Vehicular Ad-hoc Network (VANET) is vital for supporting intelligent transport systems, such as traffic data sharing and cooperative processing in the modern city. However, data security and privacy are the critical factors restricting the development. To address these challenges, several certificateless conditional privacy-preserving authentication (CPPA) schemes with anonymity and traceability have been proposed. These schemes avoid complicated certificate management in the PKI framework and key escrow in the ID-based protocol. However, there still exist drawbacks such as computational complexity, high communication cost or security vulnerability. Recently, Ali <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> proposed an efficient certificateless CPPA (CLCPPA) scheme for VANETs, but we have found that this scheme fails to resist a signature forgery attack. To achieve a trade-off between security and efficiency, we first demonstrate the insecurity of Ali <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.’s</i> protocol and then introduce a security-enhanced solution. To show the feasibility and utility of our proposal, we perform a security analysis in the security model. Moreover, we evaluate the performance via comparing it with other existing schemes. From the comparison results, we can find that our scheme is more efficient than prior state-of-art solutions, in terms of signing (improving 66.75%), the verification (improving 33.19%) and bandwidth requirement (reducing 14.75%). Therefore, our proposal is more suitable to be applied in VANETs.
Read full abstract