Automatic Dependent Surveillance-Broadcast (ADS-B) technology is a new solution for communication among aircraft and ground controller stations. In this new surveillance technology, critical messages (e.g., the location of aircraft) are achieved by navigation satellites, and then an on-board equipment multicasts the unencrypted messages twice per second to the others. The former ADS-B protocols suffer from weak authentication protocols with a few security vulnerabilities and privacy issues including key-escrow problem, user profiling, time consuming verification processes, and difficulties with certificate management. In this paper, we propose a new hierarchical authentication protocol used Certificateless Public Key Cryptography (CL-PKC) technique to avoid using Public Key Infrastructure (PKI) certificate management and solve the key-escrow concern in Identity-based Public Key Cryptography (ID-PKC). Further, unlike many of certificateless schemes, our proposed scheme is secure against malicious-but-passive Key Generation Center (KGC). We prove that our scheme preserves conditional privacy, which means that distinct identities map to varied pseudonyms. The security and privacy features of our scheme are provably modeled under the widely-accepted random oracle model by computational Diffie-Hellman (CDH) assumption against adaptive chosen-message attack. Finally, we show that the time needed to aggregate verification of 50 messages reduced by 84% and 48% compared to those of Yang et al.’s and He et al.’s schemes respectively.