With the growing popularity of Internet of Things (IoT) in a wide range of applications, ensuring the communication security of IoT devices is important. Certificateless signature schemes are one of several viable approaches to providing data integrity and user identification security in resource-limited IoT devices. However, designing provably-secure and efficient certificateless signature schemes remains a challenging task. In this paper, we point out two shortcomings in Yeh et al.'s certificateless signature scheme, by explaining how an adversary can easily impersonate the key generation center to issue the partial private key for any user without being detected. Moreover, the scheme cannot resist public key replacement attacks. Then, we present an improved scheme and prove its unforgeability against super adversaries in the random oracle model. Furthermore, we demonstrate the efficiency of our scheme is comparable to that of Yeh's scheme in terms of computational and communication costs.

• 出版日期2018-3
• 单位中南民族大学; 武汉大学