Abstract

Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM.

Highlights

  • The concept of an online/offline signature was first proposed in 1990 by Evan et al [1]

  • We performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS)

  • We give some suggestions on the construction of a concrete security scheme under Random Oracle Model (ROM)

Read more

Summary

Introduction

The concept of an online/offline signature was first proposed in 1990 by Evan et al [1]. The given scheme is affected by high-cost consumptions i.e., computation time and communication overhead. In 2010, Wu et al [5], suggest an identity-based online/offline signature scheme under ROM using the hardness of bilinear pairing. The given scheme is affected by high-cost consumptions due to the use of heavy pairing operation which makes it inefficient. In 2020, Addobea et al [6], suggest a certificateless online/offline signature scheme for mobile health devices under ROM using the hardness of bilinear pairing. The given scheme suffers from high-cost consumptions due to the use of heavy pairing operation that shows the inefficiency of the designed scheme for the resource-constrained devices of mobile health. We analyzed the formal security of Khan et al.’s scheme and proving its insecurity against “adaptive chosen-message and identity attacks”.

Review of Khan et al Scheme
Analysis of Khan et al Scheme
Proof and Correction
Efficiency
Computation Time
Communication Overhead
Lesson Learned
Conclusion and Future Work

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.