Secure Information Sharing Approach for Internet of Vehicles Based on DAG-Enabled Blockchain

Abstract

Information sharing in vehicular networks has great potential for the future Internet of Vehicles (IoV). Vehicles and roadside units (RSUs) can exchange perceptual information and driving experience to enable intelligent transportation applications such as autonomous driving and road condition analysis. However, ensuring secure and efficient information sharing among vehicles is challenging. While traditional blockchain can guarantee the tamper-proof nature of shared information, it cannot be directly applied in large-scale vehicle networks due to its slow consensus process. Therefore, we propose an information sharing approach based on a directed acyclic graph (DAG), in which shared information is encapsulated into sites instead of blocks. We also propose a driving decision-based tip selection algorithm (DDB-TSA) and design a reputation-based rate control strategy (RBRCS) to ensure secure and efficient information sharing. Simulation results show that our approach reduces consensus latency, improves information sharing efficiency, and provides a more secure information sharing environment compared to existing DAG-enabled blockchain systems.

1. Introduction

With the continuous development of vehicle communication technology, the IoV provides a promising way to promote information sharing between vehicles and infrastructure [1,2]. In addition, the continuous development of onboard artificial intelligence technology enables vehicles to collect and extract information more intelligently, which provides convenience for information sharing [3]. Information sharing involves the dissemination or transfer of important information from one vehicle or infrastructure to another. In the context of the IoV, information sharing is omnipresent as it can occur between vehicles, between vehicles and infrastructure, and in other ways [4,5]. Information sharing can help drivers make secure and efficient driving decisions and improve road traffic conditions.

Despite the benefits of information sharing mentioned above, critical challenges still need to be solved. For example, the existing malicious vehicles transmit false or forged information to others, affect them to make correct decisions, and even cause serious problems such as traffic accidents [6]. In addition, in the IoV environment, vehicles need to obtain shared information in time. Therefore, how to ensure secure and efficient information sharing is a problem worth studying.

While vehicular information transmission strategies like [7] have enhanced the quality of shared information, they still lack the necessary reliability and security. This leaves honest vehicles vulnerable to information distortion or propagation of misleading data by malicious actors Blockchain has the characteristics of decentralization, tampering, and traceability [8,9]. Although it can provide a secure environment for information sharing, the process of reaching consensus by traditional consensus algorithm is relatively slow, which can not meet the delay-sensitive information sharing environment of the IoV. Especially when a large number of vehicles driving in a small region will bring heavy communication and computing burden to the IoV system with limited resources.

Furthermore, there are only a limited number of research works that have taken into account the effect of vehicular mobility on the process of information sharing [10]. With different moving speeds and directions, the information shared by vehicles has different effects on others. Usually, vehicles are only interested in events not far in front of their driving direction rather than information that occurs behind their driving direction or far away from their position [11]. Neglecting mobility in this context may result in the transmission of redundant information, hindering vehicles from acquiring timely valuable information and reducing the efficiency of information sharing [12]. Thus, enhancing the interdependence between vehicular information and mobility is crucial for effective information sharing.

Recently, a DAG-enabled blockchain structure attracted extensive attention. In traditional blockchain system, the basic unit is called the block. Each block contains multiple transactions, and the next block cannot be added until after the previous one has been added. DAG technology removes the packing and mining process of blocks. Instead, the basic unit is called the site, and each site contains only one transaction [13]. The DAG-enabled blockchain structure can add sites asynchronously and break traditional blockchain systems’ transaction throughput bottleneck.

However, large-scale and delay-sensitive vehicular networks still hinder the application of existing DAG-enabled approaches. For example, using a simple tip selection algorithm (TSA) makes the DAG-enabled blockchain vulnerable to parasitic chain attacks [14]. The attacker secretly builds a sub-DAG by publishing a large number of sites in a short time and increases contact by occasionally referencing the sites of the main-DAG. The ultimate goal is to make the sub-DAG become the main-DAG to attack the system. An effective way to prevent parasitic chain attacks is rate control. That is, control the rate of site publishing so that attackers cannot publish many sites in a short time to protect the system’s security [15]. For distributed ledger technology, proof of work (PoW) is a built-in rate control mechanism. Before the vehicle issues a site, it is necessary to complete a certain degree of difficulty of PoW [16]. However, this method will disadvantage vehicles with low computational power. Therefore, some scholars proposed to use verifiable delay functions (VDF) instead of a PoW-related algorithm [17]. VDF cannot be parallelized. They cannot predict computation with infinite parallel resources, but they are easy to verify and can solve the unfair problem between high and low computational power vehicles. Nevertheless, this is unfair to honest vehicles because they must also spend a certain proportion of time completing the calculation and verification process before issuing a site. Therefore, it is worth studying to design a rate control strategy (RCS) that not only does not affect benign vehicle issue sites but also can prevent malicious vehicles from launching parasitic chain attacks.

We suggest a decentralized framework for information sharing, which utilizes a blockchain enabled with DAG technology, to address the aforementioned issues. Furthermore, a new tip selection algorithm is designed, which takes driving decisions (such as direction and distance) into account in the information sharing process as a bridge between vehicle mobility and shared information. In addition, a new rate control strategy is designed to prevent parasitic chain attacks without hindering benign vehicles from issuing sites. The contributions of the paper are summarized as follows:

• We propose an information sharing approach for IoV to provide a secure and efficient environment for information sharing between vehicles. In contrast to the DAG and consortium blockchain methods currently used in IoV networks, our proposed framework is completely decentralized and does not depend on centralized infrastructures to add transactions to the blockchain.
• We propose a lightweight DAG framework that uses DDB-TSA as tip selection algorithm to meet the time-sensitive requirements of the highly dynamic IoV environment. The proposed tip selection algorithm considers driving decisions, realizes rapid consensus, and increases the correlation between shared information. Through mathematical analysis, it is proved that the proposed lightweight DAG framework is feasible.
• A reputation-based rate control strategy is designed to resist parasitic chain attacks. Unlike the existing rate control strategy, the rate control strategy proposed in this paper will not affect the benign vehicle release sites. However, it can well prevent malicious vehicles from releasing many malicious sites to undermine the security of the DAG system. Experimental analysis shows that the proposed DDB-TSA and reputation-based rate control strategy achieve secure and efficient information sharing.

The paper is structured as follows. Section 2 provides an overview of related work. Section 3 presents our proposed information sharing approach, along with security analysis and a threat model. Section 4 describes our lightweight DAG and the solution to security threats. Section 5 evaluates the performance of our proposed approach. Finally, Section 6 concludes the paper.

2. Related Work

In recent years, information sharing has been widely studied in academia and industry [18]. By utilizing the information shared between vehicles, vehicles can exchange sensing data or driving experiences to facilitate intelligent transportation applications such as traffic analysis.

Lin et al. [19] proposed a behavior-based clustering method to analyze vehicle behavior correlation, reducing the computation and communication costs required for predicting location information. Ruta et al. [20] proposed a logic-based framework enabling contextual data management and mining in vehicular networks. A method for joint rate control and resource sharing was proposed that leverages channel state information and delay constraints [21]. However, ensuring the security and reliability of the information sharing process is of paramount importance. Tampered information or malicious attackers can pose serious safety risks. In this context, blockchain technology has demonstrated excellent resilience to malicious attacks.

Wang et al. [22] suggested a secure private charging pile sharing approach based on energy blockchain for private charging pile sharing networks. On the other hand, Kakkar et al. [23] introduced a blockchain-based approach for secure and reliable data sharing among autonomous vehicles. Cui et al. [24] exploit consortium blockchain technology to achieve anonymous and traceable vehicle-to-vehicle information sharing. The 5G and blockchain combination makes it possible to share data without using roadside units. Su et al. [25] developed a lightweight vehicular blockchain-enabled secure information sharing framework in unmanned aerial vehicles that aided IoV for disaster rescue. However, most existing work uses public or consortium blockchains, and data is encapsulated in blocks, which introduces additional packing and mining consumption. Furthermore, the “chain” structure results in a time-consuming consensus process, rendering it unsuitable for large-scale and delay-sensitive IoV networks. In this case, emerging DAG-enabled blockchain technology is used to enhance the efficiency of information sharing.

For DAG, a conventional system such as IOTA uses the Markov Chain Monte Carlo (MCMC) algorithm as the TSA to reach a consensus [26]. The vehicle needs to trace and verify the previous W sites (W is called particle deep (PD), and its value is large). This algorithm handles conflicts slowly and increases the latency of consensus when encountering conflicts. Mehdi et al. [27] proposed a random walk algorithm to adapt the weight value to the current situation of transactions. However, using the tip selection algorithm based on random walks will lose the correlation between shared information. Aghania et al. [28] proposed a new hybrid TSA algorithm to reduce the number of lazy tips. However, the hybrid TSA employs a recursive walk with a variable parameter, which is unsuitable for delay-sensitive IoV environments. Lu et al. [29] developed a hybrid blockchain architecture consisting of the permissioned blockchain and the local DAG to enhance the security and reliability of model parameters. However, the permissioned blockchain still requires additional block packaging and mining overhead. Cullen et al. [30] emphasized the vulnerability of IOTA in dealing with parasite chain attack and proposed the first-order biased random walk algorithm as a mitigation solution. However, it is still vulnerable to the parasite chain attack, which may damage the immutability and irreversibility of the ledger. Chai et al. [12] propose an algorithm called reversed two-hop TSA. When new site choices tips to append, it does not have to trace from particle deep. Conversely, it directly chooses two existing tips from its side to connect. Although the algorithm reduces the time to reach a consensus, it reduces a lot of site verification, which is not conducive to the security of the DAG system.

Although the above studies have contributed significantly to the information sharing among vehicles, they are either insecure or inefficient for dynamic IoV networks. Therefore, the lightweight DAG-enabled blockchain approach proposed in this paper aims to enhance the security and efficiency of information sharing.

3. Information Sharing Approach

The method proposed in this paper is applicable to the sections with more vehicles, and there is a need for information sharing between vehicles. The whole vehicular network is divided into several traffic regions. There are a specific number of RSUs and a large number of vehicles in each region. Each vehicle belongs to a specific region, where it extracts information and generates sites. After the information is verified, it is added to the DAG blockchain and can be shared within the region or across regions. RSUs act as DAG nodes, maintaining a DAG-enabled blockchain. We assume that RSUs are trusted and cannot be maliciously controlled. Figure 1 shows the information sharing approach, and the basic workflow is described as follows.

3.1. Approach Overview

In the information sharing process, each vehicle should have a legitimate identity to issue sites in the DAG-enabled blockchain system. At first, the vehicle uses its unique private key (SK) to generate a public key (PK), and then the wallet address (WA) is generated by the PK. A vehicle is only considered legal if its identification information is not on the blacklist maintained by the RSUs. Then, the vehicle can conduct transactions with the PK.

3.1.1. Information Extracting and Site Generation

By utilizing intelligent onboard units, vehicles can collect raw data from their surrounding environment effectively, as shown in part (1) of Figure 1. Besides, each vehicle is equipped with a trusted platform module (TPM) [31], and the TPM is installed to store sensing information. The information stored in the TPM cannot be tampered with. Then, vehicles can extract valuable information from the original raw data. The extracted valuable information is expressed as I and the typical format of a site SI is

$$SI=\left\{I,c,d,H,Sig,w\right\},$$

(1)

where I is shared information, c is a parameter for the reputation value needed to issue the Site. d is the driving decision indicator of intelligent vehicles utilized to develop a lightweight DAG-enabled blockchain framework. H is the hash value of the shared information. Sig is the signature of the intelligent vehicles, which is generated by its SK, and w is the own weight of a site.

3.1.2. Information Verifying and Appending

The vehicle that initiates the transaction disseminates the packaged site to the RSUs in its vicinity, which store the DAG ledger. Next, the vehicle selects and verifies two existing tips on the DAG ledger based on the tip selection algorithm, as shown in part (2) of Figure 1. The process of adding a new site to the DAG ledger through the approval of two tips is called approval. Sites that have no approval are referred to as tips. The tip selection algorithm will be discussed in detail in Section 4.

3.1.3. Information Sharing among Vehicles

With the continuous expansion of the scale of the DAG ledger, the sites that previously joined the ledger will have a confirmation level. The confirmation level of a site is calculated by dividing the number of valuable tips directly or indirectly approve the site by the total number of valuable tips. Note that the number of valuable tips does not include orphan sites. The information requester obtains the information stored on the site according to the confirmation level set by himself. When the confirmation level of a site reaches a specific value, the site is considered a trusted site. At this point, vehicles that publish the site will receive a certain number of reputation values as rewards. Reputation value is an important parameter to judge the reliability of vehicles. The more reputation values a vehicle has, the more reliable the vehicle is. At the same time, the reputation value serves as the basis for the number of sites that vehicles can publish continuously. Therefore, vehicle rewards will be reduced after a short period to prevent the reputation value from tending to infinity. Every time interval $\delta t$ passes, for example, the reward of honest site issued by the vehicle will be halved.

Besides, due to the large-scale characteristic of vehicular networks, the sharing process tends to occur in a cross-region scenario. The reason is that interaction among vehicles within a single region cannot satisfy the information sharing demands, as shown in part (3) of Figure 1. Note that the size of the region is not in our consideration.

• Local Information Sharing: Local information sharing refers to information shared in the same region. Each region usually contains multiple RSUs to cache and synchronize the local DAG ledger. Intelligent vehicles can check and exploit the ledger stored at their surrounding RSUs to make decisions.
• Cross Region Information Sharing: Due to the large-scale characteristics of vehicular networks, information sharing among vehicles is more inclined to cross-region information sharing. Therefore, to ensure the trust and reliability of the shared information, it is crucial to design an identity authentication approach for those cross-region vehicles. Existing methods use identity tokens for the verification process [32], introducing extra storage consumption for information sharing. Therefore, we design a new identity authentication approach for cross-region vehicles, and the details are as follows. At first, we design a special site during the authentication process, i.e., cross-region site $S{I}_c$. The format of $S{I}_c$ is expressed as

  $$S{I}_c=\left\{I,H,Sig,w\right\},$$

  (2)

  here, w is a number larger than 1 (e.g., 5). According to Equation (3), it is easier for this site to obtain approval from other sites with a large weight. In each region, RSUs maintain the DAG ledger, as illustrated in Figure 1, considering a cross-region scenario that vehicle z leaves region A to region B. If RSUs in region A decide to share some information with region B, they send it to y the cross-region site $S{I}_c$ and sign with their private key, which I contains the information to be shared. As shown in Figure 1, the RSUs in this region encapsulate the valuable information to be shared in a site and send the site to vehicles with higher reputation values that are about to cross regions. After arriving at another area, the vehicle will send the site to the nearby RSUs. After the site joins the DAG Ledger, the cross-region information sharing is completed.

3.2. Security Analysis and Threat Model

The proposed approach utilizes blockchain technology enabled by DAG to guarantee the reliability and immutability of shared information. Shared information is appended asynchronously to the ledger and subsequently checked by following sites. Furthermore, the appended-based technology and hash function guarantee that the recorded sites cannot be tampered with. However, due to the high mobility vehicles and large vehicular networks, the information sharing among vehicles based on DAG-enabled blockchain still faces some challenges.

3.2.1. Lazy Workers

Lazy workers refer to these intelligent vehicles that intentionally approve some old sites rather than tips to avoid doing verification work, reducing the DAG network’s throughput. According to Equation (3), if a lazy site is appended to the existing old site, it is not probable that the lazy site would be selected because the difference between cumulative weights would be large and Pxy would be small. Therefore, the likelihood of the lazy sites being appended will be reduced. As a result, those lazy sites will eventually become orphan sites.

3.2.2. Malicious Information Attack

Malicious information attack means that attackers publish false information to the DAG network, induce other vehicles to make wrong decisions, and affect the security of the entire DAG-enabled blockchain system. However, newly released sites must be certified before they are credible. After site authentication, benign sites will not choose to add to the malicious site. Finally, the malicious site will eventually become an orphan site. In addition, when the vehicle obtains information on the DAG-enabled blockchain, it will calculate the cumulative weight and confirmation level of the site, so it is difficult to select orphan sites.

3.2.3. Splitting Attack

Splitting attack means that an attacker divides a complete ledger into two or more branches by constructing false sites, and tries to maintain these branches, making the ledger always in a split state. For a splitting attack to be successful, the attacker must create at least two contradictory transactions at the start of the split, making it difficult for honest nodes to connect the two branches by referring to them at the same time. In this way, the DAG ledger is divided into two or more branches. The attacker’s goal in conducting a splitting attack is to create at least two conflicting transactions at the start of the split, which would make it difficult for honest nodes to connect the two branches by referencing them simultaneously. The attackers aim for roughly half of the network to contribute to each branch, hoping to compensate for random fluctuations and spend the same funds on both branches. However, it is challenging for attackers to maintain a balance between the two branches. Network synchronization issues may hinder their awareness of recently issued transactions, and if the split is successful, the most recent transactions will only have around 50% confirmation confidence, leading to stunted branch growth. In such a scenario, the honest vehicles may choose to selectively give their approval to transactions that occurred before the bifurcation, bypassing the conflicting transactions on the split branches.

The above three threat models can be relatively simple to deal with. However, the following threats must be considered to better ensure the security of the DAG-enabled blockchain system.

3.2.4. The Ledger Convergence

The ledger convergence means the total number of tips in the DAG ledger cannot tend to infinity but rather to a specific integer value. Otherwise, many sites will be waiting to be confirmed, and the DAG-enabled blockchain system will be paralyzed. Therefore, when designing a new tip selection algorithm, the convergence of the DAG ledger should be guaranteed.

3.2.5. Parasite Chain Attack

This attack refers to attackers secretly constructing a sub-DAG, increasing its connection with the main-DAG by occasionally referencing the main DAG, and increasing the probability of selecting the site in the parasitic chain using the MCMC tip selection algorithm in the traditional DAG-enabled blockchain. Due to network latency, it is not a problem for attackers to build sub-DAGs, because attackers can randomly select and authenticate their own published sites without relying on any information from the rest of the network. Therefore, if attackers use sufficiently powerful computers, they increase the number of tips by broadcasting many new transactions, which will choose to authenticate the transactions they previously published in the parasitic chain. Therefore, when honest nodes use a simple tip selection algorithm, attackers are more likely to succeed.

3.2.6. Long Confirmation Delay

The confirmation delay refers to the time taken for the cumulative weight of a benign site to reach a specific value. When the confirmation level of a site reaches a specific value, it can be considered that the content contained in the site is trusted. In the IoV, information sharing requires a low confirmation delay due to the high mobility of vehicles. However, in the traditional DAG-enabled blockchain system, the tip selection algorithm utilizes the MCMC algorithm to reach consensus, which results in a long consensus delay. Therefore, the newly designed tip selection algorithm should reduce the confirmation delay.

4. Lightweight DAG for Information Sharing

In traditional DAG-enabled blockchain system, vehicles validate messages and use different functions alongside messages in their confirmation to reach a consensus. Moreover, messages will only be considered valid if they reference a milestone. These milestones are issued by a special network node, i.e., the Coordinator. Furthermore, messages are considered for confirmation only when they are directly or indirectly referenced by a milestone that nodes have validated. However, using a Coordinator to release milestones to reach a consensus will lead to the centralization of the blockchain system. Besides, vehicles do not need to agree on which sites should be added to the blockchain. Thus every valid site can be added to the DAG-enabled blockchain. When a vehicle comes across two conflicting sites, it must decide which one is valid. The decision rules are as follows: the vehicle repeatedly executes the tip selection algorithm to determine which of the two sites is most likely to be directly authenticated. If one site is chosen 97 times after running the algorithm 100 times, we estimate that the transaction is 97 percent reliable. However, when using this method for site verifying and appending, the efficiency is low and cannot meet low delay requirements in the IoV environment. Therefore, we propose a DDB-TSA to reduce the delay. When encountering conflicting sites, we design a voting-based fast consensus (VFC) to resolve the conflict, which is more lightweight than normal DAG.

4.1. The DDB-TSA

Information sharing among vehicles is critical in improving driving safety and traffic loads in IoV. However, not all shared information is helpful. Therefore, to realize the lightweight of the DAG-enabled blockchain framework, we define a parameter related to vehicles, i.e., the driving decision indicator, denoted as d. The driving decision can characterize the features of intelligent vehicles during their driving period, and it can be the single property, e.g., distance, velocity, and direction, etc., as well as the combination of several factors, e.g., d = f(a,b), where a represent the distance between vehicles and event location, and b is the driving direction. After theoretical analysis, the conventional TSA of DAG-enabled blockchain can be accelerated by utilizing d to better adapt to the application of IoV.

In traditional DAG-enabled blockchain framework, the tip selection probability depends on a biased random walk, i.e., MCMC algorithm, and the selection probability from site x to tip y can be shown as

$$P_{xy}=\frac{exp\left\{-\kappa \left(C{W}_x-C{W}_y\right)\right\}}{{\sum }_{z\in \mathbb{T}}exp\left\{-\kappa \left(C{W}_x-C{W}_z\right)\right\}},$$

(3)

where $\kappa >0$ is a parameter to be chosen, and $\mathbb{T}$ represents the set of current tips of the DAG ledger. CW is the cumulative weight of the tips. Moreover, the algorithm has to trace the previous M sites (M is called particle deep and is large [26]). However, in vehicular networks, the selection and verification of tips are related to driving decisions during information sharing. It is inaccurate to verify tips by only referring to cumulative weight. Therefore, combining the driving decision d of intelligent vehicles into the selection probability, which can be expressed as

$$P_{x{y}_1}=\frac{exp\left\{-\alpha \left(C{W}_{s_1^1}-C{W}_{s_2^1}\right)-\beta {\left(d_x-d_{y_1}\right)}^2\right\}}{{\sum }_{z\in \mathbb{T}}exp\left\{-\alpha \left(C{W}_{s_1^z}-C{W}_{s_2^z}\right)-\beta {\left(d_x-d_z\right)}^2\right\}},$$

(4)

where $\alpha$ and $\beta$ are both positive weight parameters. $C{W}_{s_1^1}$ and $C{W}_{s_1^2}$ are cumulative weights of two sites approved by tip $y_1$. $d_x$ and $d_{y_1}$ are the corresponding driving decision of sites x and $y_1$.

However, the conventional MCMC algorithm makes new sites randomly choose two tips to append, ignoring the vehicles’ driving decisions, resulting in the shared information being randomly distributed on the ledger, and the correlation between shared information will be lost. However, after the driving decision is considered, when the newly generated site selects a tip to add, it will preferentially select a tip similar to its own driving decision, as shown in Figure 2. As a result, there is a better correlation between shared information.

4.2. The VFC

Due to the propagation delay of information in the network, not all vehicles share the same DAG ledger simultaneously, which may lead to situations where the validation process allows multiple conflicting transactions to join the tangle. In case of conflicts, vehicles need to decide which transactions should be considered valid, i.e., to reach a consensus on these conflicting transactions. In the original IOTA white paper, it was implemented through the MCMC tip selection algorithm. However, this bias will always leave all but one of the conflicting branches behind. As a result, conflict resolution is slow and leads transactions that chose the “wrong” branch to be orphaned, creating the need for many reattachments. In addition, the traditional method is only effective, assuming that legitimate sites account for the majority. Therefore, a new algorithm named fast probabilistic consultations (FPC) is proposed to solve conflicts. The FPC is a leaderless probabilistic binary consensus protocol of low communication complexity that is robust in a Byzantine infrastructure. However, although the FPC consensus algorithm can be robust in the case of unreliable networks and inevitable turbulence (vehicles connection and departure), it needs to be voted many times, which increases the time to reach a consensus and cannot be directly applied to the information sharing environment of the IoV. Therefore, we design a new consensus algorithm, i.e., VFC.

Unlike the traditional FPC, which randomly selects vehicles to vote to reach a consensus, the VFC algorithm proposed in this paper selects vehicles with higher reputation value to vote to reach a consensus. We believe that the higher the reputation value of a vehicle, the higher its reliability. Therefore, consensus can be reached after a few rounds of voting (for example, two rounds).

4.3. The Ledger Convergence

Ledger convergence is a crucial indicator of system feasibility in a DAG-enabled blockchain system. Therefore, the feasibility and security analysis of the proposed DAG-enabled blockchain system will be analyzed in this part. The main symbols used in this article are shown in

Table 1. The Main Symbols.

Notation	Description
$T_n$	the number of tips
$N_n$	the number of newly issued sites
$A_n$	the number of approved tips by $N_n$ in a approval round
$\Delta t$	the time interval for issuing two sites
h	average time for each approval
d	driving decision indicator
$P_{xy}$	the selection probability from site x to tip y

.

Here, we assume that the sites are generated independently by intelligent vehicles. Therefore, a Poisson point process can be used to model the incoming tips with the rate $\lambda$. We use $T_n$ to represent the number of tips in the proposed DAG-enabled blockchain system at the n-th approval round. Therefore, the total number of tips in the blockchain network can be expressed as

$$T_n=T_{n-1}+N_n-A_n,$$

(5)

where $N_n$ is the number of newly issued sites by intelligent vehicles in the n-th approval round. $A_n$ represents the number of approved tips by $N_n$ in the n-th approval round and $T_{n-1}$ is the number of tips in the (n − 1)-th approval round. Assumes that the range of d is divided into K discrete intervals, i.e., $\mathbb{D}=\left\{D_1,\dots ,D_k,\dots D_K\right\}$, and the driving decision distribution of vehicles is $d\left(t\right)$ with respect to time t. Therefore, for one specific driving decision $D_k\in \mathbb{D}$, the expectation of $T_n^{D_k}$ is

$$E\left[T_n^{D_k}\right]=E\left[T_{n-1}^{D_k}\right]+E\left[N_n^{D_k}\right]-E\left[A_n^{D_k}\right].$$

(6)

To obtain the value of $E\left[T_n^{D_k}\right]$, the distribution of $E\left[N_n^{D_k}\right]$ and $E\left[A_n^{D_k}\right]$ should be specified first. Suppose the average time of each approval is h, the Equation (6) can be expressed as

$$E\left[T_n^{D_k}\right]=E\left[T_{n-1}^{D_k}\right]+\lambda hP\{D\left(k\right)\in \mathbb{D}\}-E\left[A_n^{D_k}\right].$$

(7)

Therefore, the expectation number of tips $E\left[T_n^{D_k}\right]$ is now only related to the number of approved tips $E\left[A_n^{D_k}\right]$.

To obtain the value of $E\left[A_n^{D_k}\right]$, the joint probability $P\left\{A_n^{D_k}\left(h\right)=n_k,k=1,2\dots ,K\right\}$ during time interval $(0,h)$ should be computed. Note that for $n_k$ tips with driving decision $D_k$, there be a total of ${\sum }_{k=1}^K{n}_k$ tips during $(0,h)$. Hence, conditioning on total approved tips yields

$$\begin{array}{c}P\left\{A_n^{D_1}\left(h\right)=n_1,A_n^{D_2}\left(h\right)=n_2\dots ,A_n^{D_K}\left(h\right)=n_K,S\left(h\right)\right\}\hfill \\ =P\left\{A_n^{D_1}\left(h\right)=n_1\dots ,A_n^{D_K}\left(h\right)=n_K\mid S\left(h\right)=\sum _{k=1}^K{n}_k\right\}\times P\left\{S\left(h\right)=\sum _{k=1}^K{n}_k\right\}.\hfill \end{array}$$

(8)

For an arbitrary incoming site, the probability $P_{xy}^{D_k}\left(s\right)$ that site x approves the tip y with driving decision $D_k$ at time s is shown in Equation (2). Here, in order to simplify the equation, the cumulative weight (CW) can be ignored because different site to be approved always have similar weights. As a result,

$$P^{D_k}\left(s\right)=\frac{exp\left\{-\beta {\left(D_k-d\left(s\right)\right)}^2\right\}}{{\sum }_{l:D_l\in \mathbb{T}}exp\left\{-\beta {\left(D_l-d\left(s\right)\right)}^2\right\}}.$$

(9)

According to Theorem 5.2 in [33], tip approval occurs at a certain time uniformly distributed in (0, h). Therefore, the probability that one site will approval those tips with driving decision k is

$$P^{D_k}=\frac{1}{h}{\int }_0^h{P}^{D_k}\left(s\right)ds$$

(10)

and is independent of other tip approval process. Hence, the conditional probability is a multinomial distribution with parameters $P^{D_1}$, $P^{D_2}$, …, $P^{D_K}$, i.e.,

$$\begin{array}{c}P\left\{A_n^{D_1}\left(h\right)=n_1\dots ,A_n^{D_K}\left(h\right)=n_K\mid S\left(h\right)=\sum _{k=1}^K{n}_k\right\}\hfill \\ =\frac{\left({\sum }_{k=1}^K{n}_k\right)!}{n_1!n_2!\dots n_K!}{\left(P^{D_1}\right)}^{n_1}{\left(P^{D_2}\right)}^{n_2}\dots {\left(P^{D_K}\right)}^{n_K}.\hfill \end{array}$$

(11)

As a result, the joint probability can be expressed as

$$\begin{array}{c}P\left\{A_n^{D_1}\left(h\right)=n_1,A_n^{D_2}\left(h\right)=n_2,\dots ,A_n^{D_K}\left(h\right)=n_K,S\left(h\right)\right\}\hfill \\ =\frac{\left({\sum }_{k=1}^K{n}_k\right)!}{n_1!n_2!\dots n_K!}{\left(P^{D_1}\right)}^{n_1}\dots {\left(P^{D_K}\right)}^{n_K}{e}^{-\lambda h}\frac{{\left(\lambda h\right)}^{\sum n_k}}{\left(\sum n_k\right)!}\hfill \\ =\prod _{k=1}^K{e}^{-\lambda h{P}^{D_k}}\frac{{\left(\lambda h{P}^{D_k}\right)}^{n_k}}{n_k!}.\hfill \end{array}$$

(12)

Form the above analysis, it can be obtained that the variable $A_n^{D_k}\left(h\right)$ follows a Poisson distribution with parameter $\lambda h{P}^{D_k}$. Therefore, the expectation $E\left[A_n^{D_k}\left(h\right)\right]$ equals

$$E\left[A_n^{D_k}\left(h\right)\right]=\lambda {\int }_0^h\frac{exp\left\{-\beta {\left[D_k-d\left(t\right)\right]}^2\right\}}{{\sum }_{k:D_k\in \mathbb{T}}exp\left\{-\beta {\left[D_k-d\left(t\right)\right]}^2\right\}}dt$$

(13)

As a result, combined with Equation (6), the expectation of the total number of tips $E\left[T_n\right]$ can be computed by

$$\begin{array}{cc}\hfill & \hfill E\left[T_n\right]=\sum _{k=1}^{K}E\left[T_n^{D_k}\right]=E\left[T_{n-1}\right]+\sum _{k=1}^{K}E\left[N_n^{D_k}\right]-\sum _{k=1}^{K}E\left[A_n^{D_k}\right].\hfill \end{array}$$

(14)

Here, ${\sum }_{k=1}^{K}E\left[N_n^{D_k}\right]$ = $\lambda h{\sum }_{k=1}^{K}P\{D\left(k\right)\in \mathbb{D}\}$ = $\lambda h$, and ${\sum }_{k=1}^{K}E\left[A_n^{D_k}\right]$ = $\lambda {\int }_0^{h}1dt$ = $\lambda h$. Therefore, Equation (14) equals

$$E\left[T_n\right]=E\left[T_{n-1}\right].$$

(15)

This result shows that during each approval round, the total number of tips of the ledger is the same as that of the previous round. i.e., the total number of tips remains constant, which proves the ledger convergence.

4.4. Parasitic Chain Attack Defense

In parasitic chain attacks, attackers secretly construct a sub-DAG, increases its connection with the main DAG by occasionally referencing the main DAG, and increase the probability of selecting the site in the parasitic chain by the MCMC tip selection algorithm used in the traditional DAG-enabled blockchain. Due to network latency, it is not a problem for attackers to build sub-DAGs, because attackers can randomly select and authenticate their own published sites without relying on any information from the rest of the network. Therefore, if attackers use sufficiently powerful computers, they increase the number of tips by broadcasting many new transactions, which will choose to authenticate the transactions they previously published in the parasitic chain. Therefore, when honest nodes use a simple tip selection algorithm, attackers are more likely to succeed.

When a parasitic chain attack is carried out, many transactions need to be generated in a short time, and finally, the parasitic chain becomes the main chain. One way to prevent this attack is to adopt rate limitation strategies. Proof-of-work is a common rate limitation strategy for distributed ledger technology, not just for consensus building. A simple proof-of-work is required before a vehicle can issue a valid site.

Existing methods propose an adaptive PoW algorithm, which allows each node to publish transactions and punish spam attacks. However, any rate limitation based on PoW would unexpectedly leave smaller devices behind. In addition, another rate limitation strategy is called verifiable delay functions (VDF) to replace the PoW-related rate limitation strategies. The VDFs are particular functions that are difficult to evaluate, even under the assumption of using unbounded parallelism (i.e., using an infinite number of CPUs), but easy to verify. As the VDFs are not parallelizable, they make the usage of dedicated hardware inefficient (i.e., ASIC), inherently solving the unfairness between slow and fast vehicles. However, in the delay-sensitive IoV environment, using VDF as the rate limitation strategy is inappropriate. In particular, when an emergency occurs, it is necessary to generate a site to inform other vehicles. However, the vehicle must calculate and solve according to the VDF before releasing the site. In addition, VDF is mainly used to prevent malicious vehicles from posting many malicious sites in a short period to threaten the system’s security, which is unfair to benign vehicles because it restricts them from posting sites. Therefore, we proposed a reputation-based rate limitation strategy.

Reputation-Based Rate Control Strategy

We use the vehicle’s reputation value to control the site’s generation speed. Generally, vehicles do not need to generate a large number of sites in a short time. However, when multiple sites need to be generated in a short time, the following methods are used to control the generation speed and number of sites.

First, when the vehicle shares information, it can immediately publish a site. Then, when the following site needs to be published, if the time interval with the published previous site exceeds $\Delta t$, the vehicle can directly publish the following site. If the time interval is less than $\Delta t$, The vehicle must pledge part of the reputation value. For multiple consecutive sites published less than the time interval $\Delta t$, the reputation value to be pledged will increase based on the previous reputation value of the pledge for each published site.

If the vehicle does not have enough reputation value to pledge, the vehicle cannot continue to publish the site immediately. If the previously pledged reputation values are withdrawn and the remaining reputation values can be pledged to publish the following site, vehicles can continue to publish the site. Otherwise, vehicles can only wait for the time interval to exceed $\Delta t$, and no reputation value pledge is required to publish the following site. To limit the number of sites published by vehicles, the number of reputation values that need to be pledged each time keeps increasing. The fixed multiple increase method is adopted here.

Within the time interval less than $\Delta t$, the total number of reputation values $R_t$ required for publishing K sites continuously is calculated as follows:

$$R_t=\frac{r_1·(1-q^n)}{1-q},$$

(16)

where $q>1$ is a parameter to be chosen, $r_1$ is the quantity of reputation value required for the first pledge and n is the number of sites published continuously.

From the above formula, we can control the number of sites that can be published continuously by adjusting the size of the parameter q because the maximum reputation value that a vehicle can have is specific. If a vehicle is posted on a site that proves to be malicious, that vehicle will be penalized. In this case, if the vehicle has a pledged reputation value, then the pledged reputation value of the vehicle will be deducted. A certain amount of reputation value will be deducted if the vehicle does not have a pledged reputation value. When a vehicle’s reputation value falls below a certain threshold, the vehicle cannot be posted to the website, but it still has access to the information shared by other vehicles stored in the DAG. The reputation value management smart contract controls the vehicle’s reputation value change, as shown in Protocol 1.

Protocol 1 Reputation Value Management Smart Contrast

1: after publishing a Site, publish the next Site 2: $interval$← the time interval between this Site and the previous Site. 3: if $interval$ > $\Delta t$ then 4:    publish the next Site 5: else 6:     $pledge$ ← get pledge according to Equation (16) 7:     $CurRep$ ← current reputation value available 8:    if $CurRep$ < $pledge$ then 9:       $CurRep$ ← collection of currently recoverable reputation value 10:      if $CurRep$ > $pledge$ then 11:          pledge reputation 12:          publish the next Site 13:      else 14:          waiting time interval exceeds $\Delta t$ 15:      end if 16:    end if 17: end if

5. Performance Evaluation

In this section, we first compare the proposed DDB-TSA and RBRCS with existing work and then evaluate the proposed DAG-enabled information sharing scheme by simulation experiments. The simulation experiments include tip chosen delay, site confirmation delay, ledger convergence experiment, and parasitic chain attack defense experiment. The main parameters are shown in

Table 2. The Main Parameters.

Parameters	Values
Vehicle number	18
Hash algorithm	SHA-256
Weight of each site w	1
q	2
Uniform distribution	Uni in (30, 40)
Poisson distribution	Poi with $\lambda$ = 100
Normal distribution	Nor with $\mu$ = 70, $\sigma$ = 0

.

5.1. Comparison of the proposed DDB-TSA and RBRCS

5.1.1. TSA Comparison

TSA plays a critical role in DAG-enabled blockchain. Here, we compare with the TSA proposed in [12,26,27,28,29,30] in terms of correlation between information, lazy worker resistance, without block packing and mining, and parasitic chain attack defense. As shown in

Table 3. Tip Selection Algorithm.

	MCMC	[27]	[28]	[29]	[30]	RTH-TSA in [12]	DDB-TSA in This Paper
Correlation between shared information	×	×	×	×	√	√	√
Lazy worker resistance	×	√	√	√	√	√	√
Without block packing and mining process	√	√	√	×	√	√	√
Parasitic chain attack defense	×	×	×	×	×	×	√

, only our proposed TSA can obtain more advantages.

5.1.2. RCS Comparison

We compare with some existing RCS in terms of energy conservation, friendly to low computational power (LCP) vehicles, and friendly to benign vehicles. As shown in

Table 4. Rate Control Strategy.

	PoW	Adaptive PoW	VDF	RBRCS
Energy conservation	×	×	√	√
Friendly to LCP vehicles	×	×	√	√
Friendly to benign vehicles	×	×	×	√

, the RBRCS proposed in this paper is more suitable for application in the IoV environment.

5.2. Performance of the Proposed DAG-Enabled Blockchain

We evaluate the proposed DAG-based blockchain system regarding tip chosen delay, site confirmation delay, ledger convergence, and parasitic chain attack protection. To reflect the fairness of the comparison, we only compare with the MCMC algorithm in terms of tip chosen delay and site confirmation delay, and the details are as follows.

5.2.1. Tip Chosen Delay

As part of evaluating the performance of DAG-enabled blockchain, tip chosen delay means the time takes for a new site to choose tips. That is, the time taken for a tip to join the DAG blockchain. As shown in Figure 3, the algorithm proposed in this paper takes driving decisions into account, and the newly generated site will prioritize tips similar to its own driving decisions. Therefore, compared with the MCMC algorithm used in traditional DAG, selecting tips by this algorithm is more efficient.

5.2.2. Confirmation Delay of Sites

As mentioned above, the confirmation delay refers to the time taken for the cumulative weight of a benign site to reach a specific value. The vehicle selects the information others to share according to its cumulative weight or confirmation level. According to [26], the cumulative weight of benign sites grows with increasing speed during the adaptation period. After the adaptation period, the cumulative weight grows with speed $\lambda W$. We set the weight of each site to 1, so the growth of cumulative weight is only related to rate $\lambda$. Therefore, we consider the effect of different rates $\lambda$ on the confirmation delay. Under different cumulative weight settings, the comparison with the traditional DAG using the MCMC algorithm is shown in Figure 4.

5.2.3. Ledger Convergence

When the number of tips converges around a specific value, the ledger’s security can be guaranteed. The figure shows the change in the number of tips when the site generation follows Uniform distribution, Poisson distribution, and Normal distribution. To better demonstrate the convergence of the ledger, we provided two different initial values for the number of sites (e.g., low initial sites equal 10, and high initial sites equal 1000). The purpose is to show that regardless of the initial value of sites, the total number of sites in the ledger will eventually stabilize around a certain value. As shown in Figure 5, no matter what the genesis number is, the tip number will become stable eventually, which shows the convergence of the DAG ledger.

5.2.4. Parasitic Chain Attack Protection Simulation

When attackers carry out parasitic chain attacks, they need to publish a large number of sites in a short period of time. Therefore, we analyzed the changes in the number of normal sites published by vehicles, the number of failed sites published, and the number of sites that require pledging assets to publish, under different probabilities of malicious behavior.

A vehicle must pledge its reputation value when continuously releasing a site. We set the number of pledges per time to be twice that of the last time, and the mortgage reputation value is bound to the site. If the available reputation value of the vehicle is insufficient, the site cannot be published until the pledged reputation value is recovered. When the cumulative weight of a site reaches a certain threshold (for example, 150), the reputation value pledged on the site can be recovered, and two reputation values will be rewarded. As shown in Figure 6, the results show that the higher the probability of malicious behavior of the vehicles, the fewer normal sites they publish, making it difficult for them to publish a large number of sites in a short time and effectively resist parasitic chain attacks.

6. Conclusions

This paper presents a secure and efficient information sharing scheme for vehicular networks by proposing a tip selection algorithm based on driving decisions using the DAG-enabled blockchain. The proposed algorithm is designed to address the time-sensitive requirements of a highly dynamic vehicular network environment by considering driving decisions to achieve fast consensus and increase the connection between shared information. Additionally, a reputation-based rate control strategy is introduced to mitigate parasitic chain attacks. Simulation results indicate that the proposed algorithm and strategy outperform existing work in terms of both security and efficiency. In future research, we plan to focus on reducing information redundancy to enhance consensus efficiency and further improve the scalability of the blockchain.