Analysis and Improvement of a Conditional Privacy-Preserving Authentication Scheme with Double-Insurance in VANETs

As intelligent transportation develops by leaps and bounds, there has been a growing interest in leveraging Vehicular Ad-hoc Networks (VANETs) to improve efficiency and security. One key aspect of them is the Conditional Privacy-Preserving Authentication (CPPA) scheme, which addresses challenges of identity authentication and message integrity during communications. Most ID-Based CPPA schemes rely on Tamper-Proof Devices (TPDs), which are vulnerable to side-channel attacks. If sensitive data stored in TPDs are compromised, the entire system would be in danger. To tackle this issue, Xiong et al. introduced a CPPA scheme with double-insurance, claiming its security against adaptively chosen message attacks. However, this paper reveals that their scheme is universally forgeable, allowing anyone to create valid signatures on any message, rendering it inadequate for CPPA. In light of the weaknesses, we propose a novel scheme that inherits the time-tested Schnorr Signature and Abe-Okamoto Message Recovery Signature. Besides, we prove the security under the assumptions of Discrete Logarithms (DL) and Computational Diffie-Hellman (CDH), and conduct experiments and realistic evaluations. The results demonstrate its superiority, and establish its practicality in real-world scenarios.