Comments on IMBAS: identity-based multi-user broadcast authentication in wireless sensor networks
Version of Record online: 11 OCT 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 8, pages 993–998, August 2013
How to Cite
Chien, H.-Y., Lee, C.-I. and Wu, T.-C. (2013), Comments on IMBAS: identity-based multi-user broadcast authentication in wireless sensor networks. Security Comm. Networks, 6: 993–998. doi: 10.1002/sec.649
- Issue online: 10 JUL 2013
- Version of Record online: 11 OCT 2012
- broadcast authentication;
- wireless sensor networks;
- elliptic curve cryptography;
- password based;
- existential forgery attack
In 2008, Cao et al. proposed an identity-based multi-user broadcast authentication scheme (called IMBAS) for wireless sensor networks. The IMBAS consists of one elliptic curve-based signature scheme, called variant of Bellare-Namprempre-Neven' Identity-Based Signature (vBNN-IBS), for user broadcast authentication; a new Schnorr signature with partial message recovery for sink broadcast authentication; and a password-based private key protection to eliminate the threat caused by possible user device compromise. Compared with its counterparts, IMBAS owns better performance in terms of security, scalability, and efficiency. Unfortunately, this letter will show that (1) the password-based protection scheme and the vBNN-IBS scheme are not secure—a compromised user device will disclose the user private key—and (2) the new Schnorr signature with partial message recovery is vulnerable to existential forgery attack. Copyright © 2012 John Wiley & Sons, Ltd.