零信任网络中私有访问的双线性无配对通用指定验证者签名

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-07-03 DOI:10.1109/JIOT.2025.3585405

Xun Wang;Chao Lin;Wei Wu;Xu Yang;Yudi Zhang

{"title":"零信任网络中私有访问的双线性无配对通用指定验证者签名","authors":"Xun Wang;Chao Lin;Wei Wu;Xu Yang;Yudi Zhang","doi":"10.1109/JIOT.2025.3585405","DOIUrl":null,"url":null,"abstract":"zero trust (ZT) networks provide an innovative cybersecurity architecture that effectively incorporates “never trust, always verify” principles to address traditional network security threats. universal designated verifier signature (UDVS) can protect the clients’ privacy in ZT networks, preventing malicious gateways from leaking clients access information to third parties. However, existing UDVS schemes suffer from computational overhead due to their reliance on bilinear pairing operations. This article primarily focuses on the general transformation method from identity-based key encapsulation mechanism (ID-KEM) to UDVS proposed by Steinfeld et al. We first propose ID-KEM based on the SM2 algorithm and prove that it satisfies the EK and Separable properties required by the transformation. Then, we obtain the first UDVS scheme without bilinear pairing through transformation. In terms of performance analysis, the computational overhead of our scheme is 144.36 ms, which is at least 74.39% lower than the previous UDVS schemes. The communication cost is 96 bytes, which is at least 88.89% lower than other schemes, including the first UDVS proof (UDVSP) scheme without bilinear pairing. To show the utility of our UDVS scheme, we finally apply it into a ZT-based software defined perimeter (SDP) environment, which reaps privacy-preserving authentication for single packet authorization.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 18","pages":"37734-37746"},"PeriodicalIF":8.9000,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Bilinear-Pairing-Free Universal Designated Verifier Signatures for Private Access in Zero Trust Network\",\"authors\":\"Xun Wang;Chao Lin;Wei Wu;Xu Yang;Yudi Zhang\",\"doi\":\"10.1109/JIOT.2025.3585405\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"zero trust (ZT) networks provide an innovative cybersecurity architecture that effectively incorporates “never trust, always verify” principles to address traditional network security threats. universal designated verifier signature (UDVS) can protect the clients’ privacy in ZT networks, preventing malicious gateways from leaking clients access information to third parties. However, existing UDVS schemes suffer from computational overhead due to their reliance on bilinear pairing operations. This article primarily focuses on the general transformation method from identity-based key encapsulation mechanism (ID-KEM) to UDVS proposed by Steinfeld et al. We first propose ID-KEM based on the SM2 algorithm and prove that it satisfies the EK and Separable properties required by the transformation. Then, we obtain the first UDVS scheme without bilinear pairing through transformation. In terms of performance analysis, the computational overhead of our scheme is 144.36 ms, which is at least 74.39% lower than the previous UDVS schemes. The communication cost is 96 bytes, which is at least 88.89% lower than other schemes, including the first UDVS proof (UDVSP) scheme without bilinear pairing. To show the utility of our UDVS scheme, we finally apply it into a ZT-based software defined perimeter (SDP) environment, which reaps privacy-preserving authentication for single packet authorization.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 18\",\"pages\":\"37734-37746\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11067956/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11067956/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

零信任（ZT）网络提供了一种创新的网络安全架构，有效地融合了“永不信任，始终验证”的原则，以应对传统的网络安全威胁。通用指定验证者签名（UDVS）可以保护ZT网络中客户端的隐私，防止恶意网关将客户端的访问信息泄露给第三方。然而，现有的UDVS方案由于依赖双线性配对操作而遭受计算开销的困扰。本文主要关注Steinfeld等人提出的基于身份的密钥封装机制（ID-KEM）到UDVS的一般转换方法。我们首先提出了基于SM2算法的ID-KEM，并证明了它满足变换所需的EK和可分性。然后，通过变换得到不存在双线性配对的第一个UDVS格式。在性能分析方面，我们方案的计算开销为144.36 ms，比以前的UDVS方案至少降低了74.39%。该方案的通信成本为96字节，比其他方案（包括没有双线性配对的第一种UDVS证明（UDVSP）方案）至少降低了88.89%。为了展示我们的UDVS方案的实用性，我们最后将其应用到基于zt的软件定义周界（SDP）环境中，该环境为单个数据包授权获取保护隐私的身份验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Bilinear-Pairing-Free Universal Designated Verifier Signatures for Private Access in Zero Trust Network

zero trust (ZT) networks provide an innovative cybersecurity architecture that effectively incorporates “never trust, always verify” principles to address traditional network security threats. universal designated verifier signature (UDVS) can protect the clients’ privacy in ZT networks, preventing malicious gateways from leaking clients access information to third parties. However, existing UDVS schemes suffer from computational overhead due to their reliance on bilinear pairing operations. This article primarily focuses on the general transformation method from identity-based key encapsulation mechanism (ID-KEM) to UDVS proposed by Steinfeld et al. We first propose ID-KEM based on the SM2 algorithm and prove that it satisfies the EK and Separable properties required by the transformation. Then, we obtain the first UDVS scheme without bilinear pairing through transformation. In terms of performance analysis, the computational overhead of our scheme is 144.36 ms, which is at least 74.39% lower than the previous UDVS schemes. The communication cost is 96 bytes, which is at least 88.89% lower than other schemes, including the first UDVS proof (UDVSP) scheme without bilinear pairing. To show the utility of our UDVS scheme, we finally apply it into a ZT-based software defined perimeter (SDP) environment, which reaps privacy-preserving authentication for single packet authorization.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.