Certificate-Based Signature Scheme for Industrial Internet of Things Using Hyperelliptic Curve Cryptography

Ullah, Insaf; Alkhalifah, Ali; Althobaiti, Maha M.; Al-Wesabi, Fahd N.; Hilal, Anwer Mustafa; Khan, Muhammad Asghar; Ming-Tai Wu, Jimmy

doi:https://doi.org/10.1155/2022/7336279

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Works Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Vehicle-to-Everything (V2X) Communication Approach Towards Advanced Intelligent Transportation

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 7336279 | https://doi.org/10.1155/2022/7336279

Certificate-Based Signature Scheme for Industrial Internet of Things Using Hyperelliptic Curve Cryptography

Insaf Ullah,¹Ali Alkhalifah,²Maha M. Althobaiti,³Fahd N. Al-Wesabi,⁴Anwer Mustafa Hilal,⁵Muhammad Asghar Khan,¹and Jimmy Ming-Tai Wu⁶

Academic Editor: Zahid Khan

Received27 Oct 2021

Revised09 Dec 2021

Accepted03 Jan 2022

Published08 Feb 2022

Abstract

The Industrial Internet of Things (IIoT) is a technology that uses the Internet of Things (IoT) infrastructure to sense, process, and communicate real-time events in the industrial system to cut down on unnecessary operating costs and to speed up industrial automation of internal and external working processes. Since the IIoT system inherits the same cyber-physical vulnerabilities that the IoT system already encounters, it requires additional work to address security concerns owing to its heterogeneous nature. As a result, an efficient security mechanism is essential to protect against various and unknown cyber-attacks. In this article, we propose a certificate-based signature scheme based on hyperelliptic curve cryptography (HECC), with the aim of improving security while reducing computational and communication costs in the IIoT environment. The proposed scheme outperforms existing schemes in terms of both computational and communication costs, as well as offering better security.

1. Introduction

The term “Industrial Internet of Things” (IIoT) refers to the use of Internet of Things (IoT) devices and infrastructure to collect and communicate real-time events in industrial systems in order to reduce human efforts and operational costs while also improving manufacturing and industrial processes [1]. Chemical factories, for example, are a good example of industrial processes since they include highly sensitive processes that require real-time communication between machines and other entities [2]. One of the advanced tiers of networking design, termed Fifth Generation (5G) mobile networks, appears to give a worthy communication in the digital words of IIoT [3]. The International Data Corporation (IDC) report that globally 70% of companies spend $1.2 billion on 5G connectivity management solutions. When 5G and IIoT (5G-IIoT) are combined, a rapid, intelligent, and ubiquitous communication system emerges [4]. Additionally, 5G mobile networks support a cutting-edge technology known as cloud computing [5], which ensures the storage, processing, analysis, and exchange of data generated by IIoT devices. A traditional cloud computing paradigm, on the other hand, is incapable of effectively managing data directly. Because the sensor has limited resources, it will be unable to process the complicated intelligent algorithms. A mobile edge node with extra attributes of powerful processing and storage capacity will be employed to overcome this challenge. In Figure 1, collaborative technologies such as 5G, cloud server (CS), edge computing (EC), and bluetooth low energy (BLE) are used to create an infrastructure for an IIoT environment.

However, in an IIoT setting, a malicious sensor can put the entire network at risk, necessitating the use of a robust authentication mechanism [6]. For the purpose of ensuring integrity and authenticity, the digital signature procedure is used [7]. Digital signatures are public key cryptographic primitives (PKCP), which are classified into three categories: public key environment (PKE), identity-based environment (IBE), and certificateless environment (CE). In the cryptography/information security field, PKE has got a lot of attention. It does, however, have severe flaws in terms of certificate management and revocations. Then, when a trusted agent (TA) or organization receives the participant identification, IBE removes certificate management and revocation concerns, and a trusted agent (TA) or organization creates the private key for participating devices. The secret key was provided with participants through a dedicated link by TA. However, if TA so desires, it will provide the opponent with the private key, so that he or she may generate a real signature of the participants. The CE resolves the issue of participant signature forgery in IBE by eliminating the process of private key generation from the TA and having the TA produce the partial private key (PPK) for the participating users, which is then shared with participants via a dedicated link. Sharing PPK with participants, on the other hand, necessitates a dedicated link with participants, which is a major concern in CE.

The certificate-based environment (CBE) is an enhanced version of PKCP that overcomes the limitations of PKE, IBE, and CE by removing the need for certificate management and revocations, as well as a dedicated link for exchanging private key and PPK with participants. The CBE is a hybrid of PKE and IBE in which the participant sends his identification to the TA, who subsequently generates a certificate using his private key and public parameters, as well as the participant’s identity. Furthermore, instead of utilizing a dedicated link, TA provides the certificate to that user, and the participants create their private and public keys. PKCP security and efficiency are usually determined by mathematical parameters. Because it substitutes elliptic curve (EPC) with an extra package of low key and parameter size, the mathematical aspects of hyperelliptic curve (HPEC) have received increased attention when creating protocols for resource hungry environments [8]. As we all know, bilinear pairing is worse than EPC and RSA; thus, we can conclude that HPEC is the best option for building a scheme for the IIoT environment. As a result, using collaborative technologies such as 5G, cloud computing, and edge computing, we introduced a new intelligent certificate-based signature for IIoT in this article. The following are the study’s key contributions:(i)We propose a HECC-based certificate-based signature scheme for IIoT security, which improves security while having a small key size.(ii)We introduce an edge computing architecture for IIoT that uses BLE to directly access data from IIoT devices and transmits it to a cloud server through a 5G wireless link.(iii)We use the random oracle model (ROM) to undertake a formal security analysis of the proposed scheme, ensuring that it is secure against type 1 and type 2 adversaries.(iv)We compare the computation and communication costs of the proposed scheme to some of the existing schemes, demonstrating that our scheme is more efficient.

The organization of the article is set out as follows. The related work on certificate-based signature schemes is presented in Section 2. We go through the network model in Section 3, which also includes network and threat models. In Section 4, the proposed model and algorithm are defined. Section 5, on the other hand, provides the proposed scheme’s security analysis. In addition, we discuss performance analysis in Section 6. The conclusion is presented in Section 7.

The major security measures rely on cryptographic concepts to ensure authenticity, confidentiality, and integrity. A well-designed data security strategy may greatly reduce the likelihood of data being compromised. Kang et al. [9] presented a certificate-based signature with the help of pairings on elliptic curves, and its security analysis is provided by utilizing the random oracle model. Then, Li et al. [10], analyzed the presented scheme in [9], and they say that it is suffering from key replacement attack. Furthermore, they proposed an enhanced certificate-based signature with the use of lower length operations. However, the scheme presented in [9, 10] will definitely suffer by higher computational cost due to expensive pairing operations. To avoid such limitations, Liu et al. [11] presented a new certificate-based signature by not entertaining the expensive operations of bilinear pairing. However, it can still be affected by exponential operations when we consider today’s resource hungry IoT devices. Also, Zhang [12] stated that the scheme presented in [11] is suffering from certain security flaws and proposed new approach with the help of pairing operations. Ming and Wang [13] presented a new certificate-based signature by not entertaining the expensive operations of bilinear pairing. Li et al. [14] presented a new certificate-based signature by entertaining the expensive operations of bilinear pairing that can be suffered from greater computational operations. In 2013, Li et al. [15] proved that the scheme used in [13] is not secure from malicious certifier, and they further proposed a low processing time-oriented certificate-based signature. Lu and Li [16] presented a certificate-based signature by entertaining the expensive operations of bilinear pairing. Zhang et al. [17] presented a certificate-based signature by not entertaining the expensive operations of bilinear pairing. Li et al. [18] contributed a key-insulated certificate-based signature; however, Lu et al. [19] proved that the scheme of [18] is not secure from malicious certifier. Also, the proposed certificate-based signature is with improved nature. Lu and Li [20] presented a certificate-based signature by entertaining the expensive operations of bilinear pairing.

3. Network Model

The proposed scheme’s network model comprised of four entities, as shown in Figure 2: certificate authority (CA), edge node, cloud server, IIoT devices, and data users. The following is the role of each entity:(i)Certificate authority (CA): this entity can function as a trusted third party, creating system parameters for the whole network as well as certificates for IIoT devices and data users.(ii)Cloud server (CS): this entity may be used to store data generated by IIoT devices and data users in a big resource-oriented database.(iii)IIoT devices: these devices are responsible to generate data from different machines and send it to the edge node using BLE.(iv)Edge node: this node will be responsible for producing certificate-based signatures on IIoT data after it obtains a certificate from a CA and generates his public and private key.(v)Data users: data users are responsible for validating the received certificate-based signature from IIoT devices after receiving a certificate from a CA and creating his public and private key.

4. Proposed Certificate-Based Signature Scheme

Here, we first provide the symbols used in the proposed scheme, as given in Table 1; then, the proposed scheme is defined in detail in the phases that follow [21]:

Setup: suppose is the given HECC security parameter with size of 80 bits. Then, CA performs the following steps for generating master secrete key , public key , and global parameter set ().(i)CA select randomly, where (ii)It computes and selects and as hash functions(iii)Make and get available in a network publicly Key generation: given , an actor with identity () select randomly, where and compute . Then, an actor with identity () set as his private key and as his public key. Certificate generation: an actor with identity send to CA. Then, select randomly, where , compute , and compute (). Finally, CA dispatched to an actor with . Signature generation: a sender can generate signature utilizing the following steps(i)It selects randomly, where and computes (ii)Compute = and + (iii)Send to receiver Signature verifications: a receiver can verify the signature utilizing .(i)Correctness

A receiver can verify the signature utilizing the following computations:

.

5. Security Analysis

Here, the security analysis is totally based on the hardiness of the hyperelliptic curve discrete logarithm problem (HECDLP) that can be defined as follows: suppose , where , so finding is said to be HECDLP. This section comprises the following two games that are playing for defending of our scheme signature against two types of adversaries, e.g., type 1 () and type 2 (). Here, acts as a facilitator for these adversaries. So, is the outsider attacker whose capability is to replace the user public key for generating the forge signature; furthermore, it is not capable to access the private key of CA. Moreover, is the insider attacker whose capability is to access CA private key, and it is not capable to replace user public key. Game 1: in this game, by performing maximum number of queries (Q), using ROM, can forge our scheme signature with the help of , when it is to solve HECDLP utilizing the following advantages:where represents the success advantages key generation, (), (), private key generation, certificate generation, and signature generation, respectively. The results of these queries include in the lists , and . Also, perform the following steps for generating master secrete key , public key , and global parameter set ().

Proof. The instance of HECDLP is given to ; then, make the queries such as(i)It selects randomly, where and gives it to (ii)It computes and selects and as hash functions(iii)Make and get available in a network publicly(iv)It also picks the index , where () So, we discuss the queries in the following steps with their results. Key generation query (.): sends () to key generation oracle (.), where represents the maximum number query. includes the outputs in . To reply, look for in ; if it exists, then send to ; otherwise, it performs the following steps.(i)If , then it selects randomly, where and compute (ii)If , it sets . (): sends this query; to reply, look for () in ; if it exists, then send to . Otherwise, select randomly, send to , and store () in . (): sends this query; to reply, look for () in ; if it exists, then send to . Otherwise, select randomly, send to , and store () in . Private key generation query (.): send ; to reply, perform the following steps:(i)If , look for in ; if it exists, then send to (ii)If , then it selects randomly, send to , and includes in Signature generation query (.): sends ; in reply, runs key generation query (.), private key generation query (.), (), and () oracles. perform the following steps.(i)If , runs certificate generation oracle (.) and run signature generation oracle (.); then, send the resultant value to (ii)If , then it selects randomly, and set , , and Forgery: when we take Forking lemma [21] in account, can output two signature that are and , and we have the following computations: Probability analysis: here, we define the following events:(i): during execution of this game, is not abandon(ii): is succeeded(iii): target identity is supposed to forge the proposed scheme signature So, , , and . Therefore, where represents the success advantages. Game 2: in this game, by performing maximum number of queries (Q), using ROM, can forge our scheme signature with the help of , when it solves HECDLP utilizing the following advantages:where represents the success advantages.

Proof:. The instance of HECDLP is given to ; then, make the queries such as key generation, (), (), private key generation, and signature generation, respectively. Also, perform the following steps for generating master secrete key , public key , and global parameter set (). Then, give all these parameters to .
The proof is same like a game 1.

6. Performance Analysis

In this section, we provide details about computational and communication costs of the proposed scheme with its counterpart schemes.

6.1. Computational Cost

Here, we first provide major operations such as exponential (EPL), bilinear pairing (P), and hyperelliptic curve divisor multiplications (HM) in proposed certificate-based signature scheme and the other approaches such as by Lu and Li [16], Li et al. [18], Lu et al. [19], and Lu and Li [20], respectively, as given in Table 2. Then, we consider the time taken by each major operations from [1], in which EPL consumes 1.25 ms, P takes 14.90 ms, and HM utilizes 0.48 ms, respectively [22, 23]. So, on the bases of above-discussed consuming time of major operations, we make the comparisons of proposed certificate-based signature scheme and the other approaches such as by Lu and Li [16], Li et al. [18], Lu et al. [19], and Lu and Li [20], as given in Table 3. Thus, the clearer improvement in computational cost can be seen from Table 3 and Figure 3, and it means our scheme consumes less time during computational processing.

6.2. Communication Cost

Here, we provide the parameter considered for communication overhead bilinear pairing group (G) and hyperelliptic curve (n) in proposed certificate-based signature scheme and the other approaches such as by Lu and Li [16], Li et al. [18], Lu et al. [19], and Lu and Li [20], respectively, as given in Table 3. Then, we consider the bits consumed by each parameter, in which G consumes 1024 bits and n take 80 bits. So, on the bases of above-discussed consuming bits by each parameter, we make the comparisons of proposed certificate-based signature scheme and the other approaches such as by Lu and Li [16], Li et al. [18], Lu et al. [19], and Lu and Li [20], as given in Table 4. Thus, the clearer improvement in computational communication overhead can be seen from Table 4 and Figure 4, which authenticates that our scheme ingests less bits during communications.

7. Conclusion

The Industrial Internet of Things (IIoT) has recently gained popularity for industrial applications. IIoT systems are vulnerable to a variety of cyber-attacks due to the wireless and widespread connectivity of IoT sensors and devices. Certificate-based signature methods are a better solution than other cryptographic schemes for solving the IIoT’s security demands in terms of offering resilience to such attacks. As a result, certificate-based IIoT signature mechanisms are proposed in this study. We employed HECC, which is similar to RSA, bilinear pairing, and ECC, but has a smaller key size. After performing a comparison study, we found that our scheme outperforms its equivalent schemes in terms of computation and communication costs. In addition, the proposed scheme improves security against both known and unknown attacks.

Data Availability

The data generated or analyzed during this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work (RGP 2/209/42). The authors deeply acknowledge Taif University, Taif, Saudi Arabia, for supporting this research through Taif University Researchers Supporting Project Number (TURSP-2020/328).

References

P. Lade, R. Ghosh, and S. Srinivasan, “Manufacturing analytics and industrial Internet of Things,” IEEE Intelligent Systems, vol. 32, no. 3, pp. 74–79, 2017.
View at: Publisher Site | Google Scholar
T. Kumar, E. Harjula, M. Ejaz, and A. Manzo, “BlockEdge: blockchain-edge framework for industrial IoT networks,” IEEE Access, vol. 8, pp. 154166–154185, 2020.
View at: Publisher Site | Google Scholar
T. K. Ahmad, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov, “Overview of 5G security challenges and solutions,” IEEE Communication and Standards Magazine, vol. 2, no. 1, pp. 36–43, 2018.
View at: Google Scholar
H. Rahimi, A. Zibaeenejad, and A. A. Safavi, “A novel IoT architecture based on 5G-IoT and next generation technologies,” in Proceedings of the 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 81–88, Vancouver, BC, 2018.
View at: Publisher Site | Google Scholar
H. Wang, W. Jia, A. Liu, and M. Xie, “MTES: an intelligent trust evaluation scheme in sensor-cloud-enabled industrial Internet of Things,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 2054–2062, 2020.
View at: Publisher Site | Google Scholar
M. Kumar, H. Kumar Verma, and G. Sikka, “A secure data transmission protocol for cloud-assisted edge-Internet of Things environment,” Transactions on Emerging Telecommunications Technologies, 2020.
View at: Google Scholar
M. A. Khan, I. M. Qureshi, I. Ullah, S. Khan, F. Khanzada, and F. Noor, “An efficient and provably secure certificateless blind signature scheme for flying ad-hoc network based on multi-access edge computing,” Electronics, vol. 9, no. 1, p. 30, 2019.
View at: Publisher Site | Google Scholar
M. A. Khan, I. Ullah, and N. Kumar, “An efficient and secure certificate-based access control and key agreement scheme for flying ad hoc networks,” IEEE Transactions on Vehicular Technology, vol. 70, 2021.
View at: Publisher Site | Google Scholar
B. G. Kang, J. H. Park, and S. G. Hahn, “A certificate-based signature scheme,” in in Topics in Cryptology-CT-RSA 2004, vol. 2964, Springer, Heidelberg, Germany, 2004, Lecture Notes in Computer Science.
View at: Google Scholar
J. Li, X. Huang, Y. Mu, W. Susilo, and Q. Wu, “Certificate-based signature: security model and efficient construction in public key Infrastructure,” Lecture Notes in Computer Science, vol. 4582, Springer, Heidelberg, Germany, 2007.
View at: Google Scholar
J. K. Liu, J. Baek, W. Susilo, and J. Zhou, “Certificate-based signature schemes without pairings or random oracles,” in in Information Security. ISC 2008, vol. 5222, Springer, Heidelberg, Germany, 2008, Lecture Notes in Computer Science.
View at: Google Scholar
J. Zhang, “On the security of a certificate-based signature scheme and its improvement with pairings,” in Proceedings of the International Conference of Information Security Practice and Experience, pp. 47–58, 2009.
View at: Publisher Site | Google Scholar
Y. Ming and Y. Wang, “Efficient certificate-based signature scheme,” IAS, vol. 2, pp. 87–90, 2009.
View at: Publisher Site | Google Scholar
J. Li, X. Huang, Y. Mu, W. Susilo, and Q. Wu, “Constructions of certificate-based signature secure against key replacement attacks,” Journal of Computer Security, vol. 18, no. 3, pp. 421–449, 2010.
View at: Publisher Site | Google Scholar
J. Li, Z. Wang, and Y. Zhang, “Provably secure certificate-based signature scheme without pairings,” Information Science, vol. 233, pp. 313–320, 2013.
View at: Publisher Site | Google Scholar
Y. Lu and J. Li, “Improved certificate-based signature scheme without random oracles,” IET Information Security, vol. 10, no. 2, pp. 80–86, 2016.
View at: Google Scholar
Y. Zhang, J. Li, Z. Wang, and W. Yao, “A new efficient certificate-based signature scheme,” Chinese Journal of Electronics, vol. 24, no. 4, pp. 776–782, 2015.
View at: Publisher Site | Google Scholar
J. Li, H. Du, and Y. Zhang, “Certificate-based key-insulated signature in the standard model,” Computer Journal, vol. 59, no. 7, pp. 1028–1039, 2016.
View at: Publisher Site | Google Scholar
Y. Lu, J. Li, and J. Shen, “Weakness and improvement of a certificatebased key-insulated signature in the standard model,” Computer Journal, vol. 60, no. 12, pp. 1729–1744, 2017.
View at: Publisher Site | Google Scholar
Y. Lu and J. Li, “A forward-secure certificate-based signature scheme with enhanced security in the standard model,” KSII Transactions on Internet and Information System, vol. 13, no. 3, pp. 1502–1522, 2019.
View at: Google Scholar
G. K. Verma, N. Kumar, P. Gope, B. B. Singh, and H. Singh, “SCBS: a short certificate-based signature scheme with efficient aggregation for industrial-internet-of-things environment,” IEEE Internet of Things Journal, vol. 8, no. 11, pp. 9305–9316, 2021.
View at: Publisher Site | Google Scholar
I. Ullah, N. U. Amin, M. A. Khan, H. Khattak, and S. Kumari, “An efficient and provable secure certificate-based combined signature, encryption and signcryption scheme for Internet of Things (IoT) in mobile health (M-Health) system,” Journal of Medical Systems, vol. 45, p. 4, 2021.
View at: Publisher Site | Google Scholar
M. A. Khan et al., “A provable and privacy-preserving authentication scheme for UAV-enabled intelligent transportation systems,” IEEE Transactions on Industrial Informatics, vol. 18, no. 5, pp. 3416–3425, 2022.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Insaf Ullah et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

450

Downloads

430

Citations

Wireless Communications and Mobile Computing

Vehicle-to-Everything (V2X) Communication Approach Towards Advanced Intelligent Transportation

Certificate-Based Signature Scheme for Industrial Internet of Things Using Hyperelliptic Curve Cryptography

Abstract

1. Introduction

2. Related Works

3. Network Model

4. Proposed Certificate-Based Signature Scheme

5. Security Analysis

6. Performance Analysis

6.1. Computational Cost

6.2. Communication Cost

7. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright