Cryptanalysis and Improvement of a Blockchain-Based Certificateless Signature for IIoT Devices
Xiaodong Yang, Wenjia Wang, Tian Tian, Caifen Wang
Abstract
With the rapid development of the IIoT, security and privacy issues have become increasingly prominent when the data from IIoT devices are shared across public networks. Very recently, Wang et al. presented a blockchain-based CLS scheme for IIoT devices in order to achieve secure and lightweight communication (IEEE Transactions on Industrial Informatics, DOI: 10.1109/TII.2021.3084753). Wang et al. claimed that their CLS scheme is secure under the assumption of the elliptic curve discrete logarithm problem. Unfortunately, by providing two attack methods to analyze the security of Wang et al.’s CLS scheme, we find that it is insecure against universal forgery attacks. Without knowing any information about the target user's private key, the two categories of attackers can successfully forge the valid signature of any message. Hence, Wang et al.’s CLS scheme fails to achieve the claimed security goals. To fix the security flaws, we propose an enhanced blockchain-based and pairing-free CLS scheme, and prove its security in the random oracle model. Furthermore, the analysis results demonstrate that our revised scheme has higher security while keeping the performance of the original scheme.