Cryptanalysis of Two Privacy-Preserving Authentication Schemes for Smart Healthcare Applications-Reference-Cited by-同舟云学术

Cryptanalysis of Two Privacy-Preserving Authentication Schemes for Smart Healthcare Applications

Published:2023-07-28 Issue:15 Volume:11 Page:3314
ISSN:2227-7390
Container-title:Mathematics
language:en
Short-container-title:Mathematics

Author:

Xu Feihong¹,Luo Junwei²,Ziaur Rahman³

Affiliation:

1. School of Artificial Intelligence, Wuchang University of Technology, Wuhan 430223, China

2. School of Computing Technologies, RMIT University, Melbourne, VIC 3083, Australia

3. School of Computer Science, Queensland University of Technology, Brisbane, QLD 4000, Australia

Abstract

Ensuring the secure sharing of privacy-sensitive healthcare data is attracting considerable interest from researchers. Recently, Ogundoyin et al. designed a lightweight privacy-preserving authentication scheme named PAASH for smart health applications. Benil et al. proposed a public verification and auditing scheme named ECACS for securing e-health systems. Ogundoyin et al. and Benil et al. proposed an efficient certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They declared that their constructions were provably secure under the hardness assumption of cryptographic problems. In this work, we disprove their claim by analyzing the correctness and security of their underlying CLAS schemes. We first show that the batch verification process of n signatures for the CLAS scheme in PAASH is incorrect, and any public-key replacement attacker can easily break the scheme. We analyze the reasons for our attack and propose an improved scheme, named PAASH+. We then show that the CLAS scheme in ECACS fails to achieve correctness, an essential property that a cryptographic scheme should provide. As a result, it is impractical to deploy the designed PAASH and ECACS constructions in any real smart health applications.

Publisher

MDPI AG

Subject

General Mathematics,Engineering (miscellaneous),Computer Science (miscellaneous)

Link

https://www.mdpi.com/2227-7390/11/15/3314/pdf

Reference25 articles.

1. Estopace, E. (2023, June 19). IDC Forecasts Connected IoT Devices to Generate 79.4 ZB of Data in 2025. Available online: https://futureiot.tech/idc-forecasts-connected-iot-devices-to-generate-79-4zb-of-data-in-2025/.

2. PAASH: A privacy-preserving authentication and fine-grained access control of outsourced data for secure smart health in smart cities;Ogundoyin;J. Parallel Distrib. Comput.,2021

3. Authenticated Data Sharing With Privacy Protection and Batch Verification for Healthcare IoT;Zhu;IEEE Trans. Sustain. Comput.,2023

4. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps;Boneh;Proceedings of the EUROCRYPT 2003,2003

5. A Secure and Efficient ID-Based Aggregate Signature Scheme for Wireless Sensor Networks;Shen;IEEE Internet Things J.,2017

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Performance Evaluation of Aggregate Signatures in Healthcare Environments;Advances in Healthcare Information Systems and Administration;2024-05-17

2. A New Conditional Privacy-Preserving Certificateless Aggregate Signature Scheme in the Standard Model for VANETs;Mathematics;2023-11-25