Improved Security of a Pairing-Free Certificateless Aggregate Signature in Healthcare Wireless Medical Sensor Networks
Xiaodong Yang, Haoqi Wen, Runze Diao, Xiaoni Du, Caifen Wang
Abstract
Recently, Zhan et al. presented a pairing-free certificateless aggregation signature scheme (ZH-CLAS) to address security issues in healthcare wireless medical sensor networks (HWMSNs) and proved that their scheme is secure against adaptive chosen message attacks. In this article, we analyze the security of the ZH-CLAS scheme by utilizing two types of concrete attacks. Unfortunately, we demonstrate that their scheme cannot withstand public key replacement attacks and is not secure against coalition attacks from malicious sensor nodes. To solve these security challenges, we further improve the security of the ZH-CLAS scheme. Our enhanced scheme has a fixed-length aggregate signature, which efficiently minimizes the transmission bandwidth. Additionally, our scheme outperforms related pairing-free certificateless aggregate signature schemes in terms of security and communication performance.