Cryptanalysis of a lightweight certificateless signature scheme for IIOT environments

Zhang, B; Zhu, T; Hu, C; Zhao, C

Cryptanalysis of a lightweight certificateless signature scheme for IIOT environments

Zhang, B Zhu, T

Hu, C Zhao, C

Permalink

Publication Type:: Journal Article
Citation:: IEEE Access, 2018, 6 pp. 73885 - 73894
Issue Date:: 2018-01-01

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Published VersionAdobe PDF (2.88 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Zhang, B	en_US
dc.contributor.author	Zhu, T https://orcid.org/0000-0003-3411-7947	en_US
dc.contributor.author	Hu, C	en_US
dc.contributor.author	Zhao, C	en_US
dc.date.issued	2018-01-01	en_US
dc.identifier.citation	IEEE Access, 2018, 6 pp. 73885 - 73894	en_US
dc.identifier.uri	http://hdl.handle.net/10453/133040
dc.description.abstract	© 2013 IEEE. As an extremely significant cryptographic primitive, certificateless signature (CLS) schemes can provide message authentication with no use of traditional digital certificates. High efficiency and provable security without random oracle are challensges in designing a CLS scheme. Recently, Karati et al. proposed an efficient pairing-based CLS scheme with no use of map-to-point hash function and random oracle model to provide data authenticity in Industrial Internet of Things (IIoT) systems. The security proof was given under several hardness assumptions. However, we notice that both public key replacement attack and known message attack are existing in Karati et al.'s scheme. Any adversary without knowledge of signer's private key is capable of forging valid signatures. This leads to several serious consequences. For example, anybody can sign IIoT data on behalf of IIoT data owner without being detected.	en_US
dc.relation.ispartof	IEEE Access	en_US
dc.relation.isbasedon	10.1109/ACCESS.2018.2883581	en_US
dc.title	Cryptanalysis of a lightweight certificateless signature scheme for IIOT environments	en_US
dc.type	Journal Article
utslib.citation.volume	6	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0806 Information Systems	en_US
utslib.for	08 Information and Computing Sciences	en_US
utslib.for	09 Engineering	en_US
utslib.for	10 Technology	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
utslib.copyright.status	open_access
pubs.publication-status	Published	en_US
pubs.volume	6	en_US

Abstract:

© 2013 IEEE. As an extremely significant cryptographic primitive, certificateless signature (CLS) schemes can provide message authentication with no use of traditional digital certificates. High efficiency and provable security without random oracle are challensges in designing a CLS scheme. Recently, Karati et al. proposed an efficient pairing-based CLS scheme with no use of map-to-point hash function and random oracle model to provide data authenticity in Industrial Internet of Things (IIoT) systems. The security proof was given under several hardness assumptions. However, we notice that both public key replacement attack and known message attack are existing in Karati et al.'s scheme. Any adversary without knowledge of signer's private key is capable of forging valid signatures. This leads to several serious consequences. For example, anybody can sign IIoT data on behalf of IIoT data owner without being detected.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/133040