Abstract

With the rapid development of the Industrial Internet of Things (IIoT), security and privacy issues have become increasingly prominent when the data from IIoT devices is shared across public networks. Very recently, Wang <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et</i> <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">al.</i> presented a blockchain-based certificateless signature (CLS) scheme for IIoT devices in order to achieve secure and lightweight communication (IEEE Transactions on Industrial Informatics, DOI: 10.1109/TII.2021.3084753). Wang et al. claimed that their CLS scheme is secure under the assumption of the elliptic curve discrete logarithm problem. Unfortunately, by providing two attack methods to analyze the security of Wang et al.'s CLS scheme, we find that it is insecure against universal forgery attacks. Without knowing any information about the target user's private key, the two categories of attackers can successfully forge the valid signature of any message. Hence, Wang et al.'s CLS scheme fails to achieve the claimed security goals. To fix the security flaws, we propose an enhanced blockchain-based and pairing-free CLS scheme, and prove its security in the random oracle model. Furthermore, the analysis results demonstrate that our revised scheme has higher security while keeping the performance of the original scheme.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.