A Lightweight Certificate-Based Aggregate Signature Scheme Providing Key Insulation

Recently, with the advancement of Information and Communications Technology (ICT), Internet of Things (IoT) has been connected to the cloud and used in industrial sectors, medical environments, and smart grids. However, if data is transmitted in plain text when collecting data in an IoTcloud environment, it can be exposed to various security threats such as replay attacks and data forgery. Thus, digital signatures are required. Data integrity is ensured when a user (or a device) transmits data using a signature. In addition, the concept of data aggregation is important to efficiently collect data transmitted from multiple users (or a devices) in an industrial IoT environment. However, signatures based on pairing during aggregation compromise efficiency as the number of signatories increases. Aggregate signature methods (e.g., identity-based and certificateless cryptography) have been studied. Both methods pose key escrow and key distribution problems. In order to solve these problems, the use of aggregate signatures in certificate-based cryptography is being studied, and studies to satisfy the prevention of forgery of signatures and other security problems are being conducted. In this paper, we propose a new lightweight signature scheme that uses a certificate-based aggregate signature and can generate and verify signed messages from IoT devices in an IoT-cloud environment. In this proposed method, by providing key insulation, security threats that occur when keys are exposed due to physical attacks such as side channels can be solved. This can be applied to create an environment in which data is collected safely and efficiently in IoT-cloud is environments.