The Internet of Things (IoT), recognized as one of the major technological revolutions in the century, is deployed and used today sociality. The related security issues are taken into account by the academia and industry. Recently, an online/offline certificateless signature scheme (OO-CLS) proposed by Saeed et al. is used to construct a heterogeneous remote anonymous authentication protocol (HRAAP) in wireless body area networks based on the IoT. However, in this article, we show that the scheme is vulnerable to the forgery attack which is not necessary to know any information except public system parameters. Furthermore, we show that the sensor node can generate the partial private keys and secret values of other sensor nodes after it obtains its partial private key. This causes that the HRAAP is also insecure. Finally, we improve the OO-CLS and analyze the security of our improved scheme.

中文翻译：

---

无线体域网远程认证方案中无证书签名方案的再探讨


物联网（IoT）被认为是本世纪重大技术革命之一，在当今社会得到部署和使用。相关的安全问题受到学术界和工业界的重视。最近，Saeed 等人提出了一种在线/离线无证书签名方案（OO-CLS）。用于构建基于物联网的无线体域网异构远程匿名认证协议（HRAAP）。然而，在本文中，我们表明该方案容易受到伪造攻击，除了公共系统参数之外，不需要知道任何信息。此外，我们表明传感器节点在获得其部分私钥后可以生成其他传感器节点的部分私钥和秘密值。这导致 HRAAP 也不安全。最后，我们改进了OO-CLS并分析了改进方案的安全性。