Existing authentication schemes for vehicular ad hoc networks (VANETs) are not scalable to high-density and safety-critical VANETs. These schemes ignore the very important and unique VANET characteristics such as frequent path disconnections due to high-mobility, bandwidth-limited channel, applications entailing ultra-low latency, high channel-error rate, etc., in their design. Specifically, their approach of entrusting the job of issuing signing key material to remote trusted authorities introduces centralized dependency and high latency for vehicles requesting the key material. Furthermore, acquiring or frequently updating the key material demands substantial network resources including high bandwidth as well as longer and frequent connections to remote authorities. In this paper, we propose a novel and efficient privacy-preserving localized hybrid authentication scheme (PLHAS) modeled on two public key cryptosystems: PKI and CL-PKC. We distribute the key management task among multiple PKI-certified local semi-trusted road-side units (RSUs) to minimize centralized dependency, and entrust identity management to a central Transport Registration Authority (TRA) to ensure role separation. We further reduce the dependency on RSUs and TRA by offloading their tasks of supplying the signing key material. Instead, vehicle's on-board unit (OBU) derives it locally from minimal long-term secret keys acquired from TRA and a local RSU. Besides, vehicles utilize a novel efficient certificate-less signature (CLS) scheme to authenticate their outgoing messages. To protect the long-term secret keys from possible side-channel leakage attacks on OBU, we fashion our critical cryptographic operations in such a manner that bounds and randomizes the leakage of secret keys. Considering the multiple semi-trusted authority setup, we also propose a modified adversarial model for CLS scheme, and show that PLHAS is provably secure, in random oracle model, against modified Type-I/II forgery attacks, certificate forgery attack and vehicle impersonation attack. The results obtained from extensive performance analysis also confirm its efficient nature as compared to the related authentication schemes.
Read full abstract