Wireless Sensor Network (WSN) has proved its presence in various real time applications and hence the security of such embedded devices is a vital issue. Certificateless cryptography is one of the recent paradigms to provide security. Certificateless public key cryptography (CL-PKC) deals effectively with the twin issues of certificate management in traditional public key cryptography and key escrow problem in identity-based cryptography. CL-PKC has attracted special attention in the field of information security as it has opened new avenues for improvement in the present security architecture. Recently, Tsai et al. proposed an improved certificateless signature scheme without pairing and claimed that their new construction is secure against different kinds of attacks. In this paper, we present a security analysis of their scheme and our results show that scheme does not have resistance against malicious-KGC attack. In addition, we have found some security flaws in the certificateless signature scheme of Fan et al. and proved the scheme vulnerable to Strong Type I attack.
Read full abstract