On the security of a certificateless online/offline signcryption for Internet of Things
- 938 Downloads
With the development of the Internet of Things (IOT) application, information security and user privacy protection in the IOT have attracted wide attention across the globe. To solve this problem, Luo et al. proposed an efficient certificateless online/offline signcryption (COOSC) scheme for IOT. They have also demonstrated that their scheme is provably in the random oracle model. However, in this paper, we will show their scheme is vulnerable to the private key compromised problem, i.e., an adversary could get a user’s private key through an intercepted message. The analysis show that Luo et al.’s scheme is not suitable for the IOT.
KeywordsInternet of Things Certificateless cryptography Online/offline signcryption Bilinear pairing
The authors thank the editors and the anonymous reviewers for their valuable comments. This research was supported by National Natural Science Foundation of China (nos.61202447), Natural Science Foundation of Hebei Province of China (no. F2013501066), Northeastern University at Qinhuangdao Science and Technology Support Program (no. xnk201307), Beijing Natural Science Foundation (no. 4132055), and Excellent Young Scholars Research Fund of Beijing Institute of Technology.
Conflict of Interest
The author(s) declare(s) that there is no conflict of interests regarding the publication of this article.
- 2.Yan T, Wen QY (2012) A Trust-third-party based key management protocol for secure mobile RFID service based on the Internet of Things. Advances in intelligent and soft computing, LNCS, vol 135. Springer-Verlag, Berlin, pp 201–208Google Scholar
- 3.Liu J, Hu X, Wei ZQ, et al (2012) Location privacy protect model based on positioning middleware among the Internet of Things. In Proceedings of the Computer Science and Electronics Engineering, Hang zhou, China 288–291Google Scholar
- 5.Zheng Y (1997) Digital signcryption or how to achieve cost (signature and encryption) 6 cost (signature) + cost(encryption). In: Goos G, Hartmanis J, van Leeuwen J (eds) Advances in Cryptology-Crypto 1997, LNCS, vol 1294. Springer-Verlag, Berlin, pp 291–312Google Scholar
- 7.Malone-Lee J (2002) Identity based signcryption, Cryptologry ePrint Archive, Report 2002/098, <http://eprint.iacr.org/2002/098>
- 8.Libert B, Quisquater JJ (2003) A new identity based signcryption schemes from pairings. In: 2003 I.E. information theory workshop, Paris, France 155–158Google Scholar
- 10.Zhang F, Mu Y, Susilo W (2005) Reducing security overhead for mobile networks. In Proceedings of the Advanced information networking and applications, Taipei, Taiwan 398–403Google Scholar
- 11.Sun D, Huang X, Mu Y, Susilo W (2008) Identity-based online/off-line signcryption. In Proceedings of the Network and parallel computing, Shanghai, China 34–41Google Scholar
- 13.Selvi SSD, Vivek SS, Rangan CP (2010) Identity based online/offline signcryption scheme. Cryptology ePrint Archive. Available at: http://eprint.iacr.org/2010/376.pdf
- 18.He D, Chen J (2013) An efficient certificateless designated verifier signature scheme. Int Arab J Inf Technol 10(4):317–324Google Scholar
- 22.Sun Y, Zhang F (2010) Secure certificateless encryption with short ciphertext. Chin J Electron 19(2):313–318Google Scholar
- 24.Luo M, Tu M, Xu J (2013) A security communication model based on certificateless online/offline signcryption for Internet of Things, Security and Communication Networks doi: 10.1002/Sec.836