Access security and privacy have become a bottleneck for the popularization of future Cyber-Physical System (CPS) networks. Furthermore, users’ need for privacy-preserved access during movement procedure is more urgent. To address the anonymous access authentication issue for CPS Wireless Mesh Network (CPS-WMN), a novel anonymous access authentication scheme based on proxy ring signature is proposed. A hierarchical authentication architecture is presented first. The scheme is then achieved from the aspect of intergroup and intragroup anonymous mutual authentication through proxy ring signature mechanism and certificateless signature mechanism, respectively. We present a formal security proof of the proposed protocol with SVO logic. The simulation and performance analysis demonstrate that the proposed scheme owns higher efficiency and adaptability than the typical one.
With the prosperous development of mobile communication and versatile mobile devices [
In the past few years, a lot of researches have been carried out for WMN’s access authentication. The authors in [
In terms of the security issues shown above, an anonymous authentication scheme based on proxy ring signature is proposed in this paper. The scheme utilizes a high-efficient proxy ring signature mechanism to achieve proxy-authorization and anonymous authentication which are able to preserve mobile users’ privacy. In addition, certificateless signature mechanism is incorporated into our intragroup authentication to obtain high handover efficiency. The formal security proof based on SVO logic and other security analyses show that the proposed scheme possesses such advantages as reliability, anonymity, unforgeability, and reliability. Through the simulation and performance analysis, we demonstrate the efficiency and adaptability of our scheme.
The rest of this paper is organized as follows. Section
Let Bilinearity: for all Nondegeneracy: there exists Computability: for all
BB1 [
Run
Pick a random
Choose a cryptographic hash function
Certificateless signature (CLS) [
Choose
Compute Check if the equation
Proxy ring signature (PRS) [
For all Calculate Send
As shown in Figure
Hierarchical mobile network architecture for CPS-WMNs.
The symbols used sections are shown in Table
Symbols and descriptions.
Symbols | Descriptions |
---|---|
|
Ring |
|
The public/private key of entity |
Param | System parameters |
|
The warrant for the members in ring |
|
The authorization of proxy signature for |
|
The session key between |
|
Using symmetric key |
|
Using algorithm ALG and |
|
Using algorithm ALG to sign message |
|
The current timestamp |
|
Concatenation of messages |
As shown in Figure
Trust model.
As the trusted root, TR generates Param and broadcasts it to all entities. Param =
When MC wants to leave the WMN it belonged to and accesses another WMN, the MC needs to achieve mutual Inter-WMN authentication with the visiting WMN. As shown in Figure
The workflow of Inter-WMN authentication protocol.
After receiving (5) from MR2, MC calculates session key
After finishing Inter-WMN authentication, MC will obtain
The workflow of Intra-WMN authentication protocol.
MC uses the previously saved key
In order to prove the security of our scheme, we first take a fundamental security analysis. Then we choose SVO logic [
According to the mobile network architecture shown in Figure
SVO logic is not only semantic sound, but also convenient. In terms of our scheme, SVO owns advantages over other logic analysis methods in the following aspects: (1) The axioms in SVO can be adjusted or expanded easily to meet the security proof needs rather than BAN or other logical approaches. (2) SVO is detailed and legible which helps to accurately express the actual meaning of the protocol and thus avoid the misunderstandings. (3) SVO is rigorous and reliable, and the semantics is clear. We first give the grammatical components of SVO logic as follows. fresh( SV
SVO logic includes two initial rules and twenty axioms, part of which are regular axioms and others are axiom templates that include formula variables. We only present part of the axioms used in the following security proof. All the axioms can be found in [
Two inference rules are as follows: Modus ponens MP: Necessitation Nec:
There are twenty SVO axioms. We list only several axioms associated with this article. For any principal
In SVO, some generic goals should be satisfied. This does not mean a definitive list of the goals that our protocol should meet. In our paper, we should achieve the mutual authentication between MC and MR. For this purpose, we just need that MR and MC could make sure of the legality for each other. So on the basis of the generic goals, we make the appropriate modifications. The goals of Inter-WMN authentication protocol could be described as follows. MR believes MC believes
MC believes MC believes SV MC believes fresh( MR believes (MC says MR believes MC says MR believes MR received MR believes MR received GW believes GW believes MC believes (GW says MC believes GW says MC believes MC received MC believes MC received
Where
From (P6), (A1), (A3), and Nec, we have
From (
From (P5), (P1), (P2), (
From (
MR believes
From (P12), (A1), (A3), and Nec, we have
From (
From (P11), (P8), (P9), (
From (
MC believes
Similar to Inter-WMN authentication protocol, the goal of Intra-WMN authentication is also mutual authentication between MR and MC. The difference is that the MR is in MC’s accessed WMN. The security proof of Intra-WMN authentication protocol is described as follows: MR believes MC believes
MC believes MC believes SV MC believes fresh MR believes (MC says MR believes MC says MR believes MR received MR believes MR received MR received GW believes GW believes SV( MC believes (GW says MC believes GW says MC believes MC received MC believes MC received
Where
From (P19), (A1), (A3), and Nec, we have
From (
From (P18), (P14), (P15), (
From (
GR believes
From (P25), (A1), (A3), and Nec, we have
From (
From (P24), (P21), (P22), (
From (
MC believes
CPS-WMN has limited resource in the computation ability of nodes and operating bandwidth, so the performance of authentication scheme plays an important role in the practicability of CPS-WMNs. The simulation and performance analysis focus on the efficiency of system initialization and the handover process. In addition, in order to demonstrate the high efficiency of our scheme, we give a comparison analysis between our scheme and PEACE [
We do simulations for PRS and PEACE using OMNET++ (4.4) simulation platform to get average results based on 20-time experiments. In the process of bilinear group instantiation, we use Tate pairing in the MNT curve [
As shown in Figure The internal structure of the network node shown in Figure Wlan and eth module: implementation of ethernet and 802.11 capabilities. NetworkLayer: to achieve network-level functions and as the interface of upper and lower layer. TCPapp: template for TCP applications. RoutingTable: the table of routing status. InterfaceTable: the table of network interfaces. NotificationBoard: notification about “events” such as wireless handovers.
Parameters and values.
Parameters | Values |
---|---|
Scenario area | 420 m × 300 m |
Number of nodes | 7 |
Routing protocol | AODV |
MAC protocol | IEEE 802.11 |
Channel | Wireless channel |
Simulation time | 480 S |
Packet length | 512 bytes |
Node energy | 1 J |
Simulation network topology.
Node internal structure.
The delay of system initialization is the period from the simulation start to the first movement of the host. The relationship between the number of nodes and system initialization delay is shown in Figure
Relationship between system initialization delay and the number of nodes.
In this section, we focus on the delay of Inter-WMN authentication and Intra-WMN authentication. The delay of Inter-WMN authentication means the period from AP receiving an access requirement of a new host to the end of Inter-WMN authentication. The delay of Intra-WMN authentication is the period from AP receiving a handover requirement of a host to the end of Intra-WMN authentication.
Figure
Relationship between authentication delay and the number of ring members.
As shown in Figure
Comparison of the Intra-WMN authentication delay between PRS and PEACE.
In short, the main cost of PRS is from the process of system initialization, while the access authentication delay is obviously dropped down. In addition, the delay of access authentication will not elevate much with the increasing number of nodes in the ring. Although the delay of system initialization increases with the increasing number of ring members, the result of simulation shows that the delay would be controlled in a reasonable range. Comparing to the typical scheme (PEACE), our proposed scheme performs more efficiently, especially during the Intra-WMN authentication.
We further compared the computational overhead of PRS scheme and PEACE scheme during the signing and verifying phases. In Table
Comparison of the computational overhead between PRS and PEACE.
Scheme | Signing algorithm | Verifying algorithm |
---|---|---|
PEACE | 2BP + 8SM | (3 + 2 |
Our scheme | 1SM + 2 |
3BP + |
Anonymous access authentication is an essential approach to address the security issue of CPS-WMNs. In this paper, we propose a novel anonymous access authentication scheme based on proxy ring signature for CPS-WMNs. The scheme is elaborated with the hierarchical mobile network architecture and the corresponding mutual authentication protocols, which achieve high-efficient mutual authentication and satisfy the privacy requirements. The fundamental security and the security proof of the authentication protocols under SVO logic demonstrate the robustness of our scheme. Moreover, the simulation and performance analysis show that the proposed scheme owns higher efficiency and adaptability than the typical.
In our future research, some novel and robust encryption and signature mechanisms will be introduced to make our scheme more resilient. Moreover, how to secure the routing procedure of WMNs under the proposed hierarchical architecture forms another future task.
The authors declare that they have no conflicts of interest.
This work was supported by National Natural Science Foundation of China under Grant no. 61402095 and Grant no. 61300196 and China Fundamental Research Funds for the Central Universities under Grant no. N120404010 and Grant no. N130817002. This work was also supported in part by Soonchunhyang University Research Fund and the Scientific and Technological Research Program of Chongqing Municipal Education Commission (KJ1500440).