Skip to main content
SpringerLink
Log in

Cryptanalysis of Two Signature Schemes for IoT and Mobile Health Systems

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Recently, Lee et al. (Sensors 20(14): 3983, 2020) proposed a certificateless aggregate arbitrated signature scheme CLAAS for IoT environments. Addobea et al. (Secur Commun Networks 7085623: 1–7085623: 12, 2020) constructed an offline-online certificateless signature scheme MHCOOS for mobile health applications. The schemes were proven to be secure against both Type I and Type II adversaries in the random oracle model under the hardness assumptions of cryptographic problems. In this work, we first show that the CLAAS scheme is insecure against a Type I adversary who can replace the user’s public key. We also show that the MHCOOS scheme cannot achieve correctness, a fundamental security property that a signature scheme should provide. As a result, the above two signature schemes cannot be deployed in practical IoT and mobile applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Availability of Data and Material

Not applicable.

References

  1. Addobea, A.A., Hou, J., & Li, Q. (2020). MHCOOS: An offline-online certificateless signature scheme for m-health devices. Secur. Commun. Networks 2020, 7085623:1–7085623:12.

  2. Al-Riyami, S.S., & Paterson, K.G. (2003) Certificateless public key cryptography. In C. Laih (Ed.), Advances in Cryptology - ASIACRYPT 2003, 9th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, November 30 - December 4, 2003, Proceedings, Lecture Notes in Computer Science (Vol. 2894, pp. 452–473). Springer.

  3. Boneh, D., Gentry, C., Lynn, B., & Shacham, H. (2003). Aggregate and verifiably encrypted signatures from bilinear maps. In: E. Biham (Ed.,) Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4-8, 2003, Proceedings, Lecture Notes in Computer Science (Vol. 2656, pp. 416–432). Springer.

  4. Delfs, H., & Knebl, H. (2015). Introduction to cryptography - principles and applications (3rd ed.). Information Security and Cryptography: Springer.

    MATH  Google Scholar 

  5. Galbraith, S. D., Paterson, K. G., & Smart, N. P. (2008). Pairings for cryptographers. Discrete Applied Mathematics, 156(16), 3113–3121.

    Article  MathSciNet  Google Scholar 

  6. Karati, A., Islam, S. H., & Karuppiah, M. (2018). Provably secure and lightweight certificateless signature scheme for iiot environments. IEEE Transactions on Industrial Informatics, 14(8), 3701–3711.

    Article  Google Scholar 

  7. Lee, D., Yim, K., & Lee, I. (2020). A certificateless aggregate arbitrated signature scheme for iot environments. Sensors, 20(14), 3983.

    Article  Google Scholar 

  8. Paterson, K. G., & Price, G. (2003). A comparison between traditional public key infrastructures and identity-based cryptography. Information Security Technical Report, 8(3), 57–72.

    Article  Google Scholar 

  9. Subramanya, S. R., & Yi, B. K. (2006). Digital signatures. IEEE Potentials, 25(2), 5–8. https://doi.org/10.1109/MP.2006.1649003.

    Article  Google Scholar 

  10. Thumbur, G., Rao, G. S., Reddy, P. V., Gayathri, N. B., & Reddy, D. V. R. K. (2020). Efficient pairing-free certificateless signature scheme for secure communication in resource-constrained devices. IEEE Communications Letters, 24(8), 1641–1645.

    Article  Google Scholar 

  11. Yum, D.H., & Lee, P.J. (2004). Identity-based cryptography in public key management. In EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings (Vol. 3093, pp. 71–84). Springer.

Download references

Acknowledgements

The authors would like to thank anonymous reviewers for his/her valuable comments.

Funding

Not applicable.

Author information

Authors and Affiliations

  1. Wuchang University of Technology, Wuhan, China

    Feihong Xu & Hui Zeng

Authors
  1. Feihong Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hui Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Feihong Xu contributed to the conception of the work and manuscript prepa- ration. Hui Zeng helped perform the analysis with constructive discussions.

Corresponding author

Correspondence to Feihong Xu.

Ethics declarations

Conflicts of interest

The authors declare that they have no conflict of interest.

Ethical Approval

The manuscript complies with the journal submission policy.

Code availability

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xu, F., Zeng, H. Cryptanalysis of Two Signature Schemes for IoT and Mobile Health Systems. Wireless Pers Commun 122, 2035–2043 (2022). https://doi.org/10.1007/s11277-021-08979-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08979-y

Keywords

Search

Navigation