Security and Communication Networks

Volume 2018, Article ID 9641273, 6 pages

https://doi.org/10.1155/2018/9641273

## A Homomorphic Network Coding Signature Scheme for Multiple Sources and its Application in IoT

^{1}School of Computer Science, Guangzhou University, Guangzhou, China^{2}School of Mathematics and Information Science, Guangzhou University, Guangzhou, China^{3}College of Computer and Control Engineering, Nankai University, Tianjin, China

Correspondence should be addressed to Yi Tang; moc.931@sjb.gnaty

Received 13 January 2018; Revised 21 March 2018; Accepted 15 April 2018; Published 14 June 2018

Academic Editor: Ilsun You

Copyright © 2018 Tong Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

As a method for increasing throughput and improving reliability of routing, network coding has been widely used in decentralized IoT systems. When files are shared in the system, network coding signature techniques can help authenticate whether a modified packet in files is injected or not. However, in an IoT system, there are often multiple source devices each of which has its own authentication key, where existing single-source network coding signature schemes cannot work. In this paper, we study the problem of designing secure network coding signatures in the network with multiple sources and propose the multisource homomorphic network coding signature. We also give construction and prove its security.

#### 1. Introduction

With the rapid development of Internet and communication technologies, the Internet of Things (IoT) has emerged as a leading technology that brings convenience to our daily lives. More and more smart terminals are connected on the Internet, and files, logs, and other real-time contents are shared among these terminals all the times. According to a report of International Data Corporation (IDC), there will be nearly 28 billion installed IoT devices by 2020.

Considering the scale of IoT’s expansion, it is very essential to increase its throughput in such a huge decentralized network. When a source device transmits a file to a set of target receivers, an effective way is to split the file into data packets and send them to its neighbouring nodes by using the network coding technique. In the network coding, each intermediate node linearly combines packets rather than simply storing and forwarding the incoming packets. In other words, an intermediate node that receives a set of packets from its incoming links can modify them and send the modifications to other nodes through its outgoing edges. In some applications, either an ad hoc node or an intermediate device can play a role of an intermediate node. This linear network coding allows receivers to recover the original information with high probability if they collect sufficiently many correct packets. Thus, the throughput for sharing real-time contents in IoT is increased.

However, security is one of the most important requirement of IoT systems, and IoT devices often interact with third-party applications. Without authenticate mechanisms, the inherent flaw of linear network coding would be disturbed by invalid packets injected by third-party applications. Intermediate nodes can later use the invalid incoming vectors in its output, which means that the errors are propagated subsequently and data receivers will not obtain the original information. As a result, adversaries could easily initiate a Denial of Service (DoS) attack to prevent the original file from being recovered. The main idea to mitigate attacks is to provide a way to authenticate valid packets, and Catalano et al. [1] proposed an efficient network coding signature scheme as a solution of the authentication problem. By verifying a modified signature of the corresponding modified packet, any device can easily know whether this packet is valid.

Unfortunately, in an IoT system, origin data are usually collected from various sources (e.g., sensors) each of which could have its own signature for authentication. It is required that any (intermediate) receiver can perform the combination of incoming packets which are signed by different keys. As a drawback, trivially adopting the existing network coding has to generate signatures are linear in the number of the sources, and thus the signatures cannot be directly combined when packets are modified. Motivated by this problem, in this paper, we propose a multisource linearly homomorphic network coding signature scheme. The proposed scheme is extended from our previous work [2] and enables a multilayers routing network rather than a 3-layer one, which can be used to implement authentication for transmitting files in the IoT system.

The rest of this paper is organized as follows. Section 2 presents some related works. Section 3 overviews some definitions. In Section 4, we describe our multisource linearly homomorphic network coding signature scheme. Section 5 analyzes the correctness and security of the proposed scheme. In Section 6 we summarize the paper.

#### 2. Related Works

In the traditional network routing, every node simply receives packets and forwards them to neighbour nodes. A routing method called network coding [3, 4] is proposed and developed for increasing throughput in the network. In the network coding, intermediate nodes combine received data packets and transit them and the data receiver still obtains the original data. This technique can be used in IoT applications and cloud systems for broadcast and transmission [5–19].

In the single-source scenario, some schemes were proposed to make sure that there is always a recipient bound to the corresponding for authentication. M. Krohn et al. introduced the homomorphic hash function [20, 21] and extended it to network coding. The linearly homomorphic signature is a more effective authentication for the network coding. Reference [22] proposed the first linearly homomorphic signature scheme. Reference [23–25] found some security flaw and errors, and Yu et al. [26] gave a construction by combining the RSA-based signature with the homomorphic hash function. Reference [27, 28] designed signature schemes for peer-to-peer networks and distributed contents respectively. Reference [29, 30] proposed homomorphic network coding signature schemes based on the bilinear mapping and RSA assumption respectively. In [31], Boneh et al. designed a signature scheme with the property of signing unlimited number of messages. Based on the complexity of lattice problems, [32] introduced the -SIS problem and constructed a signature scheme over binary fields. For a fine-grain access control, [33, 34] proposed schemes based on the identity-based signature. The schemes above are proven secure in the random oracle model. In the standard model, some homomorphic network coding signature schemes were proposed [1, 34–36]. The security of the scheme in [35] is based on the discrete logarithm assumption. Independent of these works, [37] proposed a method that transforms standard signature schemes to linearly homomorphic signatures in the standard model.

However, in a multisource case which is the common scenario in the IoT system, there is still no linearly homomorphic network coding signature scheme. Our goal is to design a multisource linearly homomorphic network coding signature scheme.

#### 3. Preliminaries

Then, we show some definitions of the linearly homomorphic network coding signature as follows.

*Definition 1 (linearly homomorphic network coding signatures adapted from [1]). *A linearly homomorphic network coding signature scheme consists of a tuple of probabilistic, polynomial-time algorithms with the following functionality. ** NetKG**. Given the security parameter and , this algorithm outputs a key pair , where is the secret key and is the public verification key. Note that is the dimension of the vector spaces and is an upper bound to the size of the signed vectors.

**. The signing algorithm takes a secret key , a file identifier and a vector as input and then outputs a signature .**

*NetSign***. Given the public key , a file identifier , a vector , and a signature , the algorithm outputs a bit represents accept or reject.**

*NetVer*** NetEval**(. Given a public key , a file identifier , and a set of tuples , this algorithm outputs a new signature such that if each is a valid signature on vector , then is a valid signature for obtained from the linear combination .

For* correctness*, it is required that if the key pair is output by **(****)**, then(i)let and ; if **NetSign**, then** NetVer**;(ii)for all , any and all sets of triples ; if** NetVer** for all , then** NetVer** and .

The definition of unforgeability of linearly homomorphic signature is presented as follows.

*Definition 2 (unforgeability adapted from [32]). *For a linearly homomorphic network coding signature scheme , , the following game is considered.

**Setup**: The challenger runs to obtain and gives to .

**Queries**: Proceeding adaptively, specifies a sequence of data sets . For each , the challenger chooses uniformly from and gives to the tag and the signatures for .

**Output**: outputs a file identifier , a message , and a signature . The adversary wins if , and either (1) for all or (2) for some but , where span is the subspace generated by all .

The advantage of is defined to be the probability that wins the security game. is called unforgeable if for any PPT adversary , the advantage in the game is negligible in .

Let be a bilinear map, where and are bilinear groups of prime order . In [38], Boneh and Boyen introduced the definition of the -Strong Diffie-Hellman Assumption (q-SDH for short).

*Definition 3 (-SDH assumption [38]). *Let be the security parameter, be a prime, and be bilinear groups of prime order . Let be a generator of and be a generator of , respectively. Then we say that the -SDH Assumption holds in if for any PPT algorithm and any = poly(), the following probability is negligible in :

#### 4. The Proposed Scheme

##### 4.1. Architecture

Consider an application in practical. A log report of some intelligent terminals is supposed to be jointly published via the linear network coding. To prevent the injection of invalid data packets and make the transmission reliable, each data packet should be suffixed with a valid recipient before forwarding. A network coding signature scheme can help to meet this requirement when all terminal devices have the same key used for signing packets. However, if each device has its own key, a group of signatures cannot be directly combined for the corresponding packets. As a solution for the verification problem, we present this homomorphic network coding signature scheme for multiple sources.

An architecture is shown in Figure 1. A terminal device can be seen as a source, while the receiver wants to get the log report with a correct recipient. Each entity in the scheme is described as follows:(i)**Source nodes**. After some parameters are generated as public information, the th source node generates its own key pair for signing and verifying. Each node has a part of the original file, and the part can be seen as a data packet. To obtain a signature , the th node signs its packet that belongs to the file with an identifier using . Then, it sends the signed tuple on its outgoing edges.(ii)**Intermediate nodes**. When an intermediate node receives some packets with the corresponding signatures, it checks whether any one is not valid. Then, it selects coefficients for the rest valid packets , and combines the packets and their signatures, respectively. Finally, the combined tuple is forwarded on the outgoing edges.(iii)**Receiver**. Once the receiver has collected file’s packets signed by using all secret keys, it checks the validity and recovers the original file if the check is passed.