Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

O V Nissenbaum,K Y Ponomarov,A A Zaharov

DOI: https://doi.org/10.1088/1742-6596/998/1/012020

2018-04-01

Journal of Physics: Conference Series

Abstract:This article proposes a three-side cryptographic scheme for verifying device attributes with a Supervisor and a Certification Authority (CA) for attribute-based encryption. Two options are suggested: using a message authentication code and using a digital signature. The first version is suitable for networks with one CA, and the second one for networks with several CAs, including dynamic systems. Also, the addition of this scheme with a blind signature is proposed to preserve the confidentiality of the device attributes from the CA. The introduction gives a definition and a brief historical overview of attribute-based encryption (ABE), addresses the use of ABE in the Internet of Things.

Yanzhong Sun,Xiaoni Du,Shufen Niu,Siwei Zhou

DOI: https://doi.org/10.1371/journal.pone.0297002

IF: 3.7

2024-01-31

PLoS ONE

Abstract:In the environment of big data of the Internet of Things, smart healthcare is developed in combination with cloud computing. However, with the generation of massive data in smart healthcare systems and the need for real-time data processing, traditional cloud computing is no longer suitable for resources-constrained devices in the Internet of Things. In order to address this issue, we combine the advantages of fog computing and propose a cloud-fog assisted attribute-based signcryption for smart healthcare. In the constructed "cloud-fog-terminal" three-layer model, before the patient (data owner)signcryption, it first offloads some heavy computation burden to fog nodes and the doctor (data user) also outsources some complicated operations to fog nodes before unsigncryption by providing a blinded private key, which greatly reduces the calculation overhead of resource-constrained devices of patient and doctor, improves the calculation efficiency. Thus it implements a lightweight signcryption algorithm. Security analysis confirms that the proposed scheme achieves indistinguishability under chosen ciphertext attack and existential unforgeability under chosen message attack if the computational bilinear Diffie-Hellman problem and the decisional bilinear Diffie-Hellman problem holds. Furthermore, performance analysis demonstrates that our new scheme has less computational overhead for both doctors and patients, so it offers higher computational efficiency and is well-suited for application scenarios of smart healthcare.

multidisciplinary sciences

Dongmei Chen,Yining Liu,Fei Zhou,Lihui Li,Yangfan Liang

DOI: https://doi.org/10.1016/j.sysarc.2024.103268

IF: 5.836

2024-08-30

Journal of Systems Architecture

Abstract:The widespread application of wireless sensor technology in the Internet of Things (IoT) industry significantly enhances productivity. However, the large scale deployment of IoT and the inherent vulnerabilities of wireless communication methods to attacks present significant new challenges. Consequently, there is a need to address the efficiency and security of information transfer in IoT. To effectively solve these issues, this paper presents a secure and efficient pairing-free certificateless aggregated signcryption (CL-ASC) scheme for IoT based on the elliptic curve cryptosystem. Our scheme avoids the complex certificate management issues associated with Public Key Cryptography (PKC) and the key escrow problem found in identity-based cryptography, while maintaining the storage and communication efficiency benefits of aggregated signcryption. The use of secure signcryption and aggregation techniques effectively resists a variety of potential attacks. Both formal and informal security analyses demonstrate that our scheme meets the expected security requirements. Specifically, our scheme shows significant improvements in computational and communication overheads. Compared to other state-of-the-art protocols, our scheme achieves signcryption computation cost of 0.691 ms, unsigncryption computation cost of 3.917 ms for 5 messages, and a total cost of 4.608 ms for 5 messages. Additionally, it provides a signcryption communication overhead of 128 bytes and aggregated communication overhead of 580 bytes for 5 messages.

computer science, software engineering, hardware & architecture

Weichu Deng,Jin Li,Hongyang Yan,Arthur Sandor Voundi Koe,Teng huang,Jianfeng Wang,Cong Peng

DOI: https://doi.org/10.1016/j.jisa.2024.103885

IF: 4.96

2024-09-14

Journal of Information Security and Applications

Abstract:In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper's motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.

computer science, information systems

Ke Zhang,Jiahuan Long,Xiaofen Wang,Hong-Ning Dai,Kaitai Liang,Muhammad Imran

DOI: https://doi.org/10.1109/tii.2020.3014168

IF: 12.3

2021-06-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IoT) has suffered from insufficient identity authentication and dynamic network topology, thereby resulting in vulnerabilities to data confidentiality. Recently, the attribute-based encryption (ABE) schemes have been regarded as a solution to ensure data transmission security and the fine-grained sharing of encrypted IoT data. However, most of existing ABE schemes that bring tremendous computational cost are not suitable for resource-constrained IoT devices. Therefore, lightweight and efficient data sharing and searching schemes suitable for IoT applications are of great importance. To this end, In this article, we propose a light searchable ABE scheme (namely LSABE). Our scheme can significantly reduce the computing cost of IoT devices with the provision of multiple-keyword searching for data users. Meanwhile, we extend the LSABE scheme to multiauthority scenarios so as to effectively generate and manage the public/secret keys in the distributed IoT environment. Finally, the experimental results demonstrate that our schemes can significantly maintain computational efficiency and save the computational cost at IoT devices, compared to other existing schemes.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Sumithra Alagarsamy,Vijayalakshmi Nagarajan,M. M. Yamuna Devi

DOI: https://doi.org/10.1007/s11276-023-03624-x

IF: 2.701

2024-01-31

Wireless Networks

Abstract:The technological breakthroughs of Internet of thing (IoT) applications in various sectors are nowadays contributing to the development of smart mobile IoT (SM-IoT). Lack of authentication and encryption schemes make SM-IoT more susceptible to major security and privacy issues. Signcryption has evolved as a new paradigm in recent years that provides better authenticity and security to the messages and minimizes both computation cost and communication costs simultaneously. To secure the communicated message on the sender and receiver sides, this paper proposes an efficient and secure decentralized communication system to offer personalized service for the users. The proposed network framework comprises four key entities namely trusted service providers, gateways, resource senders, and receivers. The master private keys are generated at the initial setup phase. Then, the optimal partial private keys are extracted and broadcasted through the channel by the key extraction process utilizing the fuzzy whale sine cosine levy algorithm. The ciphertext is generated for the sender on signcryption using a modified Identity-based Cryptography approach. The signcryption ciphertext generated is broadcasted via gateways to the receiver by measuring verification parameters. Finally, the designcryption process is performed using the certificateless hybrid signcryption scheme to retrieve the plaintext message. The proposed secure communication network is evaluated using performance metrics such as bilinear pairing time, modular experimentation time, pairing-based experimentation time, elliptic curve (EC) scalar point multiplication time, map-to-point hash function time, and EC point addition time. The experimental results revealed the effectiveness of the proposed secure communication framework on both the sender and receiver sides.

computer science, information systems,telecommunications,engineering, electrical & electronic

Meng Xian Yong,Chen Zhong,Meng Xiang Yu

DOI: https://doi.org/10.4028/www.scientific.net/amm.475-476.1144

2013-01-01

Applied Mechanics and Materials

Abstract:In this paper, a novel decentralized key-policy attribute-based signcryption (ABS) scheme is proposed, where each authority can generate secret-public key pair for the user independently without any cooperation and a centralized authority. In the proposed scheme, each authority can join or leave the system randomly without reinitializing the system, and issue secret-public keys to user respectively. Therefore, it is clear that the multi-authority attribute-based access control scheme can reduce the communication cost and the collaborative computing cost. Additionally, the attribute-based signcryption scheme is efficient in terms of both the identification authentication and the confidential communication, and can realize security secret sharing in cloud computing environments.

Huifang Yu,Runtao Ren

DOI: https://doi.org/10.1109/jsyst.2021.3096531

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:Driven by new situation of "Internet +," Internet has achieved the integrated development with all walks of life. Among them, the fifth generation is a key technology to promote the deep integration of Internet-of-Things equipment, cloud computing, blockchain and other trades. Hence, it is necessary for IoTs to consider the cost and efficiency of authentication and confidentiality of the communication. For effectively solving the above problems, we devise certificateless elliptic curve aggregate signcryption (CL-ECASC) scheme for IoTs that can improve the authentication efficiency, realize data confidentiality, and avoid the problems of complex certificate management and key escrow. Under the hardness of discrete logarithm and computational DiffieHellman problems on elliptic curve, CL-ECASC is proved to has the IND-CCA2 security (indistinguishability under the adaptive chosen-ciphertext attacks) and UF-CMA security (existentially unforgeable under the adaptive chosen-message attacks). CL-ECASC has relatively faster computation efficiency and lower communication cost, and so it is suitable for secure transmission of the information in the previously mentioned environments.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Hu Xiong,Xin Huang,Minghao Yang,Lili Wang,Shui Yu

DOI: https://doi.org/10.1109/jiot.2021.3094323

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:Existing attribute-based encryption (ABE) schemes with revocation to secure the cloud-assisted Internet of Things (IoTs) raise challenges, such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently, and achieving adaptive security under standard security assumption. In this article, we address these challenges by proposing an unbounded and efficient revocable ABE scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters do not need to be predefined in the system initialization and thus, our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

M. Shand,J. Walling

DOI: https://doi.org/10.1109/JQE.1982.1071470

IF: 2.5

1982-11-01

IEEE Journal of Quantum Electronics

Abstract:Emerald is a new broadly wavelength-tunable vibronic laser material with stimulated emission in the red to infrared due to⁴<tex>T_{2} \rightarrow</tex>⁴<tex>A</tex>transitions of Cr³⁺. Emerald has gain from 12 050 cm^-1to 14 000 cm^-1with high gain from about 12 300 cm^-1to 13 700 cm^-1. An emerald laser oscillator has been achieved, but has high losses.

Jianhua Yan,Licheng Wang,Muzi Li,Haseeb Ahmad,Jun Yue,Wenbin Yao

DOI: https://doi.org/10.1109/access.2019.2900003

IF: 3.9

2019-01-01

IEEE Access

Abstract:For realizing the fine-grained access control with non-interactive approach, and effectively guaranteeing the comprehensive security for information under the post-quantum environment, this paper proposes an attribute-based signcryption (ABSC) scheme based on the intractability of lattices. The proposed ABSC scheme is proved indistinguishable against the inner adaptive-chosen ciphertext attacks (IND-CCA2) and existentially unforgeable against inner chosen-message attacks (EUF-CMA), in the standard model. The theoretical analysis presents that the public key size and the computational cost of the signcryption operation are both reduced obviously, compared with the signature and then encryption mechanism. An efficient variant is also presented that significantly decreases the computational complexity of unsigncryption operation at the expense of an increase in the ciphertext size.

Zhan Xie,Yong Chen,Ikram Ali,Chengwei Pan,Fagen Li,Wen He

DOI: https://doi.org/10.1109/tvt.2022.3230442

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:The emergence of the vehicular ad-hoc network (VANETs) could meet the need for an efficient and safe transportation. Vehicles wirelessly interact with nearby road-side units (RSUs) and send the data to the cloud servers (CS), but this approach has limitations (i.e., network congestion and privacy leakage). Edge computing can effectively solve problems of network congestion, feedback delay and privacy leakage during transmission caused by CS. Thus, this paper proposes a certificateless aggregate signcryption with onlineoffline encryption (CLOASC) based on edge computing (EDC). Correspondingly, certificateless signcryption (CLSC), onlineoffline encryption (OOE) and aggregate signcryption technology solve the key escrow problem, shorten the encryption time and realize the quick verification of multiple users, respectively. Furthermore, it is worth mentioning that the scheme we propose does not have any bilinear pairings or scalar multiplications in the online encryption stage, which greatly reduces the computational cost in the online stage. In the random oracle model, our scheme was proved to be existential unforgeability under adaptive chosen message attacks (EUF-ACM) and adaptive indistinguishability under chosen-ciphertext attack (IND-CCA2) security. Simulation results show that our scheme is computationally and communication based lightweight as compared to the related.

telecommunications,engineering, electrical & electronic,transportation science & technology

Arif Raza,Salabat Khan,Shivanshu Shrivastava,M. Wasim Abbas Ashraf,Ting Wang,Kaishun Wu,Wang Lu

DOI: https://doi.org/10.1016/j.comnet.2024.110537

IF: 5.493

2024-05-26

Computer Networks

Abstract:With the increasing adoption rate of Internet of Things (IoT) devices in smart home applications, it is vital to safeguard the privacy and security of information, communications among IoT devices, and the underlying infrastructure. In open communication scenarios, an adversary can easily tamper with data transmitted by IoT communication devices. This paper proposes a softwarized lightweight authentication key agreement scheme for smart home applications in Software-Defined IoT (SDIoT) environment. The proposed scheme comprises registration, authentication, and key selection phases. Devices are registered in the registration phase after the successful completion of validation checks, while sessions' keys are granted to the registered devices in the authentication phase. In the final phase, controllers classify IoT devices based on pre-defined parameters and impose class-specific access control based on classification. The security of the proposed scheme is validated using the widely accepted AVISPAs verification tool against a strong adversary. Simulation results demonstrate that our proposed scheme outperforms existing schemes in terms of running time, computation complexity, and energy consumption. It is found that the proposed scheme has significant cost-effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Suhui Liu,Jiguo Yu,Yinhao Xiao,Zhiguo Wan,Shengling Wang,Biwei Yan

DOI: https://doi.org/10.1109/jiot.2020.2993231

IF: 10.6

2020-09-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) changed our lives with huge amounts of data production. Due to source-limited IoT devices, one of the best ways to process the data is cloud storage. However, a series of security and privacy issues arise, such as illegal data access, data tampering, and privacy leak. Though symmetric encryption can guarantee data confidentiality, it cannot realize fine-grained data sharing and searching. The keyword-based searchable attribute-based encryption (KSABE) can achieve data confidentiality and fine-grained access control. More importantly, it realizes a keyword-based search for data users. However, the heavy decryption computation burden and the management of massive user keys appear when implementing attribute-based encryption schemes to IoT. Therefore, this article proposes a blockchain-aided searchable attribute-based encryption (BC-SABE) with efficient revocation and decryption, where the traditional centralized server is replaced with a decentralized blockchain system being in charge of the threshold parameter generation, key management, and user revocation. All revocation tasks are done by the blockchain and it is on longer necessary for ciphertext reencryption and key update. Moreover, users utilize the coalition blockchain to generate partial tokens. Besides, the cloud server contained in our scheme not only stores the massive encrypted data but also performs search and predecryption for users who only require one exponentiation in the group ${mathbb {G}}$ to decrypt fully. Security analyses prove that our scheme realizes the security under the chosen plaintext attack and the chosen keyword attack. Simulations show that the decryption and token generation cost of our scheme are preferable.

computer science, information systems,telecommunications,engineering, electrical & electronic

Arijit Karati,Chun-I Fan,Ruei-Hau Hsu

DOI: https://doi.org/10.1109/jiot.2019.2939204

IF: 10.6

2019-12-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) is revolutionizing our modern lives by introducing active connection between smart devices. However, IoT devices are repeatedly exhibiting many security flaws, which will inevitably lead to eavesdropping and impersonation attacks. Thus, providing a proper security in IoT becomes a prime focus for the researchers. In cryptography, certificateless signcryption (CLSC) is one of the recent public key techniques for the security requirements of the authenticity and confidentiality of any message between the parties. In this article, a new generalized CLSC (gCLSC) is introduced to provide the functions of digital signature and encryption to fulfill the authenticity and confidentiality for the resource-constrained IoT devices. Besides, the gCLSC supports the property of public verifiability and security of an ideal signcryption under the strong Diffie–Hellman and bilinear Diffie–Hellman inversion problems without random oracle model. Performance assessment of the gCLSC gives satisfactory results after comparing with other competitive CLSC schemes in terms of its functionality. Therefore, the gCLSC can be adopted in the IoT networks where authenticity, confidentiality, and lightweight are the essential factors.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people&#x27;s life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user&#x27;s public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Chong Guo,Bei Gong,Muhammad Waqas,Hisham Alasmary,Shanshan Tu,Sheng Chen

DOI: https://doi.org/10.3390/s24216843

IF: 3.9

2024-10-25

Sensors

Abstract:The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT's security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation