As an emerging application of smart healthcare, mobile healthcare crowd sensing (MHCS) has become a research hotspot. However, how to ensure the confidentiality and integrity of data and protect the privacy of user is still a challenge for MHCS. To handle these issues, an effective and secure privacy protection scheme is indispensable. Recently, a large-scale concurrent data anonymous batch verification scheme for mobile healthcare crowd sensing was proposed by Liu et al. Unfortunately, we demonstrate that their scheme is insecure. This paper presents an improved anonymous scheme based on certificateless aggregate signature (CL-AS) for MHCS. First, considering the efficiency and the characteristics of the MHCS, the technique of aggregate signature is adopted, which can achieve batch verification and greatly save the bandwidth and computation resources. Second, anonymous communication is carried out in this scheme to realize privacy preservation. Third, based on certificateless cryptography, the proposed scheme can simplify the complicated certificate management and eliminate the key escrow problem. In addition, our scheme is provably secure against the existential forgery on adaptively chosen message attack in the Random Oracle Model assuming the computational Diffie-Hellman problem is intractable. Furthermore, security and efficiency analysis shows that our scheme is secure and efficient. INDEX TERMS Mobile healthcare crowd sensing, signature, certificateless cryptography, privacy preservation.
With the increasing number of smart mobile devices, applications based on mobile network take an indispensable role in the Internet of Things. Due to the limited computing power and restricted storage capacity of mobile devices, it is very necessary to design a secure and lightweight authentication scheme for mobile devices. As a lightweight cryptographic primitive, the hash chain is widely used in various cryptographic protocols and one-time password systems. However, most of the existing research work focuses on solving its inherent limitations and deficiencies, while ignoring its security issues. We propose a novel construction of hash chain that consists of multiple different hash functions of different output lengths and employ it in a time-based one-time password (TOTP) system for mobile device authentication. The security foundation of our construction is that the order of the hash functions is confidential and the security analysis demonstrates that it is more secure than other constructions. Moreover, we discuss the degeneration of our construction and implement the scheme in a mobile device. The simulation experiments show that the attacker cannot increase the probability of guessing the order by eavesdropping on the invalid passwords.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.