Received: 25 June 2019 Revised: 19 October 2019 Accepted: 27 October 2019 DOI: 10.1002/spy2.104 RESEARCH ARTICLE On the security of privacy-preserving authentication scheme with full aggregation in vehicular ad hoc network Ismaila A. Kamil Sunday O. Ogundoyin Security, Privacy, and Communication (SPCOM) Research Group, Department of Electrical and Electronic Engineering, University of Ibadan, Ibadan, Nigeria Correspondence Sunday O. Ogundoyin, Security, Privacy, and Communication (SPCOM) Research Group, Department of Electrical and Electronic Engineering, University of Ibadan, Ibadan, Nigeria. Email: honsybee@yahoo.com Abstract Certificateless aggregate signature (CLAS) scheme is a very important cryp- tographic technique used in many internet of things (IoT) applications like healthcare wireless sensor networks, industrial IoT, smart agriculture, and smart transportation to achieve privacy and integrity of transmitted information, and improved efficiency. Recently, a privacy-preserving authentication scheme based on CLAS scheme for secure communication in vehicular ad hoc net- work (VANET) which can achieve complete aggregation was proposed. The authors demonstrated that their scheme is semantically secure in the random oracle model based on the intractability of the computational Diffie-Hellman (CDH) problem under the consideration of type I and II attacks. However, by giving two concrete attacks, we show that the scheme is insecure in the stan- dard security model. Consequently, we propose a fix by modifying the sign, verify, and aggregate-verify algorithms of the scheme. Afterwards, we demon- strate that with this modification, the improved scheme is semantically secure against forgery attacks in the random oracle model under the intractability of the CDH problem. An analysis of the performance of the proposed scheme and the related schemes shows the former is much more efficient and suitable for practical application. KEYWORDS aggregate signature, certificateless, computational Diffie-Hellman, privacy, random oracle, vehicular ad hoc networks 1 INTRODUCTION Intelligent transportation system (ITS) employs the applications of sensing, control, communication, and data analytic technologies to provide inventive services that can effectively address the traffic-related issues inherent in the traditional transportation system. In recent times, vehicles equipped with communication devices known as on-board units (OBUs) are emerging. Furthermore, roadside units (RSUs) are also being deployed along the roadside and at intersections to allow communication between vehicles and infrastructure. This new paradigm has innovated a self-organizing network known as vehicular ad hoc network (VANET). In general, as shown in Figure 1, a VANET consists of a trusted authority (TA), OBU-installed vehicles, and RSUs. Communication among vehicles, and between an RSU and an OBU is referred to as vehicle-to-vehicle (V2V) and is achieved using a dedicated short-range communication (DSRC) protocol 1 ; while the TA, RSUs, and an application server (AS) communicate using a secure wired channel such as the Internet. 2 According Security Privacy. 2020;3:e104. wileyonlinelibrary.com/journal/spy2 © 2020 John Wiley & Sons, Ltd. 1 of 20 https://doi.org/10.1002/spy2.104