A New Certificateless Signcryption Scheme for Securing Internet of Vehicles in the 5G Era

Cui, Beibei; Wei, Lu; He, Wei

doi:https://doi.org/10.1155/2022/3214913

Security and Communication Networks

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Data Security and Privacy for Fog/Edge Computing-Based IoT 2022

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 3214913 | https://doi.org/10.1155/2022/3214913

A New Certificateless Signcryption Scheme for Securing Internet of Vehicles in the 5G Era

Beibei Cui,^1,2Lu Wei,²and Wei He³

Academic Editor: Anwar Ghani

Received25 Feb 2022

Revised13 Jul 2022

Accepted23 Jul 2022

Published19 Sept 2022

Abstract

The application of digital signature technology to the Internet of vehicles (IoV) is affected by its network and communication environment. In the 5G era, the influx of a large number of intelligent devices into the mobile Internet requires a low transmission delay and power consumption as well as high-security requirements. To the best of our knowledge, a well-designed solution in which signcryption technology is used has not been proposed in the IoV research area. Motivated by the fact, a certificateless signcryption scheme based on the elliptic curve digital signature algorithm, in which pseudonym and timestamp mechanism are also considered, has been designed in this paper. We prove that the scheme proposed by us can be reduced to solving the difficulty of the computational Diffie–Hellman problem with a standard model, showing that the scheme meets requirements on both security and efficiency, which provides a comparative analysis with the state-of-the-art schemes in terms of security analysis, computational cost, and communication cost, demonstrating that the scheme proposed by us is suitable to be deployed in the IoV environment, which is of the characteristics of high-speed vehicle movement.

1. Introduction

The Internet of vehicles (IoV) has made significant progress in the 5G era. To meet the needs of research and application, IoV communication can be divided into vehicle to vehicle (V2V), vehicle to infrastructure (V2I), vehicle to pedestrian (V2P), and vehicle to network (V2N). We call them vehicle to everything (V2X). At present, data transmission of the IoV is realized with the help of the DSRC and cellular network, and then, data are stored in the cloud [1]. Among them, V2X communication is based on the 5G network [2], which has been widely used by global operators and automobile manufacturers. Security issues such as counterfeiting, manipulation, and forgery exist in all the IoV links [3]. Since they are critical aspects in solving the problems of information security and privacy protection, anonymous authentication has become a hotspot of research in recent years. Kamat et al. [4] proposed an identity-based and cryptography-based VANET security framework (IBC). Shamir[5] proposed the concept of an identity-based system. In 1984, a cryptosystem based on arbitrary strings could use conventional anonymity approach for the first time, which entails a third-party trustworthy institution storing the correspondence between all vehicles and anonymous certificates. According to the report, if the authority is not authorized, it may intentionally disclose personal information of the vehicle, forge, and tamper with the legal vehicle identification. Tzeng et al. [6] integrated the identity-based public-key cryptosystem into the Internet of vehicles to meet this challenge. The user’s private key is generated by a third-party private key generator (PKG). What can be done if a third-party private key creation center is dishonest or malicious as public keys. For instance, Zhang et al. [7] recommended that fingerprint information be used for identity authentication. Cui et al. [8] adopted edge computing in VANETs to apply privacy protection. Raya and Hubaux[9] proposed that signature of any user can be forged, causing the problem of key escrow. As a result, Al-Riyami and Paterson[10] presented the concept of a key generation center (KGC), pointing out that any effective key can be generated by the secret value of OBU and partial keys distributed by KGC. A certificateless signature system was presented by Liu et al. [11] in 2007. Keys are no longer solely determined by the CA, and the traditional signature method was broken. Shim [12] devised a novel certificateless signature system and assessed its security using computational Diffie–Hellman (CDH), and Yang et al. [13] considered that the scheme was vulnerable to malicious and passive KGC attacks. Thumbur et al. [14] suggested a certificateless signature technique without bilinear pairing in 2020, claiming that the scheme can be used in IoV with limited resources. Mei et al. [15] suggested a bilinear pairing-based certificateless signature aggregation approach with conditional privacy protection. Under the random oracle paradigm, the approach achieved complete aggregation and was proved to be safe. For V2V secure communication, Ali et al. [16] devised an identity-based message authentication technique without bilinear pairing. When vehicles request to register with the trusted authority (TA), the TA creates pseudonyms and keys for them to secure its anonymity during the communication process. Barbosa and Farshim[17] proposed the certificateless signcryption (CLSC) concept, which can transmit signing and encryption simultaneously. Processing time, broadband occupation, and key management can all benefit from signcryption, which was first proposed by Zheng [18]. Barbosa’s method, however, has been shown to be vulnerable to malicious passive KGC assaults. For bilinear pairs, Barreto et al. [19] suggested a certificateless signcryption approach. Suzhen et al. [20] proposed a signcryption technique that includes a privacy protection feature in 2018. Vehicle keys and pseudonyms were generated by TA and PKG, respectively. The bilinear pairing operation was used in the same way in documents [20, 21], with low computational efficiency. Many researchers are now studying signcryption technology [22–25], but no systematic scheme is formed. Du et al. [26] put forward a certificateless signature scheme based on elliptic curve cryptosystems, but there is a replacement key attack. We improve Du et al.’s scheme, propose a new certificateless signcryption scheme based on an elliptic curve, and apply this scheme to the privacy protection of the IoV. We construct a new CLSC scheme to obtain a higher level of security. Our CLSC scheme proves its security of the scheme by using two different types of adversary selection message attacks. Compared with other existing schemes, this scheme avoids expensive bilinear pairing, is more cost-effective, and is suitable for rapidly changing IoV environment. The main contributions of this paper are as follows:(i)To create pseudonyms, ECC cryptography is employed; the standard tamper-proof device (TPD) and password (PWD) are not used. Instead, the pseudonym is formed using the intermediate variables false identity and timestamp. Therefore, the hidden danger of password theft is avoided, and the system has a high level of privacy protection.(ii)Combining certificateless and signcryption theory, anonymous is introduced into the scheme. Key generation is related to RSU, OBU, and KGC; the IBC algorithm is improved by two-way authentication among them. Thus, the security of the key is enhanced.(iii)When compared to other related systems, the computational cost decreased. The scheme satisfies the security requirements of IND-CCA and EUF-CMA, giving the IoV system forward security, anonymity, traceability, and the capacity to prevent replay attacks.

2. Elliptic Curve

If is a large prime, it satisfies , and includes all solutions in the finite domain . Elliptic curve mod , and denotes the set of pairs , satisfying the above equation along with a special value . That is, mod . The elements are called the points on the elliptic curve , where , and is called the point at infinity.(i)Elliptic curve digital signature algorithm (ECDSA) [27]: it is an algorithm through which a random integer is generated and calculates the point as well as the number mod is calculated, where is the coordinate of . Finally, mod is calculated as a signature, and is the hash truncation of message .(ii)Elliptic curve discrete logarithmic problem (ECDLP): there are two points on the elliptic curve , and is calculated, when the points are known, the problem of solving the coefficient is called an elliptic curve discrete logarithmic problem, and the coefficient cannot be calculated in the polynomial time.(iii)Elliptic curve Diffie–Hellman problem (ECDHP): the problem is that on inputs , point is taken as the base point in the finite field of elliptic curve to have the given equation, when the values of and are known, solving the value of is called an elliptic curve Diffie–Hellman problem, which cannot be effectively solved in the polynomial time.

2.1. System Overview

In our scheme, the IoV model consists of vehicles, roadside units, key generator centers, and trusted authorities. The specific division of labor is as follows:

Onboard unit (OBU): intelligent vehicles with OBU can exchange information and data with roadside units or other vehicles. Each vehicle periodically broadcasts information for safe driving. To ensure location privacy, each vehicle needs to use a pseudonym to replace its real identity to transmit information.

RSUs (roadside units): RSUs are deployed alongside urban roads, which consist primarily of a wireless communication interface and a local data preprocessing unit. The roadside units are deployed by specific guidelines. As a result, the vehicle can access the roadside units. All the RSUs should be interconnected with the intelligent transportation information data center.

Trusted authority (TA): the TA is managed by the traffic management department and is mainly in charge of OBU identity registration and authentication. It is fully trusted in this scheme and is responsible for generating the false identity of the vehicle.

Key generation center (KGC): the KGC is in charge of communicating with TA to generate partial public/private keys for legitimate OBU and RSUs.

The model is shown in Figure 1.

2.2. Scheme

Our CLSC scheme is designed for IoV communication, eliminates the issue of key escrow, and makes use of a pseudonym mechanism to protect the real identities of both parties to the communication, so ensuring the privacy of the identity and vehicle traceability.

First, in order to eliminate the impact of replacing the public key, the system master key is added to the pseudonym generation formula to make it more difficult for attackers to forge signatures, and make the impossible to bypass. It can be seen that in the Du et al.’ scheme [26], part private key was calculated by the system master key. The malicious signer cannot calculate the value of the system master key and through technical means, but the public key of the certificateless signature scheme is not authenticated between the signer and the verifier. The malicious signer forges the signature by forging the secret value and bypassing the unknown system master key. Therefore, there is a key replacement attack. So, in our scheme, signcryption algorithm is introduced to ensure the confidentiality of transmission and improve transmission efficiency. Finally, the security of the scheme is proved in the standard model. The meaning of relevant symbols is shown in Table 1. The flowchart of the algorithm is shown in Figure 2. The algorithm steps are provided.

2.3. Algorithm

There are five participants in the improved certificateless signcryption scheme algorithm: KGC, TA, RSU, the sender of vehicle , and the receiver of vehicle . OBU and RSU conduct two-way authentication through TA [28]. We divide the entire scheme into six algorithms, which are listed as follows.

2.3.1. Initialization

The KGC chooses five collision-resistant Hash functions:

The KGC secret saves system master key and encrypted transmits to TA, and TA saves and generates system public key . The common parameter is .

2.3.2. Registration

OBU executes the algorithm, randomly selects , calculates the negotiation key [29] , generates false identity , and then sends to TA. The algorithm is executed by TA, and TA receives the message from OBU. TA calculates and queries whether the vehicle identity list containing . If not, the algorithm is terminated by TA, and the OBU is determined to be illegal. RSU sets identity as , randomly selects as its private key, RSU calculates negotiation key and public key , and sends to TA, and TA calculates and forwards to the legitimate OBU.

2.3.3. Pseudonym Generation

The trusted organization no longer issues the public-key certificates (PKI) to vehicles but generates pseudonyms for them. In this scheme, the generation of a pseudonym consists of three parameters, including false identity of its own, RSU identity information, and timestamp, rather than the device password information. When the vehicle enters the area responsible for RSU, OBU receives from the RSU broadcast. When OBU receives multiple RSU broadcast signals at the same time in a critical environment, it can only record the strongest RSU broadcast information and discard relatively weak RSU broadcast information. The OBU checks the RSU’s public key; if , the RSU will be illegal, and the algorithm will not be executed. Otherwise, OBU obtains the current timestamp and the public key of the current RSU, then selects the secret value for the RSU. The OBU calculates , , and sets the pseudonym of the vehicle .

Through the above operations, TA indirectly judges the legitimacy of RSU. OBU generates the pseudonym through legal RSU, false identity of the vehicle, and the timestamp.

2.3.4. Key Generation

(i)Secret value: OBU chooses a random as its secret value. When the pseudonym is updated, the secret value should also be changed randomly, to maintain forward safety [30].(ii)Partial private/public key: KGC inputs the pseudonym of the vehicle and the parameter value , KGC chooses randomly and calculates partial public key and partial private key mod , which is . KGC sends to OBU via secure channel.(iii)Public key extract: OBU calculates , then generates the public key, which is .(iv)Private key extract: OBU checks whether the is established. If so, it will be accepted. If not, it will be rejected. The private key is generated as . Proof of correctness is as follows: .

2.3.5. Signcryption

is the sender of OBU, while is the receiver of OBU, and takes message , , , , , and as input; generates a random integer ; and produces signcryptext . The signcryption generation process is based on ECDSA, and the specific calculation process is as follows:(i), , are the coordinate value and coordinate value of point .(ii), where can be considered as an important parameter for verifying signatures, and there has three hash functions.

Hash functions , , and are used to protect the pseudonym , message , and public key . is signcryptext, which is generated by XOR .

sends to .

2.3.6. Unsigncryption

takes , , , , , and as input and returns massage , if is hold. performs the following steps:

executes the algorithm to decrypt the signcryption.

3. Correctness

Only if the following two equations are true, respectively, the scheme meets the correctness.(i)Public verifiability. The message is signed by , if the verification signature is valid, receives the message. Otherwise, if the signature is invalid, rejects the message.(ii)Consistency of encryption and decryption. If is true, must be true, and must be established.

Both and are deduced from the public key generation algorithm , , , and . From the formulas (4), (6), (9), and (10), it is deduced that the equation holds.

Thus, the message can be restored.

4. Security Proof

Two types of adversaries are considered to prove the security of our scheme [31]. These requirements on security are described via some games between adversaries ( or ) and a challenger . Adversaries can be divided into two cases: one is that the adversary is a malicious who does not know the system master key , but can replace the public key of any user; the second type of adversary is a malicious KGC attacker, who knows the master key but cannot replace any public key. In our CLSC scheme, the adversaries may access the following oracles:(i): is entered as an identifier, and a public key matching will be returned.(ii): is entered as an identifier, and a partial private key will be returned.(iii): is entered as an identifier, a new public key that can be used will replace the original public key .(iv): is entered as an identifier, a private key matching will be returned, when the public key is not replaced.(v): When there is a message , identity of a sender is , and identity of a receiver is as input, and an available signcryption on will be returned.(vi): When a signcryption , identity of a sender is , and identity of a receiver is as input, the message will be restored, when is available.

can access all the above oracles, while can access all of them except and , because owns the system master key , can forge partial private key ; meanwhile, and can suppose and , respectively. We prove our CLSC scheme from two aspects: confidentiality and unforgeability.

4.1. Confidentiality

This property is considered as the indistinguishability under chosen-ciphertext attack (IND-CCA). In this section, the security proof is proved by some games between adversaries and a challenger .

Game 1: The game interactions between an adversary and a challenger are as follows:(i)Setup: inputs a security parameter , a common parameter and are generated, of which is kept as a secret.(ii)Phase 1 queries: sends bounded queries in polynomial time to the oracles , and the responds to the queries passing through these oracle models.(iii)Challenge: sends two equal length messages and to challenger with and as identifiers. A bit is randomly selected by , through which is implemented by and is sent to .(iv)Phase 2 queries: sends bounded queries in polynomial time to the oracle , and the responds to the queries passing through these oracle models.(v)Guess: outputs a guess of , which is .

It is said that wins game 1, if and the following conditions are established:(1) cannot be extracted by at any point(2) cannot be extracted by , if has replaced with before accepting the challenge(3)In phase 2 queries, is unable to perform unsigncryption query on under or , and signcryption , , or has been replaced after the challenge is issued.

Game 2: The game interactions between an adversary and a challenger : the challenge steps are the same as those of game 1.(i)Setup: inputs a security parameter , and a common parameter and are generated. sends parameter and to .(ii)Phase 1 queries: sends bounded queries in polynomial time to the oracle , and responds to the queries passing through these oracle models.(iii)Challenge: sends two equal length messages and to challenger with and as identifiers. A bit is randomly selected by , through which is implemented, and then, is sent to .(iv)Phase 2 queries: sends bounded queries in polynomial time to the oracle , and responds to the queries passing through these oracle models.(v)Guess: outputs a guess of .

It is said that wins game 2 if and the following conditions are hold:(1) cannot extract at any point. Because the secret value cannot be obtained by , solves as ECDLP problem.(2)In phase 2 queries, is unable to perform an unsigncryption query on under or .

If the probability is negligible, we say that the scheme is IND-CCA safe. We know that can access to all of the oracles, while can access to all of them except and .

sends bounded queries in polynomial time to the oracle making a signcryption query but cannot win under or . The key generation process is , , and . It is still difficult to solve , which is an ECDHP problem.

sends bounded queries in polynomial time to the oracle , making a public key query , but cannot be used to obtain ; thus, cannot obtain , and solving is an ECDLP problem.

The probability for and to win game 1 and game 2 is negligible.

4.2. Unforgeability

This property is considered as the existential unforgeability against the chosen message attack (EUF-CMA). In this section, the security proof is proved through some games between adversaries and a challenger .

Game 3: The game interactions between an adversary and a challenger are as follows:(i)Setup: inputs a security parameter , a common parameter and are generated, and is kept as a secret.(ii)Phase 1 queries: sends bounded queries in polynomial time to the oracle , and responds to the queries passing through these oracle models.(iii)Forgery: forges the message and signcryption from the sender to the receiver .

If the decryption output is and the following conditions are met, it is said that wins game 3.(1) cannot extract at any point(2) cannot extract for any pseudonym , if has been replaced(3) cannot extract (4) cannot make a signcryption query on under or

Game 4: The game interactions between an adversary and a challenger : the challenge steps are the same those of as game 3.(i)Setup: inputs a security parameter , and a common parameter and are generated. sends parameter and to .(ii)Queries: sends bounded queries in polynomial time to the oracle , and the responds to the queries passing through these oracle models.(iii)Forgery: creates a forged message or signcryption from the sender to the receiver .

If the decryption output is and the following conditions are met, it is said that wins game 4.(1) cannot extract at any point(2) cannot make a signcryption query on under or

If it is negligible or to win game 3 and game 4 , we say that the scheme is EUF-CMA safe. Note that has access to all of the mentioned oracles, while has access to all of them except and .

executes public key replacement queries from , which can replace the public key with , , signcryption queries from , and unsigncryption queries from ; randomly selects , , and , which is used to , mod , , , and , which are forged, so as to signcrypt the message . Then, signcryption is forged, receives , and feasibility verification is conducted:

If it is only a signature algorithm without signcryption, the adversary can still forge a signature and pass the authentication by signing before encryption or encrypting before signature, which is the same as Du et al. [26].

According to formulas (13) and (14), it is known that , so , the adversary cannot pass the encryption consistency verification. Public key replacement fails. cannot execute query partial private key from ; thus, is forged to replace , and is selected to forge , where , , and , in which and , and gets ; then, a feasibility verification is done.

cannot replace any public key. It is known that ; thus, . The output will be INVALID, and discards the ciphertext.

The probability of and to win game 3 and game 4 is negligible.

5. Security Analysis

5.1. Forward Security

If the system master key is omitted, it is calculated due to the difficulty of ECDLP, it is still difficult to calculates and , and remains unknown. Therefore, it is guaranteed that the past signcryption information will not be disclosed, because of the randomness of and . When the system master key is omitted, the new values will immediately replace it. The key update is realized, and these actions further confirm the security of the communication [32].

5.2. Traceability

The ciphertext should contain relevant information about the vehicle identity. In the scheme, TA can be used to calculate using the system master key , which queries whether is listed in the vehicle identity. It seems that only the trusted authority TA can track the vehicle according to the relevant information. In addition, the IoV requires an extremely high real-time nature. The ciphertext contains timestamp information, which can also prevent replay attacks. Because ciphertext ; , here we can use the pseudonym of the vehicle , making the ciphertext contains timestamp information.

5.3. Anonymous

Pseudonyms are used in V2V and V2I communications to protect the true identity of the vehicle. The pseudonym of the vehicle consists of three parts: , where is generated by the false identity of the vehicle, , , , and is the timestamp to ensure the anonymity of the vehicle. It is necessary to protect the identity information of the vehicle when the pseudonym information is disclosed. According to the irreversibility of a hash function and the difficulty of ECDLP, the attacker cannot calculate , , or in polynomial time, so the of the vehicle cannot be obtained. In addition, vehicles carry different pseudonyms in different RSU communication ranges and timestamps; that is, the pseudonym information of the vehicle changes with position and time, which makes the generation process of a pseudonym a one-way trapdoor function.

5.4. Unforgeable

The unforgeability of the CLSC scheme is proven in the unforgeability section using a (existential unforgeability against selected message attacks, EUF-CMA) security model. The signature ciphertext forged by an attacker does not satisfy the encryption consistency or convey the attacker’s intentions.

6. Performance Evaluation

Computational cost, communication cost, and safety analysis are analyzed in this section compared with other relevant schemes [33–38]. The schemes selected for comparison are certificateless signcryption, which can be applied to the IoV.

The computational cost mainly depends on the amount of signcryption and unsigncryption algorithms, which can be measured based on the number of execution times of statistical elliptic curve scalar multiplication, elliptic curve scalar addition, bilinear pairing, and mapping to point operation. The computational cost of XOR operation on is too small to make comparison. The operation results are listed in Table 2. The experimental system environment is as follows: CPU: Intel core [email protected] GHz; RAM: 8 GB; OS: Ubuntu 16.04; Library: MIRACL, a public C++cryptographic library; [https://github.com/miracl/MIRACL/archive/master.zip].

Under the same operating environment, our scheme costs 1.397 ms, Kasyoka et al.’s scheme [33] costs 1.705 ms, Karati et al.’s scheme [34] costs 2.424 ms based no pairing, Karati et al.’s scheme [35] costs 18.913 ms based on bilinear pairing, He et al.’s [36] scheme costs 2.05 ms, and Seo et al.’s [38] scheme costs 3.41 ms. Compared with the other schemes [33–36, 38], our scheme in this paper decreases by , , , , and , respectively.

Communication cost is measured by the length of a single ciphertext. In the bilinear pairing operation scheme, the length of is 1024 bit, and that of is the same. To provide the security schemes of the same level for a scheme based on the elliptic curve, is the prime number and the length of is 160 bit. The additive cyclic group with order generation for point on a nonsingular elliptic curve is , and the length of is 320 bit.

The superiority of this scheme is illustrated by comparing the computation and communication overhead of a single ciphertext, which is statistically analyzed in Table 3.

In the comparative analysis of communication cost, the length of a single ciphertext is used as the unit of comparison, which is 640 bit in our scheme, slightly higher than that of Kasyoka et al.’s [33] and Seo et al.’s [38] and is lower than that of Karati et al.’s [35] and He et al.’s [36] bilinear pairing scheme, the same as no pairing scheme of Karati et al. [34].

Our CLSC scheme is designed according to a certificateless signcryption model and relies on ECDSA, which depends on the difficulty of pseudonyms generation. In this section, the security of the algorithm is compared and with that of similar schemes and is then analyzed. The result is in Table 4.

7. Conclusion

In this paper, we construct a reliable certificateless signcryption scheme without bilinearity, where a pseudonym mechanism is also designed to protect the privacy of vehicles. We use certificateless signcryption technology to implement the scheme, which can secure vehicular communication with a low computation overhead. Performance analysis demonstrates that the scheme proposed by us can be used to reduce computational and communication cost compared with other related schemes. Security proofs and analyses show that the scheme proposed by us can be used to avoid replacement public key attacks, and ensure the satisfaction of the security of IND-CCA as well as EUF-CMA. Other requirements on security including perfect forward secrecy, anonymity, traceability, and resistance of replay attacks can also be ensured.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that there are no conflicts of interest.

Acknowledgments

This work was supported by the funding project for Top Talent Cultivation in Colleges and Universities in Anhui Province (gxgnfx2020178) and the Natural Science Research Project of Colleges and Universities in Anhui Province (KJ2018A0944).

References

J. Cui, X. Zhang, H. Zhong, J. Zhang, and L. Liu, “Extensible conditional privacy protection authentication scheme for secure vehicular networks in a multi-cloud environment,” IEEE Transactions on Information Forensics and Security, vol. 15, no. 1, pp. 1654–1667, 2020.
View at: Publisher Site | Google Scholar
W. Qi, B. Landfeldt, Q. Song, L. Guo, and A. Jamalipour, “Traffic differentiated clustering routing in DSRC and C-V2X hybrid vehicular networks,” IEEE Transactions on Vehicular Technology, vol. 69, 2020.
View at: Publisher Site | Google Scholar
C. Song, M. Y. Zhang, W. P. Peng, Z. Z. Liu, Z. P. Jia, and X. X. Yan, “Research on anonymous authentication scheme in VANET,” Journal of Chinese Computer Systems, vol. 39, no. 5, pp. 899–903, 2018.
View at: Google Scholar
P. Kamat, A. Baliga, and W. Trappe, “An Identity-Based Security Framework for VANETs,” in Proceedings of the International Workshop on Vehicular Ad Hoc Networks, ACM, Los Angeles, CA, USA, January 2006.
View at: Publisher Site | Google Scholar
A. Shamir, “Identity-based cryptosystems and signature schemes,” in Proceedings of the CRYPTO 84 on Advances in Proceedings of CRYPTO 84 on Advances in Cryptology, Santa Barabara, California, USA, 1985.
View at: Publisher Site | Google Scholar
S. F. Tzeng, S. J. Horng, T. Li, X. Wang, P. H. Huang, and M. K. Khan, “Enhancing security and privacy for identity-based batch verification scheme in VANETs,” IEEE Transactions on Vehicular Technology, vol. 66, no. 4, pp. 3235–3248, 2017.
View at: Publisher Site | Google Scholar
J. Zhang, J. Cui, H. Zhong, Z. Chen, and L. Liu, “Pa-Crt: Chinese remainder theorem based conditional privacy-preserving authentication scheme in vehicular ad-hoc networks,” IEEE Transactions on Dependable and Secure Computing, vol. 18, 2019.
View at: Publisher Site | Google Scholar
J. Cui, L. Wei, H. Zhong, J. Zhang, Y. Xu, and L. Liu, “Edge computing in VANETs-an efficient and privacy-preserving cooperative downloading scheme,” IEEE Journal on Selected Areas in Communications, vol. 38, no. 6, pp. 1191–1204, 2020.
View at: Publisher Site | Google Scholar
M. Raya and J. P. Hubaux, “Securing vehicular ad hoc networks,” Journal of Computer Security, vol. 15, no. 1, pp. 39–68, 2007.
View at: Publisher Site | Google Scholar
S. Al-Riyami and K. G. Paterson, “Certificateless Public Key Cryptography,” in Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, pp. 452–473, Taipei, Taiwan, 2003.
View at: Publisher Site | Google Scholar
J. K. Liu, M. H. Au, and W. Susilo, “Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model,” Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, Springer, Berlin, Germany, pp. 273–283, 2007.
View at: Google Scholar
K. A. Shim, “A new certificateless signature scheme provably secure in the standard model,” IEEE Systems Journal, vol. 13, no. 2, pp. 1421–1430, 2019.
View at: Publisher Site | Google Scholar
W. Yang, S. Wang, W. Wu, and Y. Mu, “Top-level secure certificateless signature against malicious-but-passive KGC,” IEEE Access, vol. 7, Article ID 112870, 2019.
View at: Publisher Site | Google Scholar
G. Thumbur, G. S. Rao, P. V. Reddy, N. B. Gayathri, and D. V. R. K. Reddy, “Efficient pairing-free certificateless signature scheme for secure communication in resource-constrained devices,” IEEE Communications Letters, vol. 24, no. 8, pp. 1641–1645, 2020.
View at: Publisher Site | Google Scholar
Q. Mei, X. Hu, J. H. Chen, M. Yang, S. Kumari, and M. K. Khan, “Efficient certificateless aggregate signature with conditional privacy preservation in IoV,” IEEE Systems Journal, vol. 15, pp. 1–12, 2020.
View at: Publisher Site | Google Scholar
I. Ali, T. Lawrence, and F. G. Li, “An efficient identity-based signature scheme without bilinear pairing for vehicle-to-vehicle communication in VANETs,” Journal of Systems Architecture, vol. 103, Article ID 101692, 2020.
View at: Publisher Site | Google Scholar
M. Barbosa and P. Farshim, “Certificateless signcryption,” in Proceedings of the ACM Symposium on Information, Computer and Communications Security-ASIACCS, pp. 369–372, Tokyo, Japan, March 2008.
View at: Publisher Site | Google Scholar
Y. Zheng, “Digital Signcryption or How to Achieve Cost(signature & Encryption)<<cost (Signature)+cost (encryption),” in Proceedings of the Annual International Cryptology Conference, pp. 165–179, Berlin, Germany, May 1997.
View at: Publisher Site | Google Scholar
P. S. L. M. Barreto, A. M. Deusajute, E. De, S. Cruz, and R. R. D. Silva, “Toward Efficient Certiicateless Signcryption from (And without) Bilinear Pairings [EB/OL],” 2008, https://pdfs.semanticscholar.org/c42d/307a94023543067d9668b2fc9442d443070a.pdf.
View at: Google Scholar
C. A. O. Suzhen, X. Lang, X. Liu, and F. Wang, “New heterogeneous signcryption scheme under 5G network,” Netinfo Security, vol. 18, no. 11, pp. 33–39, 2018.
View at: Publisher Site | Google Scholar
F. G. Li, M. Shirase, and T. Takagi, “Certificateless hybrid signcryption,” Mathematical and Computer Modelling, vol. 57, no. 3-4, pp. 324–343, 2013.
View at: Publisher Site | Google Scholar
Z. Liu, Y. Hu, X. Zhang, and H. Ma, “Certificateless signcryption scheme in the standard model,” Information Sciences, vol. 180, no. 3, pp. 452–464, 2010.
View at: Publisher Site | Google Scholar
C. Zhou, W. Zhou, and X. Dong, “Provable certificateless generalized signcryption scheme,” Designs, Codes and Cryptography, vol. 71, no. 2, pp. 331–346, 2014.
View at: Publisher Site | Google Scholar
M. Luo, M. Tu, and J. Xu, “A security communication model based on certificateless online/offline signcryption for Internet of Things,” Security and Communication Networks, vol. 7, no. 10, pp. 1560–1569, 2013.
View at: Publisher Site | Google Scholar
H. F. Yu and B. Yang, “Provably secure certificateless hybrid signcryption,” Chinese Journal of Computers, vol. 38, no. 4, pp. 804–813, 2015, in Chinese with English abstract.
View at: Publisher Site | Google Scholar
H. Du, Q. Wen, S. Zhang, and M. Gao, “A new provably secure certificateless signature scheme for Internet of Things,” Ad Hoc Networks, vol. 100, Article ID 102074, 2020.
View at: Publisher Site | Google Scholar
D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital signature algorithm (ECDSA),” International Journal of Information Security, vol. 1, no. 1, pp. 36–63, 2001.
View at: Publisher Site | Google Scholar
L. Wei, J. Cui, H. Zhong, I. Bolodurina, and L. Liu, “A lightweight and conditional privacy-preserving authenticated key agreement scheme with multi-TA model for fog-based VANETs,” IEEE Transactions on Dependable and Secure Computing, p. 1, 2021.
View at: Publisher Site | Google Scholar
J. Zhang, H. Zhong, J. Cui, Y. Xu, and L. Liu, “SMAKA: secure many-to-many authentication and key agreement scheme for vehicular networks,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 1810–1824, 2021.
View at: Publisher Site | Google Scholar
G. Itkis and L. Reyzin, “Forward-secure signatures with optimal signing and verifying,” Advances in Cryptology - CRYPTO 2001, Springer, Santa Barbara, CA, USA, vol. 2139, pp. 332–354, 2001.
View at: Publisher Site | Google Scholar
R. Parvin, S. Willy, and D. Mohammad, “Efficient certificateless signcryption in the standard model: revisiting Luo and wan’s scheme from wireless personal communications,” The Computer Journal, vol. 62, no. 8, 2018.
View at: Publisher Site | Google Scholar
L. Wei, J. Cui, Y. Xu, J. Cheng, and H. Zhong, “Secure and lightweight conditional privacy-preserving authentication for securing traffic emergency messages in VANETs,” IEEE Transactions on Information Forensics and Security, vol. 16, 2020.
View at: Publisher Site | Google Scholar
P. Kasyoka, M. Kimwele, and S. M. Angolo, “Cryptanalysis of a pairing-free certificateless signcryption scheme,” ICT Express, vol. 7, no. 2, pp. 200–204, 2021.
View at: Publisher Site | Google Scholar
A. Karati, C. I. Fan, and J. J. Huang, “An efficient pairing-free certificateless signcryption without secure channel communication during secret key issuance ☆,” Procedia Computer Science, vol. 171, pp. 110–119, 2020.
View at: Publisher Site | Google Scholar
A. Karati, C. I. Fan, and R. H. Hsu, “Provably secure and generalized signcryption with public verifiability for secure data transmission between resource-constrained IoT devices,” IEEE Internet of Things Journal, vol. 6, no. 6, Article ID 10431, 2019.
View at: Publisher Site | Google Scholar
D. He, S. Zeadally, B. Xu, and X. Huang, “An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 12, pp. 2681–2691, 2015.
View at: Publisher Site | Google Scholar
X. Jia, D. He, Q. Liu, and K. K. R. Choo, “An efficient provably-secure certificateless signature scheme for Internet-of-Things deployment,” Ad Hoc Networks, vol. 71, pp. 78–87, 2018.
View at: Publisher Site | Google Scholar
S. H. Seo, J. Won, and E. Bertino, “pCLSC-TKEM: a pairing-free certificateless signcryption-tag key encapsulation mechanism for a privacy-preserving IoT,” Transactions on Data Privacy, vol. 9, no. 2, pp. 101–130, 2016.
View at: Google Scholar

Copyright

Copyright © 2022 Beibei Cui et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

198

Downloads

318

Citations