A lightweight CLAS scheme with complete aggregation for healthcare mobile crowdsensing

Abstract

The vast increase in the deployment of smart devices and the ubiquity of the Internet have evolved a new technology referred to as mobile crowdsensing (MCS). In healthcare MCS (HMCS), mobile devices can collect and upload medical data to the cloud server where authorized healthcare providers can access the relevant data for proper diagnosis and treatments. However, since this process is directly connected with patient’s sensitive health information, any unauthorized disclosure may have serious consequences on the patient’s wellbeing, hence privacy and security are serious issues in HMCS. To achieve data privacy and integrity, some certificateless aggregate signature (CLAS) schemes have been proposed. Very recently, four independent CLAS schemes were proposed for healthcare application. The authors claimed that their schemes were semantically secure in the security model. In this work, we analyze these schemes and find them to be insecure since there exists an adversary who can always forge a valid signature. Afterwards, we put forward a new CLAS scheme for HMCS application based on Elliptic Curve Cryptography (ECC) and hash function. In the proposed scheme, an aggregator can perform complete aggregation of certificateless signatures, resulting in improved performance. The proposed scheme satisfies all the security and privacy requirements of HMCS and can prevent possible attacks. Moreover, we show that the scheme is semantically secure with the assumption that the Discrete Logarithm Problem (DLP) is intractable. Extensive performance analysis and comparison show that the scheme is much more efficient than the state-of-the-art schemes.