Physical Layer Authentication Based on Nonlinear Kalman Filter for V2X Communication

Authentication is an important guarantee for vehicle to everything (V2X) commercial deployment. Currently, V2X security often use identity authentication schemes based on public key infrastructure (PKI). These schemes need to transmit certificates and signatures when sending safety-related information such as basic safety messages (BSMs), which need to occupy extra bandwidth and reduce the available channel capacity. So, V2X communication efficiency will be seriously affected in traffic congestion. In this paper, we propose a V2X authentication model based on physical layer characteristics. Then we use the Kalman filter to refine the iterative model and threshold model. The iterative model mainly realizes the priori and posteriori estimation of the current time based on the physical layer characteristics of the previous time, which provides the basis for the entire authentication process. The threshold model analyzes the mathematical characteristics of the priori estimation, and gives the calculation method of the authentication threshold. Since the conventional Kalman filter can only be used for linear discrete system, we use extended Kalman filter and unscented Kalman filter to extend the characteristics used for authentication to non-linearity. At the same time, iterative model and threshold model are improved according to these two algorithms. In terms of security and performance, we compare the proposed schemes with the conventional V2X authentication scheme and physical layer authentication scheme, and the effects of these schemes are analyzed by experiment. We select three characteristics for simulation: received signal strength indication (RSSI), the distance between the two vehicles, and the relative speed between the two vehicles. Then we analyze the process and effect of these two filters, and the factors that affect the threshold. Through experiments, the proposed authentication schemes can effectively take the responsibility of identity authentication in the V2X environment, and have high security level and low overhead, which can reduce the consumption of communication resources by security.


I. INTRODUCTION
The vehicle to everything uses the latest generation of information and communication technology to realize omnidirectional vehicle to vehicle(V2V), vehicle to infrastructure (V2I), vehicle to pedestrian (V2P), and vehicle to network/cloud(V2N/V2C) network connections. Identity security The associate editor coordinating the review of this manuscript and approving it for publication was Qing Yang . and authentication are an important guarantee for V2X commercial deployment. V2X communication process between users, vehicles, infrastructures and clouds requires identity legitimacy authentication for participants such as on-board unit (OBU) and roadside unit (RSU). It can prevent vehicles from making wrong judgments once hackers break through and attack one or all of OBUs and RSUs, which will lead to accidents such as vehicle collisions that endanger people and public safety. Therefore, in the V2X environment, security lar networks. For V2X security, the use of certificates and signatures can effectively reduce the risks. However, certificates and signatures require additional communication resources. When sending a BSM, additional certificates and signatures will be appended to the back of the message, which reduces the available channel capacity and the maximum number of vehicles in this channel. In the special cases such as traffic congestion and bad communication environment, the maximum number of the channel may be lower than the total number of surrounding vehicles. At this time, V2X loses its effect and may cause traffic accidents.
Therefore, reducing the overhead of certificates and signatures can increase the available channel capacity. One solution is to reduce the size of certificates and signatures, but it will reduce the security of the communication. The physical layer authentication can effectively solve this problem. Physical layer authentication uses characteristics such as inherent attributes of communication devices or channel characteristics to identify different vehicles. These characteristics are difficult to be imitated by malicious attackers, effectively guaranteeing the security of V2X communication. At the same time, the use of physical layer authentication does not require additional security information, thus increasing the available capacity of the channel.
This paper focuses on V2X security. And we design a V2X physical layer authentication scheme for the problem of signatures occupying extra resources. Our main contributions are summarized as: 1) An authentication model based on physical layer characteristics is proposed. The physical layer characteristics that can be used for authentication include not only the unique characteristics of the communication devices, such as frequency offset and clock offset, but also the unique channel characteristics due to the high-speed movement of the vehicle. In addition, we also adopt the moving state of the vehicles. The moving state is continuous, and the BSM contains information such as position, speed, acceleration which can be confirmed by the sensors such as radar or camera. So moving state information can also assist in authentication. 2) Based on the Kalman filter, we have refined the iterative model and threshold model in the authentication model. The iterative model mainly realizes the priori and posteriori estimation of the current time based on the physical layer characteristics of the previous time, which provides the basis for the entire authentication process. The threshold model analyzes the mathematical characteristics of the priori estimation, and summarizes the calculation method of the authentication threshold. 3) Since the conventional Kalman filter can only be used for linear discrete system, we introduced extended Kalman filter and unscented Kalman filter to extend the physical characteristics to non-linearity. At the same time, iterative model and threshold model are improved according to the core ideas of these two algorithms. 4) In terms of security and performance, we compare the proposed schemes with the conventional V2X authentication scheme and physical layer authentication scheme. Then we use experiments to analyze the effect of the authentication scheme based on physical layer characteristics. In the experiments, we select three characteristics: RSSI, the distance between the two vehicles, and the relative speed between the two vehicles. We analyze the processes and effects of extended Kalman filter and unscented Kalman filter, the authentication process and its effects, and the factors that affect the threshold. It can be seen from the experiments that our proposed authentication scheme can effectively take the responsibility of identity authentication in the V2X environment, and have high security level and low overhead, which can reduce the consumption of communication resources by security. The rest of this paper is organized as follows: Section II outlines the physical layer authentication scheme and the study of nonlinear Kalman filter. Section III introduces the model and process of V2X physical layer authentication. Section IV introduces the authentication schemes based on extended Kalman filter and unscented Kalman filter. Section V analyzes the effect of the authentication schemes based on physical layer characteristics and VOLUME 8, 2020 the factors that affect the threshold through experiments. Section VI summarizes the paper and gives conclusions.

II. RELATED WORK
At present, the mainstream solution schemes of V2X security are based on PKI, which use certificates and signatures to provide security protection for BSMs. Vijayakumar et al. [9] use a computationally efficient two-way anonymous authentication scheme based on the anonymous certificates and signatures for vehicular ad-hoc networks (VANETs) to verify the message source and integrity. Balaji et al. [10] proposed an enhanced dual authentication and key management scheme for VANETs using the elliptic curve cryptography (ECC) and the Diffie-Hellman key exchange protocol. Physical-layer authentication identifies a device by its physical characteristics or the characteristics of the communication channel. The physical layer characteristics that can be used include carrier frequency offset, phase offset, clock offset and other radio ''fingerprints'' [11]- [14]. Hou uses CFO to implement the physical layer authentication under time-varying conditions [15], [16]. The channel characteristics depend on the state of the device and the surrounding environment, so the channel characteristics can also be used for authentication [17]. Xiao designed an authentication scheme using channel state information [18]. Choi [19] proposed a challenge-response physical-layer authentication scheme, which combined the key and channel state information for the authentication of legitimate users in orthogonal frequency division multiplexing (OFDM) systems. Wang et al. [20] used deep neural networks to authenticate CSI-based users. This authentication algorithm does not require deep analysis of channel changes. Threshold-based physical layer authentication usually adopts methods such as minimum likelihood [21], [22]. Its advantage is lower computational complexity and lower additional overhead. The physical layer authentication schemes based on machine learning has also been proposed to implement adaptive authentication [23], [24]. The vector machines algorithm [25], K-nearest neighbors [26], neural network [27], [28], etc. have been used for physical layer authentication. In addition, the physical layer watermark uses the information embedded in the original data signal to complete the authentication without additional information transmission [29]. The randomness of the channel can generate the key required for authentication [30], [31]. Due to the high-speed mobility of the vehicle, the channel changes quickly, so the authentication scheme based on channel characteristics is very suitable for V2X. The continuity of the vehicle's moving states can also assist in authentication. Abdelaziz et al. [32] use the angle information of the vehicle and the GPS position information to authenticate the vehicle. Lim and Tuladhar [33] use radar information for authentication.
The Kalman filter is commonly used for data processing. It uses the characteristics of the linear system to recur the state equations to calculate the optimal solution under the minimum mean square error, thereby reducing the effect of noise in the system [34], [35]. Kalman filter is aiming at the linear system, so it needs to be improved when it encounters a nonlinear system. Generally, an approximate method is used to obtain the suboptimal solution [36]. The extended Kalman filter uses Taylor series expansion to convert nonlinear state equations and observation equations into linear equations. Generally, only first-order expansion is performed to reduce the computational complexity [37], [38]. Unscented Kalman filter uses a sampling method to approximate the probability density distribution of nonlinear equations [39], [40], and uses a unscented transformation method to reduce the number of sampling points [41]. With the development of information technology, Kalman filter can be used not only for signal processing, but also for vehicle state estimation [42], [43]. Therefore, we can use the characteristics of Kalman filter in the V2X environment to solve the problems of physical layer authentication.

A. AUTHENTICATION MODEL
In security-related research, Alice, Bob, and Eve are commonly used to represent three different types of entities. Alice represents a legitimate sender, and Bob represents a legitimate receiver. In a V2X environment, they can be OBUs or RSUs. Alice periodically broadcasts BSMs or other safety-related information, which needs security-related processing to ensure the reliability and legitimacy. Eve represents a malicious attacker. It can be an illegal OBU, an illegal mobile device that supports V2X direct communication, or a pseudo base station. In the V2X environment, vehicles move at high speed, so the communication time between OBUs and RSUs is short, and the timeliness of messages is high. Traditional two-way authentication and encryption methods will seriously affect the efficiency of communication. Therefore, V2X direct communication uses broadcast to send BSMs, and does not use two-way authentication. The security-related information needs to be included in the BSMs. After receiving a BSM, receiver can directly authenticate the identity of the sender and judge the authenticity of the message. So there is no need to encrypt the BSMs. Eve can easily monitor the BSMs of the surrounding vehicles, so the BSMs need to be anonymized. Anonymous methods are beyond the scope of this paper. The security problems caused by Eve mainly include message forgery, message tampering, message replay, and imitation of legal identity. Because of the time stamp included in the BSM, the problem of message replay can be solved well. Other security issues can be summarized into two categories in the Alice-Bob-Eve model, shown in Figure 1.
One is that Eve uses a false identity to send a false BSM to Bob (that is Figure 1(a)), and the other is that Eve imitates Alice to send BSMs (that is Figure 1(b)). Authenticating the identity of the sender is an effective way to solve these problems. When Eve uses a false identity, Bob can use identity authentication to filter out all the BSMs sent by Eve and keep only the BSMs sent by Alice, which effectively guarantees the safety of the vehicle. When Eve imitates Alice to send a forged or tampered BSM, Bob will check whether the BSM matches the corresponding hash value to determine whether the BSM is fake. In the V2X security system based on PKI, certificates and signatures are generally used for identity authentication during direct communication. The certificate ensures the legality of Alice's identity, and the signature provides security protection for the BSMs sent by Alice. However, certificates and signatures consume additional bandwidth, thus reducing the available channel capacity.
Communication device has some unique characteristics, such as frequency offset, clock offset, etc. As the vehicle moves at high speed, the communication channel between Alice and Bob changes rapidly, and its characteristics are also unique. These characteristics are difficult to imitate by Eve, so they can be used for identity authentication. In addition, Alice's moving state is continuous, and BSM contains information on the moving state such as position, speed, acceleration, etc. Bob's radar, camera and other sensors can confirm Alice's moving state. So, the moving state also can assist in identity authentication. We use U t to represent the set of n physical layer characteristics at time t: where u i t represents the i-th characteristic, which can be physical layers characteristic such as carrier frequency offset (CFO), RSSI, channel state information (CSI), or movingstate information such as vehicle speed, direction angle, GPS and so on. Suppose that only one BSM is sent at each time, and Alice and Bob have completed authentication at time t − 1, so Bob can calculate the physical layer characteristic U P t at time t based on the information at the previous t − 1 times, and Bob can measure the physical layer characteristic Z t at time t. At time t, there are two cases. One is that the sender is Alice, that is, H 0 in (2). At this time, the absolute value of the difference between U P t and Z t will be less than the threshold T t . The other case is that the sender is Eve, that is, H 1 in (2), where the absolute value of the difference between U P t and Z t will be greater than the threshold T t . We can find that this authentication process is iterative. For the initial time t 0 , Alice and Bob need to complete identity authentication by other means. Common method is using certificates and signatures. The threshold T t is related to the selected physical layer characteristics. As the characteristics change, the threshold T t also needs to be iterated and updated.
The proposed V2X physical layer authentication scheme is divided into three phases, and its flow chart is shown in Figure 2. The first phase is the initialization phase. Alice broadcasts a BSM with its certificate and signature. When Bob receives the BSM, he completes identity authentication through Alice's certificate and signature, and records the physical layer characteristics of Alice. The second phase is the iterative phase. Bob calculates the physical layer characteristic U P t at the current time according to the physical layer characteristic U t−1 at the previous time, and records the observation value Z t at the current time. The third phase is the judgment phase. Bob updates the threshold T t at time t, and then judges whether the sender of the BSM is Alice according to (2). The case H 0 indicates that the sender is Alice, that is, the identity authentication is successful, and the second and third phases will be repeated to continue the authentication process; the case H 1 corresponds to Eve, that is, the identity authentication fails, and the first stage needs to be returned to restart the entire authentication process. From the above process, we can find that there are two most important processes, the iterative process of the second phase and the process of updating the threshold in the third phase. The next subsection will focus on analyzing these two processes.

B. ITERATIVE MODEL
The iterative model is the important part of the authentication scheme. In this model, the physical layer characteristic U P t at the current time needs to be calculated according to U t−1 VOLUME 8, 2020 at the previous time. And the model collects information preparing for updating the threshold T t . The state transition of the physical layer characteristics at time t can be expressed as (3) where W k is process noise. Bob obtains the physical layer characteristics at time t through his sensors and corresponding measurement methods, and the observation process is expressed as (4) where V k is the observation noise. For Bob, noise will seriously affect its observation result Z t , so taking Z t as the optimal solution to participate in the next state transition will have a greater impact and lead to the failure of the entire authentication scheme. The conventional Kalman filter is oriented to a linear discrete system, that is, we need to select linear physical layer characteristics, so the state equation and observation equation can be expressed as (5) and (6) where A is the state transition matrix, H represents the transition matrix from the current state to the observation, W t and V t represent the process noise and observation noise respectively, and W t ∼ N (0, Q), V t ∼ N (0, R). The Kalman filter uses feedback to estimate the process state, which can be divided into two stages: 1) Time propagation: estimate the current state vector and error covariance according to the information at the previous time, and constitute a priori estimate, that is (7) and (8) whereÛ − t represents the priori estimate of the physical layer characteristics at time t, andP − t represents the covariance matrix of the priori estimate. 2) Observation update: combine the prior estimate and observation values to form the posterior estimates, that is (9) to (11) where K t is the Kalman gain,Û t is the posterior estimate of the physical layer characteristics, andP t is the covariance matrix of the posterior estimate. According to the process of Kalman filter, we choose HÛ − t as the prediction value for the physical layer characteristics at the current time, that is (12)

C. THRESHOLD MODEL
The threshold model is the most important part of the judgment phase. In each iteration, the threshold needs to be updated based on the observation and the information in the previous iteration. This can effectively reduce the impact of noise on the threshold, thereby reducing the false alarm rate.
To calculate the threshold T t , we first need to analyze the features of Z t − HÛ − t . According to (7),Û − t represents the estimated physical layer characteristics at time t based on the optimal resultÛ t−1 at time t − 1 without process noise. Because observation value Z t is not considered,Û − t is the priori estimate of the physical layer characteristics. Then we estimate the observation value Z t without observation noise, that is,Û − t is brought into the (6), and the prior estimate of Z t is HÛ − t . This complies with the description of the authentication process in Subsection III-A. We set the error of the prior estimate to e t , that is (13) and E(e t ) = 0, E(e t e T t ) =P − t . According to (6) and (13), we can get and (2) can be rewritten as (15) We can see that ε t is the superposition of two Gaussian distributions. Therefore, for the i-th element ε t (i) in ε t , there is ε t (i) ∼ (0, D t (i, i)). D t (i, i) represents the value of the i-th row and i-th column of D t , that is, the variance of ε t (i). According to the features of the Gaussian distribution, the probability of successful authentication of the i-th element is (16) where P A represents the set of all probabilities that the i-th element authenticates successfully. In order to facilitate the calculation of T t (i), the Q function is used, that is (17) where It can be seen that P A (i) represents the probability of |ε t (i)| < T t (i), and we can set P A (i) in the initialization phase. It can be seen from (17) that T t (i) is related to the probability P A (i) and the variance D t (i, i). P A (i) is a preset value, which cannot affect the update of T t (i). D t (i, i) is related to Kalman filter and changes with the iterative process, so it can affect the update of T t (i).

IV. AUTHENTICATION SCHEMES BASED ON NONLINEAR KALMAN FILTER
In Section III we describe the authentication scheme and related models, and the most important iterative model is based on Kalman filter algorithm. However, the Kalman filter needs to select linear physical layer characteristics. Therefore, in practice, many nonlinear characteristics cannot be used for authentication. In this section, two kinds of nonlinear Kalman filter are used to extend the authentication scheme described in Section III, which are extended Kalman filter and unscented Kalman filter, respectively.

A. AUTHENTICATION SCHEMES BASED ON EXTENDED KALMAN FILTER
Extended Kalman filtering uses Taylor series expansion to approximate nonlinear state and observation equations into linear equations, which is a sub-optimal scheme. Since the solution of the second derivative is complicated, the extended Kalman filter generally expands the first-order Taylor series. Therefore, at the posterior estimateÛ t−1 , (3) can be expanded to (18) U where A t−1 represents the Jacobian matrix of f (U t−1 ) at . Similarly, at the prior estimatê where H t represents the Jacobian matrix of h(U t ) atÛ − t , that is, whereÛ − t represents the priori estimate of the physical layer characteristics at time t, andP − t represents the covariance matrix of the priori estimate. 2) Observation update: combine the prior estimate and observation values to form the posterior estimates, that is (22) to (24) Referring to the analysis in Subsection III-C, we choose h(Û − t ) as the predicted value of the physical layer characteristics at the current time. Take (13) into (18), we can get and The calculation method of the threshold T t and judgment conditions remain unchanged.
We summarize the process of V2X physical layer authentication scheme based on extended Kalman filter as follows: 1) In the initialization phase, the authentication is completed using certificates and signatures. The probability of successful authentication P A is set, and the corresponding physical layer characteristic U 0 is recorded.

2) At time t, A t and H t are calculated to form the state equation and the observation equation. 3) At time t, the iterative process is completed according to (20)-(24). 4) At time t, the threshold T t is calculated according
to (17) and (25). 5) At time t, identity authentication is performed according to (15). The case H 0 indicates that the authentication is successful, and continue to step 2 for the next iteration. The case H 1 indicates that the authentication has failed, and return to step 1 to restart the entire authentication process.

B. AUTHENTICATION SCHEMES BASED ON UNSCENTED KALMAN FILTER
Extended Kalman filter approximates nonlinear equations to linear equations, but the corresponding Jacobian matrices need to be calculated in each iteration. For complex systems, the amount of calculation is high and the accuracy is low, resulting in a reduction in the filtering effect and incorrect authentication result. Unscented Kalman filter uses sampling to approximate the probability density distribution of nonlinear equations, so its accuracy is high. First, in the initialization phase, we need to calculate the meanÛ 0 and covarianceP 0 of the physical layer characteristics, that is (26) and (27) Based on the conventional Kalman filter, the unscented Kalman filter adds the stage of calculating Sigma points and weights. The iterative process is as follows: 1) Calculate Sigma points and weights: 2n + 1 Sigma sampling points are needed, that is (28) to (30) j−n and j = n + 1, n + 2, · · · , 2n (30) where (·) j refers to the j-th column of the matrix, κ = α 2 (n + λ) − n, and α and λ are the scale parameters VOLUME 8, 2020 that determine how far the Sigma points distribution is within the range of the mean. The weight calculation method is (31) to (33) w (m) And w (m) j is used to calculate the mean, and w (c) j is used to calculate the covariance. β is used to adjust the precision of the covariance. For Gaussian distribution β = 2 is optimal. 2) Time propagation: estimate the current state vector and error covariance according to the information at the previous time, and constitute a priori estimate, that is (34) to (40) where χ j t|t−1 represents the priori estimate of the Sigma points,Û − t is the mean value of the Sigma points and corresponds to the priori estimate of the physical layer characteristics at time t, andP − t represents the covariance matrix of the priori estimate. γ j t|t−1 represents the observation estimate corresponding to the Sigma points,Ẑ − t represents the priori estimate of the observation, and its covariance matrix is M t . N t represents the covariance between the priori estimate and the observation value to calculate the Kalman gain. 3) Observation update: combine the prior estimate and observation values to form the posterior estimates, that is (41) to (43) where K t is the Kalman gain,Û t is the posterior estimate of the physical layer characteristics, andP t is the covariance matrix of the posterior estimate. According to the analysis of Subsection III-C, we choosê Z − t as the predicted value of the physical layer characteristics at the current time, so ε t is expressed as (44) (44) and The calculation method of the threshold T t and judgment conditions remain unchanged.
We summarize the process of V2X physical layer authentication scheme based on extended Kalman filter as follows: 1) In the initialization phase, the authentication is completed using certificates and signatures. The probability of successful authentication P A is set. The corresponding physical layer characteristic U 0 is recorded. And the initial meanÛ 0 and covarianceP 0 are calculated. 2) At time t, Sigma points and weights are calculated. 3) At time t, the Sigma points are used to complete the iterative process of unscented Kalman filter, that is, (34)- (43). 4) At time t, the threshold T t is calculated according to (17) and (44). 5) At time t, identity authentication is performed according to (15). The case H 0 indicates that the authentication is successful, and continue to step 2 for the next iteration. The case H 1 indicates that the authentication has failed, and return to step 1 to restart the entire authentication process.

C. COMPARISON AND ANALYSIS
At present, the mainstream schemes of V2X security are using certificates and signatures. Usually BSMs are sent every 100ms. To reduce the extra bandwidth overhead of certificates, SAE J2945/1 [44] stipulates that the BSMs with a certificate and a signature are transmitted approximately every 500 ms, and other BSMs are transmitted with a certificate digest (8 bytes) and a signature to reduce the overall message length. Physical layer authentication can replace signatures. So the above process will become that BSMs with a certificate and a signature are transmitted every 500 ms and BSMs with a digest are transmitted every 100 ms. The size of a BSM is small (that is 50-150 bytes) and its transmission frequency is high [45]. The size of a signature is 64 bytes, so it takes a lot of overhead. The physical layer authentication does not need to transmit any bytes, so it can reduce the overhead of security. The conventional physical layer authentication scheme is based on the mean [20], which is given by (45) where x is the Frobenius norm of the matrix x and Z t is the mean of historical Z t . T M is the threshold, which is given by (46) The mean-based scheme is mainly for static situation. It has poor performance for authentication when the vehicle is moving. For nonlinear characteristics, the mean value cannot be used to predict the characteristics of the next time.
The proposed schemes based on nonlinear Kalman filter can adapt to time-varying physical layer characteristics. And it can also solve the problem that conventional Kalman filter can only be used in linear systems. We analyze the security and performance of these schemes through experiments in Section V.

V. EXPERIMENTAL RESULTS
In this section, we first compare our nonlinear-Kalmanfilter-based physical layer authentication (NKF-based PLA) with the conventional certificate-and-signature-based authentication (CS-based authentication) and mean-based physical layer authentication (Mean-based PLA), in term of security and performance. Then we analyze two authentication schemes based on nonlinear Kalman filter through simulation. First, we select RSSI as the first physical layer characteristic, here using a lognormal distribution model [46], that is (47) where P(d) refers to the RSSI at the distance d between the sender and receiver, d r is the reference distance, σ (RSSI ) t conforms to zero-mean Gaussian distribution, and its variance is σ 2 RSSI . Therefore, the RSSI at time t is related to the distance between the two vehicles, that is (48) The vehicles moving scenario for simulation is shown in Figure 3. The moving states between Alice and Bob are that they are away from each other with a constant acceleration, the initial relative distance is 10 meters, the initial relative speed of them is 0, and the relative acceleration is 2m/s 2 .
Eve is in front of Alice to send false BSMs, 30 meters away from Bob, and relative acceleration is also 2m/s 2 . The BSM transmission rate is 10Hz, that is, one BSM is broadcast every 100ms. Therefore, the moving states are expressed as (49) and (50) where d t represents the distance between at time t, v t represents the relative speed at time t, and a represents the relative acceleration. t represents the interval between two BSMs, that is, 100ms. σ where V t represents observation noise and is in accordance with Gaussian distribution. According to (51) and (52), we simulate the moving states to generate RSSI, distance and speed data. Then we implement the NKF-based PLA and Mean-based PLA, and use this data to simulate the authentication process. These simulations are achieved through MATLAB. We set the simulation time to 30 seconds, which means 300 BSMs have been sent. Figure 4 shows the overhead of certificates and signatures for CS-based authentication and physical layer authentication. According to IEEE 1609.2 [5], assuming that the ID of certificate is the maximum to support as many vehicles as possible, and other items are as small as possible. So the size of an explicit certificate is 239 bytes and the size of a signature is 64 bytes. We use the procedure described in IV-C to send BSMs periodically, and calculate the percentage of certificates and signatures. Figure 4(a) shows the percentage of certificates and signatures in a conventional V2X security scheme. We can see that due to the small size of the BSM, certificates and signatures occupy a lot of communication resources during the transmission of the BSM. So the security overhead of V2X is too large. Figure 4(b) shows the security overhead of the physical layer authentication. We can see that physical layer authentication can effectively reduce the overhead of signatures, thus improving the efficiency of communication. Table 1 shows the comparison of four certification schemes: CS-based authentication, Mean-based physical layer authentication, extended-Kalman-filter-based physical layer authentication (EKF-based PLA) and unscented-Kalman-filter-based physical layer authentication (UKF-based PLA). The accuracy in the table indicates the probability that the authentication scheme correctly identifies the sender. Overhead represents the additional cost of certificates VOLUME 8, 2020  and signatures. Security represents the security level of these schemes. Certificates and signatures can solve security problems, such as the forgery of communication content, deletion of communication content, malicious requests for communication resources and fake communication identities. And user privacy can be solved by anonymous certificates. For CS-based authentication, each authentication requires the participation of the signature, so it can guarantee an accuracy close to 100%, but has a higher overhead. Physical layer authentication replaces the signature in the CS-based scheme. so it can also solve the above security problems. Mean-based PLA cannot adapt to dynamically changing V2X scenarios, so the accuracy is very low. EKF-based PLA and UKF-based PLA have a high accuracy rate, while saving a lot of signature overhead. CS-based authentication has the highest security level, while the security levels of EKF-based PLA and UKF-based PLA are lower than it, because of the accuracy. As for Mean-based PLA, its accuracy is too low, resulting in a lower security level. In short, EKF-based PLA and UKF-based PLA have high security level and low overhead, which can reduce the consumption of communication resources by security. Figure 5 shows the process of extended Kalman filter and unscented Kalman filter. The true values in the figure represent the changes of the three discrete variables P (RSSI ) t , d t , and v t . Because the acceleration a has small amplitude fluctuations, the process noise is small in the experiment, preventing P The observation values in the figure represent the changes of Z t . It can be seen that there is a large error between the observation value and the true value in the case of large observation noise. The filter values in the figure represent the results after extended Kalman filter and unscented Kalman filter. We can conclude that the two types of nonlinear Kalman filter can effectively reduce the impact of observation noise and guarantee the increasing or decreasing characteristics of the selected physical layer. Good filtering results ensure the stability of the authentication process and reduce the probability of errors. Figure 6 shows the authentication process based on extended Kalman filter and unscented Kalman filter, that is, the changing process of ε t and T t in (15). In the experiment, we set V t = [0.6 1.0 0.5] T and P A = [0.95 0.95 0.95] T . The judgment condition for successful authentication is |ε t (i)| < T t (i), that is −T t (i) < ε t (i) < T t (i). Therefore, we set the upper bound and the lower bound to be T t and −T t , respectively. ε t falling between the upper and lower bounds indicates successful authentication, and falling outside indicates failed authentication. It can be seen from the figure that in most cases, the authentication is successful, because the authentication success probability is set to 95%, that is, the probability is 95% that ε t falls between is an important factor that affects the threshold T t (i). This value is a constant, and the greater the value of P A (i), the greater this value, so the larger T t (i) is. When P A (i) is 95%, ) is 1.96. According to (17) , it can be seen from the figure that the value of D t (i, i) is close to the observation noise V t (i). This indicates that the observation noise has a greater influence on the threshold T t . Only when the authentication processes of P (RSSI ) t , d t and v t are all successful, can we think that the entire authentication process is successful, so it can effectively reduce the probability of errors. In addition, in actual use of the authentication scheme, the probability P A (i) can be set according to the selected physical layer characteristics to adjust the error rate of authentication. In short, the authentication scheme based on extended Kalman filter and unscented Kalman filter can effectively take the responsibility of identity authentication in the V2X environment.

VI. CONCLUSION
V2X security is an important guarantee for Internet of Vehicles. V2X faces a variety of security threats, and the use of authentication can effectively solve these security threats and improve the safety of vehicle driving. Many countries in the world have already carried out V2X security research and test verification based on PKI. For V2X security, the use of certificates and signatures can effectively reduce the risks faced by V2X communications. However, certificates and signatures require additional communication resources. In special cases such as traffic congestion and poor communication environment, the maximum number of vehicles in the channel may be lower than the number of surrounding vehicles, which may cause traffic accidents. Physical layer authentication uses physical characteristics such as inherent physical characteristics of devices or channel characteristics to identify different devices. These characteristics are difficult to be imitated by malicious attackers, effectively guaranteeing the security of V2X. At the same time, the physical layer authentication does not need to transmit additional security information, thus increasing the available channel capacity.
In this paper we propose an authentication model based on the physical layer characteristics. The model uses the characteristics of devices and the channel characteristics. In addition, we introduce the moving states of the vehicles into this model. Based on the Kalman filter, we refine the iterative model and threshold model in the authentication model. The iterative model mainly realizes the priori and posteriori estimation of the current time based on the physical layer characteristics of the previous time, which provides the basis for the entire authentication process. The threshold model analyzes the mathematical characteristics of the priori estimation, and gives the calculation method of the authentication threshold. In order to utilize the non-linear physical layer characteristics, we improve the iterative model and threshold model based on extended Kalman filter and unscented Kalman filter. Finally, we compare our schemes with conventional schemes and use experiments to analyze the effects of authentication schemes which select three characteristics: RSSI, the distance between the two vehicles, and the relative speed between the two vehicles. The proved filters can ensure the stability of the authentication process and reduce the probability of errors. In addition, the authentication scheme based on extended Kalman filter and unscented Kalman filter can effectively take the responsibility of identity authentication in the V2X environment, and have high security level and low overhead, which can reduce the consumption of communication resources by security.