Hanguang Luo,Tao Zou,Chunming Wu,Dan Li,Shunbin Li,Chu

DOI: https://doi.org/10.32604/cmc.2022.027118

2022-01-01

Abstract:In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.

Vijay Kumar Yadav,Nitish Andola,Shekhar Verma,S. Venkatesan

DOI: https://doi.org/10.1007/s11227-022-04795-8

2022-10-07

Abstract:Internet of things (IoT) devices are being used to provide services to different spheres of society. These devices gather data from industries and forward their data to the cloud server to minimize data storage and processing. In IoT, the cloud plays an important role because IoT is a resource constraint device with limited battery and memory. In order to handle this, IoT devices gather the data and send it to the cloud server so that space will be available for IoT data at the IoT device. Apart from this, IoT devices are computationally inefficient. For example, sometimes users want huge computation of IoT data, but due to the limited computation power of IoT devices, users cannot get the results. To overcome this issue, IoT device collaborates with the cloud server and outsource the data to it. The cloud server has huge computational power; it uses the received data, performs the computation, and sends it back to the IoT device. Authentication of the outsourced IoT data is a serious concern in the industrial IoT network. Several certificateless signature (CLS) schemes have been proposed to provide for data authentication in the IoT network. Current CLS schemes either suffer from the huge computation overhead or adversarial attacks. To solve these problems, we propose a provably secure certificateless signature (PSCLS) scheme. The PSCLS scheme's security depends on the computational Diffie-Hellman problem in the random oracle model with a tight reduction. The scheme requires only one pairing operation, and it is secure from adversarial attacks. We analyzed the PSCLS scheme's performance with the other existing CLS schemes in terms of computation and communication costs. The results prove that the PSCLS scheme performs better than the other existing CLS schemes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Ms. K. Sudharani,Dr. N. K. Sakthivel

DOI: https://doi.org/10.14419/ijet.v10i1.21480

2021-02-19

International Journal of Engineering and Technology

Abstract:Certificateless Public Key Cryptography (CL-PKC) scheme is a new standard that combines Identity (ID)-based cryptography and tradi- tional PKC. It yields better security than the ID-based cryptography scheme without requiring digital certificates. In the CL-PKC scheme, as the Key Generation Center (KGC) generates a public key using a partial secret key, the need for authenticating the public key by a trusted third party is avoided. Due to the lack of authentication, the public key associated with the private key of a user may be replaced by anyone. Therefore, the ciphertext cannot be decrypted accurately. To mitigate this issue, an Enhanced Certificateless Proxy Signature (E-CLPS) is proposed to offer high security guarantee and requires minimum computational cost. In this work, the Hackman tool is used for detecting the dictionary attacks in the cloud. From the experimental analysis, it is observed that the proposed E-CLPS scheme yields better Attack Detection Rate, True Positive Rate, True Negative Rate and Minimum False Positives and False Negatives than the existing schemes.

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Zirui Qiao,Yanwei Zhou,Bo Yang,Mingwu Zhang,Tao Wang,Zhe Xia

DOI: https://doi.org/10.1109/jsyst.2021.3131589

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:To improve the security of industrial Internet of things (IIoT), several concrete constructions of certificate-based proxy signature (CBPS) scheme without bilinear pairing were proposed in the last few years. However, many previous constructions were found impractical, either fail to meet the claimed security properties or contain design flaws. In particular, in some instances, a malicious proxy signer can claim to be the original signer by forwarding the messages from original signer to any proxy signer, and the receiver cannot determine whether the delegation of signing power has been reused. In this article, we first demonstrate some security issues and design flaws in the previous proposals of CBPS scheme. As follows, to further address the above deficiencies, three new constructions of CBPS scheme with improved security are introduced. In the first two proposals, the delegation validity can be verified by the designated verifier (proxy signer), and the delegation of signing power for the last construct is publicly verifiable (any signer). Furthermore, formal security proofs are given using forking lemma in the random oracle, assuming that the discrete logarithm problem is hard. Compared with the previous CBPS schemes, our constructions are efficient with respect to computation and communication. Finally, we discuss the two necessary conditions for constructing secure CBPS schemes, to avoid security flaws in future research.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people's life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user's public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Mohammed Al-Khalidi,Rabab Al-Zaidi,Tarek Ali,Safiullah Khan,Ali Kashif Bashir

DOI: https://doi.org/10.1016/j.adhoc.2024.103669

IF: 4.816

2024-10-06

Ad Hoc Networks

Abstract:The proliferation of sensory applications has led to the development of the Internet of Things (IoT), which extends connectivity beyond traditional computing platforms and connects all kinds of everyday objects. Marine Ad Hoc Networks are expected to be an essential part of this connected world, forming the Internet of Marine Things (IoMaT). However, marine IoT systems are often highly distributed, and spread across large sparse areas which makes it challenging to implement and manage centralized security measures. Despite some ongoing efforts to establish network connectivity in such environment, securing these networks remains an unreached goal. The use of Certificate-Less Digital Signatures (CLDS) with Elliptic Curve Cryptography (ECC) shows great promise in providing secure communication in these networks and achieving zero trust IoMaT security. By eliminating the need for certificates and associated key management infrastructure, CLDS simplifies the key management process. ECC also enables secure communication with smaller key sizes and faster processing times, which is crucial for resource-limited IoMaT devices. In this paper, we introduce CLDS using ECC as a means of securing IoT networks in a marine environment, creating a zero trust security framework for Internet of Marine Things (IoMaT). To increase security and robustness of the framework, we optimise the ECC parameters using two vital artificial intelligence algorithms, namely Genetic Algorithm (GA) and Particle Swarm Optimization (PSO). Evaluation results demonstrate a reduction in ECC parameter generation time by over 40% with GA optimization and 20% with PSO optimization. Additionally, the computational cost and memory usage for major ECC attacks increased significantly by up to 40% and 67% for Rho attacks, 34% and 53% for brute-force attacks, and 30% and 67% for improved hybrid attacks, respectively.

computer science, information systems,telecommunications

Pradeep Radhakrishnan,Praveen Kumar Sugumar,Preethi Ponnan,Gopirajan Punniyakotti Varadharajan

DOI: https://doi.org/10.1007/s12083-024-01717-8

IF: 3.488

2024-05-24

Peer-to-Peer Networking and Applications

Abstract:Wireless Sensor Networks has been characterized by a disseminated, structured, and independent collection of sensor nodes deployed for broad variants of applications ranging from military, environment-friendly, disaster management, wild-life smart-grid, emergency care, medical treatment and agriculture. However, data has been transmitted in a wide-open wireless infrastructure which can be highly poised with security and privacy attacks. Hence data sent through wireless sensor networks are to be protected. Typically, the sensor utilized is highly resource-constrained in nature, there is a need to achieve a better trade-off between the energy, efficacy, data transmission and scalability. Therefore, in order to cater to these requirements, a full privacy preserving distributed certificate-less signature authentication scheme for secure and efficient data transmission in wireless sensor networks has been proposed. The proposed technique utilizes elliptic curve cryptography, a pairing-free cryptography that offers high security even with smaller key sizes. In order to eliminate the problem of central dependency of the trusted authority or the key generation center, the proposed model utilizes a distributed way of key distribution and management thereby reducing the computational and communication burden associated with it. The proposed methodology has been proved to be efficient by means of security analysis using ROM model. Experimentation has been carried out by using the Networks Simulator tool (NS2) and the performance evaluation shows that the proposed authentication scheme has provided a better trade-off between the objectives like energy efficiency, routing, and scalability.

computer science, information systems,telecommunications

Manoj Kumar,Harsh Kumar Verma,Geeta Sikka

DOI: https://doi.org/10.1002/ett.3883

IF: 3.6

2020-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Cloud‐edge (CE) is revolutionizing our modern world with a greater user experience through the Internet of Things (IoT). However, the edge devices, communication bridge between the cloud and users, are repeatedly exhibiting many security flaws which will inevitably lead to massive cyber attacks. Thus, providing a proper security, specifically, the confidentiality and authenticity of sensitive data become a prime focus for many of the researchers. In cryptography, certificateless signcryption (CLSC) is one of the recent public key techniques that meets the requirements of confidentiality and authenticity of sensitive data between parties with minimal overhead. This paper aims to present a new data sharing protocol where the safety of data is achieved through a new CLSC scheme. The proposed CLSC is designed using the bilinear pairing and modular exponentiation operations. Besides, the CLSC is secure based on the intractability of Diffie‐Hellman inversion (DHI) and bilinear‐DHI assumptions without considering the random oracle model (ROM). Performance assessment of proposed CLSC gives satisfactory results after comparing with other related CLSC schemes. Therefore, proposed CLSC can be installed in the cloud‐based edge‐IoT environment where both the authenticity and confidentiality with minimal computational overhead are the essential factors.</p>

telecommunications

Arijit Karati,Chun-I Fan,Ruei-Hau Hsu

DOI: https://doi.org/10.1109/jiot.2019.2939204

IF: 10.6

2019-12-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) is revolutionizing our modern lives by introducing active connection between smart devices. However, IoT devices are repeatedly exhibiting many security flaws, which will inevitably lead to eavesdropping and impersonation attacks. Thus, providing a proper security in IoT becomes a prime focus for the researchers. In cryptography, certificateless signcryption (CLSC) is one of the recent public key techniques for the security requirements of the authenticity and confidentiality of any message between the parties. In this article, a new generalized CLSC (gCLSC) is introduced to provide the functions of digital signature and encryption to fulfill the authenticity and confidentiality for the resource-constrained IoT devices. Besides, the gCLSC supports the property of public verifiability and security of an ideal signcryption under the strong Diffie–Hellman and bilinear Diffie–Hellman inversion problems without random oracle model. Performance assessment of the gCLSC gives satisfactory results after comparing with other competitive CLSC schemes in terms of its functionality. Therefore, the gCLSC can be adopted in the IoT networks where authenticity, confidentiality, and lightweight are the essential factors.

Yingzhe Hou,Hu Xiong,Xin Huang,Saru Kumari

DOI: https://doi.org/10.1109/jiot.2021.3056477

IF: 10.6

2021-06-01

IEEE Internet of Things Journal

Abstract:With the emergence of the Industrial Internet of Things (IIoT), numerous operations based on smart devices contribute to producing the convenience and comfortable applications for individuals and organizations. Considering the untrusted feature of the communication channels in IIoT, it is essential to ensure the authentication and incontestableness of the messages transmitted in the IIoT. In this article, we first proposed a certificate-based parallel key-insulated aggregate signature (CB-PKIAS), which can resist the fully chosen-key attacks. Concretely, the adversary who can obtain the private keys of all signers in the system is able to forge a valid aggregate signature by using the invalid single signature. Furthermore, our scheme inherits the merits of certificate based and key insulated to avoid the certificate management problem, key-escrow problems, as well as the key exposures simultaneously. In addition, the rigorous analysis and the concrete simulation experiment demonstrated that our proposed scheme is secure under the random oracle and more suitable for the IIoT environment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fatma Foad Ashrif,Elankovan A. Sundararajana,Mohammad Kamrul Hasan,Rami Ahmad,Aisha-Hassan Abdalla Hashim,Azhar Abu Talib

DOI: https://doi.org/10.1016/j.comcom.2024.02.008

IF: 5.047

2024-02-19

Computer Communications

Abstract:Industry 4.0 and the industrial Internet of Things (IIoT) aim to create a platform for data-driven decision-making through machine-to-machine (M2M) communication, often facilitated by the 6LoWPAN standard. However, as a resource-constrained device, 6LoWPAN raises security and privacy concerns for M2M communications, necessitating efficient and lightweight authentication and key establishment (AKE) protocols. Existing AKE protocols relying on asymmetric and symmetric cryptographic keys are susceptible to attacks and entail significant storage, communication, and computation overheads. This study examines a scheme called SLAP to uncover vulnerabilities and challenges in AKE-based M2M deployments in IIoT, including traceability, denial of service (DoS), perfect forward secrecy (PFS), and ephemeral secret leakage (ESL) attacks. Therefore, a privacy-preserving, secure, and lightweight authenticated encryption protocol called provably secure, lightweight, authenticated encryption (PSLAE) is proposed to address these issues. This approach includes hash operations, XOR operations, and authenticated encryption primitives for lightweight and secure mechanisms. It uses a one-time alias identity and fresh parameters to ensure privacy and protection against traceability and DoS, PFS, and ESL attacks. PSLAE undergoes rigorous informal and formal verification through SVO logic and Scyther, demonstrating resilience against the extended Canetti–Krawczyk and Dolev–Yao threat models. Moreover, it provides a lightweight, secure, efficient, and reduced storage, communication, and computation overhead compared with related works for AKE-based M2M in IIoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Wu,Hu Xiong,Chuanjie Jin

DOI: https://doi.org/10.1007/s11235-019-00623-2

2019-10-24

Telecommunication Systems

Abstract:Proxy re-signature (PRS) allows a semi-trusted proxy served as a translator to transform a signature of delegatee into a signature of delegator on the same message. The heavy overhead of certificate management and the key escrow problem hinder the development of the public key infrastructure-based PRS scheme and the identity (ID)-based PRS, respectively. Featured with the certificate-free and escrow-free properties, certificateless PRS (CL-PRS) has attracted great attention from researchers. However, none of the existing CL-PRS satisfies the multi-use and unidirectional properties. Motivated by the practical applications with long signing chains and the untrusted relationship between two parties, it is desirable to construct a CL-PRS scheme with multi-use and unidirectional properties. This paper proposes the first multi-use unidirectional CL-PRS scheme based on the bilinear pairing. The presented scheme is proved to be secure based on the extended computational Diffie–Hellman assumption under the random oracle model. Performance evaluations demonstrate that our scheme is superior to related works.

telecommunications

Asad Iqbal,Muhammad Zubair,Muhammad Asghar Khan,Insaf Ullah,Ghani Ur-Rehman,Alexey V. Shvetsov,Fazal Noor

DOI: https://doi.org/10.3390/fi15080266

2023-08-11

Future Internet

Abstract:Vehicular ad hoc networks (VANETs) have become an essential part of the intelligent transportation system because they provide secure communication among vehicles, enhance vehicle safety, and improve the driving experience. However, due to the openness and vulnerability of wireless networks, the participating vehicles in a VANET system are prone to a variety of cyberattacks. To secure the privacy of vehicles and assure the authenticity, integrity, and nonrepudiation of messages, numerous signature schemes have been employed in the literature on VANETs. The majority of these solutions, however, are either not fully secured or entail high computational costs. To address the above issues and to enable secure communication between the vehicle and the roadside unit (RSU), we propose a certificateless aggregate signature (CLAS) scheme based on hyperelliptic curve cryptography (HECC). This scheme enables participating vehicles to share their identities with trusted authorities via an open wireless channel without revealing their identities to unauthorized participants. Another advantage of this approach is its capacity to release the partial private key to participating devices via an open wireless channel while keeping its identity secret from any other third parties. A provable security analysis through the random oracle model (ROM), which relies on the hyperelliptic curve discrete logarithm problem, is performed, and we have proven that the proposed scheme is unforgeable against Type 1 () and Type 2 () forgers. The proposed scheme is compared with relevant schemes in terms of computational cost and communication overhead, and the results demonstrate that the proposed scheme is more efficient than the existing schemes in maintaining high-security levels.

Xue Li,Cheng Jiang,Dajun Du,Minrui Fei,Lei Wu

DOI: https://doi.org/10.1109/jiot.2022.3221943

IF: 10.6

2023-03-11

IEEE Internet of Things Journal

Abstract:The existing identity security schemes (e.g., based on bilinear pairing) have high computational complexity and large bytes of variables, which results in high computation and communication costs. It is difficult to apply the schemes to resource-constrained (i.e., computation and communication) devices. Moreover, most of these schemes adopt a fixed cycle key update strategy compromising the security of authentication schemes or dynamic (real-time) key update strategy with high computational cost. To solve these issues, this article explores a novel revocable lightweight authentication scheme for resource-constrained devices in cyber–physical power systems (CPPSs). First, a lightweight authentication scheme combined elliptic-curve cryptography (ECC) and certificateless cryptography (CLC) is proposed to negotiate a secure session key, which can achieve mutual authentication with low computation and communication costs. Second, aiming at security problem caused by key leakage, a real-time key update strategy with low computational cost is designed to improve the security of identity authentication. Third, according to a hardness assumption of the elliptic-curve discrete logarithm problem (ECDLP), theoretical analysis rigorously proves that the proposed authentication scheme ensures the security with respect to existential unforgeability against adaptively chosen message attacks (EUF-CMAs). Finally, experimental results confirm the feasibility and effectiveness of the proposed authentication scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saud Khan,Chandra Thapa,Salman Durrani,Seyit Camtepe

DOI: https://doi.org/10.1109/JIOT.2023.3331362

2023-11-07

Abstract:Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices' transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical channels. Our empirical results find a near threefold decrease in the misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 25 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

Cryptography and Security,Networking and Internet Architecture,Signal Processing

Lunzhi Deng Lunzhi Deng,Zhenyu Hu Lunzhi Deng,Yu Ruan Zhenyu Hu,Tao Wang Yu Ruan

DOI: https://doi.org/10.53106/160792642022032302008

2022-03-01

網際網路技術學刊

Abstract:Proxy signature frees the original signer from the heavy signature work. Many certificateless proxy signature (CLPS) schemes have been proposed in the last ten years. The security proofs of most known schemes are given in the random oracle model (ROM). There are only two CLPS schemes with provably security in the standard model (SM). However, in which the size of the system parameter increase linearly with the size of the user’s identity information. That increase the storage burden of the key generation center. In this paper, a new CLPS scheme is constructed and the security proofs are showed in SM. The size of system parameters and the master key are constant in the scheme. Requiring only three pairing operations, the new scheme is more efficient and suitable for mobile computing. &nbsp;

Hu Xiong,Yan Wu,Chunhua Su,Kuo-hui Yeh

DOI: https://doi.org/10.1016/j.jisa.2020.102507

IF: 4.96

2020-08-01

Journal of Information Security and Applications

Abstract:<p>With the continuously developing wireless communication technique, the Internet of Things (IoT) has been deployed in various domains. In the IoT, numerous smart devices exchange information transparently and seamlessly via the open channel to provide intelligent and convenient services for the citizens. Due to the vulnerable nature of the communication channel, ensuring data authenticity of the transmitted information is a challenging issue. Certificateless signature (CLS) is regarded as an appropriate cryptographical primitive to protect data authenticity in the IoT. However, the existing CLS schemes are infeasible for the practical IoT systems, since individual verification causes network congestion and service delay in the face of massive service requests. To improve the verification efficiency, plenty of CLS schemes with batch verification have been investigated to verify multiple signatures quickly at once. Despite the improvement of verification efficiency, these schemes have poor efficiency or security issue. Furthermore, the batch verification failure cannot be settled in these schemes, which reduces the advantage of batch verification significantly. Motivated by the above problems, this paper presents a secure and efficient CLS scheme with batch verification and invalid signature identification. The proposed scheme is provably secure under the random oracle model. The comprehensive comparison analysis demonstrates that the presented scheme is superior to the related works in security and performance.</p>

computer science, information systems