Abstract

Intelligent internet of things (IIoTs) have these features: heterogeneous network patterns, significant differences in devices, dynamic variability of network topologies, etc. In the complex security situation, it is necessary to reject data from untrusted devices to guarantee the security data trading of IIoTs. In this paper, we focus on the trustworthiness and authentication in a hybrid SDN scenario of IIoTs. For the process of the trusted judgment, we firstly implement the standardized model for the nodes with the device attributes, network states, and operation behaviors. Based on the standardized model, we propose feature evaluation functions in SDN and IP domains, respectively, to calculate the intradomain node trust values to achieve the trusted judgment. To consider the demand for secure data trading for cross-domain devices, we propose a remote data trading scheme in which the data transmitter signs the node identity and its trust value by a group signature and the data receiver verifies the signature. The group signature is not only to protect the privacy of the group members but also to support the dynamic accession and revocation of group members, so it is more suitable for IIoTs where the nodes frequently access/exit. The security is proved under the standard model. We conduct the simulation experiments to evaluate the correctness of the trusted judgment mechanism. The evaluation shows that the scheme has lower computational cost and the higher efficiency of the group signature scheme.

1. Introduction

According to IoT analytics, the number of connected IoT devices worldwide is expected to reach 14.5 billion by the end of 2022. Up to 2025, there will probably be more than 27 billion IoT connections [1]. As the explosive growth of network scale and business traffic, the drawbacks of the traditional switch-based network architecture are obvious, and the increasingly complex network protocols have made network operation and maintenance more complicated and more challenging in management and configuration. The emergence of software-defined networking (SDN) has changed the existing network infrastructure, shielding the underlying physical network differences and meeting the needs of IIoT security, management, applications and other requirements, thus becoming an innovative network architecture suitable for IIoT heterogeneous scenarios.

Nowadays, it is very costly to complete the networkwide deployment of the SDN in a short period, so there will be the coexistence of the SDN network and the current mainstream IP network. Accordingly, the hybrid SDN model indicates the coexisting network architecture [2]. The hybrid SDN model inherits SDN security flaws such as topology poisoning attacks [3], new-flow attacks [4], blackhole attacks, grayhole attacks, Sybil attacks, and other security threats. In addition to internal and external attacks, devices in the hybrid SDN require the interaction of secure data trading. Therefore, we provide solid solutions for hybrid SDN to provide trusted judgment for intradomain nodes and remote attestation for cross-domain nodes, to ensure the security of the dynamic operating environment of IIoTs and the security of the data trading source.

The legacy IP and SDN networks interconnect, and the data trading demands of intradomain or cross-domain devices exist in both network architectures. The data trading with untrusted devices is unsecured, so it is necessary to perform trust judgment for the data trading source, as illustrated in Figure 1. Because of the heterogeneity of device nodes, the trusted judgment methods for devices are hard to unify [5]. The SDN control node as the manager of the SDN domain builds the trust chain for the trust measurement of the devices, as seen in Figure 1(a). However, there are no management nodes in the IP domain, and the nodes make trusted judgments by each other, as seen in Figure 1(b). Due to the SDN and IP domains cannot communicate directly, cross-domain devices must exchange their identity information and trust values to judge whether the other party is trusted or not, as seen in Figure 1(c). The trusted judgment of cross-domain devices exploits the remote attestation mechanism proposed by TCG [6]. In hybrid SDN, we adopt the remote attestation mechanism to prove the trusted transmitter by sending relevant information such as node identity information and trust value to the remote node for verification. It is necessary to propose a signature scheme to prevent falsifying the message.

(a) Trusted judgment in SDN domain

(b) Trusted judgment in IP domain

(c) Trusted judgment between SDN and IP domains

(a) Trusted judgment in SDN domain
(b) Trusted judgment in IP domain
(c) Trusted judgment between SDN and IP domains

Figure 1 

The process of trusted judgment for the intradomain or cross-domain nodes.

In hybrid SDN, IP and SDN networks can be treated as two separate groups, so the remote attestation scheme is suited to exploit the group signature. The group signature scheme can only indicate that the signer is from the group, which does not expose the node privacy and trace the signer when it is questioned. Since IIoT is a dynamic changeable network, the node trust value is closely related to the changes in the surrounding environment, such as the business execution and the states of the neighboring nodes. If the node is untrusted, it will not be able to participate in the signature process as a group member. Nevertheless, most group signature models do not consider the member revocation operation [7]. As a result, the group signature scheme which supports dynamic joining and revocation of group members is more suitable for the dynamic operating environment of IIoT nodes.

To ensure the security of data trading, it is necessary to confirm that the data trading source node is trusted. In this paper, we build the standardized description models of the intradomain nodes at first for the SDN and IP domains in the hybrid SDN architecture. Based on the standardized model, we calculate the trust value of the intradomain nodes by their respective feature evaluation functions. The cross-domain devices realize the remote attestation by a group signature to judge whether the data trading source node is trusted or not to enhance the security of IIoT data trading. Our paper makes the following contributions: (i)By analyzing the operating environment of devices, tasks, and devices in hybrid SDN architecture, we build the standardized models using multidimensional attributes, network states, and interaction behaviors of the IIoT nodes in the SDN and IP domains(ii)By setting the feature evaluation function, we propose the trusted judgment models of the intradomain nodes, complete the calculation of the node trust values, and verify the correctness of the trusted judgment process in simulation experiments(iii)By using the remote attestation mechanism for cross-domain nodes, we propose a group signature scheme that supports dynamic joining and revocation of group members and has less computation and higher efficiency; meanwhile, the security of the scheme is proved under the standardized model

In Section 2, we describe the related work. Section 3 describes the hybrid SDN architecture and the standardized models in SDN domain and IP domain. We detail the implementation of the intradomain trusted judgment in Section 4. Section 5 realizes a group signature scheme and the security analysis. Section 6 is the simulation experiments for the trusted judgment and the group signature scheme. We conclude our work in Section 7.

2. Related Work

SDN is a novel network model; although SDN can be applied for IIoTs and dynamically perform different IIoT tasks in heterogeneous network scenarios, the openness of SDN leads to the possibility of serious security threats [8]. Liu et al. [9] proposed an SDN-based secure connectivity model for IIoTs, to safeguard the network by controlling the data flow and using a combination of channel and tag protocols to solve the routing security problem. But the security mechanism of the model is too complex, with poor real-time response and high energy consumption. Zhou et al. [10] combined trusted computing technology with the SDN network architecture to ensure the security and trust of the control domain in the SDN by using the SDN controller as the trusted root and measuring the device hardware, boot sequence, controller operating system, communication module, controller policy application, and other modules and network devices as the trusted chain transfer rules. The model relies on a security-trusted hardware platform and requires a costly reconstruction of the SDN controller.

The abstract description of devices in IIoTs is the key to building a secure and trusted IIoTs. There are several standardized description models for IIoT scenarios. Chen et al. [11] proposed multidimensional attributes of the IIoT nodes in edge computing, and a comprehensive trust aggregation algorithm is implemented by the subject node for the trusted judgment using the unified quantification. The model realizes trust attributes in the edge computing environment as a domain and lacks the security for cross-domain nodes. Zheng et al. [12] proposed a trust management mechanism for the wireless sensor network by calculating the trust values to achieve dynamic adaptive adjustment. The model uses a distributed networking structure to realize local trust measurement and global trust measurement for the selection and update of management nodes. The model is applicable to wireless sensor network architectures and only considers the distributed IIoT scenario.

The trusted IIoT data trading is built on the basis of the trusted data source. Yu et al. [13] discussed three IIoT data source security models and defined the security of each model, discussed the security challenges faced by different applications, and proposed security strategies for different attacks. However, the network models are from specific security threats and are less capable of dealing with unknown security threats. Gong et al. [14] proposed a trusted authentication scheme for IIoT data sources based on a trusted hierarchy, which uses a threshold group signature scheme to achieve trusted authentication of data sources. The group signature scheme lacks a revocation mechanism and is not applicable to the dynamic trusted judgment process. Liu et al. [15] proposed a distributed IIoT systems for smart cities, which builds a subdomain network by blockchain real-time reviewing of transaction nodes and adopts ring signature to ensure the privacy and security of data signature.

In general, the existing trust models and remote attestation schemes are not suitable for hybrid SDN. Legacy IP and SDN are different in networking models, devices, and protocol configurations. Therefore, it is necessary to redefine the node attributes and operational behaviors for hybrid SDN and study the intradomain and cross-domain trusted judgment mechanism which is applicable to hybrid SDN.

3. The Standardized Models for Hybrid SDN

3.1. Hybrid SDN Architecture

SDN cannot connect directly with legacy IP network due to the difference in message exchange mode; the hybrid SDN architecture is to be formed. Hybrid SDN networks are divided into the SDN autonomous system (SAS) and IP autonomous system (IPAS). The SAS is a centralized framework by the SDN controller as the manager, while IPAS is a distributed framework, with SAS and IPAS bridged by a gateway, as shown in Figure 2. The IP and SDN is hybrid in topology and divided into two domains, which face compatibility problems and security challenges in both domains [16].

Figure 2 

Hybrid SDN Architecture (left is the SAS domain, right is the IPAS domain, and the gateway connects two domains).

The SAS contains an SDN controller, OpenFlow switches, legacy routers, legacy switches, middleware, agent, and IIoT devices. In Figure 2, the yellow table is the flow table which indicates that the device is under SDN control, and the green table is the legacy routing table. There are several networking models for SDN and IP networks to coexist: (1) a networkwide SDN in which SDN controllers manage OpenFlow switches and IIoT nodes: the mode is simple to deploy as the SDN controller performs all the management roles in the network, but not all legacy devices support centralized management protocols. The SDN controller can execute the communication protocol by itself without protocol translation. A networkwide SDN mode is costly in the process of upgrading legacy network scenarios [17]. In terms of security, the problem of a single-point failure in the networkwide SDN controller is fatal, as illustrated by the red line in Figure 2. (2) Incremental deployment of SDN in legacy networks: the SDN controller uses the middleware to change the configuration of legacy devices by parsing the original IP legacy protocol to interact with the SDN switch in standard mode. The SDN switch does not need to support all OpenFlow features in the middleware mode. The middleware node is illustrated in the left diagram of Figure 2. (3) Legacy router/switch deployment in the SDN domain: an agent to implement the OpenFlow protocol is added to the legacy device to communicate with the controller without any changes applied to the controller. The bottleneck of the agent limits the scalability of the network, as illustrated by the agent node in the left diagram of Figure 2. A comparison of hybrid SDN networking models is shown in Table 1.

3.2. The SAS Intradomain Standardized Model

The SDN architecture defined by the ONF organization is divided into three layers [18], as illustrated in Figure 3. The SDN network infrastructure consists of switches, routers, middleware, and SDN network protocols. The SDN control plane executes the protocols and software, including the southbound protocol, network operating system, northbound open interface, and application layer software. OpenFlow is the most widely used southbound interface standard in SDN, connecting the controller and forwarding devices to achieve separation of the control plane and data plane. The northbound interface is an open interface to business applications that connects the control plane and application plane. The SDN controller (SDN network operating system) is a centralized scheduler of various resources in the network to provide services for traffic engineering, mobile and wireless networks, network measurement and monitoring, network security, and data center networks. The SAS intradomain standardized model is proposed as follows.

Figure 3 

The SDN network architecture (the ONF organization defines three layers, including control plane, data plane, and application plane).

3.2.1. SAS Device Attribute Description Vector

The core functions of the SDN controller include forwarding device management, forwarding rule calculation, and resource management, which realize the centralized management of SDN. A single-node controller architecture is illustrated in the middle of Figure 3. SDN controller attributes are denoted by the 7-tuple , where indicates the controller identity (including network identification number, authentication key, and additional access information); indicates the digest value of the stored information component in the controller, which is used to store and manage all SDN information; and is the digest value of the information processing component, which is used to configure various rules of the forwarding device, . OpenFlow switches consist of ports and flow tables, group tables, and meter tables. The set of ports is denoted by . The flow table is the forwarding table digest value for data flow. A data flow corresponds with a flow table entry, and the mapping of the source and destination flow tables is configured by the specific forwarding device. The group table is defined as a set of action buckets that can be used by multiple flow table entries to achieve multicast, load balancing, disaster tolerant backup, and aggregation functions. The meter table provides QoS for OpenFlow switches by metering flows and setting speed limit rules. is the control management component, which represents the communication overhead of the controller. The component is responsible for connecting various forwarding devices of SDN networks and managing the flow table states. denotes the mapping relationship of the controller instance and the switches attached to it. If contains SDN middleware or agent in the hybrid SDN structure (see Figure 2), denotes the mapping relationship of and the middleware which belongs to it, and denotes the mapping relationship of and the agent which belongs to it.

The other nodes must register their device attributes information to the SDN controller when they are first accessing to network. The network nodes and IIoT nodes consist of device identification , device type , device hardware information , basis software, and configuration protocol information , which are described by the 4-tuple .

3.2.2. SAS Network Attribute Description Vector

In SDN networks, the bandwidth is , the trading delay is , the flow table lifetime is , and the time delay is . Therefore, the following 4-tuple is defined to describe the network attributes , where the trading delay represents the time gap from the entry of the packet into processing to the end of being processed, assuming that the beginning time is and the end time is , then . The flow table lifetime indicates the flow table existence time, and the value impacts the switch forwarding speed; the larger means the longer occupied the switch time, the more load for the flow table to process. The time delay indicates the time that a packet is sent from the source to the destination and consists of the link trading delay, signal propagation time on the link, node queuing, and processing time, , where is the packet group size, is the bandwidth, is the signal propagation delay, is the node queuing time, and is the node processing time.

3.2.3. SAS Link State Description Vector

The SDN link states include the node addition and deletion, link alteration, and the topology states. The SDN network topology is represented by a 3-tuple ,where denote the set of nodes, denotes the set of ports, and denotes the set of links in topology. denotes the data flow from port to port , . When belong to the same node, indicates a data link from port in to port out in a node; when belong to different nodes, indicates a data link through port to port . Then, and denote the network topology states at the moment and the moment. denotes the topology changes, , where denotes the set of node changes from the to the moment, , where means nodes, means add/delete nodes by device management module in controller, if means no change in device nodes. denotes the set of port changes from the to the moment, , where denotes the port of node , denotes port enabled/disabled, and the port addition/deletion depends on the data forwarding rule . denotes the changes of data links from the to the moment, , where indicates the link change from the port of node into the port output of node , , . If there is no change in the device node, topology switching is performed based on the data of in .

3.2.4. SAS Application Task Description Vector

Given that the set of tenants in SAS is , applications represented the set ; each application runs tasks represented by the set ; the mapping relationship between controller and switches is ; the mapping relationship is constructed between switches and applications, represented by ; the mapping relationship is constructed between tenants and applications as ; and the mapping relationship is constructed between applications and tasks as ; then, the SDN application tasks can be described by the 4-tuple .

The SAS standardized model can be composed of device attributes description vector , network attributes description vector , link states description vector , and application tasks description vector ; thus, the SDN single-controller mapping model is represented by the 5-tuple .

3.3. The IPAS Intradomain Standardized Model

There are some heterogeneous networks in IIoT scenarios, with the difference in hardware and software attributes, deployment locations, task states, computing capabilities, and network data trading capabilities of the nodes. Building a mapping model of IIoT nodes is critical to complete IIoT security and trust. A unified mapping model for IIoT devices in IPAS is shown as follows.

3.3.1. IIoT Device Raw Attribute Description Vector

The IIoT devices are identified by attributes solidified in devices, such as the device profile information about the device hardware type, vendor, product name, version number, and device verification information. The software attributes consist of firmware, communication protocols, third-party libraries, and operating system information. Firmware is a software module to accomplish the communication between various types of devices in order to overcome the problem of heterogeneous communication protocols. The device identification is , the hardware device information digest value is denoted by , and the basic software digest value is denoted by ; then, the 3-tuple is used as the identification information of the IIoT heterogeneous node entity.

3.3.2. IIoT Network Attribute Description Vector

A set of network addresses is present by the node source address, destination address, and MAC address as , is present as the set of ports, network bandwidth as , the selected channel as , the requested data as , the actual sending data as , the response time as , the IIoT heterogeneous network environment can be represented by the 7-tuple .

3.3.3. IIoT Link State Description Vector

The IP network routers are interconnected through links, usually indicated by the unweighted undirected connectivity diagram [17]. is present the state of links, where denotes the set of routers, switches, and IIoT nodes and denotes the set of links. There are two link instances and , and the change of nodes using the intersection of two-node sets is presented by , and the change of links is presented by .

3.3.4. IIoT Application Task Description Vector

IIoT nodes collect data, forward the data, and even provide services. The composite tasks execute in multiapplication multitasking scenarios. In , denotes the set of all applications running at a node instance, and the subtasks set running at an application instance is presented by . Each subtask can only connect one channel in a time period, and the channel set is presented by . The application tasks of the node are presented as the 3-tuple .

The IIoT devices in IPAS are interconnected using IP protocols. The IPAS node is mapped by building multidimensional attributes such as raw attributes , network attributes , link states , and application tasks . Thus, the IPAS node can be represented by the 4-tuple .

4. A Trusted Judgment Model for Hybrid SDN

4.1. The Definition of the Trusted Judgment Model

In the hybrid SDN scenario, the trusted judgment methods are different based on the networking models of SAS and IPAS. Because of the centralized networking in SAS, the controller as the manager evaluates other nodes according to the feature evaluation function to judge whether they are trusted. In IPAS, there is no management node; hence, the nodes are equal to each other; thus, the feature evaluation function needs to be developed by the collaboration of the nodes and then judge which nodes are trusted by the feature evaluation function. All operations of the abnormal nodes in domains will be strictly restricted. The definition of trusted judgment is shown as follows.

Proposition 1 (SAS feature evaluation function). Suppose there exists a group , the mapping model of nodes in SAS is , the SDN controller is the management node, the node rule calculation function is is , and the trust value of node is calculated by the feature evaluation function , then the node trust value is calculate as .

Proposition 2 (IPAS feature evaluation function). Suppose there exists a group , the mapping of nodes in IPAS is , the node rule calculation function is , and the trust value of node is calculated by the feature evaluation function , then the node trust value is calculate as .

Proposition 3 (Trusted judgment). Set a trust value boundary threshold at each autonomous system; if the node trust value , the node is judged to be abnormal and all the operations of the node are restricted.

4.2. The SAS Intradomain Trusted Judgment Model

The trusted judgment model is realized based on the standardized model in Section 3, and the following logically describes the process of trusted judgment for nodes in SAS and IPAS. Assuming that the SDN controller as the management node in SAS is trusted, it is necessary to perform the trusted judgment for the connected devices, as described in Section 3, the control node measures the network nodes such as router, switch, middleware and the common IIoT nodes to ensure the global trust value in the SAS domain, as demonstrated in Figure 4.

Figure 4 

The trusted judgment model in SAS (including the trusted judgment of SDN controller, network nodes, and IIoT nodes).

4.2.1. Node Device Metric

In SAS, the IIoT devices request to access the network for the first time or the global trust value is lower than the threshold that needs to evaluate, based on the device attributes description vector of the nodes as input. The digest value of the node hardware and software is judged by the feature evaluation function whether the IIoT node is trusted, and the IIoT node trusted evaluation is performed by the network node. In case is the superior node and denotes the device type, hardware, and software information submitted at the first registration period to ; the device trust value of the nodes in SAS is calculated by

IIoT node submits attributes such as device information when it is registered, and the superior node will compare the submitted information with the one registered to judge whether the node is a fake or not. And indicates that basic information such as node software and hardware is not forged.

4.2.2. Dynamic Behavior Metric

The node device metric is only a verification of the identity, and the dynamic behavior metric of the node is also necessary. The node network attributes reflect the network quality level. Assuming the network state expectation set by the SDN controller at time is , the cosine similarity is used to calculate the network state similarity function to decide the network environment similarity . The data trading latency must be in the tolerable range, with a threshold value of . If , the probability of the attacked node is increased and the data trading delay metric value is . The malicious node drops specific packets by probabilistic forwarding or by spoofing, tampering, or retransmitting routing information through routing loops. Therefore, the data forwarding amount and the repetition rate can be used to detect the abnormal behavior of the node. The data forwarding of the node can be obtained from the flow table for the requested data forwarding amount and the actual data forwarding amount and the data repetition rate ; then, the actual forwarding ratio value of the node is . The threshold value of data forwarding repetition rate is , if ; it is possible to occur the blackhole attack and the repetition rate for forwarding behavior is .

In summary, the node dynamic metric can reflect the impact of the anomalous nodes. The node dynamic behavior trust value is defined by the network environment similarity, data trading delay metric, the actual forwarding ratio value, and the data repetition rate. Thus, is calculated by where , , and denotes the weights, and .

4.2.3. Task Execution Environment Metric

The node operational state is dynamic, and the node task execution is used to evaluate whether the node operation is as expected. The accuracy and dynamics of the node metric require checking the node behavior change in the time window . And the node behavior change is denoted by , the expected behavior of the node is presented by , and the Jaccard similarity coefficient is used to calculate the execution environment trust value by

where denotes the Jaccard similarity coefficient of the set with . The larger the value, the more similar to the actual operational behavior of the node and the expected behavior, as well as the higher the dynamic behavior trust value. Jaccard similarity coefficient can be used to quickly estimate the similarity of two sets using the MinHash algorithm [19].

4.2.4. Global Trust Value of the Node

The node global trust value is aggregated by the node device trust value , the node dynamic behavior trust value , and the node task environment trust value . If the node device trust value is 0, the node is faked. The global trust value of the node is calculated by where and denote the weights, .

In SAS, the controller performs the security situation assessment of each node, including initial integrity verification and dynamic behavior verification. If the trust value of the node is higher than the given trusted threshold, the node is considered trusted; otherwise, the node is untrusted to restrict the node operation to ensure the SAS domain is trusted.

4.3. The IPAS Intradomain Trusted Judgment Model

In IPAS, the security situation assessment of the node in the distributed network is realized by its neighbor nodes. The node using store-and-forward messages can obtain the recommendation trust value by the neighbor nodes, as illustrated in Figure 5.

Figure 5 

The distributed networking and trusted judgment model in IPAS (including direct recommendation trust and indirect recommendation trust).

4.3.1. Direct Recommendation Trust Value

In IPAS, the node is connected to the network and exchanges identity information with neighbor nodes to be evaluated, moreover, let node evaluate node has times normal interaction and times abnormal interaction. The interaction result obeys the distribution, and is the posterior probability of [20]. According to the Bayesian trust model, the expectation is used as the trust value, the directly recommendation trust value can be calculated by

The Bayesian trust model only considers the interaction among nodes and does not consider the effect of the recommendation trust value on the current nodes, such as the decline of trust value with the increase of time. Assume in the time window , for the node , the sequence of directly recommendation trust values is . Let be a trust value of node with the longest time, and is the trust value at the current time. The decay function exhibits that the node trust value decays according to the changes of the execution times , so the decay function is defined as , where .

A reward/punishment factor is used to evaluate the successful/failed interaction behavior of nodes, then the reward/punishment factor is set to , where indicates successful interaction or failed interaction behavior, is the number of successful interactions, and is the number of failed interactions. The reward value of the current node is related to the times that the node is judged to be trusted and the reward value of the previous time. The node reward factor is and the punishment factor is , so the node reward/punishment value can be calculated by . The trust value is decayed with time while the reward/punishment factor needs to be updated. When a node completes an interaction, if the interaction behavior is a successful interaction, it is counted in the sequence , then . If the interaction is failed, it is counted in the sequence , then . and are substituted into the Bayesian trust model (Equation (5)); then, the direct recommendation trust value of the node is calculated in

4.3.2. Indirect Recommendation Trust Value

For the distributed networking model, the neighbor nodes need to be evaluated comprehensively, as shown by the blue line in Figure 4, where malicious nodes may raise or devalue the trust value of the evaluated node. Let the initial recommendation trust value sequence for the node be , and the direct recommendation trust mathematical expectation is , and calculate the recommendation trust and its mathematical expectation trust similarity as the deviation of the trust data; the further away from the expected value the smaller the weight, the more likely it is to be malicious and defamatory. The Euclidean distance similarity discrimination is used to calculate the trust data evaluation dispersion as . According to the indirect recommendation trust value and its weight, the indirect recommendation trust value is , as shown by

4.3.3. Global Trust Value of the Node

With the distributed networking model of IPAS, the global trust value of the evaluated node at the moment merges the direct recommendation trust value and the indirect recommendation trust value, and the global trust value is calculated by

where and are the adaptive weight of direct recommendation trust and indirect recommendation trust, and . The information entropy is used to determine the weights corresponding to each indicator to overcome the limitations of empirically weights [20]; then and are calculated as follows:

The security situation assessment of IIoT nodes in IPAS, if the trust value of the node is larger than the threshold value, the node is considered to be trusted; otherwise, the node is untrusted, and the node operation is restricted to ensure the IPAS domain is trusted.

5. Group Signature Scheme and Security Analysis

5.1. Difficult Problems and Assumptions of the Group Signature

In hybrid IP/SDN architecture, a node in SAS transmits data to a remote node in IPAS, the sending node needs to show it is trusted to the remote node firstly, and then the remote node verifies the identity of the sending node and verifies the sending node is trusted to the superior node based on its trust value. We propose a remote attestation scheme using group signature that any member in the group can sign on behalf of it. Our group signature scheme is based on the q-SDH assumption and the concept is defined as follows.

Theorem 4 (Bilinear mapping). Let , and are multiplicative cyclic groups of order prime and are the generating elements of the group . Given a mapping , for any , there exists .

Theorem 5 (Computational Diffie-Hellman problem, CDH). Let there exist and . Given the tuple under the unknown condition, it is difficult to compute .

Theorem 6 (q-strong Diffie-Hellman, q-SDH assumption). Let . Given as input a -tuple , for every adversary , the probability for any value of , is the negligible quantity.

5.2. The Scheme of the Group Signature

The group signature scheme is firstly required to construct a group, consisting of a group manager and several group members . In hybrid SDN, the SDN controller and IP gateway act as of their separate group, and the IIoT node as group member to sign for external signatures, and the signed message is the global trust value of the node. generates the group public key and private key , negotiates with the signature private key , and adds the registration information item about to the group registry . The node trust value is signed by group public key and user private key to group signature . The verification of the signature is implemented by the group public key , the message , and the group signature . If is the group signature of message , the node is the trusted source of data trading and submits the trust value to the superior node to judge whether the trust value is higher than the threshold value to judge whether secure data trading can be realized or not. If the identity of the signer is questioned, the signature can be opened to find out the identity of the group member based on the group signature and the private key and the registry entry . When a group member revokes its signature from the group, gets a new revocation item by using the group public key , private key , and as input and adds it to the revocation list (RL). After the revocation, the new signature private key is calculated based on the member private key in RL. The group signature scheme includes system parameter creation setup, signature, verification, and signature open and signature revoke processes.

5.2.1. Setup

Randomly select three bilinear mapping cyclic groups of order large prime , where the bilinear mapping of satisfies , given and are collision-free Hash function that maps the message to the required length. The group manager selects the generation element of , is , then randomly selected the secret value , the group public key is , the group private key is , and the system parameters are .

selects and computes to send to group member , and the user public key is , and the user private key is . uses to interact with when joining the group. The of user is a bit string of length , . needs to authenticate the user , using the group private key to sign the . Then, selects , the identity information is , using the user private key to sign as . We send the signature to for verification and use the public key and to decrypt. If , the signature is valid, and is a legal member of the group, and adds the registry entry . Otherwise, the signature is invalid, and the user is rejected as a member of the group.

5.2.2. Signature

The group member chooses , , and to compute , , and with its private key and computes , , and . By calculating the trust value in the previous section, the global trust value of the device node is calculated to map it to a bit string of length ; then, the digest value is calculated for the corresponding group member . Let , , , , and , and the signature of group member is .