Digital signature schemes with strong existential unforgeability

Chia, Jason; Chin, Ji-Jian; Yip, Sook-Chin

doi:10.12688/f1000research.72910.1

Cited by 5 publications

(1 citation statement)

References 67 publications

(82 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…V (σ, pk) produces true if and only if m is signed by the private key sk. This cryptographic construct is formally called a digital signature [63] B. MALICIOUS ATTACKER (MA) SAFEGUARDS Theorem 1: A Malicious Attacker (MA) attempts to prevent an honest manufacturer from notifying devices of a new VOLUME 11, 2023 software update. The MA notification attack is exponentially difficult to succeed.…”

Section: A Security Foundationsmentioning

confidence: 99%

A Secure and Cost-Efficient Blockchain Facilitated IoT Software Update Framework

Solomon,

Zhang,

Brooks

et al. 2023

IEEE Access

View full text Add to dashboard Cite

As resource-constrained Internet-of-Things (IoT) devices become popular targets of various malicious attacks, frequent updates to keep their software up to date are essential to their security. However, state-of-the-art software delivery and payment systems incorporate multiple services in a client-server structure requiring multiple transits of information between client and server, while also creating a wide attack surface. We propose a blockchain-based end-to-end secure software update delivery framework for Internet of Things (IoT) devices, which aims to ensure confidentiality, integrity, availability, efficiency, and audit-ability for verified software delivery, while offloading the cryptographic computation from resourceconstrained IoT devices to a decentralized blockchain system. In particular, we leverage Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and design a customized authorization policy to not only ensure that software updates can only be decrypted and installed on authorized IoT devices but also significantly reduce the computational overhead for key generation and key delivery on the manufacturer side. Furthermore, secure and atomic software delivery and payments between IoT devices and the manufacturer are assured through smart contracts. The authenticity of the delivered software is guaranteed by offloading the computation-based signature validation to smart contracts. Compliance audits are satisfied through immutable records on the blockchain's public ledger, and the smart contracts efficiently guarantee the delivery of software updates in exchange for payment. Security analysis and experiments are performed to compare the proposed framework with state-of-the-art studies and validate its effectiveness.INDEX TERMS Blockchain, Internet of Things, software update, secure software update, computer security, CP-ABE, smart contract.

show abstract

Section: A Security Foundationsmentioning

confidence: 99%