科研成果详情

Users can utilize terminal devices such as mobile phones or smart bracelets to collect surrounding data, but those data are vulnerable to network threats such as eavesdropping and tampering during data transmission. In order to guarantee the security and authenticity of the users' data, a certificate-less signcryption scheme based on the elliptic curve is proposed. The proposed scheme includes seven steps which are setup, genPartialKey, genPrivateKey, genPublicKey, signCrypt, unSignCrypt and verifySign. For the setup step, with the input of security parameters, key generation centers (KGCs) output the system master key and public parameters. During the genPartialKey phase, KGCs and users take the system master key, user identities and other parameters as inputs to generate partial keys for users. The next step is to generate private keys. The fourth step is to generate those users' public keys. For the signCrypt phase, a sender calculates the ciphertext for the original plaintext with public parameters and other information as inputs. The sixth step is to perform the decryption operation, and after that the receiver outputs the plaintext corresponding to the given ciphertext. The final step is to verify the decrypted plaintext with public keys and other parameters. All the above steps do not include bilinear pairing operations, which are time consuming. Based on the intractability of the elliptic curve discrete logarithm problem and the elliptic curve Diffie-Hellman problem, confidentiality and unforgeability of the proposed method are proved in the random oracle model. The new scheme also owns other security attributes such as public verification, anonymity, which are also discussed in the paper. For precise control of sensing devices, we propose a node withdrawal method, which can be adapted to the new signcryption scheme. The new node withdrawal method introduces a public key aging mechanism based on blockchain to guarantee that a device can exit according to system configurations. Public keys of those devices are stored in blockchain with the help of smart contracts. Because blockchain has the characteristic of non-tamperability, public keys cannot be tampered with. To remove a specific device from the system, we can set up an aging period for the public key of the device. After we store the public key along with its aging period in blockchain through a smart contract, that information for the device can be deleted automatically without human participation to ensure the credibility of the process. Without the public key in blockchain, the device cannot perform the signCrypt operation and the unSignCrypt operation. What is more, the aging operation is performed by blockchain without power consumption of IoT devices. Performance analysis shows that the proposed signcryption scheme with a shorter key length has lower computational complexity. In the simulation part, comparison results for execution time are firstly given, and then performance impacts of data volume are also analyzed. With introduction of the aging mechanism, performance of the signCrypt step in the proposed scheme is decreased by about 7%, and one of the unSignCrypt steps is decreased by less than 1%. Even so, each of the above two steps consumes less than 120ms, which can still be adapted to the IoT scenarios.