A secure and efficient certificateless batch verification scheme with invalid signature identification for the internet of things

Abstract

With the continuously developing wireless communication technique, the Internet of Things (IoT) has been deployed in various domains. In the IoT, numerous smart devices exchange information transparently and seamlessly via the open channel to provide intelligent and convenient services for the citizens. Due to the vulnerable nature of the communication channel, ensuring data authenticity of the transmitted information is a challenging issue. Certificateless signature (CLS) is regarded as an appropriate cryptographical primitive to protect data authenticity in the IoT. However, the existing CLS schemes are infeasible for the practical IoT systems, since individual verification causes network congestion and service delay in the face of massive service requests. To improve the verification efficiency, plenty of CLS schemes with batch verification have been investigated to verify multiple signatures quickly at once. Despite the improvement of verification efficiency, these schemes have poor efficiency or security issue. Furthermore, the batch verification failure cannot be settled in these schemes, which reduces the advantage of batch verification significantly. Motivated by the above problems, this paper presents a secure and efficient CLS scheme with batch verification and invalid signature identification. The proposed scheme is provably secure under the random oracle model. The comprehensive comparison analysis demonstrates that the presented scheme is superior to the related works in security and performance.

Introduction

The concept of the Internet of Things (IoT) was formally introduced by the International Telecommunication Union (ITU) in 2005. It is described as a self-establishing network of highly coupled smart devices [1]. In the IoT-based system, smart devices are allowed to interact with each other transparently and seamlessly for reaching common goals. Under the interconnection of smart devices, various innovative applications based on the IoT have emerged. Fig. 1 illustrates some typical IoT applications in distinct domains including smart factory [2], smart home [3] and e-healthcare [4]. These applications not only redefine the interaction between the physical devices and humans but also provide higher intelligence as well as convenience to daily life. Considering the huge potential of the IoT in applications, it has become increasingly attractive to both industry and academia [5], [6], [7], [8], [9].

Despite the continuous development of IoT technology, security threats still hinder its widespread application [10], [11], [12], [13], [14]. In a typical IoT application, the collected data is transmitted over the open channel. Due to the vulnerable nature of the communication channel, a malicious adversary can perform a series of attacks easily including intercepting, modifying, injecting and replaying the information. This causes grievous damage to the property and reputation of data owners and data consumers [15], [16], [17], [18], [19]. To avoid the aforementioned fatal consequences, a substantial number of research achievements have been put forward to ensure the data authenticity for the IoT environments [20], [21], [22], [23]. The digital signature is widely regarded as an appropriate cryptographic primitive for achieving data authenticity in the IoT environment [10], [16], [24]. Using the digital signature, the sensing data can be authenticated in a non-repudiation and non-modification manner during the transmission phase [25].

In an IoT system with a traditional public key infrastructure (PKI)-based signature scheme deployed, a certificate authority (CA) issues each smart device with its corresponding certificate. Though these certificates, a smart device’s identity can be bound to its public key. Since the CA is supposed to distribute and maintain digital certificates of all smart devices, it inevitably incurs the cumbersome overhead in the certificate distribution and management as the number of connected devices increases. Thus, the PKI-based signature schemes are infeasible for IoT environments. As an alternative approach to PKI-based signature, the identity(ID)-based signature has been commonly applied to the IoT [26], [27]. In these schemes, smart devices’ public keys can be easily derived from their own identities (e.g., MAC address), and thus the necessity of a certificate is elegantly eliminated. However, since a smart device’s private key is created by the private key generator (PKG), the PKG has all knowledge of an entity’s private key. Once the PKG is compromised, any signature of the entities can be forged without being detected. Due to the key escrow problem, the ID-based signature is more likely to be deployed in a private network [28], [29], [30].

Certificateless signature (CLS) has emerged as a favorable candidate that mitigates the heavy overhead of certificate management and solves the key escrow problem of ID-based signature. In a CLS-based system, the private key is formed with the secret value chosen by the entity itself and the partial private key generated by a semi-trusted party called the key generation center (KGC). This mechanism not only avoids the necessity of certificates but also prevents the private key from being completely leaked. Benefited from these advantages, plenty of CLS schemes have been proposed to protect data authenticity in the IoT environment [31], [32], [33], [34], [35]. Nevertheless, these schemes have poor performance in settling the issue of massive signatures verification. Considering the fact that a huge number of signatures need to be verified in the practical IoT system, individual verification leads to network congestion and service delay. Thus, the aforementioned schemes cannot be used for IoT scenarios in their current forms.

The batch verification technique is a useful tool to improve verification efficiency, which allows a verifier to check the correctness of multiple digital signatures simultaneously [36], [37], [38]. For the purpose of enjoying the combined benefits of CLS and batch verification, a large number of CLS schemes with batch verification have been put forward in the IoT scenario [39], [40], [41], [42]. Observing the existing schemes, they cannot settle the batch verification failure. In reality, it is impossible for all signatures in a batch to be valid. Even if there only exists one invalid signature in thousands of signatures, batch verification fails to accept all the valid signatures. The malicious adversary attempts to reduce the advantage of batch verification via inserting the invalid signatures into the batch. Therefore, the invalid signature identification is crucial for a batch verification scheme. Furthermore, the existing schemes have poor security or efficiency, which cannot reach the claimed goals.

Driven by the above motivations, this paper presents a certificateless batch verification scheme with invalid signature identification for the IoT. In our scheme, batch verification greatly enhances the efficiency of signature verification, and the identification of invalid signatures solves the failure case of the batch verification for maximizing its advantages. The proposed scheme is provably secure based on the elliptic curve discrete logarithm problem (ECDLP) under the random oracle model. The comprehensive comparison of security and performance shows that our scheme outperforms the relevant schemes in the context of IoT.

The organization of this paper is summarized as follows: We review the related work in Section 2. The relevant background knowledge is described in Section 3. Section 4 presents a CLS scheme with batch verification scheme and invalid signature identification. We give the formal security proof of the presented scheme in Section 5. The concrete comparison between our scheme and the related work from aspects of security and performance is discussed in Section 6. Section 7 summarizes this paper.