Cryptanalysis of an Efficient and Secure Certificateless Aggregate Signature-Based Authentication Scheme for Vehicular Ad Hoc Networks

Vehicular ad hoc networks (VANETs) apply the Internet of Things technology to provide secure communication among the vehicles, thereby improving the safe driving of vehicles, the utilization of traffic resources, and the efficiency of information services. Due to the openness and vulnerability of wireless networks in VANETs, messages in sharing and transmission are easily attacked and destroyed. Therefore, a large number of schemes for VANETs were proposed to protect the privacy of vehicles and ensure the authentication, integrity, and nonrepudiation of messages. However, most of these schemes have serious security flaws or poor performance issues. Recently, Thumbur et al. presented an efficient certificateless aggregate signature-based authentication scheme for VANETs and then gave the detailed security proof (IEEE Internet of Things Journal, vol. 8, no. 3, pp. 1908-1920, 2021). In this article, we analyze the security of Thumbur et al.'s scheme and demonstrate that it has significant security problems. Specifically, their scheme cannot resist public key replacement attacks from external adversaries, and it is not secure against coalition attacks from malicious vehicles. Then, we improve Thumbur et al.'s scheme to address the security weaknesses. According to the security and performance analysis, the improved scheme enhances the security while maintaining the performance of the original scheme.