Cross-Domain Self-Authentication Based Consortium Blockchain for Autonomous Valet Parking System

This paper proposed a cross-domain self-authentication scheme to address the “information isolated island” problem of users’ identities storage in servers and the “redundant registration problem” of users’ identities for Autonomous Valet Parking (AVP). This scheme adopts a decentralized anonymous authentication method to relieve the authentication center’s service load. Users are segregated into two categories to increase authentication efficiency: inexperienced and regular users. For the former, the paper explores a self-authentication mechanism based on verification parameters. Then, its valid personal information, pseudonym and public key, were stored in a consortium blockchain (PseIDChain) as the transaction records so that they can be securely shared among servers located in different domains. For the latter (regular users), an efficient authentication mechanism, searching users’ personal information on PseIDChain by the smart contract, was proposed. Security proof and simulation results show that the designed scheme has superior security to the existing schemes. Its authentication efficiency is 80.29% and 50.45% higher than the traditional anonymous and batch authentication schemes.


I. INTRODUCTION
Two significant challenges associated with parking spaces are ''parking difficulty'' and ''difficult to park''. The first challenge refers to cases where few parking spots are available, while the other refers to narrow parking spaces in congested areas. They are already crucial problems in crowded places such as shopping malls, hospitals, and the city centres, which causes conflicts, especially during peak hours [1], [2], [3]. As a result, looking for an available parking spot takes more time and effort for drivers, increasing the likelihood of collisions in narrow parking spaces [4], [5]. Automated Valet The associate editor coordinating the review of this manuscript and approving it for publication was Razi Iqbal .
Parking (AVP) has evolved and been developing rapidly to address these problems.
AVP is a driverless system in the field of autonomous parking that locates a free space in the parking garage and parks the car in an unmanned manner using various connected communication technologies [6]. As illustrated in Fig. 1, AVP enables drivers and passengers to leave their vehicles at the drop-off area (e.g., workplace, shopping mall, park, shown in red) with a command ordered to the AVP system for parking the vehicle at nearby parking lots. Drivers benefit from the Internet of Things (IoT) technology to set such commands to the AVP system via their mobile phones. AVP is equipped with a set of functions, including Short-and Longrange AVP functions (S-AVP and L-AVP) for driving in and parking at local (basement parking) or nearby parking lots (car park A or B) while satisfying feasible routes (shown by the purple or green dotted line in Fig. 1). The entire process is autonomously done with intelligent tools, intending to achieve safer and more efficient parking capability and further improve users' last-mile driving experience. Additionally, the application of AVP could increase parking resource utilization, save parking time, and decrease energy consumption. Considering all such advantages, the AVP has been the best-recognized automated parking solution to date [7], [8], [9], [10], [11], [12], [13].
Recently, major players in the automotive industry put efforts into formulating AVP standards, e.g., intelligent transport systems -Automated Valet Parking Systems (AVPS) (ISO 23374-1) [14] and General technical requirements of automated valet parking systems (T/CSAE 156-2020) [12]. There is now a broad range of well-known companies (e.g., Bosch, BMW, Baidu, etc.) proceeding to promote the commercialization of AVP supported internationally by governments and organizations, including, but not limited to, the International Organization for Standardization (ISO), German's Verband der Automobilindustrie (VDA), and China Industry Innovation Alliance for the Intelligent and Connected Vehicles. In addition, two AVP demonstration areas have been built in Beijing, China, serving as AVP verification sites.
In common with the IoT-based system, the downside of AVP is that it suffers from various security and privacy threats, especially concerning storing and processing of users' sensitive information [15]. The threats are broad and include users' locations and identity information in parking space reservations, vehicle parking and recalling, authentication between the local server and the customer, intelligent payment, and data storage and process, see Fig. 2. The main elements are the authentication and the privacy protection of users' locations and identities. First of all, authentication is necessary for all entities in each query (e.g., reserve a vacant parking spot, recall clients' parked vehicle, etc.) to ensure only legitimate ones enjoy AVP services and guarantee service suppliers' benefits (e.g., charge parking fee) [2], [15]. Next, unlike the traditional parking system, AVP requires drivers to submit their vehicles' real-time locations accurately, which is used for vehicle parking navigation [1]. Therefore, the lack of an efficient security scheme leads to AVP being exposed to various cyber-attacks such as eavesdropping attacks, identity fraud attacks, and so on. Finally, local servers store members' privacy information, including their identities, home addresses, places of work, daily travel habits (e.g., time, travel routes, parking preference), and so on. It is straightforward for an unauthorized server or adversary to infer unprotected sensitive data [16]. As a result, the performance of the AVP system will be compromised if such critical issues remain uncared, leading to safety issues for vehicles exposing dangers to drivers and passengers.
Most of AVP's existing works have been mainly directed to constructing functional requirements involving critical technologies in engineering. It includes multi-domain engineering practices e.g., system model [17], [18], [19], [20], parking path planning and tracking [21], [22], vehicle control [23], indoor positioning [24]. On the other hand, the security and privacy issues have been left with less attention until recent years [1], [6], [15]. Industrial trends in advancing the privacy and security of AVP's users, in general, are to employ electronic signature, zero-knowledge, and one-time keys to handle the private leakage problem in the process of AVP's intelligent payment, vehicle recall, and parking space reservation respectively [2], [6], [10], [15]. Moreover, the work presented in [1] demonstrates a privacy-preserving smart parking navigation scheme for protecting privacy in parking spot queries and retrieving the encrypted navigation results from Road-Side Units (RSU). Alqazzaz et al. [25] propose a secure and privacy-preserving framework for smart parking systems ensuring the security of real-time information by the Elliptic Curve Cryptography (ECC) and a secured communication channel. These schemes considered an AVP system in one parking lot and did not pay enough attention to the secure storage and sharing problem of AVP users' privacy information. Specifically, users' identities are independently stored in local servers (e.g., the terminal of different shopping malls), and service providers are not pleased to share them due to the differences in parking charge systems and their business profits. Such the mutually independent storage way makes each system to be an ''information island'' so that resources cannot be shared across domains. Therefore, users' information will not be shared with other parking suppliers [26]. These limitations cause customers to repeatedly submit their identities for registering with various suppliers while using the same AVP service, which is an additionally annoying task. It is known as the redundant identity registration problem, a common phenomenon in our daily life. Thus, resolving the ''information island'' problem and the ''redundant identity registration'' problem are the key points this paper intends to address.
Generally, the cross-domain data sharing mechanism is recommended to address the two problems mentioned earlier.
In this approach, the key points are the unified management of users' sensitive information and methods for dealing with VOLUME 10, 2022 different servers verifying the legitimacy of users' identities [26]. Moreover, existing AVP systems have a centralized architecture traditionally adopted. Such an AVP system will suffer from a considerable response time when the number of service requests reaches a certain level. Meanwhile, the service center is usually heavily burdened when demand increases. So it is unsuitable for AVP with many users.
This paper proposes a cross-domain self-authentication scheme based consortium blockchain for AVP to address the following problems: 1) Information isolated island problem of users' identities storage in servers; 2) Redundant registration problem of users' identities; 3) Privacy leakage problem during the process of users' authentication; 4) Low efficiency of authentication for centralized architecture.
The main contribution of this paper is outlined as follows.
1) Develop a secure and decentralized model for AVP by exploiting pseudonym-based anonymity technique and edge computing to solve the problem of users' privacy leakage problem while satisfying real-time requirements. 2) Deploy the vehicle-anonymous-based consortium blockchain (PseIDChain) to realize the sharing of the user's identity information among cross-domain servers. It facilitates building smart contracts for registration, management, and cross-domain efficient authentication for users' identities. 3) Evaluate the proposed scheme extensively from security and efficiency aspects. Experimental results illustrate the superiority and the effectiveness of the proposed scheme.
The remainder of this paper is organized as follows. Section II reviews the relevant works within the context of AVP. Section III formalizes the AVP architecture, attack model, and design goal. Then Section IV presents our cross-domain self-authentication scheme, followed by secu-rity analysis in Section V and performance evaluation in Section VI.

II. RELATED WORK
This section analyzes the closest works for the information security of AVP.
Alqazzaz et al. [25] proposed a secure and privacypreserving framework for smart parking systems based on the publish/subscribe messaging model, which provides various services to the user, including real-time parking information dissemination, car park navigation, and parking reservation, and employed ECC algorithm to guarantee the confidentiality of users' privacy. However, the broker (the heart of this framework) is the only entity to verify users' identities. Moreover, users' certifications issued by the trusted authority do not update, which means any attackers can impersonate legitimate users to enjoy services. Besides the study of AVP frameworks, researchers make much effort into the security of specific phases, including parking space reservation, vehicle recall, and navigation. Firstly, the reserved parking space is an essential factor of AVP systems. Pseudonym-based reservations can protect users' identity privacy, but it is easy for a malicious user to launch multiple reservation attacks. To handle this issue, a privacy-preserving reservation scheme for securing AVP system was reported in [15]. This scheme resisted the ''double-reservation attack'' by zero-knowledge proofs and proxy signatures. Based on this, an improved scheme, the secure and privacy-aware framework of the parking reservation scheme [6], was designed. It added the differential privacy scheme and the deep reinforcement learning algorithm to prevent multiple reservation attacks and enhance the reservation rate. Secondly, AVP requires users to remotely start engines which significantly increases the risks of vehicle theft [10]. Ni et al. [10] designed a two-factor authentication between vehicles and smartphones based on one-time passwords, ensuring vehicle security in the remote pickup. NI's research group also explored location privacy protection problems during vehicles to vacant parking spaces in the destinations [1], [27]. A cloud-based privacy-preserving parking navigation system proposed in [1] utilized the anonymous credential to protect the location privacy of vehicles on finding accessible parking spots for vehicles. Its extended version [27] analyzed the navigation performance in detail. The comparison of these related works and this paper is shown in TABLE 1 and TABLE 2. As shown in TABLE 2, the closest works do not pay enough attention to the AVP's decentralized security architecture, self-authentication between local servers and users, and the storage and sharing of users' privacy information among multiple servers. These are the research focus this paper does. 1) TA (Fully trusted): TA is a trusted third party with extensive communication and computation capabilities that will not compromise with any entities. It is responsible for system initialization, the registration and management of system entities' identities (users, service providers, and local servers), smart contract deployment, and malicious vehicle revocation. In this paper, all local servers and users must be registered with their real identities to be legitimate ones. 2) AVPpro (Fully trusted): AVPpro is in charge of providing parking services to users, such as releasing parking space status, making parking space reservations, etc. The corresponding services are only available to AVP registered users. 3) Serv (Semi-trusted): Serv is the local server of the parking lots (provide AVP service from different providers), which can perceive the status of each parking spot by its deployed geomagnetic sensors and upload them to AVPpro in real-time. Based on that, users can reserve their favorite parking spots. 4) User (Untrusted): Each user has a phone to reserve parking spaces, issue parking and recall instructions to a paired Autonomous Vehicle (AV). AVs can communicate with Serv and phones by their equipped communication model (like On-Broad Units, OBU). They can store sensitive information (e.g., session keys, temporary anonymities, etc.) and parking-related information (e.g., high-precision maps, feasible routes to parking spaces, etc.).

III. PROBLEM FORMULATION A. AVP ARCHITECTURE
The flow of AVP implementation in this paper is as follows: 1) Registration: There are two phases to the registration process for this paper. First, it is indispensable for the AVP system's User and Serv to obtain system parameters (temporary anonymity, session key, ID, certificates, etc.) through the registration work using their real identities before the system implementation. Second, using the temporary anonymity to enjoy AVP service without revealing their personal information. 2) Publication of parking space status: Each parking space is equipped with a geomagnetic sensor and wireless communication unit that monitor and upload the status to AVPprov for publication. 3) Parking space reservation: User could use the phone (more specifically, an app) to preview the parking space's status of the target parking lot and book a favorite one. 4) Parking: User sends parking instructions and the location of a reserved parking space to its AV by the linked phone. Then, the AV will reach the target parking lot and authenticates with Serv. Finally, parking will be done based on the necessary information provided by Serv, like high-precision maps, feasible driving paths, and so on. 5) Recall: If User wishes to recall its vehicle, submit a recall request to the AVPprov and complete the payment of bills (e.g., parking fee, car washing fee, electricity charge, etc.). 6) Accountability: If a malicious event occurs in any processes from 1) to 5) (e.g., remote vehicle theft, users deliberately booking several parking spaces, etc.), TA will investigate and arbitrate.

B. ATTACK MODEL AND DESIGN GOAL
To execute an AVP service, the four components of the AVP system must communicate mutually (wired or wireless). Users who apply for AVP services, for example, require wireless connectivity with Serv to complete authentication and acquire a high-precision map. In this process, malevolent attackers try to steal users' legal identities by monitoring the network and launching counterfeit attacks [26]. Furthermore, AVPprov and Serv could employ data analysis to sniff users' location privacy, although they are fully trusted (honest and curious) in this paper. As a result, the AVP system is vulnerable to internal and external threats. This paper focuses on solving the information island problem of data storage in local servers, the users' redundant registration problem, and their privacy leakage problem during the authentication process. In this sense, we primarily analyze the types of network attacks exposed to entities throughout the authentication process rather than the physical attacks each entity faces.
1) Privacy attack: Attackers are endowed with the ability to analyze users' genuine identities. Daily whereabouts can be interpreted by eavesdropping on users' sensitive information or attacking the server database, such as users' home addresses, daily travel schedules, etc. These enable attackers to launch more precise privacy attacks furtherly. 2) Impersonation attack: Through the Sybil attack, the eavesdropping attacks, or the replay attacks, attackers or even malicious legitimate users premeditated to obtain several identities to establish a more convenient and comfortable driving environment for their benefit. They can also impersonate a legal member reserving one parking space to evade paying bills like parking fees, energy transaction bills, etc., and even remotely steal a target vehicle by the recall instruction. 3) Repudiation attack: AVP users try to evade legal responsibility by hiding their misconduct with their pseudonyms, which is unavoidable for an anonymous authentication scheme. A malicious user, for example, uses its anonymity to send a vehicle recall order but then claims that its vehicle was stolen and did not do that behavior and files a claim with AVPpro.
This research aims to develop a cross-domain and selfauthentication scheme for user identity in AVP, which can realize a secure and efficient authentication process between users and servers. Meanwhile, this scheme can tackle the redundant registration problem of users' identities and the information isolated island of local servers, as well as the users' privacy and location privacy leakage problem during the authentication process, thereby resisting the three attacks above consequently.

IV. PROPOSED SCHEME
This paper designed a pseudonym-based user anonymous authentication scheme to protect users' identity and location privacy. Even if an attacker can eavesdrop on the network information, it cannot analyze the real identity of users and cannot grasp a specific one's location privacy consequently. At the same time, the decentralized and secure sharing of user anonymized identity among servers can be realized by consortium blockchain. This method makes it impossible for honest but curious AVPpro and Srev, and malicious attackers who try to attack server databases to analyze and grasp users' private information. We designed a system model based on edge computing for AVP, as shown in Fig. 4, to allow Serv to monitor and publish all parking spots' status to users in real-time. Users can book, modify and even cancel their orders with minimal delay. The system, from top to bottom, is divided into three layers: cloud layer, edge layer, and terminal layer. The consortium blockchain is a specific blockchain that maintains a distributed shared database through nodes authorized by the system. Only more than half of the consortium members can reach a consensus to generate new blocks [28]. Compared with public and private chains, it benefits from a more negligible overhead and lower cost features which are better suited to the real-time requirement of AVP. Thus, we deployed PseIDChain at the edge layer to securely store temporary pseudonyms and public keys of users, addressing the secure sharing problem of users' privacy information as well as the ''information isolated island'' problem of different local servers in various car parks. Meanwhile, we also developed a smart contract named PseIDContract with four functions, adding function PseIDAdd, searching function PseIDSearch, deleting function PseIDDelete and an updating function PseIDUpdate to realize the users' identities management of PseIDChain.

B. PROPOSED CROSS-DOMAIN SELF-AUTHENTICATION SCHEME
The proposed cross-domain self-authentication scheme mainly includes three parts (see system flowchart Fig. 5): 1) system initialization, 2) decentralized authentication based on authentication parameters for ''Inexperienced Users'', and 3) cross-domain authentication based on consortium blockchain for ''Regular Users''. The details are as follows, and the symbols' definition is listed in TABLE 3.

1) SYSTEM INITIALIZATION
Before the system implementation, all entities (servers and users) must register with their real identities at TA to be legitimate and consequently obtain their own unique identities, key pairs, signatures, and certificates (see Fig. 6).

1) TA: TA generates its public and private key pairs
SK TA = x Serv , PK TA = SK TA G by the elliptic curve cryptography (ECC) (x TA is a random number, and x TA ∈ Z * q ). Then, it chooses two hash functions H : {0, 1} * → {G 1 , +} and h : {0, 1} * → Z * q , and publishes system parameters Para : (p, a, b, G, n, h.PK TA , h (·) , H (·) , ECC(·)). 2) Serv registration: with the help of TA, first, Serv downloads system parameters and obtains a unique identity ID Serv , private key SK Serv = x Serv (x Serv is a random number, and x Serv ∈ Z * q ), public key PK Srev = SK Serv G, Serv's location Loc Serv , certification Cert SK Serv (h (PK Srev , Loc Serv )) and authentication VOLUME 10, 2022  parameters for the first identification AP Serv and AP Serv (AP Serv = SK TA · AP Serv · G, AP Serv = h(ID Serv )). 3) User registration (Consistent with Serv's registration process): The User downloads system parameters and obtains a unique identity ID User , private key SK 1 User = x 1 User (x 1 User is a random number, and x 1 User ∈ Z * q ), public key PK 1 User = SK 1 User G, temporary identify PID 1 User = ID User SK 1 User · PK TA , and authentication parameters for the first identification AP User and AP User (AP User = SK TA · AP User · G, AP User = h(ID User ).

2) CROSS-DOMAIN SELF-AUTHENTICATION SCHEME
In order to improve the users' authentication efficiency, we divided users into two types, ''Inexperienced users'' (the user has never registered and enjoyed AVP services) and ''Regular Users'' (the user has enjoyed AVP services). For the former, we designed decentralized authentication based on authentication parameters. For the latter, we proposed crossdomain authentication based on the consortium blockchain. Both strategies employed the decentralized authentication architecture, decreasing the heavy burden of the authentication center and the considerable authentication delay of systems. It is worth emphasizing that users' identities used for authentication with servers, except for TA, are anonymous to protect users' privacy and identity privacy better. At the same time, users who have used the same pseudonym for a long time are more vulnerable to guessing attacks while enjoying AVP services in different geographical regions. Hence, users should replace their pseudonyms regularly.
As shown in Fig. 7, an inexperienced user must send the first request to a local server located in Domain 1 (the blue one) and pass the identification process when it would like to enjoy AVP service. This local server, then, will store its pseudonym and public key on PseIDChain and share them with other servers. If this user becomes a regular one and will enjoy AVP service again, local servers (the red one) only need to search its pseudonym and public key on PseIDChain to verify it. The details are as follows. Preparation 1) Information Distribution: The AVP service provider publishes the real-time status of each parking spot. Available parking space message is M i Serv , M i Serv = PK i Serv , Loc Serv , AvailPL, Cert Serv (h(PK i Serv , Loc Serv , AvailPL)).
2) Service selection: The user selects a target parking spot with their demand, and then he/her is authenticated with the local server of this parking spot to submit an AVP service request. The detail is that the User chooses a favorite parking lot based on the available parking space message M i Serv , and verify its validity by certification (Cert Serv ).
• Cross-domain self-authentication scheme for AVP:

The first request of ''inexperienced users'': decentralized authentication based on authentication parameters
The authentication steps of ''inexperienced users'' is shown in Fig. 8 )).

3) Serv: Serv verifies the validity and integrity of
FirstReq based on TS and HMAC (·). If successful, it encrypts FirstReq to obtain and store related parameters (Key, PK 1 User , PID 1 User ). Then, choose a random number α ∈ Z * q and compute X Serv = αG. Finally, send a message M 1 : (TS, E key (X Serv , Key · AP Serv , HMAC(TS, E key X Serv , Key · AP Serv , )) to User. 4) User: User computes X User = βG (β a random number, β ∈ Z * q ) and Y User (see formula 1). Then, it sends a message M 2 : (TS, E key (X User , Key · AP User , Y User , HMAC(TS, E key (X User , Key · AP User , Y User )) to Serv. 5) Serv: Serv computes Y Serv according to formula (2) and compare it with Y User , if they are equal, this user is a valid one (more specifically, the identity of this user is valid.) 6) User: User updates its public key and pseudonym, from

The request of ''regular users'': cross-domain authentication based on the consortium blockchain
The authentication steps of ''regular users'' is shown in Fig. 9 and the details are as follows.

1) User: Regular User sends the request (Req) to
Serv by their updated public key and pseudonym, Req = (TS, Ecc PK 2 User , PID 2 User , Sign PK 2 User ,  User exist on PseIDChain, that is, this user is a valid one and is approved to enjoy AVP service; otherwise, refuse it.

The management of users' pseudonyms on PseID-Chain:
The target server will save the user's public key and pseudonym [PK 1 User , PID 1 User ] as a transaction of PseIDChain, if this user is a valid one. Meanwhile, Serv regularly packages transactions to generate blocks and updates PseIDChain with other consortium members by the auditing mechanism. After completing one authentication, the user must update the public key and pseudonym to reaccess the AVP service and against the guessing attack. Following are the specifics: 1) User: User regenerates its temporary public key and pseudonym [PK 2 User , PID 2 User ] according to the related process described in Section IV. B, and sends update requests (Update), Update = (TS, Ecc(h((PK 1 User , PID 1 User , PK 2 User , PID 2 User )), Sign (·) , HMAC (·)). 2) Serv: Servupdates the record from [PK 1 User , PID 1 User ] to [PK 2 User , PID 2 User ] by PseIDSearch() and PseIDUpdate

V. SECURITY ANALYSIS
This subsection will analyze the security of the proposed approach from cross-domain authentication, anonymity, traceability of user identities, and data storage confidentiality. These can resist the privacy attacks, impersonation attacks, and repudiation attacks described in Section III. B. The paper then continues by comparing the proposed technique against existing solutions.

A. AUTHENTICATION
As previously stated, the cross-domain self-authentication scheme designed in this paper is divided into two parts: 1) decentralized authentication based on authentication parameters for inexperienced users; 2) cross-domain authentication based on consortium blockchain for regular users.
Decentralized authentication based on authentication parameters for inexperienced users: Authentication VOLUME 10, 2022 parameters [AP User , PK 1 User ] supplied by TA during the system initialization phase are used to authenticate users' identities.
• Theorem: Assuming H is a random oracle and meets both DL and CDH assumptions, the proposed scheme has IND-CCA2 authentication.
• Proof: Assuming that the adversary can compute a legitimate user's authentication parameters AP User by hash queries for q i (i = 1, 2) times, that is, the DL and CDH problems are computable.
• Query: First, the attacker interrogates the challenger about the target user's identity (ID User ). Then, compute y = h(ID User ) · G and return.
• Challenge: The attacker computes SK TA based on G and PK TA , h(ID User ) based on y, and AP User = SK TA · h(ID User )·G consequently. That is, G and PG are known, calculate P.
• Query: First, the attacker interrogates the challenger about the target user's identity (ID User ). Then, compute y = h(ID User ) · G and return.
• Challenge: The attacker computes AP User = SK TA · h(ID User ) · G based on G, PK TA = SK TA G and y = h(ID User ) · G. That is, G, PG, and QG are known, calculate P.

Cross-domain authentication based on consortium blockchain for regular users:
If the user is a regular one, Serv only needs to identify it by indexing the user's current public key and pseudonym [PK 1 User , PID 1 User ] on PseIDChain. (PseIDChain is a consortium blockchain, its security is recognized). Therefore, the adversary cannot determine the authentication parameters of the legitimate user because the chance of solving DL and CDH problem in polynomial time is negligible, hence the user's identity in this article is valid.

B. ANONYMITY AND TRACEABILITY
Users' sensitive information during their authentication process is a temporary pseudonym PID User , PID User = ID user ⊕ h(SK User · PK TA ). Since SK User and ID user are issued by TA and are held by themselves only. Besides, attackers cannot compute the user's private key (SK User ), despite public key (PK User = SK User G) is easy to grasp (DL Problem). Therefore, attackers and curious servers cannot grasp users' real identities, meaning the scheme has anonymity.
Besides, users must anonymize their real identities to protect their identity privacy and location privacy. Meanwhile, in disputes and culpability determination events, law enforcement agencies must be able to track down the real identity of the malicious user. That is, allowing the user to communicate anonymously and tracking the user's real identity if necessary. For example, a user recalls his/her vehicle by its pseudonym, but it claims another user stole it. The sent message in this paper contains users' pseudonym PID User and public key PK User . Based on that, TA can trace the real identity of the malicious user by formula (3). Thus, the proposed scheme is traceable.

C. DATA CONFIDENTIALITY
We take users' anonymities and public keys as the transaction data to create a particular consortium blockchain, PseID-Chain, which allows for the secret sharing and storage of users' identities among servers. That is, data confidentiality is ensured. For servers and attackers, even if they got a target user's anonymity and public key (the user proactively sends his/her anonymity and public key to servers or the attacker illegally obtains them through eavesdropping etc.), they are unable to calculate the target user's true identity. At the same time, the security characteristics of consortium blockchain, such as distributed and data confidentiality, make it difficult for attackers to discover any encrypted information from our proposed PseIDChain, even if they control single or numerous servers. Thus, the proposed scheme ensures the confidentiality of users' sensitive data.

D. SECURITY COMPARISON
The three subsections above prove that our proposed scheme has cross-domain authentication, anonymity, traceability, and data confidentiality. Meanwhile, the secure storage and sharing of users' privacy information, one of the research focuses of this paper, has been achieved by them. So, we also compared our proposed authentication scheme to representative solutions in [6], [10], [14], [25], [29], and [30]. Among them, [29] is a typical pseudonym-based scheme, and [30] is batch authentication (batch authentication and decentralized authentication are the effective methods of the efficient authentication scheme). Others are the more state-of-the-art algorithms related to the security scheme of AVP. The results demonstrate that our proposed scheme is more secure (see TABLE 4).

VI. PERFORMANCE EVALUATION
We use the Hyperledger Fabric to build the network environment of PseIDChain (a consortium blockchain based on users' identities), dockers to simulate consortium nodes (local servers), and developed PseIDContract (smart contracts) to manage users' identities. We set up 9 nodes in PseIDChain, including 2 CA nodes, 3 order nodes, and 4 peer nodes, and established 2 SDK clients, as shown in TABLE 5. Based on it, analyzing this paper's preference from the block delay, authentication time, and system throughput. • Block delay: The block latency of PseIDChain is examined in this subsection since it directly impacts the overall efficiency of the AVP system. As demonstrated in Fig. 10, the block delay of PseIDChain is less than 0.25 s, and it does not increase linearly with the increasing number of requests.

Authentication delay:
The authentication delay in this article is divided into two parts, authentication delay for inexperienced and regular users. 1) Serv authenticate an inexperienced user based on authentication parameters issued by TA; thus, the authentication delay of it is the sum of three main operation costs, point multination T mul = 0.6ms, MapToPoint hash T mtp = 2.7 ms and bilinear maps pairing T par = 1.6 ms [31]. So, authentication delay for inexperienced users is 8T mul + 4T par = 11.2 ms. 2) The authentication to regular users is completed by searching their public key and anonymous identity [PK 1 User , PID 1 User ] on PseIDChain. As shown in Fig. 11, the number of requests has less impact on the authentication delay of the regular users. The average single query time is about 25.08 ms, which meets the requirements of rapid authentication on the internet of vehicles. System throughput: As shown in Fig. 12, the median of this work's system throughput is 46.65 TPS, and its maximum value is 55.72 TPS. Average delay: Furthermore, we also analyze the average delay of this paper. Due to related works on the information security problem of AVP did not focus on the privacy protection of the authentication between users and multiple local servers. Meanwhile, improving authentication efficiency is one of the research focus in this paper, and batch authentication and decentralized authentication architecture are effective strategies for it. So, the authentication delay of this scheme is compared with a typical pseudonym-based authentication scheme  reported in [29] and a representative batch authentication solution reported in [30]. Fig. 13 illustrates the comparing results. Taking 100 service requests as an example, the authentication efficiency of our scheme is 80.29% and 50.45% higher than that of [29] and [30], respectively.

VII. CONCLUSION
This paper proposes a cross-domain self-authentication scheme for AVP based on the consortium blockchain, in which users are classified and different decentralized authentication strategies are designed, respectively. Additionally, PseIDChain (a consortium blockchain based on users' identities) and PseIDContract manage all legitimate users' privacy information. Consequently, this strategy solved the ''information isolated islands'' problem of different service providers' servers, decreased the burden of centralized concurrent queries, and enhanced the authentication efficiency of users. This scheme is feasible based on the comprehensive safety and performance analysis results.
In the future, we will implement a prototype smart parking system in the real world based on our proposed secure AVP framework, cross-domain self-authentication method, and the storage and sharing mechanism of users' privacy information to evaluate the proposed scheme's performance metrics more precisely and improve it. Moreover, considering that electric vehicles are an inevitable trend in the future, however, range anxiety has always been the main reason consumers buy. The integration of AVP and the intelligent charging system may achieve unmanned electric vehicles to autonomously drive to the charging pile for charging, which will solve the range anxiety issue to a certain extent. This is a meaningful future research direction. He is currently working as a Lecturer with the School of Aerospace, Transport, and Manufacturing (SATM), Cranfield University, U.K. He is also leading Seretonix, a Secure, and the Reliable Electronic Systems Group, Cranfield University, focusing on the resilience and security of electronics. He has accumulated a wide and varied experience in fieldprogrammable gate arrays (FPGAs) and ASIC design, simulation, verification, and implementation at Toumaz, Didcot, U.K. He was involved with two EPSRC-Funded Projects-NFF and SABRE, where he was responsible for creating most of the detailed designs and implementations. He has published 43 international journals, conference papers, and book chapters, two awarded as the best articles. VOLUME 10, 2022