Code-based Sequential Aggregate Signature Scheme

This paper proposes the first code-based quantum immune sequential aggregate signature (SAS) scheme and proves the security of the proposed scheme in the random oracle model. Aggregate signature (AS) schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively, and all the signatures of those users on those messages can be aggregated into a single signature such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Because of the aggregation of many signatures into a single short signature, AS and SAS schemes can reduce bandwidth and save storage; moreover, when a SAS is verified, not only the valid but also the order in which each signer signed can be verified. AS and SAS schemes can be applied to traffic control, banking transaction and military applications. Most of the existing AS and SAS schemes are based either on pairing or Rivest–Shamir–Adleman (RSA), and hence, can be broken by Shor’s quantum algorithm for Integer Factoring Problem (IFP) and Discrete Logarithm Problem (DLP). There are no quantum algorithms to solve syndrome decoding problems. Hence, code-based cryptography is seen as one of the promising candidates for post-quantum cryptography. This paper shows how to construct quantum immune sequential aggregate signatures based on coding theory. Specifically, we construct our scheme with the first code based signature scheme proposed by Courtois, Finiasz and Sendrier (CFS). Compared to the CFS signature scheme without aggregation, the proposed sequential aggregate signature scheme can save about 90% storage when the number of signers is asymptotically large.     

EIAS: An Efficient Identity-Based Aggregate Signature Scheme for WSNs Against Coalition Attack

Wireless sensor networks (WSNs) are the major contributors to big data acquisition. The authenticity and integrity of the data are two most important basic requirements for various services based on big data. Data aggregation is a promising method to decrease operation cost for resource-constrained WSNs. However, the process of data acquisitions in WSNs are in open environments, data aggregation is vulnerable to more special security attacks with hiding feature and subjective fraudulence, such as coalition attack. Aimed to provide data authenticity and integrity protection for WSNs, an efficient and secure identity-based aggregate signature scheme (EIAS) is proposed in this paper. Rigorous security proof shows that our proposed scheme can be secure against all kinds of attacks. The performance comparisons shows EIAS has clear advantages in term of computation cost and communication cost when compared with similar data aggregation scheme for WSNs.     

A Secure NDN Framework for Internet of Things Enabled Healthcare

Healthcare is a binding domain for the Internet of Things (IoT) to automate healthcare services for sharing and accumulation patient records at anytime from anywhere through the Internet. The current IP-based Internet architecture suffers from latency, mobility, location dependency, and security. The Named Data Networking (NDN) has been projected as a future internet architecture to cope with the limitations of IP-based Internet. However, the NDN infrastructure does not have a secure framework for IoT healthcare information. In this paper, we proposed a secure NDN framework for IoT-enabled Healthcare (IoTEH). In the proposed work, we adopt the services of Identity-Based Signcryption (IBS) cryptography under the security hardness Hyperelliptic Curve Cryptosystem (HCC) to secure the IoTEH information in NDN. The HCC provides the corresponding level of security using minimal computational and communicational resources as compared to bilinear pairing and Elliptic Curve Cryptosystem (ECC). For the efficiency of the proposed scheme, we simulated the security of the proposed solution using Automated Validation of Internet Security Protocols and Applications (AVISPA). Besides, we deployed the proposed scheme on the IoTEH in NDN infrastructure and compared it with the recent IBS schemes in terms of computation and communication overheads. The simulation results showed the superiority and improvement of the proposed framework against contemporary related works.     

A comparison of MNT curves and supersingular curves

We compare both the security and performance issues related to the choice of MNT curves against supersingular curves in characteristic three, for pairing based systems. We pay particular attention to equating the relevant security levels and comparing not only computational performance and bandwidth performance. The paper focuses on the BLS signature scheme and the Boneh–Franklin encryption scheme, but a similar analysis can be applied to many other pairing based schemes.     

WiBPA: An Efficient Data Integrity Auditing Scheme Without Bilinear Pairings

The security of cloud data has always been a concern. Cloud server provider may maliciously tamper or delete user’s data for their own benefit, so data integrity audit is of great significance to verify whether data is modified or not. Based on the general three-party audit architecture, a dynamic auditing scheme without bilinear pairings is proposed in this paper. It utilizes exponential operation instead of bilinear mapping to verify the validity of evidence. By establishing the mapping relation between logic index and tag index of data block with index transformation table, our scheme can easily support dynamic data operation. By hiding random numbers in the integrity evidence, our scheme can protect users’ privacy information. Detailed security analysis shows that our scheme is secure against attacks such as forgery, replaying and substitution. Further experiments demonstrate that our scheme has lower computational overhead.     

A Fair Blind Signature Scheme to Revoke Malicious Vehicles in VANETs

With the rapid development of IoT (Internet of Things), VANETs (Vehicular Ad-Hoc Networks) have become an attractive ad-hoc network that brings convenience into people’s lives. Vehicles can be informed of the position, direction, speed and other real-time information of nearby vehicles to avoid traffic jams and accidents. However, VANET environments could be dangerous in the absence of security protection. Because of the openness and self-organization of VANETs, there are plenty of malicious pathways. To guarantee vehicle security, the research aims to provide an effective VANET security mechanism that can track malicious vehicles as necessary. Therefore, this work focuses on malicious vehicles and proposes an anonymous authentication scheme in VANETs based on the fair blind signature to protect vehicle security.     

SBOOSP for Massive Devices in 5G WSNs Using Conformable Chaotic Maps

The commercialization of the fifth-generation (5G) wireless network has begun. Massive devices are being integrated into 5G-enabled wireless sensor networks (5G WSNs) to deliver a variety of valuable services to network users. However, there are rising fears that 5G WSNs will expose sensitive user data to new security vulnerabilities. For secure end-to-end communication, key agreement and user authentication have been proposed. However, when billions of massive devices are networked to collect and analyze complex user data, more stringent security approaches are required. Data integrity, non-repudiation, and authentication necessitate special-purpose subtree-based signature mechanisms that are pretty difficult to create in practice. To address this issue, this work provides an efficient, provably secure, lightweight subtree-based online/offline signature procedure (SBOOSP) and its aggregation (Agg-SBOOSP) for massive devices in 5G WSNs using conformable chaotic maps. The SBOOSP enables multi-time offline storage access while reducing processing time. As a result, the signer can utilize the pre-stored offline information in polynomial time. This feature distinguishes our presented SBOOSP from previous online/offline-signing procedures that only allow for one signature. Furthermore, the new procedure supports a secret key during the pre-registration process, but no secret key is necessary during the offline stage. The suggested SBOOSP is secure in the logic of unforgeability on the chosen message attack in the random oracle. Additionally, SBOOSP and Agg-SBOOSP had the lowest computing costs compared to other contending schemes. Overall, the suggested SBOOSP outperforms several preliminary security schemes in terms of performance and computational overhead.     

Provably Secure APK Redevelopment Authorization Scheme in the Standard Model

The secure issues of APK are very important in Android applications. In order to solve potential secure problems and copyrights issues in redevelopment of APK files, in this paper we propose a new APK redevelopment mechanism (APK-SAN). By exploring sanitizable signature technology, APK-SAN allows the original developer to authorize specified modifier who can redevelop the designated source code of APK files. Our scheme does not require interactions between the developer and modifiers. It can reduce the communication overhead and computational overhead for developers. Especially, the signature of redeveloped APK files is valid and maintains the copyrights. The proposed APK-SAN signature can effectively protect the security of the redeveloped APK files and copyrights of the developer and modifier.     

An Access Control Scheme Using Heterogeneous Signcryption for IoT Environments

When the Wireless Sensor Network (WSN) is combined with the Internet of Things (IoT), it can be employed in a wide range of applications, such as agriculture, industry 4.0, health care, smart homes, among others. Accessing the big data generated by these applications in Cloud Servers (CSs), requires higher levels of authenticity and confidentiality during communication conducted through the Internet. Signcryption is one of the most promising approaches nowadays for overcoming such obstacles, due to its combined nature, i.e., signature and encryption. A number of researchers have developed schemes to address issues related to access control in the IoT literature, however, the majority of these schemes are based on homogeneous nature. This will be neither adequate nor practical for heterogeneous IoT environments. In addition, these schemes are based on bilinear pairing and elliptic curve cryptography, which further requires additional processing time and more communication overheads that is inappropriate for real-time communication. Consequently, this paper aims to solve the above-discussed issues, we proposed an access control scheme for IoT environments using heterogeneous signcryption scheme with the efficiency and security hardiness of hyperelliptic curve. Besides the security services such as replay attack prevention, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy, the proposed scheme has very low computational and communication costs, when it is compared to existing schemes. This is primarily because of hyperelliptic curve lighter nature of key and other parameters. The AVISPA tool is used to simulate the security requirements of our proposed scheme and the results were under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) proved to be SAFE when the presented scheme is coded in HLPSL language. This scheme was proven to be capable of preventing a variety of attacks, including confidentiality, integrity, unforgeability, non-repudiation, forward secrecy, and replay attacks.

     

Blockchain-Based Light-Weighted Provable Data Possession for Low Performance Devices

Provable Data Possession (PDP) schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading. However, with the emerging of network consisting of low performance devices such as Internet of Things, we find that there are still two obstacles for applying PDP schemes. The first one is the heavy computation overhead in generating tags for data blocks, which is essential for setting up any PDP scheme. The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing. In this paper, we propose a novel blockchain-based light-weighted PDP scheme for low performance devices, with an instance deployed on a cloud server. We design a secure outsourced tag generating method for low performance devices, which enables a kind of “hash-sign-switch” two-phase tag computing. With this method, users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation, without leaking their data content. Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks. The security analysis and performance evaluation prove that our scheme is both secure and efficient.     

Text Encryption Using Pell Sequence and Elliptic Curves with Provable Security

The demand for data security schemes has increased with the significant advancement in the field of computation and communication networks. We propose a novel three-step text encryption scheme that has provable security against computation attacks such as key attack and statistical attack. The proposed scheme is based on the Pell sequence and elliptic curves, where at the first step the plain text is diffused to get a meaningless plain text by applying a cyclic shift on the symbol set. In the second step, we hide the elements of the diffused plain text from the attackers. For this purpose, we use the Pell sequence, a weight function, and a binary sequence to encode each element of the diffused plain text into real numbers. The encoded diffused plain text is then confused by generating permutations over elliptic curves in the third step. We show that the proposed scheme has provable security against key sensitivity attack and statistical attacks. Furthermore, the proposed scheme is secure against key spacing attack, ciphertext only attack, and known-plaintext attack. Compared to some of the existing text encryption schemes, the proposed scheme is highly secure against modern cryptanalysis.     

A privacy-preserving authentication protocol with secure handovers for the LTE/LTE-A networks

Long-Term Evolution/Long-Term Evolution Advanced (LTE/LTE-A) is the latest mobile communication technology that is offering high data rates and robust performance to the subscribers. Since LTE/LTE-A standards are established on the Internet Protocol (IP) connectivity and provide compatibility with the heterogeneous networks, these new features create availability of the new security challenges in the LTE/LTE-A networks. Taking into consideration the issues of serious signalling congestion and security loopholes in LTE/LTE-A networks, the authors propose an Efficient Authentication and Key Agreement Protocol for Evolved Packet System (EAKA-EPS) with secure handover procedures. The proposed protocol achieves outstanding results in terms of the optimization of computation and signalling overhead. With this, the protocol guarantees the needed security requirements like protected wireless interface and strong mutual authentication between the entities, and ensures access stratum secrecy at the time of handovers. The formal verification results of the proposed scheme over the security verification and simulation tool “Automated Validation of Internet Security Protocols and Applications (AVISPA)” show that the suggested protocol is safe against various malicious attacks, which are still possible in LTE/LTE-A networks. To the best of the authors’ knowledge, the suggested approach is the first approach that provides perfect secrecy with less computation and communication overhead in the LTE/LTE-A networks.     

Analysis of an authenticated identity-based multicast scheme

In IEE Proceedings Communications, 2005, 152, (6), an efficient authenticated identity-based multicast scheme from bilinear pairing was proposed. Wang proved that the scheme is secure against the adversary who can forge a ciphertext, but it is shown that their scheme is not secure against an inside forger.     

New Collective Signatures Based on the Elliptic Curve Discrete Logarithm Problem

There have been many digital signature schemes were developed based on the discrete logarithm problem on a finite field. In this study, we use the elliptic curve discrete logarithm problem to build new collective signature schemes. The cryptosystem on elliptic curve allows to generate digital signatures with the same level of security as other cryptosystems but with smaller keys. To extend practical applicability and enhance the security level of the group signature protocols, we propose two new types of collective digital signature schemes based on the discrete logarithm problem on the elliptic curve: i) the collective digital signature scheme shared by several signing groups and ii) the collective digital signature scheme shared by several signing groups and several individual signers. These two new types of collective signatures have combined the advantages of group digital signatures and collective digital signatures. These signatures have a fixed size and do not depend on the number of members participating in the creation of the final collective signature. One of the advantages of the proposed collective signature protocols is that they can be deployed on top of the available public key infrastructures.     

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things (IoT), which provides the solution of connecting things and devices, has increasingly developed as vital tools to realize intelligent life. Generally, source-limited IoT sensors outsource their data to the cloud, which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved. Though encryption technology can guarantee the confidentiality of private data, it hinders the usability of data. Searchable encryption (SE) has been proposed to achieve secure data sharing and searching. However, most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers. Moreover, the untrusted cloud server may perform an unfaithful search execution. To address these problems, in this paper, we propose the first verifiable identity-based keyword search (VIBKS) scheme from lattice. In particular, a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results. Besides, in order to reduce the communication overhead, we refer to the identity-based mechanism. We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honest-but-curious adversary. In addition, we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.     

Epidemic algorithms for reliable and efficient information dissemination in vehicular

Vehicular ad hoc networks (VANET), which are created by vehicles equipped with short- and mediumrange wireless communication, have an array of important applications in intelligent transport systems. Many of these applications require reliable, bandwidth-efficient dissemination of traffic and road information via ad hoc network technology. This is a difficult task since inter-vehicular networks often lack continuous end-to-end connectivity and are characterised by large variations in node density. A new epidemic algorithm for information dissemination in highly dynamic and intermittently connected VANET is introduced. It is shown through realistic simulations in highway traffic that the proposed algorithm is capable of reliable and efficient information dissemination in VANET in the face of frequent network fragmentation and large density variations.     

New Representative Collective Signatures Based on the Discrete Logarithm Problem

The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups, each signing group is represented by a group leader. On document M, a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups, each of which is represented by a group leader. The characteristic of this type of letter is that it consists of three elements (U, E, S), one of which (U) is used to store the information of all the signers who participated in the formation of the collective signature on document M. While storing this information is necessary to identify the signer and resolve disputes later, it greatly increases the size of signatures. This is considered a limitation of the collective signature representing 3 elements. In this paper, we propose and build a new type of collective signature, a collective signature representing 2 elements (E, S). In this case, the signature has been reduced in size, but it contains all the information needed to identify the signer and resolve disputes if necessary. To construct the approved group signature scheme, which is the basic scheme for the proposed representative collective signature schemes, we use the discrete logarithm problem on the prime finite field. At the end of this paper, we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.     

Efficient secure channel coding based on quasi-cyclic low-density parity-check codes

A secure channel coding (joint encryption-channel coding) scheme provides both data security and reliability in one combined process to achieve faster processing and/or more efficient implementation. The issue of using quasi-cyclic low-density parity-check (QC-LDPC) codes in a symmetric-key secure channel coding scheme is addressed. A set of this class of LDPC codes has recently been recommended by the NASA Goddard Space Flight Center for near-earth and deep-space communications. The proposed scheme provides an efficient error performance, an acceptable level of security and a low-complexity practicable implementation. The results indicate that the proposed scheme can efficiently employ large QC-LDPC codes to achieve a relatively smaller secret-key size to be exchanged by the sender and the receiver, and higher information rates in comparison with the previous symmetric-key McEliece-like schemes. Simulation results indicate that there is no trade-off between the error performance and the security level of the proposed scheme unlike that of the previous ones. These characteristics make the proposed scheme suitable for high-speed communications, such as satellite communication systems.     

Hyper Elliptic Curve Based Certificateless Signcryption Scheme for Secure IIoT Communications

Industrial internet of things (IIoT) is the usage of internet of things (IoT) devices and applications for the purpose of sensing, processing and communicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-related processes to attain more profits. However, such IoT based smart industries need internet connectivity and interoperability which makes them susceptible to numerous cyber-attacks due to the scarcity of computational resources of IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoT environment. In this paper, we propose a hyperelliptic curve cryptography (HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with the aim of improving security while lowering computational and communication overhead in IIoT environment. HECC with 80-bit smaller key and parameters sizes offers similar security as elliptic curve cryptography (ECC) with 160-bit long key and parameters sizes. We assessed the IIoT-CS scheme security by applying formal and informal security evaluation techniques. We used Real or Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formal security analysis and proved that the IIoT-CS scheme provides resistance to various attacks. Our proposed IIoT-CS scheme is relatively less expensive compared to the current state-of-the-art in terms of computational cost and communication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead, respectively, compared to the most recent protocol.