A Lightweight Nature Heterogeneous Generalized Signcryption (HGSC) Scheme for Named Data Networking-Enabled Internet of Things

IT Department, Hazara University, Mansehra, 21120 KP, Pakistan Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia Department of Computing, HIET, Hamdard University, Islamabad Campus, Islamabad 44000, Pakistan Division of Computer and Information Sciences, Higher Colleges of Technology, 17155, Al Ain, UAE Pakistan Engineering Council (PEC), Attatruk Avenue (East) Sector G-5/2, Islamabad 44000, Pakistan

connectivity, communication, scalability, mobility, and amount of generating data [2]. To address these challenges, Named Data Networking (NDN) has been projected as a future internet architecture [3]. In general, NDN deals with two packets: the interest packet and the data packet. The communication of the NDN is based on the altercation on interest packets that carry the request. Further, the NDN node maintains three types of data structures that are the Content Store (CS), which stores the copy of the contents with itself in the CS for future use; Pending Interest Table  (PIT), which enlists all the requests of the incoming interfaces in the PIT table; and Forwarding Information Base (FIB), which forwards the requests from one node to another based on routing protocols [4]. Security is instigated on each packet, so the authenticity can be achieved at a time inside the network [5]. Whenever a consumer sends an interest packet for some specific contents, the NDN router performs CS lookup; if the requested contents are available, then the router simply forwards the contents directly from its CS to the requested consumer [6]. If the requested contents are not available in the CS, then the NDN router checks its PIT table for that requested content; if the contents have been requested before, then the PIT table updates with an entry of that specific interface in the PIT table. If the contents are being requested for the first time, then the PIT table marks up an entry of that interface and forwards the request to the next router based on FIB as shown in Figure 1. The monumental features of NDN like in-network caching, scalability, name-based routing, and mobility are a suitable option for fulfilling the demands of IoT applications.
However, security is considered to be the fundamental need for NDN-based IoT devices. Additionally, the NDNbased IoT environment requires different types of security properties such as authentication, confidentiality, and integrity, which can be achieved from a digital signature, encryption, or signcryption according to the environmental situation. Moreover, IoT is a heterogeneous environment where the sender and receivers may come from different types of environments. Here, the concept of heterogeneous signcryption is a suitable option that makes use of two different types of cryptosystems in a single algorithm [7]. On the other hand, the IoT devices may demand a digital signature, encryption, or signcryption, separately or in combination. For this type of situation, the heterogeneous signcryption becomes effortless due to its nongeneralized nature such as providing signcryption only. Here, the concept of generalized signcryption may be able to provide a digital signature, encryption, or signcryption using a single algorithm [8]. Likewise, the generalized signcryption cannot fulfill the requirement of IoT devices due to its homogeneity.
Generally, the security and efficiency of the aforementioned schemes are based on computationally hard problems like RSA, bilinear pairing, and elliptic curve cryptosystem. The RSA provides a solution using a 1024-bit large key which is firmly based on large factorization [9][10][11]. However, due to the limited processing capabilities of IoT devices, the 1024bit key is not an efficient solution. On the other hand, bilinear pairing suffers from the issue of high pairing operations and is 12.93 times worse than RSA [12]. Hence, to tackle the weaknesses of both RSA and bilinear pairing, a new type of cryptosystem was introduced [13] called the elliptic curve cryptosystem. Unlike RSA and bilinear pairing, the security difficulty of the elliptic curve cryptosystem is based on a small key size of 160 bits. However, the 160-bit key is still not appropriate for resource-limited IoT devices [14]. Hence, in [15], a new type of cryptosystem was introduced, called the hyperelliptic curve cryptosystem, which suits the resourcelimited nature of IoT devices by using a small key of 80 bits [16,17].
The above discussion motivates us to contribute a new concept of heterogeneous generalized signcryption for NDN-based IoT which will combine the idea of heterogeneous signcryption with generalized signcryption to fulfill the conditional demands of IoT. The features of this new concept are mentioned as follows: (1) First, we introduced a new concept of CLC to IBC heterogeneous generalized signcryption (2) We provide the proper syntax of our proposed scheme (3) We also provide a proper algorithm for the proposed scheme on the basis of the hyperelliptic curve cryptosystem which is suited for the IoT environment (4) We prove the security properties such as authentication, confidentiality, unforgeability, forward secrecy, and integrity of the proposed scheme (5) We also compared our proposed scheme with recently published CLC and IBC generalized signcryption schemes, and the results give satisfactory outputs in terms of computational and communication resources (6) We also validate the security of our scheme through AVISPA, and the results show that our proposed scheme is valid and safe (7) We practically deployed our scheme on the NDNbased smart city 1.1. Paper Organization. The organization of the paper is shown in Figure 2.

Related Work
Here, we divided the related work into three parts such as identity-based generalized signcryption, certificateless generalized signcryption, and heterogeneous generalized signcryption.
2.1. Identity-Based Generalized Signcryption Schemes. Lal and Kushwah in 2008 [18] introduced the concept of an identitybased generalized signcryption (ID-BGS) scheme for the first time to solve the certificate management issues of PKI-based generalized signcryption. In 2010, the concept was used by Liang et al. [19] for key management issues in mobile ad hoc networks (MANET). The proposed scheme saves memory storage of users and minimizes computational and communication resources. Kushwah and Lal in 2011 [20] 2 Wireless Communications and Mobile Computing proposed an efficient ID-BGS scheme for wireless sensor networks (WSN). The authors used bilinear pairing and proved the security of the proposed scheme under the random oracle model (ROM). Wei et al. [21] proposed an efficient ID-BGS for obtaining the confidentiality and authenticity of big data. Mishra and Singh in 2014 [22] surveyed the existing identity and certificateless generalized signcryption schemes. Based on security limitations in the existing schemes, the authors proposed two schemes to improve the limitations. Shen et al. in 2017 [23] improve the security of existing IBGS schemes which is suitable for low storage devices. Waheed et al. in 2019 [24] proved that the security of the Wei et al. [21] scheme is susceptible to attack and insecure. In the proposed cryptanalysis, the authors launched a security attack on the Wei et al. [21] scheme and found that the master secret key of the proposed scheme can be easily compromised. However, the schemes [18][19][20][21][22][23] suffer from a heavy pairing operation due to the use of bilinear pairing. In [24], the authors did not provide any sort of solution to the proposed claims.  [26] improved the security flaws of Huifang et al. [25] and proposed a new CGS scheme which is unforgeable against insider attacks. In 2014, Zhou et al. [27] proposed a provable CGS scheme for resource-constrained environment devices. The scheme provides security against malicious, but passive, key generation centre attacks. Zhang et al. in 2016 [28] proposed a CGS scheme for mobile health (M-Health). The scheme reduces the computation and communication costs by the use of the elliptic curve cryptosystem. Zhou et al. in 2017 [29] proposed a GSC scheme for security insurance in cloud storage. Zhang et al. in 2018 [30] proposed an efficient CGS scheme that is suitable for low power and low processor devices due to the use of the elliptic curve cryptosystem. Further, the scheme provides security against ciphertext attacks. In 2019, Zhou [31] improved the scheme of Zhang et al. [30] and proposed a new scheme for the mobile health system that can monitor the human body status in real time. Waheed et al. in 2019 [32] analyzed the proposed scheme of Zhou et al. [29] and proved that the scheme of Zhou et al. [29] is insecure against ciphertext indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2). Further, the   However, the schemes [25][26][27][28][29][30][31][32][33] suffer from heavy computation and communication costs due to the use of bilinear pairing and an elliptic curve cryptosystem.
2.3. Heterogeneous Signcryption Schemes. In 2011, Huang et al. [7] introduced the concept of heterogeneous signcryption (HS) which uses two different types of cryptosystem such as IBC at the sender side and CBC at the receiver side. The proposed scheme was suitable for the practical scenario of IoT where the sender and receiver belonged to different environments. Li et al. in 2016 [34] proposed a multireceiver heterogeneous signcryption scheme for wireless area network applications. The authors used CLC on the sender side and IBC on the receiver side (CLC-IBC). Raveendranath and Aneesh in 2016 [35] proposed a multireceiver HS scheme by using the elliptic curve cryptosystem to reduce the computation and communication costs of the existing HS scheme. Niu et al. in 2017 [36] proposed a CLC to IBC HS scheme by using bilinear pairings in the random oracle model. In the same year, Niu et al. [37] proposed a hybrid IBC to CLC scheme for multimessage and multireceiver. Li et al. in 2017 [38] proposed a PKI to IBC HS scheme for vehicle ad hoc networks. Niu et al. in 2017 [39] proposed a CLC to IBC HS scheme for the privacy-preserving multiparty aggregate scheme. Saeed et al. in 2017 [40] proposed a CLC to PKI online/offline HS scheme for IoT. Furthermore, the authors practically deployed the scheme on healthcare and the smart grid. Wang et al. in 2017 [41] proposed a PKI to IBC HS scheme for broadcast communication in ad hoc networks. Jin et al. in 2018 [42] proposed an IBC to PKI HS scheme for secure communication in the smart grid. Liu et al. in 2018 [43] proposed two HS schemes, such as PKI to CLC and CLC to PKI for secure communications between 5G network slicing. Liu and Ma in 2018 [44] proposed a cross domain of the PKI and IBC HS scheme for the medical information system. The authors use an elliptic curve cryptosystem to reduce computation and communication resources. Omala et al. in 2018 [45] proposed a CLC to IBC heterogeneous access control scheme for body area networks. Zhou et al. in 2019 [46] proposed a PKI to IBC HS scheme for vehicular ad hoc networks.

Preliminaries and Construction of HGSC Scheme
In this section, we will discuss the background of the hyperelliptic curve, threat model, and construction of our proposed HGSC scheme.

Hyperelliptic Curve (HEC).
First, we will define the basic mathematics of hyperelliptic curves (HEC). Let d be a finite set and G be a genus of HEC with an order G ≥ 2. Suppose (u ), f ðuÞ ε d ½u and deg ðHðuÞÞ ≤ G, and f ðuÞ is a monic polynomial possessing deg ðf ðuÞÞ = 2d + 1 [47]. Furthermore, HEC of genus G ≥ 2 over d is a set of points (u), d * d as in the mentioned equation: Note: the point of HEC is not the same as elliptic curves [48]. It forms a divisor (D) that is the formal sum of finite integers such as D = ∑ϰ i ʑ i where ϰ i ε d and ʑ i ε HEC. Additionally, HEC over the Jacobian group J HEC has the brief order mentioned in the following equation:

Hyperelliptic Curve Discrete Logarithm Problem.
Assume D is a divisor, which is publicly known to everyone, and ℓ is a private number that is randomly chosen from d where finding ℓ from d ℓ = D is known to be an HEC discrete logarithm problem.

Syntax of Proposed Heterogeneous Generalized
Signcryption Scheme. Here, we first explain different notations in Table 1, which can be used in the syntax and our proposed HGSC algorithms. The syntax proposed scheme consists of 10 algorithms such as setup, generate secrete value, generate public key, generate partial private key, generate full private key, consumer private key generation, signcryption, unsigncryption, signature, and signature verification.
(1) Setup: the Key Generation Centre (KGC) executes this algorithm by taking the security parameter k to generate the master secret key W , master public key X, and public parameter set φ, then publishes φ and X openly in the network.
(3) Generate public key (GPK): in this algorithm, the producer then takes ðk, φ, ∂Þ and generates a public key B p .
(4) Generate partial private key (GPPK): in this algorithm, the KGC takes ðk, φ, ΙD p , W , B p Þ and generates a partial private key ðN , J Þ.   (9) Signature: in this algorithm, the producer takes ð A p , mÞ and generates a content/message sign Φ and sends it to the consumer.
(10) Signature verification: in this algorithm, the consumer verifies Φ by using ðΙD c , B c , A c , C, μ, SÞ.

Threat Model.
In our proposed HGSC scheme, we consider the Dolev-Yao (DY) [49] threat model. According to DY, the communication between two or more entities is not reliable and secure, as the attacker has full commands to reveal the contents of the ciphertext and inject a false signcryption/signature text to the network. The NDN-based IoT environment possesses different types of estimated security threats; it means that the adversaries can easily modify or delete the user's sensitive information. To maintain the security and authentication of NDN-based IoT devices, it is necessary to perform authentic and secure communication among entities in the NDN-based environment. The basic security requirements used in HGSC scheme are as follows: (1) Confidentiality: it means to keep the information secret from unauthorized users. The attackers can break the confidentiality of the HGSC scheme if he/she gets access to the encryption of decryption keys. The attacker here cannot access the original content in the message without having the encryption or decryption keys which are called confidentiality.
(2) Unforgeability: it means that the signature could not be reproduced by any other party. Here, the attacker can generate a forged signature if he/she gets access to the digital signature generation secret key. If the attacker fails to do so, then it is called unforgeability. (3) Forward secrecy: forward secrecy means that if one of the session keys gets compromised by any malicious user, the data from the other session could not be affected. Here, the attacker cannot get access to the encryption or decryption keys even if the attacker got access to the sender private key. If the attacker is not able to access the encryption/decryption key of the user, it is called forward secrecy. (4) Antireplay attack: an antireplay attack means the attacker can resend a copy of an authenticated message again. Here, the attacker cannot reply to the existing message again if the sender and receiver use nonce and time stamping techniques for the freshness of a message.

Proposed Network Model.
Here, we explain the workflow of our proposed HGSC scheme for NDN-enabled IoT. In our proposed scheme, we consider four entities such as the producer, consumer, NDN node, and Key Generation Centre (KGC) as shown in Figure 3. Here, we consider that the consumer belongs from IBC while the producer belongs from CLC. For registration of consumers and producers with KGC, the KGC announces the public parameter set and master public key.

Role of KGC.
In the producer registration phase, the producer generates its public key from the public parameter set and sends it to the KGC. The KGC then generates a partial private key for the producer and sends it to the producer in reverse order using a secure network. After receiving the partial private key, the producer generates its full private key.
In the consumer registration phase, the consumer sends its identities to the KGC. The KGC after receiving the identities of the consumer generates private as well as public keys for the consumer and sends them back to the consumer using a secured network.

Role of Consumer.
Suppose a consumer sends an interest for some content/message in the NDN-based IoT environment to any producer.

Role of Producer.
After receiving the interest, the producer then signs/signcrypts the content using its private key and sends it back to the requested consumer. However, the NDN node will store the copy content/message in their CS according to the caching policies of NDN. After receiving the content/message, the consumer verifies the signature or unsigncrypts the respective content/message. 3.5.1. Algorithm 1. In this step, the KGC generates a master public key, master secret key, and public parameter as shown in Algorithm 1.

Algorithm 2.
In this step, the producer generates secrete value as shown in Algorithm 2.
3.5.3. Algorithm 3. In this step, the KGC generates a partial private key for the producer as shown in Algorithm 3.

Algorithm 4.
In this step, the producer generates its full private key as shown in Algorithm 4.
3.5.5. Algorithm 5. In this step, the KGC public as well as the private key for the consumer are shown in Algorithm 5.
3.5.6. Algorithm 6. In this step, the producer sign/signcrypts the requested contents as shown in Algorithm 6.
3.5.7. Algorithm 7. In this step, the consumer verifies the sign contents or unsigncrypts the signcrypted contents as shown in Algorithm 7.

Security and Cost Analyses
In this section, we briefly discuss the informal analysis and computation and communication cost analyses of our proposed scheme.

Informal Analysis.
This section describes the contribution in upholding the security properties of confidentiality, unforgeability, forward secrecy, and antireplay attack.
4.1.1. Confidentiality. Confidentiality means to keep the contents secret; the attacker (ζ) cannot calculate the plaintext from signcrypted ciphertext. Let the ζ want to break the confidentiality of our proposed scheme and generate the plaintext from signcrypted ciphertext Ψ = ð C, μ, SÞ. For this purpose, the ζ needs to calculate C from Ψ = ð C, μ, SÞ, and to do so, ζ needs δ, β, and α from K = H 3 ðδ, α, β, ΙD    Algorithm 3: Partial private key generation.

Wireless Communications and Mobile Computing
B c Þ. Here, δ = R · D, β = α · D, and α = B c + X · Y where R and α are discrete logarithm problems over the hyperelliptic curve cryptosystem which is not possible to calculate. Thus, our proposed scheme provides the property of confidentiality.

Unforgeability.
Unforgeability means that no one can sign the content, except the valid provider. To forge the signature, ζ needs to calculate R, μ, and J + ∂. Here, R is a private number, and for calculating μ = H 2 ðT , mÞ, ζ needs to calculate a private number T from μ = H 2 ðT , mÞ. Further, ζ needs to J + ∂ where J is a fresh nonce and ∂ is a private number, so to forge the signature S, ζ needs to calculate 3 private numbers R, T , and ∂ with a fresh nonce J which is not possible to calculate. So, our proposed scheme provides the property of unforgeability.

Forward Secrecy.
Forward secrecy means if the private key of the signer is compromised, still it could not affect the respective contents, because the content is encrypted via a session secret key. Here, in our scheme, to break forward secrecy, ζ needs to calculate K = H 3 ðδ, α, β, ΙD c , B c Þ which requires δ where δ = R · D. So, for this purpose, ζ needs to calculate R, which is a private number, and δ is a discrete logarithm problem over the hyperelliptic curve, which is infeasible for ζ to break.

Antireplay
Attack. In our proposed scheme, before communication, the provider generates a T and stores it in his memory. Then after, it sends the encrypted text as C = E K ðT , mÞ to the consumer. After receiving the FNs, the consumer, by using secret key K, performs the decryption process on the received ciphertext. Once the T is recovered, the consumer verifies the freshness, and if it is fresh, then the ciphertext is new. However, ζ cannot replay the old messages because he/she needs fresh FNs for every new session.

Cost Analysis.
In this section, we compare the proposed scheme with existing certificateless generalized signcryption (CGS) and identity-based generalized signcryption (ID-BGS) schemes in terms of computation and communication costs.

Computation Cost.
Here, we compare our proposed scheme with existing CGS and ID-BGS schemes in terms of expansive mathematical operations such as single pairingbased point multiplication (SPBPM), single bilinear pairing (SBP), single exponential (SEXP), single elliptic curve point multiplication (SEPM), and hyperelliptic curve point multiplication (SHEDM). Moreover, operations like addition, division, subtraction, encryption, decryption, and hash are neglected, due to its minimal consumption time during the computation.
Furthermore, we compare our scheme with the existing CGS and ID-BGS schemes in milliseconds (ms) by using the above major operation, according to the experiments performed in [50] with the following hardware and software specifications:  According to [50], an SPBPM will take 4.32 ms, a single SBP will take 14.90 ms, SEXP will take 1.25 ms, and SEPM will take 0.97 ms. Based on the experiments performed in [51,52], we consider that a SHEDM will take 0.48 ms. On the bases of the above expansive mathematical operations, we conduct the computation cost comparison of our proposed scheme with existing CGS schemes which are Zhang et al. [28], Zhou et al. [29], Zhang et al. [30], Zhou [31], Waheed et al. [32], and Karati et al. [33] as shown in Tables 2 and 3. Further, the computation cost comparison of our proposed scheme with existing ID-BGS schemes which are Wei et al. [21] and Shen et al. [23] is shown in Tables 4 and 5. Moreover, a clear computation reduction is shown in Figures 4 and 5.
(1) Computation Cost Reduction of Our Scheme from CGS Schemes. The following formula will be used to calculate cost reduction existing scheme − our scheme existing scheme * 100:        [32] scheme is 1 | m | +3|G|, and of the Karati et al. [33] scheme is 1 | m | +4|G|, and the communication cost of our proposed scheme is 1 | m | +3|N|. Furthermore, Table 6 shows the efficiency of our scheme from Zhang et al. [28], Zhou et al. [29], Zhang et al. [30], Zhou [31], Waheed et al. [32], and Karati et al. [33]. Moreover, a clear communicational cost reduction is shown in Figure 6. Furthermore, for the ID-BGS schemes, the communication cost of the Wei et al. [21] scheme is 1 | m | +4 | Q | and of the Shen et al. [23] scheme is 1 | m | +7 | Q | . Furthermore, Table 7 shows the efficiency of our scheme from Wei et al. [21] and Shen et al. [23]. Additionally, a clear communicational cost reduction is shown in Figure 7.
(1) Communication Cost Reduction of Our Scheme from CGS Schemes. The following formula can be used to calculate the cost reduction.
existing scheme − our scheme existing scheme * 100: ð12Þ (i) Our communication cost reduction from Zhang et al. [28]:   Figure 6: Communication cost reduction from CGS schemes.

Practical Scenario on NDN-Based Smart City
Assume an NDN-based smart city, where the number of sensors deployed for monitoring environmental conditions is shown in Figure 8. The sensors can monitor some emergency parameters such as fire, leakage of water, and vehicle accident, which require authentication as well as confidentiality. Furthermore, these sensors can sense some normal parameters (e.g., temperature, humidity, and energy consumption) which require authentication only. These sensed parameters are forwarded through NDN routers using the following transmission modes.
(1) Pull-based mode: in this mode, a consumer sends an interest in some content/message. The sensor nodes provide the requested contents according to given interest.
(2) Push-based mode: in this mode, the sensor nodes intermittently forward content/message without receiving any interests of the consumer. This mode better suits the secure transfer of emergency contents/messages to a specific destination in run time.
Our deployment consists of entities such as KGC (authorization provider), content/message producer (sensors and The overall process is discussed below.

Registration and Key Generation
Phase. In Figure 9, we explain the registration and key generation of consumers and providers. In step 1, the KGC takes security parameters k as input and produces public parameter set φ for generating master secret key W ⋳f1, 2, 3, ⋯, z − 1g and master public key X = W · D. Then, publish φ and X in the entire network. In step 2, the producer takes ðk, φÞ as an input and generates a secret value ∂⋳f1, 2, 3, ⋯, z − 1g.
In step 3, the producer then takes the parameters ðk, φ, ∂Þ as input and computes its public key B p = ∂ · D. After computing B p , the producer sends it alongside with his identity ΙD p to the KGC. In step 4, after receiving the B p and ΙD p , the KGC takes ðk, φ, ΙD p , W , B p Þ as input and randomly picks a number from Q⋳f1, 2, 3, ⋯, z − 1g, computes N = Q · D and J = Q + W · H 1 ðΙD p , Q, B p Þ, and generates a partial private key ðN , J Þ for the producer. The KGC then sends ðN , J Þ to the producer using a secure network. In step 5, upon receiving ðN , J Þ, the producer takes ðk, φ, ΙD p , N , J , ∂Þ as an input and computes its own full private key ðA p Þ.
In step 6, the consumer sends the identity ΙD c to KGC for registration. In step 7, upon receiving the ΙD c , the KGC takes ðΙD c , W Þ as input and randomly picks a number from L⋳f 1, 2, 3, ⋯, z − 1g to calculate the public key ðB c Þ and private key ðA c Þ for the consumer. The KGC then sends ðB c , A c Þ to the consumer using a secure channel. Figure 10, we explain the secure communication of the consumer and provider after a successful registration and key generation phase. If the consumer wants the signed/signcrypted contents from the producer or the producer wants to deliver signed/signcrypted contents to the consumer securely, first, for the signcrypted content, the producer takes content (m) andðΙD c , B c , A p , XÞ with a randomly picked number from R⋳f1, 2, 3, ⋯, z − 1g; computes the secret value δ, hash of ð ΙD c , B c , XÞ, a fresh nonce T , encrypted contents C = E K ð T , mÞ, and a hash of the encrypted contents μ = H 2 ðT , m Þ; and applies signature S = R + μðJ + ∂Þ on it. Finally, generate the signcrypted contents Ψ = ð C, μ, S, δÞ and send it to 15 Wireless Communications and Mobile Computing the consumer. For signed contents, the producer takes content (m) with randomly picked numbers from R⋳f1, 2, 3, ⋯, z − 1g and selects a fresh nonce T , takes hash of μ = H 2 ðT , mÞ, and applies signature S = R + μðJ + ∂Þ. Finally, it generates signed contents Φ = ð m, μ, S, δÞ and sends it to the consumer.

Communication Phase. In
After receiving the signcrypted contents Ψ, the consumer unsigncrypts the contents by taking ðΙD c , B c , A c , C, μ, S,Þ as an input and computing β = δ · A c , calculates the hash of signature K = H 3 ðδ, α, β, ΙD c , B c Þ, decrypts the content ðT , mÞ = D K ðCÞ, and computes the hash of the content μ ′ = H 2 ðT , mÞ ′ ; if μ ′ ≟μ holds, then the contents are accepted; otherwise, they are rejected. In the case of signed contents Φ, the consumer takes ðΙD c , B c , A c , C, μ, S, δÞ as input and calculates hash μ′ = H 2 ðT , mÞ′; if μ′≟μ holds, then the contents are accepted; otherwise, they are rejected.

The Workflow in NDN
Architecture. NDN provides innetwork caching, which means that the router of NDN will store and forward every message. Here, we divide the overall scenario into two types such as emergency situation and routine-based situation. In case of an emergency situation (fire, leakage of water, vehicle accident, etc.) that requires signcryption (confidentiality and authentication) for successful delivery to the intended destination in run time, the signcryption algorithm will execute and the NDN routers must not store these messages in the CS as shown in step 1 ( Figure 11). The storage of emergency messages in CS does not facilitate any consumer later with the expense of latency.
In the routine-based situation, some parameters like, e.g., temperature, humidity, energy consumption, and video streaming, require authentication only and facilitate a number of consumers at a time. For this type of situation, the signature algorithm will execute and the NDN routers will store the copy of these contents/messages in its CS for future use as shown in step 2.

Conclusion
In this paper, we introduce the concept of lightweight in a natural heterogeneous generalized signcryption for the NDN-based Internet of Things (IoT). The proposed scheme provides the security properties of unforgeability, confidentiality, forward secrecy, and antireplay attack. We did the computation and communication cost comparisons with existing schemes, and the results give a satisfactory output due to the use of the hyperelliptic curve. So, our scheme reduced the computation cost of certificateless generalized signcryption (CGS) schemes from 78.09 to 97.23% and the communication from 21.73 to 91.89%. Furthermore, our scheme reduced the computation cost of identity-based generalized signcryption (ID-BGS) schemes from 95.70 to 97.84% and the communication cost from 54.05 to 72.13%. In addition, we practically deployed our scheme in the NDN-based smart city. Additionally, the scheme is validated through a security verification tool called AVISPA. The simulation results show that our scheme is valid and safe under the back-end protocols (OFMC, ATSE) of AVISPA.

18
Wireless Communications and Mobile Computing