LAUSR

Abstract With the rapid popularization of Internet of Things (IoT) in various fields, the security of the IoT has been widely concerned. Security authentication technology is the foundation of the security of the IoT. Certificateless signature, which removes the intricate certificate management and key escrow, is one of the practical methods to provide data integrity and identity authentication for the IoT. At present, many certificateless signature schemes have been put forward, but few of them are secure and suitable for the IoT. Recently, Jia et al. designed a certificateless signature scheme for the IoT deployment. The authors demonstrated that their scheme can withstand attacks of two types of super adversaries. However, we prove that Jia et al.'s scheme cannot resist attacks from a normal Type I adversary, not to mention a super Type I adversary. Then, we put forward a certificateless signature scheme on the basis of elliptic curve cryptosystem, and prove the scheme cannot be forged by two types of super adversaries. Our certificateless signature scheme performs better than the existing certificateless signature schemes, and it is the best combination of high security and efficiency so far and is more appropriate for the resource-constrained IoT environment.