On the Security of Certificateless Signature Schemes

Authentication in low power devices is still considered to be an expensive process. CertificateLess Signature is one of the approaches to facilitate authentication in these devices. Wireless Sensor Networks (WSNs) are such low power inexpensive networks, which needs authentication of message. In this paper, a CertificateLess Signature proposed by Gong et al. is analyzed and an approach is being proposed to reduce the computation cost by more than 50 percent. The main benefits of our approach are (i) some computations can be performed by Key Generation Center (KGC) instead of sensor node (ii) signature size is merely increased a few bytes but saves a lot computation in multi-hop networks (iii) balance of computations on all sensor nodes and hence, increases the overall network lifetime.

IEEE Transactions on Industrial Informatics, 2018

As an extremely significant cryptographic primitive, certificateless signature (CLS) schemes can provide message authentication with no use of traditional digital certificates. High efficiency and provable security without random oracle are challenges in designing a CLS scheme. Recently, Karati et al. proposed an efficient pairing-based CLS scheme with no use of map-to-point hash function and random oracle model to provide data authenticity in Industrial Internet of Things (IIoT) systems. The security proof was given under several hardness assumptions. However, we notice that both public key replacement attack and known message attack are existing in Karati et al.'s scheme. Any adversary without knowledge of signer's private key is capable of forging valid signatures. This leads to several serious consequences. For example, anybody can sign IIoT data on behalf of IIoT data owner without being detected. INDEX TERMS Public key replacement attack, known message attack, digital signature, certificateless.

Int. J. Netw. Secur., 2014

This paper describes an efficient and secure online and off-line signature scheme for wireless sensor network (WSN). Security of the proposed scheme is based on difficulty of breaking Bilinear Diffie-Hellman problem (BDHP). WSN systems are usually deployed in hostile environments where they encounter a wide variety of malicious attacks. Information that is the cooked data collected within the sensor network, is valuable and should be kept confidential. In order to protect this transmitted information or messages between any two adjacent sensor nodes, a mutual authentication and key establishment protocol is required for wireless sensor networks. Because some inherent restrictions of sensor nodes which include low power, less storage space, low computation ability and short communication range most existing protocols attempt to establish a pairwise key between any two adjacent sensor nodes by adopting a key pre-distribution approach. In order to further reduce the computational cost ...

Designs, Codes and Cryptography, 2007

Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we give some concrete examples to show that the security requirements of some building blocks they specified are insufficient to support some of their security claims. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is * A preliminary version of the extended abstract of partial results appeared in ACISP 2006 [9]. Girault's Level 2 security. For achieving Level 3 security, that a conventional signature scheme in Public Key Infrastructure does, we propose an extension to our definition of certificateless signature scheme and introduce an additional security model for this extension. We show that our generic construction satisfies Level 3 security after some appropriate and simple modification.

In this paper, we propose an elliptic curve-based signcryption scheme derived from the standardized signature KCDSA (Korean Certificate-based Digital Signature Algorithm) in the context of the Internet of Things. Our solution has several advantages. First, the scheme is provably secure in the random oracle model. Second, it provides the following security properties: outsider/insider confidentiality and unforgeability; non-repudiation and public verifiability, while being efficient in terms of communication and computation costs. Third, the scheme offers the certificateless feature, so certificates are not needed to verify the user’s public keys. For illustration, we conducted experimental evaluation based on a sensor Wismote platform and compared the performance of the proposed scheme to concurrent schemes.

2015

Wireless sensor network (WNS) is now an inevitable component of the internet of things (IoT), this integration creates new security challenges that exist between the sensor nodes and the internet host, thus, issue regarding setting up a non-compromised channel between these two ends. In this scheme we required that the sender of the message belongs to the internet host where huge computation can be done without incurring any delays or computational problem while the receiver belongs to the sensor node. The scheme is shown to be suitable and secure using random oracle of bilinear Diffie-Hellman assumption hence providing strong security for wireless sensors into internet of things.

The Computer Journal, 2012

We present a study of security in certificateless signatures. We divide potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type IAdversary and Type IIAdversary in certificateless cryptography, we then define the security of certificateless signatures in different attack scenarios. Our new security models, together with others in the literature, provide a clear definition of the security in certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proven secure (in the random oracle model) against Normal Type I and Super Type II adversaries, has the shortest signature length among all known certificateless signature schemes. The second scheme is secure (in the random oracle model) against Super Type I and Type II adversaries. Compared with another scheme that has a similar security level, our second scheme requires less operational cost but a little longer signature length. Two server-aided verification protocols are also proposed to reduce the verification cost on the verifier. 1 This is the revised and full version of an extended abstract presented at ACISP 2007 [1].

Journal of Sensor and Actuator Networks

As an extension of the wired network, the use of the wireless communication network has considerably boosted users’ productivity at work and in their daily lives. The most notable aspect of the wireless communication network is that it overcomes the constraints of the wired network, reduces the amount of cost spent on wire maintenance, and distributes itself in a manner that is both more extensive and flexible. Combining wireless communication with the Internet of Things (IoT) can be used in several applications, including smart cities, smart traffic, smart farming, smart drones, etc. However, when exchanging data, wireless communication networks use an open network, allowing unauthorized users to engage in communication that is seriously destructive. Therefore, authentication through a digital signature will be the best solution to tackle such problems. Several digital signatures are contributing to the authentication process in a wireless communication network; however, they are s...

Lecture Notes in Computer Science, 2007

In this paper we revisit the security models of certificateless signatures and propose two new constructions which are provably secure in the random oracle model. We divide the potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type I Adversary and Type II Adversary in certificateless system, we then define the security of certificateless signatures in different attack scenarios. Our new models, together with the others in the literature, will enable us to better understand the security of certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proved secure against Normal Type I and Super Type II Adversary, enjoys the shortest signature length among all the known certificateless signature schemes. The second scheme is secure against Super Type I and Type II adversary. Compared with the scheme in ACNS 2006 which has a similar security level, our second scheme requires lower operation cost but a little longer signature length.

Lecture Notes in Computer Science, 2005

Certificateless public key cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and, at the same time, solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against the super adversaries. Nevertheless, in this paper, we show that their scheme is insecure even against a strong Type I adversary. We also propose a new certificateless short signature scheme which is more efficient and more secure than Choi et al.'s scheme.