In a recent paper, Shim (2012) presented a very interesting authentication scheme for vehicular sensor networks. Shim claimed that the scheme is secure against the highest adopted level of attack, namely the chosen-message attack (CID-CMA). Nevertheless, we find that the proof in Shim's paper does not actually prove that the scheme is secure in this level. Instead, it can only ensure that the scheme is secure in a strictly weaker level of attack, the adaptive chosen-identity and no-message attack (CID-NMA). In this paper, first we show that there exist some security risks in vehicular networks if a scheme, which is only secure against CID-NMA but not CID-CMA, is deployed. Hence, having the proof that the scheme is only CID-NMA is insufficient for the aforementioned application. That is, Shim did not prove that the proposed scheme can resist these kinds of attack. Here, we use a different approach to prove the scheme for security against CID-CMA. We note that this proof is essential to ensure that the scheme can indeed be used for the aforementioned scenario. In addition, we also show that the batch verification of the scheme, proposed in the same paper, may have non-negligible error. Two invalid signatures may give a positive result. We further improve the batch verification part so that the error rate can be reduced to negligible level.
AbstractIn a recent paper, Shim [21] presented a very interesting authentication scheme for vehicular sensor networks. Shim claimed that the scheme is secure against the highest adopted level of attack, namely the chosen-message attack (CID-CMA). Nevertheless, we find that the proof in Shim's paper does not actually prove that the scheme is secure in this level. Instead, it can only ensure that the scheme is secure in a strictly weaker level of attack, the adaptive chosenidentity and no-message attack (CID-NMA). In this paper, first we show that there exist some security risks in vehicular networks if a scheme, which is only secure against CID-NMA but not CID-CMA, is deployed. Hence, having the proof that the scheme is only CID-NMA is insufficient for the aforementioned application. That is, Shim did not prove that the proposed scheme can resist these kinds of attack. Here, we use a different approach to prove the scheme for security against CID-CMA. We note that this proof is essential to ensure that the scheme can indeed be used for the aforementioned scenario. In addition, we also show that the batch verification of the scheme, proposed in the same paper, may have non-negligible error. Two invalid signatures may give a positive result. We further improve the batch verification part so that the error rate can be reduced to negligible level.