPA [31]. Verification of protocols is performed by four different backend tools i.e. OFMC, CLAtSe, SATMC, and TA4SP.IF uses one of these four backends to generate output format.
For formal analysis of our proposed protocol, we have simulated the proposed protocol on AVISPA where Tag Authentication Phase and Server Authentication Phase are implemented using HLPSL language. In our proposed protocol, entities used in HLPSL are-role_tag and role_server. Dolev-Yao intruder model is taken as baseline for performing the security analysis of protocol where channel (dy) is used.
Results in Fig. 4 and Fig. 5 indicates that proposed protocol is safe under two backends i.e. OFMC and CL-AtSe and clearly guarantees that the same scheme is secure against active and passive attacks.

VII. PERFORMANCE ANALYSIS
The efficiency of any authentication protocol is determined by its performance. In this section, we have evaluated the performance of the proposed ECC-based RFID authentication protocol for IoV in terms of 3 parameters i.e., Storage Requirements, Communication Cost, and Computational Cost.  [5].

A. ANALYSIS OF COMPUTATIONAL COST
Computational cost is computed by the elliptic curve's run time. For computing the Computational cost of authentication protocols, we have assumed the elliptic curve of 160 bit, and the running time of different operations computed on 5 MHz Tag and PC (Server) are shown in Table 3 as mentioned by authors in [32,33].
Also, the average running time for the basic arithmetic operations in GF (2 m ) where m=163 is computed in microseconds using LiDIA [34,35] as mentioned below: • Addition Operation-0.6 s • Multiplication Operation-10.5 s • Inversion Operation-96.2 s

1) COMPUTATIONAL COST OF TAG:
Based on average running times calculated by LiDIA, the following assumptions have been made for Tag: 'T': Running time required for Multiplication operation, Then, 'T/20': Running time required for Addition operation and Subtraction operation (For multiplication, value is 10.5 s and for addition, its value is 0.6 s which is approximately T/20 of multiplication operation) And Similarly, '9T': Running time required for Inversion operation. Also, the running time of the hash function as mentioned in Table 2 is very less so, it can be neglected while computing the Computational Cost.
The Computational cost of Tag in the proposed protocol is compared with the other 4 existing RFID-based ECCauthentication protocols and is mentioned in detail in Table 4.
The graphical representation of Comparative Analysis of Tag's Computational Cost is shown in Fig. 6.

2) COMPUTATIONAL COST OF SERVER:
Based on average running times calculated by LiDIA, the following assumptions have been made for the Server: T': Running time required for Multiplication operation in Server, Then, T'/20: Approximate Running time required for Addition operation (For multiplication, value is 10.5 s and for addition, its value is 0.6 s which is approximately T/20 of multiplication operation), T'/20: Approximate Running time required for Subtraction operation.
And Similarly, '9T': Running time required for Inversion operation.
The Computational cost of the Server in the proposed protocol is compared with the other 4 existing RFID-based ECC-authentication protocols and is mentioned in detail in Table 5.
The graphical representation of Comparative Analysis of Server's Computational Cost is shown in Fig. 7.

B. ANALYSIS OF COMMUNICATION COST
Each point on the elliptic curve is assumed to be 320 bits since the Elliptic curve length is 160 bits [4].

1) COMMUNICATION COST OF TAG:
In the proposed protocol, Tag sends the message {AT, T1} to the Server where T1 = t1.G and AT = PT + H(TP1) + TP2. So, the communication cost of Tag is 320 + 320 = 640 bits.

2) COMMUNICATION COST OF SERVER:
In the proposed protocol, the Server sends the message {S1} and {AS} to the Tag where  Table 6.

C. ANALYSIS OF STORAGE REQUIREMENTS
Storage Requirements indicate the amount of storage needed by Tag and Server in the Authentication phase for storing the required parameters.

2) STORAGE REQUIREMENT OF SERVER:
In the proposed protocol, Server stores the Elliptic curve  Table 7.

VIII. PROPOSED BLOCKCHAIN-BASED SECURITY FRAMEWORK FOR RFID-ENABLED IoV
Blockchain is one of the trending technology nowadays and has applications in different domains. Blockchain was initially introduced as an underlying technology for Bitcoin and other digital currencies [36,37]. It is a collection of blocks that contain transactions, records, and other information, and all of the blocks are connected to form a chain using cryptographic techniques [38,39]. The unique features of Blockchain are decentralization, immutability, transparency, and peer-to-peer communication [40,41].
In the majority of IoV application scenarios, Blockchain offers several innovative solutions. The integrity of blockchain into IoV improves security, privacy as well as enhances the overall system performance [42,43]. Apart from this, Blockchain is a lifesaver in situations when the participating entities lack trust [44]. Blockchain performs effectively in IoV networks where critical information exchange takes place among vehicles all the time and vehicles lack trust among each other. Unlike centralized functioning, blockchain technology distributes the task of ensuring privacy and security among all entities in the IoV [45,46].

A. MOTIVATION OF PROPOSING BLOCKCHAIN BASED SECURITY FRAMEWORK FOR RFID-ENABLED IoV NETWORK
Blockchain due to its vast secure usability in different research areas and networks can also be applied to the RFIDbased IoV for further enhancement of the IoV security which is very much required because IoV is directly associated with the lives of the people. The Proposed Blockchain-Based Security Framework when used along with the ECC-based RFID system will considerably enhance the security as well as the integrity of the whole IoV network.
RFID technologies are not just limited to toll collections. It is also being used in various other application areas of IoV such as remote patient health monitoring, parking management, etc. So, the integration of secure ECC-based RFID technology along with the blockchain will strengthen the overall network. RFID technology ensures road safety and efficient traffic management due to numerous applications in IoV i.e. automatic toll collection, identification of high-speed movement of multiple vehicles, tracking the location of vehicle, intelligent parking system, etc.
If we consider the scenario of RFID-based Automatic toll collection, Blockchain will enhance the user experience as the  [4] 1600 bits (1440+320x)bits (3040+320x)bits Dinarvand.et.al's protocol [5] 1760 bits (1440+800x)bits (3200+800x)bits Proposed protocol 1600 bits (1440+320x) bits (3040+320x)bits user details are stored in a particular server where details regarding money deduction on crossing the toll or the time of toll crossing, etc. are stored. So this critical information can be hacked by a malicious user but the incorporation of blockchain in RFID enabled IoV will prevent data tempering due to immutability and decentralization. Similarly, RFID technology felicitates the intelligent parking system and tracking the location of a vehicle in IoV scenarios, but if the location of the vehicle and parking information regarding vacant parking slots, etc. is compromised by a malicious user, it can result in hazardous actions. So, blockchain is a lifesaver in such scenarios where blockchain will preserve the critical information of the IoV network due to its unique features.
Thus, the integration of Blockchain technology in the RFIDenabled IoV network will add to the strength of the network. This is the main reason for also proposing a blockchain-based security framework in this article along with the ECC-based authentication.

B. PROPOSED BLOCKCHAIN-BASED SECURITY FRAMEWORK FOR IoV
Keeping in the mind the above considerations, a Blockchainbased security framework for IoV is proposed. a) Set up Phase: In the Setup Phase, all the public and private key pairs are generated based on ECC operations and are stored in the Cloud Server. It is assumed that the server is secure from all attacks and thus, all stored information will be properly secured. b) Registration Phase: In this phase, all the vehicles will register themselves with the nearest RSU using their unique ID-verifier and RSU will register itself with the Server.

c) Critical Event Detection Phase and Authentication
Phase: In this phase, whenever any vehicle notices some critical event then it transmits the critical message to the nearest RSU. In our proposed protocol, the critical message consists of information like event type, location, trust level (TL), the ID of the sender vehicle. Trust level is computed as the fraction of valid critical messages 'a' sent by vehicle to the total critical messages a+b, i.e., TL= a/a+b (12) On receiving the critical message, RSU verifies the authenticity of the sender vehicle and critical message by calculating the trust level of the sender vehicle and forwards the received message to the server. The server then checks its database and based on that, it sends an acknowledgment to RSU. d) Block Creation and Validation: Once the critical message is verified to be a true message then RSU creates a new block and forwards it to other RSUs. Other RSUs on receiving the block perform necessary verification and adds a new block to the blockchainbased on Proof of Authentication (PoAh) as a consensus mechanism which is suitable for resource-constrained applications like IoV and IoT [47][48][49]. Also, the trust level of vehicles in the block header is updated by 1 when a new block is added to the blockchain. The proposed Blockchain-based method seems to be quite secure due to the below reasons: • Each block is based on the hash value of the previous block, so it's very unrealistic that any malicious vehicle will insert the fake block as it requires a lot of computational power to change the hash of succeeding blocks.
• As the size of the IoV network increases, blockchain becomes more difficult to be compromised by malicious vehicles.

A. EVALUATION OF PROPOSED BLOCKCHAIN-BASED SCHEME IN TERMS OF STORAGE AND MESSAGE OVERHEAD:
In this section, the storage and message overhead of the proposed blockchain-based scheme is evaluated. The size of the block header is about 80 bytes and the size of the critical message will be about 512 bytes. So, the total size of one block with a single transaction will be (512+80) =592 bytes. In our proposed scheme, to prevent the attacks, it is assumed that each block is generated in 80 sec. Based on this, the total number of blocks that would be generated per hour is 45. Also, the Size of Blockchain is calculated by the mathematical formula: Blockchain size = **  Table 8.
The complete workflow of the proposed blockchain-based security framework for RFID-enabled IoV is illustrated in Fig.  8.

IX. CONCLUSION AND FUTURE SCOPE
Internet of Vehicles (IoV) have revolutionized transportation systems and have gained huge market interest due to the incorporation of emerging technologies like RFID technology, Edge Computing, Fog Computing, and Cloud Computing, etc. RFID technology is one of the prominent technologies of IoV which is based on wireless communication for data exchange. RFID has numerous applications in IoV networks like automatic toll collection, data dissemination among vehicles, distant vehicle identification, etc. which can greatly enhance the performance and effectiveness of IoV networks. Along with this, RFID devices are prone to numerous security threats which will, in turn, hamper the performance of the IoV network as it is a real-time dynamic network. Keeping in view the above scenarios, a Cryptographic solution-based secure ECC-enabled RFID authentication protocol is proposed for the Internet of Vehicles. The proposed protocol consists of ECC-based lightweight operations and is comprised of three phases: Setup Phase, Tag Authentication Phase, and Server Authentication Phase. Security evaluation of the proposed protocol is done by taking into consideration the analysis of security requirements as well as security attacks. The proposed protocol satisfies various security requirements like Mutual Authentication, Availability, Anonymity, etc. and it also prevents different security attacks like DoS attacks, Replays attacks, Cloning Attacks, etc. Also, the simulation of the proposed protocol is done using AVISPA, and results are shown using backends OFMC and Cl-AtSe and both backends indicate that the proposed protocol is safe and is secure from all passive and active attacks. The performance evaluation of the proposed protocol is done based on parameters i.e. security requirements, communication cost, and computational cost and Results indicate that the proposed protocol contributes to high performance and security and has low computational cost than other existing authentication protocols.
A novel blockchain-based security framework for RFIDenabled IoV has also been proposed to further enhance the security of the IoV network. Also, the estimated growth of the proposed blockchain with different transactions per time is computed. As future work, the implementation of the proposed blockchain-based security framework may be done and the performance of the blockchain-based framework may be evaluated.