1 / 10

Efficient & Secure Certificateless Signature for IIoT Environments

This research paper presents a certificateless parallel key-insulated signature scheme without pairing for IIoT environments, addressing the challenges of data authenticity and key exposure. The proposed scheme integrates PKI and ID-based signature schemes to achieve efficient and provably secure signatures in IIoT environments. The key-insulated scheme with a parallel mechanism reduces the probability of exposing helper keys, improving system security.

rufusj
Download Presentation

Efficient & Secure Certificateless Signature for IIoT Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient and Provably Secure Certificateless ParallelKey-Insulated Signature Without Pairing forIIoT Environments Author:Hu Xiong , Qian Mei, and Yanan Zhao Publisher:2019 IEEE SYSTEMS JOURNAL Presenter: 柯懷貿 Date: 2019/08/14 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

  2. Introduction • As the core field of the IoT, the industrial IoT (IIoT) has the characteristics of real-time, automation, the interconnection of information exchange, and so on. It can continuously integrate all kinds of sensors, intelligent analysis, mobile communications, and other technologies into the industrial production process. • By considering the large amount of data gathered by the smart devices in the IIoT, the storage and processing of big data emerges as a serious challenge. Fortunately, the cloud computing, is considered to be a solution to the problem. • In general, communication channels between cloud servers and smart devices are considered untrustworthy and it is not easy to guarantee the authenticity of data during transmission. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  3. PKI / ID Based Digital Signature Scheme • In a PKI-based signature system, the user’s identity is bound to the corresponding public key through a certificate that is issued by a trusted certificate authority. However, in view of the huge overhead caused by the certificate management, PKI-based signature schemes are not applicable to IIoT. • In the ID-based signature, users’ public keys are their unique identity information that is publicly known, while the user’s private key is created by a private key generator (PKG) with a master secret key. Since the private key of all users is calculated by the PKG, the signature of any entity can be forged easily by the PKG, which results in a notorious key escrow problem. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  4. Certificateless Signature (CLS) Scheme • CLS schemeintegrates the merits of PKI and ID based signature scheme, of which private key consists of two independent part issued by key generation center (KGC) and the user him/herself. • On the other hand, the public key of the user in the CLS scheme is derived from the public known identity and the public key generated by the user him/herself. • Pick a random a to compute r = e(aP, P) and v = H(M, r) and U = v*SA+a*P, then get <v, U> as a signature. To verify, first compute and then check if v = H(M, r) holds. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  5. Key Exposure • Another challenge encountered in the IIoT deployment and adoption is the key exposure. In the IIoT environment, the key exposure seems inevitable as signature operations are performed more frequently on insecured devices. There is no doubt that key exposure will leads to the catastrophic consequence. • To solve this problem, there are two types of secret keys for users, which are named user secret key and helper key. The former one is evolved with the time period and used to perform the signing operation, whereas the latter one is issued by a physical secure device, known as helper, and used to update the former one in each time period. Because the user secret key has been constantly changing, its exposure will only cause damage in the corresponding period of time without affecting the security of other time periods. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  6. Key-Insulated Scheme • Specifically, the temporary private key must be updated at short timing to increase the tolerance of the system for key exposure. Unfortunately, this increases the frequency with which the helper connects to an unsafe environment, thereby, increasing the probability of the helper key exposure. • To solve this problem, a new key-insulated scheme with parallel mechanism was put forward by Hanaoka et al. In their scheme, two independent helper keys are used for updating the decryption keys one by one. The advantage of this scheme is that it can reduce the chance of exposing the helper key while allowing the decryption key to be updated frequently, thus the security of the system is improved. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  7. Proposed CL-PKIS Scheme • Setup: KGC picks msk as the master secret key for mpk = msk * G. • Extract-Partial-Private-Key: KGC picks random r for R = r * G and h = H1(ID, R), then returns the Partial Private Key D = (sk, R) after calculating sk = r + msk* h. • Key-Gen: User picks x as secret value for public key UPK = x * G. Then pick 2 integers HSK0, HSK1 for HPK0 = HSK0 * G and HPK1 = HSK1 * G, where (HSK0 , HSK1) denotes two helpers’ private key and (HPK0, HPK1) denotes two helpers’ public key. Finally, compute k = H2(ID, R, UPK, mpk), L-1 = H3(ID, R, -1), L0 = H3(ID, R, 0), and the initial USK0 = sk + L-1* HSK1 + L0 * (HSK0 + k * x). National Cheng Kung University CSIE Computer & Internet Architecture Lab

  8. CL-Update & Sign • With input ID, a time period t and the ith(here, i≡ t mod 2) helper’s private key HSKi, the ithhelper computes the update key UKt= HSKi * (Lt− Lt−2). • With input ID, t and Ukt,usercomputes temporary USKt = USKt-1 + UKt = sk + Lt-1* HSKm’+ Lt* (HSKm+ k * x) where m = t mod 2, m’= (t−1) mod 2. • For signing message M, signer picks u for U = u * G and calculate v = H4(M, ID, R, UPK, U, mpk). Then compute w = u + v * USKt. Finally, output sig = (R, HPK0, HPK1, U, w) to a verifier. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  9. CL-Verify • With receiving ID, UPK, (M, sig), (HPK0, HPK1), verify • w * G = (u+ v * USKt) * G = • U + v* (sk + Lt-1* HSKm’ + Lt * (HSKm + k * x)) * G= • U + v * (r+ msk* h + Lt-1* HSKm’ + Lt * (HSKm + k * x)) * G = • U + v * (R + h * mpk + Lt-1 * HPKm’ + Lt* (HPKm + k * UPK)) holds • In a secure CLS scheme, both the partial private key and user secret key are needed for the signer to generate the valid signature. In this sense, the adversary who only owns either the partial private key or the user secret key is unable to forge a valid signature. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  10. Performance • To make more explicit description for the comparison of the computation efficiency, a simulation experiment that runs on a computer that is equipped with an Intel Core i7-7700 at 3.60- GHz processor as well as 8.00-GB memory is given. And the experiment is implemented in VC++ 6.0 with PBC library. To offer the security level equal to 1024-bit RSA, we adopt a supersingular National Cheng Kung University CSIE Computer & Internet Architecture Lab

More Related