Security Analysis of Conditional Privacy-Preserving Authentication Schemes for VANETs

Abstract

In order to solve the security and privacy-preservation issues in VANETs, a number of conditional privacy-preservation schemes based on certificateless signatures (CLS) schemes and certificateless aggregate signatures (CLAS) schemes have been proposed. However, most of them were insecure against several types of attacks. Recently,Wang <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al</i> . and Xiong <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al</i> . proposed new conditional privacy-preserving authentication schemes based on CLAS and CLS schemes, respectively, for VANETs.We present malicious-but-passive KGC attacks on Wang <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al</i> .’ scheme, and forgery attacks and key recovery attacks on Xiong <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al</i> .’ scheme, where KGC or anyone can generate valid signatures on any messages for any vehicles without being traced by TA. Our attacks break their unforgeability and traceability. At last, we discuss their causes and countermeasures.