Documente Academic
Documente Profesional
Documente Cultură
G
1
to G
2
.
3) Generate a random number sZ
p
Z
p
, H
2
: G
1
G
2
Z
p
and H
3
: {0,1}
G
1
G
1
G
1
G
1
Z
p
.
5) Publish the systemparameters {G
1
,G
2
,e,P,P
pub
,H
1
,H
2
,-
H
3
} and keep the master key secretly.
PartialKeyGen: Taking a user U identity ID
U
, the master
key and the he system parameters as inputs, the KGC
executes the following steps to generate Us partial pri-
vate key.
1) Compute h
U
=H
1
(ID
U
).
2) Compute the partial private key D
U
=(1/(h
U
+s))P and
party of the public key Q
U
=(h
U
+s)P=h
U
P+P
pub
.
KeyGen: Taking a user U identity ID
U
, the systemparam-
eters, the partial private key D
U
and party of public key
Q
U
as inputs, Uexecutes steps to generate his private key
and public key.
1) Generate a random number x
U
Z
p
and compute P
U
=
x
U
P.
2) Publish the public key (P
U
,Q
U
) and keep the private
key (x
U
,D
U
) secretly.
OffSigncrypt: Taking the system parameters and a sender
As private key (x
A
,D
A
) as inputs, Aexecutes the following
steps to generate an offline signcryption.
1) Generate a random number xZ
p
.
2) Compute T=e(P,P)
x
, R=xP
pub
and S=x
1
(D
A
+P).
3) Return =(x,R,S,T) as the offline signcryption.
Peer-to-Peer Netw. Appl.
OnSigncrypt: Taking a message m, the system parame-
ters, a sender As public key (P
A
,Q
A
) and private key (x
A
,-
D
A
) and a receiver Bs public key (P
B
,Q
B
) as inputs, A
executes the following steps to generate a full
signcryption.
1) Compute the session key sk=H
2
(x
A
P
B
,T) and y=sk
m.
2) Compute h
B
=H
1
(ID
B
), h=H
3
(y,P
A
,P
B
,R,S), u=x(x
A
+
h)modp and v=xh
B
+x
A
modp.
3) Return the full signcryption =(y,u,v,R,S).
UnSigncrypt: Taking a full signcryption =(y,u,v,R,S), a
sender As public key (P
A
,Q
A
), a receiver Bs private key
(x
B
,D
B
) and public key (P
B
,Q
B
) as inputs, B executes the
following steps to output a plaintext mor the symbol if
is not a valid signcryption.
1) Compute h=H
3
(y,P
A
,P
B
,R,S).
2) Check if the equation e(S, uQ
A
)=e(P
A
+hP, P+Q
A
)=
e(P
A
, P+Q
A
)e(P, P+Q)
h
holds. If it does not hold,
return .
3) Compute W=e(vP+RP
A
,D
B
) and sk=H
2
(x
B
P
A
,W).
4) Return the plaintext m=sky.
4 Cryptanalysis of Luo et al.s scheme
In this section, we will analyze the security of Luo et al.s COOSC
scheme. Since the openness of the IOT, we could assume that the
adversary has total control over the channel between the sender
and the receiver, i.e., the adversary could freely intercept, modify,
delete, or insert any message in the channel.
There are two types of adversary in the COOSC
schemes, i.e. the Type I adversary A1 and Type II
adversary 2. The Type I adversary could replace a user
public key with at his will. The Type II adversary 2
could access the master secret key and computer partial
private key of any user. Luo et al. demonstrated that
their scheme is secure against both of the two types of
the adversary in the random oracle model. However, we
find that a general adversary C, who could neither
replace the sender As public key nor compute As partial
private key, could get As private key easily once he
gets a full signcryption. The details of the attacks are
described as follows.
1) C intercepts a full signcryption =(y,u,v,R,S) sent by the
sender A, where y=skm, u=x(x
A
+h)modp, v=xh
B
+x
A
modp, R=xP
pub
S=x
1
(D
A
+P), sk=H
2
(x
A
P
B
,T), T=e(P,P)
x
and h
B
=H
1
(ID
B
).
2) Since u=x(x
A
+h)modp and v=xh
B
+x
A
modp, C could get
h
B
u xh
B
x
A
h modp 1
and
v x
A
h xh
B
x
A
h x
A
x
A
h modp 2
From (1) and (2), C could get
v x
A
h h
B
u x
A
x
A
h modp 3
x
2
A
hv x
A
hvh
B
umodp 4
x
2
A
hv x
A
hv =2
2
hvh
B
u hv =2
2
modp
5
and
x
A
hv =2
2
hvh
B
u hv =2
2
modp
: 6
3) Using the algorithm for finding square roots modulo a
prime [25], Ccould get two roots z and z of the equation
z
2
=hvh
B
u+((hv)/2)
2
modp. Then, C could get the two
candidates x
A
=z (hv)/2 and x
A
A
=z (hv)/2 of the
variable x
A
.
4) C checks whether the equation x
A
P=P
A
holds. If the equa-
tion holds, x
A
s value is x
A
; otherwise, x
A
s value is x
A
. C
could also compute x=h
B
1
(vx
A
)modp since v=xh
B
+x
A
modp.
5) Since S=x
1
(D
A
+P), C could get As partial private key by
computing D
A
=xSP. Then, C gets As private key
(x
A
,D
A
).
From the above description, we know that the adver-
sary C could get the sender As private key (x
A
,D
A
).
Besides, C could get the plaintext by computing T=
e(P,P)
x
, sk=H
2
(x
A
P
B
, T) and m=sky. Therefore, Luo
et al.s COOSC scheme is not secure for practical
applications.
5 Conclusion
Recently, Luo et al. proposed an efficient COOSC scheme for
the Internet of Things. They claimed that their scheme is
provably secure in the random oracle mode. However, after
reviewing of their scheme and analyzing its security, we dem-
onstrate that their scheme is vulnerable to the private key
compromised problem. The analysis shows their scheme is
not secure at all. We still have no idea about the method to
Peer-to-Peer Netw. Appl.
overcoming weakness in their scheme since it is not easy to
design a secure COOSC scheme. We hope we could finish the
task the near future.
Acknowledgments The authors thank the editors and the anonymous
reviewers for their valuable comments. This research was supported by
National Natural Science Foundation of China (nos.61202447), Natural
Science Foundation of Hebei Province of China (no. F2013501066),
Northeastern University at Qinhuangdao Science and Technology Sup-
port Program (no. xnk201307), Beijing Natural Science Foundation (no.
4132055), and Excellent Young Scholars Research Fund of Beijing
Institute of Technology.
Conflict of Interest The author(s) declare(s) that there is no conflict of
interests regarding the publication of this article.
References
1. Heer T, Garcia-Morchon O, Hummen R et al (2011) Security chal-
lenges in the IP-based Internet of Things. Wirel Pers Commun 61(3):
527542
2. Yan T, Wen QY (2012) A Trust-third-party based key management
protocol for secure mobile RFID service based on the Internet of
Things. Advances in intelligent and soft computing, LNCS, vol 135.
Springer-Verlag, Berlin, pp 201208
3. Liu J, Hu X, Wei ZQ, et al (2012) Location privacy protect model
based on positioning middleware among the Internet of Things. In
Proceedings of the Computer Science and Electronics Engineering,
Hang zhou, China 288291
4. Zhou X, Jin Z, Fu Yet al (2011) Short signcryption scheme for the
Internet of Things. Informatica 35:521530
5. Zheng Y (1997) Digital signcryption or how to achieve cost (signature
and encryption) 6 cost (signature) + cost(encryption). In: Goos G,
Hartmanis J, van Leeuwen J (eds) Advances in Cryptology-Crypto
1997, LNCS, vol 1294. Springer-Verlag, Berlin, pp 291312
6. An JH, Dodis Y, Rabin T (2002) On the security of joint signature and
encryption. In: Knudsen LR (ed) Advances in Cryptology-Eurocrypt
2002, LNCS, vol 2332. Springer-Verlag, Berlin, pp 83107
7. Malone-Lee J (2002) Identity based signcryption, Cryptologry ePrint
Archive, Report 2002/098, <http://eprint.iacr.org/2002/098>
8. Libert B, Quisquater JJ (2003) A new identity based signcryption
schemes from pairings. In: 2003 I.E. information theory workshop,
Paris, France 155158
9. Even S, Goldreich O, Micali S (1996) On-line/off-line digital signa-
tures. J Cryptol 9(1):3567
10. Zhang F, Mu Y, Susilo W (2005) Reducing security overhead for
mobile networks. In Proceedings of the Advanced information net-
working and applications, Taipei, Taiwan 398403
11. Sun D, Huang X, Mu Y, Susilo W (2008) Identity-based online/off-
line signcryption. In Proceedings of the Network and parallel com-
puting, Shanghai, China 3441
12. Liu JK, Baek J, Zhou JY (2011) Online/offline identity-based
signcryption re-visited. In: Proceedings of the Information Security
and Cryptology, LNCS, vol 6584. Berlin, Springer-Verlag, pp 3651
13. Selvi SSD, Vivek SS, Rangan CP (2010) Identity based online/offline
signcryption scheme. Cryptology ePrint Archive. Available at: http://
eprint.iacr.org/2010/376.pdf
14. Li FG, Khan MK, Alghathbar K, Takagi T (2012) Identity-based
online/offline signcryption for low power devices. J Netw Comput
Appl 35:340347
15. He D, Chen Y, Chen J et al (2011) A new two-round certificateless
authenticated key agreement protocol without bilinear pairings. Math
Comput Model 54(11):31433152
16. He D, Chen J, Hu J (2012) Apairingfree certificateless authenticated
key agreement protocol. Int J Commun Syst 25(2):221230
17. He D, Padhye S, Chen J (2012) An efficient certificateless two-party
authenticated key agreement protocol. Comput Math Appl 64(6):
19141926
18. He D, Chen J (2013) An efficient certificateless designated verifier
signature scheme. Int Arab J Inf Technol 10(4):317324
19. He D, Chen Y, Chen J (2013) An efficient certificateless proxy signature
scheme without pairing. Math Comput Model 57(910):25102518
20. He D, Huang B, Chen J (2013) New certificateless short signature
scheme. IET Inf Secur 7(2):113117
21. He D, Chen J, Zhang R (2012) An efficient and provably-secure
certificateless signature scheme without bilinear pairings. Int J
Commun Syst 25(11):14321442
22. Sun Y, Zhang F (2010) Secure certificateless encryption with short
ciphertext. Chin J Electron 19(2):313318
23. Sun Y, Li H (2010) Short-ciphertext and BDH-based CCA2 secure
certificateless encryption. SCIENCE CHINA Inf Sci 53(10):2005
2015
24. Luo M, Tu M, Xu J (2013) A security communication model based
on certificateless online/offline signcryption for Internet of Things,
Security and Communication Networks doi:10.1002/Sec.836
25. Turner SM (1994) Square roots mod p. Am Math Mon 101(5):443449
Peng Gong is with the National Key Laboratory of Mechatronic
Engineering and Control, School of Mechatronical Engineering,
Beijing Institute of Technology, Beijing, China. (e-mail:
penggong@bi t . edu. cn). He recei ved t he B. S. degree i n
Mechantronic Engineering from Beijing Institute of Technology,
Beijing, China, in 2004, and the M.S. and Ph.D. degrees from the
Inha University, Korea, in 2006 and 2010, respectively. In July
2010, he joined School of Mechatronical Engineering , Beijing
Institute of Technology, China. His research interests include
link/system level performance evaluation and radio resource man-
agement in wireless systems, network security, and the next gen-
eration wireless systems such as 3GPP LTE, UWB, MIMO, Cog-
nitive radio and so on.
Peer-to-Peer Netw. Appl.
Wenbo Shi received the M.S. degree from the Inha University, Incheon,
South Korea, in 2007 and the Ph.D. degree from the Inha University,
Incheon, South Korea, in 2010. Later, he joined School of computer and
communication engineering, Northeastern University at Qinhuangdao,
China. His main research interests include cryptography, network security
and so on.
Dr. Neeraj Kumar is working as Assistant Professor in Department of
Computer Science and Engineering, Thapar University, Patiala Punjab
(India). He received his Ph.D. in CSE from Shri Mata Vaishno Devi
University, Katra (India) and PDF from UK. He has more than 100
publications in peer reviewed journals and conferences including IEEE,
Elsevier, and Springer. His research is focused on mobile computing,
parallel/distributed computing, multiagent systems, service oriented com-
puting, routing and security issues in wireless adhoc, sensor and mesh
networks. He is leading the Mobile Computing and Distributed System
Research Group. Prior to joining SMVDU, Katra he has worked with
HEC Jagadhri and MMEC Mullana, Ambala, Haryana, India. He has
delivered invited talks and lectures in various IEEE international confer-
ences in India and abroad. He has organized various special sessions in
international conferences in his area of expertise in India and abroad. He
is TPC of various IEEE sponsored conferences in India and abroad. He is
reviewer/ editorial board of various international journals of repute. He is
guest editor of special issue of more than six international journals. He is
senior member of ACEEE and IACSIT.
Naveen Chilamkurti is currently working as a Senior Lecturer at Depart-
ment of Computer Science and Computer Engineering, La Trobe University,
Australia. He received his PhD from La Trobe University. He is also the
Inaugural Editor-in-Chief for International Journal of Wireless Networks and
Broadband Technologies launched in July 2011. He has published about 125
journal and conference papers. His current research areas include intelligent
transport systems (ITS), wireless multimedia, wireless sensor networks,
vehicle to infrastructure, vehicle to vehicle communications, health informat-
ics, mobile communications, WiMAX, mobile security, mobile handover, and
RFID. He currently serves oneditorial boards of several international journals.
He is a senior member of IEEE. He is also an Associate Editor for Wiley
IJCS, SCN, Inderscience JETWI, and IJIPT.
Hangbae Chang is a professor at Sangmyung University. He received
his Ph. D. in Information System Management from Graduate School of
Information at Yonsei University, Korea. He has published many research
papers in international journals and conferences. He has been served as
chairs, program committee or organizing committee for many interna-
tional conferences and workshops; FutureTech, WCC, ITCS, CSAand so
on. His works have been published in journals such as Journal of Super
Computing, Electronic Commerce Research, EURASIP Journal On
Wireless Communications and Networking, Mobile Information Sys-
tems, Personal and Ubiquitous Computing and Journal of Internet Tech-
nology. His research interests include issues related to Security Manage-
ment and System in Internet of Things Environment.
Peer-to-Peer Netw. Appl.