Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios
Ensuring data integrity and data source trustworthiness during data sharing has always attracted the attention of researchers. Very recently, Zhu et al. designed a lightweight conditional privacy-preserving identity authentication scheme for securing vehicular ad-hoc networks. Feng et al. constructe...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co., Ltd.
2025-12-01
|
| Series: | Cyber Security and Applications |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2772918425000190 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850210003671056384 |
|---|---|
| author | Fei Zhu Ying Hu Yufei Ren Bingfei Han Xu Yang |
| author_facet | Fei Zhu Ying Hu Yufei Ren Bingfei Han Xu Yang |
| author_sort | Fei Zhu |
| collection | DOAJ |
| description | Ensuring data integrity and data source trustworthiness during data sharing has always attracted the attention of researchers. Very recently, Zhu et al. designed a lightweight conditional privacy-preserving identity authentication scheme for securing vehicular ad-hoc networks. Feng et al. constructed an authentication transmission mechanism for artificial intelligence generated image content. Zhu et al. and Feng et al. proposed a lightweight certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They claimed that their constructions were provably secure against several types of security attacks. In this work, by analyzing their respective underlying CLAS schemes, we found that their schemes are unable to achieve unforgeability, which is the most critical property that a signature scheme should provide. In particular, for each scheme, we show that a malicious public-key replacement attacker has the ability to forge a valid signature on any false message. Taking Zhu et al.’s scheme as an example, such an attack allows a malicious attacker to impersonate an honest vehicle to broadcast fraudulent information about road conditions, causing traffic congestion or even accidents. We also analyze the reason for such an attack and provide corresponding improvement suggestions. |
| format | Article |
| id | doaj-art-f965478cecb94a079a2255c3e080ffc4 |
| institution | OA Journals |
| issn | 2772-9184 |
| language | English |
| publishDate | 2025-12-01 |
| publisher | KeAi Communications Co., Ltd. |
| record_format | Article |
| series | Cyber Security and Applications |
| spelling | doaj-art-f965478cecb94a079a2255c3e080ffc42025-08-20T02:09:52ZengKeAi Communications Co., Ltd.Cyber Security and Applications2772-91842025-12-01310010210.1016/j.csa.2025.100102Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenariosFei Zhu0Ying Hu1Yufei Ren2Bingfei Han3Xu Yang4School of Computer Science and Artificial Intelligence, Wuhan Textile University, Wuhan, Hubei 430200, ChinaSchool of Computer Science and Artificial Intelligence, Wuhan Textile University, Wuhan, Hubei 430200, ChinaSchool of Computer Science and Artificial Intelligence, Wuhan Textile University, Wuhan, Hubei 430200, ChinaSchool of Computer and Data Science, Minjiang University, Fuzhou 350108, ChinaCorresponding author.; School of Computer and Data Science, Minjiang University, Fuzhou 350108, ChinaEnsuring data integrity and data source trustworthiness during data sharing has always attracted the attention of researchers. Very recently, Zhu et al. designed a lightweight conditional privacy-preserving identity authentication scheme for securing vehicular ad-hoc networks. Feng et al. constructed an authentication transmission mechanism for artificial intelligence generated image content. Zhu et al. and Feng et al. proposed a lightweight certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They claimed that their constructions were provably secure against several types of security attacks. In this work, by analyzing their respective underlying CLAS schemes, we found that their schemes are unable to achieve unforgeability, which is the most critical property that a signature scheme should provide. In particular, for each scheme, we show that a malicious public-key replacement attacker has the ability to forge a valid signature on any false message. Taking Zhu et al.’s scheme as an example, such an attack allows a malicious attacker to impersonate an honest vehicle to broadcast fraudulent information about road conditions, causing traffic congestion or even accidents. We also analyze the reason for such an attack and provide corresponding improvement suggestions.http://www.sciencedirect.com/science/article/pii/S2772918425000190AuthenticationCertificateless signaturePublic-Key replacement attacksPrivacy-Preserving |
| spellingShingle | Fei Zhu Ying Hu Yufei Ren Bingfei Han Xu Yang Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios Cyber Security and Applications Authentication Certificateless signature Public-Key replacement attacks Privacy-Preserving |
| title | Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios |
| title_full | Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios |
| title_fullStr | Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios |
| title_full_unstemmed | Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios |
| title_short | Public-Key replacement attacks on lightweight authentication schemes for resource-constrained scenarios |
| title_sort | public key replacement attacks on lightweight authentication schemes for resource constrained scenarios |
| topic | Authentication Certificateless signature Public-Key replacement attacks Privacy-Preserving |
| url | http://www.sciencedirect.com/science/article/pii/S2772918425000190 |
| work_keys_str_mv | AT feizhu publickeyreplacementattacksonlightweightauthenticationschemesforresourceconstrainedscenarios AT yinghu publickeyreplacementattacksonlightweightauthenticationschemesforresourceconstrainedscenarios AT yufeiren publickeyreplacementattacksonlightweightauthenticationschemesforresourceconstrainedscenarios AT bingfeihan publickeyreplacementattacksonlightweightauthenticationschemesforresourceconstrainedscenarios AT xuyang publickeyreplacementattacksonlightweightauthenticationschemesforresourceconstrainedscenarios |