Yumei Li,Futai Zhang,Xin Liu

DOI: https://doi.org/10.1109/tsc.2020.3039976

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:With the appearance and flourishing development of the Internet of Things (IoT), wireless sensor networks technology has been attracting increasing attention. Network coding is an indispensable technology in the wireless sensor networks, which can improve network transmission throughput. However, pollution attacks is a serious security problem that must be faced in the process of data coding. Although the homomorphic network coding signature schemes can solve this troublesome, the high signature generation and verification cost of these schemes will reduce the transmission efficiency. In this article, we propose an efficient identity-based linearly homomorphic network coding signature scheme for wireless sensor networks to guarantee data integrity and authenticity. In our scheme, the computation cost of signature generation and verification are both independent of the size of the data packet. The scheme is proved secure against existential forgery under adaptive chosen identity and adaptive chosen subspace attacks in random oracle model. Using Java pairing-based Cryptography Library (JPBC), the simulation results illustrate that our scheme is more efficient in practical application.

computer science, information systems, software engineering

Xuan Zhou,Tanping Zhou,Yuan Tian,Weidong Zhong,Xiaoyuan Yang

DOI: https://doi.org/10.1109/jiot.2024.3443282

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:As the Internet of Things (IoT) is booming, the transmission speed of data in the network is getting more and more attention. Network coding is an effective technique to improve network throughput. In network coding, the encoded packets must be integrity-checked to prevent pollution attacks. Some linearly homomorphic signature schemes based on bilinear pairs have been used to check the integrity of packets, and so far the scheme LZL20 is the most efficient signature scheme among them. Here, we first analyze the security model and signature structure of LZL20, and find that there is a security vulnerability in the scheme. Experiments show that for a 12~18 KB file, our signature forgery algorithm can forge a message/signature pair with 100% probability within 3~5 ms. Then, we construct a linearly homomorphic signature scheme with higher signature efficiency and shorter signature length. In random oracle model, we proved the scheme is existentially-unforgeable under adaptive chosen message attacks. We theoretically analyze our signature length to be 320 bits shorter than LZL20. Finally, we implement our scheme, and for a 12~18 KB file, experiments show that the signature time of our scheme is 60.93%~62.59% of that of LZL20.

Jinyong Chang,Yanyan Ji,Bilin Shao,Maozhi Xu,Rui Xue

DOI: https://doi.org/10.1109/TNET.2020.3013902

2020-12-15

IEEE/ACM Transactions on Networking

Abstract:Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks. As a public key cryptographic primitive, it also encounters the same problem of how to confirm the relationship between some public key $pk$ and the identity $ID$ of its owner. In the setting of distributed network coding, the intermediate and destination nodes need to use the public key of source node S to check the validity of vector-signature pairs. Therefore, the binding of S and its corresponding public key becomes crucial. The popular and traditional solution is based on certificates which are issued by a trusted certification authority (CA) center. However, the generation and management of certificates is extremely cumbersome. Hence, in recent work, Lin et al. proposed a new notion of identity-based homomorphic signature, which intends to avoid using certificates. But the key escrow problem is inevitable for identity-based primitives. In this article, we propose another new notion (for network coding): certificateless homomorphic signature (CLHS), which is a compromise for the above two techniques. In particular, we first describe the definition and security model of certificateless homomorphic signature. Then based on bilinear map and the computational Diffie-Hellman (CDH) assumption, give a concrete implementation and detailedly analyze its security. Finally, performance analysis illustrates that our construction is practical.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Yixin Jiang,Haojin Zhu,Minghui Shi,Xuemin (Sherman) Shen,Chuang Lin

DOI: https://doi.org/10.1016/j.comnet.2009.08.006

IF: 5.493

2010-01-01

Computer Networks

Abstract:The network coding based applications are vulnerable to possible malicious pollution attacks. Signature schemes have been well-recognized as the most effective approach to address this security issue. However, existing homomorphic signature schemes for network coding either incur high transmission/computation overhead, or are vulnerable to random forgery attacks. In this paper, we propose a novel dynamic-identity based signature scheme for network coding by signing linear vector subspaces. The scheme can rapidly detect/drop the packets that are generated from pollution attacks, and efficiently thwart random forgery attack. By employing fast packet-based and generation-based batch verification approaches, a forwarding node can verify multiple received packets synchronously with dramatically reduced total verification cost. In addition, the proposed scheme provides one-way identity authentication without requiring any extra secure channels or separate certificates, so that the transmission cost can be significantly reduced. Simulation results demonstrate the practicality and efficiency of the proposed schemes.

Kuan Wang,Mingxuan Song,Genqing Bian,Bilin Shao,Kaiqi Huang

DOI: https://doi.org/10.3390/electronics13071316

IF: 2.9

2024-04-01

Electronics

Abstract:Network coding is a potent technique extensively utilized in decentralized Internet of Things (IoT) systems, including the Internet of Medical Things (IoMT). Nevertheless, the inherent packet-mixing characteristics of network coding expose data transmission to pollution attacks, potentially compromising the integrity of original files. The homomorphic signature scheme serves as a robust cryptographic tool that can bolster network coding's resilience against such attacks. However, current schemes are computationally intensive for signature verification, making them impractical for IoMT environments. In this study, we propose a lightweight identity-based network coding scheme (IBNS) that minimizes computational overhead during the signing and verification processes. This scheme has been demonstrated to be secure against adaptive chosen-message attacks and is well-suited for IoMT applications. Furthermore, we assess the performance of our IBNS through both theoretical and experimental analyses. Simulation outcomes confirm that our scheme outperforms previous ones in terms of practicality and efficiency.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Mingxi Yang,Wenjie Yan,Huajing Fang

DOI: https://doi.org/10.1260/1748-3018.6.1.17

2012-01-01

Journal of Algorithms & Computational Technology

Abstract:It has been proven that network coding can provide significant benefits to networks, but such systems are very vulnerable to pollution attacks. In recent years, many schemes have been designed to prevent these attacks. But most of them are based on expensive operation, such as discrete logarithms and Weil pairing operations on elliptic curves, these schemes are inefficient in verifying the integrity of messages and not suitable for those scenarios with low computing capability such as mobile Ad hoc networks and wireless sensor networks. In this paper, we proposed a novel signature scheme for network coding based on a homomorphic public cryptography. This scheme can detect those polluted messages and discard them. What's more, replaying attacks are also infeasible in this scheme. The most important feature of this scheme is the improvement of the authentication efficiency with a fast computation, that is, the time complexity of the verification in our signature scheme is much less than those in the existing algorithms.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Wenzhan Zhang,Yanhui Zhang,Chong Guo,Qi An,Yuming Guo,Ximing Liu,Shijun Zhang,Junjia Huang

DOI: https://doi.org/10.1155/2022/3687332

IF: 3.12

2022-02-26

Computational Intelligence and Neuroscience

Abstract:The rapid development of the Internet of Things (IoT) has accelerated the integration of science and technology with life, enabling the public to start enjoying the convenience brought by intelligent living. However, there are multiple resource-constrained sensing devices in IoT, which are always facing various external or internal attacks, making it difficult to ensure the secure transmission of sensitive data in IoT. Therefore, to address the problem of data transmission in resource-constrained devices in IoT, we propose a new certificateless hybrid signcryption scheme for IoT. It is a novel scheme that satisfies confidentiality and unforgeability, showing higher computational efficiency and lower overhead of transmission. To prove that it satisfies the efficent transmission of IoT, we conduct simulation experiments, and the experimental results show that our proposed scheme has higher efficiency than the existing schemes.

mathematical & computational biology,neurosciences

Chi Cheng,Tao Jiang,Yining Liu,Mingwu Zhang

DOI: https://doi.org/10.1002/sec.1321

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:Recently, Liu and Wang proposed a homomorphic signature scheme for network coding, which was claimed to resist against pollution attacks. However, we show that in Liu and Wang's scheme, after several generations, the adversary is able to launch a successful forgery attack with a high probability. Therefore, Liu and Wang's scheme is not secure. After analyzing the cause of the attack, an improved scheme is given, which can combat against the proposed attack in an efficient way. Copyright © 2015 John Wiley & Sons, Ltd.

Wenjie Yan,Mingxi Yang,Layuan Li,Huajing Fang

DOI: https://doi.org/10.1016/j.comcom.2011.10.012

IF: 5.047

2012-01-01

Computer Communications

Abstract:It has been proven that network coding can provide significant benefits to networks. However, network coding is very vulnerable to pollution attacks. In recent years, many schemes have been designed to defend against these attacks, but as far as we know almost all of them are inapplicable for multi-source network coding system. This paper proposed a novel homomorphic signature scheme based on bilinear pairings to stand against pollution attacks for multi-source network coding, which has a broader application background than single-source network coding. Our signatures are publicly verifiable and the public keys are independent of the files so that our scheme can be used to authenticate multiple files without having to update public keys. The signature length of our proposed scheme is as short as the shortest signatures of a single-source network coding. The verification speed of our scheme is faster than those signature schemes based on elliptic curves in the single-source network.

Wenjie Yan,Mingxi Yang,Layuan Li,Huajing Fang

DOI: https://doi.org/10.1109/MINES.2009.162

2009-01-01

Abstract:It has been proven that network coding can provide significant benefits to network protocols. However, network coding is very vulnerable to pollution attacks. In recent years, many schemes have been designed to defend against these attacks, but as far as we know that almost all of them are merely suitable for single-source network coding system. In this paper, we proposed a homomorphic signature scheme based on bilinear pairings to stand against the security challenges in multi-source network coding, which is more prevalent than single-source network coding. This scheme can filter out all the forged packets coming from not only intermediate nodes but also source nodes. The signatures in our scheme have short size about 160 bits, and the senders needn't know all the message packets in advance.

裴恒利,尚涛,刘建伟

DOI: https://doi.org/10.3969/j.issn.1000-436x.2013.04.004

2013-01-01

Abstract:A secure network coding method merged with timestamp and homomorphic signature which can solve security issues in wireless multi-hop networks was proposed. The timestamp into RSA-based homomorphic signature scheme was brought and used to produce random coefficients of network coding, thus made it possible to defend pollution attacks and replay attacks simultaneously while maintaining the homomorphic property of the signature. The analysis that mainly fo-cus on was the influence of random coefficients on decoding probability of network coding and security of the proposed scheme. Results indicate that the proposed scheme can defend pollution attacks and replay attacks simultaneously, and the ratio of overhead between RSA-based homomorphic signature scheme and the proposed scheme is approximates 1.

Man Liang,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e96.a.1889

2013-01-01

Abstract:Wireless sensor network (WSN) using network coding is vulnerable to pollution attacks. Existing authentication schemes addressing this attack either burden the sensor node with a higher computation overhead, or fail to provide an efficient way to mitigate two recently reported attacks: tag pollution attacks and repetitive attacks, which makes them inapplicable to WSN. This paper proposes an efficient hybrid cryptographic scheme for WSN with securing network coding. Our scheme can resist not only normal pollution attacks, but the emerging tag pollution and repetitive attacks in an efficient way. In particular, our scheme is immediately suited for distributing multiple generations using a single public key. Experimental results show that our scheme can significantly improve the computation efficiency at a sensor node under the two above-mentioned attacks.

Chi Cheng,Jemin Lee,Tao Jiang,Tsuyoshi Takagi

DOI: https://doi.org/10.1109/tifs.2016.2515517

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Recently, based on the homomorphic signatures, the authentication schemes, such as homomorphic subspace signature (HSS) and key predistribution-based tag encoding (KEPTE), have been proposed to resist against pollution attacks in network coding. In this paper, we show that there exists an efficient multigeneration pollution attack on HSS and KEPTE. In particular, we show that using packets and their signatures of different generations, the adversary can create invalid packets and their corresponding signatures that pass the verification of HSS and KEPTE at intermediate the nodes as well as at the destination nodes. After giving a more generic attack, we analyze the cause of the proposed attack. We then propose the improved key distribution schemes for HSS and KEPTE, respectively. Next, we show that the proposed key distribution schemes can combat against the proposed multi-generation pollution attacks. Finally, we analyze the computation and communication costs of the proposed key distribution schemes for HSS and KEPTE, and by implementing experiments, we demonstrate that the proposed schemes add acceptable burden on the system.

Lawrence Tandoh,Li Fagen,Ali Ikram,Haruna Charles R.,Kpiebaareh Michael Y.,Christopher Tandoh

DOI: https://doi.org/10.1007/s11235-021-00842-6

2021-01-01

Telecommunication Systems

Abstract:One of the major security threats that plague network coding are pollution attacks. Therefore, the ability to authenticate the contents of received packets is a vital requirement of all network coding authentication schemes. One of the most famous cryptographic approaches used to mitigate data and tag pollution in network coding are homomorphic message authentication codes (HMACS). In this approach, authentication is achieved by appending one or more HMAC tag vectors and in some cases a homomorphic cryptographic signature to the packet payload. Two major concerns arise when designing authentication schemes for network coding. These are the costs associated with the communication and computational overheads. These two factors determine the efficiency and practicality of the scheme. Unfortunately, in most cases, lowering one of the costs results in an increase in the other. In this paper we propose an efficient data and tag pollution immune authentication scheme based on HMACs and a homomorphic cryptographic signature. In our evaluation of the performance of the proposed scheme we compared it with three other similar state of the art schemes. The result of our evaluation showed that the proposed scheme incurs a computational overhead that is up to 64–97% lower at the source and non-source nodes. The proposed scheme also fairs well with respect to communication overhead where it is only outperformed by one of the three schemes. This difference however is minute (one symbol) and is greatly outweighed by the proposed schemes lower computational overhead.

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Xiang Liu,Jie Huang,Yuanxi Wu,Guowen Zong

DOI: https://doi.org/10.1109/access.2019.2933870

IF: 3.9

2019-01-01

IEEE Access

Abstract:In this paper, a novel privacy-preserving signature scheme for network coding is proposed, which can mitigate both intra-generation and inter-generation pollution attacks efficiently, and leverage the inherent security property of random network coding to prevent eavesdropping attacks at the same time. Our scheme is constructed on a bi-linear map between two multiplicative cyclic groups with the same order, and its security relies on the hardness of the discrete logarithm problem. We proved that the construction of our scheme is correct, and also showed that our scheme is resistant against both pollution attacks and eavesdropping attacks by demonstrating that the probabilities of an adversary recovering the native messages and forging a valid signature for a bogus packet are both negligible functions of the security parameter. We evaluated the performance of our scheme in terms of communication overhead and computational complexity, and carried out extensive experiments to compare the running time of different procedures between our scheme and several previous schemes. The experimental results showed that our scheme is more efficient than the previous schemes simulated.

Zhiwei Wang,Zhiyuan Cheng,Nianhua Yang

DOI: https://doi.org/10.1007/978-3-030-34637-9_25

2019-01-01

Abstract:In this paper, we propose an ID-based linear homomorphic cryptosystem, which consisted of an ID-based encryption scheme with homomorphic property and a linearly homomorphic signature scheme, where the linearly homomorphic signature scheme is compatible with the privacy-protection data aggregation. Then, we propose a secure and efficient ID-based meter report protocol for the isolated smart grid devices, which can not only protect against unauthorized reading, unintentional errors and maliciously altering messages, but also achieve privacy-preserving for the customers. We provide security analysis of our protocol in context of five typical attacks. The implementation of our protocol on the Intel Edison Platform shows that our protocol is efficient enough for the physical constrained devices, like smart grid devices.

Xiaoyan Hu,Shaoqi Zheng,Jian Gong,Guang Cheng,Guoqiang Zhang,Ruidong Li

DOI: https://doi.org/10.1145/3341188.3341191

2019-01-01

Abstract:Network coding has been proposed to be built into Named Data Networking (NDN) for achieving efficient simultaneous content delivery. Network coding allows intermediate nodes to perform arbitrary coding operations on Data packets. One salient feature of NDN is its content-based security by protecting each Data packet with a signature signed by its publisher. However, in the network coding-based NDN, it remains unclear how to securely and efficiently sign a recoded Data packet at an intermediate router. This work proposes a mechanism to enable linearly homomorphic signatures in network coding-based NDN so as to directly generate a signature for a recoded Data packet by combining the signatures of those Data packets on which the recoding operation is performed.