{"title":"区块链增强型高效匿名无证书签名方案及其应用","authors":"Tao Feng, Jie Wang, Lu Zheng","doi":"10.1016/j.pmcj.2024.101990","DOIUrl":null,"url":null,"abstract":"<div><div>Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people’s lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user’s secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios.</div></div>","PeriodicalId":49005,"journal":{"name":"Pervasive and Mobile Computing","volume":"105 ","pages":"Article 101990"},"PeriodicalIF":3.0000,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Blockchain-enhanced efficient and anonymous certificateless signature scheme and its application\",\"authors\":\"Tao Feng, Jie Wang, Lu Zheng\",\"doi\":\"10.1016/j.pmcj.2024.101990\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people’s lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user’s secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios.</div></div>\",\"PeriodicalId\":49005,\"journal\":{\"name\":\"Pervasive and Mobile Computing\",\"volume\":\"105 \",\"pages\":\"Article 101990\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2024-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Pervasive and Mobile Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1574119224001159\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pervasive and Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574119224001159","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
尽管物联网(IoT)为人们生活的各个方面带来了效率和便利,但安全和隐私问题仍然是重大挑战。无证书签名消除了数字证书管理和密钥托管问题,可以很好地嵌入到资源有限的物联网设备中,实现安全访问控制。最近,Ma 等人为物联网部署设计了一种高效、无配对的无证书签名(CLS)方案。不幸的是,我们证明了 Ma 等人提出的方案容易受到第二类对手的签名伪造攻击。也就是说,恶意和被动的密钥生成中心(KGC)可以通过修改系统参数,在没有用户秘密值的情况下伪造任何信息的合法签名。因此,他们基于车载 ad-hoc 网络设计的身份验证方案也无法保证所宣称的安全性。针对这些安全漏洞,我们设计了一种区块链增强匿名 CLS 方案,并在椭圆曲线离散对数(ECDL)硬度假设下证明了其安全性。与类似方案相比,我们的增强方案在计算效率和通信开销方面具有显著优势,而且安全性更强。此外,我们还提出了一种满足跨域场景的相互验证方案,以促进不同边缘网络中智能设备与边缘服务器之间的高效相互验证和协商会话密钥生成。性能评估表明,我们的协议在安全性和计算性能之间实现了有效权衡,在物联网场景中具有更好的适用性。
Blockchain-enhanced efficient and anonymous certificateless signature scheme and its application
Although the Internet of Things (IoT) brings efficiency and convenience to various aspects of people’s lives, security and privacy concerns persist as significant challenges. Certificateless Signatures eliminate digital certificate management and key escrow issues and can be well embedded in resource-constrained IoT devices for secure access control. Recently, Ma et al. designed an efficient and pair-free certificateless signature (CLS) scheme for IoT deployment. Unfortunately, We demonstrate that the scheme proposed by Ma et al. is susceptible to signature forgery attacks by Type-II adversaries. That is, a malicious-and-passive key generation center (KGC) can forge a legitimate signature for any message by modifying the system parameters without the user’s secret value. Therefore, their identity authentication scheme designed based on vehicular ad-hoc networks also cannot guarantee the claimed security. To address the security vulnerabilities, we designed a blockchain-enhanced and anonymous CLS scheme and proved its security under the Elliptic curve discrete logarithm (ECDL) hardness assumption. Compared to similar schemes, our enhanced scheme offers notable advantages in computational efficiency and communication overhead, as well as stronger security. In addition, a mutual authentication scheme that satisfies the cross-domain scenario is proposed to facilitate efficient mutual authentication and negotiated session key generation between smart devices and edge servers in different edge networks. Performance evaluation shows that our protocol achieves an effective trade-off between security and compute performance, with better applicability in IoT scenarios.
期刊介绍:
As envisioned by Mark Weiser as early as 1991, pervasive computing systems and services have truly become integral parts of our daily lives. Tremendous developments in a multitude of technologies ranging from personalized and embedded smart devices (e.g., smartphones, sensors, wearables, IoTs, etc.) to ubiquitous connectivity, via a variety of wireless mobile communications and cognitive networking infrastructures, to advanced computing techniques (including edge, fog and cloud) and user-friendly middleware services and platforms have significantly contributed to the unprecedented advances in pervasive and mobile computing. Cutting-edge applications and paradigms have evolved, such as cyber-physical systems and smart environments (e.g., smart city, smart energy, smart transportation, smart healthcare, etc.) that also involve human in the loop through social interactions and participatory and/or mobile crowd sensing, for example. The goal of pervasive computing systems is to improve human experience and quality of life, without explicit awareness of the underlying communications and computing technologies.
The Pervasive and Mobile Computing Journal (PMC) is a high-impact, peer-reviewed technical journal that publishes high-quality scientific articles spanning theory and practice, and covering all aspects of pervasive and mobile computing and systems.