Skip to main content
SpringerLink
Log in

On the security of a certificateless online/offline signcryption for Internet of Things

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

With the development of the Internet of Things (IOT) application, information security and user privacy protection in the IOT have attracted wide attention across the globe. To solve this problem, Luo et al. proposed an efficient certificateless online/offline signcryption (COOSC) scheme for IOT. They have also demonstrated that their scheme is provably in the random oracle model. However, in this paper, we will show their scheme is vulnerable to the private key compromised problem, i.e., an adversary could get a user’s private key through an intercepted message. The analysis show that Luo et al.’s scheme is not suitable for the IOT.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Heer T, Garcia-Morchon O, Hummen R et al (2011) Security challenges in the IP-based Internet of Things. Wirel Pers Commun 61(3):527–542

    Article  Google Scholar 

  2. Yan T, Wen QY (2012) A Trust-third-party based key management protocol for secure mobile RFID service based on the Internet of Things. Advances in intelligent and soft computing, LNCS, vol 135. Springer-Verlag, Berlin, pp 201–208

    Google Scholar 

  3. Liu J, Hu X, Wei ZQ, et al (2012) Location privacy protect model based on positioning middleware among the Internet of Things. In Proceedings of the Computer Science and Electronics Engineering, Hang zhou, China 288–291

  4. Zhou X, Jin Z, Fu Y et al (2011) Short signcryption scheme for the Internet of Things. Informatica 35:521–530

    MathSciNet  MATH  Google Scholar 

  5. Zheng Y (1997) Digital signcryption or how to achieve cost (signature and encryption) 6 cost (signature) + cost(encryption). In: Goos G, Hartmanis J, van Leeuwen J (eds) Advances in Cryptology-Crypto 1997, LNCS, vol 1294. Springer-Verlag, Berlin, pp 291–312

    Google Scholar 

  6. An JH, Dodis Y, Rabin T (2002) On the security of joint signature and encryption. In: Knudsen LR (ed) Advances in Cryptology-Eurocrypt 2002, LNCS, vol 2332. Springer-Verlag, Berlin, pp 83–107

    Chapter  Google Scholar 

  7. Malone-Lee J (2002) Identity based signcryption, Cryptologry ePrint Archive, Report 2002/098, <http://eprint.iacr.org/2002/098>

  8. Libert B, Quisquater JJ (2003) A new identity based signcryption schemes from pairings. In: 2003 I.E. information theory workshop, Paris, France 155–158

  9. Even S, Goldreich O, Micali S (1996) On-line/off-line digital signatures. J Cryptol 9(1):35–67

    Article  MathSciNet  MATH  Google Scholar 

  10. Zhang F, Mu Y, Susilo W (2005) Reducing security overhead for mobile networks. In Proceedings of the Advanced information networking and applications, Taipei, Taiwan 398–403

  11. Sun D, Huang X, Mu Y, Susilo W (2008) Identity-based online/off-line signcryption. In Proceedings of the Network and parallel computing, Shanghai, China 34–41

  12. Liu JK, Baek J, Zhou JY (2011) Online/offline identity-based signcryption re-visited. In: Proceedings of the Information Security and Cryptology, LNCS, vol 6584. Berlin, Springer-Verlag, pp 36–51

    Chapter  Google Scholar 

  13. Selvi SSD, Vivek SS, Rangan CP (2010) Identity based online/offline signcryption scheme. Cryptology ePrint Archive. Available at: http://eprint.iacr.org/2010/376.pdf

  14. Li FG, Khan MK, Alghathbar K, Takagi T (2012) Identity-based online/offline signcryption for low power devices. J Netw Comput Appl 35:340–347

    Article  Google Scholar 

  15. He D, Chen Y, Chen J et al (2011) A new two-round certificateless authenticated key agreement protocol without bilinear pairings. Math Comput Model 54(11):3143–3152

    Article  MATH  Google Scholar 

  16. He D, Chen J, Hu J (2012) A pairing‐free certificateless authenticated key agreement protocol. Int J Commun Syst 25(2):221–230

    Article  Google Scholar 

  17. He D, Padhye S, Chen J (2012) An efficient certificateless two-party authenticated key agreement protocol. Comput Math Appl 64(6):1914–1926

    Article  MathSciNet  MATH  Google Scholar 

  18. He D, Chen J (2013) An efficient certificateless designated verifier signature scheme. Int Arab J Inf Technol 10(4):317–324

    Google Scholar 

  19. He D, Chen Y, Chen J (2013) An efficient certificateless proxy signature scheme without pairing. Math Comput Model 57(9–10):2510–2518

    Article  MATH  Google Scholar 

  20. He D, Huang B, Chen J (2013) New certificateless short signature scheme. IET Inf Secur 7(2):113–117

    Article  Google Scholar 

  21. He D, Chen J, Zhang R (2012) An efficient and provably-secure certificateless signature scheme without bilinear pairings. Int J Commun Syst 25(11):1432–1442

    Article  Google Scholar 

  22. Sun Y, Zhang F (2010) Secure certificateless encryption with short ciphertext. Chin J Electron 19(2):313–318

    Google Scholar 

  23. Sun Y, Li H (2010) Short-ciphertext and BDH-based CCA2 secure certificateless encryption. SCIENCE CHINA Inf Sci 53(10):2005–2015

    Article  Google Scholar 

  24. Luo M, Tu M, Xu J (2013) A security communication model based on certificateless online/offline signcryption for Internet of Things, Security and Communication Networks doi:10.1002/Sec.836

  25. Turner SM (1994) Square roots mod p. Am Math Mon 101(5):443–449

    Article  MATH  Google Scholar 

Download references

Acknowledgments

The authors thank the editors and the anonymous reviewers for their valuable comments. This research was supported by National Natural Science Foundation of China (nos.61202447), Natural Science Foundation of Hebei Province of China (no. F2013501066), Northeastern University at Qinhuangdao Science and Technology Support Program (no. xnk201307), Beijing Natural Science Foundation (no. 4132055), and Excellent Young Scholars Research Fund of Beijing Institute of Technology.

Conflict of Interest

The author(s) declare(s) that there is no conflict of interests regarding the publication of this article.

Author information

Authors and Affiliations

  1. Department of Electronic Engineering, Northeastern University at Qinhuangdao, Qinhuangdao, China

    Wenbo Shi

  2. Computer Science & Engineering, Thapar University, Patiala, India

    Neeraj Kumar

  3. National Key Laboratory of Mechatronic Engineering and Control, School of Mechatronical Engineering, Beijing Institute of Technology, Beijing, China

    Peng Gong

  4. Department of Computer Science and Computer Engineering, La Trobe University, Melbourne, Australia

    Naveen Chilamkurti

  5. Department of Business Administration, Sangmyung University, Seoul, South Korea

    Hangbae Chang

Authors
  1. Wenbo Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Neeraj Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Gong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Naveen Chilamkurti
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hangbae Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Neeraj Kumar.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Shi, W., Kumar, N., Gong, P. et al. On the security of a certificateless online/offline signcryption for Internet of Things. Peer-to-Peer Netw. Appl. 8, 881–885 (2015). https://doi.org/10.1007/s12083-014-0249-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0249-3

Keywords

Search

Navigation