A Remote Attestation Mechanism Using a Threshold Ring Signature for a Perception Layer of Distributed Networking
Due to the emergence of various new technologies, Internet of things (IoT) is gradually becoming one of the most valued technologies at present. The IoT makes our life more and more convenient through the interconnection of everything, but the IoT brings many advantages and also raises some security issues, such as the IoT perception layer as the main means of sensing data delivery, due to the limited resources of sensing nodes and their vulnerability, the diversity of sensing data, and the heterogeneity of the sensing network, making the IoT perception layer more vulnerable to various malicious attacks. Therefore, guaranteeing the trustworthy source of sensing data is the cornerstone to guarantee the secure operation of the sensing layer. In this paper, we investigate the remote proof scheme applicable to the IoT perception layer and propose a remote attestation mechanism using a threshold ring signature for a perception layer of distributed networking, which realizes the trusted proof of a data source and thus can effectively discern the trusted status of the data source, and prove that the proposed scheme in this paper outperforms other remote proof schemes through efficiency analysis and verify the correctness as well as the effectiveness of the scheme in this paper.
The Internet is the “bridge” between the real world and the information world ; in the age of interconnection, there are tens of thousands of equipment for information interaction moment-by-moment . As the kernel of the IoT, the perception layer is mainly responsible for the acquisition and transmission of massive interaction information.
An IoT sensing network is a wireless self-organized network formed by a large number of sensing nodes. The main function of the Internet of things perception network is to perceive and collect relevant information in a certain area and to distribute and transmit the collected information through collaborative transmission between nodes. The nodes in the perception network can be divided into ordinary perception nodes, data aggregation nodes, and management nodes according to their different functions . Among them, ordinary sensing nodes are mainly responsible for collecting and transmitting environmental data in the area. The data aggregation node summarizes the data collected by the sensing node and performs certain calculation processing. The management node makes a unified judgment and identification on the data collected by the sink node through a certain strategy. Generally speaking, the data processing ability of the sensor node is weak, but it should have a certain information perception ability. The data aggregation node should have stronger data processing and storage capabilities. The management node is connected to the data aggregation node through an external network and performs application control on the sensing network.
On the one hand, the Internet of things perception network is similar to traditional networks in terms of networking and communication methods. On the other hand, it also has many characteristics that traditional networks do not have. It can complete functions that traditional networks cannot do, but at the same time, these characteristics also bring many security problems to the perception network. The characteristics of the sensing network of the Internet of things are as follows: sensing network nodes being distributed in a wide area, sensing network dynamic adaptability needs, and sensing network node resources being limited. Because the communication of the sensing layer node is easily eavesdropped and the resources are limited, it is not suitable for some highly complex cryptographic algorithms; with the evolution of attack methods, the sensing node is facing a huge security risk. Once the sensing node is destroyed, being controlled by criminals will cause the loss and tampering of important data, resulting in irreparable losses. The security issues facing the perception layer of the Internet of things include the following: node malicious control, illegal information capture, network DoS attacks, and counterfeiting attacks; e.g., in October 2016, a massive network outage occurred on the East Coast of the U.S., which was caused by a DDoS attack launched by a camera acting as a broiler , so it is an urgent issue to ensure the reliability of the perception nodes . Currently, to cope with the security problems of the perception layer network, the most important issues in the operation of IoT are the security of nodes and confidentiality and integrity of data, and usually we use password mechanisms, authentication, intrusion detection, etc. to secure the network.
At present, remote attestation technology is an important technique for establishing trusted relationships between entities in distributed computing environments . In the direction of proving the state of the perception node platform, the Trusted Computing Group (TCG) proposed a binary remote proof scheme by combining the characteristics of integrity metrics and trusted computing trust chains . The binary remote attestation scheme mainly relies on trusted third parties and uses the trusted third parties to store the standard metric values of trusted platforms. However, how to ensure the reliability of the third party is the main bottleneck. International Business Machines (IBM) Corporation implemented a prototype system for direct attestation of a perception node state using the binary remote proof approach , which meets the remote attestation requirements of TCG specification. Nevertheless, this proposed prototype system by IBM suffers from platform configuration exposure.
In summary, the simple remote proof scheme described above uses the metric as the state flag of the system; however, this mechanism has some problems, such as management difficulties due to the complexity and volatility of the system and security problems caused by the digital signature of the AIK as a metric. The TCG-based remote proof mechanism also suffers from the inability to perform dynamic proofs and the inability to resist the use of the AIK as the digital signature of the metric and to resist replay attacks.
2. Related Work
In order to solve these problems in the TCG remote proof mechanism, scholars at home and abroad have conducted further in-depth research on remote proofs, such as semantic-based remote proof schemes and attribute-based remote proof schemes, but attribute-based remote proofs still have some defects, such as coarse granularity of attributes, large complexity of attribute mapping, and difficulty of attribute revocation. The literature  proposes a trusted proof mechanism based on attribute certificates, with the help of abstracting the attributes commonly owned by computing platforms into certificates containing these attributes; thus, privacy exposure problems can be effectively avoided, and the efficiency of the whole proof process can be improved. Attribute-based proof (PBA) schemes are proposed in the literature , which are more manageable than the hash-based proofs proposed in the TCG specification and also provide platform-specific techniques for integrity and identity authentication; although these solutions propose remote authentication and auditing schemes, they are not yet perfect and are not fully applicable to the current state of the IoT perception layer. The literature  proposes a fine-grained attribute-based remote proof mechanism that can accurately portray the security attributes of a platform and is resistant to forgery attacks; however, it is slightly less computationally efficient in terms of the computational efficiency of component attribute proofs, especially for the presence of a large number of components. To overcome the drawbacks of TCG-based remote proof mechanisms, a large number of hybrid remote authentication models have been proposed . The literature  proposes a semantic remote authentication model that combines remote proofs with virtual technologies and proposes a complex remote authentication model using language-based virtual machine technology with dynamicity as well as platform independence. The literature  proposes a ring signature-based remote proof scheme for attribute configuration that solves the problem of platform configuration leakage in binary proofs, but the scheme adds attribute configuration lists and the mapping of security attributes and configurations in attribute proofs is intractable; also, the update of configuration lists is not efficient. The literature  proposed a remote automatic anonymous proof scheme based on trusted computing technology, which achieves the purpose of anonymous proof and protection of its own privacy through ring signature and can effectively avoid the leakage of privacy, but the scheme does not accurately abstract the external platform attribute values from the external attribute certificates. The literature  proposed an efficient cluster remote proof mechanism applicable to IoT based on grouping of sensing nodes, by grouping IoT devices to set up management nodes for cluster remote proof represented by management nodes, which has high security against collusion attacks. The literature  proposes an automatic audit as well as proof mechanism (FoNAC) for fog nodes to secure the fog layer, FoNAC uses the Trusted Platform Module (TPM 2.0) feature to evaluate and audit the platform integrity of running fog nodes and grant certificates to each fog node after successful security audits, and this scheme can resist replay attacks, forgery attacks, and distributed denial-of-service attacks (DDoS).
Therefore, in order to improve the self-adaptive capability and guarantee the anonymity of nodes, a remote attestation mechanism using a threshold ring signature (TRS-TRS) for the perception layer of distributed networking is proposed in this paper. The main contributions of this paper are as follows. (1)A remote attestation mechanism (RAM), based on the ring signature of the computational Diffie-Hellman (CDH) problem, is established for the perception layer nodes in distributed networking(2)A TRS strategy is proposed for the perception nodes in different logical groups to identify the trusted state of data sources and guarantee the privacy exposure of perception nodes(3)The security properties of the proposed TRS-RAM, including the correctness, unconditional anonymity, and unforgeability, are tested to reveal its effectiveness
3.1. Ring Signature
A ring signature allows users to sign in the name of a self-organizing group of users (called a ring) without revealing the identity of the signer. The concept of the ring signature is similar to that of a group signature, which both hides the identity of the signer to a group. However, they are significant differences. The group administrator in the group signature scheme can revoke the anonymity of the group signature, while the group in the ring signature can select and hide the identity of the signer and does not need for any collaboration among users, due to no centralized authority in ring signatures. Therefore, ring signatures can provide higher anonymity and are more suitable for decentralized application scenarios .
The ring signature consists of three processes: keygen, sign, and verify. Let the public key sequence be a ring and ; the formal definition of the ring signature is as follows: (1). The key generation algorithm takes the security parameter as the input and the public-private key pair of the user as the output(2). The signature algorithm takes the user private key , location , message , and ring as input and outputs the signature , where is a pair of keys output by the key generation algorithm, and contains more than two public keys and two are different(3). The verification algorithm takes the ring , the message , and the signature as input and outputs the verification result of message under the ring
3.2. Bilinear Mapping
Define and to be multiplicative cyclic groups of order , to be a prime number, and to be generators of and , respectively, and to be a computable mapping that is a bilinear mapping if it satisfies the following properties. (1)Bilinear: there is a mapping making all and exists (2)Nondegeneracy: there exist , , and (3)Computability: for , there exists an efficient algorithm to compute
3.3. CDH Problem
Given the group of , known , , , and , it is difficult to compute , when are unknown.
4. A Remote Attestation Mechanism Using the Threshold Ring Signature
In this proposed TRS-RAM, first, the perception node can be divided into several logical groups to eliminate the untrustworthy nodes by the trusted metric model and logic grouping. Then, when the perception node needs remote attestation to the external environment, the remote node can be informed of the logical group to which the perception node belongs and cannot trace the real node itself, due to the different logical groups each having different trustworthiness. Based on the above analysis, the proposed TRS-RAM consists of three parts: credibility metric of perception node, trusted logic grouping, and RAM. The specific process is shown in Figure 1. (1)Credibility metric of perception node: the aggregation node at the regional boundary performs the credit metrics on the perception nodes within the comprehensive metrics, combining the static credibility metrics, dynamic credibility metrics, subjective direct trust, and objective recommendation trust of the perception node(2)Trusted logic grouping: some perception nodes with similar characteristics can be divided into a trusted group through the trustworthiness logic grouping mechanism. Then, when a node needs to prove to the outside world, it only proves that the perception node belongs to a trusted group, so that its identity and location privacy are not exposed(3)RAM: the perception nodes are usually managed by the aggregation nodes. Therefore, the perception nodes in different logical groups can sign their trustworthiness information using the TRS strategy. Then, the remote nodes can analyze and judge whether the data source is trustworthy based on the signature verification results. If the data source is abnormal, the remote nodes can refuse interaction to achieve unconditional anonymity and unforgeability
Remark 1. Compared with some security mechanisms, the proposed TRS-RAM can efficiently evaluate the credibility of the data source node to ensure that interaction information is more secure and meanwhile guarantee the anonymity of node identity.
4.1. Construction of TRS-RAM
This part describes the signature parameter establishment, signature, and verification of the TRS-RAM scheme. Choose the large prime cyclic group of order with as a bilinear mapping. Specify that and are both secure hash functions in which the bit number of the node unique identification ID and information is the bit vector of and . The construction of TRS-RAM is as follows:
4.1.1. The Signature Parameter Establishment of TRS-RAM
Choose arbitrarily , , , , , and , is an integer domain, is a generating element of , and and are the number of bit vectors. , , and ; is the bit vector of , and is the bit vector of . For arbitrarily choosing , the system master key is and the relevant parameters are .
The perception node is identified as ID, let be the bit vector of , and is the th list with . For randomly selecting random number , the private key of the node identifier corresponding to ID is
4.1.2. The Signature Process of TRS-RAM
When the system parameters are established, the signature node will sign for the message (message is the credibility of the perception node). For the perception nodes in a certain perception layer, the signature identification list of the nodes is and the signature identification list of remaining nodes is ; the signature process is as follows: (1)The signature node arbitrarily chooses and sets as the secret parameter. Then, the signature node chooses the polynomial :
Let , and each gets where can be shared with other signature nodes and . Then, is shared with all nodes except itself (all other members in the signature subset), and record for itself. (2)The node gets the broadcasted by , and if the left and right sides of equation (4) are equal: the verification is successful. (3)The secret of every node is (4)In the set of signature nodes , the private key of the signature node is . and are the list of the bit vectors of : where is the Lagrangian coefficient. (5)At each node in the set, for arbitrarily choosing , let
Thus, can obtain (6)The final TRS of message and the list of nodes is
4.1.3. Verification of TRS-RAM
The remote node can check to determine the exception. There are no less than signed nodes to jointly verify that the generation process of is in the list of nodes . (1)The remote node verifies the error number of and then checks whether is equal to . If it is equal, the remote node continues the following verification process and vice versa; otherwise, it means that the verification is not successful(2)Then, the remote node judges
If the equation is satisfied, it means that is legitimate and the signature can be accepted; otherwise, the signature is rejected.
4.2. Security Analysis of TRS-RAM
To ensure the security of the proposed TRS-RAM, the correctness, anonymity, and unforgeability can be verified. (1)Correctness
Theorem 1. Assuming that all the perception nodes in the set can faithfully execute the signature protocol, the signer can correctly generate a signature for message . Accordingly, the verifier must also be able to verify it successfully.
Proof. In the proposed TRS-RAM, considering that thus ☐
The signature is calculated:
From equation (12), it is clear from the above proof process that as long as the signer generates the signature correctly according to the signature protocol, the signer can get a legitimate signature; Theorem 1 is proven. (2)Anonymity
Theorem 2. The proposed TRS-RAM has unconditional anonymity; i.e., for the TRS generated by the set of nodes , the probability that an attacker can successfully guess is less than and thus has unconditional anonymity.
Proof. Considering that where is obtained randomly by the set of nodes , thus the private secret of the signature node is irregular. Moreover, in the signature are also irregular and cannot expose the relevant features of the real signature node. For and : where represents the master key, is irregular and the selection of is also chosen irregularly; thus, they are not associated with the real signature node.☐
Therefore, assuming that the attacker has unlimited computational power and can intercept the private keys of all signature nodes in at the same time, the probability that the attacker can successfully guess the actual subset of signatures is no more than in terms of probability; i.e., the attacker cannot trace the subset of signatures in for a subset of signatures. Therefore, the proposed TRS-RAM satisfies unconditional anonymity. Theorem 2 is proven. (3)Unforgeability
Theorem 3. By taking the CDH hard problem as a premise, this signature process is unforgeable. Only the specified nodes can produce a correct signature, and the exceptional node or a subset of group node cannot produce a correct signature.
Proof. If attacker can forge the legitimate signature subset with nonnegligible probability, an algorithm which is a probabilistic polynomial can be constructed. can solve the CDH hard problem by invoking with probability in time .☐
is the certain CDH instance of the presupposed, and it is desired to solve the CDH hard problem by and subsequently obtain , so that impersonates the challenger of . It can be divided into various steps as follows. (1)System initialization. Let and , represents the number of queries of the private key, and represents the number of signature key queries which is queried by . The and are arbitrarily selected. and are less than . is randomly picked and whose bit number is , and belongs to ; is randomly picked by and whose bit number is , and belongs to ; is randomly picked by and whose bit number is , and belongs to ; is randomly picked by and whose bit number is , and belongs to ; and is randomly picked by and whose bit number is , and belongs to
For the bit vector and which are the bit vector of unique identification ID in the perception node list and signature message, it is specified as follows:
For the proposed TRS-RAM, can use the parameters:
There is no difference between the parameters in equation (16) and the public parameters derived by the attacker. Therefore, and where can transfer these parameters to . (2)Query. If makes a query, will make a reply. The query can be divided into private key query and signature query
Private key query: when interrogates the private key of node , even though cannot know its master key, can also compute that the private key of node is , assuming that . randomly selects and then yields
Thus, it can know that is the legal private key of the node identification .
For , the private key constructed by is exactly the same as the private key generated by the real challenger. If , the above process cannot continue and cannot succeed.
Signature query: first, needs to compute and then obtains the by the following procedure: (a) arbitrarily selects and sets the (th polynomial (b)The list has no less than to make that . Assume is the set which makes the hold. Then, . can calculate the private key based on the process of private key query, and then, the private secret of all nodes that perform TRS can be derived. The corresponding gated-ring signature is constructed by the proposed TRS-RAM based on the signature generation process
If the number of nodes in list which makes is less than , can construct a TRS. Let . Then, arbitrarily picks and can obtain
Thus, is valid. If , then the above process will stop and fails. (3)Forgery. For , can forge the signature of TRS for and threshold value . can verifywhere equations (21) and (22) are not satisfied; cannot be successful. If both equations are satisfied, yields where the result is the answer to the difficult question. Therefore, if the probability of an attacker succeeding in forging a legitimate gated-ring signature is nonnegligible, there must be a corresponding algorithm to solve the hard problem. However, this contradicts the assumptions of the discrete logarithm problem. Theorem 3 is proven that the proposed TRS-RAM in this paper is known to be unforgeable.
In summary, for the perception layer distributed networking model, the threshold ring signature scheme based on node trusted logical grouping designed in this section under the standard model realizes the trusted proof of the data source, and by analyzing and proving the security of the scheme, it is known that the scheme can effectively protect the privacy information of the proof nodes, has unconditional anonymity, and satisfies the unforgeability, while the signature of the scheme length is short; therefore, the proposed scheme in this paper is secure, efficient, and suitable for perceptive nodes with limited computational resources.
Remark 2. Based on the above analysis, for the distributed networking model of the perception layer, the proposed TRS-RAM can realize the credibility attestation of perception nodes. Moreover, it can be seen that this proposed TRS-RAM can effectively protect the privacy information and has the correctness, unforgeability, and anonymity by analyzing the security of TRS-RAM.
Meanwhile, the group signature length of TRS-RAM is short. Therefore, the proposed TRS-RAM in this paper is secure and efficient and more suitable for perception nodes with limited computational resources.
5. Efficiency Analysis
Table 1 shows the time complexity of each operation, comparing the data with the literature reference . Considering the smart terminal with the latest CortexA9 1.2 GHz microprocessor, the time of the quantitative multiplication operation on the elliptic curve is about 0.00195 s. Combining Table 1 with Table 2, it can be seen that the scheme in this section is more efficient than all the existing comparison schemes.
In this paper, a TRS-RAM was designed to evaluate the credibility of the perception node and protect the autologous identity privacy. The remote attestation process can be accomplished by introducing TRS, which can avoid exposing the privacy of the node. The verifying node can inquire the credibility of the perception node from the management node based on the received signature and can also trace the node when the data is disputed to achieve the dynamic tracking of the node. Moreover, the proposed TRS-RAM has the correctness, unforgeability, and anonymity to effectively guarantee the security of the perception node, and our solution has higher efficiency compared to others. In our future work, some improved TRS mechanisms will be studied for perception nodes to further improve the certification performance.
No data were used to support this study.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
X. Li, Z. Xuan, and L. Wen, “Research on the architecture of trusted security system based on the Internet of things,” in In 2011 Fourth International Conference on Intelligent Computation Technology and Automation, vol. 2, pp. 1172–1175, 2011.View at: Google Scholar
O. Vermesan, P. Friess, P. Guillemin et al., “Internet of things strategic research roadmap, cluster of European research projects on the Internet of things,” in CERP-IoT, 2011.View at: Google Scholar
Y. Ning, Y. Zhu, R. C. Wang, R. Malekian, and Q. M. Lin, “An efficient authentication and access control scheme for perception layer of Internet of things,” Applied Mathematics & Information Sciences, vol. 8, no. 4, pp. 1617–1824, 2014.View at: Google Scholar
R. Sailer, X. Zhang, and T. Jaeger, “Design and implementation of a TCG-based integrity measurement architecture,” in Proc. of the 13th Conf. on USENIX Security Symp, 2004.View at: Google Scholar
R. Sailer, V. L. Doorn, and J. P. Ward, “The role of TPM in enterprise security,” RC23363 (W0410-029), IBM Research, 2004.View at: Google Scholar
J. Zhao, Z. Han, J. Liu, and R. Zhang, “A remote proof protocol based on trusted cryptographic module,” Journal of Beijing Jiaotong University, vol. 34, no. 2, pp. 33–37, 2010.View at: Google Scholar
A. Awad, S. Kadry, B. Lee, and S. Zhang, “Property based attestation for a secure cloud monitoring system,” in IEEE/ACM 7th International Conference on Utility and Cloud Computing, pp. 934–940, IEEE, 2014.View at: Google Scholar
V. Haldar, D. Chandra, and M. Franz, “Semantic remote attestation: a virtual machine directed approach to trusted computing,” USENIX Virtual Machine Research and Technology Symposium., vol. 2004, 2004.View at: Google Scholar
L. Zhu, Z. Zhang, L. Liao, and C. Guo, “A secure robust integrity reporting protocol of trusted computing for remote attestation under fully adaptive party corruptions,” in Future Wireless Networks and Information Systems, pp. 211–217, Springer, Berlin, Heidelberg, 2012.View at: Publisher Site | Google Scholar
X. Zhang, X. Y. Yang, and R. R. Zhu, “A remote proof scheme for attribute configuration based on ring signature,” Journal of Wuhan University: Science Edition, vol. 2, pp. 117–121, 2016.View at: Google Scholar
J. Q. Liu, J. Zhao, and Y. Zhao, “A study of remote automatic anonymous proofs in trusted computing,” Journal of Computer Science, vol. 32, no. 7, pp. 1304–1310, 2009.View at: Google Scholar
B. Du, Y. Qin, W. Feng, and X. Chu, “An efficient cluster proof mechanism for the Internet of things,” Computer Systems Applications, vol. 27, no. 10, pp. 22–32, 2018.View at: Google Scholar
S. Balaji, “Secure data sharing in cloud without certificate verification process using ID-based proxy ring signature,” Data Mining and Knowledge Engineering, vol. 8, no. 4, pp. 1304–1310, 2006.View at: Google Scholar
F. Hess, “Efficient identity based signature schemes based on pairings,” Tech. Rep., Springer-Verlag, Berlin, 2003, SAC'2002,LNCS 2595.View at: Google Scholar