On the Security of Certificateless Signature Schemes

Wireless Sensor Network (WSN) has proved its presence in various real time applications and hence the security of such embedded devices is a vital issue. Certificateless cryptography is one of the recent paradigms to provide security. Certificateless public key cryptography (CL-PKC) deals effectively with the twin issues of certificate management in traditional public key cryptography and key escrow problem in identity-based cryptography. CL-PKC has attracted special attention in the field of information security as it has opened new avenues for improvement in the present security architecture. Recently, Tsai et al. proposed an improved certificateless signature scheme without pairing and claimed that their new construction is secure against different kinds of attacks. In this paper, we present a security analysis of their scheme and our results show that scheme does not have resistance against malicious-KGC attack. In addition, we have found some security flaws in the certificateless signature scheme of Fan et al. and proved the scheme vulnerable to Strong Type I attack.

[1]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[2]  Xinyi Huang,et al.  Efficient and short certificateless signatures secure against realistic adversaries , 2011, The Journal of Supercomputing.

[3]  Rui Zhang,et al.  An efficient and provably‐secure certificateless signature scheme without bilinear pairings , 2012, Int. J. Commun. Syst..

[4]  Dong Hoon Lee,et al.  A new provably secure certificateless short signature scheme , 2011, Comput. Math. Appl..

[5]  Xue Liu,et al.  A Certificateless Signature Scheme for Mobile Wireless Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[6]  Jia-Lun Tsai,et al.  Weaknesses and improvements of an efficient certificateless signature scheme without using bilinear pairings , 2014, Int. J. Commun. Syst..

[7]  Willy Susilo,et al.  Strongly secure certificateless short signatures , 2012, J. Syst. Softw..

[8]  Duncan S. Wong,et al.  Certificateless Public-Key Signature: Security Model and Efficient Construction , 2006, ACNS.

[9]  Kenneth G. Paterson,et al.  An Attack on a Certificateless Signature Scheme , 2006, IACR Cryptol. ePrint Arch..

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Xue Liu,et al.  McCLS: Certificateless Signature Scheme for Emergency Mobile Wireless Cyber-Physical Systems , 2008, Int. J. Comput. Commun. Control.

[12]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[13]  Yong Tang,et al.  An Efficient Certificateless Signature from Pairings , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[14]  Kyung-Ah Shim,et al.  Breaking the short certificateless signature scheme , 2009, Inf. Sci..

[15]  Yi Mu,et al.  Certificateless Signatures: New Schemes and Security Models , 2012, Comput. J..

[16]  Je Hong Park,et al.  Security Analysis of the Certificateless Signature Scheme Proposed at SecUbiq 2006 , 2007, EUC Workshops.

[17]  Xiangxue Li,et al.  Certificateless signature and proxy signature schemes from bilinear pairings , 2005 .

[18]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[19]  Syh-Yuan Tan,et al.  On the security of a certificateless short signature scheme , 2011, IACR Cryptol. ePrint Arch..

[20]  Yi Mu,et al.  Certificateless Signature Revisited , 2007, ACISP.

[21]  Qiaoyan Wen,et al.  Efficient and provably-secure certificateless short signature scheme from bilinear pairings , 2009, Comput. Stand. Interfaces.

[22]  Xinyi Huang,et al.  Efficient and Short Certificateless Signature , 2008, CANS.

[23]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[24]  Willy Susilo,et al.  Cryptanalysis on Two Certificateless Signature Schemes , 2010, Int. J. Comput. Commun. Control.

[25]  Bok-Min Goi,et al.  An Efficient Certificateless Signature Scheme , 2006, IACR Cryptol. ePrint Arch..

[26]  Jean-Jacques Quisquater,et al.  On Constructing Certificateless Cryptosystems from Identity Based Encryption , 2006, Public Key Cryptography.

[27]  Gwoboa Horng,et al.  On the security models for certificateless signature schemes achieving level 3 security , 2011, IACR Cryptol. ePrint Arch..

[28]  Liusheng Huang,et al.  Cryptanalysis of a certificateless signature scheme without pairings , 2013, Int. J. Commun. Syst..

[29]  Chun-I Fan,et al.  Truly Non-Repudiation Certificateless Short Signature Scheme from Bilinear Pairings , 2011, J. Inf. Sci. Eng..

[30]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[31]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .