A remote attestation mechanism using group signature for the perception layer in centralized networking

As the important transmission approach of the perception data, the security and privacy of the perception layer nodes have been paid more and more attention. To evaluate the credibility of the perception nodes and protect autologous identity privacy, a remote attestation mechanism using group signature (GS-RAM) for the perception layer of centralized networking is proposed in this paper. First, a RAM, based on the computational Diffie–Hellman (CDH) problem and GS, is established for the data source of the perception nodes. Second, the specific construction of the proposed GS-RAM is given to identify the trusted state of data sources without exposing the privacy of the perception nodes. Then, a strict security certification was carried out to verify the correctness, unforgeability, anonymity, traceability, unrelatedness, non-framing, anti-joint aggression and forward security of the proposed GS-RAM. Finally, simulation experiments are carried out to verify that the proposed scheme has better security and dynamic adaptability.

In recent years, with the continuous development of the Internet of Things (IoT), the devices in the Internet of Things have become a digital carrier to drive the rapid development of economy. The Internet of Things is designed to collect and transmit data and perform limited computing tasks. In terms of logical architecture, the Internet of Things can be divided into three layers, respectively, the perception layer responsible for information collection and terminal recognition, the network layer responsible for information transmission and processing, and the application layer responsible for intelligent control based on the network state combined with specific industries. Among them, the perception layer, as the source of data collection and information exchange [1], carries the work of information collection, identity authentication, data integration and forwarding. The perception layer plays a core role in the Internet of Things. As the starting point of data source of IoT, the security of the perception nodes are vital for the stabilization of IoT [2, 3].

As for the perception layer of the IoT, due to its heterogeneity and complexity. It is very vulnerable to be attacked by criminals, resulting in security threats to the source of the perceptual data [4, 5]. Ensuring the credibility of the perception nodes and the source of perception data is the cornerstone of ensuring the safe operation of the perception layer. Simultaneously, it is also one of the key issues that need to be solved at present. Therefore, the analysis and research on the security mechanism of the perception layer of the Internet of Things is crucial to the development of the ecology of the Internet of Things.

In order to verify whether the terminal is in a safe state, it is necessary to ensure the integrity of its underlying devices. A remote attestation can enable remote verification devices to verify the credibility of data source nodes. This technology is a key security mechanism after the extension of trusted computing technology to the Internet of Things. However, the current security mechanism for perceptual nodes is not universal and inefficient. Meanwhile, it is unable to guarantee the reliability of perceptual nodes.

So as to solve the issue that the current models lack of objectivity and dynamic, thereby cannot be contented with the current situation of the Internet of things. In this paper, according to the measurement results of perceptual nodes estimating trust status on trusted logical grouping to build a trusted group with different trust level. Based on the trusted logical grouping of the perception layer [6], a remote attestation mechanism using group signature (GS-RAM) for the perception nodes of centralized networking is proposed to ensure the credibility and protect the privacy in this paper. The experimental simulation shows that this mechanism has high operation efficiency and low computational performance consumption, the mechanism can effectively verify the state of the sensing data source. The main contributions of this paper are as follows.

1. 1.

   A remote attestation mechanism (RAM), based on the CDH problem, is established for the data source of the perception nodes of centralized networking.

2. 2.

   The specific construction of the proposed RAM is given to identify the trusted state of data sources and guarantee the privacy exposure of the perception nodes.

3. 3.

   The security properties of the proposed GS-RAM, including the correctness, unforgeability, anonymity, traceability, unrelatedness, non-framing, anti-joint aggression and forward security, are testified.

The remaining parts of this paper are organized as follows. Section 2 is concerned with the related work. Section 3 introduces the preliminary knowledge about GS, bilinear mapping and the CDH problem. Section 4 describes the GS-RAM in detail. Then, the various security property certifications of the proposed GS-RAM are given to demonstrate the effectiveness of GS-RAM in Section 5. Simulation experiments are carried out to verify that the proposed scheme has better security and dynamic adaptability in Sect. 6. Section 7 concludes this paper.

Terminals in the Internet of Things usually sense, process and transmit perceptual information, which often contains sensitive data and is vulnerable to malicious attacks. Remote attestation is a key security mechanism after the extension of trusted computing technology to the Internet of Things, compared to the present authentication mechanism has many advantages. For example, the present identity authentication mechanisms can only meet a simple authentication, but also there is no way to make trustworthiness attestation on the properties and performance of the entire computing platform. Moreover, it cannot resist platform identity attack, forgery attack, conspiracy attack, etc. While through the remote attestation, the correctness and integrity of information can be checked. Besides, the remote verifier can complete the authentication of the whole platform in the process of interaction, and can verify the trusted state [7].

D. Boneh et al. proposed a short local verifier group signature based on the strong Diffie–Hellman hypothesis and the decision linearity hypothesis in bilinear groups. But it did not have backward irrelevance [8]. Brickell et al. was the first to propose a direct anonymous remote attestation scheme to protect the privacy of platform configuration in 2004. The scheme can be extended in many forms [9].The scheme proposed by Brickell et al. protected the privacy of signers through direct anonymous authentication, which solved some limitations. However, the scheme cannot revoke the identity of malicious nodes and does not protect platform configuration information [10]. Literature [11] proposed a attestation mechanism based on TPM to confirm platform identity by providing TPM data verification to users. It authenticate itself by using a certificate to accomplish remote attestation. The remote attestation selection platform uses AIK key to sign the PCR value of the environment state to complete the integrity measurement. The scheme proposed by Sailer et al. described the brief process of TCG for remote attestation. The prover sends the identity information and configuration information of the computing platform to the interrogator, and the interrogator checks the credibility and integrity of the prover according to the configuration information [12]. Literature [13] pointed out that in the process of remote attestation of TCG remote proof protocol, the prover would realize the attestation of the interrogator by signing its own configuration information. Awad et al. proposed a attestation mechanism based on TCG o ensure the integrity of the system by using TPM. The solution provided both hardware and software attestation. Software attestation verified system software and data, while hardware attestation detected tampering at the system level [14].

The simple remote attestation schemes described above use metrics as a state indicator of the system. However, these mechanisms have some issues, such as management problems caused by the complexity and variability of the system, security problems caused by digital signature using AIK as a measure, etc. The remote attestation mechanisms based on TCG still have some shortcomings, such as can't perform attestation dynamically and can't resist replay attack.

In order to solve these problems in TCG remote proof mechanism, the domestic and oversea scholars have carried out further research on remote attestation. Zhao et al. proposed a credential attestation scheme based on attribute certificates. By abstracting the attributes of the computing platform into certificates, privacy exposure was avoided and the efficiency of the attestation process was improved [15]. Awad proposed an attribute-based attestation scheme, which was easier to manage than the hashing attestation scheme in TCG specification. The solution also provided platform-specific integrity and identity authentication technology. However, the scheme is not perfect because it cannot be fully applied to the current situation of the perception layer [16]. Zhu et al. proposed a semantics-based remote attestation model, which combined semantics-based virtual machine technology with remote attestation. This model was independent and dynamic based on the platform [17]. Liu et al. proposed a remote automatic anonymous attestation scheme based on trusted computing, which achieved the purpose of anonymous attestation and privacy protection through ring signature. However, the scheme can not accurately abstract the external platform attribute value and external attribute certificate [18].

In conclusion, due to the application of the Internet of things is more and more widely. Especially, the IoT perceptual technology has become increasingly complex, the perceptual data has increased explosively. However, the present remote attestation mechanisms that applicable to the perception layer have not been fundamentally figure out these issues, such as how to effectively protect the privacy of authentication nodes’ information. Therefore, we need to study a remote attestation scheme for data sources, which applicable to the perception layer of the Internet of Things.

3.1 Group signature (GS)

As shown in Fig. 1, the scheme of GS consists of four roles: group manager, group member, verifier and opener [19,20,21,22]. The group manager is responsible for the dispensation of signature key and member certificate for each group member. Group members with certificates can generate group signatures, and meanwhile maintain the autologous anonymity. The verifier can judge the legality of signature, but cannot identify the identity of signer. The opener can use the initial key to identify the signer of the corresponding signature, when the behavior of member is abnormal. The detailed procedures include:

1. 1.

   Initialization: security parameters are considered as the input, and public/private key pairs of group manager and opener are regarded as the output;

2. 2.

   Join: The group public key, private key of the group manager, the public key of the group member is the input, and output the group certificate corresponding to the public key of group member is the output;

3. 3.

   Signature: The group public key, a message to be signed, the signature key of signer and the member certificate is the input, and the signature of the message is output;

4. 4.

   Verification: The group public key, a message and the group signature of the message is the input, and the verification result of signature is output;

5. 5.

   Open: The group signature and initial key is the input, and the confirmed identity result of opener is the output.

The scheme of group signature. Describes the process of group signature. The scheme of GS consists of four roles: group manager, group member, verifier and opener [18,19,20,21]

Full size image

3.2 Bilinear mapping

G₁ =  <g₁> and G₂ =  <g₂> are defined as the multiplicative cyclic group of order p, p is a prime number, g₁ and g₂ are the generators of G₁ and G₂ respectively, e: G₁ × G₁ → G₂ is a computable mapping [23, 24]. if satisfies the following properties.

1. 1.

   Bilinear: There is a mapping e: G₁ × G₁ → G₂ makes all αG₁, β ∈ G₂, ∀x, y ∈ Z and exists e(α^x, β^y) = e(α, β)^xy.

2. 2.

   Non-degeneration: There exists g₁ ∈ G₁, g₂ ∈ G₂, e(g₁, g₂) ≠ 1.

3. 3.

   Computability: For ∀α ∈ G₁, ∀β ∈ G₂, there is an effective algorithm to calculate e(g₁, g₂).

4. 4.

   G₁ × G₁ → G₂ are the bilinear mapping.

3.3 The CDH problem

Given the group of G =  <g>, If g, g^a, g^b are known and a, b ∈ Z_p, it is difficult to calculate g^ab when a and b are unknown [25, 26].

3.4 Remote attestation mechanism using group signature

The perception nodes should be credible, when transmitting data in a perceptual nodes group of centralized networking. In this proposed GS-RAM, to prove the credibility of this node, the trusted value and relevant data will be transmitted to remote verification node, which can determine the confidence of data source node, using the received information. When the data source node is in an untrusted state, the remote verification node can trace back to the superior node (management node) of the data source node to further evaluate the credibility of the data source node. Based on the final evaluative results, the remote verification node determines whether or not to interact (Shown in Fig. 2). The detailed processes are as follows:

1. 1.

   In the perception layer of centralized networking mode, the superior node in a perception node group will perform a real-time trust measurement of the data source node. Then, the data source node formalizes the measurement value, timestamp and some other related attributes into a remote proof vector.

2. 2.

   When a member node in the node group is verified by the remote verification node, the data source node only needs to prove that it belongs to the trusted group, which can avoid the disclosure of node identity.

3. 3.

   According to the security strategy of the remote verification node, the credibility of source node can be evaluated. The doubtful of source node can unfold its group signature to examine the corresponding information, or carry out the query from superior node of source node. If the result is unreliable, the data transmission of source node can be refused.

The scheme of GS in centralized networking. Describes the processes of GS in centralized networking

Full size image

Remark 1

Comparing with some security mechanisms, the proposed GS-RAM can efficiently evaluate the credibility of data source node to ensure data transfer more secure between source node and remote node. Moreover, this GS-RAM obtains the characteristics of being measurable, traceable, monitored and extensible.

This part describes the signing, verification and signature opening process of GS-RAM scheme. The symbol and corresponding meaning explanation can be summarized in Table 1.

1. (1)

   The parameters initialization of GS-RAM

GM initializes the information of GS-RAM, consisting of private key, public secret key and the corresponding function. First, GM sets a safety factor m and randomly selects a secret large prime Q. Specifying a bilinear mapping: e: G₁ × G₁ → G₂, (G₁, +) and (G₂,∙) are the cyclic groups of the order Q, G is the generator of G₁. Then, given the collision-free hash function H: {0, 1}^* → G₁, GM randomly selects α ∈ \(Z_{q}^{*}\) and makes g_s = α as the private key of the group, thus the public key of the group is g_x = αG ∈ G₁. Finally, g_s is regarded as the private parameter and the public parameters (G₁, G₂, e, Q, G, H, g_x) is released.

1. (2)

   The registration of group member

The perception node needs to conduct an identity interactive authentication protocol with GM, when it wants to join the group. The participant node randomly selects s_i ∈ \(Z_{q}^{*}\) as its private key and regards S_i = s_iG as the public key. Then, participant node transmits the public key S_i to GM, and meanwhile requests registration. GM authenticates the participant node and arbitrarily selects \(\alpha_{i}^{c}\) ∈ \(Z_{q}^{*}\). If \(\alpha_{i}^{g}\) = (α − \(\alpha_{i}^{c}\))(modQ), the verification are successful and GM will transmit \(\alpha_{i}^{c}\) to this participant node. The participant node becomes a new CIN_i and GM will record (\(\alpha_{i}^{g}\), S_i) in set L₁ of legal information of group member.

1. (3)

   The key update of GS-RAM

CIN_i selects \(r_{0}^{c}\) ∈ \(Z_{q}^{*}\), and obtains \(k_{0}^{c}\) = s_i + \(\alpha_{i}^{c}\) + \(r_{0}^{c}\), \(T_{i,0}^{c}\) = \(r_{0}^{c}\)G, \(k_{0}^{c}\) is the initial key. Then, CIN_i chooses rc t ∈ \(Z_{q}^{*}\) in time t

Thus, it can be seen that the key of CIN_i at time t is \(k_{t}^{c}\), \(r_{t}^{c}\) and \(k_{t - 1}^{c}\) will be discarded.

GM selects \(r_{0}^{g}\) ∈ \(Z_{q}^{*}\) and obtains \(k_{0}^{g}\) = \(\alpha_{i}^{g}\) + \(r_{0}^{g}\), \(T_{i,0}^{g}\) = \(r_{0}^{g}\)G, \(k_{0}^{g}\) is the initial key. Then, GM arbitrarily chooses \(r_{t}^{g}\) ∈ \(Z_{q}^{*}\) at time t

Thus, the key of GM is \(k_{t}^{g}\) at time t, \(r_{t}^{g}\) and \(k_{t - 1}^{g}\) are discarded.

1. (4)

   The generation of GS

The signed message m consists of the credibility value T of CIN_i and other related attributes OR, thus m = (T||OR). ‘||’ is the connecting symbol. CIN_i gets the signature \(\alpha_{i,t}^{c}\) = \(k_{t}^{c}\)H(m), and then transmits (m, \(\alpha_{i,t}^{c}\), S_i, \(T_{i,t}^{c}\)) to GM. Then, GM evaluates the identity of CIN_i, using the obtained (m, \(\alpha_{i,t}^{c}\), S_i, \(T_{i,t}^{c}\)). If the perception node fails to authentication, GM can reject the connection. If the node identity certification is successful, GM can calculate the signature key \(k_{t}^{g}\) at time t, and get \(\alpha_{i,t}^{g}\) = \(k_{t}^{g}\)H(m). Then, GM checks the results of e(G, \(\alpha_{i,t}^{c}\) + \(\alpha_{i,t}^{g}\)) = e(g_x + S_i + \(T_{i,t}^{c}\) + \(T_{i,t}^{g}\), H(m)). If the formula is equal, GM can obtain σ_i,t = \(\alpha_{i,t}^{c}\) + \(\alpha_{i,t}^{g}\) and T_i,t = \(T_{i,t}^{c}\) + \(T_{i,t}^{g}\) + S_i, and meanwhile record (S_i, \(T_{i,t}^{c}\), \(T_{i,t}^{g}\), H(m)) to the signature information set L₂ of group member. In addition, the group signature of message m is recorded as ∆ = (σ_i,t, T_i,t).

1. (5)

   The verification of GS-RAM

The remote verification node V can calculate μ = H(m), and judge e(G, σ_i,t) = e(g_x + T_i,t, μ),When receiving GS ∆ = (σ_i,t, T_i,t). The perception data can be transmitted, after finishing validation by the remote verification node V. If signature verification is unsuccessful, V can immediately stop receiving GS and data of the source node.

1. (6)

   The open of GS-RAM

When GS is questioned by the remote verifier V, the group member generating GS can be traced with the help of GM. GM can open ∆ = (σ_i,t, T_i,t), and then verify the signature node using the information set L₁ of legal group member and the information set L₂ of group member signature recorded by the GM.

1. (7)

   The verification of GS-RAM

The group manager GM can perform the calculation of k′ = \(k_{t}^{g}\)G = \(T_{i,t}^{g}\) + \(\alpha_{i}^{g}\)G and ε_i,t = σ_i,t − \(k_{t}^{g}\)μ to verify the legality of ∆ = (σ_i,t, T_i,t) which is the signature of information m by CIN_i at time t.

To ensure the security of the proposed GS-RAM, the correctness, unforgeability, anonymity, traceability, non-relatedness, non-frameability, anti-joint aggression and forward security of GS-RAM can be verified.

1. (1)

   Correctness

(a) The correctness verification of GS. ∆ = (σ_i,t, T_i,t) is the signature of the message m by the group member node CIN_i at time t. The remote verifier V obtains the signature ∆ = (σ_i,t,T_i,t) and calculate

Based on Eq. (5), the correctness of GS-RAM has been proved.

(b) The verification of GS. To verify that ∆ = (σ_i,t, T_i,t) is the signature of CIN_i for the message m at time t, GM can calculate

According to Eq. (6), σ_i,t must be generated by group manager GM and the group member CIN_i.

1. (2)

   Unforgeability

If (σ_i,t, T_i,t) is the signature of message m by CIN_i, then it can calculate

where θ₁ is the signature of the group member CIN_i and the group manager GM, θ₂ is the BLS signature of the group member CIN_i on message m, and θ₃ is the BLS signature of the group manager GM and the group member CIN_i on message m. θ₁, θ₂ and θ₃ satisfy unforgeability, thus ∆ = (σ_i,t, T_i,t) meets unforgeability.

1. (3)

   Anonymity

The anonymity of GS means that only the group manager GM can open the signature and trace to the real signature node for a given GS. Assume that there are different CIN_i and CIN_h (i ≠ h) signing the same message m, (σ_i,t, T_i,t) and (σ_h,t, T_h,t) are indistinguishable. If an attacker obtains the key of GM, CIN_i and CIN_h, the attacker can open any signature except ∆ = (σ_i,t, T_i,t) by cooperating with the group manager GM which is in a trusted state. For the message m, if the attacker obtains (σ_i,t, T_i,t) and (σ_h,t,T_h,t), it means that the attacker can solve the CDH problem on G₁.

If knowing a GS of CIN_i for message m and the key of GM and CIN_i, it can get: ω = αH(m), μ_i = s_iH(m), v_i = σ_i,t − ω − μ_i. \(T_{i,t}^{c}\) + \(T_{i,t}^{g}\) = T_i,t − S_i and \(T_{i,t}^{c}\) + \(T_{i,t}^{g}\), H(m) belongs to G₁, so a and b belongs to \(Z_{p}^{*}\). let \(T_{i,t}^{c}\) + \(T_{i,t}^{g}\) = aG, H(m) = bG, and

Based on Eq. (8), v_i is equal to abG, which means that although an attacker can solve a difficult the CDH problem, this problem cannot be calculated on G₁. Therefore, the attacker cannot successfully attack. The anonymity of GS-RAM has been proved.

1. (4)

   Traceability

According to the proposed GS-RAM, ∆ = (σ_i,t, T_i,t) is produced by the collaboration of GM and CIN_i. If the CIN_i wants to provide a legal group signature, it must cooperate with GM. In addition, the identity and public key (S_i, \(T_{i,t}^{g}\), \(T_{i,t}^{c}\), H(m)) of the CIN_i are also recorded by GM. When the remote verifier V has a query after receiving the signature, GM can open ∆ = (σ_i,t, T_i,t) and then trace the real signature node according to the group member information list recorded in the GM.

1. (5)

   Un-relevance

Theorem 1

If there are two signatures, and only GM can identify whether they are signed by the same CIN_i, the two signatures are non-relevance.

Proof

Suppose (σ_i,t, T_i,t) is the GS of CIN_i at time t for the information m_t and (σ_i,t+∆t, T_i,t+∆t) is the GS of CIN_i at time (t + ∆t) for the information m_t+∆t, the attack can distinguish (σ_i,t, T_i,t) and (σ_i,t+∆t, T_i,t+∆t). Moreover, the attack can also obtain the signature (σ_i,t, T_i,t) for the information m_t and the private key of GM and CIN_i. To ensure the security of GM, thus ω = αH(m_t), μ_i = s_iH(m_t), v_i = σ_i,t − ω − μ_i, \(T_{i,t}^{c}\) + \(T_{i,t}^{g}\) = T_i,t − S_i, which can prove that (\(T_{i,t}^{c}\) + \(T_{i,t}^{g}\), G, H(m_t),v_i) is the CDH problem of group G₁. Therefore, it is impossible to judge the relevance of (σ_i,t, T_i,t) and (σ_i,t+∆t, T_i,t+∆t) without unfolding them, because the CDH problem of group G₁ is inextricable.

1. (6)

   Non-frameability

Based on the above analysis, the proposed GS-RAM is unforgeable. Therefore, it is impossible to forge a legal signature node for signature under the premise that no other node except the signature node has the key of the group member. Therefore, this GS-RAM cannot be framed.

1. (7)

   Anti-joint attack

This GS-RAM is unforgeable. Therefore, GM can verify the legality of CIN_i, when GM wants to cooperate with signature node CIN_i to generate an effective GS. Some nodes in the group want to jointly forge a legal signature, it is impossible to construct a legal group signature, if GM does not cooperate with them.

1. (8)

   Forward safety

Assuming that CIN_i can change the key \(k_{t}^{c}\) using an arbitrarily \(r_{t}^{c}\), the change of the time period cannot affect the selection of the random number, and the signature key can be updated without restriction. If knowing that the key of CIN_i at time t is \(k_{t}^{c}\) and wanting to get the key before the time t, the attacker must obtain \(r_{k}^{c}\) of CIN_i before the (t − 1) time period. However, every \(r_{k}^{c}\) getting the key at time t will be destroyed. Therefore, if the attacker wants to obtain \(r_{t - 1}^{c}\) at time (t − 1) by computing \(T_{i,t - 1}^{c}\) − \(T_{i,t - 2}^{c}\) = \(r_{t - 1}^{c}\)G, this process can be considered as solving the discrete logarithm difficult problem on group G₁. This proposed GS-RAM scheme has forward security.

Remark 2

Based on the above analysis, for the centralized networking mode of the perception layer, the proposed GS-RAM can realize the credibility attestation of data source. Moreover, it can be seen that this proposed GS-RAM can effectively protect the concealment of group member's identity, has the correctness, unforgeability, anonymity, traceability, non-relatedness, non-frameability, anti-joint aggression and forward security by analyzing the security of GS-RAM.

The group signature length of GS-RAM is short, which can effectively reduce the computational cost and is more practical.

The communication cost and efficiency of the proposed remote attestation scheme are compared with those proposed in other published literatures. Table 2 shows the comparison results of communication efficiency in attestation process with those proposed in references [27,28,29]. Where, PA represents the number of bilinear pair operations required in the scheme, MUL represents the number of dot product operations required in the scheme, and EXP represents the number of power exponential operations required in the scheme. SIG indicates the signcryption phase, and UNSIG indicates the unsigncryption phase. As can be seen from Table 2, the remote attestation scheme implemented in this paper has one advantage in power exponent calculation. It is very important to reduce the number of bilinear pair operation, dot product operation and power index operation in the attestation scheme to improve the communication efficiency and the use value of the scheme. The remote attestation scheme in this paper has more advantages, which can reduce the communication cost and improve the efficiency.

In this section, the remote attestation process between nodes in the perception layer is simulated. Simultaneously, the malicious nodes attack method described in the literature [7] is adopted to test the correctness and effectiveness as well as the dynamic adaptability of the proposed scheme.

Figures 3 and 4 respectively show the comparison results of the rate of receiving trusted data at points when malicious nodes account for 5% and 15% of all nodes. Scheme 1 represents the conventional perceptual nodes authentication scheme [30], and scheme 2 represents the interactive scheme without remote attestation.

The trusted data rate of the malicious nodes in 5%

Full size image

The trusted data rate of the malicious nodes in 15%

Full size image

As can be seen from Figs. 3 and 4, when malicious nodes account for 5% and 15% in the perception layer. The remote attestation scheme proposed in this paper can effectively ensure the trusted data rate of data received by remote nodes. The reason why this scheme is superior to scheme 1 and 2 is that the remote attestation scheme proposed in this paper can guarantee the security and credibility of the nodes before the data source nodes transmits data.

As can be seen from Fig. 5, the energy consumption of the scheme proposed in this paper is slightly higher than scheme 1 and scheme 2’s energy consumption. The reason is that the computational complexity is higher than those of scheme 1 and scheme 2. Therefore, the rate of energy consumption per unit time must be higher than those of scheme 1 and scheme 2. While it will not affect the service life of the perceptual nodes significantly, however, it can be seen from the above that the security of this scheme is far superior to scheme 1 and 2. By comprehensively weighing the comparison of security and energy consumption, the remote attestation scheme in this paper achieves better security through less energy consumption and it is more suitable for the perception layer of IoT.

The remaining rate of energy

Full size image

Due to the existence of many unstable reasons, the perception layer may change at any time. Therefore, the ability of the perception layer to operate credibly despite the influence of external factors is called dynamic adaptability. If a trust model is not affected by external complex and dynamic factors, and can still accurately and continuously measure the perception nodes. It can be considered that the trust model is effective and has strong dynamic adaptability.

In the different perception layer of the Internet of Things, due to different deployment environments, there will be great differences in the interaction between nodes. For example, due to limited computing resources in the perception layer, some nodes will not interact with each other continually.

Another example is in the environment of Internet of vehicles, where frequent interaction between nodes may be required. Therefore, the dynamic adaptability of the proposed scheme is verified by comparing with scheme 1 and scheme 2.

The simulation experiment in this paper reflects the perceptual network environment of different situations through two indicators SRF and TDF.

1. 1.

   SRF represents the communication frequency between nodes. The value can be used to represent the busy state of the perception network. The variation range of this value is [0,1]. The larger the value is, the more frequent the communication between nodes will be. This value is generally set to a constant depending on the development environment of the perceptual network deployed.

2. 2.

   TDF represents the dynamic change frequency of the whole perceptual network. Since the perception nodes may join or quit at any time, this value can represent the dynamic change of the perceptual network. The change range of this value is [0,1]. This value is generally set to a constant depending on the development environment of the perceptual network deployed.

In this simulation experiment, the success rate of node trusted interaction TSSP represents the dynamic adaptability of the remote attestation model. The larger TSSP becomes, the stronger dynamic adaptability the model has. It is stipulated that ST(∆T) is the record of successful communication between nodes. GT(∆T) is all times of communication between nodes including communication failure. Therefore E can be expressed as:

Figures 6 and 7 show the comparison of dynamic adaptability between the remote attestation scheme in this paper and other schemes in different perceptual network environments.

The adaptability in low-frequency-aware network of dynamic

Full size image

The adaptability in high-frequency-aware network of dynamic

Full size image

In Fig. 6, SRF = 0.3, TDF = 0.2. It indicates that the perceptual network does not change frequently and the communication frequency between nodes is not frequent in this scenario.

In Fig. 7, SRF = 0.9, TDF = 0.8. It indicates that the perceptual network changes frequently and the communication between nodes is frequent in this scenario.

In conclusion, compared with the scheme 1 and 2, the scheme proposed in this paper is more suitable for the perception layer of IoT. Because the remote attestation scheme for the node based on trusted measurement of comprehensive real-time, it fully consider the characteristics of the awareness of different networking nodes. Meanwhile, it can more accurately and objectively describe the safety of the node. Therefore, this scheme has better network dynamic adaptability.

In this paper, a GS-RAM was designed to evaluate the credibility of the perception nodes and protect the autologous identity privacy. Then, the specific construction of the proposed GS-RAM is given, which GS-RAM can query credibility of the perception nodes and trace suspicious nodes. Finally, the correctness, unforgeability, anonymity, traceability, unrelatedness, non-framing, anti-joint aggression and forward security of the proposed GS-RAM was verified. The analysis results demonstrated that this proposed GS-RAM is safe and efficient to apply into the perception layer of centralized networking. Finally, simulation experiments are conducted to compare the proposed scheme with other remote attestation schemes, which verify the correctness and effectiveness of the proposed scheme, which has better security and dynamic adaptability. However, this scheme only applies to centralized networking. Besides, with the rise of quantum cryptography, some new attacks have emerged. The scheme proposed in this paper is still a little weak in resisting quantum attack. Therefore, how to improve the security of encryption means under the condition of low consumption has become an important research direction. At the same time, the limit length of the existing 128-bit RSA key may have unknown risks. Therefore, in the future research and work, a more secure mechanism is needed to ensure the security of the remote attestation process of nodes of the perception layer in the Internet of Things. In addition, anti-quantum attack research and improvement are needed to gradually optimize the performance and efficiency to better meet the needs of the sensing layer of the Internet of Things. In addition, it is necessary to conduct research and improvement on anti-quantum attack and gradually optimize the performance and efficiency to meet the needs of the perception layer of the Internet of Things superiorly.

The data used to support the findings of this study is included within the article.

GS-RAM:

Remote attestation mechanism using group signature

RAM:

Remote attestation mechanism

GS:

Group signature

CDH:

The computational Diffie–Hellman

IoT:

Internet of things

ECC:

Elliptic curve cryptography

MD5:

Message-digest algorithm 5

RFID:

Radio frequency identification

Authors and Affiliations

1. Research Institute of China Mobile Communications Corporation, Beijing, 100032, China

   Jing Huang, Hui-Juan Zhang, Shen He, Jia Chen & Zhe-Yuan Sun

Contributions

JH and H-JZ contributed in investigation, the overall design, design of the septuple formula and the scalar multiplication algorithm, result analysis, and draft manuscript writing. SH and Z-YS contributed in methodology, reviewing and editing the manuscript, and funding acquisitions. All the authors read and approved the final manuscript.

Corresponding author

Correspondence to Hui-Juan Zhang.

Competing interests

No conflict of interest exits in the submission of this manuscript, and manuscript is approved by all authors for publication. I would like to declare on behalf of my co-authors that the work described was original research that has not been published previously, and not under consideration for publication elsewhere, in whole or in part. All the authors listed have approved the manuscript that is enclosed.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions