Document Type : Research Article


1 Department of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan, Iran

2 Electrical and Computer Engineering Group, Golpayegan College of Engineering, Isfahan University of Technology, Golpayegan, Iran


Wireless Body Area Networks (WBANs) have attracted a lot of attention in recent researches as they play a vital role in diagnosing, controlling and treating diseases. These networks can improve the quality of medical services by following the health status of people and providing online medical advice for them, momentarily. Despite the numerous advantages of these networks, they may cause irrecoverable problems for patients, if security considerations are not properly met. So, it is very important to find solutions for satisfying security requirements in these networks. A signcryption scheme can be considered as one of the most important cryptographic tools for providing the security requirements in WBANs. Recently, Kasyoka et al. proposed a signcryption scheme based on which they designed an access control protocol for WBANs. They proved the security of their proposals in the random oracle model (ROM). In this paper, we concentrate on Kasyoka et al.’s proposals and show that their proposed signcryption scheme and consequently their proposed access control protocol for WBANs are vulnerable against various attacks, in contrast to their claims. Afterward, we fix the scheme to be secure against our proposed attacks.


[1] Philemon Kasyoka, Michael Kimwele, and Shem Mbandu Angolo. Towards an efficient certificateless access control scheme for wireless body area networks. Wireless Personal Communications, 115:1257–1275, 2020.
[2] Insaf Ullah, Muhammad Asghar Khan, Ako Muhammad Abdullah, Fazal Noor, Nisreen Innab, and Chien-Ming Chen. Enabling secure communication in wireless body area networks with heterogeneous authentication scheme. Sensors, 23(3):1121, 2023.
[3] H Azath, J Gokulraj, J Surendiran, D Geetha, and TR Ganesh Babu. Security for health information by elliptical curve diffihellman and improve energy efficiency in wban. In AIP Conference Proceedings, volume 2523, page 020075. AIP Publishing LLC, 2023.
[4] Sunday Oyinlola Ogundoyin and Ismaila Adeniyi Kamil. Paash: A privacy-preserving authentication and fine-grained access control of out-sourced data for secure smart health in smart cities. Journal of Parallel and Distributed Computing, 155:101–119, 2021.
[5] Abdullah M Almuhaideb. Re-auth: Lightweight re-authentication with practical key management for wireless body area networks. Arabian Journal for Science and Engineering, 46(9):8189–8202, 2021.
[6] Senthil Kumar Swami Durai, Balaganesh Duraisamy, and JT Thirukrishna. Certain investigation on healthcare monitoring for enhancing data transmission in wsn. International journal of wireless information networks, pages 1–8, 2021.
[7] G Shanmugavadivel, B Gomathy, and SM Ramesh. An enhanced data security and task flow scheduling in cloud-enabled wireless body area network. Wireless personal communications, 120:849–867, 2021.
[8] Parvin Rastegari and Mojtaba Khalili. Cryptanalysis and improvement of an access control protocol for wireless body area networks. In 2021 18th International ISC Conference on Information Security and Cryptology (ISCISC), pages 57–62. IEEE, 2021.
[9] Adi Shamir. Identity-based cryptosystems and signature schemes. In Advances in Cryptology: Proceedings of CRYPTO 84 4, pages 47–53. Springer, 1985.
[10] Sattam S Al-Riyami and Kenneth G Paterson. Certificateless public key cryptography. In International conference on the theory and application of cryptology and information security, pages 452–473. Springer, 2003.
[11] Xinyi Huang, Willy Susilo, Yi Mu, and Futai Zhang. On the security of certificateless signature schemes from asiacrypt 2003. In International Conference on Cryptology and Network Security, pages 13–25. Springer, 2005.
[12] Dae Hyun Yum and Pil Joong Lee. Generic construction of certificateless signature. In Australasian Conference on Information Security and Privacy, pages 200–211. Springer, 2004.
[13] Kyu Young Choi, Jong Hwan Park, Jung Yeon Hwang, and Dong Hoon Lee. Efficient certificateless signature schemes. In International Conference on Applied Cryptography and Network Security, pages 443–458. Springer, 2007.
[14] Xinyi Huang, Yi Mu, Willy Susilo, Duncan S Wong, and Wei Wu. Certificateless signature revisited. In Australasian Conference on Information Security and Privacy, pages 308–322. Springer, 2007.
[15] Alexander W Dent. A survey of certificateless encryption schemes and security models. International Journal of Information Security, 7(5):349–377, 2008.
[16] Xinyi Huang, Yi Mu, Willy Susilo, Duncan S Wong, and Wei Wu. Certificateless signatures: new schemes and security models. The computer journal, 55(4):457–474, 2012.
[17] Yinghui Zhang, Robert H Deng, Dong Zheng, Jin Li, Pengfei Wu, and Jin Cao. Efficient and robust certificateless signature for data crowdsensing in cloud-assisted industrial iot. IEEE Transactions on Industrial Informatics, 15(9):5099–5108, 2019.
[18] Wenjie Yang, Shangpeng Wang, Xinyi Huang, and Yi Mu. On the security of an efficient and robust certificateless signature scheme for iiot environments. IEEE Access, 7:91074–91079, 2019.
[19] Hongzhen Du, Qiaoyan Wen, Shanshan Zhang, and Mingchu Gao. A new provably secure certificateless signature scheme for internet of things. Ad Hoc Networks, 100:102074, 2020.
[20] Gowri Thumbur, G Srinivasa Rao, P Vasudeva Reddy, NB Gayathri, and DV Rama Koti Reddy. Efficient pairing-free certificateless signature scheme for secure communication in resource-constrained devices. IEEE Communications Let-
ters, 24(8):1641–1645, 2020.