DCAGS-IoT: Dynamic Cross-Domain Authentication Scheme Using Group Signature in IoT
Abstract
:1. Introduction
- (1)
- Aiming at the difficulty of user joining and revocation in the dynamic cross-domain authentication environment, an effective update algorithm with complexity O(logN) is provided in the static Merkle tree accumulator to realize the dynamic addition and revocation of users.
- (2)
- We used group signature technology to allow members of a group to sign messages on behalf of the entire group, thus protecting user privacy from being leaked. Moreover, users are responsible for the issued signatures as tracking agencies can be used to identify them.
- (3)
- Blockchain distributed ledger storage is used to realize cross-domain authentication between trust domains. The analysis proves that the protocol is secure in the random oracle model, and the size of the signature generated by the scheme is independent of the number of group members N, and only depends on the security parameter λ, which effectively improves the operating efficiency of the protocol.
Organization Structure
2. Related Work
3. Proposed Dynamic Cross-Domain Authentication Scheme
3.1. System Model
3.2. User Update Algorithm
3.3. Our Scheme
3.3.1. System Initialization
- Select , and n is a power of 2. The modulus , , , where q = 3k, k is a positive integer). Then, set , , .
- Choose an integer and a strictly increasing sequence of integers, , where , , .
- Choose an integer , , for the bounded distribution of B on R.
- , where is an anti-collision hash function.
- COM is a statistical hidden and computationally bound commitment scheme.
- Uniform random matrix .
- Generate a verification key , ; , …, ; , ; , a signature key .
- Set , , , , .
- Calculate ; .
3.3.2. Registration Stage
- : Before sending the registration request to the user, the user requests the BC to query the gpk at the time T1, which is convenient for generating the user’s own public and private key pair.
- : The blockchain returns to user U at .
- : After the user receives the group public key gpk of the domain and the , enter the gpk, and perform the following operations: the user randomly selects and calculates . Then, the user’s own key pair is .
- : After the key pair is generated, the user sends a join request at to .
- : When a user with public key upk = p sends a request to join the trust domain, first checks whether the user with upk = p has been registered before, if not, register the user in the trust domain to which they belongs, and the user becomes a group member. Finally, output the user’s group signature key gsk.
- (1)
- Set label , calculate ;
- (2)
- Using the signing key , generate a signature , where , and
The then sets the user’s group signing key to , and forwards it to the user, records it, and then updates to . - : If a new user joins or leaves, runs the algorithm to update the group information, the algorithm returns the new public group information and updates the GM’s info.
- : feedbacks the user’s registration to the user, where 0 means failure, and 1 means success.
3.3.3. Cross-Domain Authentication
- : When the local user U wants to access the services of other trust domains, the algorithm is first executed, and the output group signature is generated using the , , and message M of the given user. Specific steps are as follows:
- (1)
- For , instantiate and ;
- (2)
- Calculate
- (3)
- Calculate , where
- (4)
- Output .
- : The user makes an authentication at .
- : The algorithm checks whether it is a valid group signature on M for the group information information, and outputs a bit: 1 means accept, 0 means reject. Specific steps are as follows:
- (1)
- Calculate
- (2)
- IF , Return 0;
- (3)
- For each , run the verification phase of the protocol and return 0 if any of the conditions are not true, return 0;
- (4)
- Otherwise, return 1.
- : Return the authentication result to the user at .
- : If abnormal behavior is found, sends a request to verify M at .
- After the tracking administrator receives the request, execute the Open algorithm, which takes the group public key gpk, ok, Reg, message M, and signature as input, and returns the proof of the user. If the algorithm cannot attribute the signature to a specific group member, it will return (⊥,), indicating that the signature is the signature of an illegal user, and set the attribute. Specific steps are as follows:
- (1)
- Set ok ;
- (2)
- Use to decrypt according to the following steps;
- Calculate ,
- For each coefficient of ,Returns 0 if it is closer to 0 than −1 and 1;Returns −1 if it is closer to −1 than to 0 and 1;Returns 1 if it is closer to 1 than −1 and 0,
- is the coefficient of ,
- Set and make .
- (3)
- If Reg does not include , return .
- (4)
- Otherwise, generate for proving possession ., where .
- (5)
- Output .
- : This algorithm is used by the TM to check the validity of the signature . The output is 1 for valid and 0 for invalid.
- : After executing the algorithm, will feedback the result of whether it is a suspicious user at .
- Revoke: This algorithm is executed by the group administrator . When the user actively or passively leaves the trusted domain, the user will be revoked from the registration list, and a new registration list will be updated and published. If the algorithm output is 1, the revocation is successful, otherwise the output is 0.
4. Analysis of Proposed Protocol
4.1. Security Attribute Analysis
- (1)
- Anonymity
- (2)
- Resist replay attack
- (3)
- Traceability
- (4)
- Privacy protection
- (5)
- Avoid single point of failure
4.2. Efficiency Analysis
4.3. Security Analysis
- (1)
- Correctness analysis
- (2)
- Security analysis
- The zero-knowledge parameters used are simulation-sound.
- For a correctly generated user key pair, it is impossible to find so that and .
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Akbar, A.; Jangsher, S.; Bhatti, F.A. NOMA and 5G emerging technologies: A survey on issues and solution techniques. Comput. Netw. 2021, 190, 107950. [Google Scholar] [CrossRef]
- Qureshi, K.N.; Din, S.; Jeon, G.; Piccialli, F. Internet of Vehicles: Key Technologies, Network Model, Solutions and Challenges with Future Aspects. IEEE Trans. Intell. Transp. Syst. 2020, 22, 1777–1786. [Google Scholar] [CrossRef]
- Cui, J.; Liu, N.; Zhang, Q.; He, D.; Gu, C.; Zhong, H. Efficient and Anonymous Cross-Domain Authentication for IIoT Based on Blockchain. IEEE Trans. Netw. Sci. Eng. 2022, 10, 899–910. [Google Scholar] [CrossRef]
- Huang, C.; Xue, L.; Liu, D.; Shen, X.; Zhuang, W.; Sun, R.; Ying, B. Blockchain-Assisted Transparent Cross-Domain Authorization and Authentication for Smart City. IEEE Internet Things J. 2022, 9, 17194–17209. [Google Scholar] [CrossRef]
- Zhou, X.; Miao, F.; Xiong, Y. A Certificate Authority Domain-based Cross-domain Authentication Scheme for Virtual Enterprise Using Identity Based Encryption. In Proceedings of the 2021 7th International Conference on Big Data Computing and Communications, Deqing, China, 13–15 August 2021; pp. 144–149. [Google Scholar] [CrossRef]
- Wang, Z.; Ma, Z.F.; Luo, S.S. Identity-based Efficient Authentication Key Agreement Protocol for Mobile Internet. J. Commun. 2017, 38, 19–27. [Google Scholar] [CrossRef]
- Ning, B.; Deng, L. Identity-based two-party cross-domain authentication key agreement protocol. J. Guizhou Norm. Univ. (Nat. Sci. Ed.) 2020, 38, 92–100. [Google Scholar] [CrossRef]
- Zhang, H.; Chen, X.; Lan, X.; Jin, H.; Cao, Q. BTCAS: A Blockchain-Based Thoroughly Cross-Domain Authentication Scheme. J. Inf. Secur. Appl. 2020, 55, 102538. [Google Scholar] [CrossRef]
- Jiang, Z.; Shi, C. Cross-domain identity authentication scheme based on heterogeneous systems in hybrid cloud envi-ronment. Comput. Eng. 2019, 45, 13–18. [Google Scholar] [CrossRef]
- Lin, Y.; Wang, X.; Gan, Q.; Yao, M. A secure cross-domain authentication scheme with perfect forward security and complete anonymity in fog computing. J. Inf. Secur. Appl. 2021, 63, 103022. [Google Scholar] [CrossRef]
- Jiang, Z.; Xu, J. Efficient heterogeneous cross-domain authentication scheme based on proxy blind signature in cloud environment. Comput. Sci. 2020, 47, 60–67. [Google Scholar] [CrossRef]
- Wei, S.; Li, S.; Wang, J. Cross-domain authentication protocol based on identity cryptography system and blockchain. Chin. J. Comput. 2021, 44, 908–920. [Google Scholar] [CrossRef]
- Bagga, P.; Sutrala, A.K.; Das, A.K.; Vijayakumar, P. Blockchain-based batch authentication protocol for Internet of Vehicles. J. Syst. Arch. 2020, 113, 101877–101883. [Google Scholar] [CrossRef]
- Singh, P.K.; Singh, R.; Nandi, S.K.; Ghafoor, K.Z.; Rawat, D.B.; Nandi, S. Blockchain-Based Adaptive Trust Management in Internet of Vehicles Using Smart Contract. IEEE Trans. Intell. Transp. Syst. 2020, 22, 3616–3630. [Google Scholar] [CrossRef]
- Li, J.L.; Ji, Y.; Choo, K.-K.R.; Hogrefe, D. CL-CPPA: Certificate-Less Conditional Privacy-Preserving Authentication Protocol for the Internet of Vehicles. IEEE Internet Things J. 2019, 6, 10332–10343. [Google Scholar] [CrossRef]
- Zhang, J.; Li, X.; Zeng, X.; Zhao, Y.; Duan, R.; Yang, D. Blockchain-based cross-domain authentication and key agreement protocol in edge computing environment. J. Inf. Secur. 2021, 6, 54–61. [Google Scholar] [CrossRef]
- Li, G.; Wang, Y.; Zhang, B.; Lu, S. Smart Contract-Based Cross-Domain Authentication and Key Agreement System for Heterogeneous Wireless Networks. Mob. Inf. Syst. 2020, 2020, 2964562. [Google Scholar] [CrossRef]
- Dong, G.; Chen, Y.; Li, H. Research on the credibility of cross-domain authentication based on blockchain in heterogeneous environments. Commun. Technol. 2019, 52, 1450–1460. [Google Scholar]
- Ghane, S.; Jolfaei, A.; Kulik, L.; Ramamohanarao, K.; Puthal, D. Preserving Privacy in the Internet of Connected Vehicles. IEEE Trans. Intell. Transp. Syst. 2020, 22, 5018–5027. [Google Scholar] [CrossRef]
- Yang, Y.; Hu, M.; Kong, S.; Gong, B.; Liu, X. Scheme on Cross-Domain Identity Authentication Based on Group Signature for Cloud Computing. Wuhan Univ. J. Nat. Sci. 2019, 24, 134–140. [Google Scholar] [CrossRef]
- Ali, Z.; Chaudhry, S.A.; Mahmood, K.; Garg, S.; Lv, Z.; Bin Zikria, Y. A clogging resistant secure authentication scheme for fog computing services. Comput. Netw. 2020, 19, 107731. [Google Scholar] [CrossRef]
- Chaudhry, S.A. Designing an Efficient and Secure Message Exchange Protocol for Internet of Vehicles. Secur. Commun. Netw. 2021, 56, 5554318. [Google Scholar] [CrossRef]
- Luo, M.; Wu, J.; Li, X. Cross-domain certificateless authenticated group key agreement protocol for 5G network slicings. Telecommun. Syst. 2020, 45, 456–489. [Google Scholar] [CrossRef]
- Tan, H.; Xuan, S.; Chung, I. HCDA: Efficient Pairing-Free Homographic Key Management for Dynamic Cross-Domain Authentication in VANETs. Symmetry 2020, 12, 1003. [Google Scholar] [CrossRef]
- Xu, Z.; Liang, W.; Li, K.-C.; Xu, J.; Jin, H. A blockchain-based Roadside Unit-assisted authentication and key agreement protocol for Internet of Vehicles. J. Parallel Distrib. Comput. 2020, 65, 589–601. [Google Scholar] [CrossRef]
- Zhang, H.; Huang, H.; Liu, K.; He, X. A provably secure anonymous and traceable fast group authentication protocol in the Internet of Vehicles. J. Commun. 2021, 42, 213–225. [Google Scholar] [CrossRef]
- Elkhalil, A.; Zhang, J.; Elhabob, R.; Eltayieb, N. An efficient signcryption of heterogeneous systems for Internet of Vehicles. J. Syst. Arch. 2021, 113, 101885. [Google Scholar] [CrossRef]
- Trivedi, H.S.; Patel, S.J. Design of secure authentication protocol for dynamic user addition in distributed Internet-of-Things. Comput. Netw. 2020, 178, 107335. [Google Scholar] [CrossRef]
- Ling, S.; Nguyen, K.; Wang, H.; Xu, Y. Constant-Size Group Signatures from Lattices. In Proceedings of the 21st International Conference on Practice and Theory of Public-Key Cryptography, Rio de Janeiro, Brazil, 25–29 March 2018; pp. 58–88. [Google Scholar] [CrossRef]
- Shafieinejad, M.; Esfahani, N.N. A scalable post-quantum hash-based group signature. Des. Codes Cryptogr. 2021, 89, 1061–1090. [Google Scholar] [CrossRef]
- Kong, W.; Shen, J.; Vijayakumar, P.; Cho, Y.; Chang, V. A practical group blind signature scheme for privacy protection in smart grid. J. Parallel Distrib. Comput. 2020, 136, 29–39. [Google Scholar] [CrossRef]
- Ling, S.; Nguyen, K.; Wang, H.; Xu, Y. Lattice-Based Group Signatures: Achieving Full Dynamicity with Ease. In Proceedings of the 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan, 10–12 July 2017; pp. 293–312. [Google Scholar] [CrossRef]
- Kundu, N.; Debnath, S.K.; Mishra, D. A secure and efficient group signature scheme based on multivariate public key cryptography. J. Inf. Secur. Appl. 2021, 58, 102776. [Google Scholar] [CrossRef]
- Górski, T. Reconfigurable Smart Contracts for Renewable Energy Exchange with Re-Use of Verification Rules. Appl. Sci. 2022, 12, 5339. [Google Scholar] [CrossRef]
Symbol | Meaning |
---|---|
GM | Group manager |
TM | Track manager |
U | User |
gpk | Group public key |
gsk | Group signing key |
pp | Public parameter |
λ | Safety parameters |
Reg | Registration list |
ik | Issue key |
ok | Open key |
upk | Public key |
usk | Private key |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yuan, W.; Li, X.; Li, M.; Zheng, L. DCAGS-IoT: Dynamic Cross-Domain Authentication Scheme Using Group Signature in IoT. Appl. Sci. 2023, 13, 5847. https://doi.org/10.3390/app13105847
Yuan W, Li X, Li M, Zheng L. DCAGS-IoT: Dynamic Cross-Domain Authentication Scheme Using Group Signature in IoT. Applied Sciences. 2023; 13(10):5847. https://doi.org/10.3390/app13105847
Chicago/Turabian StyleYuan, Weihan, Xiaoya Li, Mingyue Li, and Liudong Zheng. 2023. "DCAGS-IoT: Dynamic Cross-Domain Authentication Scheme Using Group Signature in IoT" Applied Sciences 13, no. 10: 5847. https://doi.org/10.3390/app13105847
APA StyleYuan, W., Li, X., Li, M., & Zheng, L. (2023). DCAGS-IoT: Dynamic Cross-Domain Authentication Scheme Using Group Signature in IoT. Applied Sciences, 13(10), 5847. https://doi.org/10.3390/app13105847