Peer-to-Peer Networking and Applications

, Volume 8, Issue 5, pp 881–885 | Cite as

On the security of a certificateless online/offline signcryption for Internet of Things

  • Wenbo Shi
  • Neeraj Kumar
  • Peng Gong
  • Naveen Chilamkurti
  • Hangbae Chang


With the development of the Internet of Things (IOT) application, information security and user privacy protection in the IOT have attracted wide attention across the globe. To solve this problem, Luo et al. proposed an efficient certificateless online/offline signcryption (COOSC) scheme for IOT. They have also demonstrated that their scheme is provably in the random oracle model. However, in this paper, we will show their scheme is vulnerable to the private key compromised problem, i.e., an adversary could get a user’s private key through an intercepted message. The analysis show that Luo et al.’s scheme is not suitable for the IOT.


Internet of Things Certificateless cryptography Online/offline signcryption Bilinear pairing 



The authors thank the editors and the anonymous reviewers for their valuable comments. This research was supported by National Natural Science Foundation of China (nos.61202447), Natural Science Foundation of Hebei Province of China (no. F2013501066), Northeastern University at Qinhuangdao Science and Technology Support Program (no. xnk201307), Beijing Natural Science Foundation (no. 4132055), and Excellent Young Scholars Research Fund of Beijing Institute of Technology.

Conflict of Interest

The author(s) declare(s) that there is no conflict of interests regarding the publication of this article.


  1. 1.
    Heer T, Garcia-Morchon O, Hummen R et al (2011) Security challenges in the IP-based Internet of Things. Wirel Pers Commun 61(3):527–542CrossRefGoogle Scholar
  2. 2.
    Yan T, Wen QY (2012) A Trust-third-party based key management protocol for secure mobile RFID service based on the Internet of Things. Advances in intelligent and soft computing, LNCS, vol 135. Springer-Verlag, Berlin, pp 201–208Google Scholar
  3. 3.
    Liu J, Hu X, Wei ZQ, et al (2012) Location privacy protect model based on positioning middleware among the Internet of Things. In Proceedings of the Computer Science and Electronics Engineering, Hang zhou, China 288–291Google Scholar
  4. 4.
    Zhou X, Jin Z, Fu Y et al (2011) Short signcryption scheme for the Internet of Things. Informatica 35:521–530MathSciNetMATHGoogle Scholar
  5. 5.
    Zheng Y (1997) Digital signcryption or how to achieve cost (signature and encryption) 6 cost (signature) + cost(encryption). In: Goos G, Hartmanis J, van Leeuwen J (eds) Advances in Cryptology-Crypto 1997, LNCS, vol 1294. Springer-Verlag, Berlin, pp 291–312Google Scholar
  6. 6.
    An JH, Dodis Y, Rabin T (2002) On the security of joint signature and encryption. In: Knudsen LR (ed) Advances in Cryptology-Eurocrypt 2002, LNCS, vol 2332. Springer-Verlag, Berlin, pp 83–107CrossRefGoogle Scholar
  7. 7.
    Malone-Lee J (2002) Identity based signcryption, Cryptologry ePrint Archive, Report 2002/098, <>
  8. 8.
    Libert B, Quisquater JJ (2003) A new identity based signcryption schemes from pairings. In: 2003 I.E. information theory workshop, Paris, France 155–158Google Scholar
  9. 9.
    Even S, Goldreich O, Micali S (1996) On-line/off-line digital signatures. J Cryptol 9(1):35–67MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Zhang F, Mu Y, Susilo W (2005) Reducing security overhead for mobile networks. In Proceedings of the Advanced information networking and applications, Taipei, Taiwan 398–403Google Scholar
  11. 11.
    Sun D, Huang X, Mu Y, Susilo W (2008) Identity-based online/off-line signcryption. In Proceedings of the Network and parallel computing, Shanghai, China 34–41Google Scholar
  12. 12.
    Liu JK, Baek J, Zhou JY (2011) Online/offline identity-based signcryption re-visited. In: Proceedings of the Information Security and Cryptology, LNCS, vol 6584. Berlin, Springer-Verlag, pp 36–51CrossRefGoogle Scholar
  13. 13.
    Selvi SSD, Vivek SS, Rangan CP (2010) Identity based online/offline signcryption scheme. Cryptology ePrint Archive. Available at:
  14. 14.
    Li FG, Khan MK, Alghathbar K, Takagi T (2012) Identity-based online/offline signcryption for low power devices. J Netw Comput Appl 35:340–347CrossRefGoogle Scholar
  15. 15.
    He D, Chen Y, Chen J et al (2011) A new two-round certificateless authenticated key agreement protocol without bilinear pairings. Math Comput Model 54(11):3143–3152CrossRefMATHGoogle Scholar
  16. 16.
    He D, Chen J, Hu J (2012) A pairing‐free certificateless authenticated key agreement protocol. Int J Commun Syst 25(2):221–230CrossRefGoogle Scholar
  17. 17.
    He D, Padhye S, Chen J (2012) An efficient certificateless two-party authenticated key agreement protocol. Comput Math Appl 64(6):1914–1926MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    He D, Chen J (2013) An efficient certificateless designated verifier signature scheme. Int Arab J Inf Technol 10(4):317–324Google Scholar
  19. 19.
    He D, Chen Y, Chen J (2013) An efficient certificateless proxy signature scheme without pairing. Math Comput Model 57(9–10):2510–2518CrossRefMATHGoogle Scholar
  20. 20.
    He D, Huang B, Chen J (2013) New certificateless short signature scheme. IET Inf Secur 7(2):113–117CrossRefGoogle Scholar
  21. 21.
    He D, Chen J, Zhang R (2012) An efficient and provably-secure certificateless signature scheme without bilinear pairings. Int J Commun Syst 25(11):1432–1442CrossRefGoogle Scholar
  22. 22.
    Sun Y, Zhang F (2010) Secure certificateless encryption with short ciphertext. Chin J Electron 19(2):313–318Google Scholar
  23. 23.
    Sun Y, Li H (2010) Short-ciphertext and BDH-based CCA2 secure certificateless encryption. SCIENCE CHINA Inf Sci 53(10):2005–2015CrossRefGoogle Scholar
  24. 24.
    Luo M, Tu M, Xu J (2013) A security communication model based on certificateless online/offline signcryption for Internet of Things, Security and Communication Networks doi: 10.1002/Sec.836
  25. 25.
    Turner SM (1994) Square roots mod p. Am Math Mon 101(5):443–449CrossRefMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Wenbo Shi
    • 1
  • Neeraj Kumar
    • 2
  • Peng Gong
    • 3
  • Naveen Chilamkurti
    • 4
  • Hangbae Chang
    • 5
  1. 1.Department of Electronic EngineeringNortheastern University at QinhuangdaoQinhuangdaoChina
  2. 2.Computer Science & EngineeringThapar UniversityPatialaIndia
  3. 3.National Key Laboratory of Mechatronic Engineering and Control, School of Mechatronical EngineeringBeijing Institute of TechnologyBeijingChina
  4. 4.Department of Computer Science and Computer EngineeringLa Trobe UniversityMelbourneAustralia
  5. 5.Department of Business AdministrationSangmyung UniversitySeoulSouth Korea

Personalised recommendations