Cryptanalysis of Two Signature Schemes for IoT and Mobile Health Systems

Recently, Lee et al. (Sensors 20(14): 3983, 2020) proposed a certificateless aggregate arbitrated signature scheme CLAAS for IoT environments. Addobea et al. (Secur Commun Networks 7085623: 1–7085623: 12, 2020) constructed an offline-online certificateless signature scheme MHCOOS for mobile health applications. The schemes were proven to be secure against both Type I and Type II adversaries in the random oracle model under the hardness assumptions of cryptographic problems. In this work, we first show that the CLAAS scheme is insecure against a Type I adversary who can replace the user’s public key. We also show that the MHCOOS scheme cannot achieve correctness, a fundamental security property that a signature scheme should provide. As a result, the above two signature schemes cannot be deployed in practical IoT and mobile applications.