Revisit of Certificateless Signature Scheme Used to Remote Authentication Schemes for Wireless Body Area Networks

The Internet of Things (IoT), recognized as one of the major technological revolutions in the century, is deployed and used today sociality. The related security issues are taken into account by the academia and industry. Recently, an online/offline certificateless signature scheme (OO-CLS) proposed by Saeed et al. is used to construct a heterogeneous remote anonymous authentication protocol (HRAAP) in wireless body area networks based on the IoT. However, in this article, we show that the scheme is vulnerable to the forgery attack which is not necessary to know any information except public system parameters. Furthermore, we show that the sensor node can generate the partial private keys and secret values of other sensor nodes after it obtains its partial private key. This causes that the HRAAP is also insecure. Finally, we improve the OO-CLS and analyze the security of our improved scheme.