LiS: Lightweight Signature Schemes for Continuous Message Authentication in Cyber-Physical Systems

Yang, Zheng; Jin, Chenglu; Tian, Yangguang; Lai, Junyu; Zhou, Jianying

doi:10.1145/3320269.3372195

Cited by 12 publications

(10 citation statements)

References 41 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we first show that OM-UEA schemes can be implemented using digital signatures and that a weak form of unforgeability is sufficient to achieve security against active adversaries. Furthermore, we instantiate our construction with the lightweight signature scheme recently proposed by Yang et al [2] and show that it results in a onemessage unilateral entity authentication scheme that requires low computational effort, as well as low storage overhead, for the prover. Specifically, to compute each authentication message the prover only needs to perform two modular multiplications and three modular additions.…”

Section: Contributionmentioning

confidence: 99%

See 1 more Smart Citation

Continuous Entity Authentication in the Internet of Things Scenario

et al. 2023

View full text Add to dashboard Cite

In the context of the Internet of Things (IoT), the proliferation of identity spoofing threats has led to the need for the constant entity verification of devices. Recently, a formal framework has been proposed to study resistance to impersonation attacks for One-Message Unilateral Entity Authentication (OM-UEA) schemes, in which the prover continuously authenticates itself through the use of a sequence of authentication messages. Given the limited computing power of the parties (particularly the prover) and the often limited bandwidth channel, in the IoT scenario it is desirable to design unilateral entity authentication schemes that require the use of a single message per session and light computations. In this paper, we first show that OM-UEA schemes can be implemented through digital signatures and that a weak form of unforgeability is sufficient to achieve security against active adversaries. We then apply the signature scheme proposed by Yang et al. in ASIACCS 2020 to our framework, resulting in an OM-UEA scheme that requires minimal computational effort and low storage requirements for the prover. Inspired by this last construction, we propose an OM-UEA scheme based on the hardness of the discrete logarithm problem, which further improves the computational performance for the prover. Our findings offer feasible options for implementing secure continuous entity authentication in IoT applications.

show abstract

Section: Contributionmentioning

confidence: 99%

“…Yang et al [2] proposed a lightweight signature framework, called LiS, which is suitable for continuous message authentication in IoT applications. Such a framework includes two signature schemes, called LiS1 and LiS2.…”

Section: Related Workmentioning

confidence: 99%

Continuous Entity Authentication in the Internet of Things Scenario

et al. 2023

View full text Add to dashboard Cite

show abstract

“…The first phases of El-Gamal [30], DSS [31], and precomputation enabled ECDSA [7] do not require the true message similar to our Tree Construction procedure. Online/offline signatures, either based on one-time signature schemes [32] or based on chameleon commitments [26], [33], [34] can transform any digital signature scheme to a one with such offloading feature. The idea is to perform expensive cryptographic operations in the offline phase and generate a meta-data, so that in the online phase the source can sign a message only using inexpensive computations.…”

Section: Related Workmentioning

confidence: 99%

“…Although the online signing in online/offline converted signature schemes can be fast, these schemes still fall short in meeting stringent latency requirements due to their offline phase or require a large volume of metadata to be stored by the source. Among these, Lis [34] is specifically designed for cyberphysical systems. However, it is optimized for the publisher, and thus, the verification cost is still high.…”

Section: Related Workmentioning

confidence: 99%

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

Tefek

Esiner

Mashima

et al. 2022

IEEE INFOCOM 2022 - IEEE Conference on Computer Communications

View full text Add to dashboard Cite

Attacks against industrial control systems (ICSs) often exploit the insufficiency of authentication mechanisms. Verifying whether the received messages are intact and issued by legitimate sources can prevent malicious data/command injection by illegitimate or compromised devices. However, the key challenge is to introduce message authentication for various ICS communication models, including multicast or broadcast, with a messaging rate that can be as high as thousands of messages per second, within very stringent latency constraints. For example, certain commands for protection in smart grids must be delivered within 2 milliseconds, ruling out public-key cryptography. This paper proposes two lightweight message authentication schemes, named CMA and its multicast variant CMMA, that perform precomputation and caching to authenticate future messages. With minimal precomputation and communication overhead, C(M)MA eliminates all cryptographic operations for the source after the message is given, and all expensive cryptographic operations for the destinations after the message is received. C(M)MA considers the urgency profile (or likelihood) of a set of future messages for even faster verification of the most timecritical (or likely) messages. We demonstrate the feasibility of C(M)MA in an ICS setting based on a substation automation system in smart grids.

show abstract

“…A,ASE (κ, q e ) denote the advantage of A in breaking the security of ASE, where q e is the number of encryption oracle queries that A can ask. Also, we let Adv CRHF A,H (κ) denote the advantage of A in breaking the collision-resistant property of H. We refer the reader to [23,28,51] for the formal definitions of these advantages. We omit them here to save space.…”

Section: Proof Of Theorem 42mentioning

confidence: 99%

Group Time-based One-time Passwords and its Application to Efficient Privacy-Preserving Proof of Location

Yang

Jin

Ning

et al. 2021

Annual Computer Security Applications Conference

Self Cite

View full text Add to dashboard Cite

Time-based One-Time Password (TOTP) provides a strong second factor for user authentication. In TOTP, a prover authenticates to a verifier by using the current time and a secret key to generate an authentication token (or password) which is valid for a short time period. Our goal is to extend TOTP to the group setting, and to provide both authentication and privacy. To this end, we introduce a new authentication scheme, called Group TOTP (GTOTP), that allows the prover to prove that it is a member of an authenticated group without revealing its identity. We propose a novel construction that transforms any asymmetric TOTP scheme into a GTOTP scheme. Our approach combines Merkle tree and Bloom filter to reduce the verifier's states to constant sizes.As a promising application of GTOTP, we show that GTOTP can be used to construct an efficient privacy-preserving Proof of Location (PoL) scheme. We utilize a commitment protocol, a privacypreserving location proximity scheme, and our GTOTP scheme to build the PoL scheme, in which GTOTP is used not only for user authentication but also as a tool to glue up other building blocks. In the PoL scheme, with the help of some witnesses, a user can prove its location to a verifier, while ensuring the identity and location privacy of both the prover and witnesses. Our PoL scheme outperforms the alternatives based on group digital signatures. We evaluate our schemes on Raspberry Pi hardware, and demonstrate that they achieve practical performance. In particular, the password generation and verification time are in the order of microseconds

show abstract

LiS: Lightweight Signature Schemes for Continuous Message Authentication in Cyber-Physical Systems

Cited by 12 publications

References 41 publications

Continuous Entity Authentication in the Internet of Things Scenario

Continuous Entity Authentication in the Internet of Things Scenario

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

Group Time-based One-time Passwords and its Application to Efficient Privacy-Preserving Proof of Location

Contact Info

Product

Resources

About