Open Access

ARTICLE

Cryptanalysis of an Online/Offline Certificateless Signature Scheme for Internet of Health Things

Saddam Hussain¹, Syed Sajid Ullah^2,*, Mohammad Shorfuzzaman³, Mueen Uddin⁴, Mohammed Kaosar⁵

1 Department of Information Technology, Hazara University, Mansehra, 21120, KPK, Pakistan
2 Department of Electrical and Computer Engineering, Villanova University, PA, USA
3 Department of Computer Science, College of Computers and Information Technology, Taif University, Taif, 21944, Saudi Arabia
4 Digital Science, Faculty of Science, Universiti Brunei Darussalam, Jln Tungku link, Gadong, BE1410, Brunei Darussalam
5 Discipline of Information Technology, Media and Communications, College of Arts, Business, Law and Social Sciences (ABLSS), Murdoch University, 90 South Street, Murdoch, WA6150, Australia

* Corresponding Author: Syed Sajid Ullah. Email:

(This article belongs to the Special Issue: Recent Trends in Computational Methods for Differential Equations)

Intelligent Automation & Soft Computing 2021, 30(3), 983-993. https://doi.org/10.32604/iasc.2021.019486

Received 15 April 2021; Accepted 18 May 2021; Issue published 20 August 2021

Abstract

Recently, Khan et al. [An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020] presented a new certificateless offline/online signature scheme for Internet of Health Things (IoHT) to fulfill the authenticity requirements of the resource-constrained environment of (IoHT) devices. The authors claimed that the newly proposed scheme is formally secured against Type-I adversary under the Random Oracle Model (ROM). Unfortunately, their scheme is insecure against adaptive chosen message attacks. It is demonstrated that an adversary can forge a valid signature on a message by replacing the public key. Furthermore, we performed a comparative analysis of the selective parameters including computation time, communication overhead, security, and formal proof by employing Evaluation based on Distance from Average Solution (EDAS). The analysis shows that the designed scheme of Khan et al. doesn’t have any sort of advantage over the previous schemes. Though, the authors utilized a lightweight hyperelliptic curve cryptosystem with a smaller key size of 80-bits. Finally, we give some suggestions on the construction of a concrete security scheme under ROM.

---

Keywords

---