论文信息 - Cryptanalysis of Two Signature Schemes for IoT-Based Mobile Payments and Healthcare Wireless Medical Sensor Networks

Cryptanalysis of Two Signature Schemes for IoT-Based Mobile Payments and Healthcare Wireless Medical Sensor Networks

Certificateless cryptography does not require any certificate for the public key authentication and users’ public keys are transmitted with ciphertext/signatures or by making them available in the IoT-based public directory in a proper way. Due to these features, certificateless cryptosystems are considered as fundamental cryptographic buildingblocks to provide authenticity, integrity and non-repudiation suitable for IoT applications. Yeh proposed a transaction scheme based on a certificateless signature scheme for IoT-based mobile payments implementing on Android Pay. He showed that the CLS scheme was unforgeable against Type I and Type II adversaries under the intractability of the mathematical problem. Despite the security proofs, we show that Yeh’s scheme is still insecure against both Type I and Type II adversaries. Recently, Gayathri et al. constructed a compact certificateless aggregate signature scheme for Healthcare Wireless Medical Sensor Networks. Their aggregate signatures are constant-size independent of the number of signers. In this paper, we show that anyone can forge certificateless aggregate signatures of their scheme on any sets of messages and identities from only publicly known information, i.e. their scheme is entirely broken. We then discuss some improvements.

Kyung-Ah Shim | Kyung-Ah Shim

[1] Pardeep Kumar,et al. Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey , 2011, Sensors.

[2] Kuo-Hui Yeh,et al. A Secure Transaction Scheme With Certificateless Cryptographic Primitives for IoT-Based Mobile Payments , 2018, IEEE Systems Journal.

[3] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[4] Kenneth G. Paterson,et al. Certificateless Public Key Cryptography , 2003 .

[5] Kyung Sup Kwak,et al. Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[6] Garth V. Crosby,et al. Wireless Body Area Networks for Healthcare: A Survey , 2012 .

[7] P. Vasudeva Reddy,et al. Efficient and Secure Pairing-Free Certificateless Aggregate Signature Scheme for Healthcare Wireless Medical Sensor Networks , 2019, IEEE Internet of Things Journal.

[8] Fan Ye,et al. Mobile crowdsensing: current state and future challenges , 2011, IEEE Communications Magazine.

[9] A. Shamm. Identity-based cryptosystems and signature schemes , 1985 .