A Certificateless Aggregate Arbitrated Signature Scheme for IoT Environments

The Internet of Things (IoT) environment consists of numerous devices. In general, IoT devices communicate with each other to exchange data, or connect to the Internet through a gateway to provide IoT services. Most IoT devices participating in the IoT service are lightweight devices, in which the existing cryptographic algorithm cannot be applied to provide security, so a more lightweight security algorithm must be applied. Cryptographic technologies to lighten and provide efficiency for IoT environments are currently being studied a lot. In particular, it is necessary to provide efficiency for computation at a gateway, a point where many devices are connected. Additionally, as many devices are connected, data authentication and integrity should be fully considered at the same time, and thus digital signature schemes have been proposed. Among the recently studied signature algorithms, the certificateless signature (CLS) based on certificateless public key cryptography (CL-PKC) provides efficiency compared to existing public key-based signatures. However, in CLS, security threats, such as public key replacement attacks and signature forgery by the malicious key generation center (KGC), may occur. In this paper, we propose a new signature scheme using CL-PKC in generating and verifying the signature of a message in an IoT environment. The proposed scheme is a certificateless aggregate arbitrated signature, and the gateway aggregates the signatures of messages generated by the device group to reduce the size of the entire signature. In addition, it is designed to be safe from security threats by solving the problems caused by public key replacement attacks and malicious KGC, and adding arbitrated signatures of the gateway to strengthen non-repudiation.

[1]  Shanshan Zhang,et al.  A Provably-Secure Outsourced Revocable Certificateless Signature Scheme Without Bilinear Pairings , 2018, IEEE Access.

[2]  Yong Yu,et al.  Leakage-Resilient Certificateless Signcryption Scheme , 2019, 2019 IEEE Globecom Workshops (GC Wkshps).

[3]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[4]  Sahadeo Padhye,et al.  A pairing‐free certificateless authenticated key agreement protocol , 2012, Int. J. Commun. Syst..

[5]  P. Vasudeva Reddy,et al.  Efficient and Secure Pairing-Free Certificateless Aggregate Signature Scheme for Healthcare Wireless Medical Sensor Networks , 2019, IEEE Internet of Things Journal.

[6]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[7]  Yi Mu,et al.  Certificateless Signature Revisited , 2007, ACISP.

[8]  Yixian Yang,et al.  Aggregate Signature without Pairing from Certificateless Cryptography , 2018 .

[9]  Pil Joong Lee,et al.  Generic Construction of Certificateless Signature , 2004, ACISP.

[10]  Sang-Jae Moon,et al.  How to Solve Key Escrow and Identity Revocation in Identity-Based Encryption Schemes , 2005, ICISS.

[11]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[12]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[13]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[14]  Sherali Zeadally,et al.  Cybersecurity and Privacy Solutions in Smart Cities , 2017, IEEE Communications Magazine.

[15]  Shancang Li,et al.  5G Internet of Things: A survey , 2018, J. Ind. Inf. Integr..

[16]  Melanie Po-Leen Ooi,et al.  The fourth industrial revolution - Industry 4.0 and IoT [Trends in Future I&M] , 2018, IEEE Instrumentation & Measurement Magazine.

[17]  Elisa Bertino,et al.  pCLSC-TKEM: a Pairing-free Certificateless Signcryption-tag Key Encapsulation Mechanism for a Privacy-Preserving IoT , 2016, Trans. Data Priv..

[18]  Yanan Zhao,et al.  Efficient and Provably Secure Certificateless Parallel Key-Insulated Signature Without Pairing for IIoT Environments , 2020, IEEE Systems Journal.

[19]  Qiaoyan Wen,et al.  An Efficient Certificateless Aggregate Signature Scheme Without Pairings for Healthcare Wireless Sensor Network , 2019, IEEE Access.

[20]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[21]  Jie Cui,et al.  An efficient certificateless aggregate signature without pairings for vehicular ad hoc networks , 2018, Inf. Sci..

[22]  Shadi Aljawarneh,et al.  Challenges and features of IoT communications in 5G networks , 2017, 2017 International Conference on Electrical and Computing Technologies and Applications (ICECTA).

[23]  Marian Verhelst,et al.  A Review on Internet of Things Solutions for Intelligent Energy Control in Buildings for Smart City Applications , 2017 .

[24]  Lei Zhang,et al.  A new certificateless aggregate signature scheme , 2009, Comput. Commun..

[25]  Yi Mu,et al.  How to construct identity-based signatures without the key escrow problem , 2009, International Journal of Information Security.

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[27]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[28]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[29]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[30]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[31]  Jean-Jacques Quisquater,et al.  On Constructing Certificateless Cryptosystems from Identity Based Encryption , 2006, Public Key Cryptography.

[32]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[33]  David Chaum,et al.  Blind Signature System , 1983, CRYPTO.

[34]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[35]  Chik How Tan,et al.  Certificateless Authenticated Two-Party Key Agreement Protocols , 2006, ASIAN.

[36]  Yunyun Qu,et al.  An efficient certificateless aggregate signature without pairing , 2018, Int. J. Electron. Secur. Digit. Forensics.

[37]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[38]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[39]  Muhammad Khurram Khan,et al.  An efficient certificateless aggregate signature scheme for the Internet of Vehicles , 2019, Trans. Emerg. Telecommun. Technol..