PSDAAP: Provably Secure Data Authenticated Aggregation Protocols Using Identity-Based Multi-Signature in Marine WSNs
Abstract
:1. Introduction
- We have proposed two efficient IBMS schemes, denoted as IBMSCR−1 and IBMSCR−2, which are suitable for data aggregation among the sensors and collectors in marine WSNs.
- We formally define the security of IBMS and prove IBMSCR−1 to be secure, relying on the cubic residues in a random oracle model. The computational cost of IBMSCR−1 is lower, as the exponentiations are cubic exponentials.
- To enhance efficiency, the total computational cost of IBMSCR−2 is almost four-fifths that of IBMSCR−1 in implementation. We also prove the security of IBMSCR−2 on the basis of the cubic residues equalling integer factoring in the random oracle model.
2. Preliminaries
2.1. Cubic Residue
2.2. Cubic Residue Symbol in Eisenstein Ring
2.3. Some Useful Theorems
3. Formal Definition and Security Model
3.1. Formal Definition
- Setup: Setup(1). The algorithm is controlled by the key generator center (KGC). The KGC generates the system’s master public keys mpk and master secret keys msk when it is given the security parameter k.
- Extra: Extra (mpk, msk, ID). The algorithm is also controlled by the KGC, given msk, mpk, and a user’s identity ID, such as a string. It returns the private key through secure channels.
- Sign: Sign (mpk, sk, m, ID): The signer uses its private key sk, the identity ID, and the message to be signed m to generate a signature σ on m.
- Verify: Verify (mpk, ID, m, σ): The algorithm takes the signer’s identity ID, the data m, and a candidate signature σ. If σ is a valid signature, it returns 1. Otherwise, it returns 0.
- MSign: MSign (mpk, sk, m, IDSet). The signer with the private sk joins in the multi-signing algorithm, which needs additional parameters, including a message m and an identity set containing all the identities of the signers. After several rounds of interactive communication, MSign generates a multi-signature mσ.
- MVerify: MVerify (mpk, IDSet, m, mσ). The algorithm returns 1 if mσ is a valid multi-signature on the message m by authenticating the signers in IDSet.
3.2. Security Model
- Setup: executes the algorithm to generate the master public keys mpk and sends mpk to .
- Query: : is allowed to query to in an adaptive way.
- -
- Extraction-query (mpk, ID). executes Extra to obtain and sends to when asks for the private key of .
- -
- Multi-signature query (mpk, m, IDSet) obtains a multi-signature and sends to when asks for the multi-signature on m and .
- -
- Hash-query. chooses the returned values by itself and sends to when asks.
- Forgery. makes a multi-signature as a forgery, that is, on for , which contains at least one uncompromised user’s identity; meanwhile, never sends to the multi-signature query.
4. Concrete Construction of IBMSCR-1
4.1. Construction
- Setup : The key generator center inputs security parameters k and ℓ, and then:
- Chooses two random primes p and q, such that and . Without loss of generality, we assume that , .
- Chooses two random primes and from the Eisenstein ring , s.t. the norms satisfy and .
- Computes . We let , , and then compute . Note that , and .
- Chooses a random number such that .
- Computes .
- Selects three hash functions , , and such that , and .
- Extra (mpk, msk, ID): KGC inputs the identity , computes the hash value of as and obtains a first symbol such that
- Sign and verify: These two algorithms can be derived from [23].
- MSign : For simplicity, IBMSCR−1 is described from the ’s point of view. Given the ’s private key , the message m and the identity set , executes the following algorithm from Algorithm 1. MSign generates as the multi-signature.
- MVerify (mpk, IDSet, m, mσ). The algorithm verifies by the following three steps.
- (1)
- For , it computes .
- (2)
- It computes .
- (3)
- It checks whether
4.2. Correctness
Algorithm 1: The MSign Algorithm in IBMS CR−1. |
Input: the master public key , the private key , the identity set , the message to be signed m; Output: a multi-signature . 1. Each randomly selects and computes and . 2. only broadcasts to other signers () in and keeps temporarily. 3. After receiving from (), then broadcasts to other . 4. After receiving from , checks whether for is satisfied. 5. If one of these fails, the algorithm stops, which means the attackers have mixed invalid partial signatures. Otherwise, sets , , and . 6. broadcasts to other . 7. After receiving from , aggregates these by . 8. Each locally generates a multi-signature . Return ; |
4.3. Security Proof
- -Query : manages a list . When requests the identity , answers as . in two bits and is used as a secret key. When asks on , answers if has existed in the -list. Otherwise, randomly selects and , calculates
- -Query : manages a list . When asks on R, answers if R has existed in the -list. Otherwise, randomly selects , adds into the -list and returns .
- -Query : manages a list . When asks on , returns if has existed in the -list. Otherwise, randomly selects , returns , and adds to the -list.
- Extraction query : executes an additional -query if does not yet exist in the -list and returns s and .
- Multi-signature queries: checks in the -list for whether exists. If is already in the -list, has obtained the private key of and simulates the game as the real algorithm MSign using the secret key . Otherwise, does not have the private key of and executes the following steps:
- -
- plays as , and randomly chooses , broadcasting to other signers. also waits to receive from others; it randomly selects and , and calculates
- -
- sends to other signers. After receiving from the signers, verifies that . ends up with the protocol if one of these does not satisfy this, which means has to guess the results of the hash value. If for some i, stops. sends to the signers, receives , and calculates . Finally, sends to .
- MVerify
- has never queried to the signature oracle then checks the -list. If the multi-signature is valid, we can obtain
5. Concrete Construction of IBMSCR−2
5.1. Construction
- Setup : Given the security parameters, Setup can be executed as follows.
- (1)
- KGC chooses random primes p and q where and or , and calculates the product .
- (2)
- A non-cubic residue a is selected such that .
- (3)
- Several computational parameters are computed:
- (4)
- Three hash functions and are picked up, where :, :.
- Extra ): KGC computes as follows:
- (1)
- KGC computes and set sa symbol according to and :
- (2)
- KGC calculates
- Sign and verify: These two algorithms can be derived from [29].
- MSign : Given the ’s private key , the message m and the identity set , executes the following algorithm in Algorithm 2. MSign generates the multi-signature .
- MVerify . The algorithm verifies by the following three steps:
- (1)
- For , it computes .
- (2)
- It computes .
- (3)
- It checks whether
Algorithm 2: The MSign algorithm in IBMSCR−2. |
Input: the master public key , the private key , the identity set , the message to be signed m; Output: a multi-signature . 1. Each randomly selects and calculates and . 2. Each broadcasts to co-signers (). 3. After obtaining from , broadcasts to other . 4. After receiving from other signers, checks whether for is satisfied. 5. If one of these fails, the algorithm stops, which means the attackers have mixed invalid partial signatures. Otherwise, sets , , and . 6. broadcasts to other . 7. After receiving from , aggregates these by . 8. Each locally generates a multi-signature . Return ; |
5.2. Correctness
5.3. Security Proof
- -Query. manages a list . sends to if exists when queries the hash value of . Otherwise, randomly selects and , sets , returns , and adds to .
- The -query, -query and extraction query are similar to IBMSCR−1.
- The multi-signature query is similar to IBMSCR−1, except that Equation (5) changes to
- If , we denote for an integer k. Therefore, , that is, satisfies .
- If , we denote for an integer k. Therefore, , that is, satisfies .
6. Performance Comparisons
7. Conclusions
Acknowledgments
Author Contributions
Conflicts of Interest
References
- Bosman, H.; Iacca, G.; Tejada, A.; Wortche, H.J.; Liotta, A. Spatial anomaly detection in sensor networks using neighborhood information. Inform. Fusion J. 2017, 33, 41–56. [Google Scholar] [CrossRef]
- Bosman, H.; Iacca, G.; Tejada, A.; Wortche, H.J.; Liotta, A. Ensembles of incremental learners to detect anomalies in ad hoc sensor networks. Ad Hoc Netw. 2015, 35, 14–36. [Google Scholar] [CrossRef]
- Ahn, J.; Green, M.; Hohenberger, S. Synchronized aggregate signatures: New definitions, constructions and applications. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), Chicago, IL, USA, 4–8 October 2010. [Google Scholar]
- Wei, L.; Zhang, L.; Huang, D.; Zhang, K. Efficient and Provably Secure Identity-based Multi-Signature Schemes for Data Aggregation in Marine Wireless Sensor Networks. In Proceedings of the 14th IEEE International Conference on Networking, Sensing and Control (ICNSC 2017), Calabria, Italy, 16–18 May 2017. [Google Scholar]
- Huang, D.; Zhao, D.; Wei, L.; Wang, Z.; Du, Y. Modeling and analysis in marine big data: Advances and challenges. Math. Probl. Eng. 2015, 2015, 1–13. [Google Scholar] [CrossRef]
- Wei, L.; Cao, Z.; Dong, X. Secure identity-based multisignature schemes under quadratic residue assumptions. Secur. Commun. Netw. 2013, 6, 689–701. [Google Scholar] [CrossRef]
- Hsiao, H.; Studer, A.; Chen, C.; Perrig, A.; Bai, F.; Bellur, B.; Iyer, A. Flooding-resilient broadcast authentication for vanets. In Proceedings of the 17th Annual International Conference on Mobile Computing and Networking (MOBICOM 2011), Las Vegas, NV, USA, 20–22 September 2011. [Google Scholar]
- Itakura, K.; Nakamura, K. A public-key cryptosystem suitable for digital multisignatures. NEC Res. Dev. 1983, 71, 1–8. [Google Scholar]
- Barr, K.C.; Asanovic, K. Energy-aware lossless data compression. ACM Trans. Comput. Syst. 2006, 24, 250–291. [Google Scholar] [CrossRef]
- Bagherzandi, A.; Cheon, J.; Jarecki, S. Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, USA, 27–31 October 2008. [Google Scholar]
- Ma, C.; Weng, J.; Li, Y.; Deng, R. Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr. 2010, 54, 121–133. [Google Scholar] [CrossRef]
- Shamir, A. Identity-based cryptosystems and signature schemes. In Proceedings of the 4th International Cryptology Conference (CRYPTO 1984), Santa Barbara, CA, USA, 19–22 August 1984. [Google Scholar]
- Boneh, D.; Franklin, M. Identity-based encryption from the Weil pairing. SIAM J. Comput. 2003, 32, 586–615. [Google Scholar]
- Cocks, C. An Identity Based Encryption Scheme Based on Quadratic Residues. In Proceedings of the 8th IMA International Conference on Cryptography and Coding, Cirencester, UK, 17–19 December 2001. [Google Scholar]
- Gentry, C.; Ramzan, Z. Identity-based aggregate signatures. In Proceedings of the 9th International Conference on Theory and Practice of Public-Key Cryptography (PKC 2006), New York, NY, USA, 24–26 April 2006. [Google Scholar]
- Lu, R.; Lin, X.; Zhu, H.; Liang, X.; Shen, X. BECAN: A Bandwidth-Efficient Cooperative Authentication Scheme for Filtering Injected False Data in Wireless Sensor Networks. IEEE Trans. Parallel Distrib. Syst. 2012, 23, 32–43. [Google Scholar]
- Zhang, K.; Wei, L.; Li, X.; Qian, H. Provably Secure Dual-Mode Publicly Verifiable Computation Protocol in Marine Wireless Sensor Networks. In Proceedings of the 10th International Conference on Wireless Algorithms, Systems, and Applications (WASA 2017), Guilin, China, 19–21 June 2017. [Google Scholar]
- Lu, Y.; Li, J. A Pairing-Free Certificate-Based Proxy Re-encryption Scheme for Secure Data Sharing in Public Clouds. Future Gener. Comput. Syst. 2016, 62, 140–147. [Google Scholar] [CrossRef]
- Bellare, M.; Neven, G. Identity-Based Multi-signatures from RSA. In Proceedings of the Cryptographers Track at the RSA Conference (CT-RSA 2007), San Francisco, CA, USA, 5–9 February 2007. [Google Scholar]
- Bagherzandi, A.; Jarecki, S. Identity-Based Aggregate and Multi-Signature Schemes Based on RSA. In Proceedings of the 13th International Conference on Practice and Theory in Public Key Cryptography (PKC 2010), Paris, France, 26–28 May 2010; pp. 480–498. [Google Scholar]
- Yang, F.; Lo, J.; Liao, C. Improving an efficient id-based rsa multisignature. J. Ambient Intell. Hum. Comput. 2011, 4, 249–254. [Google Scholar] [CrossRef]
- Chai, Z.; Cao, Z.; Dong, X. Identity-based signature scheme based on quadratic residues. Sci. China Inform. Sci. 2007, 50, 373–380. [Google Scholar] [CrossRef]
- Xing, D.; Cao, Z.; Dong, X. Identity based signature scheme based on cubic residues. Sci. China Inform. Sci. 2011, 54, 2001–2012. [Google Scholar] [CrossRef]
- Wang, Z.; Wang, L.; Zheng, S.; Yang, Y.; Hu, Z. Provably secure and efficient identity-based signature scheme based on cubic residues. Int. J. Netw. Secur. 2012, 14, 33–38. [Google Scholar]
- Wang, F.; Lin, C. Secure and efficient identity-based proxy multisignature using cubic residues. J. Univ. Electr. Sci. Technol. China 2013, 42, 778–783. [Google Scholar]
- Wang, F.; Chang, C.-C.; Lin, C.; Chang, S.-C. Secure and efficient identity-based proxy multi-signature using cubic residues. Int. J. Netw. Secur. 2016, 18, 90–98. [Google Scholar]
- Wang, F.; Lin, C.; Lian, G. Efficient identtiy based threshold ring signature based on cubic residues. J. Wuhan Univ. (Nat. Sci.) 2013, 59, 75–81. [Google Scholar]
- Wei, L.; Zhang, L.; Zhang, K.; Dong, M. An Efficient and Secure Delegated Multi-Authentication Protocol for Mobile Data Owners in Cloud. In Proceedings of the 10th International Conference on Wireless Algorithms, Systems, and Applications (WASA15), Qufu, China, 10–12 August 2015. [Google Scholar]
- Zhang, L.; Wei, L.; Huang, D.; Zhang, K.; Dong, M.; Ota, K. Medaps: Secure multi-entities delegated authentication protocols for mobile cloud computing. Secur. Commun. Netw. 2016, 9, 3777–3789. [Google Scholar] [CrossRef]
- Damgard, I.; Frandsen, G. Efficient algorithms for gcd and cubic residuosity in the ring of Eisenstein integers. J. Symb. Comput. 2005, 39, 643–652. [Google Scholar] [CrossRef]
- Benhamouda, F.; Herranz, J.; Joye, M.; Libert, B. Efficient cryptosystems from 2k. J. Cryptol. 2016, 1–31. [Google Scholar]
- Coron, J. On the exact security of full domain hash. In Proceedings of the 20th Annual International Cryptology Conference (CRYPTO 2000), Santa Barbara, CA, USA, 20–24 August 2000. [Google Scholar]
- He, D.; Chen, J.; Zhang, R. An efficient and provably-secure certificateless signature scheme without bilinear pairings. Int. J. Commun. Syst. 2012, 25, 1432–1442. [Google Scholar] [CrossRef]
Schemes | The Underlying Mathematical Assumptions |
---|---|
[15] | Computational Diffie-Hellman (CDH) |
[19] | Discrete Logarithm (DL) |
[20] | RSA |
[6] | Quadratic Residues |
IBMSCR-1 | Cubic Residues |
IBMSCR-2 | Cubic Residues |
© 2017 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Wei, L.; Zhang, L.; Huang, D.; Zhang, K.; Dai, L.; Wu, G. PSDAAP: Provably Secure Data Authenticated Aggregation Protocols Using Identity-Based Multi-Signature in Marine WSNs. Sensors 2017, 17, 2117. https://doi.org/10.3390/s17092117
Wei L, Zhang L, Huang D, Zhang K, Dai L, Wu G. PSDAAP: Provably Secure Data Authenticated Aggregation Protocols Using Identity-Based Multi-Signature in Marine WSNs. Sensors. 2017; 17(9):2117. https://doi.org/10.3390/s17092117
Chicago/Turabian StyleWei, Lifei, Lei Zhang, Dongmei Huang, Kai Zhang, Liang Dai, and Guojian Wu. 2017. "PSDAAP: Provably Secure Data Authenticated Aggregation Protocols Using Identity-Based Multi-Signature in Marine WSNs" Sensors 17, no. 9: 2117. https://doi.org/10.3390/s17092117
APA StyleWei, L., Zhang, L., Huang, D., Zhang, K., Dai, L., & Wu, G. (2017). PSDAAP: Provably Secure Data Authenticated Aggregation Protocols Using Identity-Based Multi-Signature in Marine WSNs. Sensors, 17(9), 2117. https://doi.org/10.3390/s17092117