Certificateless signature (CLS) has no need of public key certificates and also avoids excessive dependence to a third party like that in identity-based setting. Recently, Shim (IEEE Systems
As the progress of digitization in industrial society, large amount of production data are outsourced to the cloud server in order to reduce data management costs. Nevertheless, how to ensure the outsourced data integrality, validity, and availability is a challenging research topic. Recently, Zhang et al. (IEEE Trans. Industrial Informatic, doi:10.1109/TII.2019.2894108) presented an efficient and robust certificateless signature scheme to achieve the data authenticity for industrial Internet of Things (IIoT) environments. However, we found that their scheme is insecure. In this paper, we show that an attacker with replacing public key ability can easily impersonate other legitimate users to upload some false messages by forging the target users' valid signatures on these messages. Therefore, their certificateless signature scheme has not solved the IIoT data authenticity issue pointed out by them. Meanwhile, we also demonstrate that their security proof is not sound because the ability of an adversary cannot be applied to solve the difficult problem that they expect. INDEX TERMS Certificateless signature, industrial Internet of Things, public key replacement attack.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.