Lattice-Based Self-Enhancement Authorized Accessible Privacy Authentication for Cyber-Physical Systems

Liu, Jinhui; Yu, Yong; Wang, Houzhen; Zhang, Huanguo

doi:https://doi.org/10.1155/2022/8995704

Security and Communication Networks

On this page

Abstract Introduction Related Work Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security and Privacy for Edge-Assisted Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 8995704 | https://doi.org/10.1155/2022/8995704

Lattice-Based Self-Enhancement Authorized Accessible Privacy Authentication for Cyber-Physical Systems

Jinhui Liu,^1,2Yong Yu ,³Houzhen Wang,⁴and Huanguo Zhang⁴

Academic Editor: Ding Wang

Received24 Sept 2021

Accepted14 Dec 2021

Published09 Feb 2022

Abstract

Healthcare cyber-physical system significantly facilitates healthcare services and patient treatment effectiveness by analyzing patients’ health information data conveniently. Nevertheless, it also develops the threats to the confidentiality of health information, patients’ privacy, and decidability of medical disputes. And, with the advances of quantum computing technology, most existing anonymous authentication schemes are becoming a growing threat to traditional cryptosystems. To address these problems, for healthcare cyber-physical systems, we propose a new lattice-based self-enhancement authorized accessible privacy authentication scheme by using a strong designated verifier double-authentication-preventing signature technique, called SEAPA. The SEAPA achieves three security and privacy requirements including unforgeability, anonymity for patients’ information, and self-enhancement for patients themselves. A detailed security proof shows our proposal achieves those required security goals. Finally, our construction is demonstrated by parameter analysis and performance evaluation to have reasonable efficiency.

1. Introduction

Cyber-physical system is an integration of computational resources, physical processes, and communication capabilities, which is a multidimensional complex system combined by sensors, embedded devices, and wireless links. The advances in medical sensors, cloud computing, Internet of things, and wireless sensor networks (WSN) have witnessed CPS a powerful candidate for healthcare applications [1–6]. For example, COVID-19 has been causing incalculable damage to human health, economy, and life, and it is worth noting that wireless medical sensor network plays an important role in China’s activity in resisting COVID-19. To provide a more convenient service and healthcare environment, a healthcare cyber-physical system (HCPS) is proposed [1]. Taking a patient at anywhere as an example, his privacy information can be collected by various sensors and then it can be sent to a third party cloud server. At the same time, doctors in a hospital can monitor the patient’s physical condition and give some prescriptions or suggestions. Although each aspect of HCPS has made a great progress, security and privacy of patients’ personal health information in HCPS have always been in the spotlight.

In a general HCPS system model, there occur components, including the medical sensor node of the patient, data sink which can collect patient’s privacy information, and healthcare centers which have different hospitals, databases, and doctors. The system model of the healthcare cyber-physical system is shown in Figure 1. It has advantages of remote consultation system and mobile senor system. On the one hand, the privacy information of patients can be collected in data sink and uploaded to database in corresponding hospitals. On the other hand, multiple remote doctors can provide some timely and accurate medical services by analyzing patients’ physiological data.

Although the HCPS system model provides convenience for the patients’ treatment, it still faces some defects and potential treatments. For instance, in our daily life, there exist some misbehavior patients who want to see a doctor and do not want doctors to know her (or his) disease characteristics completely. The patient tells some ambiguous assertion to two kinds of authorized physicians, so she has to sign a pair of colliding messages with the same personal information and some different assertions. If there exist some medical disputes between them, the patient’s misbehavior can be found. At present, all related digital signatures cannot provide a method to solve this problem and thus, we have to use another technique called double-authentication-preventing signature.

In addition, “Sycamore” quantum computer from the United States and the “Nine Chapter” quantum computer designed by China have been an important milestone. Since classical cryptographic protocols in HCPS will be broken by malicious adversary using quantum computers, private information of patients used to diagnose disease will be let out, which will result in loss of property and life. Lattice-based signatures have two kinds of advantages. One is that the hardness of some average-case lattice hard problems is equivalent to that of NP hard problem; the other is that lattice-based signatures have high efficiency, because it is based on operations between matrix additions and multiplications.

To realize these issues above, a novel privacy-preserving model for HCPS is established to allow patients to authorize privileges to different kinds of physicians located in the healthcare centers. Based on the model above, a self-enhancement postquantum secure privacy-preserving authentication scheme (SEAPA for short) in HCPS is proposed and it satisfies security requirements for patients. If the patient misbehaves, he (or she) will be punished by extracting his (or her) private keys. A rigorous security proof is shown that our proposed scheme is secure under the assumption of computational shortest integer solution problem in the random oracle model. Security proof and performance evaluation show that our scheme has reasonable efficiency for real applications.

Digital signatures that provide message integrity, message authenticity, and nonrepudiation are publicly verifiable. However, in the HCPS model, the signed messages may infer signer’s health information which reflects emotions and life of patients. In our daily life, if these signatures of messages are publicly verified, it will reveal the patients’ personal health information and make some troubles for the patient. To solve these issues, Jakobsson et al. proposed an idea of designated verifier signature (DVS) that it convinces one, and only one (the designated verifier), to prove the validity of a signature [7]. Since the proposed DVS cannot resist an adversary to get the signature before it is obtained by the designated verifier, Jakobsson et al. also proposed a strong designated verifier signature (SDVS) [7]. As building blocks, DVSs are widely used in privacy-preserving security protocols such as cloud computing [8, 9], big data [10], Internet of things [11, 12], electronic voting systems [13, 14], and healthcare information systems [15, 16].

A series of designated verifier signatures with particular functions were proposed [17–25]. For example, to solve the key management problem, Huang et al. proposed an identity-based SDVS [26]. To solve the key-escrow problem of identity-based SDVS, Chen et al. proposed a certificateless SDVS with nondelegatability [22]. In recent years, He et al. proposed a certificateless designated verifier proxy signature scheme for unmanned aerial vehicle networks [27]. Zheng et al. presented a practical quantum designated verifier signature scheme for E-voting applications [28]. However, those properties may not be desirable. Consider such a scenario that a patient wants to see a doctor, while in our daily life, there exist many misbehaved patients who do not want others to know her (or his) disease characteristics completely. The patient tells some ambiguous assertion to two kinds of authorized physicians, so he/she has to sign a pair of colliding messages with the same personal information and some different assertions. If there exist some medical disputes between them, the patient’s misbehavior can be found.

There are three categories in our proposed HCPS including directly authorized physicians, indirectly authorized physicians, and unauthorized physicians. By a new designated verifier signature called a designated verifier double-authentication-preventing signature (DVDAPS), which is derived from a double-authentication-preventing signature (DAPS) and a designated verifier signature (DVS), it realizes three different privacy-preserving requirements. DVDAPS can be deterrable (or punishable) by extracting the patients’ secret keys of a signature on colliding messages if there exists a dispute. If patients’ secret keys are extracted, their personal health information will be revealed to anyone. The DVDAPS can be considered as an attack algorithm or as a self-enhancement digital signature scheme.

2.1. Motivations

In practice, a signer may maliciously sign the messages twice to spread inappropriate contents or even sell patents more than once to gain illegal profits. Such actions must be punished as the actions impact the security, reputation, and robustness of the entire system. However, to the best of our knowledge, current digital signatures cannot provide the property of punishability. To address this issue, a double-authentication-preventing signature (DAPS for short) can be used to realize the requirement with deterrability. However, one cannot employ the existing general DAPS to solve the confidentiality and identity privacy of patients’ personal health information in HCPS.

2.2. Contributions

In this paper, we give an affirmative answer to the above problem by introducing the first formal treatment for deterrability. We present a new deterrable digital signature, which is proven secure under a standard assumption on lattice, and then based on it, we realize a practical construction of DVDAPS in SEAPA. The major contributions of the paper are three-fold. Firstly, we give a formal definition of DVDAPS and propose the notions of unforgeability, anonymity, and self-enhancement in presence of attacks. Secondly, DVDAPS serves as the fundamental building blocks to offer the properties of privacy and deterrability simultaneously. To instantiate an efficient construction, we propose a secure construction under the assumption of lattice hard problems. Finally, we provide a concrete construction of SEAPA with performance evaluation.

2.3. Organization

In this paper, we propose a lattice-based self-enhancement authorized accessible privacy authentication scheme for HCPS. First, we introduce some notions, cryptographic primitives, and a security model of HCPS used in this paper. Second, we establish an authorized accessible privacy model for HCPS. Third, we present a concrete lattice-based privacy-preserving authentication scheme with properties of completeness, unforgeability, nontransferability, and extractability. Finally, we analyze our proposal from aspects of security and parameter settings.

3. Preliminaries

3.1. Notations

For a set , indicates that is selected randomly from the set .

Ring is .

Column vector could be represented as .

, , and .

For a full-rank integer lattice , the discrete distribution is

Definition 1. (R-). Given uniform elements at random and let , find out a nonzero vector with norm such thatNote that in Ring-SIS, each corresponds to -related vectors in SIS, where is the degree of over . Each of a Ring-SIS solution corresponds to a block of integers. That is to say, and .

3.2. Ring-SIS Signature Scheme

Lyubashevsky’s signature scheme is given as follows [29].

Secret key:

Public key: , and

Sign: given a message , compute the following:(i)(ii)(iii)(iv)Output with probability min , where

Verify(i)Accept iff and

We transform the signature scheme above to Ring-SIS signature scheme as follows:

Secret key: , where let be

Public key: , and

Sign: given a message , compute the following(i)(ii)(iii)(iv)Output with probability min , where

Verify(i)Accept iff and

3.3. System Model Description

Our system model is illustrated in Figure 2, which mainly includes three parts as follows. Healthcare providers are equipped with cloud servers, wireless transmission networks, and body area networks. The health information of a patient is transmitted to two different healthcare providers to different kinds of authorized physicians for accessing and making some medical treatments, respectively. There are two healthcare centers with healthcare providers A and B and the medical research institutions C, where Dr. Alice, Dr. Bob, and Dr. Eve are working in Hospital 1. Each of them have their cloud server. If a patient registers at Hospital 1, his (or her) health information will stored in the cloud server of the Hospital 1, while his health information will not be seen in Hospital 2 and Dr. Alice is one of his authorized physicians. Besides, for other purposes (e.g., research and medical consultation) in cooperation with Hospital 2 and research institutions C, Dr. Alice needs to generate two indistinguishable transcript simulations to Hospital 2 and research institutions C. In some cases, the patient may register at other hospitals with ambiguous assertion about his or her healthcare information; if there exists a medical dispute, the patient can traced.

Remark 1. If the patient does not register twice, our system model is correct directly and the purpose of the twice registration is to solve some medical disputes.

4. Authorized Accessible Privacy Model

In this section, we introduce an authorized accessible privacy model for HCPS which includes a strong designated verifier double-authentication-preventing signature (SDVDAPS for short) and the corresponding security models.

4.1. Strong Designated Verifier Double-Authentication-Preventing Signatures

We provide a self-enhancement privacy-preserving authentication scheme based on a SDVDAPS to satisfy three security and privacy requirements in healthcare cyber-physical systems. Our SEAPA algorithm is described as follows: KeyGen: on inputting public parameters Param and security parameter , the algorithm outputs public-private keys of a patient (Alice, for example) and public-private keys and of two designated physicians (Bob and Eve, for example) in two different hospitals. DVDAPSig: on inputting Alice’s colliding personal healthcare information , Alice’s secret key , Bob’s public key , and Eve’s public key , the algorithm generates a signature on by using and a signature on by using . DVDAPVer: on inputting Alice’s colliding personal healthcare information , , and , the algorithm outputs 0 which means reject or outputs 1 which means accept. Sim: the algorithm generates a signature on by using of an authorized physician Bob in Hospital 1 and a signature on by using of an authorized physician Bob in other hospitals which are indistinguishable from those produced by DVDAPSig and DVDAPSig , respectively. Extract: on inputting Alice’s colliding personal healthcare information and a valid signature pair , the algorithm could extract Alice’s secret key .

Remark 2. If the patient does not register twice, the SDVDAPS will degenerate into a general designated verifier signature (DVS for short). Hence, we can get that our construction is correct directly: Correctness. We need the SEAPA to be correct which means that any honestly computed signature can be verified by directly authorized physicians. That is to say, for any , KeyGen for and for , for DVDAPSig and DVDAPSig , it holds that

4.2. Security Models

4.2.1. Unforgeability

In the DVDAPS, unforgeability under chosen message attack is a basic security property, which means it is infeasible to produce a valid signature for any adversary who does not know secret keys of the signer. Then, we provide a formal description of existential unforgeability of the SEAPA.

(1) Definition 1 (Unforgeability). Our construction SEAPA shows unforgeability under chosen message attack if any adversary could not win the following game.

constructs public/private key pairs for , where is a security parameter and sends and to , where is the patient and and are corresponding authorized physicians in different hospitals, respectively.

queries the signing oracle times for the message and times for the message , respectively.

answers ’s queries byandrespectively.

Finally, is successful if he outputs two new signatures and for message .

For running the above games in time , the SEAPA shows unforgeability (EUF-CMA secure) if there exists a negligible function such that the following equation holds:

4.2.2. Anonymity for the Patient

Only the authorized physicians could generate an indistinguishable signature from the one that could be produced by the signer.

(2). Definition 2 (Anonymity for the Patient). The SEAPA shows anonymity for the patient if the game is successful between a PPT adversary and a distinguisher as follows.

constructs public/private key pairs for , where is a security parameter and sends public key pairs and to , where is the patient and and are corresponding physicians in different hospitals, respectively.

queries the signing oracle times for the message and times for the message , respectively, where .

answers ’s query byrespectively.

makes queries on new messages and to obtain corresponding challenging signatures and .

tosses a coin . If , runs DVDAPSign algorithm and returns corresponding signatures:

Else, runs Sim algorithm and returnsrespectively.

is able to query other new messages except for and after receiving challenging signatures and .

Finally, is successful if he outputs .

For running the above games in time , the construction SEAPA shows anonymity for the patient against a chosen message distinguisher if there exists a negligible function such that the following equation holds:

The security model of anonymity for the patient means that the probability of the signature produced by the DVDAPSign algorithm and the algorithm is the same.

Extractability (or punishability) could be interpreted as Alice’s secret keys can be extracted if there exists a medical dispute between Bob and Eve. To some extent, extractability can be considered as a self-enhancement mechanism for the patient.

(3). Definition 3 (Self-Enhancement for the Patient). A SEAPA provides self-enhancement for the patient, if for any PPT adversary , there exists a negligible function such that the following probability is negligible:

5. Our Lattice-Based SEAPA Construction

In this section, we will introduce our lattice-based SEAPA construction in detail. Our protocol consists of the following five phases.

5.1. KeyGen

for the patient (name Alice) and directly authorized physicians (name Bob) and (name Eve) in different hospitals:(1), , and cryptographically collision-resistant hash functions .(2)Compute , and . Let be public parameters.(3)Alice’s public/private pair is , Bob’s public/private pair is , and Eve’s public/private pair is .

5.2. DVDAPSig

Given the colliding patient’s personal health information and which can only be verified and recovered by and , respectively, Alice computes a signature on by using and a signature on by using in the following:(1)(2)if r is irreversible, goto step 1(3)(4)(5)(6)For , compute(7)(8)Output with probability min , where and = max (9)Then, Alice sends to Bob and sends to Eve

5.3. DVDAPVer

After receiving signatures, physicians Bob and Eve working in the different local healthcare providers do the following things respectively:(i)Bob accepts iff and (ii)Eve accepts iff and

5.4. Sim

(i)Since , Bob computes simulated signature , where (ii)Since , Eve computes simulated signature

5.5. Extract

(i)When there exists a medical dispute between authorized physicians and the patient, they provide their valid signature and to the public and anyone can compute the patient’s secret key .

6. Security Proof

In this section, we use the random oracle model to prove the security of our proposed scheme based on the security model of SEAPA.

Theorem 1. The proposed SEAPA is correct.

Proof. For and , the correctness is given as follows:Hence, it follows that

Theorem 2. The proposed SEAPA is unforgeable against chosen message attack under the hardness of the Ring-SIS.

Proof. Suppose that a PPT adversary is able to produce a valid signature . According to EUF-CMA game, can be correctly verified which means that can compute the following equation.
For and ,Let mod . If , obtains a solution for Ring-SIS problem.
If an adversary could obtain a valid SEAPA signature by EUF-CMA game in time , he can solve the Ring-SIS problem in polynomial time. Hence, we have

Theorem 3. The proposed SEAPA shows anonymity for the patient.

Proof. According to the proposed scheme, anonymity for the patient means that any valid signature on a message produced by the Sim algorithm in SEAPA is indistinguishable from the signature produced by the DVDAPSign algorithm. That is to say, the probability of the signature produced by the two algorithms are the same.
Let be a valid signature, and some signatures are chosen randomly from the set of DVDAPS. The probability of the signature produced by the DVDAPSign is given byFor randomly selected , the signature produced by the Sim is given byIn a similar way,Therefore,That is, the proposed SEAPA scheme shows anonymity for the patient.

Theorem 4. The proposed SEAPA scheme shows self-enhancement for the patient.

Proof. It is easy to verify the extractability from the algorithm Extract based on Theorem 1. So, if the signature private keys are important for her, she will not make some ambiguous assertions which means that there does not exist colliding personal health information and ; that is to say, . To some extent, there will not occur some medical disputes. Hence, our proposed scheme shows self-enhancement for the patient.
By going through the criteria of Wang et al., Hussain et al., and Bonneau et al. [30–32], we propose some major categories that our scheme satisfies as shown in Table 1, where “Must Have” category is related to providing robust security, “May or May Not Have” category is dealing with user experience, and “Nice to Have” category has one criterion related to user experience which is sound repairability while the other is related to security. Besides these criteria, our scheme also satisfies postquantum security.

7. Concrete Parameters Analysis

7.1. Communication Cost

In our SEAPA scheme, we set up some parameters for postquantum computational security [33]. The security of our scheme is based on the hardness of the Ring- problem. In the scheme, we set and , and the Ring- problem can reduce to Ring-. The definition of its parameters are listed in Table 2.

From Table 2, we can see that the signature size of the SEAPA scheme is about 4 KB, 5 KB, and 10 KB for different parameters, respectively.

7.2. Computational Cost

We execute our algorithms on Intel Core i7-4710 processor with 12 GB memory and Ubuntu Linux operating system. Some important cryptographic operations are implemented with NFLlib, which is a NTT-based fast lattice library. By statistics, these important algorithm operations mainly consist of one polynomial addition, one polynomial multiplication, and one polynomial Gaussian. Since the implementation of any hash function is not included in NFLlib, we test the running time of the hash function by a HMAC based on SM3 algorithm. The execution time of each cryptographic operation is shown in Table 3.

We use KG, Sig, Ver, Sim, and Ext to represent the five algorithms KeyGen, DVDAPSig, DVDAPVer, Sim, and Extract, respectively. The degree of polynomial we choose is 8, 128, 1024, 8192, and 32768, and the corresponding size of integer ring is 14 bits, 60 bits, 124 bits, and 124 bits. So the total running time of our algorithm for different parameters is about 0.096711 ms in keygen phase, 0.076315 ms in signature phase, 0.078821 ms in simulation phase, 0.184251 ms in extraction phase, and 0.784562 ms in verification phase. The execution result is depicted in Figure 3.

8. Conclusion and Future Work

In this paper, we presented an authorized accessible privacy model and provided a concept of the patient self-enhancement privacy-preserving authentication scheme. Our construction is derived from strong designated verifier signatures and double-authentication-preventing signatures based on lattice. Security proof shows that our construction satisfies different levels of security requirements in the HCPS system model. Concrete parameters analysis and performance evaluation demonstrated that our construction has reasonable efficiency for real applications. In future work, on the basis of lattice-based strong designated verifier signatures, we will provide some comparisons on the concrete parameters and the communication cost.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (61872229, 61802239, 62062019, and 62074131), Key Research and Development Program of Shaanxi Province (2020ZDLGY09-06, 2021ZDLGY06-04, and 2021ZDLGY05-01), Natural Science Basic Research Plan in Shaanxi Province of China (2019JQ-667 and 2020JQ-422), and Shenzhen Fundamental Research Program (20210317191843003).

References

Y. Zhang, M. Qiu, C. W. Tsai, M. M. Hassan, and A. Alamri, “Health-CPS: healthcare cyber-physical system assisted by cloud and big data,” IEEE Systems Journal, vol. 11, no. 1, pp. 88–95, 2015.
View at: Publisher Site | Google Scholar
J. Xu, L. Wei, W. Wu, A. Wang, Y. Zhang, and F. Zhou, “Privacy-preserving data integrity verification by using lightweight streaming authenticated data structures for healthcare cyber-physical system,” Future Generation Computer Systems, vol. 108, pp. 1287–1296, 2020.
View at: Publisher Site | Google Scholar
S. Wang, H. Wang, J. Li et al., “A fast cp-abe system for cyber-physical security and privacy in mobile healthcare network,” IEEE Transactions on Industry Applications, vol. 56, no. 4, pp. 4467–4477, 2020.
View at: Publisher Site | Google Scholar
R. Agarwal and M. Hussain, “Generic framework for privacy preservation in cyber-physical systems,” in Proceedings of the Progress in Advanced Computing and Intelligent Engineering, pp. 257–266, Springer, Odisha, India, October 2021.
View at: Publisher Site | Google Scholar
H. Sedjelmaci, F. Guenab, S.-M. Senouci, H. Moustafa, J. Liu, and S. Han, “Cyber security based on artificial intelligence for cyber-physical systems,” IEEE Network, vol. 34, no. 3, pp. 6-7, 2020.
View at: Publisher Site | Google Scholar
C. Kannan, M. Dakshinamoorthy, M. Ramachandran, R. Patan, H. Kalyanaraman, and A. Kumar, “Cryptography‐based deep artificial structure for secure communication using IoT‐enabled cyber‐physical system,” IET Communications, vol. 15, no. 6, pp. 771–779, 2021.
View at: Publisher Site | Google Scholar
M. Jakobsson, K. Sako, and R. Impagliazzo, “Designated verifier proofs and their applications,” in Proceedings of the Theory and Applications of Cryptographic Techniques, vol. 143–154, Springer, May 1996.
View at: Publisher Site | Google Scholar
L. Wei, H. Zhu, Z. Cao et al., “Security and privacy for storage and computation in cloud computing,” Information Sciences, vol. 258, pp. 371–386, 2014.
View at: Publisher Site | Google Scholar
Y. Zhang, Q. Liu, C. Tang, and H. Tian, “A lattice-based designated verifier signature for cloud computing,” International Journal of High Performance Computing and Networking, vol. 8, no. 2, pp. 135–143, 2015.
View at: Publisher Site | Google Scholar
S. Hou, X. Huang, J. K. Liu, J. Li, and L. Xu, “Universal designated verifier transitive signatures for graph-based big data,” Information Sciences, vol. 318, pp. 144–156, 2015.
View at: Publisher Site | Google Scholar
X. D. Yang, L. K. Xiao, C. L. Chen, and C. F. Wang, “A strong designated verifier proxy re-signature scheme for IoT environments,” Symmetry, vol. 10, no. 11, pp. 1486–1491, 2018.
View at: Publisher Site | Google Scholar
Y. Yu, Y. Ding, Y. Zhao et al., “LRCoin: leakage-resilient cryptocurrency based on bitcoin for data trading in IoT,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4702–4710, 2019.
View at: Publisher Site | Google Scholar
L. Zuo, N. Kumar, H. Tu, A. Singh, N. Chilamkurti, and S. Rho, “Detection and analysis of secure intelligent universal designated verifier signature scheme for electronic voting system,” The Journal of Supercomputing, vol. 70, no. 1, pp. 177–199, 2014.
View at: Publisher Site | Google Scholar
P. Grontas, A. Pagourtzis, A. Zacharakis, and B. Zhang, “Towards everlasting privacy and efficient coercion resistance in remote electronic voting,” in Proceedings of the Financial Cryptography and Data Security, pp. 210–231, Springer, Nieuwpoort, Curaçao, March 2018.
View at: Publisher Site | Google Scholar
J. Zhou, X. Lin, X. Dong, and Z. Cao, “PSMPA: patient self-controllable and multi-level privacy-preserving cooperative authentication in distributedm-healthcare cloud computing system,” IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 6, pp. 1693–1703, 2014.
View at: Publisher Site | Google Scholar
Z. Jun, C. Zhenfu, D. Xiaolei, L. Xiaodong, and A. V. Vasilakos, “Securing m-healthcare social networks: challenges, countermeasures and future directions,” IEEE Wireless Communications, vol. 20, no. 4, pp. 12–21, 2013.
View at: Publisher Site | Google Scholar
S. Saeednia, S. Kremer, and O. Markowitch, “An efficient strong designated verifier signature scheme,” in Proceedings of the ISC2003, pp. 40–54, Springer, Seoul, Korea, November 2003.
View at: Publisher Site | Google Scholar
L. Deng, Y. Yang, and R. Gao, “Certificateless designated verifier anonymous aggregate signature scheme for healthcare wireless sensor networks,” IEEE Internet of Things Journal, vol. 8, no. 11, pp. 8897–8909, 2021.
View at: Publisher Site | Google Scholar
Y. Li, W. Susilo, Y. Mu, and D. Pei, “Designated verifier signature: definition, framework and new constructions,” in Proceedings of the Ubiquitous Intelligence and Computing, pp. 1191–1200, Springer, Hong Kong, China, July 2007.
View at: Publisher Site | Google Scholar
Q. Huang, G. Yang, D. S. Wong, and W. Susilo, “Efficient strong designated verifier signature schemes without random oracle or with non-delegatability,” International Journal of Information Security, vol. 10, no. 6, p. 373, 2006.
View at: Publisher Site | Google Scholar
J.-G. Li, N. Qian, X.-Y. Huang, and Y.-C. Zhang, “Certificate-based strong designated verifier signature scheme,” Chinese Journal of Computers, vol. 35, no. 8, pp. 1579–1587, 2012.
View at: Publisher Site | Google Scholar
Y. Chen, Y. Zhao, H. Xiong, and F. Yue, “A certificateless strong designated verifier signature scheme with non-delegatability,” International Journal on Network Security, vol. 19, no. 4, pp. 573–582, 2017.
View at: Publisher Site | Google Scholar
Y. Shi, H. Fan, and Q. Liu, “An obfuscatable designated verifier signature scheme,” IEEE Transactions on Emerging Topics in Computing, vol. 5, no. 2, pp. 271–285, 2017.
View at: Publisher Site | Google Scholar
J. Cai, H. Jiang, P. Zhang, Z. Zheng, G. Lyu, and Q. Xu, “An efficient strong designated verifier signature based on $\mathcal{R}-$ SIS assumption,” IEEE Access, vol. 7, pp. 3938–3947, 2019.
View at: Publisher Site | Google Scholar
J. Cai, H. Jiang, P. Zhang et al., “ID-based strong designated verifier signature over R-SIS assumption,” Security and Communication Networks, vol. 2019, Article ID 9678095, 8 pages, 2019.
View at: Publisher Site | Google Scholar
X. Huang, W. Susilo, Y. Mu, and F. Zhang, “Short (Identity-Based) strong designated verifier signature schemes,” in Proceedings of the Information Security Practice and Experience (ISPE), pp. 214–225, Springer, Hangzhou, China, April 2006.
View at: Publisher Site | Google Scholar
L. He, J. Ma, L. Shen, and D. Wei, “Certificateless designated verifier proxy signature scheme for unmanned aerial vehicle networks,” Science China Information Sciences, vol. 64, no. 1, pp. 1–15, 2021.
View at: Publisher Site | Google Scholar
M. Zheng, K. Xue, S. Li, and N. Yu, “A practical quantum designated verifier signature scheme for E-voting applications,” Quantum Information Processing, vol. 20, no. 7, pp. 1–22, 2021.
View at: Publisher Site | Google Scholar
V. Lyubashevsky, “Lattice signatures without trapdoors,” in Proceedings of the Advances in Cryptology - EUROCRYPT 2012 TACT, pp. 738–755, Springer, Cambridge, UK, April 2012.
View at: Publisher Site | Google Scholar
J. Bonneau, C. Herley, P. Oorschot, and F. Stajano, “The quest to replace passwords: a framework for comparative evaluation of web authentication schemes,” IEEE Symposium on Security and Privacy, pp. 1–15, 2012.
View at: Publisher Site | Google Scholar
K. Hussain, N. Jhanjhi, H. M. ur-Rahman, J. Hussain, and M. Hasan Islam, “Using a systematic framework to critically analyze proposed smart card based two factor Authentication schemes,” Journal of King Saud University - Computer and Information Sciences, vol. 33, no. 4, pp. 417–425, 2021.
View at: Publisher Site | Google Scholar
D. Wang and P. Wang, “two birds with one stone: two-factor Authentication with security beyond conventional bound,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 708–722, 2016.
View at: Publisher Site | Google Scholar
P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Review, vol. 41, no. 2, pp. 303–332, 1999.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Jinhui Liu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

350

Downloads

491

Citations

Security and Communication Networks

Security and Privacy for Edge-Assisted Internet of Things

Lattice-Based Self-Enhancement Authorized Accessible Privacy Authentication for Cyber-Physical Systems

Abstract

1. Introduction

2. Related Work

2.1. Motivations

2.2. Contributions

2.3. Organization

3. Preliminaries

3.1. Notations

3.2. Ring-SIS Signature Scheme

3.3. System Model Description

4. Authorized Accessible Privacy Model

4.1. Strong Designated Verifier Double-Authentication-Preventing Signatures

4.2. Security Models

4.2.1. Unforgeability

4.2.2. Anonymity for the Patient

5. Our Lattice-Based SEAPA Construction

5.1. KeyGen

5.2. DVDAPSig

5.3. DVDAPVer

5.4. Sim

5.5. Extract

6. Security Proof

7. Concrete Parameters Analysis

7.1. Communication Cost

7.2. Computational Cost

8. Conclusion and Future Work

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright