Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios

Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios

Ensuring data integrity and data source trustworthiness during data sharing has always attracted the attention of researchers. Very recently, Zhu et al. designed a lightweight conditional privacy-preserving identity authentication scheme for securing vehicular ad-hoc networks. Feng et al. constructe...

Full description

Saved in:
Bibliographic Details
Main Authors: Fei Zhu, Ying Hu, Yufei Ren, Bingfei Han, Xu Yang
Format: Article
Language:English
Published: KeAi Communications Co., Ltd. 2025-12-01
Series:Cyber Security and Applications
Subjects:
Authentication
Certificateless signature
Public-Key replacement attacks
Privacy-Preserving
Online Access:http://www.sciencedirect.com/science/article/pii/S2772918425000190
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ensuring data integrity and data source trustworthiness during data sharing has always attracted the attention of researchers. Very recently, Zhu et al. designed a lightweight conditional privacy-preserving identity authentication scheme for securing vehicular ad-hoc networks. Feng et al. constructed an authentication transmission mechanism for artificial intelligence generated image content. Zhu et al. and Feng et al. proposed a lightweight certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They claimed that their constructions were provably secure against several types of security attacks. In this work, by analyzing their respective underlying CLAS schemes, we found that their schemes are unable to achieve unforgeability, which is the most critical property that a signature scheme should provide. In particular, for each scheme, we show that a malicious public-key replacement attacker has the ability to forge a valid signature on any false message. Taking Zhu et al.’s scheme as an example, such an attack allows a malicious attacker to impersonate an honest vehicle to broadcast fraudulent information about road conditions, causing traffic congestion or even accidents. We also analyze the reason for such an attack and provide corresponding improvement suggestions.
ISSN:2772-9184

Similar Items