Cryptanalysis of an online/offline certificateless signature scheme for Internet of Health Things

Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM

Cryptanalysis of a certificateless aggregate signature scheme

Recently, Nie et al. proposed a certificateless aggregate signature scheme. In the standard security model considered in certificateless cryptography, we are dealing with two types of adversaries. In this paper, we show that Nie et al.\u27s scheme is insecure against the adversary of the first type. In other words, although they claimed that their proposed scheme is existentially unforgeable against adaptive chosen message attack considering the adversaries in certificateless settings, we prove that such a forgery can be done

Cryptanalysis and improvement of certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks

Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. They claimed that their scheme was provably secure against existential forgery on adaptively chosen message attack in the random oracle model. In this paper, we show that their scheme is insecure against a malicious-but-passive KGC under existing security model. Further, we propose an improved certificateless aggregate signature

CGST: Provably Secure Lightweight Certificateless Group Signcryption Technique Based on Fractional Chaotic Maps

In recent years, there has been a lot of research interest in analyzing chaotic constructions and their associated cryptographic structures. Compared with the essential combination of encryption and signature, the signcryption scheme has a more realistic solution for achieving message confidentiality and authentication simultaneously. However, the security of a signcryption scheme is questionable when deployed in modern safety-critical systems, especially as billions of sensitive user information is transmitted over open communication channels. In order to address this problem, a lightweight, provably secure certificateless technique that uses Fractional Chaotic Maps (FCM) for group-oriented signcryption (CGST) is proposed. The main feature of the CGST-FCM technique is that any group signcrypter may encrypt data/information with the group manager (GM) and have it sent to the verifier seamlessly. This implies the legitimacy of the signcrypted information/data is verifiable using the public conditions of the group, but they cannot link it to the conforming signcrypter. In this scenario, valid signcrypted information/data cannot be produced by the GM or any signcrypter in that category alone. However, the GM is allowed to reveal the identity of the signcrypter when there is a legal conflict to restrict repudiation of the signature. Generally, the CGST-FCM technique is protected from the indistinguishably chosen ciphertext attack (IND-CCA). Additionally, the computationally difficult Diffie-Hellman (DH) problems have been used to build unlinkability, untraceability, unforgeability, and robustness of the projected CGST-FCM scheme. Finally, the security investigation of the presented CGST-FCM technique shows appreciable consistency and high efficiency when applied in real-time security applications

Efficient identity based signcryption scheme and solution of key-escrow problem

In cryptography for sending any information from sender to receiver, we have to ensure about the three types of security policies i.e. integrity, confidentiality and authentication. For confidentiality purpose, encryption-decryption technique is used and for authentication purpose digital signature is used, so to ensure this three properties, first sender encrypt the message and then sign the message. Same process done at the receiver end that means first message is decrypted then verified, so it's two step process that increases the communication as well as computation cost. But in many real life applications where more speed and less cost is required like e-commerce applications, we can't use signature then encryption technique, so signcryption is the cryptographic primitives that provides signature as well as encryption at the same time on a single step. First signcryption scheme is proposed by Yullian Zheng in 1997, Since then many signcryption scheme is proposed based on elliptic discrete logarithm problem (ECDLP) , Bilinear pairing, Identity Based and certificateless environment. Many of the Signcryption scheme used Random Oracle Model for their security proofs and few are based on standard model

An Efficient Encryption System on 2D Sine Logistic Map based Diffusion

An optimal cryptographic model is proposed, enabling the feature of 2D sine logistic map-based diffusion algorithm. The 2D sine logistic map process is merged with the algorithm as it has the ability to provide random number generator as well as to overcome blank. The previous existing models based on image encryption use to work on raw images but without alteration for the process of confusion and diffusion. The main disadvantage as the nearby pixel values for an image always remains similar. This issue is resolved by a Pseudo random generator process which is based on key stream that alters pixel value. Furthermore 2D sine logistic map based diffusion process has shown an improvement in the key sensitivity and the complex relationships that use to get developed between cipher and test image.2D sine logistic map with diffusion method used to keep pixels intact with each other to such an extent as even a single bit modification in the intensity value of an original image pixel will lead to a huge change in most of the pixels of the cipher and thus makes the model very sensitive to make any changes in the pixel value or secret key for an image.  As seen and analyzed with a variety of test results that strategic model used for encryption can easily encrypt the plain image into a cipher of a random binary sequence

A survey on wireless body area networks: architecture, security challenges and research opportunities.

In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues

A Computationally Efficient Online/Offline Signature Scheme for Underwater Wireless Sensor Networks

Underwater wireless sensor networks (UWSNs) have emerged as the most widely used wireless network infrastructure in many applications. Sensing nodes are frequently deployed in hostile aquatic environments in order to collect data on resources that are severely limited in terms of transmission time and bandwidth. Since underwater information is very sensitive and unique, the authentication of users is very important to access the data and information. UWSNs have unique communication and computation needs that are not met by the existing digital signature techniques. As a result, a lightweight signature scheme is required to meet the communication and computa‑ tion requirements. In this research, we present a Certificateless Online/Offline Signature (COOS) mechanism for UWSNs. The proposed scheme is based on the concept of a hyperelliptic curves cryptosystem, which offers the same degree of security as RSA, bilinear pairing, and elliptic curve cryptosystems (ECC) but with a smaller key size. In addition, the proposed scheme was proven secure in the random oracle model under the hyperelliptic curve discrete logarithm problem. A se‑ curity analysis was also carried out, as well as comparisons with appropriate current online/offline signature schemes. The comparison demonstrated that the proposed scheme is superior to the exist‑ ing schemes in terms of both security and efficiency. Additionally, we also employed the fuzzy‑based Evaluation‑based Distance from Average Solutions (EDAS) technique to demonstrate the effective‑ ness of the proposed scheme.publishedVersio

Systematic Review of Internet of Things Security

The Internet of Things has become a new paradigm of current communications technology that requires a deeper overview to map its application domains, advantages, and disadvantages. There have been a number of in-depth research efforts to study various aspects of IoT. However, to the best of our knowledge, there is no literature that have discussed specifically and deeply about the security and privacy aspects of IoT. To that end, this paper aims at providing a more comprehensive and systematic review of IoT security based on the survey result of the most recent literature over the past three years (2015 to 2017). We have classified IoT security research based on the research objectives, application domains, vulner-abilities/threats, countermeasures, platforms, proto-cols, and performance measurements. We have also provided some security challenges for further research