Abstract
With the development of the Internet of Things (IOT) application, information security and user privacy protection in the IOT have attracted wide attention across the globe. To solve this problem, Luo et al. proposed an efficient certificateless online/offline signcryption (COOSC) scheme for IOT. They have also demonstrated that their scheme is provably in the random oracle model. However, in this paper, we will show their scheme is vulnerable to the private key compromised problem, i.e., an adversary could get a user’s private key through an intercepted message. The analysis show that Luo et al.’s scheme is not suitable for the IOT.
Similar content being viewed by others
References
Heer T, Garcia-Morchon O, Hummen R et al (2011) Security challenges in the IP-based Internet of Things. Wirel Pers Commun 61(3):527–542
Yan T, Wen QY (2012) A Trust-third-party based key management protocol for secure mobile RFID service based on the Internet of Things. Advances in intelligent and soft computing, LNCS, vol 135. Springer-Verlag, Berlin, pp 201–208
Liu J, Hu X, Wei ZQ, et al (2012) Location privacy protect model based on positioning middleware among the Internet of Things. In Proceedings of the Computer Science and Electronics Engineering, Hang zhou, China 288–291
Zhou X, Jin Z, Fu Y et al (2011) Short signcryption scheme for the Internet of Things. Informatica 35:521–530
Zheng Y (1997) Digital signcryption or how to achieve cost (signature and encryption) 6 cost (signature) + cost(encryption). In: Goos G, Hartmanis J, van Leeuwen J (eds) Advances in Cryptology-Crypto 1997, LNCS, vol 1294. Springer-Verlag, Berlin, pp 291–312
An JH, Dodis Y, Rabin T (2002) On the security of joint signature and encryption. In: Knudsen LR (ed) Advances in Cryptology-Eurocrypt 2002, LNCS, vol 2332. Springer-Verlag, Berlin, pp 83–107
Malone-Lee J (2002) Identity based signcryption, Cryptologry ePrint Archive, Report 2002/098, <http://eprint.iacr.org/2002/098>
Libert B, Quisquater JJ (2003) A new identity based signcryption schemes from pairings. In: 2003 I.E. information theory workshop, Paris, France 155–158
Even S, Goldreich O, Micali S (1996) On-line/off-line digital signatures. J Cryptol 9(1):35–67
Zhang F, Mu Y, Susilo W (2005) Reducing security overhead for mobile networks. In Proceedings of the Advanced information networking and applications, Taipei, Taiwan 398–403
Sun D, Huang X, Mu Y, Susilo W (2008) Identity-based online/off-line signcryption. In Proceedings of the Network and parallel computing, Shanghai, China 34–41
Liu JK, Baek J, Zhou JY (2011) Online/offline identity-based signcryption re-visited. In: Proceedings of the Information Security and Cryptology, LNCS, vol 6584. Berlin, Springer-Verlag, pp 36–51
Selvi SSD, Vivek SS, Rangan CP (2010) Identity based online/offline signcryption scheme. Cryptology ePrint Archive. Available at: http://eprint.iacr.org/2010/376.pdf
Li FG, Khan MK, Alghathbar K, Takagi T (2012) Identity-based online/offline signcryption for low power devices. J Netw Comput Appl 35:340–347
He D, Chen Y, Chen J et al (2011) A new two-round certificateless authenticated key agreement protocol without bilinear pairings. Math Comput Model 54(11):3143–3152
He D, Chen J, Hu J (2012) A pairing‐free certificateless authenticated key agreement protocol. Int J Commun Syst 25(2):221–230
He D, Padhye S, Chen J (2012) An efficient certificateless two-party authenticated key agreement protocol. Comput Math Appl 64(6):1914–1926
He D, Chen J (2013) An efficient certificateless designated verifier signature scheme. Int Arab J Inf Technol 10(4):317–324
He D, Chen Y, Chen J (2013) An efficient certificateless proxy signature scheme without pairing. Math Comput Model 57(9–10):2510–2518
He D, Huang B, Chen J (2013) New certificateless short signature scheme. IET Inf Secur 7(2):113–117
He D, Chen J, Zhang R (2012) An efficient and provably-secure certificateless signature scheme without bilinear pairings. Int J Commun Syst 25(11):1432–1442
Sun Y, Zhang F (2010) Secure certificateless encryption with short ciphertext. Chin J Electron 19(2):313–318
Sun Y, Li H (2010) Short-ciphertext and BDH-based CCA2 secure certificateless encryption. SCIENCE CHINA Inf Sci 53(10):2005–2015
Luo M, Tu M, Xu J (2013) A security communication model based on certificateless online/offline signcryption for Internet of Things, Security and Communication Networks doi:10.1002/Sec.836
Turner SM (1994) Square roots mod p. Am Math Mon 101(5):443–449
Acknowledgments
The authors thank the editors and the anonymous reviewers for their valuable comments. This research was supported by National Natural Science Foundation of China (nos.61202447), Natural Science Foundation of Hebei Province of China (no. F2013501066), Northeastern University at Qinhuangdao Science and Technology Support Program (no. xnk201307), Beijing Natural Science Foundation (no. 4132055), and Excellent Young Scholars Research Fund of Beijing Institute of Technology.
Conflict of Interest
The author(s) declare(s) that there is no conflict of interests regarding the publication of this article.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Shi, W., Kumar, N., Gong, P. et al. On the security of a certificateless online/offline signcryption for Internet of Things. Peer-to-Peer Netw. Appl. 8, 881–885 (2015). https://doi.org/10.1007/s12083-014-0249-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-014-0249-3