Efficient and Robust Certificateless Signature for Data Crowdsensing in Cloud-Assisted Industrial IoT

With the digitalization of various industries, the combination of cloud computing and the industrial Internet of Things (IIoT) has become an attractive data processing paradigm. However, the cloud-assisted IIoT still has challenging issues, including authenticity of data, untrustworthiness of third parties, and system robustness and efficiency. Recently, a lightweight certificateless signature (CLS) scheme for the cloud-assisted IIoT, that was claimed to address both authenticity of data and untrustworthiness of third parties, has been proposed by Karati et al. (2018). In this paper, we demonstrate that the CLS scheme fails to achieve the claimed security properties by presenting four types of signature forgery attacks. We also propose a robust certificateless signature (RCLS) scheme to address the aforementioned challenges. Our RCLS only needs public channels and is proven secure against both public key replacement attacks and malicious-but-passive third parties in the standard model. Performance evaluation indicates that the RCLS scheme outperforms other CLS schemes and is suitable for the IIoT.

[1]  Hua Wang,et al.  Privacy-Preserving Task Recommendation Services for Crowdsourcing , 2021, IEEE Transactions on Services Computing.

[2]  Yi Mu,et al.  On the Security of Certificateless Signature Schemes from Asiacrypt 2003 , 2005, CANS.

[3]  Fagen Li,et al.  An Improved Certificateless Signature Scheme Secure in the Standard Model , 2008, Fundam. Informaticae.

[4]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[5]  Da Li,et al.  Certificateless Signature Scheme without Random Oracles , 2009, ISA.

[6]  Sébastien Canard,et al.  An Efficient Certificateless Signature Scheme in the Standard Model , 2016, ICISS.

[7]  G. P. Biswas,et al.  A pairing-free and provably secure certificateless signature scheme , 2018, Inf. Sci..

[8]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[9]  Robert H. Deng,et al.  Outsourcing Service Fair Payment Based on Blockchain and Its Applications in Cloud Computing , 2018, IEEE Transactions on Services Computing.

[10]  Ying-Hao Hung,et al.  Certificateless Signature with Strong Unforgeability in the Standard Model , 2015, Informatica.

[11]  Yi Mu,et al.  Certificateless Signatures: New Schemes and Security Models , 2012, Comput. J..

[12]  Duncan S. Wong,et al.  Certificateless Public-Key Signature: Security Model and Efficient Construction , 2006, ACNS.

[13]  Jin Li,et al.  Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing , 2017, Inf. Sci..

[14]  Yi Mu,et al.  Improved certificateless signature scheme provably secure in the standard model , 2012, IET Inf. Secur..

[15]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[16]  Kim-Kwang Raymond Choo,et al.  An efficient provably-secure certificateless signature scheme for Internet-of-Things deployment , 2018, Ad Hoc Networks.

[17]  Chunhua Su,et al.  A Novel Certificateless Signature Scheme for Smart Objects in the Internet-of-Things , 2017, Sensors.

[18]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[19]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[20]  Dong Hoon Lee,et al.  Efficient Certificateless Signature Schemes , 2007, ACNS.

[21]  G. P. Biswas,et al.  Efficient and provably secure random oracle-free adaptive identity-based encryption with short-signature scheme , 2016, Secur. Commun. Networks.

[22]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[23]  Fan Wu,et al.  A Robust ECC-Based Provable Secure Authentication Protocol With Privacy Preserving for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[24]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[25]  Chenhui Wang,et al.  Certificateless signature scheme with security enhanced in the standard model , 2014, Inf. Process. Lett..

[26]  Jian Weng,et al.  Strongly Unforgeable Certificateless Signature Resisting Attacks from Malicious-But-Passive KGC , 2017, Secur. Commun. Networks.

[27]  Miguel A. Labrador,et al.  Privacy-Preserving Mechanisms for Crowdsensing: Survey and Research Challenges , 2017, IEEE Internet of Things Journal.

[28]  Jianhua Chen,et al.  New certificateless short signature scheme , 2013, IET Inf. Secur..

[29]  SK Hafizul Islam,et al.  Provably Secure and Lightweight Certificateless Signature Scheme for IIoT Environments , 2018, IEEE Transactions on Industrial Informatics.

[30]  Lida Xu,et al.  Internet of Things for Enterprise Systems of Modern Manufacturing , 2014, IEEE Transactions on Industrial Informatics.

[31]  Xinyi Huang,et al.  Efficient and Short Certificateless Signature , 2008, CANS.

[32]  Kyung-Ah Shim,et al.  A New Certificateless Signature Scheme Provably Secure in the Standard Model , 2019, IEEE Systems Journal.

[33]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[34]  Qi Xia,et al.  Key Replacement Attack on Two Certificateless Signature Schemes without Random Oracles , 2010 .

[35]  Robert H. Deng,et al.  Blockchain based efficient and robust fair payment for outsourcing services in cloud computing , 2018, Inf. Sci..

[36]  Robert H. Deng,et al.  TKSE: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability via Blockchain , 2018, IEEE Access.

[37]  Jianhua Chen,et al.  Certificateless Searchable Public Key Encryption Scheme for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[38]  Joseph K. Liu,et al.  Self-Generated-Certificate Public Key Cryptography and certificateless signature/encryption scheme in the standard model: extended abstract , 2007, ASIACCS '07.