A hybrid dual-mode trust management scheme for vehicular networks

Vehicular ad-hoc networks allow vehicles to exchange messages pertaining to safety and road efficiency. Building trust between nodes can, therefore, protect vehicular ad-hoc networks from malicious nodes and eliminate fake messages. Although there are several trust models already exist, many schemes suffer from varied limitations. For example, many schemes rely on information provided by other peers or central authorities, for example, roadside units and reputation management centers to ensure message reliability and build nodes’ reputation. Also, none of the proposed schemes operate in different environments, for example, urban and rural. To overcome these limitations, we propose a novel trust management scheme for self-organized vehicular ad-hoc networks. The scheme is based on a crediting technique and does not rely on other peers or central authorities which distinguishes it as an economical solution. Moreover, it is hybrid, in the sense it is data-based and entity-based which makes it capable of revoking malicious nodes and discarding fake messages. Furthermore, it operates in a dual-mode (urban and rural). The simulation has been performed utilizing Veins, an open-source framework along with OMNeT++, a network simulator, and SUMO, a traffic simulator. The scheme has been tested with two trust models (urban and rural). The simulation results prove the performance and security efficacy of the proposed scheme.


Introduction
According to the road safety report released by the World Health Organization (WHO) in 2018, the number of road traffic mortalities was 1.35 million. 1 Implementing vehicular ad-hoc networks (VANETs) may help in reducing some of the road accidents by spreading pertinent information among vehicles. 2 Consequently, drivers can receive warning messages in addition to traffic condition information, which allows them to make the right decision through their driving experience. Furthermore, the advantage of VANETs is that vehicles are equipped with an on-board unit (OBU) 3 operating under IEEE 802.11p which makes it a preferable choice for enhancing intelligent transporting system (ITS).
Information concerning road safety and efficiency is exchanged among vehicles via VANETs. Incorrect information would lead to adverse effects, thereby increasing accidents and traffic congestion. The researchers have addressed the security in VANETs through two different perspectives: cryptography-based and trust-based. 4 The cryptography-based solutions offer a protective shield for VANETs from outsider attacks while the trust-based solutions protect VANETs from insider attacks. 5 Cryptography-based methods maintain messages integrity and afford confidentiality. 6 However, they are incompetent in providing messages quality and reliability 7 or recognizing untrusted nodes. 8 Recently, several VANET models have been developed. However, they experience several limitations and encounter network degradation. Some schemes are unable to ensure message reliability 9,10 or maintain nodes' privacy. [11][12][13][14] In addition to that, many solutions rely on central authorities [11][12][13][15][16][17] such as roadside units (RSUs) which are costly and susceptible to physical attacks, besides they increase computational complexity. 8 In this research, we propose a novel trust management scheme for decentralized vehicular networks that overcomes the aforesaid limitations. The scheme is based on a crediting technique and does not rely on other peers or central authorities to ensure message reliability. Moreover, the scheme tackles nodes' legitimacy and message reliability, which qualifies it to be data-oriented and entity-oriented. Furthermore, it operates in a dual-mode: urban and rural environments. The proposed scheme comprises the following characteristics: Node crediting: for each sender nodes, the proposed scheme at the receiver node establishes a credit value that is derived from validating the messages received and sender nodes' history. This credit value is prone to increment and decrement based on nodes' behavior. Fake source location detection: the scheme is able to verify the source's location based on its coordinates incorporated in the message received. The received messages are accepted if the sender node is located within the accepted range. Fake event location detection: the scheme estimates the distance between the sender node and the event based on their location coordinates. Then, it verifies the distance to ensure the correctness of the event location. False event time detection: in VANETs, every event has a specific duration and every message has a limited propagation delay. The proposed scheme can assess the received message to ensure that the reported event is within the specified interval and the propagation delay is bounded by the upper and lower pre-defined limit. Dual-mode operation: the proposed scheme operates in a dual-mode: urban and rural environments. Two distinct approaches have been developed to tackle the security based on the aspects of each environment, such as the average rate of vehicles per hour and the number of collisions and fatalities. Malicious nodes' revocation: every node is given a certain amount of credit. Malicious nodes will incur credit deduction. Once a malicious node's credit reaches zero, it will be revoked. Application-wise threshold decision: different threshold limits have been assigned to each application based on application sensitivity from the safety perspective.
The results are relevant to VANET safety and road efficiency applications as vehicles receive a scheme that enables them to have safe driving trips. Consequently, traffic accidents and road congestion will be minimized. The main contributions of our study are as follows: An autonomous trust management scheme, for self-organized vehicular networks, is proposed based on a crediting technique. The scheme does not count on network peers or central authorities, for example, RSUs and reputation management centers (RMCs), to ensure message reliability, which makes it a cost-effective solution. Two distinct approaches have been developed to operate in different environments: urban and rural. The urban-mode accommodates the traffic safety requirements of urban areas. Similarly, the rural-mode is more adequate for rural territory conditions. The security analysis besides the simulation results demonstrates the efficiency of our work. The scheme satisfies the security and performance requirements under vehicle-to-vehicle (V2V) communication.
The proposed scheme i operates in four phases. In the first phase, the receiver node validates the messages claimed by the sender nodes based on three parameters: sender location, event location, and event time. In the second phase, the scheme measures the reliability of the messages based on two different approaches, urban and rural modes, and simultaneously it updates the history of the sender nodes. The scheme, in the third phase, measures the trust value of each unique message reporting a specific event. Finally, the scheme selects the unique message with the highest trust value and accepts it, if it is above the pre-defined threshold limit.
This article is organized as follows. The related work is explored in section ''Related work.'' In section ''Trust management model,'' the trust management model is discussed in detail. Section ''Analysis and evaluation'' provides an analysis and evaluation of the proposed solution based on security resiliency and time complexity. In section ''Simulation-based analysis and evaluation,'' simulation-based analysis and evaluation are presented. A qualitative comparison of the proposed method is exhibited in section ''Comparison and discussion.'' Section ''Conclusion'' concludes the article with our findings and future work.

Related work
Li et al. 15 have proposed a collaborative trust management framework that is based on reputation. During network interaction, nodes share their trust values with a dedicated reputation center, which is used to hold the reputation of all nodes in the network. The reputation center computes nodes' reputation based on their trust statistically and makes it available for any node in the network. If the trust value is not available, the reputation center requests it from a nearby RSU through an encrypted connection. The authors argued that their proposed solution can improve network security. However, the efficiency of the proposed model remains uncertain due to the lack of performance analysis and the relative simulation provided. Moreover, it relies on RSUs, RMCs, and peers feedback to build nodes' reputation.
An intrusion detection model has been developed by Sedjelmaci and Senouci 11 to protect VANETs from attacks. The authors developed a clustering technique that generates clusters in the network. Each cluster is formed of several vehicles and has a cluster head elected based on its trust level. The proposed framework is composed of three intrusion subsystems: local detection that operates at the cluster level, global detection that operates at cluster head level, and global decision that runs at the RSU. This model is centralized and relies on global decision system (GDS) that runs at RSU. In addition, no revocation action is applied to malicious nodes.
Zhang et al. 12 have proposed a trust management scheme that deals with message dissemination and valuation in VANETs. Before any road safety and efficiency message is spread in the network, the scheme assesses the trustworthiness of the message through utilizing the information provided form other peers about it, which allows the scheme to function as a relay of trusted messages. The model is centralized and requires collecting data about nodes from a central authority. Also, the network is prone to network congestion due to the packet relaying mechanism. Moreover, the simulation is limited as it was performed based on a C++ code rather than a professional simulator.
Zhou et al. 13 have developed a security authentication model that incorporates trust evaluation. In order to implement secure authentication, the authors composed the model into two parts: direct and indirect trust assessment. The proposed model is centralized and relies on the authority unit (AU) to determine nodes' trust.
Ltifi et al. 14 have proposed a functional model for managing alerts in the trust management scheme utilizing wireless sensor network (WSN). The authors assumed that every node in the network is equipped with a speed sensor that is connected with WSN. Besides, each vehicle in the network has a distinct role, either as a group leader or a member. The functional model is composed of a trust management scheme and a knowledge base. The authors stated that the model is used for warning and with the presence of any trusted third party. Also, WSN is limited in power, memory, and processing capabilities.
Shaikh and Alzahrani 18 have presented a trust management scheme for ad-hoc networks that focuses on identity anonymous. This method operates in three stages. First, it computes the confidence of messages received from the sender nodes, then calculates the trust value of the messages, and finally accepts the message with the highest trust value. The location verification method in the proposed solution assumed line-of-sight between the sender and the receiver which is not realistic. In addition, it does not incorporate a mechanism to revoke malicious nodes. Therefore, it is prone to an on-off attack.
Kumar and Chilamkurti 16 have presented an intrusion detection model based on learning automata (LA) that were assumed to be installed on vehicles to collect information resulting from vehicles' interconnection over the network. States and transitions in the network are formed using the Markov chain model (MCM). The model is composed of two parts: data collection and intrusion detection. Due to VANETs' ephemeral nature, LA is not an efficient method to detect intrusion in the network. Also, no simulation was performed and no revocation mechanism is applied on malicious nodes.
A trust management scheme has been presented by Chen and Wei 17 to overcome the challenges resulting from the conflict between security and privacy in VANETs. The scheme is based on the integration between the event message in the road and the beacon message of the network so that the message with the higher trustworthiness is selected. The proposed model relies on public key infrastructure (PKI). Also, all messages are encrypted. Therefore, it is susceptible to network performance degradation.
Huang et al. 19 have proposed a trust management model based on nodes' voting. The closer the node to an event the higher the weight it is assigned. There is no method to distinguish between legitimate and malicious nodes. In the case of receiving messages from malicious nodes, relying on those messages is misleading and the result may be catastrophic. Also, it is prone to network attacks as there is no revocation method against malicious nodes.
Gurung et al. 20 have presented a content validation model for VANETs. Each initialized message in the network is assigned a trust value before getting spread over the network. When a message is received from multiple nodes, the model computes its trustfulness based on content similarity, content conflict, and route similarity. No simulation was provided. Also, the authors stated that the model lacks in-depth message analysis and needs accuracy improvement.
Cui et al. 8 have proposed a reputation system in addition to a message authentication framework and protocol for 5G-VANET (reputation system-based lightweight message authentication framework (RSMA)). The reputation system is managed by a trusted authority (TA) and operates in three phases. In the first phase, the TA collects and filters the valid feedbacks, and then classifies them in accordance with the type of the message (true or fake). In the second phase, the reputation score for the target vehicle is calculated; the greater feedback the higher reputation score is achieved. Finally, the reputation score is updated and sent to the global reputation center. However, this work is based on TA and is fundamentally different from self-organized VANETs we focus on.
To secure the communication between vehicles in VANETs, Zhang et al. 21 have proposed a scheme based on the Chinese remainder theorem that offers secure authentication and maintains nodes' privacy. The network model is composed of TAs, RSUs, and vehicles equipped with OBUs. However, the proposed scheme is totally centralized and relies on central authorities such as RSUs and TAs.

Trust management model
In this section, we introduce the proposed trust management model as shown in Figure 1. The model is based on V2V communication and does not rely on central authorities, for example, RSUs or RMCs. A typical V2V communication model is illustrated in Figure 2, wherein vehicles exchange messages with others in the close vicinity. Each vehicle is equipped with an OBU to facilitate the communication process.
Our method operates in four phases. In the first phase, the receiver node validates the message claimed by the sender node. In the second phase, the message reliability is measured based on two different approaches, urban and rural modes, and simultaneously it updates the history of the sender node. The scheme, in the third phase, measures the trust value of the unique message reporting a specific event. Finally, the scheme selects the unique message with the highest trust value and accepts it, if it is above the pre-defined threshold limit. The following sections discuss the aforementioned phases.

Claim validation
The model enables the receiver nodes to validate the message claimed by the sender nodes utilizing three factors: the source's location (L s ), the event location (L e ), and the event time (T e ).
Source's location. We assume the propagated message carries the coordinates of the sender node. The distance between the sender and the receiver nodes is estimated using standard equation (1) where d s is the distance between the sender and the receiver nodes, x s and y s represent the claimed sender's location coordinates, and x r and y r represent the receiver's location coordinates. The maximum distance a vehicle can communicate d m is 1000 m. 22 Therefore, we can verify the source's location using equation (2). An error margin u is obtained for a tolerable result The model only processes the messages received from sender nodes on the same road. This can be enforced by validating the road identifier of the sender and the receiver vehicles.
Event location. When an event occurs in the network, such as road accidents or traffic congestion, vehicles disseminate these events to other nodes including the event location. 23 The distance between the sender node and the event d e is estimated through equation (3) where x s and y s represent the coordinates of the sender's location while x e and y e represent the coordinates of the event location. Equation (4) is developed to verify the location of the event. An error margin u is obtained for a tolerable result when comparing d e with the maximum distance d m a vehicle can reach Event time. A message is generated when requested by an application at the sender node then disseminated to the nearby vehicles. 24 According to Soleymani et al., 25 the arrival time of a notification message can be calculated using equation (5) where t r represents the time the receiver node receives the message, t e is the time at the sender node when the event is generated assuming that the event time and the sending time are the same, and d is the distance between the sender and the receiver nodes. According to Wang et al., 26 the upper and lower limit of the propagation delay of IEEE 802.11p can range from 253.5 ms to 1 s at 6 Mbps for a payload size of 500 bytes. Therefore, we could estimate the propagation delay in equation (6); the result is true if the sender node provides the correct event time Overall, we have three parameters: the sender location L s , the event location L e , and the event time T e ; consequently, we could validate the claimed message provided by the sender nodes as shown in Algorithm 1. int function V c x s ; y s ; x r ; y r ; x e ; y e ; t s ; t r ð Þ 2 Let d m is the maximum distance a node can communicate 3 end function

Message reliability
The proposed model can operate in two different environments: urban and rural as per the selected mode. In the previous section, we have discussed how the messages are endorsed based on three parameters: the source's location, event location, and event time. In this section, we focus on two approaches implemented in the proposed scheme to calculate the reliability of the messages.
A study of the traffic flow by Sampson 27 shows that the average rate of the vehicles in urban areas is 12,629 vehicles per hour while in rural areas, the rate is 9418. However, traffic collisions are more in urban roads while fatalities are more in rural territories according to the Centers for Disease Control and Prevention (CDC) in Atlanta. 28 Therefore, the first approach is developed to meet the requirements of urban areas. Similarly, the second approach is more adequate for rural areas.
Urban mode. When a vehicle receives a message from a sender node, the message is evaluated, as in the first phase, then, a credit value is assigned to the sender based on the evaluation result. In urban areas, the rate of the vehicles and the traffic collisions are massive. Therefore, the credit value should be elastic enough to accommodate these properties.
The receiver node, on its OBU, maintains the credit values of the sender nodes during network interaction. The credit value ranges from (0.0) to (1.0) and is prone to increment and decrement based on the node's behavior.
Equation (7) is used to calculate the credit value. The new credit value of a node C urban is influenced by the current value C urban iÀ1 and the claim validation V c result. The progression factor d controls the rise and the drop amount of the current credit value. Equations (8) ensures that the final credit value C is retained in the pre-defined interval The graph in Figure 3 illustrates the implementation of equation (7) in MATLAB wherein the credit values of five sender nodes increase and decrease based on nodes' behavior.
Rural mode. In rural regions, traffic hazards are severe. [29][30][31][32][33] Therefore, the second approach is more convenient to minimize the risk very effectively. The receiver node assigns an initial credit value b to each sender node. The value of b is defined by the trust model and may range from (0.1) to (1.0). When a sender node sends a false message, its claim validation (V c ) yields zero, consequently, its credit value C rural is decremented by a as shown in equation (9). Whenever the credit value is updated, it is validated by equation (10) to obtain the final credit C of the node. If the value of C rural reaches zero, the node is revoked Once the claim validation is performed and the sender node's credit value is decided, the message reliability R g is calculated using equation (11) based on the selected mode The result of (R g ) will be used in calculating the message trust as described in the next section.  (7) in MATLAB with five nodes.

Message trust
The receiver node receives messages from multiple sender nodes for a specific event. Suppose we have an event E and we received several messages from n nodes related to this event. The set of all unique messages M related to the event E is To calculate the trust value of each unique message, we developed equation (13) T m x = where T m x represents the trust value of each unique message in M, n m x is the number of nodes that send the same message m x , P n mx i = 1 R g i is the total message reliability values for all nodes that send the message m x , and P n i = 1 R g i represents the total message reliability values for all nodes that contribute to the event E.

Decision-making
After calculating the trust value of each unique message, the model selects the message m x with the highest trust value utilizing equation (14). The trust value of the selected message is evaluated through equation (15); thereby, it is accepted if it has a trust value greater than the pre-defined threshold, otherwise, it will be rejected. In case, multiple messages have the same trust value, they will be discarded too The threshold value for trusting a message depends on the application types. There are three types of applications in VANETs: safety applications, traffic efficiency applications, and infotainment applications. 34 According to the importance of the messages disseminated by the application, they are classified into three categories: very sensitive, sensitive, and normal. Each category is given a threshold level. Application types along with their categories and threshold levels are shown in Table 1.

Analysis and evaluation
In this section, we evaluate the proposed scheme with respect to security resiliency and privacy, in addition to the performance.

Security resiliency analysis
The proposed scheme focuses on the trustworthiness messages, in addition to the credit values of the nodes. Some important definitions of the proposed model are as follows:

Definition 1. A message is considered invalid if it matches any of the following conditions:
False source's location is detected. False event location is detected. Fake event time is detected.

Definition 2. A malicious node is a node that disseminates bogus messages.
The distinct features of the proposed model are as follows: Assuring the correctness of the messages received from the sender nodes. Reducing or eliminating the influence of the malicious nodes by assigning them a lower credit value. Assigning higher reliability value to truthful messages. Selecting messages with the highest trust values. Maintaining the privacy of the interacted nodes.
The first feature that the proposed model provides is assuring the correctness of the messages received from the sender nodes through validating the received messages based on three factors: sender location (L s ), event location (L e ), and event time (T e ). If the value of any of the aforementioned factors is incorrect, the validation function yields zero; hence, the received messages are invalid.
Claim 1. The proposed scheme can detect fake source's location.
Proof. According to equation (2), the distance between the sender and the receiver nodes is validated as follows L s = 1 0\d s ł d m + u 0 otherwise The location provided by the sender node is accepted if the sender node has provided the correct coordinates. Suppose the sender node claims to be d m + x away from the receiver node, and x.0, in this case d s = d m + x + u. The maximum distance between two nodes in the network is d m . Therefore, the result will be The result contradicts with equation (2); therefore, the location of the sender node is considered invalid. Proof. When an event is reported during network interaction, the receiver node receives a message incorporating the event location. The location of the event can be evaluated utilizing equation (4) L e = 1 0\d e ł d m + u 0 otherwise Assume the sender node claims the event is located d m + r away from its location and r.0. Hence, d e = d m + r. Since the maximum distance a node can reach is d m , the result will be 0\d m + r + u ł d m + u Since d m + r.d m , the location of the event is incorrect. Therefore, the message is invalid and it is rejected. Claim 3. The proposed trust model is able to detect false event time.
Proof. From equation (5), when a message is received at a time t r , we know that the event time t e and the sending time are approximately the same The propagation time of the message is determined by equation (6) T e = 1 min ł t r À t e ð Þł max 0 otherwise Suppose a node reported a false event time, in this situation we have two cases 1: t r À t e ð Þ\minor 2: t r À t e ð Þ.max Any of the two cases contradicts with equation (6); therefore, the verification yields zero and the event time is considered invalid. Claim 4. The proposed scheme assigns lower credit values to malicious nodes.
Proof. Suppose we have two nodes, a legitimate and a malicious, and the credit values of the legitimate node C urban t and the malicious node C urban m are initially equal Over time, both nodes interact with others in the close vicinity. The credit values of the legitimate node C urban t and the malicious node C urban m assigned by the model after network interaction should be as follows C urban t .C urban m Equation (7) calculates the credit value of the sender nodes. The claim validation V c of the legitimate node is always true while it is always false for the malicious node Let d = 0:1 accordingly Proof. From equation (11), the message reliability R g is computed as follows Suppose the receiver node receives two messages, a true message m t and a fake message m f , from legitimate and malicious nodes, respectively. Assuming both having the same credit value C t = C f . Since the claim validation is always 1 for the true message and is always 0 for the fake message, the true message will have a higher reliability value. We can represent this as Therefore, the reliability of the true message is greater than that of the fake message R g t .R g f Claim 6. Only messages with the highest trust values are selected.
Proof. Suppose there is an event E, and the receiver node receives two types of messages m 1 and m 2 sent by legitimate and malicious nodes, respectively (13) is used to find the trust value of each message. Since m 1 has a greater trust value than m 2 T m1 .T m2 We can write this as

Multiplying both sides by
In claim 5, we have proven that the reliability of the message sent by a malicious node m 2 is always zero. Therefore, the following result is always true Consequently, m 1 is selected as in equation (14) T m x = max T m 1 ; T m 2 ; . . . ; T m r f g Claim 7. Messages having the same trust value will be discarded.
Proof. Suppose there are multiple unique messages of an event E. According to equation (12), we can write this as follows M = m 1 ; m 2 ; . . . ; m r f g In this scenario, we use equation (13) to calculate the trust value of each unique message From the definition of equation (13), T m x represents the trust value on the message m x , and P n mx i = 1 R g i and P n i = 1 R g i represent the total message reliability for all nodes that send the message m x and the total message reliability for all nodes that contribute to the event E, respectively. So, the trust value of any particular event can be calculated as where T m 1 ; T m 2 ; and T m r represent the trust values on messages m 1 ; m 2 ; and m r , respectively. In case there are two messages m 1 and m 2 having the same trust value, this gives the following result The value 0.5 is not greater than the minimum acceptable pre-defined threshold (0.5). Therefore, both messages will be discarded according to equation (15). This feature is also applicable when we have more than two messages (r.2) Claim 8. The proposed model maintains the nodes' privacy.
Proof. The proposed model is based on V2V communication wherein messages are exchanged among nodes without being exposed to third parties such as RSUs or advertising roadside services. Moreover, the credit values of the sender nodes are maintained at the OBU. Therefore, the proposed model preserves the privacy of the nodes during network interaction. Table 2 represents the multiple scenarios that may take place when messages are disseminated in the V2V network. In the first scenario, the sender node provides a valid message; thereby, its trust value is within the acceptable range. In other scenarios, the sender nodes offer rigged messages. The model detects the bogus messages once a constraint is met. In the third scenario, the sender node deceives the model by providing a false event location. This is true because the model restricts both the sender node and the event location to be within the allowable range. However, the model tackles this issue when unique messages are compared.

Time complexity analysis
In the proposed model, there are four main operations: claim validation, message reliability measurement, trust measurement, and decision-making. In this section, we analyze the time complexity of every main operation. Then, we derive the time complexity of the whole model.
In the claim validation, the model verifies the source's location through equations (1) and (2). There are seven and four execution steps in equations (1) and (2), respectively. In event location verification, equation (3) has seven execution steps and equation (4) has four execution steps. Equation (6) in event time verification has four execution steps. Subsequently, there are 26 execution steps in the claim validation.
In message reliability measurement, there are five execution steps in equation (7), five execution steps in equation (8), and two execution steps in equation (11). In total, there are 12 execution steps in measuring the reliability of the messages.
As a result, 38 execution steps are performed on every received message in the first two operations. In the case of receiving n messages for a particular event, there will be 38n execution steps. Therefore, the time complexity is O(n).
The trust measurement operation is performed on every unique message for a particular event. In equation (12), M represents the set of all unique messages in an event E when the receiver node receives multiple messages from n nodes with the cardinality of jMj = r M = m 1 ; m 2 ; . . . ; m r f g To calculate the trust of a unique message m x received from n m x nodes using equation (13), the model requires n m x + n + 2 execution steps In the worst case, all messages in M will be unique, thereby r = n. Consequently, the number of execution steps required for the entire event is Therefore, the time complexity of trust measurement is O(n).
The last main operation in the proposed solution is decision-making. In this operation, the model utilizes equation (14) to obtain a unique message with the maximum trust value. Then, it decides to accept or reject the message based on the pre-defined threshold. Several searching algorithms can be used, such as linear search and binary search. The last algorithm requires sorted elements. 35 So, the time complexity of decision-making is O(n).
Accordingly, all four main operations: claim validation, message reliability measurement, trust measurement, and decision-making have a time complexity of O(n). Therefore, the proposed scheme is linear.

Simulation-based analysis and evaluation
In this section, we study the performance of the proposed trust model based on four metrics: travel time, CO 2 emissions, communication overhead, and accuracy.
The simulation is conducted utilizing veins 36 as a V2V open-source framework along with OMNeT++, 37 as a network simulator, and SUMO, 38 as a traffic simulator. The map of Jeddah, Saudi Arabia is imported from OpenStreetMap 39 and converted into SUMO network using python scripts.
In the road map, 100 vehicles were deployed with 50% legitimate nodes. Three distinct VANET  1  T  T  T  1  1 applications are created to facilitate the communication between vehicles: a plain application (PA), an urbantrust-model (UTM) application, and a rural-trustmodel (RTM) application.
In the first application, the communication between vehicles takes place without any trust model being implemented. In the second application, the UTM is placed between the application layer and the network transport layer. In the wireless access in vehicular environment (WAVE) standards, the IEEE 1609.3 serves the network and the transport layers. 40,41 In the third application, the RTM with the malicious-noderevocation functionality is implemented between the two aforementioned layers.
Each application is capable of exchanging three types of messages: safety, traffic efficiency, and infotainment messages. An adversary model is developed where malicious vehicles attack the network by disseminating bogus messages, thereby affecting vehicles in the close vicinity.
In each application, five scenarios are performed. The percentage of malicious vehicles is 10% and 20% in the first and the second scenarios, and so forth until it reaches 50% in the fifth scenario. Table 3 shows the details of the simulation parameters.
Three applications are simulated, and the results of the four metrics (the travel time, the CO 2 emissions, the communication overhead, and the accuracy) are recorded. Figure 4 shows the snapshots of the simulation run of the Jeddah map. Figure 5 illustrates the travel time of the three applications. It can be seen that vehicles have less travel time over the RTM. We observed that when we have 50% malicious nodes, the PA attains 20% and 23% higher travel time as compared to the UTM and the RTM.
The number of malicious nodes is increased by 10% each time. However, the travel time is always kept to the minimum.  The CO 2 emissions are depicted in Figure 6. We perceived that the UTM and the RTM perform 12% and 14% better than the PA. Minimizing CO 2 emissions has a positive impact on reducing global atmospheric temperatures and ocean acidification, in addition to decreasing the factors threatening human health. 42,43 Figure 7 highlights the communication overhead, it can be observed that the RTM performs 16% better than the UTM and the PA. This is because the RTM is able to revoke non-legitimate nodes. More malicious nodes are injected in each run. However, the RTM is able to abolish them and only allows the trusted nodes. As a result, the communication overhead is reduced. Figure 8 shows the overall accuracy of the proposed scheme. The accuracy is calculated using equation (17) 44 The proposed scheme acquires a minimum accuracy of 94% when the ration of malicious vehicles is 20%. Moreover, it obtains 97% as the highest value of accuracy when the percentage of malicious nodes reaches 50%.

Comparison and discussion
In this section, the proposed trust management scheme is compared with 10 different schemes to perform a qualitative comparison. The followings are the selected parameters along with their definition: Fake source location detection: a node shares its location when it interacts with the other adjacent nodes. The trust model should be capable to estimate and verify the sender node's location, thereby accepting the correct information, and thus relying only on the valid received messages.    Fake event location detection: when an event occurs, it is reported by the nodes in the network. Malicious nodes may disseminate fake event location to benefit from it. The trust model should be able to estimate and verify the location of the event provided by the sender node. Fake event time detection: events in VANETs trigger vehicles to send notifications, thereby warning close by vehicles. A message is generated and sent when requested by an application at the sender node. 24 The trust model should be capable to estimate and verify the time of the event to accept the true time and discard the false one(s). Node crediting: malicious nodes that disseminate fake messages will not desist as long as they can benefit from so doing. Applying a credibility metric, however, could eliminate their influence on the network. Malicious nodes' revocation: the trust model should be able to maintain the interaction history of the nodes and to revoke some when they meet a certain constraint. Data-based: known as event-based, and puts emphasis on assessing the data received during network interaction. 45 The trust management solutions should focus on the data as they provide real-time information that is very essential to make a decision. Entity-based: focuses on interacted nodes by evaluating their activities. 45 A good trust management model builds messages trust with consideration to the sender nodes and their behavior. A sender node could be judged by its behavior during network interaction. Privacy: defined as: ''The state of being free from public attention.'' 46 The trust model should provide privacy by not exposing private information to other peers during network interaction while messages are exchanged between nodes. Dynamics: the rate of nodes that join and leave the network is high which makes VANETs a very dynamic network. The average speed of a highway is 100 km/h. 47 The trust model should be dynamic to cope with the dynamic nature of VANETs. Scalability: a system is scalable if it is capable to incorporate new nodes without losing data and encountering performance degradation. [48][49][50] The trust management models should be scalable to receive the essential data used in building nodes' trust. Decentralization: decentralized trust management schemes are distributed schemes that do not rely on a central authority. Such schemes have a high chance to succeed. 50 Therefore, trust management schemes should be distributed and less dependent on central authorities. Table 4. Security analysis of the proposed model. Parameters Li et al. 15 Sedjelmaci and Senouci 11 Zhang et al. 12 Zhou et al. 13 Ltifi et al. 14 Shaikh and Alzahrani 18 Kumar and Chilamkurti 16 Chen and Wei 17 Huang et al. 19 Gurung et al. 20 Proposed scheme Node crediting  Table 4 illustrates the qualitative comparison between the proposed scheme and 10 other schemes. The proposed scheme is the only scheme that is capable of: Maintaining nodes' credit. Operating in a dual-mode. Revoking malicious nodes. Maintaining a dynamic threshold selection.
Operating as a hybrid model.
From Table 4, only Shaikh and Alzahrani, 18 Chen and Wei, 17 Gurung et al., 20 and our proposed model can protect nodes' privacy. Scalability and dynamics are presented in all proposed models. Decentralization is attained by Ltifi et al., 14 Shaikh and Alzahrani, 18 Huang et al., 19 Gurung et al., 20 and our model. Node crediting, dual-mode operation, malicious nodes' revocation, dynamic threshold selection, and operating as a hybrid model are only obtained in our proposed scheme.

Conclusion
Assuring message reliability and nodes' credibility without relying on other peers or expensive central authorities, such as RSUs, are some of the most challenging issues in VANETs. Existing trust management solutions do not tackle these challenges in the best manner. Furthermore, none of the proposed schemes operate in both urban and rural environments. In this research, we have developed a novel cost-effective trust management scheme that overcomes the aforementioned limitations. The scheme does not rely on other peers or central authorities to ensure message reliability and nodes' credibility, thereby allowing drivers to make safe decisions based on message quality. Moreover, it is hybrid and is able to revoke malicious nodes. Simulation results show significant improvement in reducing travel time, CO 2 emission, and communication overhead. In addition, the proposed scheme merits an accuracy level in the range of 94% and 97%. The future work is to embed the proposed scheme to real vehicles to compare the experimental and simulation results.

Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.