Efficient incremental authentication for the updated data in fog computing
Introduction
Cloud computing is a centralized architecture which can store, analyze and process data. Cloud computing gives an efficient way to discover the data value by using its powerful and professional computing abilities. Internet of Things (IoT) consists of billions of IoT devices, such as sensors, cameras, mobile clients etc. These devices generate a massive amount of data. However, it is hard to transfer this data or run the complex computing for these devices, because their resources are usually limited. Fog computing, proposed by CISCO [1], is a new computing paradigm which can be seemed as a combination of the cloud computing and the IoT [2], [3]. Fog computing gives a connection between the center and the edge of the networks and provides a series of mechanisms to collect, process and transfer data [4]. In fact, IoT fog computing cloud computing give an integral solution to many new fields like smart city [5], [6].
Since both the fog (IoT) devices and the fog nodes are distributed and work in the complex environment, they are vulnerable to be attacked by various type of adversaries. Hence, the potential security risk of the fog computing should be resolved [7]. On the other hand, both fog devices and fog nodes have limited storing and computing abilities [8]. Then, the security schemes used in the fog computing should save their limited resources [9].
Authentication plays a key role when fog nodes communicate with fog devices. The identities of communication parts should be authenticated and a session key should be shared [10] before the secure communication in fog computing. Many users authentication schemes have been proposed for IoT and cloud severs [11], [12], [13]. These schemes give efficient solutions for the user authentication and data confidentiality. The message authentication also should be considered in the fog computing. Digital signature can be used to achieve the message authentication. There are some applications of signature in IoT, vehicular ad hoc networks and more [14], [15].
The data of fog computing is real time which is possible incomplete or variable. Sometimes the data collected by the fog devices needs to be updated by an additional supplement information. For example, in an intelligent factory, there are many sensors to observe the temperature, humidity, material supplies and power consumptions etc. Fog nodes collect and process the documents from devices. Fog nodes also send the document to the fog server which is controlling the whole factory. If some records are changed, for example temperature etc., the sensors should send the modification to the fog node. To resist the forgery attack, the authentication tag should also be updated at the same time. It would dissipate the limited resources of the fog device to resign the whole document again, when most parts of the document remain unchanged and only one or several parts of the document need to be updated. In this case, we wish to update the signature by accessing the changed blocks of the document and the old signature. The cost of the update in this way is less than the cost of re-signing the whole document again.
There are three main requires for the data update, inserting, deleting and displacing one or more blocks inside a document. The displacement operation is easily authenticated by the aggregation signature [16] or the homomorphic signature [17]. While both the deletion and insertion operations are hard to be denoted directly by the basic algebraic operations. How to achieve these operations is an interesting issue for the data update. The incremental signature scheme gives a possible solution to achieve all the incremental operations.
Relate work. Incremental cryptography which was introduced by Bellare, Goldreich and Goldwasser, can be used to update the message together with its cryptographic computing, like cipher-texts [18], [19], signatures [18], [20], [21] and hash function [22], [23]. Kevin Atighehchi designed an efficient incremental signature which supports all the incremental operations [24]. Any standard signature scheme with the hash-then-sign paradigm can be used into the construction of [24]. While the original message is accessed when the incremental signature is generated. As a result, the signer must pre-store the original message in the local storage or download it from the cloud sever to generate the incremental signature. Clearly, in fog computing, the limited storage or bandwidth of the fog devices are occupied in this case.
If we consider quantum security, lattice-based cryptography as known as its post-quantum security, has gain more and more attentions. Recently, many important results have been proposed [25], [26], [27], [28], [29], [30]. A lattice-based incremental signature scheme is also proposed in [31]. While the scheme in [31] only supports the displacements operations on a document. Clearly, if a scheme only supports the displacement operations, or a scheme only supports single block update, it is not suitable to update the data in the fog computing. Moreover both the public key size and the signature length of the scheme in [31] are too huge to be used in the fog computing.
As a result, if we want to use the incremental signature scheme to authenticate the updated message, there are several requirements need to be studied.
(R1) All the displacement, deletion and insertion operations should be achieved efficiently;
(R2) The multi-blocks and mixed incremental operations on a document should be supported. More precisely, the multi-blocks and mixed properties of incremental operations ensure that a document can be updated on several blocks by one or more incremental operations simultaneously;
(R3) The efficiency of the incremental signature should be considered to satisfy the requirement of the fog computing. More precisely, we should save the storage and bandwidth when we generate the standard signature or the incremental signature.
Our work.
This paper proposes an incremental signature scheme over lattice in the random oracle model. It can be used to design an efficient incremental authentication scheme directly for the updated data in the fog computing. The main contributions of this paper are described as follows.
1. The proposed scheme realizes R1 R2 requirements at the same time. More precisely, all displacement, deletion and insertion operations can be used to update any blocks of a document simultaneously in this paper.
2. The R3 requirement is partly solved in the proposed scheme. More precisely, both the public key and the signature length of the proposed scheme are controlled in reasonable intervals. Most of the time-consuming computing in the proposed scheme can be finished by the parallel computing or pre-computing. And the signature can be updated without downloading the primitive message. The computing speed of the proposed scheme is confirmed by a given simulation experiment.
3. An incremental authentication scheme for the updated data of the fog computing is designed by using the proposed lattice-based incremental signature scheme. In the proposed scheme, the fog device can finish the incremental authentication without accessing the original message and signature. Hence the device does not need to store the message and its signature in the local storage, even the message needs to be updated in future.
Section snippets
Notations
This paper denotes matrices and vectors in column form by bold upper-case and the bold lower-case letters respectively. The Euclidean norm of vector is denoted by . The matrix norm is defined to be the norm of the longest column. A function is negligible if . Given a function , it means that it grows faster than for any constant .
Lattice
A lattice defined by linearly independent vectors is is a basis of the lattice
Multi-block and mixed incremental signature scheme in the random oracle over lattice
Given a security parameter and an odd number , , , , and . The tag of the document belongs to . Let be a secure hash function. Let the primitive matrix . Furthermore, to consider the efficiency of the proposed scheme, we only enable the signer to update the message limited times. And let be the maximum times.
Kg. Inputting identity matrix as the tag of the G-trapdoor and a random matrix into the
Correctness
Case 1. If is an output of the Sign algorithm, then is an output of the SampleD algorithm. According to literature [33], and hold. The signature can be accepted by the Vrf algorithm.
Case 2. If is an output of the Insig algorithm by the displacement operation, we show that it can be accepted by the Vrf algorithm. Let the message be .
On the other hand, holds.
So
Incremental authentication scheme for updated data in fog computing
We firstly suppose that the fog node is believable in our authentication scheme. Then the incremental authentication scheme can be designed by the proposed scheme in Section 3. All parameters are as shown as the proposed incremental signature scheme.
Fog device. When it needs to send to the fog node, fog device runs the Sign algorithm of the proposed scheme to generate the signature of . Fog device sends to the fog node. At last, fog device stores and deletes from the
Conclusions
We present an efficient incremental signature scheme in the random oracle model over lattice. Our scheme supports multi-blocks and mixed incremental operations for all displacement, deletion and insertion operations. The security of the proposed scheme is based on the standard SIS problem. A space efficiency analysis shows that both the public key size and the signature length of the proposed scheme are efficiently controlled. Moreover, the proposed scheme is easily improved the running speed
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgments
This work was supported in part by the National Natural Science Foundation of China under Grant 61803228, 61303198, Project of Shandong Province Higher Education Science and Technology Program, China under grant J18KA361.
Fenghe Wang. He received his Ph.D. degree in cryptography in Xidian University, Xi’an, China, in 2012. Now he is an associate professor of Shandong Jianzhu University. His research interests include Network security and post-quantum Cryptography. Email: [email protected]
References (34)
- et al.
All one needs to know about fog computing and related edge computing paradigms: A complete survey
J. Syst. Archit.
(2019) - et al.
A short-term energy prediction system based on edge computing for smart city
Future Gener. Comput. Syst.-Int. J. Esci.
(2019) - et al.
A survey of data fusion in mmart city applications
Inf. Fusion
(2019) - et al.
CCA-secure ABE with outsourced decryption for fog computing
Future Gener. Comput. Syst.
(2018) - et al.
A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps
Future Gener. Comput. Syst.
(2016) - et al.
Design of a provably secure biometrics-based multi-cloud-server authentication scheme
Future Gener. Comput. Syst.
(2017) - et al.
Fog computing and its role in the internet of things
- et al.
Survey of fog computing: Fundamental, network applications, and research challenges
IEEE Commun. Surv. Tutor.
(2018) - et al.
Tackling iot ultra large scale systems: Fog computing in support of hierarchical emergent behaviors
- et al.
Securing fog computing for internet of things applications: challenges and solutions
IEEE Commun. Surv. Tutor.
(2018)
Security and trust management in MANET
A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers
J. Supercomput.
A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography
Multimedia Tools Appl.
An efficient cloud-assisted message authentication scheme in wireless body area network
Int. J. Secur. Appl.
Privacy protection for vehicular adhoc networks by using an efficient revocable message authentication scheme
Secur. Comm. Netw.
Aggregate and verifiably encrypted signatures from bilinear maps
(Leveled) fully homomorphic signatures from lattices
Cited by (0)
Fenghe Wang. He received his Ph.D. degree in cryptography in Xidian University, Xi’an, China, in 2012. Now he is an associate professor of Shandong Jianzhu University. His research interests include Network security and post-quantum Cryptography. Email: [email protected]
Junquan Wang. He received his Ph.D. degree in Computer science in Shandong University, Jinan, China. Now he is a teacher of Shandong Jianzhu University. His research interests include security of the IoT and Cloud computing.
Wenfeng Yang. He received his Ph.D. degree in network security in Xidian University, Xi’an, China, in 2011. Now he is a security specialist in Tianbo Electronic Information Technology Co.,Ltd. His research interests include cloud security.