Abstract
Recently, Thumbur et al. (IEEE Commun Lett 24(8): 1641–1645, 2020) proposed a pairing-free certificateless signature (PF-CLS) scheme for secure communication in resource-constrained devices. Zhan et al. (IEEE Internet of Things Journal, pp 1-1, 2020) proposed a pairing-free certificateless aggregate signature (PF-CLAS) in healthcare wireless medical sensor networks. The authors proved the security of their schemes under the hardness of mathematical problems in the random oracle model respectively. Unfortunately, we find that the above two recent schemes are insecure. By providing concrete attacks, in this work, we show that an attacker with replacing public key ability can easily impersonate other legitimate users to upload some false messages by forging the target users’ valid signatures on these messages. As a result, the above two signature schemes PF-CLS and PF-CLAS cannot solve the IoT data authenticity and integrity issues pointed out by them. Moreover, we discuss the reasons for our attacks and provide relevant improvements.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Availability of data and material
Not applicable
Code Availability
Not applicable
References
Al-Riyami SS, Paterson KG (2003) Certificateless public key cryptography. In: Laih C (ed) ASIACRYPT 2003, Taipei, Taiwan, November 30 - December 4, 2003, Proceedings
Boneh D, Gentry C, Lynn B, Shacham H (2003) Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham E (ed) EUROCRYPT 2003, Warsaw, Poland, May 4–8, 2003, Proceedings
Du H, Wen Q, Zhang S, Gao M (2020) A new provably secure certificateless signature scheme for internet of things. Ad Hoc Netw 100:102074
Gayathri NB, Gowri T, Kumar PR, Rahman MZU, Reddy PV, Lay-Ekuakille A (2019) Efficient and secure pairing-free certificateless aggregate signature scheme for healthcare wireless medical sensor networks. IEEE Internet Things J 6(5):9064–9075
Hess F (2002) Efficient identity based signature schemes based on pairings. In: Nyberg K, Heys HM (eds) SAC 2002, St. John’s, Newfoundland, Canada, August 15-16, 2002
Karati A, Islam SH, Karuppiah M (2018) Provably secure and lightweight certificateless signature scheme for iiot environments. IEEE Trans Industr Inf 14(8):3701–3711
Lee D, Yim K, Lee I (2020) A certificateless aggregate arbitrated signature scheme for iot environments. Sensors 20(14):3983. https://doi.org/10.3390/s20143983
Liu J, Wang L, Yu Y (2020) Improved security of a pairing-free certificateless aggregate signature in healthcare wireless medical sensor networks. IEEE Internet Things J 7(6):5256–5266
Shamir A (1984) Identity-based cryptosystems and signature schemes. In: CRYPTO 1984, Santa Barbara, California, USA, August 19-22, 1984, Proceedings, vol 196. Springer, pp 47–53
Shim K (2020) Cryptanalysis of two signature schemes for iot-based mobile payments and healthcare wireless medical sensor networks. IEEE Access 8:167203–167208
Su J, Cao D, Zhao B, Wang X, You I (2014) epass: an expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the internet of things. Future Gener Comput Syst 33:11–18
Thumbur G, Rao GS, Reddy PV, Gayathri NB, Reddy DVRK (2020) Efficient pairing-free certificateless signature scheme for secure communication in resource-constrained devices. IEEE Commun Lett 24(8):1641–1645
Zhan Y, Wang B, Lu R (2020) Cryptanalysis and improvement of a pairing-free certificateless aggregate signature in healthcare wireless medical sensor networks. IEEE Internet of Things Journal, pp 1–1. https://doi.org/10.1109/JIOT.2020.3033337
Zhu F, Yi X, Abuadbba A, Khalil I, Nepal S, Huang X (2021) Cost-effective authenticated data redaction with privacy protection in iot. IEEE Internet of Things Journal, pp 1–1. https://doi.org/10.1109/JIOT.2021.3059570
Acknowledgements
The authors would like to thank anonymous reviewers for his/her valuable comments.
Funding
Not applicable
Author information
Authors and Affiliations
Contributions
Feihong Xu contributed to the conception of the work and manuscript preparation. Hui Zeng helped perform the analysis with constructive discussions.
Corresponding author
Ethics declarations
Ethics approval
The manuscript complies with the journal submission policy.
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Xu, F., Zeng, H. On the security of two signature schemes for secure communication in IoT environments. Multimed Tools Appl 83, 43673–43683 (2024). https://doi.org/10.1007/s11042-023-17312-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-17312-7