The security and privacy challenges faced by Vehicular Ad hoc Networks (VANETs) have led to the development of conditional privacy-preserving authentication (CPPA) schemes. Hardware security modules (HSMs) are seen as a promising solution for implementing these schemes while minimizing the burden on certificate storage. However, existing HSM-based CPPA schemes still have high computation overhead and do not meet the forward security requirements for system secret key (SSK) updates. To address these challenges, we propose an HSM-based lightweight CPPA scheme for VANETs that enjoy low computation costs. Most operations could be performed within the HSM before the message is ready to be signed, reducing real-time computation delay. The scheme also supports SSK updating using an identity-based batch multi-signature algorithm, which helps to provide forward security and vehicle revocation. Especially, the proposed SSK update scheme does not rely on any single trusted authority. Formal proof demonstrates that the proposed scheme satisfies the desired security notions. Our analysis shows that this scheme surpasses other similar ones in terms of efficiency when it comes to generating signatures.

中文翻译：

---

基于硬件安全模块的轻量级条件隐私保护 VANET 身份验证


车载自组织网络 (VANET) 面临的安全和隐私挑战导致了条件隐私保护身份验证 (CPPA) 方案的发展。硬件安全模块 (HSM) 被视为实现这些方案的有前途的解决方案，同时最大限度地减少证书存储的负担。然而，现有的基于HSM的CPPA方案仍然具有较高的计算开销，并且不能满足系统密钥（SSK）更新的前向安全要求。为了应对这些挑战，我们提出了一种基于 HSM 的轻量级 CPPA 方案，用于计算成本较低的 VANET。大多数操作可以在消息准备好签名之前在 HSM 内执行，从而减少实时计算延迟。该方案还支持使用基于身份的批量多重签名算法进行SSK更新，这有助于提供前向安全和车辆撤销。特别是，所提出的 SSK 更新方案不依赖于任何单一的可信机构。形式证明表明所提出的方案满足所需的安全概念。我们的分析表明，该方案在生成签名方面的效率优于其他类似方案。