Improved Security of a Pairing-Free Certificateless Aggregate Signature in Healthcare Wireless Medical Sensor Networks

Recently, Zhan et al. presented a pairing-free certificateless aggregation signature scheme (ZH-CLAS) to address security issues in healthcare wireless medical sensor networks (HWMSNs) and proved that their scheme is secure against adaptive chosen message attacks. In this article, we analyze the security of the ZH-CLAS scheme by utilizing two types of concrete attacks. Unfortunately, we demonstrate that their scheme cannot withstand public key replacement attacks and is not secure against coalition attacks from malicious sensor nodes. To solve these security challenges, we further improve the security of the ZH-CLAS scheme. Our enhanced scheme has a fixed-length aggregate signature, which efficiently minimizes the transmission bandwidth. Additionally, our scheme outperforms related pairing-free certificateless aggregate signature schemes in terms of security and communication performance.

Automated summary

This article analyzes the security of the ZH-CLAS scheme and discovers that it is vulnerable to public key replacement attacks and coalition attacks from malicious sensor nodes. To address these security challenges, an enhanced scheme with fixed-length aggregate signature is proposed, which outperforms related pairing-free certificateless aggregate signature schemes in terms of both security and communication performance.