Rapid advances in wireless communications and pervasive computing technologies have resulted in increasing interest and popularity of Internet-of-Things (IoT) architecture, ubiquitously providing intelligence and convenience to our daily life. In IoT-based network environments, smart objects are embedded everywhere as ubiquitous things connected in a pervasive manner. Ensuring security for interactions between these smart things is significantly more important, and a topic of on going interest.
In this paper, we present a certificateless signature scheme for smart objects in IoT-based pervasive computing environments. We evaluate the utility of the proposed scheme in IoT-oriented testbeds, i.e., Arduino Uno and Raspberry PI 2. Experiment results present the practicability of the proposed scheme. Moreover, were visit the scheme of Wang et al (2015) and revealed that amalicious super type I adversary can easily forge a legitimate signature to cheat any receiver as he/she wishes in the scheme. The superiority of the proposed certiﬁcateless signature scheme over relevant studies is demonstrated in terms of the summarized security and performance comparisons.
The objective of this study is to propose a robust and efﬁcient certiﬁcateless signature scheme with ECC point-based crypto-operations. ECC is one kind of public key cryptography (PKC)-based techniques, where it is based on the algebraic structure of elliptic curves over ﬁnite ﬁelds. Normally, ECC requires a smaller key size than other PKC-oriented approaches to provide an equivalent security level. For example, it is generally thought that the same security can be delivered by 256-bit elliptic curve and 3072-bit RSA. Hence, to enjoy higher computation efﬁciency, we would like to integrate the ECC crypto-technique into our proposed certiﬁcateless signature scheme.
The Proposed Certiﬁcateless Signature Scheme for Iot-based Smart Objects
In this section, we propose a new certiﬁcateless signature scheme with ECC point-based crypto-operations. The security of the scheme assumes the intractability of ECDLP. In the following, we present the proposed scheme consisting of two phases, i.e., the Pre-processing phase and Sign/Verify phase. Note that three entities, i.e., KGC, the signer and the veriﬁer, are involved.
In the proposed certificateless signature scheme, we considered type I adversary and type II adversaries as deﬁned. Due to the lack of certiﬁcate veriﬁcation, it is possible for adversaries to replace an entity’s public key with one of its choice. Therefore, the type I adversary models an external adversary capable of replacing any entity’s public key with speciﬁc values chosen by the adversary itself. Nevertheless, the type I adversary does not know the private key of KGC. On the other hand, the type II adversary models a malicious KGC who is able to access the master key, but cannot replace the public keys of other entities. In addition, type I and II adversaries can be further classiﬁed into three categories of power levels i.e., normal adversary, strong adversary, and super adversary.
SYSTEM IMPLEMENTATION AND PERFORMANCE EVALUATION
To evaluate the performance of the proposed certiﬁcateless scheme, we adopt two IoT-based testbeds, i.e., Arduino Uno and Raspberry PI 2 platforms, as the major evaluation platforms in the experiments. The Arduino Uno is a microcontroller board based on the ATmega328P, i.e., an 8-bit AVR RISC-based microchip with 32 KB EEPROM and 2 KB RAM. It is a tiny platform at very low cost, and thus is suitable to evaluate the performance of IoT-based schemes.
On the other hand, the Raspberry PI is a card-sized single-board computer which offers an ARM GNU/Linux kernel and 1 GB RAM and 16 GB storage. Generally speaking, the Arduino Uno platform is usually simulated as a resource-constrained device while the Raspberry PI platform is simulated as a smart object which is more powerful on computation efﬁciency.
In recent years, designing certiﬁcateless signature schemes without bilinear pairings has been extensively studied due to its effectiveness in solving the key escrow problem in identity-based cryptography, and its potential for deployment in an environment comprising resource-limited mobile devices. In this section, we first present the state-of-the-art of certificateless signature before revealing a previously unknown weakness in a recent certificateless signature mechanism proposed by Wangetal. We then present a comparative summary of our proposed scheme and relevant schemes.
In this paper, we presented a new certiﬁcateless signature scheme for IoT-based smart objects. We proved the security of the proposed scheme against the super type I and II adversaries, as well as demonstrating the utility of the scheme in IoT-oriented testbeds. For passive objects with constrained computation ability and limited power capability, we argued that the proposed certiﬁcateless signature scheme with 160-bit elliptic curve can be exploited to construct a key exchange (or key agreement) process with a reasonable security robustness.
Around 5.421 s and 6.771 s are required for performing the sign phase and the verify phase of our proposed scheme, respectively. For active objects with powerful computation efﬁciency, we suggested considering the proposed certiﬁcateless signature scheme with at least 384-bit elliptic curve and SHA-3 (512-bit) to pursue the highest security due the affordability of computation cost on the Raspberry PI platform. Findings from the implementation showed that low computation cost, i.e., 1.549 ms and 1.556 ms, is required to perform the execution processes of the sign phase and verify phase, respectively.
Moreover, we compared the security and performance of our scheme with those of Gong and Li, Wang et al and Tsai, as well as revealing a previously unknown vulnerability in Wang et al scheme (where a malicious super type I adversary can easily forge a valid signature on any message and cheat receivers at will).
Source: National Dong Hwa University
Authors: Kuo-hui Yeh | Chunhua Su | Kim-kwang Raymond Choo | Wayne Chiu