Comments on "Revocable and Scalable Certificateless Remote Authentication Protocol With Anonymity for Wireless Body Area Networks"

To solve security and privacy issues in wireless body area networks, several types of digital signature schemes have been adapted to a number of authentication protocols. Recently in IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (TIFS) (DOI: 10.1109/TIFS.2015.2414399), Xiong and Qin proposed a revocable certificateless encryption (R-CLE) scheme against decryption key exposure, and a revocable certificateless signature (R-CLS) scheme against signing key exposure. Then they proposed a revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks based on the combination of R-CLE scheme and R-CLS scheme. However, we show that their RCLS scheme is insecure against type I adversaries: a type I adversary who knows only a user’s secret value can forge signatures on any messages in the same time period. Hence, their authentication protocol fails to meet the claimed security requirements.