Efficient lightweight anonymous authentication scheme with certificateless aggregation for VANETs

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-04-14 DOI:10.1016/j.jisa.2025.104053

Abdullahi Yahya Imam , Fagen Li

{"title":"Efficient lightweight anonymous authentication scheme with certificateless aggregation for VANETs","authors":"Abdullahi Yahya Imam , Fagen Li","doi":"10.1016/j.jisa.2025.104053","DOIUrl":null,"url":null,"abstract":"<div><div>Recent developments in Internet of Things (IoT) and vehicular ad hoc networks (VANETs) technologies have improved traffic management and safety in several ways. Due to their unique nature, VANET communications still face certain challenges related to achieving basic security requirements and efficiency. Many researchers proposed different authentication schemes based on certificateless aggregate signature (CLAS-based) as the solutions to achieving the security requirements such as privacy-preserving authentication, integrity, unlinkability and non-repudiation as well as attaining high efficiency in VANETs. However, most of the proposed schemes were revealed insecure or highly inefficient in one way or the other. Recently, a CLAS-based authentication scheme in VANETs using fuzzy extractor functions was proposed by Zhou et al.. They claimed that their proposed scheme achieved various security requirements. However, after thorough review and analysis, we demonstrate that the Zhou et al.’s scheme is vulnerable to signatures linkability attacks which can lead to illegal tracking of vehicles in the VANETs. Subsequently, we propose an improved authentication scheme based on CLAS that mitigates the discovered flaws. Besides improving the security, our proposed scheme introduced the utilization of precomputed values in entities with computational and energy constraints. The use of precomputed values which are usually generated offline prior to authentication process enables our scheme attain very lightweight vehicular authentication. Eventually, we demonstrate that our improved scheme is unforgeable in the random oracle model (ROM) under the intractability of elliptic curve discrete logarithm problem (ECDLP). Moreover, we demonstrated the security of our proposed scheme against signatures linkability attacks under the assumption of strong collision-resistance property of the hash functions. Lastly, results of the efficiency analysis have shown that our improved scheme is comparatively better than the other related schemes.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"91 ","pages":"Article 104053"},"PeriodicalIF":3.8000,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000900","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Recent developments in Internet of Things (IoT) and vehicular ad hoc networks (VANETs) technologies have improved traffic management and safety in several ways. Due to their unique nature, VANET communications still face certain challenges related to achieving basic security requirements and efficiency. Many researchers proposed different authentication schemes based on certificateless aggregate signature (CLAS-based) as the solutions to achieving the security requirements such as privacy-preserving authentication, integrity, unlinkability and non-repudiation as well as attaining high efficiency in VANETs. However, most of the proposed schemes were revealed insecure or highly inefficient in one way or the other. Recently, a CLAS-based authentication scheme in VANETs using fuzzy extractor functions was proposed by Zhou et al.. They claimed that their proposed scheme achieved various security requirements. However, after thorough review and analysis, we demonstrate that the Zhou et al.’s scheme is vulnerable to signatures linkability attacks which can lead to illegal tracking of vehicles in the VANETs. Subsequently, we propose an improved authentication scheme based on CLAS that mitigates the discovered flaws. Besides improving the security, our proposed scheme introduced the utilization of precomputed values in entities with computational and energy constraints. The use of precomputed values which are usually generated offline prior to authentication process enables our scheme attain very lightweight vehicular authentication. Eventually, we demonstrate that our improved scheme is unforgeable in the random oracle model (ROM) under the intractability of elliptic curve discrete logarithm problem (ECDLP). Moreover, we demonstrated the security of our proposed scheme against signatures linkability attacks under the assumption of strong collision-resistance property of the hash functions. Lastly, results of the efficiency analysis have shown that our improved scheme is comparatively better than the other related schemes.

查看原文本刊更多论文

针对 VANET 的无证书聚合高效轻量级匿名身份验证方案

物联网（IoT）和车辆自组织网络（VANETs）技术的最新发展从几个方面改善了交通管理和安全。由于其独特的性质，VANET通信在实现基本的安全要求和效率方面仍然面临一定的挑战。许多研究者提出了基于无证书聚合签名（class -based aggregate signature, class -based）的认证方案，以实现vanet中认证的保密性、完整性、不可链接性和不可抵赖性等安全要求和高效。然而，大多数提出的方案都以这样或那样的方式暴露出不安全或效率低下。最近，Zhou等人利用模糊提取函数提出了一种基于类的vanet认证方案。他们声称他们提出的方案达到了各种安全要求。然而，经过彻底的审查和分析，我们证明Zhou等人的方案容易受到签名链接性攻击，这可能导致非法跟踪vanet中的车辆。随后，我们提出了一种改进的基于CLAS的身份验证方案，以减轻发现的缺陷。除了提高安全性外，我们提出的方案还在具有计算和能量约束的实体中引入了预先计算值的利用。使用通常在身份验证过程之前离线生成的预计算值使我们的方案能够实现非常轻量级的车辆身份验证。最后，我们证明了在椭圆曲线离散对数问题（ECDLP）的难解性下，我们的改进方案在随机oracle模型（ROM）下是不可伪造的。此外，在假设哈希函数具有强抗碰撞性的前提下，我们证明了所提出方案对签名链接性攻击的安全性。最后，效率分析的结果表明，改进后的方案相对于其他相关方案是更好的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.