IEEE Access (Jan 2019)

On the Security of an Efficient and Robust Certificateless Signature Scheme for IIoT Environments

  • Wenjie Yang,
  • Shangpeng Wang,
  • Xinyi Huang,
  • Yi Mu

DOI
https://doi.org/10.1109/ACCESS.2019.2927597
Journal volume & issue
Vol. 7
pp. 91074 – 91079

Abstract

Read online

As the progress of digitization in industrial society, large amount of production data are outsourced to the cloud server in order to reduce data management costs. Nevertheless, how to ensure the outsourced data integrality, validity, and availability is a challenging research topic. Recently, Zhang et al. (IEEE Trans. Industrial Informatic, doi:10.1109/TII.2019.2894108) presented an efficient and robust certificateless signature scheme to achieve the data authenticity for industrial Internet of Things (IIoT) environments. However, we found that their scheme is insecure. In this paper, we show that an attacker with replacing public key ability can easily impersonate other legitimate users to upload some false messages by forging the target users' valid signatures on these messages. Therefore, their certificateless signature scheme has not solved the IIoT data authenticity issue pointed out by them. Meanwhile, we also demonstrate that their security proof is not sound because the ability of an adversary cannot be applied to solve the difficult problem that they expect.

Keywords