ECDSA-based certificateless conditional privacy-preserving authentication scheme in Vehicular Ad Hoc Network

Abstract

A Certificateless Public Key Cryptography (CL-PKC) aims to avoid the drawback of both traditional public key cryptography which requires a Public Key Infrastructure (PKI), and Identity-Based Public Key Cryptography (ID-PKC) which suffers from the inherent key escrow problem. In Vehicular Ad Hoc Network (VANET), a Certificateless Conditional Privacy Preserving Authentication (CCPPA) fulfills all known VANET security requirements in order to resolve challenges related to security and privacy. However, the existing certificateless schemes only achieve a trust level 2 according to the hierarchy defined by Girault. In case the partial private key is leaked, a malicious node can replace the public key since the public key is not bound to an identity. As a result, the trusted authority can only identify malicious nodes by using their pseudo identities. Al-Riyami and Paterson introduced a binding technique that allows to lift the trust level of a normal certificateless scheme to a trust level 3 by using a binding technique. This paper proposes new CCPPA schemes that use Al-Riyami and Paterson's technique, can achieve a stronger security and achieve a trust level 3. In case the partial private key is leaked, only the legitimate node can use the corresponding public key which has been certified by the trusted authority. As a result, the proposed CCPPA schemes address the vulnerability related to the public key replacement attack which is present in several CCPPA schemes. Our schemes also offer a tracing technique which consists of allowing the trusted authority to identify a malicious node using both its pseudo identity and public key. The proposed schemes use ECC cryptography and avoid Map-to-Hash function and bilinear pairing. Also, we called our schemes ECDSA-CCPPA and ECDSA*-CCPPA since they allow to respectively implement Elliptic Curve Digital Signature Algorithm (ECDSA) and the modified ECDSA* during authentication process in VANET. A security analysis is performed and proves that the ECDSA-CCPPA and ECDSA*-CCPPA schemes are secure in the random oracle. Actually, the ECDSA*-CCPPA scheme has an advantage over ECDSA-CCPPA in that it allows to perform a batch verification of signatures, where RSUs can support vehicles by collecting vehicle's signatures and verifying their messages in congested areas in order to reduce verification time. Additionally, a performance analysis is carried out to compare ECDSA*-CCPPA with several existing schemes. The simulation results show that ECDSA*-CCPPA outperforms the studied schemes with regard to the signature and verification process of one message. Moreover, it has the less overhead when compared to the studied certificateless schemes.