Mobile Sensoring Data Verification via a Pairing-Free Certificateless Signature Secure Approach against Novel Public Key Replacement Attacks

To achieve flexible sensing coverage with low deployment costs, mobile users need to contribute their equipment as sensors. Data integrity is one of the most fundamental security requirements and can be verified by digital signature techniques. In the mobile crowdsensing (MCS) environment, most sensors, such as smartphones, are resource-limited. Therefore, many traditional cryptographic algorithms that require complex computations cannot be efficiently implemented on these sensors. In this paper, we study the security of certificateless signatures, in particular, some constructions without pairing. We notice that there is no secure pairing-free certificateless signature scheme against the super adversary. We also find a potential attack that has not been fully addressed in previous studies. To handle these two issues, we propose a concrete secure construction that can withstand this attack. Our scheme does not rely on pairing operations and can be applied in scenarios where the devices' resources are limited.