Lightweight identity based online/offline signature scheme for wireless sensor networks

Data security is one of the issues during data exchange between two sensor nodes in wireless sensor networks (WSN). While information flows across naturally exposed communication channels, cybercriminals may access sensitive information. Multiple traditional reliable encryption methods like RSA encryption-decryption and Diffie–Hellman key exchange face a crisis of computational resources due to limited storage, low computational ability, and insufficient power in lightweight WSNs. The complexity of these security mechanisms reduces the network lifespan, and an online/offline strategy is one way to overcome this problem. This study proposed an improved identity-based online/offline signature scheme using Elliptic Curve Cryptography (ECC) encryption. The lightweight calculations were conducted during the online phase, and in the offline phase, the encryption, point multiplication, and other heavy measures were pre-processed using powerful devices. The proposed scheme uniquely combined the Inverse Collusion Attack Algorithm (CAA) with lightweight ECC to generate secure identitybased signatures. The suggested scheme was analyzed for security and success probability under Random Oracle Model (ROM). The analysis concluded that the generated signatures were immune to even the worst Chosen Message Attack. The most important, resource-effective, and extensively used on-demand function was the verification of the signatures. The low-cost verification algorithm of the scheme saved a significant number of valued resources and increased the overall network’s lifespan. The results for encryption/decryption time, computation difficulty, and key generation time for various data sizes showed the proposed solution was ideal for lightweight devices as it accelerated data transmission speed and consumed the least resources. The hybrid method obtained an average of 66.77% less time consumption and up to 12% lower computational cost than previous schemes like the dynamic IDB-ECC two-factor authentication key exchange protocol, lightweight IBE scheme (IDB-Lite), and Korean certification-based signature standard using the ECC. The proposed scheme had a smaller key size and signature size of 160 bits. Overall, the energy consumption was also reduced to 0.53 mJ for 1312 bits of offline storage. The hybrid framework of identity-based signatures, online/offline phases, ECC, CAA, and low-cost algorithms enhances overall performance by having less complexity, time, and memory consumption. Thus, the proposed hybrid scheme is ideally suited for a lightweight WSN

Provably Secure Online/Off-line Identity-Based Signature Scheme for Wireless Sensor Network

Abstract. This paper describes an efficient and secure online and off-line signature scheme for wireless sensor network (WSN). Security of the proposed scheme is based on difficulty of breaking Bilinear Diffie-Hellman problem (BDHP). WSN systems are usually deployed in hostile environments where they encounter a wide variety of malicious attacks. Information that is the cooked data collected within the sensor network, is valuable and should be kept confidential. In order to protect this transmitted information or messages between any two adjacent sensor nodes, a mutual authentication and key establishment protocol is required for wireless sensor networks. Because some inherent restrictions of sensor nodes which include low power, less storage space, low computation ability and short communication range most existing protocols attempt to establish a pairwise key between any two adjacent sensor nodes by adopting a key pre-distribution approach. In order to further reduce the computational cost of signature generation, online/off-line is suitable for WSN. In on-line/offline signature scheme, the signing process can be broken into two phases. The first phase, performed off-line, is independent of the particular message to be signed; while the second phase is performed on-line, once the message is presented

Remote attestation to ensure the security of future Internet of Things services

The Internet of Things (IoT) evolution is gradually reshaping the physical world into smart environments that involve a large number of interconnected resource-constrained devices which collect, process, and exchange enormous amount of (more or less) sensitive information. With the increasing number of interconnected IoT devices and their capabilities to control the environment, IoT systems are becoming a prominent target of sophisticated cyberattacks. To deal with the expanding attack surface, IoT systems require adequate security mechanisms to verify the reliability of IoT devices. Remote attestation protocols have recently gained wide attention in IoT systems as valuable security mechanisms that detect the adversarial presence and guarantee the legitimate state of IoT devices. Various attestation schemes have been proposed to optimize the effectiveness and efficiency of remote attestation protocols of a single IoT device or a group of IoT devices. Nevertheless, some cyber attacks remain undetected by current attestation methods, and attestation protocols still introduce non-negligible computational overheads for resource-constrained devices. This thesis presents the following new contributions in the area of remote attestation protocols that verify the trustworthiness of IoT devices. First, this thesis shows the limitations of existing attestation protocols against runtime attacks which, by compromising a device, may maliciously influence the operation of other genuine devices that interact with the compromised one. To detect such an attack, this thesis introduces the service perspective in remote attestation and presents a synchronous remote attestation protocol for distributed IoT services. Second, this thesis designs, implements and evaluates a novel remote attestation scheme that releases the constraint of synchronous interaction between devices and enables the attestation of asynchronous distributed IoT services. The proposed scheme also attests asynchronously a group of IoT devices, without interrupting the regular operations of all the devices at the same time. Third, this thesis proposes a new approach that aims to reduce the interruption time of the regular work that remote attestation introduces in an IoT device. This approach intends to decrease the computational overhead of attestation by allowing an IoT device to securely offload the attestation process to a cloud service, which then performs attestation independently on the cloud, on behalf of the IoT device