A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
How to construct optimal one-time signatures
Computer Networks: The International Journal of Computer and Telecommunications Networking
Multi-signatures in the plain public-Key model and a general forking lemma
Proceedings of the 13th ACM conference on Computer and communications security
Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations
IEEE Transactions on Computers
Efficient and robust pseudonymous authentication in VANET
Proceedings of the fourth ACM international workshop on Vehicular ad hoc networks
Practical Short Signature Batch Verification
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
An Identity-Based Security System for User Privacy in Vehicular Ad Hoc Networks
IEEE Transactions on Parallel and Distributed Systems
An ID-based aggregate signature scheme with constant pairing computations
Journal of Systems and Software
One-time signatures and Chameleon hash functions
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Security in vehicular ad hoc networks
IEEE Communications Magazine
Threshold Anonymous Announcement in VANETs
IEEE Journal on Selected Areas in Communications
PACP: An Efficient Pseudonymous Authentication-Based Conditional Privacy Protocol for VANETs
IEEE Transactions on Intelligent Transportation Systems
OPQ: OT-Based Private Querying in VANETs
IEEE Transactions on Intelligent Transportation Systems
Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction
Theoretical Computer Science
Efficient Linkable and/or Threshold Ring Signature Without Random Oracles
The Computer Journal
Hi-index | 12.05 |
In a recent paper, Shim (2012) presented a very interesting authentication scheme for vehicular sensor networks. Shim claimed that the scheme is secure against the highest adopted level of attack, namely the chosen-message attack (CID-CMA). Nevertheless, we find that the proof in Shim's paper does not actually prove that the scheme is secure in this level. Instead, it can only ensure that the scheme is secure in a strictly weaker level of attack, the adaptive chosen-identity and no-message attack (CID-NMA). In this paper, first we show that there exist some security risks in vehicular networks if a scheme, which is only secure against CID-NMA but not CID-CMA, is deployed. Hence, having the proof that the scheme is only CID-NMA is insufficient for the aforementioned application. That is, Shim did not prove that the proposed scheme can resist these kinds of attack. Here, we use a different approach to prove the scheme for security against CID-CMA. We note that this proof is essential to ensure that the scheme can indeed be used for the aforementioned scenario. In addition, we also show that the batch verification of the scheme, proposed in the same paper, may have non-negligible error. Two invalid signatures may give a positive result. We further improve the batch verification part so that the error rate can be reduced to negligible level.