Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Min Liu,Liangliang Wang,Kai Zhang,Yu Long,Baodong Qin

DOI: https://doi.org/10.1007/s12083-023-01610-w

IF: 3.488

2024-01-16

Peer-to-Peer Networking and Applications

Abstract:Wireless medical sensor networks (WMSNs) realize remote monitoring of patients' health status through the combination of medical sensors and wireless communication. There is an urgent need to ensure the integrity, authenticity, authentication, and privacy of patients' medical data and improve treatment outcomes. Currently, many aggregate signature schemes have been developed to protect patients' medical data in WMSNs. Among them, the pairing operation and key exposure in some aggregate signature schemes can raise efficiency and security issues in medical data transmission, and some of them do not achieve equivalent security, which leads to healthcare professionals receiving inaccurate medical data. Aiming at these, this paper proposes a pairing-free certificate-based key-insulated aggregate signature scheme (CB-KIAS) in WMSNs, which introduces key-insulated technique that can effectively avoid the problem of key exposure. According to formal security proof, this scheme is unforgeable against adaptive-chosen message attacks and having the equivalent security of aggregate signature to ensure that the validity of the aggregate signature is equal to the validities of all single signatures to resist fully chosen-key attacks. The proposed CB-KIAS scheme, utilizing elliptic curves and the combination of online/offline cryptography mechanism, is effective and more suitable for resource-constrained medical sensors when compared with other related schemes.

computer science, information systems,telecommunications

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

潘巨龙,李善平,吴震东,张道远

DOI: https://doi.org/10.3969/j.issn.1004-1699.2009.06.016

2009-01-01

Abstract:A design of secure community healthcare monitoring system based on wireless sensor networks is presented.To address the issues of system security and be resilient to diverse attacks,the system protects sensitive data from being attacked by using Elliptic Curve Cryptography and digital signature scheme in those resource-constrained sensor nodes.A secure architecture of community healthcare monitoring system is proposed.Experiment result shows that the system can resist some outer attacks(such as eavesdropping) and inner attacks.

Yanfei Fan,Bin Lin,Yixin Jiang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2008.ecp.891

2008-01-01

Abstract:In this paper, we propose an efficient privacy-preserving scheme for secure packet transmission at wireless link layer. The proposed scheme is constructed by using hash values in reverse hash chains as interface identifiers. It can successfully and efficiently resist the Media Access Control (MAC) address based attacks, such as flow tracking and traffic analysis, which are launched by either outside or even inside attackers. In addition, some optimization techniques are also introduced to further improve the efficiency of the proposed scheme. The extensive analysis and simulations demonstrate the enhanced security and efficiency of the proposed scheme.

Pradeep Radhakrishnan,Praveen Kumar Sugumar,Preethi Ponnan,Gopirajan Punniyakotti Varadharajan

DOI: https://doi.org/10.1007/s12083-024-01717-8

IF: 3.488

2024-05-24

Peer-to-Peer Networking and Applications

Abstract:Wireless Sensor Networks has been characterized by a disseminated, structured, and independent collection of sensor nodes deployed for broad variants of applications ranging from military, environment-friendly, disaster management, wild-life smart-grid, emergency care, medical treatment and agriculture. However, data has been transmitted in a wide-open wireless infrastructure which can be highly poised with security and privacy attacks. Hence data sent through wireless sensor networks are to be protected. Typically, the sensor utilized is highly resource-constrained in nature, there is a need to achieve a better trade-off between the energy, efficacy, data transmission and scalability. Therefore, in order to cater to these requirements, a full privacy preserving distributed certificate-less signature authentication scheme for secure and efficient data transmission in wireless sensor networks has been proposed. The proposed technique utilizes elliptic curve cryptography, a pairing-free cryptography that offers high security even with smaller key sizes. In order to eliminate the problem of central dependency of the trusted authority or the key generation center, the proposed model utilizes a distributed way of key distribution and management thereby reducing the computational and communication burden associated with it. The proposed methodology has been proved to be efficient by means of security analysis using ROM model. Experimentation has been carried out by using the Networks Simulator tool (NS2) and the performance evaluation shows that the proposed authentication scheme has provided a better trade-off between the objectives like energy efficiency, routing, and scalability.

computer science, information systems,telecommunications

Shan Shan,Bo Zhang

DOI: https://doi.org/10.1007/s11277-024-11012-7

IF: 2.017

2024-04-19

Wireless Personal Communications

Abstract:Recently, Kasyoka et al. (Wirel Pers Commun 118:3349–3366, 2021) presented a new pairing free certificateless signcryption scheme for use in ubiquitous healthcare systems. Kasyoka et al. gave a formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack for their scheme in random oracle model. In this paper, we give a cryptographic analysis and the results show that, in their newly proposed scheme, internal users can forge the signcryption ciphertext sent to them. The more serious is that Kasyoka et al.'s scheme can not resist public key replacement attack. Any user can forge or unsigncrypt a signcryption ciphertext by launching a public key replacement attack without knowing partial private key. Therefore, Kasyoka et al.'s scheme is not safe for use in ubiquitous healthcare systems.

telecommunications

Jingwei Liu,Zonghua Zhang,Xiaofeng Chen,Kyung Sup Kwak

DOI: https://doi.org/10.1109/tpds.2013.145

IF: 5.3

2014-02-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Wireless body area network (WBAN) has been recognized as one of the promising wireless sensor technologies for improving healthcare service, thanks to its capability of seamlessly and continuously exchanging medical information in real time. However, the lack of a clear in-depth defense line in such a new networking paradigm would make its potential users worry about the leakage of their private information, especially to those unauthenticated or even malicious adversaries. In this paper, we present a pair of efficient and light-weight authentication protocols to enable remote WBAN users to anonymously enjoy healthcare service. In particular, our authentication protocols are rooted with a novel certificateless signature (CLS) scheme, which is computational, efficient, and provably secure against existential forgery on adaptively chosen message attack in the random oracle model. Also, our designs ensure that application or service providers have no privilege to disclose the real identities of users. Even the network manager, which serves as private key generator in the authentication protocols, is prevented from impersonating legitimate users. The performance of our designs is evaluated through both theoretic analysis and experimental simulations, and the comparative studies demonstrate that they outperform the existing schemes in terms of better trade-off between desirable security properties and computational overhead, nicely meeting the needs of WBANs.

computer science, theory & methods,engineering, electrical & electronic

Weifeng Long,Lunzhi Deng,Jiwen Zeng,Yan Gao,Tianxiu Lu

DOI: https://doi.org/10.3390/s24154899

2024-07-28

Abstract:A Wireless Body Area Network (WBAN), introduced into the healthcare sector to improve patient care and enhance the efficiency of medical services, also brings the risk of the leakage of patients' privacy. Therefore, maintaining the communication security of patients' data has never been more important. However, WBAN faces issues such as open medium channels, resource constraints, and lack of infrastructure, which makes the task of designing a secure and economical communication scheme suitable for WBAN particularly challenging. Signcryption has garnered attention as a solution suitable for resource-constrained devices, offering a combination of authentication and confidentiality with low computational demands. Although the advantages offered by existing certificateless signcryption schemes are notable, most of them only have proven security within the random oracle model (ROM), lack public ciphertext authenticity, and have high computational overheads. To overcome these issues, we propose a certificateless anonymous signcryption (CL-ASC) scheme suitable for WBAN, featuring anonymity of the signcrypter, public verifiability, and public ciphertext authenticity. We prove its security in the standard model, including indistinguishability, unforgeability, anonymity of the signcrypter, and identity identifiability, and demonstrate its superiority over relevant schemes in terms of security, computational overheads, and storage costs.

Yihao Hu,Chunguang Huang,Hai Cheng

DOI: https://doi.org/10.1016/j.comcom.2024.02.020

IF: 5.047

2024-02-28

Computer Communications

Abstract:Smart healthcare overcomes the limitations of time and space, allowing users to access medical and health services anywhere and anytime, thus improving the quality and efficiency of these services. However, due to its excessive reliance on wireless public networks, smart healthcare faces challenges and issues related to communication security. As a result, authentication and key agreement are critical as the first line of defense for smart healthcare communications. Over the past few years, numerous authentication and key agreement schemes have been proposed by experts and scholars, but most of these schemes are not applicable to practical scenarios due to their lack of security and efficiency. To address these issues, we propose an elliptic curve-based certificateless conditional privacy-preserving authentication and key agreement scheme. This scheme does not require endorsement from a Certificate Authority (CA) and features lightweight and secure properties, making it suitable for resource-limited smart healthcare communication. In addition, the security of the proposed scheme is proven under the random oracle model, and its safety is supplemented using BAN logic. Finally, performance analysis reveals that the proposed scheme not only satisfies security property and can withstand general attacks but also offers certain advantages in communication efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hong Shu,Ping Qi,Yongqing Huang,Fulong Chen,Dong Xie,Liping Sun

DOI: https://doi.org/10.3390/s20051521

IF: 3.9

2020-03-10

Sensors

Abstract:Different from the traditional healthcare field, Medical Cyber Physical Systems (MCPS) rely more on wireless wearable devices and medical applications to provide better medical services. The secure storage and sharing of medical data are facing great challenges. Blockchain technology with decentralization, security, credibility and tamper-proof is an effective way to solve this problem. However, capacity limitation is one of the main reasons affecting the improvement of blockchain performance. Certificateless aggregation signature schemes can greatly tackle the difficulty of blockchain expansion. In this paper, we describe a two-layer system model in which medical records are stored off-blockchain and shared on-blockchain. Furthermore, a multi-trapdoor hash function is proposed. Based on the proposed multi-trapdoor hash function, we present a certificateless aggregate signature scheme for blockchain-based MCPS. The purpose is to realize the authentication of related medical staffs, medical equipment, and medical apps, ensure the integrity of medical records, and support the secure storage and sharing of medical information. The proposed scheme is highly computationally efficient because it does not use bilinear maps and exponential operations. Many certificateless aggregate signature schemes without bilinear maps in Internet of things (IoT) have been proposed in recent years, but they are not applied to the medical field, and they do not consider the security requirements of medical data. The proposed scheme in this paper has high computing and storage efficiency, while meeting the security requirements in MCPS.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hung-Min Sun,Yue-Hsun Lin,Ying-Chu Hsiao,Chien-Ming Chen

DOI: https://doi.org/10.1109/icess.2008.9

2008-01-01

Abstract:Data aggregation is one of the most important techniques in wireless sensor networks to save energy through reducing lots of transmission. However, plaintext aggregation is insecure since eavesdropping or modifying messages is possible. Due to this, concealed data aggregation schemes based. on homomorphic encryption have been proposed. Ciphertexts can be operated algebraic computations without decryption in those schemes. Unfortunately, they only provide data confidentiality. While compromising secret in captured sensor nodes, an adversary can still create forged ciphertexts. In this paper, we combines Boneh et al.'s aggregate signature scheme and Mykletun et al.'s concealed data aggregation scheme to overcome the above problems. The proposed scheme aggregates not only ciphertexts but also signatures. Through verifying aggregated signature, data integrity of each plaintext can be guaranteed. Furthermore, the communication overhead for each cluster head is still constant. Each cluster head sends an aggregated signature and an aggregated ciphertext to the base station. For resource constrained environment, the proposed scheme is secure and efficient practically.

Yonghua Zhan,Yang Yang,Bixia Yi,Renjie He,Rui Shi,Xianghan Zheng

DOI: https://doi.org/10.1016/j.comcom.2024.107935

IF: 5.047

2024-09-13

Computer Communications

Abstract:With the widespread use of mobile communication and smart devices in the medical field, mobile healthcare has gained significant attention due to its ability to overcome geographical limitations and provide more efficient and high-quality medical services. In mobile healthcare, various instruments and wearable device data are collected, encrypted, and uploaded to the cloud, accessible to medical professionals, researchers, and insurance companies, among others. However, ensuring the security and privacy of healthcare data in the context of mobile networks has been a highly challenging issue.Certificateless signature schemes allow patients to conceal their respective privacy information for different sharing needs. Nevertheless, existing mobile healthcare data protection solutions suffer from costly certificate management and the inability to restrict signature verifiers. This paper proposes a certificateless designated verifier sanitizable signature for mobile healthcare scenarios, aiming to enhance the security and privacy of mobile healthcare data. This scheme enables the sanitization of sensitive data without the need for certificate management and allows for the specification of signature verifiers. This ensures the confidentiality of medical data, protects patient privacy, and prevents unauthorized access to healthcare data.Through security analysis and experimental comparisons, it is demonstrated that the proposed scheme is both efficient and effectively ensures data security and user privacy. Therefore, it is well-suited for privacy protection in mobile healthcare data.

computer science, information systems,telecommunications,engineering, electrical & electronic

Asad Iqbal,Muhammad Zubair,Muhammad Asghar Khan,Insaf Ullah,Ghani Ur-Rehman,Alexey V. Shvetsov,Fazal Noor

DOI: https://doi.org/10.3390/fi15080266

2023-08-11

Future Internet

Abstract:Vehicular ad hoc networks (VANETs) have become an essential part of the intelligent transportation system because they provide secure communication among vehicles, enhance vehicle safety, and improve the driving experience. However, due to the openness and vulnerability of wireless networks, the participating vehicles in a VANET system are prone to a variety of cyberattacks. To secure the privacy of vehicles and assure the authenticity, integrity, and nonrepudiation of messages, numerous signature schemes have been employed in the literature on VANETs. The majority of these solutions, however, are either not fully secured or entail high computational costs. To address the above issues and to enable secure communication between the vehicle and the roadside unit (RSU), we propose a certificateless aggregate signature (CLAS) scheme based on hyperelliptic curve cryptography (HECC). This scheme enables participating vehicles to share their identities with trusted authorities via an open wireless channel without revealing their identities to unauthorized participants. Another advantage of this approach is its capacity to release the partial private key to participating devices via an open wireless channel while keeping its identity secret from any other third parties. A provable security analysis through the random oracle model (ROM), which relies on the hyperelliptic curve discrete logarithm problem, is performed, and we have proven that the proposed scheme is unforgeable against Type 1 () and Type 2 () forgers. The proposed scheme is compared with relevant schemes in terms of computational cost and communication overhead, and the results demonstrate that the proposed scheme is more efficient than the existing schemes in maintaining high-security levels.

Je Hong Park,Bonwook Koo

DOI: https://doi.org/10.1109/access.2024.3353609

IF: 3.9

2024-01-01

IEEE Access

Abstract:In the paper "A Conditional Privacy-Preserving Certificateless Aggregate Signature Scheme in the Standard Model for VANETs" a pairing-based certificateless aggregate signature (CLAS) scheme was proposed. However, a malicious-but-passive KGC attack on this scheme was subsequently presented by Shim. In this paper, we show that even if the CLAS scheme is modified to prevent malicious-but-passive KGC attacks by incorporating Shim’s countermeasure, there are still weaknesses that allow an adversary to forge aggregate or individual signatures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Huihui Zhu,Chunhua Jin,Yongliang Xu,Guanhua Chen,Liqing Chen

DOI: https://doi.org/10.1016/j.pmcj.2024.101893

IF: 3.848

2024-02-12

Pervasive and Mobile Computing

Abstract:As a special Internet of Things (IoT) application, the wireless body area network (WBAN) has gained widespread attention by medical institutions. However, existing schemes for WBAN data transmission lack heterogeneity support across certificateless cryptosystem (CLC) and public key infrastructure (PKI), resulting in issues like key escrow or complicated certificate management. In addition, for performance reasons, conventional signcryption protocols are unsuitable for WBAN applications. To address these gaps and enable secure and efficient sensitive data transmission from WBAN sensors to hospital servers, we design a heterogeneous online/offline signcryption scheme. Our scheme enables patients' sensors implanted or worn to encrypt sensitive data in CLC and send it to the hospital server in PKI system. The CLC avoids key escrow issue while the PKI increases scalability. We minimize the online computational cost of WBAN sensors by dividing signcryption into offline and online phases, with time-consuming operations in the offline phase. Furthermore, we formally prove the security of our scheme and evaluate its performance. Results show our scheme has advantages in supporting heterogeneity across CLC and PKI with low computational costs, making it uniquely suitable for the protection of data privacy in WBAN applications compared to existing protocols.

computer science, information systems,telecommunications

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1109/INCoS.2011.151

2011-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures of n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificate less aggregate signature scheme. Compared with up-to-date certificate less aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model, (2) the security is proven in the strongest security model so far, (3) the signers do not need to be synchronized, and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Xiaodong Yang,Songyu Li,Lan Yang,Xiaoni Du,Caifen Wang

DOI: https://doi.org/10.1109/tits.2024.3367925

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular ad-hoc networks (VANETs) are integral to the evolution of intelligent transportation systems, offering substantial benefits in managing traffic flow, issuing warnings for potential accidents, and delivering information services to drivers. To ensure the authenticity and integrity of data exchanged within VANETs, numerous authentication schemes based on certificateless aggregate signature (CLAS) have been developed. However, state-of-the-art solutions often fail to be applicable in real-world VANETs due to security weaknesses and operational inefficiencies. Recently, Zhu et al. proposed an efficient CLAS-based authentication scheme with conditional privacy preservation (CPP) for VANETs (IEEE Transactions on Intelligent Transportation Systems, DOI: 10.1109/TITS.2023.3275077). Unfortunately, our analysis reveals that Zhu et al.’s scheme is incapable of withstanding coalition attacks from malicious RSUs and vehicles as well as public-key replacement attacks from dishonest vehicles. To facilitate secure communication in VANETs, we present a security-enhanced, pairing-free and energy-efficient CLAS-based authentication scheme with CPP for VANETs. This scheme has been rigorously proven to be secure against Type I, Type II and Type III attackers. Distinguished from other comparable schemes, our construction significantly reduces communication overhead and energy consumption while simultaneously fortifying security.

engineering, electrical & electronic,transportation science & technology, civil

Yanyan Gu,Limin Shen,Futai Zhang,Jinbo Xiong

DOI: https://doi.org/10.3390/math10152588

IF: 2.4

2022-07-26

Mathematics

Abstract:In recent years, deploying Internet of Things (IoT) in electronic healthcare systems (EHS) has made great progress in healthcare detection. It is extremely important to reduce the cost of communication and ensure the authenticity and integrity of data. A linearly homomorphic signature scheme can solve the above problems. However, when the scale of EHS is too large, the transmission, storage and verification of signatures need a high cost. An aggregate signature can combine many signatures generated by many different users into a short one. Therefore, only one aggregate signature needs to be processed during verification, transmission and storage. Combining the advantages of aggregate signature and linearly homomorphic signature, this paper proposes an aggregate signature scheme based on a linearly homomorphic signature for EHS, which has both linear homomorphism and aggregation, and realizes double data compression. Moreover, our scheme can resist a potential real attack, named a coalition attack. The security of this scheme is rigorously demonstrated based on the computational Diffie–Hellman assumption in the random oracle model.

mathematics

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1109/jiot.2021.3121552

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the popularity of vehicular ad-hoc networks (VANETs), the secure communications between the vehicle and vehicle as well as between the vehicle and infrastructure have attracted people’s great attention. Vehicle privacy protection (including vehicle identity privacy and location privacy), high mobility, density, and limited bandwidth are also a problem that cannot be negligible. In VANETs, it is necessary to design a message authentication protocol to ensure data transmission security, vehicle anonymity, and unlinkability. Considering the resource-constrained environments, the certificateless aggregate signature (CLAS) scheme can compress $n$ signatures of $n$ messages from $n$ vehicles into a single signature, which reduces the signature verification time and storage overhead at the roadside unit. Based on the aforementioned analysis, we design a fully aggregated conditional privacy-preserving CLAS scheme (CPP-CLAS) for VANETs. Instead of using the expensive bilinear pairings and map-to-point hash function operations, the proposed CPP-CLAS scheme uses the elliptic curve cryptosystem (ECC) and general hash functions. Also, with the use of CLAS technology, the computation and communication cost of the scheme are significantly reduced. In addition, based on the elliptic-curve discrete logarithm problem (ECDLP), we prove that the CPP-CLAS scheme is existential unforgeability under adaptively chosen message attacks (EUF-CMAs). Performance and security analyses show that the CPP-CLAS scheme is more efficient and secure than other existing related schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic