Types of lightweight cryptographies in current developments for resource constrained machine type communication devices: challenges and opportunities

Machine-type communication devices have become a vital part of the autonomous industrial internet of things and industry 4.0. These autonomous resource-constrained devices share sensitive data, and are primarily acquired for automation and to operate consistently in remote environments under severe conditions. The requirements to secure the sensitive data shared between these devices consist of a resilient encryption technique with affordable operational costs. Consequently, devices, data, and networks are made secure by adopting a lightweight cryptosystem that should achieve robust security with sufficient computational and communication costs and counter modern security threats. This paper offers in-depth studies on different types and techniques of hardware and software-based lightweight cryptographies for machine-type communication devices in machine-to-machine communication networks

Efficient identity based signcryption scheme and solution of key-escrow problem

In cryptography for sending any information from sender to receiver, we have to ensure about the three types of security policies i.e. integrity, confidentiality and authentication. For confidentiality purpose, encryption-decryption technique is used and for authentication purpose digital signature is used, so to ensure this three properties, first sender encrypt the message and then sign the message. Same process done at the receiver end that means first message is decrypted then verified, so it's two step process that increases the communication as well as computation cost. But in many real life applications where more speed and less cost is required like e-commerce applications, we can't use signature then encryption technique, so signcryption is the cryptographic primitives that provides signature as well as encryption at the same time on a single step. First signcryption scheme is proposed by Yullian Zheng in 1997, Since then many signcryption scheme is proposed based on elliptic discrete logarithm problem (ECDLP) , Bilinear pairing, Identity Based and certificateless environment. Many of the Signcryption scheme used Random Oracle Model for their security proofs and few are based on standard model

Cryptanalysis of an online/offline certificateless signature scheme for Internet of Health Things

Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM

A Comprehensive Survey on Signcryption Security Mechanisms in Wireless Body Area Networks

WBANs (Wireless Body Area Networks) are frequently depicted as a paradigm shift in healthcare from traditional to modern E-Healthcare. The vitals of the patient signs by the sensors are highly sensitive, secret, and vulnerable to numerous adversarial attacks. Since WBANs is a real-world application of the healthcare system, it’s vital to ensure that the data acquired by the WBANs sensors is secure and not accessible to unauthorized parties or security hazards. As a result, effective signcryption security solutions are required for the WBANs’ success and widespread use. Over the last two decades, researchers have proposed a slew of signcryption security solutions to achieve this goal. The lack of a clear and unified study in terms of signcryption solutions can offer a bird’s eye view of WBANs. Based on the most recent signcryption papers, we analyzed WBAN’s communication architecture, security requirements, and the primary problems in WBANs to meet the aforementioned objectives. This survey also includes the most up to date signcryption security techniques in WBANs environments. By identifying and comparing all available signcryption techniques in the WBANs sector, the study will aid the academic community in understanding security problems and causes. The goal of this survey is to provide a comparative review of the existing signcryption security solutions and to analyze the previously indicated solution given for WBANs. A multi-criteria decision-making approach is used for a comparative examination of the existing signcryption solutions. Furthermore, the survey also highlights some of the public research issues that researchers must face to develop the security features of WBANs.publishedVersio

Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata

Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks

Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. They claimed that their scheme was provably secure against existential forgery on adaptively chosen message attack in the random oracle model. In this paper, we show that their scheme is insecure against a malicious-but-passive KGC under existing security model. Further, we propose an improved certificateless aggregate signature

A Study on the Secure Online Examination System

13301甲第4475号博士（工学）金沢大学博士論文本文Full 以下に掲載：IJCANDI (International Journal of Computing and Informatics) 1(3) pp.90-100 2016. Universitas Mulawarman & Universiti Malaysia Sabah. 共著者：Abdul Wahid, Masahiro Mamb

Security analysis of two lightweight certificateless signature schemes

Certificateless cryptography can be considered as an intermediate solution to overcome the issues in traditional public key infrastructure (PKI) and identity-based public key cryptography (ID-PKC). There exist a vast number of certificateless signature (CLS) schemes in the literature; however, most of them are not efficient enough to be utilized in limited resources environments such as Internet of things (IoT) or Healthcare Wireless Sensor Networks (HWSN). Recently, two lightweight CLS schemes have been proposed by Karati et al. and Kumar et al. to be employed in IoT and HWSNs, respectively. While both schemes are claimed to be existentially unforgeable, in this paper, we show that both these signatures can easily be forged. More specifically, it is shown that 1) in Karati et al.\u27s scheme, a type 1 adversary, considered in certificateless cryptography, can generate a valid partial private key corresponding to any user of its choice and as a consequence, it can forge any users\u27 signature on any message of its choice, and 2) in Kumar et al.\u27s scheme, both types of adversaries which are considered in certificateless cryptography are able to forge any signer\u27s signature on an arbitrary message

Cryptanalysis of a certificateless aggregate signature scheme

Recently, Nie et al. proposed a certificateless aggregate signature scheme. In the standard security model considered in certificateless cryptography, we are dealing with two types of adversaries. In this paper, we show that Nie et al.\u27s scheme is insecure against the adversary of the first type. In other words, although they claimed that their proposed scheme is existentially unforgeable against adaptive chosen message attack considering the adversaries in certificateless settings, we prove that such a forgery can be done