Server-Aided Attribute-Based Signature with Revocation for Resource-Constrained Industrial Internet of Things Devices

Hui Cui, Robert H Deng, Joseph K Liu, Xun Yi, Yingjiu Li

    Research output: Contribution to journalArticleResearchpeer-review

    8 Citations (Scopus)

    Abstract

    The Industrial Internet of Things (IIoT) can be seen as the usage of Internet of Things (IoT) technologies in industries, which provides a way to improve the operational efficiency. Attribute-based signature (ABS) has been a very useful technique for services requiring anonymous authentication in practice, where a signer can sign a message over a set of attributes without disclosing any information about his/her identity, and a signature only attests to the fact that it is created by a signer with several attributes satisfying some claim-predicate. However, an ABS scheme requires exponentiation and/or pairing operations in the signature generation and verification algorithms, and hence it is quite expensive for resource-constrained devices like a sensor in the IIoT network to run an ABS scheme. To reduce the computational overheads for both signers and verifiers, it has been suggested to introduce a server to help with signature generation and verification, but existing results on ABS with “server-aided computation” either suffer from the security issues or are not sufficiently efficient. In this paper, we consider server-aided ABS one step further, and propose a notion called server-aided attribute-based signature with revocation (SA-ABSR), which not only securely mitigates the workloads of users in generating and verifying signatures, but also enables user revocation by having the server immediately stop signature generations for revoked signers. We formally define the security model for SA-ABSR, present a concrete construction of SA-ABSR based on a standard ABS scheme, and prove its security under the defined security model. Also, we implement the proposed SA-ABSR scheme and the underlying standard ABS scheme to evaluate the performance, from which it is easy to see that the proposed SA-ABSR scheme is more efficient than its underlying ABS scheme.

    Original languageEnglish
    Pages (from-to)3724-3732
    Number of pages9
    JournalIEEE Transactions on Industrial Informatics
    Volume14
    Issue number8
    DOIs
    Publication statusPublished - Aug 2018

    Keywords

    • Attribute-based signature
    • server-aided signing
    • server-aided verification
    • user revocation

    Cite this

    @article{8fa3d40446d648f3aa5f4683bd5cd91e,
    title = "Server-Aided Attribute-Based Signature with Revocation for Resource-Constrained Industrial Internet of Things Devices",
    abstract = "The Industrial Internet of Things (IIoT) can be seen as the usage of Internet of Things (IoT) technologies in industries, which provides a way to improve the operational efficiency. Attribute-based signature (ABS) has been a very useful technique for services requiring anonymous authentication in practice, where a signer can sign a message over a set of attributes without disclosing any information about his/her identity, and a signature only attests to the fact that it is created by a signer with several attributes satisfying some claim-predicate. However, an ABS scheme requires exponentiation and/or pairing operations in the signature generation and verification algorithms, and hence it is quite expensive for resource-constrained devices like a sensor in the IIoT network to run an ABS scheme. To reduce the computational overheads for both signers and verifiers, it has been suggested to introduce a server to help with signature generation and verification, but existing results on ABS with “server-aided computation” either suffer from the security issues or are not sufficiently efficient. In this paper, we consider server-aided ABS one step further, and propose a notion called server-aided attribute-based signature with revocation (SA-ABSR), which not only securely mitigates the workloads of users in generating and verifying signatures, but also enables user revocation by having the server immediately stop signature generations for revoked signers. We formally define the security model for SA-ABSR, present a concrete construction of SA-ABSR based on a standard ABS scheme, and prove its security under the defined security model. Also, we implement the proposed SA-ABSR scheme and the underlying standard ABS scheme to evaluate the performance, from which it is easy to see that the proposed SA-ABSR scheme is more efficient than its underlying ABS scheme.",
    keywords = "Attribute-based signature, server-aided signing, server-aided verification, user revocation",
    author = "Hui Cui and Deng, {Robert H} and Liu, {Joseph K} and Xun Yi and Yingjiu Li",
    year = "2018",
    month = "8",
    doi = "10.1109/TII.2018.2813304",
    language = "English",
    volume = "14",
    pages = "3724--3732",
    journal = "IEEE Transactions on Industrial Informatics",
    issn = "1551-3203",
    publisher = "IEEE, Institute of Electrical and Electronics Engineers",
    number = "8",

    }

    Server-Aided Attribute-Based Signature with Revocation for Resource-Constrained Industrial Internet of Things Devices. / Cui, Hui; Deng, Robert H; Liu, Joseph K; Yi, Xun; Li, Yingjiu.

    In: IEEE Transactions on Industrial Informatics, Vol. 14, No. 8, 08.2018, p. 3724-3732.

    Research output: Contribution to journalArticleResearchpeer-review

    TY - JOUR

    T1 - Server-Aided Attribute-Based Signature with Revocation for Resource-Constrained Industrial Internet of Things Devices

    AU - Cui, Hui

    AU - Deng, Robert H

    AU - Liu, Joseph K

    AU - Yi, Xun

    AU - Li, Yingjiu

    PY - 2018/8

    Y1 - 2018/8

    N2 - The Industrial Internet of Things (IIoT) can be seen as the usage of Internet of Things (IoT) technologies in industries, which provides a way to improve the operational efficiency. Attribute-based signature (ABS) has been a very useful technique for services requiring anonymous authentication in practice, where a signer can sign a message over a set of attributes without disclosing any information about his/her identity, and a signature only attests to the fact that it is created by a signer with several attributes satisfying some claim-predicate. However, an ABS scheme requires exponentiation and/or pairing operations in the signature generation and verification algorithms, and hence it is quite expensive for resource-constrained devices like a sensor in the IIoT network to run an ABS scheme. To reduce the computational overheads for both signers and verifiers, it has been suggested to introduce a server to help with signature generation and verification, but existing results on ABS with “server-aided computation” either suffer from the security issues or are not sufficiently efficient. In this paper, we consider server-aided ABS one step further, and propose a notion called server-aided attribute-based signature with revocation (SA-ABSR), which not only securely mitigates the workloads of users in generating and verifying signatures, but also enables user revocation by having the server immediately stop signature generations for revoked signers. We formally define the security model for SA-ABSR, present a concrete construction of SA-ABSR based on a standard ABS scheme, and prove its security under the defined security model. Also, we implement the proposed SA-ABSR scheme and the underlying standard ABS scheme to evaluate the performance, from which it is easy to see that the proposed SA-ABSR scheme is more efficient than its underlying ABS scheme.

    AB - The Industrial Internet of Things (IIoT) can be seen as the usage of Internet of Things (IoT) technologies in industries, which provides a way to improve the operational efficiency. Attribute-based signature (ABS) has been a very useful technique for services requiring anonymous authentication in practice, where a signer can sign a message over a set of attributes without disclosing any information about his/her identity, and a signature only attests to the fact that it is created by a signer with several attributes satisfying some claim-predicate. However, an ABS scheme requires exponentiation and/or pairing operations in the signature generation and verification algorithms, and hence it is quite expensive for resource-constrained devices like a sensor in the IIoT network to run an ABS scheme. To reduce the computational overheads for both signers and verifiers, it has been suggested to introduce a server to help with signature generation and verification, but existing results on ABS with “server-aided computation” either suffer from the security issues or are not sufficiently efficient. In this paper, we consider server-aided ABS one step further, and propose a notion called server-aided attribute-based signature with revocation (SA-ABSR), which not only securely mitigates the workloads of users in generating and verifying signatures, but also enables user revocation by having the server immediately stop signature generations for revoked signers. We formally define the security model for SA-ABSR, present a concrete construction of SA-ABSR based on a standard ABS scheme, and prove its security under the defined security model. Also, we implement the proposed SA-ABSR scheme and the underlying standard ABS scheme to evaluate the performance, from which it is easy to see that the proposed SA-ABSR scheme is more efficient than its underlying ABS scheme.

    KW - Attribute-based signature

    KW - server-aided signing

    KW - server-aided verification

    KW - user revocation

    UR - http://www.scopus.com/inward/record.url?scp=85043357839&partnerID=8YFLogxK

    U2 - 10.1109/TII.2018.2813304

    DO - 10.1109/TII.2018.2813304

    M3 - Article

    VL - 14

    SP - 3724

    EP - 3732

    JO - IEEE Transactions on Industrial Informatics

    JF - IEEE Transactions on Industrial Informatics

    SN - 1551-3203

    IS - 8

    ER -