An efficient and provable certificate-based proxy signature scheme for IIoT environment

doi:10.1016/j.ins.2020.01.006

Information Sciences

Volume 518, May 2020, Pages 142-156

https://doi.org/10.1016/j.ins.2020.01.006 Get rights and content

Highlights

•
The article presents an efficient and provable secure Certificate-Based Proxy Signature scheme for Industrial IoT Environment.
•
The Scheme proposed is the most efficient Certificate-Based Proxy Signature scheme.
•
The scheme is free from key escrow problem of identity-based Cryptography.
•
It solves the secret key distribution problem of identity-based and certificate-less cryptography.
•
Due to the lowest computational cost, scheme provides energy efficient (green) technology.

Abstract

Recently, the deployment of sensors and actuators to collect and disseminate data in various applications such as e-healthcare, vehicular adhoc networks (VANETs) and smart factories has revolutionized several new communication technologies. The Internet of Things (IoT) is one of those emerging communication technologies. These revolutionary applications of IoT in industrial environment are termed as Industry 4.0 and it has vitalized the concept of Industrial IoT (IIoT). Being wireless communication, the authentication and integrity of data are the most important challenges. To mitigate these challenges, several digital signature schemes are proposed in the literature. However, due to identity-based or certificate-less construction, those schemes suffer from inborn key escrow and secret key distribution problems. To resolve such issues, the first certificate-based proxy signature (PFCBPS) scheme without pairing is proposed. The proposed PFCBPS scheme is provably secure in random oracle model (ROM). The performance comparison (in terms of computational costs of different phases and length of resulting delegation and signature) shows that the proposed PFCBPS scheme’s total computational cost is 46.69 ms which is 52.24% of He et al. [8], 61.40% of Debiao et al. [5], 23.33% of Seo et al. [20], 28% of Hu et al. [9] and 36.84% of Verma and Singh [23]. Thus, it is more suitable to IIoT environment than existing competitive schemes.

Introduction

In last decade, the methods of collection and dissemination of data have inspired the concept of Internet of Things (IoT). In IoT, the sensors and actuators are deployed on smart vehicles, smart machines (in factories), remote location patients (implanted or wearable), etc. to collect and disseminate the data (Fig. 1). These smart vehicles can handle the odd traffic situations such as - congestion or traffic jam on road by sending the real time data to other vehicles. The sensors deployed on remote location patient can share the real time data of the patient such as pH-value, heartbeat rate, diabetes level, etc. to a medical professional via e-health cloud. In industrial applications, the smart machines can manage the temperature, electric intensity, number of process cycles (based on type of industry), production process, etc. and can output the optimized results. The combination of such IoT-based applications has emerged as Industrial IoT (IIoT). To create communication between such heterogeneous devices, the three tier infrastructure is required. The three tiers are classified as smart devices, Edge gateways and clouds. Thus devices send their data to a receiver through the gateway and cloud. The different standards used for connection and communication between the source and sender are IETF 6LoWPAN, IPv6, IETF’s Constrained Application Protocol, ZeroMQ, and MQTT. The Fog computing and Edge computing are also used to improve the communication quality. The ease of collection and dissemination of data in IIoT has optimized the production cost, transportation cost and profit.

In the third industrial revolution (Industry 3.0) the automation of industrial processes and machines was emerged by combination of computational, electrical and electronic tools. The Printed Circuit Boards, cables and wires were few of them which were used in that era. Recently, the emerging deployment of IoT devices or concepts invented the notion of Industry 4.0 in the form of IIoT. In IIoT, cyber-physical systems (CPS) are deployed on industrial processes by replacing the programmable logic units. The CPS is an integration of cloud computing, big data, mobile computing, etc. and uses the wireless communication mostly. In this system, the machines and humans communicates to each other via wireless channels. The source sends the data to receiver via clouds. Being the wireless communication, the IIoT infrastructure is the most sensitive to a cyber attack. For example, in a smart logistic infrastructure, an attack may cause an accident and may result in a loss of human lives or resources. Thus, the authentication of data before storing to cloud is an important issue. The method of attestation can be used to authenticate the source and the data. The digital signature schemes are the method of such attestation mechanism.

In IIoT environment, the executive officer gives directives to their subordinates to perform the official communications. Therefore, the subordinate can handle the official messages communication on behalf of its officer. Thus, the authentication or attestation should be done by subordinate on behalf of its executive and the receiver must also be convinced. To implement such attestation mechanism, the delegation of signing power is required. Thanks to Mambo et al. [16], who proposed the method of delegation of signing power. They proposed this method in the form of proxy signature (PS) scheme. In PS scheme, two signers are involved, who are known as original signer and proxy signer. Original signer delegates its signing power to proxy signer and proxy signer can attest the data. In IIoT environment, executive officer acts as original signer and subordinate acts as proxy signer. Thus, subordinate uses the PS scheme to attest the data before sending.

The PS scheme by Mambo et al. [16], is designed by using the idea of public key cryptography (PKC) [6]. In PKC, every signer (proxy or original) generates its public and private key pair. Then, sends his/her public key to certification officer/authority (CO) to get certificates. In PKC, during the signing process, the certificates are used in explicit manner by the signer. Thus, the verifier is unable to check the validity period of the certificate. For example, signer joins a new company and uses the certificates issued from old company. In this scenario, the verifier cannot confirm the certificate’s validity. Therefore, to check the validity, verifier requests the CO. The requests towards validity check of certificates need a huge infrastructure and it is known as third party queries (TPQ) or certificate status (CS) problem.

To mitigate TPQ/CS problem, the concept of identity-based PKC (IDBPKC) was proposed by Shamir [21]. In IDBPKC, a trusted officer/authority (TA) generates the private key of the signer in such a way that public key is derivable from the identity (ID) of the signer. Thus, no certification of public key is needed. Therefore, IDBPKC eliminates the CS or TPQ problems. However, TA knows the secret key. Thus, TA can use this in an illegal manner, i.e., to sign an unwanted message. This unwanted use of secret key is called key escrow (KE) problem. Besides this, IDBPKC faces another problem called secret key distribution (SKD) problem. The reason of SKD problem is the need of a secure channel for sending the secret key between TA and owner of the key.

To mitigate KE problem, the idea of certificate-less PKC (CLPKC) was proposed by Al-Riyami and Paterson [3]. In CLPKC, TA does not generate private key, but it generates partial private key. This partial key is sent to owner via a secure channel. After receiving this, owner integrates partial key and a self chosen secret value to generate private key. Now, TA is unable to get private key. Thus, CLPKC eliminates KE problem. However, key distribution problem is still available. Due to lack of certification, CLPKC suffers “public key replacement” attack. In this attack, adversary replaces the public key with a self chosen value and the verification process can be done with this fake public key.

Parallel to CLPKC, Gentry proposed the concept of certificate-based PKC (CBPKC) [7] to solve inherited key escrow. However,the merits of traditional PKC and IDBPKC are preserved. In this notion, user creates its key pair (private/public) as it does in PKC and then obtain a certification on identity (ID) and public key from CO. In CBPKC, certificates are implicitly used as a decryption (or signing) key and thus, each time an updated certificate is obtained by its owner. Therefore, CBPKC eliminates the secret key distribution problem and key escrow of IDBPKC. Based on the updation of certificates, CBPKC also solves the problems associated to certificate revocation.

In 2004, Kang et al. [11] proposed the first certificate-based digital signature (CBDS) scheme. The purpose of the proposal was to mitigate KE, TPQ and KDP problems from attestation method. However, in 2007, a key replacement attack on their scheme was proposed by Li et al. [14]. Parallel to the attack, the authors also proposed an improved threat model. In 2013, Li et al. [15] proposed a cryptanalysis of the CBDS scheme by Ming and Wang [17]. The scheme by Ming and Wang was proposed in pairing free settings and hence, it was very efficient. Therefore, to retain efficiency, Li et al. [15] also proposed an improved and secure version of [17]. In 2017, Verma et al. [23] proposed an efficient and short CBPS scheme from pairings. In their scheme, the size of the signature was only one elliptic group element (256 bits) and the total computation cost was 53.36 ms. Recently, Verma et al. [25] proposed a CB proxy blind signature scheme. This scheme was also pairing based construction. Thus, in literature several CBPS schemes from pairings were proposed by the research community. However, no CBPS scheme is proposed with pairing free realization.

Due to the development of sensors and actuators, significant deployment of these devices in various applications has emerged. This emerging deployment in industrial applications has inspired the innovative concept of IIoT. However, the dependency on wireless networks has also a big challenge regarding security threats. To discuss these challenges, Sadeghi et al. [19] has proposed several security related issues for IIoT environment. They described that the security in IIoT environment has the same impact as traditional safety. The difference is that the security in IIoT is considered against cyber threats. In IIoT environment, the source shares the data via cloud centric network and thus, the authentication and integrity are important issues. Sadeghi et al. [19] suggested that the attestation of data can solve the issue. Thus, method of digital signing can be a good choice to execute the attestation of data. Recently, several efficient signing methods such as [10], [12] has been proposed in the literature. However, the method of delegation of signing power for IIoT is still unavailable.

As per the discussion by Sadeghi et al. [19], in IIoT environment, method of attestation of data should be used to maintain authentication and integrity. The digital signing of the data can be used to perform the attestation. To deploy on energy trading, Aitzhan and Svetinovic [2] proposed an attestation method by integration of blockchain, multi-signature and anonymous messaging. The construction was based on PKC and thus, suffer from TPQ problem. In 2017, Wei et al. [26] proposed a method of data aggregation for IIoT environment by integrating multi-signature scheme. However, the scheme was ID-based and therefore, suffers from KE and SKD problems. Recently, Jia et al. [10] and Karati et al. [12] have proposed two signature scheme to deploy on IoT and IIoT respectively. Their schemes are based on CLPKC settings and thus, both schemes are subject to SKD problem and key replacement attack. To improve the security in delegation of signing power, Verma et al. [22], [23], [24] proposed some efficient and short PS schemes to deploy on wireless sensor networks. However, their schemes use pairing and thus, can be further made more efficient. Thus, the aim of the article is to propose a pairing free proxy signature scheme in certificate-based (PFCBPS) settings to deploy on IIoT environment. The detailed contribution of our article is follows:

•
The first CBPS scheme without pairings is proposed. To propose the PFCBPS scheme, the syntax of PFCBPS scheme, network architecture of IIoT environment and attack models are also elaborated in the article.
•
The security analysis with respect to unforgeability, integrity, authenticity and various attacks is discussed.
•
The efficiency comparison of the proposed PFCBPS scheme is also discussed.

The manuscript roadmap is follows:

The Section 2 presents the basics on ECDLP, network architecture and syntax for the proposed PFCBPS scheme. This section defines the attackers and threat model for the proposed PFCBPS scheme. In Section 3, the proposed PFCBPS scheme is designed. Section 4 describes the detailed security analysis. In Section 5, performance discussion is proposed. Section 6 concludes the article. The mathematical symbols are defined in Table 1.

Section snippets

Preliminaries

This section presents some basics on ECDLP. The network architecture of IIoT environment using delegation, syntax of the proposed PFCBPS scheme. The adversarial oracles and attacks to define provable security in ROM are also presented.

Proposed PFCBPS scheme

The following are the steps of the proposed PFCBPS scheme.

1.
CB-ParGen: By input 1^λ (the security parameter), CO runs the PPT algorithm and generates the system parameter $Σ = (E / F_{p}, G_{T}, P, p, p k_{C O}, H_{0}, H_{1}, H_{2})$ and private key sk_CO of itself in the following manner:
- •
  Chooses G_T the cyclic subgroup of points from E/F_q.
- •
  Randomly selects a secret $s \in Z_{p}^{*}$ and public P ∈ G_T. Then puts $p k_{C O} = s P$ as its public key and $s k_{C O} = s$ its private key.
- •
  $H_{0} : {0, 1}^{*} \times G_{T} \to Z_{p}^{*}, H_{1} : {0, 1}^{*} \times {0, 1}^{*} \times G_{T} \to Z_{p}^{*}$ and $H_{2} : {0, 1}^{*} \times {0, 1}^{*} \times {0, 1}^{*} \times G_{T} \times G_{T} \to Z_{p}^{*}$

Proof of correctness

Theorem 1

The introduced PFCBPS scheme is correct.

Proof

We know that, $σ P = (W_{J} + k_{C} + t_{C} + H_{2} (w, m, I D_{C}, p k_{I D_{C}}, U_{C}) s_{I D_{C}}) P = R_{J} + k_{J} P + H_{0} (I D_{J}, p k_{I D_{J}}) p k_{C O} + H_{1} (w, I D_{J}, p k_{I D_{J}}) p k_{I D_{J}} + k_{C} P + R_{C} + H_{0} (I D_{C}, p k_{I D_{C}}) p k_{C O} = U_{C} + (H_{0} (I D_{J}, p k_{I D_{J}}) + H_{0} (I D_{C}, p k_{I D_{C}})) p k_{C O} + H_{1} (w, I D_{J}, p k_{I D_{J}}) p k_{I D_{J}} + H_{2} (w, m, I D_{C}, p k_{I D_{C}}, U_{C}) p k_{I D_{C}}$ . Thus, verification is consistent. □

Unforgeability analysis

Theorem 2

If an attacker $F_{1}$ (Type-1) can forge the proposed PFCBPS scheme in ROM with probability of success PrSucc ≥ ϵ, within time bound t. Then, a PPT $B$ can be constructed to solve the random instance of ECDLP with

Performance and length comparison

To discuss the performance comparison, the symbols and computational costs of the different operations are given in Table 2 [13].

In Table 3, we have considered the four phases (Delegation, Delegation Verify, Proxy Signing and Proxy Sign verify) of the proposed PFCBPS scheme. The reason of calculating computational costs separately is that different phases are executed by different entities (along with their constrained). Thus, we found that the delegation phase of the proposed PFCBPS scheme is

Conclusion

The emerging revolution in industrial environment inspired the replacement of logic based units with cyber-physical systems. In industrial environment, the deployment of such cyber-physical systems has been shaped due to IoT. However, the need of authentication has also become more important. To provide an efficient authentication mechanism, this article proposed a certificate-based proxy signature (PFCBPS) scheme. The pairing free construction of the proposed PFCBPS scheme has made it the most

Declaration of Competing Interest

We have no declaration of interest.

Acknowledgment

The authors are grateful to the learned reviewers and their critical comments. Their comments have guided the authors to improve the manuscript.

References (26)

D. He et al.
An efficient certificateless proxy signature scheme without pairing
Math. Comput. Model.
(2013)
X. Jia et al.
An efficient provably-secure certificateless signature scheme for internet-of-things deployment
Ad Hoc Netw.
(2018)
J. Li et al.
Provably secure certificate-based signature scheme without pairings
Inf. Sci.
(2013)
S.-H. Seo et al.
Efficient certificateless proxy signature scheme with provable security
Inf. Sci.
(2012)
L. Wei et al.
Efficient and provably secure identity-based multi-signature schemes for data aggregation in marine wireless sensor networks
Networking, Sensing and Control (ICNSC), 2017 IEEE 14th International Conference on
(2017)
The certicome corporation, sec 2:recommended elliptic curve domain...
N.Z. Aitzhan et al.
Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams
IEEE Trans. Dependable Secure Comput.
(2016)
S.S. Al-Riyami et al.
Certificateless public key cryptography
International Conference on the Theory and Application of Cryptology and Information Security
(2003)
A. Boldyreva et al.
Secure proxy signature schemes for delegation of signing rights
J. Cryptol.
(2012)
H. Debiao et al.
An id-based proxy signature schemes without bilinear pairings
Ann. Telecommun.
(2011)

W. Diffie et al.

New directions in cryptography

Inf. Theory IEEE Trans.

(1976)

C. Gentry

Certificate-based encryption and the certificate revocation problem

International Conference on the Theory and Applications of Cryptographic Techniques

(2003)

X. Hu et al.

Short and provably secure designated verifier proxy signature scheme

IET Inf. Secur.

(2016)

Cited by (32)

Temporal ECDSA: A timestamp and signature mask enabled ECDSA algorithm for IoT client node authentication
2024, Computer Communications
Internet of Things (IoT) networks are vulnerable to various security threats, especially in client authentication. The current authentication methods require significant resources and are vulnerable to specific attacks. The Non-Interactive Zero Knowledge Proof (NIZKP) concept suits IoT device authentication. Elliptic Curve Digital Signature (ECDSA) is a popular algorithm for IoT device authentication based on elliptic curve cryptography (ECC) and NIZKP. However, an intelligent attacker who captures the ECDSA signatures generated by the same random number can recover the private key. This paper proposes a timestamp based approach to prevent signature reuse and fake signature generation in the ECDSA algorithm. The signature proof is generated differently at each occurrence to prevent the generation of valid signatures from leaked private keys. The proposed approach eliminates the expensive modular inversion operations in signature generation and verification phases, enhancing execution efficiency. The analysis results indicate that the proposed Temporal ECDSA algorithm effectively prevents most attacks on client authentication in IoT networks. Various metrics, including computational complexity and security measures, were used to evaluate the effectiveness of the proposed approach, demonstrating that it outperforms most ECDSA variants.
Security weakness of a certificate-based proxy signature scheme for IIoT environments
2024, Information Processing Letters
Recently, Zhu et al. analyzed a certificate-based proxy signature scheme proposed by Verma et al. and provided a revised scheme [9]. In this paper, we revisit Zhu et al.'s attack and show that the fundamental problem of the Verma et al.'s scheme is that it uses a weak ordinary signature scheme as a building block. In addition, based on the fact that the revised scheme shares many of the components which use the weak signature in the Verma et al.'s scheme, we show that the attack against the Verma et al.'s scheme can be similarly applied to the revised scheme.
A post quantum secure multi-party collaborative signature with deterability in the Industrial Internet of Things
2023, Future Generation Computer Systems
Industrial Internet-of-Things (IIoT for short) which is the basis of Industry 4.0, extends Internet connectivity beyond traditional computing devices, for example, smartphones, computers, laptops, webcams, etc., to the physical world for improving accuracy and efficiency while reducing the production cost. However, there exists large numbers of security threats, such as data leakage and privacy threats. To solve these issues, we first present a system model, security requirements and then proposed a post quantum secure multi-party collaborative signature with deterability in the IIoT environment. In this scheme, formal security proofs are given in the random oracle assuming that AMLWE and AMSIS problem are hard. We also demonstrate the potential utility of our proposed scheme by evaluating its performance.
A comprehensive survey of authentication methods in Internet-of-Things and its conjunctions
2022, Journal of Network and Computer Applications
Citation Excerpt :
This scheme helps to improve the robustness of the presentation attack. The work proposed in Verma et al. (2020) is a certificate based proxy signature (PFCBPS) has seven phases: parameter generation, key generation, certification, delegation, DelVerification, ProxySigning, and PSignVerification. It provides various security features such as strong unforgeability, verifiability, strong identifiability, prevention of misuse, and strong undeniability.
Internet of Thing (IoT) is one of the most influential technologies in the present time. People, processes, and things are connected with the Internet through IoT. With the increasing demands of user applications, the number of connections is also increasing exponentially. Therefore, security becomes a critical issue in IoTs. Confidentiality, Integrity, and Availability (CIA) services are important for IoT applications. IoTs must also ensure proper authentication mechanisms to ensure CIA in the second stage. Various researches in this direction address the authentication issues in IoTs.
In this paper, we survey the authentication aspects in IoTs and their allied domains. We analyze the potentialities of the existing state-of-the art-approaches and also identify their limitations. We discuss the basics of authentication and its related attacks for the ease of interpretability of the readers. We show a taxonomical understanding of the approaches and try to connect the evolution of the solution strategies. These connections, to the best of our knowledge, are novel as compared to the existing authentication surveys. Besides, the multidimensional vision of this survey for IoT extensions is an add-on to the benefits. We also provide a discussion on the future direction of research in this domain. In a nutshell, this survey is a one-stop solution for academia and industry to understand the status quo of IoT authentication schemes/protocols.
Cryptanalysis and improvements of an efficient certificate-based proxy signature scheme for IIoT environments
2022, Information Processing Letters
Citation Excerpt :
Recall that the Type II adversary defined by Verma et al. can control both CO and the proxy signer, thus is more powerful than our Type 4 adversary. Since the PFCBPS scheme is vulnerable to the attack given by our Type 4 adversary, the scheme cannot resist the Type II attack defined in [10], which disprove their claim. This also shows that the PFCBPS scheme may be more vulnerable than expected.
Recently, Verma et al. (2020) [10] proposed the first pairing-free certificate-based proxy signature (PFCBPS) scheme for IIoT environments. They defined two kinds of adversaries in the PFCBPS scheme and proved that their construction was secure against Type I and Type II adversaries under a standard cryptographic assumption in the random oracle model. In this work, we revisit adversaries' abilities defined by Verma et al. and show that the PFCBPS scheme cannot resist the signature forgery attack performed by a malicious proxy signer (a weak Type II adversary). As a result, the above signature scheme cannot be deployed in practical IIoT applications. Moreover, we discuss the reason for such an attack and provide an improved scheme PFCBPS⁺.
A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT)
2021, Journal of Information Security and Applications
Citation Excerpt :
Being an enabler the CPS often uses wireless communication channels (WCC) for integrating with mobile computing, cloud computing and big data. The communication between humans and machines is performed by means of a wireless channel, where the source device sends their respective data to the receiver using the services of the cloud server [11]. On the other hand, the continuous expansion of IoT applications, cloud storage of IIoT shines with remote access services, low cost, high data availability, and high data storage becomes very popular among individuals and businesses [12,13].
Recently, the Industrial Internet of Things (IIoT) has become increasingly important for applications in the industry. IIoT has essentially become a prime security focus for implementing secure communication. Among the available cryptographic tools, identity-based signcryption provide a sound solution to fulfill the security requirement of IIoT. On the other hand a generalized proxy signcryption can work adaptively as proxy signature and proxy signcryption using a single algorithm. In order to accomplish effective and on-time communication whenever the manager of the company went out for a usual business trip or an IIoT device which has lack of resources, then it must need to delegate her/his signcryption rights to their subordinates (proxy agents/device). For this purpose, to make the delegation procedure more efficient and reliable, we proposed a lightweight identity-based generalized proxy signcryption (IBGPS) scheme for IIoT. The IBGPS scheme is provably secure in terms of indistinguishability against adaptive chosen ciphertext attack (IND − IBGPS − CCA) and existential unforgeable against a possible adaptive chosen message attack (EUF − IBGPS − CMA) under Hyperelliptic Curve Decisional Diffie-Hellman problem (HEDHP) and Hyperelliptic Curve Discrete Logarithm problem (HECDLP) in the random oracle model. Furthermore the performance evaluation in terms of computation and communication costs shows that the IBGPS scheme is more effective than the existing schemes.

View all citing articles on Scopus

View full text

An efficient and provable certificate-based proxy signature scheme for IIoT environment

Highlights

Abstract

Introduction

Section snippets

Preliminaries

Proposed PFCBPS scheme

Proof of correctness

Unforgeability analysis

Performance and length comparison

Conclusion

Declaration of Competing Interest

Acknowledgment

Math. Comput. Model.

Ad Hoc Netw.

Inf. Sci.

Inf. Sci.

Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams

IEEE Trans. Dependable Secure Comput.

Certificateless public key cryptography

International Conference on the Theory and Application of Cryptology and Information Security

Secure proxy signature schemes for delegation of signing rights

J. Cryptol.

An id-based proxy signature schemes without bilinear pairings