Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Jianbin Gao,Hu Xia,Xiaojiang Du,Moshen Guizani

DOI: https://doi.org/10.3390/s19051235

2019-03-11

Abstract:Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Christian Nii Aflah Cobblah,Hu Xia,Jianbin Gao

DOI: https://doi.org/10.1109/jsyst.2021.3076759

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:The evolution of the Internet of Things has seen data sharing as one of its most useful applications in cloud computing. As eye-catching as this technology has been, data security remains one of the obstacles it faces since the wrongful use of data leads to several damages. In this article, we propose a proxy re-encryption approach to secure data sharing in cloud environments. Data owners can outsource their encrypted data to the cloud using identity-based encryption, while proxy re-encryption construction will grant legitimate users access to the data. With the Internet of Things devices being resource-constrained, an edge device acts as a proxy server to handle intensive computations. Also, we make use of the features of information-centric networking to deliver cached content in the proxy effectively, thus improving the quality of service and making good use of the network bandwidth. Further, our system model is based on blockchain, a disruptive technology that enables decentralization in data sharing. It mitigates the bottlenecks in centralized systems and achieves fine-grained access control to data. The security analysis and evaluation of our scheme show the promise of our approach in ensuring data confidentiality, integrity, and security.

Huaqun Wang,Debiao He,Shaohua Tang

DOI: https://doi.org/10.1109/TIFS.2016.2520886

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:More and more clients would like to store their data to public cloud servers (PCSs) along with the rapid development of cloud computing. New security problems have to be solved in order to help more clients process their data in public cloud. When the client is restricted to access PCS, he will delegate its proxy to process his data and upload them. On the other hand, remote data integrity checking is also an important security problem in public cloud storage. It makes the clients check whether their outsourced data are kept intact without downloading the whole data. From the security problems, we propose a novel proxy-oriented data uploading and remote data integrity checking model in identity-based public key cryptography: identity-based proxy-oriented data uploading and remote data integrity checking in public cloud (ID-PUIC). We give the formal definition, system model, and security model. Then, a concrete ID-PUIC protocol is designed using the bilinear pairings. The proposed ID-PUIC protocol is provably secure based on the hardness of computational Diffie-Hellman problem. Our ID-PUIC protocol is also efficient and flexible. Based on the original client's authorization, the proposed ID-PUIC protocol can realize private remote data integrity checking, delegated remote data integrity checking, and public remote data integrity checking.

Hua Deng,Zheng Qin,Letian Sha,Hui Yin

DOI: https://doi.org/10.1109/jiot.2020.2999350

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Cloud-assisted Internet of Things (IoT) has become an increasingly popular technological trend as the performance of IoT applications can be greatly improved by delegating the cloud to manage massive IoT data. To protect the confidentiality of data outsourced from IoT devices to the cloud, cryptographic mechanisms are usually employed to encrypt the data in such a way that only the user designated by the data owner can decrypt the data. However, in the IoT multiuser environment, the encrypted data may also need to be shared with more users beyond the initially designated one. In this article, we propose a flexible privacy-preserving data sharing (FPDS) scheme in cloud-assisted IoT. With the FPDS scheme, an IoT user can encrypt data to a recipient by using identity-based encryption. More importantly, the IoT user can specify a fine-grained access policy to generate a delegation credential, and then send this credential to the cloud so that it can convert all the encrypted data satisfying the access policy into new ciphertexts that are readable to a new recipient. In this way, IoT users can share the data outsourced to the cloud in a flexible and privacy-preserving manner. Detailed security analysis shows that the FPDS scheme is secure against semitrusted cloud and malicious IoT users. Thorough theoretical and experimental analyses demonstrate the high efficiency of the scheme.

XiaoChun Yin,ZengGuang Liu,Hoon Jae Lee

DOI: https://doi.org/10.1109/icact.2014.6779015

2014-01-01

Journal of Internet Computing and services

Abstract:Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centres located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The rapid growth in field of "cloud computing" also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security, cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. This paper proposes a scheme to securely store and access of data via internet. We have used ECC based PKI for certificate procedure because the use of ECC significantly reduces the computation cost, message size and transmission overhead over RSA based PKI as 160-bit key size in ECC provides comparable security with 1024-bit key in RSA. We have designed Secured Cloud Storage Framework (SCSF). In this framework, users not only can securely store and access data in cloud but also can share data with multiple users through the unsecure internet in a secured way. This scheme can ensure the security and privacy of the data in the cloud.

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.1007/s12652-019-01365-4

2019-01-01

Abstract:Current time organizations have moved from the conventional industries to smart industries by embracing the approach of Industrial Internet of Things (IIoT), which has provided an avenue for the integration of smart devices and communication technologies. IIoT offers reduction of costs on services and technologies since it counts on the flexibility, availability and real-time data processing capabilities of the cloud server. And even with the untrusted nature of the cloud, the privacy and confidentiality of the data outsourced to the cloud has been able to be guaranteed. This has been achieved through encryption techniques apply to the data before outsourcing. This has made it feasible to have the data in the cloud secured. However, the limitation of data recovery due to it having the innate “all-or-nothing” decryption characteristic, results in a challenge in the search functionality for the encrypted data. In order to deal with this challenge, this paper nominates a Certificateless Public Key Cryptography with Authorized Equivalent Test (CL-PKC-AET). Whereby, a cloud server is given authority to actuate if two encryptions consist of the equivalent messages. Furthermore, the extra providence of a fine-grained testing capability to the cloud server makes the CL-PKC-AET scheme adaptable. We define our scheme basing on bilinear pairing and further advocate within the random oracle model its security, based on the Bilinear Diffie-Hellman assumption. Basing on comparison with existing work, our scheme proves to be more effective.

Negalign Wake Hundera,Qian Mei,Hu Xiong,Dagmawit Mesfin Geressu

DOI: https://doi.org/10.3837/tiis.2020.01.025

2020-01-01

KSII Transactions on Internet and Information Systems

Abstract:As a user in modern societies with the rapid growth of Internet environment and more complicated business flow processes in order to be effective at work and accomplish things on time when the manager of the company went for a business trip, he/she need to delegate his/her signing authorities to someone such that, the delegatee can act as a manager and sign a message on his/her behalf. In order to make the delegation process more secure and authentic, we proposed a secure and efficient identity-based proxy signcryption in cloud data sharing (SE-IDPSC-CS), which provides a secure privilege delegation mechanism for a person to delegate his/her signcryption privilege to his/her proxy agent. Our scheme allows the manager of the company to delegate his/her signcryption privilege to his/her proxy agent and the proxy agent can act as a manager and generate signcrypted messages on his/her behalf using special information called "proxy key". Then, the proxy agent uploads the signcrypted ciphertext to a cloud service provider (CSP) which can only be downloaded, decrypted and verified by an authorized user at any time from any place through the Internet. Finally, the security analysis and experiment result determine that the proposed scheme outperforms previous works in terms of functionalities and computational time.

Dexu Bi,Seifedine Kadry,Priyan Malarvizhi Kumar

DOI: https://doi.org/10.1049/iet-its.2019.0833

IF: 2.7

2020-11-01

IET Intelligent Transport Systems

Abstract:In cloud computing, data sharing and security are considered as the significant challenging issues in the present era. Until recently, considering secure data sharing in the cloud, several problems have been taken into consideration, such as data security, privacy, data integrity, confidentiality and resource scheduling. In this study, the hybridised cryptographic-integrated steganography (HCIS) algorithm has been used with auxiliary data inputs for secured data sharing in an internet of things assisted cloud environment for the urban transportation system. Further, the cryptography or cryptology generates code that provides a high level of privacy to the group or individual who can access cloud data. Furthermore, cryptography converts data into a secure format that is readable by an authorised user and steganography helps to transmit secret data to avoid the detection of information. The confidential data is extracted at its destination, and the encryption key has been utilised for hiding or effectively protecting data. The experimental results show that efficient and secure data sharing with multi-owners in cloud computing has been achieved using the HCIS method.

engineering, electrical & electronic,transportation science & technology

Rashad Elhabob,Yanan Zhao,Alzubair Hassan,Hu Xiong

DOI: https://doi.org/10.1007/s11277-020-07190-9

IF: 2.017

2020-01-01

Wireless Personal Communications

Abstract:With the continuous development of the Internet of Things (IoT), a growing number of users choose to store the data collected from their smart devices on a cloud server for saving costs. However, the security and privacy issues that accompany the cloud-assisted IoT are also becoming increasingly apparent. Considering the untrusted nature of the cloud server, the data accumulated by the smart sensor must be encrypted before outsourcing to the cloud server. Nevertheless, the above mechanism raises another serious problem. For users of another public key cryptosystem, it is impractical to download all the data stored in the cloud to find the data he needs. To solve this problem, we first, proposed a public key encryption with equality test for heterogeneous systems (PKE-ET-HS) which combines the ideas of identity-based encryption with outsourced equality test and public key encryption with equality test. This scheme allows the authorized cloud server to retrieve whether two encryptions encrypted in a heterogeneous system contain equivalent messages. In addition, in the random oracle, the security of the proposed scheme has been given under the bilinear Diffie–Hellman assumption and the computational Diffie–Hellman assumption. Finally, storage size, computation complexity, and properties are compared with other related works. The results show that the PKE-ET-HS scheme proposed in this paper has a good performance.

Huanhuan Hu,Longxia Liao,Junhui Zhao

DOI: https://doi.org/10.3390/electronics11101652

IF: 2.9

2022-01-01

Electronics

Abstract:With the expansion of the Industrial Internet of Things (IIoT), real-time data collected by smart sensors deployed in factories are shared over open channels , which may cause unauthorized access of transmitted messages by adversaries, thus causing the problem of privacy leakage. User authentication is the first line of defense for security protection in the IIoT environment. In this paper, we propose a cloud—assisted authentication scheme based on Chebyshev polynomial encryption, in which only authorized users can access the sensing devices in the Internet of Things (IoT) to obtain real-time data. The scheme uses fuzzy extraction technology to verify biometric characteristics. There are three factors to verify the user’s login request: the smart card, password and the user’s personal biometrics. The commonly adopted formal security analysis, the ROR model, is applied to prove the semantic security of session key, and a detailed informal security analysis is performed to show that the proposed scheme can withstand multiple known attacks. Compared with other related user authentication schemes, the proposed scheme provides several extra functionality features, including offline sensor node registration, updating user passwords and biometrics, adding new sensor node deployment, user anonymity and untraceability. In addition, the cost of computation, communication and security is compared with similar schemes, and results show that our scheme has more security performance while the cost is acceptable.

Abdelrhman Hassan,Rashad Elhabob,Umar Ibrahim,Yong Wang

DOI: https://doi.org/10.1007/978-3-030-68884-4_9

2020-01-01

Abstract:Industrial Internet of Things (IIoT) incorporates various varieties of smart devices and communication technologies that allow organizations to move from conventional industries to smart industries. IIoT provides cost-saving and collaboration since it relies on the availability, flexibility, and powerful processing capabilities of the cloud server. Considering the cloud’s untrusted nature, it is essential to protect the IIoT data before uploading it to the server. However, encryption yields a further critical issue. Due to the “All-or-Nothing” decryption characteristic, it is impractical for the users of another public-key cryptosystem to download all the data stored on the server to obtain their needs. In resolving this issue, this paper proposes Efficient Public-Key Cryptography with Equality Test scheme for Heterogeneous Systems (PKC-ET-HS). The PKC-ET-HS scheme incorporates the notions of Certificateless Public-Key Encryption with Equality Test (CL-PKE-ET) as well as the Identity-Based Encryption with Equality Test (IBE-ET). The scheme enables the cloud server to check whether two ciphertexts having their encryptions performed under a heterogeneous systems contain identical messages. Moreover, in the Random Oracle Model (ROM), the modified Bilinear Diffie-Hellman Intractable (mDBHI) assumption is stated to construct the security of the suggested scheme. Ultimately, the performance evaluation authenticates that the suggested scheme is practicable and convenient for IIoT environments.

Zhenyu Wang,Ding Deng,Shen Hou,Yang Guo,Shaoqing Li

DOI: https://doi.org/10.1016/j.comcom.2023.02.015

IF: 5.047

2023-01-01

Computer Communications

Abstract:The remarkable advance of the Internet of Things (IoT) has smoothed the way to the interconnection of various mobile devices in secure access and communication. In order to guarantee user privacy and anonymity in public networks, a large number of mutual authentication and key-sharing protocols between different IoT devices and multi-servers have been proposed. Due to resource-constrained and inefficient IoT devices, most previous protocols can confront assorted malicious attacks, such as eavesdropping, counterfeiting, chip cloning, device forgery, and other attacks. These attacks may be exposed the user’s private key or other sensitive data. To solve these problems, physical unclonable function (PUF) is a lightweight security primitive that utilizes random process deviations that cannot be controlled during chip manufacturing to generate device-unique digital signatures. In this paper, we combined the key-sharing scheme based on PUF on the hardware side, which solves relevant security problems such as device cloning and key tampering. Furthermore, we propose a three-factor secure and efficient authentication and key-sharing protocol, leveraging the inherent security properties of passwords, biometrics, and PUFs. We demonstrate the security of our proposed protocol based on computational Bilinear Diffie–Hellman Problem (BDH) and k-CAA hard problems and the Proverif tool. Compared with existing relevant protocols, our protocol meets various security properties and defends against varied security threats. The low computational cost, communication overhead, and device storage indicate that our protocol is applicable to resource-constrained IoT devices.

Hui Yin,Yangfan Li,Fangmin Li,Hua Deng,Wei Zhang,Keqin Li

DOI: https://doi.org/10.1016/j.sysarc.2022.102533

IF: 5.836

2022-01-01

Journal of Systems Architecture

Abstract:By leveraging the cloud computing paradigm, the cloud-assisted Internet of Things (IoT) is able to offer the massive storage and highly available computation services for end-users. When the data collected from IoT devices is endlessly gathering to the cloud center, the data security become new challenges. Encrypting data is an effective measure to guarantee data confidentiality. However, traditional encryption techniques make the data searching and access control inoperative. Current attribute-based keyword search (ABKS) techniques provide a feasibility to achieve data searching and access control over encrypted data simultaneously. However, existing ABKS schemes leak sensitive information via clear access policy and may be unsuitable for certain IoT applications, where the access policies in data might contain private information of data owners such as the security number or the residential area of a resident in smart grids. In this work, we design an efficient and policy-hiding attribute-based keyword search and data sharing scheme (PH-ABKS-DS) in cloud-assisted IoT. To the best of our knowledge, this construction is the first PH-ABKS-DS with practical efficiency that is constructed on prime order group. We provide detailed correctness and security analyses for PH-ABKS-DS. Extensive experiments demonstrate that our proposed PH-ABKS-DS is correct and practical.

Girraj Kumar Verma,B. B. Singh,Neeraj Kumar,Mohammad S. Obaidat,Debiao He,Harendra Singh

DOI: https://doi.org/10.1016/j.ins.2020.01.006

IF: 8.1

2020-01-01

Information Sciences

Abstract:Recently, the deployment of sensors and actuators to collect and disseminate data in various applications such as e-healthcare, vehicular adhoc networks (VANETs) and smart factories has revolutionized several new communication technologies. The Internet of Things (IoT) is one of those emerging communication technologies. These revolutionary applications of IoT in industrial environment are termed as Industry 4.0 and it has vitalized the concept of Industrial IoT (IIoT). Being wireless communication, the authentication and integrity of data are the most important challenges. To mitigate these challenges, several digital signature schemes are proposed in the literature. However, due to identity-based or certificate-less construction, those schemes suffer from inborn key escrow and secret key distribution problems. To resolve such issues, the first certificate-based proxy signature (PFCBPS) scheme without pairing is proposed. The proposed PFCBPS scheme is provably secure in random oracle model (ROM). The performance comparison (in terms of computational costs of different phases and length of resulting delegation and signature) shows that the proposed PFCBPS scheme's total computational cost is 46.69 ms which is 52.24% of He et al. [8], 61.40% of Debiao et al. [5], 23.33% of Seo et al. [20], 28% of Hu et al. [9] and 36.84% of Verma and Singh [23]. Thus, it is more suitable to IIoT environment than existing competitive schemes. (C) 2020 Elsevier Inc. All rights reserved.

Wenchao Li,Chuanjie Jin,Saru Kumari,Hu Xiong,Sachin Kumar

DOI: https://doi.org/10.1002/ett.3986

IF: 3.6

2020-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:The integration of the Internet of Things (IoT) and cloud computing brings tremendous convenience and efficiency to process and store growing sensor data in healthcare systems. For the security of sensor data collected by healthcare systems, encrypting data before uploading is necessary. Nevertheless, these encrypted form sensor data make it a research challenge to achieve efficient data search and data sharing on the cloud-assisted IoT simultaneously. Encrypting data by public key encryption with equality test (PKE-ET) scheme, identified as a viable solution, is capable to search data encrypted with different keys efficiently. However, how to efficiently share searched healthcare record on the cloud server is still an unsettled problem. To address this problem, we combine the concepts of proxy re-encryption (PRE) and PKE-ET to obtain proxy re-encryption with equality test (PRE-ET). Inheriting the advantages of PKE-ET and PRE, the user can search the required healthcare record data from data encrypted under different public keys. Meanwhile, the searched healthcare record can be shared securely and flexibly without disclosing the secret key and plaintext. We prove the security of our PRE-ET construction based on divisible computation Diffie-Hellman assumption in the random oracle model. Eventually, the proposed scheme is proven useful according to extensive efficiency analysis and comparison.

Wei Luo,Wenping Ma

DOI: https://doi.org/10.1007/s10586-018-2862-z

2018-01-01

Cluster Computing

Abstract:With the rapid development of cloud computing, its security and privacy are of great concern. Since the cloud service provider is not completely trustworthy, the security of the outsourced files has become serious issues. Identity-based proxy re-encryption (IBPRE) schemes have been proposed to achieve feasible access control of encrypted data under the condition of guaranteeing the confidentiality of data, which can transfer the original ciphertexts to the re-encrypted ciphertexts for a designated decryptor. However, most of the existing IBPRE schemes either do not support revocation or computational complexity is too high. In this paper, we combine the properties of constrained pseudorandom functions (PRFs) and key homomorphic PRFs to construct a secure and efficient proxy re-encryption scheme for cloud computing. In our proposed scheme, the data owner authenticates the requesters and distributes the decryption keys by using an identity-based key exchange method. Meanwhile, a proxy re-encryption scheme is used to achieve data sharing and ciphertext update. We present the security proof of our scheme. In addition, compared with other existing schemes, our scheme has low computational complexity and communication cost.

Jawed, Md Saquib,Sajid, Mohammad

DOI: https://doi.org/10.1007/s11227-024-06055-3

IF: 3.3

2024-04-07

The Journal of Supercomputing

Abstract:The exponential growth of Internet-of-Things (IoT) has raised several data security risks to the Fog–Cloud architecture. The performance and the computation cost of security algorithms hinder providing a secure real-time environment for IoT. This study proposes a novel two-layer cryptosystem, Cryptographic Harris Hawks Optimization (CryptoHHO), for Fog–Cloud architecture that reduces security overheads while maintaining confidentiality, integrity, and availability. The first layer of the proposed CryptoHHO is responsible for generating a highly randomized key using HHO to optimize Shannon entropy incorporation with transfer functions and a binarization mechanism. The second layer of CryptoHHO introduces a novel encipher model for encryption and decryption based on the Shift cipher, XOR operator, and an instance of crossover and mutation. The job execution avenue, i.e., Fog or cloud computing, is selected depending on the size of IoT requests, security sensitivity, and time sensitivity. The performance of CryptoHHO is compared against other emerging bio-inspired cryptographic algorithms. It was found that the CryptoHHO performs better than CryptoSSA, CryptoGWO, CryptoPSO, and CryptoWOA algorithms based on entropy, key generation time, transfer function comparison, execution time, and throughput. Further, the robustness of CryptoHHO is examined by various security analyses like brute-force attack resistivity, confusion-diffusion, CIA achievement, and statistical evaluations suggested by NIST and FIPS.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Zhenyu Wang,Ding Deng,Yang Guo,Shaoqing Li

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys57074.2022.00212

2022-01-01

Abstract:The remarkable growth of the Internet of Things (IoT) has paved the way for the interconnection of a wide variety of mobile devices. To protect data confidentiality and user privacy in public networks, most key sharing and management protocols have gained wide attention. Due to the limited resources of IoT devices, relevant security primitives with high communication overhead and slow transmission rates are not suitable for the authentication of lightweight devices. To solve these problems, physical unclonable function (PUF) is lightweight security primitive that exploits the frequency difference during the chip fabrication process for the key generation or device authentication. In this paper, we flexibly configure the oscillation period of the reconfigurable HCRO-PUF to generate a shared key on the hardware side, which solve related security problems such as device cloning and key tampering. Furthermore, we propose a lightweight key sharing and management (LKSM) protocol based on HCRO-PUF for various devices and multi-server architectures. We prove that the proposed protocol satisfies the corresponding security and resistance properties through Ban logic. Compared with existing relevant protocols, security analysis and simulation results show that our protocol defends against multiple attacks. The low computational and communication costs indicate that our protocol is suitable for resource-constrained IoT devices.