Scalable and Forward Secure Network Attestation With Privacy-Preserving in Cloud-Assisted Internet of Things

To ensure the normal work of the whole system in the context of the Internet of Things (IoT), remote attestation for each smart device should be guaranteed. However, considering the huge number of smart devices, the traditional individual attestation schemes cannot meet the requirements in terms of efficiency. In addition, protecting the sensitive identity information related to the devices also needs to be supported. Furthermore, avoiding security risks caused by the secret key exposures is very important in the context of the IoT, where the compromise of terminal devices frequently occurs. To solve these challenges, in this paper, we present a new network attestation scheme that, for the first time, provides scalability, forward-security, and privacy preserving simultaneously. The new scheme allows anyone to publicly verify a collective attestation, and any identity information of the provers will not be revealed to the verifier. Moreover, it provides unforgeability and confidentiality of the previous messages even though the current secret key is exposed. Considering the limited resources of lightweight devices in the context of the IoT, our scheme outsources the main computational task to an untrusted cloud server. Finally, our security proof and performance evaluation show that our scheme is secure and feasible.

[1]  Fabrice Axisa,et al.  Flexible technologies and smart clothing for citizen medicine, home healthcare, and disease prevention , 2005, IEEE Transactions on Information Technology in Biomedicine.

[2]  Geong Sen Poh,et al.  PrivHome: Privacy-Preserving Authenticated Communication in Smart Home Environment , 2019, IEEE Transactions on Dependable and Secure Computing.

[3]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[5]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[6]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[7]  Goichiro Hanaoka,et al.  A Framework and Compact Constructions for Non-monotonic Attribute-Based Encryption , 2014, Public Key Cryptography.

[8]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[9]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[10]  Xeno Kovah,et al.  New Results for Timing-Based Attestation , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Stephen R. Tate,et al.  A Direct Anonymous Attestation Scheme for Embedded Devices , 2007, Public Key Cryptography.

[12]  Biplab Sikdar,et al.  ATT-Auth: A Hybrid Protocol for Industrial IoT Attestation With Authentication , 2018, IEEE Internet of Things Journal.

[13]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[14]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[15]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[17]  Gene Tsudik,et al.  Extended Abstract: Forward-Secure Sequential Aggregate Authentication , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[18]  Eric Monmasson,et al.  FPGA Design Methodology for Industrial Control Systems—A Review , 2007, IEEE Transactions on Industrial Electronics.

[19]  Matthew Green,et al.  Forward Secure Asynchronous Messaging from Puncturable Encryption , 2015, 2015 IEEE Symposium on Security and Privacy.

[20]  Gene Tsudik,et al.  Forward-Secure Sequential Aggregate Authentication , 2007, IACR Cryptol. ePrint Arch..

[21]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[22]  Jiangtao Li,et al.  Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities , 2012, IEEE Trans. Dependable Secur. Comput..

[23]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[24]  Chen Yang,et al.  Applications of Internet of Things in manufacturing , 2016, 2016 IEEE 20th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[25]  Frederik Armknecht,et al.  A security framework for the analysis and design of software attestation , 2013, CCS.

[26]  Dan Boneh,et al.  Generalized Identity Based and Broadcast Encryption Schemes , 2008, ASIACRYPT.

[27]  Hugo Krawczyk,et al.  Simple forward-secure signatures from any signature scheme , 2000, IACR Cryptol. ePrint Arch..

[28]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.

[29]  Biplab Sikdar,et al.  Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices , 2019, IEEE Internet of Things Journal.

[30]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[31]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[32]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[33]  Hideki Imai,et al.  Time-Specific Encryption from Forward-Secure Encryption , 2012, SCN.

[34]  Jianfeng Ma,et al.  Efficient algorithms for secure outsourcing of bilinear pairings , 2015, Theor. Comput. Sci..

[35]  Mauro Conti,et al.  SANA: Secure and Scalable Aggregate Network Attestation , 2016, CCS.

[36]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[37]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[38]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.