Secure and Efficient Certificate-Based Proxy Signature Schemes for Industrial Internet of Things

Abstract

To improve the security of industrial Internet of things (IIoT), several concrete constructions of certificate-based proxy signature (CBPS) scheme without bilinear pairing were proposed in the last few years. However, many previous constructions were found impractical, either fail to meet the claimed security properties or contain design flaws. In particular, in some instances, a malicious proxy signer can claim to be the original signer by forwarding the messages from original signer to any proxy signer, and the receiver cannot determine whether the delegation of signing power has been reused. In this article, we first demonstrate some security issues and design flaws in the previous proposals of CBPS scheme. As follows, to further address the above deficiencies, three new constructions of CBPS scheme with improved security are introduced. In the first two proposals, the delegation validity can be verified by the designated verifier (proxy signer), and the delegation of signing power for the last construct is publicly verifiable (any signer). Furthermore, formal security proofs are given using forking lemma in the random oracle, assuming that the discrete logarithm problem is hard. Compared with the previous CBPS schemes, our constructions are efficient with respect to computation and communication. Finally, we discuss the two necessary conditions for constructing secure CBPS schemes, to avoid security flaws in future research.