In recent years, Industrial Internet of Things (IIoT) has become increasingly important for applications in the industry. Inevitably, security for IIoT has become a priority in order to deploy secure applications. Amongst available cryptographic tools, certificateless signature schemes offer sound authentication solutions and avoid public-key certification from Trusted Third Parties (TTP). Certificateless signatures solve the key escrow problem against the dishonest Private Key Generator (PKG) and has considered to be a useful tool for IIoT applications. Recently, Karati et al. (IEEE Trans. Industrial Informatics, vol.14, no. 8, 2018) presented a lightweight certificateless signature scheme for IIoT Environments. This scheme was then broken by Zhang et al. (IEEE Access, vol. 8, 2018) by simply allowing to change the public key of the signer and using the homomorphic property of the original scheme. In this paper, we introduce a new attack to the scheme against the existential unforgeability, which is universal since we do not have to assume homomorphic property. We then introduce an entirely new lightweight certificateless signature scheme, which has been proven to be fully secure against all attacks found earlier. Our scheme is the first lightweight certificateless signature scheme with full security and is the most efficient in comparison with other existing schemes. It is desirable for IIoT applications. We also provide experimental results to justify our claims.
In digital signature, strong unforgeability requires that an attacker cannot forge a new signature on any previously signed/new messages, which is attractive in both theory and practice. Recently, a strongly unforgeable certificateless signature (CLS) scheme without random oracles was presented. In this paper, we firstly show that the scheme fails to achieve strong unforgeability by forging a new signature on a previously signed message under its adversarial model. Then, we point out that the scheme is also vulnerable to the malicious-but-passive key generation center (MKGC) attacks. Finally, we propose an improved strongly unforgeable CLS scheme in the standard model. The improved scheme not only meets the requirement of strong unforgeability but also withstands the MKGC attacks. To the best of our knowledge, we are the first to prove a CLS scheme to be strongly unforgeable against the MKGC attacks without using random oracles.
Certificateless signature (CLS) has no need of public key certificates and also avoids excessive dependence to a third party like that in identity-based setting. Recently, Shim (IEEE Systems
Five 3-formyl-2-arylbenzofuran derivatives, including three new compounds (1-3) and two known analogues (4-5), were identified from the 95% EtOH extract of Itea yunnanensis. Extensive spectroscopic analyses were performed for the structure elucidation of all new benzofurans, and single-crystal X-ray diffraction analyses were further employed for the structure verification of iteafuranals C (1) and D (2). In MTT assay, iteafuranal E (3) and iteafuranal A (4) displayed significant growth inhibition effect on SK-Hep-1 cells with IC 50 values of 5.365 μM and 6.013 μM, respectively.The colony formation assay of 3 and 4 further confirmed their remarkable inhibitory effect on cell growth. Preliminary mechanism study demonstrated that 3 remarkably down-regulated the phosphorylation level of ERK, which suggested 3 could inhibit cell growth and induce apoptosis of SK-Hep-1 cells by blocking RAS/RAF/MEK/ERK signaling pathway. This study highlighted the potential of 3-fomyl-2-benzofuran derivatives as novel lead compounds to treat Hepatocellular carcinoma.
As the progress of digitization in industrial society, large amount of production data are outsourced to the cloud server in order to reduce data management costs. Nevertheless, how to ensure the outsourced data integrality, validity, and availability is a challenging research topic. Recently, Zhang et al. (IEEE Trans. Industrial Informatic, doi:10.1109/TII.2019.2894108) presented an efficient and robust certificateless signature scheme to achieve the data authenticity for industrial Internet of Things (IIoT) environments. However, we found that their scheme is insecure. In this paper, we show that an attacker with replacing public key ability can easily impersonate other legitimate users to upload some false messages by forging the target users' valid signatures on these messages. Therefore, their certificateless signature scheme has not solved the IIoT data authenticity issue pointed out by them. Meanwhile, we also demonstrate that their security proof is not sound because the ability of an adversary cannot be applied to solve the difficult problem that they expect. INDEX TERMS Certificateless signature, industrial Internet of Things, public key replacement attack.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.