On the security of privacy-preserving authentication scheme with full aggregation in vehicular ad hoc network

Certificateless aggregate signature (CLAS) scheme is a very important cryptographic technique used in many internet of things (IoT) applications like healthcare wireless sensor networks, industrial IoT, smart agriculture, and smart transportation to achieve privacy and integrity of transmitted information, and improved efficiency. Recently, a privacy-preserving authentication scheme based on CLAS scheme for secure communication in vehicular ad hoc network (VANET) which can achieve complete aggregation was proposed. The authors demonstrated that their scheme is semantically secure in the random oracle model based on the intractability of the computational Diffie-Hellman (CDH) problem under the consideration of type I and II attacks. However, by giving two concrete attacks, we show that the scheme is insecure in the standard security model. Consequently, we propose a fix by modifying the sign, verify, and aggregate-verify algorithms of the scheme. Afterwards, we demonstrate that with this modification, the improved scheme is semantically secure against forgery attacks in the random oracle model under the intractability of the CDH problem. An analysis of the performance of the proposed scheme and the related schemes shows the former is much more efficient and suitable for practical application.