A Hierarchical Matrix Decomposition-Based Signcryption without Key-Recovery in Large-Scale WSN

Yuan, Chi; Chen, Wenping; Li, Deying

doi:https://doi.org/10.1155/2018/5929828

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Works Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security, Privacy, and Trust on Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2018 | Article ID 5929828 | https://doi.org/10.1155/2018/5929828

A Hierarchical Matrix Decomposition-Based Signcryption without Key-Recovery in Large-Scale WSN

Chi Yuan,¹Wenping Chen,¹and Deying Li¹

Guest Editor: Georgios Kambourakis

Received16 Jul 2018

Revised19 Oct 2018

Accepted13 Nov 2018

Published02 Dec 2018

Abstract

The sensors in wireless sensor network (WSN) are vulnerable to malicious attacks due to the transmission nature of wireless media. Secure and authenticated message delivery with low energy consumption is one of the major aims in WSN. The identity-based key authentication scheme is more suitable for the WSN. In this paper, the Hierarchical Matrix Decomposition-based Signcryption (HMDS) algorithm was proposed, which is a kind of identity-based authentication scheme. In HMDS scheme, three-layer architecture, base station (BS), cluster head, and intracluster, is employed to adapt to the common structure of WSN. As the key generation center (KGC), the BS adopts matrix decomposition to generate the identification information and public key for cluster head, which not only reduces the cost of calculation and storage but also avoids the collusion attack. Experiments show that the HMDS algorithm has more advantages over other algorithms and is very suitable for the large-scale WSN.

1. Introduction

Wireless sensor network (WSN) combined sensor and network communication technology has real-time sensing and information acquisition functions. It is applied to various fields such as national defense, environment monitoring, transportation management, medical treatment, and public health [1, 2]. The wireless sensor network has the characteristics of large-scale, multihop communication and complex deployment environment, and so forth [3, 4]. At the same time, since the sensor network nodes mostly have small size and are deployed in unattended harsh environment, the sensor node energy as well as the computing capability is greatly limited. Therefore, low energy cost and computation complexity are important requirements for WSN application [5]. In addition, WSN is different from the wired network, the communication channel of wireless network is public, and it is not difficult for an adversary to manipulate the sensors in an unprotected WSN. As a result, the sensors in a WSN are vulnerable to malicious attacks. Thus, the energy efficiency and network security must be considered when designing WSN application [6–9].

Cryptography plays a very important role in security [10–12]. The common public key encryption methods can be classified into three categories: Public Key Infrastructure (PKI) based encryption, identity-based encryption (IBE) and the certificate-free encryption [13]. Among them, the identity-based encryption (IBE) method has obvious advantage in both security and calculation complexity. The literature [14] pointed out that the IBE method is the most suitable public key system for wireless sensor networks (WSN). However, there is a flaw in the key escrow scheme of IBE algorithms. Because the Private Key Generator (PKG) holds private keys of all users, it can easily impersonate any node user, decrypt its ciphertext, and forge user signatures.

In this paper, the Hierarchical Matrix Decomposition-based Signcryption (HMDS) algorithm was proposed to resolve the above problems. In HMDS algorithm, the clustering management scheme is employed to adapt to the data aggregation architecture in WSN. The matrix decomposition-based method is adopted to generate the keys for cluster head nodes, which makes use of identification information and avoids absolute control of KGC on the private keys. Such mechanism really solves the key escrow problem in IBE algorithm. To evaluate the performance of the HMDS scheme, we compare it with the Hierarchical Identity-Based Signcryption Scheme (HIS) algorithm [15]. The experiment results show that the HMDS algorithm is more suitable for the WSN. Especially in the large-scale WSN, the HMDS algorithm is very stable and has advantage over HIS scheme.

2.1. Public Key Authentication

In recent years, many researchers have done a lot of work on the key authentication for WSN. There are three kinds of authentication methods, PKI-based encryption, identity-based encryption, and certificate-free encryption.

2.1.1. PKI-Based Encryption

In a typical PKI-based scheme, the public key certificate is signed by a certificate authority (CA) to achieve the binding between the user’s public key and its identity. The certificate-based key management scheme is the most common authentication scheme. However, the PKI-based key management scheme tends to consume too much storage, calculation, and communication resource, which is unaffordable for the energy-constrained sensor nodes in WSN [16, 17].

2.1.2. Identity-Based Encryption

In 1984, the identity-based encryption algorithm was first proposed by Shamir [18], which enabled any pair of users to communicate securely and verify each other’s signatures without exchanging private or public keys. In 2003, Chen studied the key management protocol in identity-based encryption scheme [19]. In order to simplify the management of the key, the user’s public key was used for directly calculating the user’s identity information, and the private key was credibly generated by PKG (Private Key Generator). Without the public key certificate, such scheme reduced the storage and computing cost for issuance, cancellation, and certification.

To reduce the energy consumption of the identity-based authentication node, some identity-based key management protocols for WSN were proposed [20, 21]. The literature [11] pointed out that the identity-based encryption was the most suitable public key scheme for wireless sensor networks (WSN). Neal Koblitz [22] and Victor Miller [23] proposed elliptic curve cryptosystem. Then, the similar algorithm was proposed by Zhang et al. in [24], which presented that the security of ECC was based on the discrete logarithm problem. Compared with other public key systems, this scheme is a promising method with high security, low cost, and high efficiency. However, in most elliptic curves based key management schemes, grouping management mechanism was not introduced. With the increasing of nodes, more communication with BS is needed, which was not suitable for the nodes with limited energy in WSN.

In the key-insulated cryptography proposed by Qin Zhiguang et al., the key was divided into two parts: one part was managed by the users and the other part was saved by a physical security helper [12]. When the key was needed, the two parts of the key were spliced into a complete key. But it failed to take advantage of the identity information from each effective node. Chen Yuan et al. [13] proposed an identity-based encryption scheme without bilinear pairings. Both algorithms used the idea of noncertificate; the private key was generated by the node and the Private Key Generator (PKG). Therefore, the two algorithms could not really solve the key escrow problem.

Guo Jianghong et al. [16] proposed a new key agreement scheme for WSN. The node established the pairing key through the Diffie-Hellman protocol, and the required key parameters are obtained through broadcast. The scheme still has the advantages of the identity-based encrypted key agreement scheme, but the time and energy consumption for bilinear pairing operation is very high. Guo et al. [25] combined the identity-based RSA mechanism with the lightweight Certificate Authority (CA) to construct an identity-based mixed model, ECC-CA, for sensor network cryptography scheme. But the scheme has relatively huge cost of calculation and communication.

2.1.3. Certificate-Free Encryption

To resolve the certificate problem in the PKI-based scheme and the key escrow problem in the identity-based scheme, the certificate-free encryption method was proposed. In certificate-free encryption algorithm, a credible third-party Key Generation Center (KGC) was still employed to jointly generate the user’s private key. KGC did not directly hold the users’ private keys but only generated a partial private key. The users themselves generated the final private key instead. In such scheme, the public key information could not be directly obtained from the user identity information [26, 27]. At present, these provable security certificate-free construction methods are based on the Waters hash function, which leads to long system parameters and requires more pairing calculations. Thus, these methods are not suitable for WSN with limited storage capacity and calculation capability.

2.2. Cluster-Based Authentication for WSNs

Zhang et al. [28] used two cluster heads to realize the system authentication work. They assumed that the cluster head (CH) had limited processing capacity and could not meet the requirements of data calculation. In a cluster, one CH was responsible for intercluster communication and the other CH was responsible for the collection and processing of data in its cluster. Dai et al. [29] also proposed a dual cluster head authentication scheme, whose main principle was similar to the system proposed by Zhang. The main CH and the sub-CH were selected in the larger clusters; the main CH was assisted by the sub-CH. Wang et al. [30] proposed a nonuniform clustering management scheme achieved by establishing clusters with different sizes, which was different from dual cluster head structure. However, it did not consider the fact that the influence of fixed factors on network varies with the number of rounds. Based on the dynamic search strategy, in literature [31], dynamic CH was introduced to collect the interference data of illegal nodes, but it could not realize adaptive switching data collection path. Yu et al. [32] proposed a DEER algorithm to find the optimal path between a CH and the coordinator, but it may lead to unbalanced load among the CHs.

Rohbanina et al. [33] proposed a hierarchical WSN for key management, which first constructed the shortest path and uses the elliptic curve-based cryptography scheme for session key distribution. DENG et al. [34] made use of the network differentiation to improve system communication efficiency, which adopted the grouping encryption algorithm. By using the summary information comparison method and the singular point exclusion strategy, the system recoverability was enhanced. Klaoudatou et al. [35] thoroughly evaluated the cluster-based Group Key Agreement (GKA) protocols for WSNs. The authors examined many related literatures to study their performance and energy consumption. They thought that clustering is ideal for large-scale environments and time-critical applications. The use of cluster-based approaches optimizes network bandwidth and service discovery while addressing the needs for scalability at the same time.

3. Hierarchical Matrix Decomposition-Based Signcryption (HMDS) Scheme

3.1. Overview of HMDS Scheme

In the WSN, cluster-based hierarchical architecture could decrease the communication overhead of data collection and aggregation. Moreover, it is good to extend the lifetime if nodes are assigned to different roles according to their resources. Therefore, we propose a Hierarchical Matrix Decomposition-based Signcryption (HMDS) scheme, which adopts the cluster-based hierarchical architecture illustrated as in Figure 1. There are three layers, base station (BS), cluster head layer, and intracluster layer. Usually, the WSN consists of a few clusters and a BS. When a node communicates with other nodes in different cluster, the message must be forwarded by the corresponding CHs.

In the HMDS scheme, the BS is used as KGC. There are three modules for performing the KGC functions, database module, encryption machine module, and key management system module. The BS assigns an identification number and generates the public key for each CH in cluster head layer. Matrix D is stored in the database on BS. Given a symmetric matrix D, it is Doolittle-decomposed into two triangular matrices L and R; thus, the ID of each node can be assigned quickly according to the polynomial function. Furthermore, the authentication and key updating of the node can be realized.

The nodes with more storage and computing resource are assigned as CHs. Each CH is responsible for managing a number of ordinary sensor nodes and performing more complex operations. In the cluster head layer, each CH computes the public key for each sensor node in its cluster.

Before presenting the detail of the HMDS scheme, it is necessary to introduce some deployed notations as described in Table 1.

3.2. Signcryption for Intercluster Communication

3.2.1. Initialization

The BS, as the KGC, is trustable to generate key for CHs. Before generating keys, the steps of initialization are described as follows.

(A) BS selects a (n×n) symmetric matrix D and saves it. Each order principal minor determinant of D is not equal to 0; the matrix D is represented as follows:

where =.

(B) As the KGC, the BS performs Doolittle decomposition for the matrix D as follows:(C) The KGC saves all the information of the matrix R, and according to the diagonal elements of the matrix R, the following one-way polynomial function is used to generate the identification number for each CH node i.(D) KGC broadcasts the matrix L to all the CHs; that is to say, each CH knows all the information of the matrix L.

(E) According to the CH number Idi and matrix L, each CH node only stores the corresponding row elements in matrix L and ignores other elements. For example, if =4, the CH only stores the 4th row elements of the L matrix as follows:

3.2.2. User Key Generation (Extract)

After initialization, the steps of key generation are described as follows.

(A) The applicant node i, named as , selects a point P(, ) on the elliptic curve as its own private key, that is, =(,), and then randomly selects a number ∈Z and calculates the verification shares ==( , ).

(B) saves the random number , which will be used in the signcryption process; then it combines the self verification shares with the identity information and sends it to the KGC. It should be noted that random number will not be sent to KGC, which prevents KGC from leaking secrets, and is only used for the intercluster communication.

(C) After receiving the information, the KGC selects a random number j. According to the value of j together with ’s number i, the KGC chooses the element in the matrix R and obtains the verification parameter of the KGC.

(D) The KGC calculates the public key for based on the received verification shares (,).

(E) The KGC sends the random number j, the verification parameter , and the user public key to the applicant .

(F) After receiving the information returned by the KGC, according to the received random number j, selects the element from the stored row vector in matrix L and verifies whether = . If the verification passes, accepts the public key and saves its own private key . Then, the KGC announces the user’s public key to other CHs. Otherwise, it returns an error and the application fails (the correctness will be proven in Section 4.1).

Thus, the configuration of the public and private keys for each CH has been completed.

3.2.3. Signcryption

When needs to send a message to , the following steps will be performed.

(A) first takes the random number which is saved at the public key application stage; together with the base point G on the elliptic curve, calculates . Then, calculates the verification parameter by and the public key of . After that, encrypts the message Msg by using and obtains .

(B) calculates the parameters ,

(C) generates the ciphertext according to the stored random number and all the above parameters.

(D) sends the ciphertext to .

3.2.4. Unsigncryption

After receives the ciphertext, the following steps will be performed to decrypt the received message.

(A) extracts the first half of and calculates the verification parameters with its own public key.

(B) calculates

(C) decrypts the encrypted message by using to obtain .

(D) calculates and verifies if = ; if they are equal, the common communication key of and is , and is stored as the intercluster shared key after receiving the text Msg; otherwise, the verification fails.

Thus, communication between the clusters finished.

3.3. Signcryption for Intracluster Communication

3.3.1. Key generation and Unsigncryption

In each cluster, and obtained the shared key between cluster i and cluster j through the above process. The key generation, signcryption, and unsigncryption for the ordinary nodes in a cluster are similar to those for cluster head, as described in Section 3.2, so it is not necessary to repeat them here.

3.3.2. Intracluster Key Updating

In order to ensure security, the BS will periodically inform each CH to perform the intracluster key updating operation. For instance, in the cluster whose cluster head is , the updating steps are as follows:

(A) generates a new cluster shared key .

(B) uses its own private key for identity signature, and the ordinary nodes authenticate it.

(C) The signature and the new cluster shared key together with the original shared key are encrypted to obtain and the information is broadcasted in this cluster.

(D) After the ordinary nodes receive the broadcasted information, they decrypt the information by original shared key and verify it by the public key of the cluster head; if the verification passes, the new cluster shared key is saved to replace the old one and answers CH; otherwise, discard the data package.

4. Correctness and Security Analysis

4.1. Correctness Analysis

Theorem 1. In the process of generating public key (described in Section 3.2.2) for CH, if =, the public key generation satisfies the correctness requirements.

Proof. Firstly, according to the Doolittle decomposition rules for the symmetric matrix D, combined with the knowledge of Order Principal Minor Determinant, we haveFurthermore, the matrix R can be decomposed as follows:Therefore, we haveBased on uniqueness of the Doolittle decomposition, we have ; that is,Therefore, the KGC public key generation process satisfies the correctness requirements.

Theorem 2. The recalculation process of the verification parameter satisfies the correctness requirements.

Proof.

4.2. Security Analysis

In the HMDS algorithm, the private key of an applicant is managed by the applicant itself, and the KGC only generates the public key for the applicant. The authentication parameters transferred during the communication process are also based on the public keys of the applicant. Therefore, even if a node is compromised, it will not affect the security of other nodes.

In the HMDS algorithm, one characteristic is that the monomial function is adopted to generate the identification number for an applicant, which ensures the partial public secret not to leak. From the polynomial, ; according to Honer’s Rule, we can continuously extract xi as a common factor from the residual polynomial recursively to compute , as illustrated in Table 2. It can be observed that if x, , and p are known, it is very easy to compute the value of . Conversely, if and p are known and we try to get the value of xi, it will cost at least n²(log₂ P)² times of multiplication. When n and p are very large, it is very difficult to obtain the value of ,. Therefore, it is ensured that the identification number of each node is quickly generated, but it is difficult to crack. Another characteristic of the HMDS algorithm is that the information kept by each applicant is very simple, which saves the cost of calculation and storage resource.

5. Performance Evaluation

5.1. Computation Complexity Analysis

We compare the HMDS algorithm with the HIS algorithm; the main operations and complexity of the two algorithms are shown in Table 3, which include four steps, system initialization, user key generation (extraction), signcryption, and unsigncryption.

5.2. Simulation Experiments

We set up six classical simulation configurations for HMDS and HIS scheme to represent different scenarios, denoted as S1~S6. To evaluate the efficiency of the HMDS scheme, we take the time cost as the metric to compare the HMDS scheme with the HIS scheme. The experiment parameters setting of the 6 scenarios is as shown in Table 4, where Num_CH is the number of clusters and n is the number of nodes.

Since the key steps of the HMDS scheme are setup (initialization) stage and key generation (extract) stage, the efficiency of the HMDS scheme depends on the two stages. Therefore, besides evaluating the overall efficiency of the HMDS scheme, we specially evaluate the efficiency of the two stages, respectively.

5.2.1. Efficiency of Initialization and Extract Stage

As shown in Figure 2, it can be observed that the time consumption of the two algorithms in the three scenarios, S1, S2, and S3, is all within 100ms and the HMDS algorithm has a slight advantage over the HIS algorithm. It is because the number of the nodes is small. With the number of nodes increasing from 100 (in S3) to 1000 (in S6), the time consumption of the two algorithms also has a large increment, and the HMDS algorithm has an obvious advantage over the HIS algorithm. Especially in the scenario S6, the HIS algorithm takes about 850ms, while the HMDS algorithm only takes 300ms, which saves about two-thirds of the time. In general, for the HIS algorithm, the time consumption of the two stages increases steeply when the network size n increases quickly. In comparison, the HMDS algorithm is relatively stable in time consuming when the network size n is large. Therefore, the HMDS algorithm is more applicable to the WSN than the HIS algorithm. Especially when the network size n is very large, the HMDS algorithm has more obvious advantages.

5.2.2. Overall Efficiency

We randomly take 20 pairs of nodes to evaluate the overall efficiency; that is to say, we measure the time consumption of the four stages, from initialization to the end of unsigncryption. As shown in Figure 3, the overall time consumption for both algorithms increases with the number of nodes increasing, but the HMDS algorithm still takes less time than the HIS algorithm. This trend becomes more and more obvious with the increasing of the network size and is consistent with the results of the above two-stage experiments.

Therefore, the HMDS algorithm outperforms the HIS algorithm. Furthermore, the HMDS algorithm does not cause rapid increase of time consumption when the network scale grows. So the HMDS algorithm is more suitable for larger-scale WSN.

6. Conclusion

In this paper, the identity-based HMDS authentication algorithm was proposed. The public key of the applicant is generated by KGC and the private key is computed by the node itself to solve the key escrow problem, which is a disadvantage of the common identity-based authentication algorithm. The HMDS algorithm adopts hierarchical structure to adapt to WSN requirement. By employing matrix decomposition, the cost of calculation and storage is reduced. Through analysis and experimental comparison, the HMDS algorithm can ensure communication security in the WSN environment and has characteristics of low energy consumption and high stability, which is very suitable for WSN. Furthermore, when the network scale is large, the performance of the HMDS algorithm is very stable and has advantages over HIS scheme. In the future, we will improve the existing matrix decomposition-based HDMS algorithm, especially to optimize the authentication method between cluster heads. Meanwhile, we will study the key updating mechanism to improve the authentication efficiency.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This paper is partly supported by National Natural Science Foundation of China (Grant no. 11671400).

References

M. Guo, Y. Liu, H. Yu, B. Hu, and Z. Sang, “An overview of smart city in China,” China Communications, vol. 13, no. 5, pp. 203–211, 2016.
View at: Publisher Site | Google Scholar
H.-D. Ma, “Internet of things: objectives and scientific challenges,” Journal of Computer Science and Technology, vol. 26, no. 6, pp. 919–924, 2011.
View at: Publisher Site | Google Scholar
W. Chen, X. Jiang, Z. Tang et al., “Context-based global multi-class semantic image segmentation by wireless multimedia sensor networks,” Artificial Intelligence Review, vol. 43, no. 4, pp. 579–591, 2015.
View at: Google Scholar
H. Y, W. L, and P. Z, “Intelligent wireless sensor network system,” Science Publishing Company, 978-7-03-037323 -6, 2013.
View at: Google Scholar
K. T. Tran and S.-H. Oh, “UWSNs: A Round-Based Clustering Scheme for Data Redundancy Resolve,” International Journal of Distributed Sensor Networks, vol. 2014, Article ID 383912, pp. 19–26, 2014.
View at: Publisher Site | Google Scholar
Y. Z. Song and L. W. Li, “Dynamic triggering and cooperation based lifespan optimization of WSN nodes,” Control Engineering of China, vol. 20, no. 2, pp. 339–343, 2013.
View at: Google Scholar
H. J. Cheng, X. B. Huang, and N. Xiong, “Minimum-Energy broadcast algorithm for wireless sensor networks with unreliable communi-cations,” Journal of Software, vol. 25, no. 5, pp. 1101–1112, 2014 (Chinese).
View at: Google Scholar
P. Khandare and N. P. Kulkarni, “Public key encryption and 2Ack based approach to defend wormhole attack,” International Journal of Computer Trends & Technology, vol. 4, no. 3, pp. 421–428.
View at: Google Scholar
Y. L. Zhang, D. R. Zhou, and C. Y. Li, “Certificateless-based efficient aggregate signature scheme with universal designated verifier,” Journal of Communications, vol. 36, no. 2, pp. 1–5, 2015.
View at: Google Scholar
http://en.wikipedia.org/wiki/RSA_(algorithm).
J. Huang and B. Huang, “Public key based key distribution scheme for wireless sensor networks,” Tongxin Xuebao/Journal on Communication, vol. 32, no. 10, pp. 52–58, 2011.
View at: Google Scholar
Z. G. Qin, J. J. Liu, Y. Zhao et al., “A survey of key-insulated cryptography,” Chinese Journal of Computers. Jisuanji Xuebao, vol. 38, no. 4, pp. 759–774, 2015.
View at: Google Scholar | MathSciNet
X. Chen, S. Y. Liu, and Y. Wang, “Emergency resources scheduling based on improved backtracking search optimization algorithm,” Computer Applications and Software, vol. 32, no. 12, pp. 235–238, 2015.
View at: Google Scholar
L. B. Oliveira, R. Dahab, J. Lopez, F. Daguano, and A. A. Loureiro, “Identity-Based Encryption for Sensor Networks,” in Proceedings of the Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07), pp. 290–294, White Plains, NY, USA, March 2007.
View at: Publisher Site | Google Scholar
C. Yuan, W. Chen, and D. Li, “A Hierarchical Identity-Based Signcryption Scheme in Underwater Wireless Sensor Network,” in 11th China Conference on Wireless Sensor Network (CWSN 2017), 2017.
View at: Google Scholar
J. Guo, X. Li, and J. Wu, “New Identity-based key agreement scheme for WSN,” Computer Science, vol. 38, no. 3, pp. 127–130, 2011.
View at: Google Scholar
J. Katz and M. Yung, “Scalable protocols for authenticated group key exchange,” Journal of Cryptology, vol. 20, no. 1, pp. 85–113, 2007.
View at: Publisher Site | Google Scholar | MathSciNet
A. Shamir, “Identity-based cryptosystems and signature schemes,” in Proceedings of CRYPTO 84 on Advances in cryptology, vol. 196, LNCS 196, pp. 47-53. New York, NY, USA, Springer-Verlag New York, Inc., 1985.
View at: Google Scholar
L. Chen and C. Kudla, “Identity based authenticated key agreement protocols from pairings,” in Proceedings of the 16th IEEE Computer Security Foundations Workshop, CSFW 2003, pp. 219–233, USA, July 2003.
View at: Google Scholar
J.-M. Bohli, B. Glas, and R. Steinwandt, “Towards provably secure group key agreement building on group theory,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 4341, pp. 322–336, 2006.
View at: Google Scholar
F. Zhang, S. Liu, and K. Kim, “ID-Based One Round Authenticated Tripartite Key Agreement Protocol with Pairings,” Cryptology ePrint Archive, Report 2002/122, 2002.
View at: Google Scholar
N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987.
View at: Publisher Site | Google Scholar | MathSciNet
V. S. Miller, “Use of Elliptic Curves in Cryptography,” in Lecture Notes in Computer Science, vol. 218, pp. 417–426, 1 edition, 1985.
View at: Google Scholar
W.-F. Zhang, X.-M. Wang, W. Guo, and D.-K. He, “An efficient inter-enterprise authentication scheme for VE based on the elliptic curve cryptosystem,” Tien Tzu Hsueh Pao/Acta Electronica Sinica, vol. 42, no. 6, pp. 1095–1102, 2014.
View at: Google Scholar
P. Guo, H. Zhang, D. Fu, and M. Zhou, “Hybrid and Lightweight Cryptography for WSN,” Computer Science, vol. 39, 2012.
View at: Google Scholar
D. W. Zhou, G. H. Wei, and H. G. Zhang, “Key-management scheme based on public-key institution to clustered wireless sensor networks,” Journal of Beijing University of Technology. Beijing Gongye Daxue Xuebao, vol. 42, no. 5, pp. 707–712, 2016.
View at: Google Scholar | MathSciNet
G. Lippold, C. Boyd, and J. Gonzalez Nieto, “Strongly secure certificateless key agreement,” in Pairing-based cryptography---Pairing 2009, vol. 5671 of Lecture Notes in Comput. Sci., pp. 206–230, Springer, Berlin, 2009.
View at: Publisher Site | Google Scholar | MathSciNet
R. S. Zhang and K. S. Qu, “Energy hole alleviation of WSNs based on dual cluster head grid scheduling,” Transducer and Micro-system Technologies, vol. 33, no. 10, pp. 133–136, 2014.
View at: Google Scholar
Z. Dai, C. Yan, and Z. Wu, “New uneven double cluster head clustering algorithm for WSN-PUDCH algorithm,” Chinese Journal of Sensors and Actuators, vol. 29, no. 12, pp. 1912–1918, 2016.
View at: Google Scholar
L. Wang, “Improved algorithm of non-uniform clustering routing protocol[J],” Computer Science, vol. 44, no. 2, pp. 152–156, 2017.
View at: Google Scholar
X. Liu, “A novel transmission range adjustment strategy for energy hole avoiding in wireless sensor networks,” Journal of Network and Computer Applications, vol. 67, pp. 43–52, 2016.
View at: Publisher Site | Google Scholar
M. Simões, L. C. Simões, S. Cleto, I. Machado, M. O. Pereira, and M. J. Vieira, “Antimicrobial mechanisms of ortho-phthalaldehyde action,” Journal of Basic Microbiology, vol. 47, no. 3, pp. 230–242, 2007.
View at: Publisher Site | Google Scholar
R. Linsker, “Self-organization in a perceptual network,” The Computer Journal, vol. 21, no. 3, pp. 105–117, 1988.
View at: Publisher Site | Google Scholar
S. Deng and Y. Wang, S. Deng, vol. 39, Chinese, Computer Engineering, 2013.
E. Klaoudatou, E. Konstantinou, G. Kambourakis, and S. Gritzalis, “A survey on cluster-based group key agreement protocols for WSNs,” IEEE Communications Surveys & Tutorials, vol. 13, no. 3, pp. 429–442, 2011.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2018 Chi Yuan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

581

Downloads

862

Citations

Wireless Communications and Mobile Computing

Security, Privacy, and Trust on Internet of Things

A Hierarchical Matrix Decomposition-Based Signcryption without Key-Recovery in Large-Scale WSN

Abstract

1. Introduction

2. Related Works

2.1. Public Key Authentication

2.1.1. PKI-Based Encryption

2.1.2. Identity-Based Encryption

2.1.3. Certificate-Free Encryption

2.2. Cluster-Based Authentication for WSNs

3. Hierarchical Matrix Decomposition-Based Signcryption (HMDS) Scheme

3.1. Overview of HMDS Scheme

3.2. Signcryption for Intercluster Communication

3.2.1. Initialization

3.2.2. User Key Generation (Extract)

3.2.3. Signcryption

3.2.4. Unsigncryption

3.3. Signcryption for Intracluster Communication

3.3.1. Key generation and Unsigncryption

3.3.2. Intracluster Key Updating

4. Correctness and Security Analysis

4.1. Correctness Analysis

4.2. Security Analysis

5. Performance Evaluation

5.1. Computation Complexity Analysis

5.2. Simulation Experiments

5.2.1. Efficiency of Initialization and Extract Stage

5.2.2. Overall Efficiency

6. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright