LAUSR

As an important application of the Internet of Things technologies, mobile healthcare crowd sensing (MHCS) still has challenging issues, such as privacy protection and efficiency. Quite recently in the IEEE Internet of Things Journal (DOI: 10.1109/JIOT.2018.2828463), Liu et al. proposed a large-scale concurrent data anonymous batch verification scheme for MHCS, claiming to provide batch authentication, nonrepudiation, and anonymity. However, after a close look at the scheme, we point out that the scheme suffers two types of signature forgery attacks and hence fails to achieve the claimed security properties. In addition, a reasonable and rigorous probability analysis indicates that the security reduction from the security of the scheme to the hardness of the computational Diffie–Hellman problem is invalid. We hope that similar design flaws can be avoided in future design of anonymous batch verification schemes for MHCS.