Mutual Heterogeneous Signcryption Schemes for 5G Network Slicings

11/09/2018
by   Jingwei Liu, et al.
IEEE
Xidian University
NetEase, Inc
0

With the emerging of mobile communication technologies, we are entering the fifth generation mobile communication system (5G) era. Various application scenarios will arise in the 5G era to meet the different service requirements. Different 5G network slicings may deploy different public key cryptosystems. The security issues among the heterogeneous systems should be considered. In order to ensure the secure communications between 5G network slicings, in different public cryptosystems, we propose two heterogeneous signcryption schemes which can achieve mutual communications between the Public Key Infrastructure (PKI) and the CertificateLess public key Cryptography (CLC) environment. We prove that our schemes have the INDistinguishability against Adaptive Chosen Ciphertext Attack (IND-CCA2) under the Computational Diffie-Hellman Problem (CDHP) and the Existential UnForgeability against adaptive Chosen Message Attack (EUF-CMA) under the Discrete Logarithm Problem (DLP) in the random oracle model. We also set up two heterogeneous cryptosystems on Raspberry Pi to simulate the interprocess communication between different public key environments. Furthermore, we quantify and analyze the performance of each scheme. Compared with the existing schemes, our schemes have greater efficiency and security.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 5

page 6

page 7

page 8

page 9

12/14/2021

A code-based hybrid signcryption scheme

A key encapsulation mechanism (KEM) that takes as input an arbitrary str...
07/21/2019

LiSA: A Lightweight and Secure Authentication Mechanism for Smart Metering Infrastructure

Smart metering infrastructure (SMI) is the core component of the smart g...
12/28/2017

A Secure and Authenticated Key Management Protocol (SA-KMP) for Vehicular Networks

Public key infrastructure (PKI) is the most widely used security mechani...
02/28/2021

Non-invertible Anonymous Communication for the Quantum Era

We introduce a new approach for circuit anonymous communication based on...
03/16/2021

Compatible Certificateless and Identity-Based Cryptosystems for Heterogeneous IoT

Certificates ensure the authenticity of users' public keys, however thei...
10/09/2020

On the Security of Group Communication Schemes

Secure group communications are a mechanism facilitating protected trans...
08/08/2009

Side-channel attack on labeling CAPTCHAs

We propose a new scheme of attack on the Microsoft's ASIRRA CAPTCHA whic...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

Since the emergence of wireless networks, the Mobile Internet has experienced explosive growth four times (1G, 2G, 3G, 4G). It has become the foundation of information networks connecting the human society. The existing traditional communication services are difficult to adapt to many application scenarios. Therefore, the fifth generation mobile communication technology arises at this historic moment. 5G is a hot spot in global research. In 2012, the European Union officially launched METIS (mobile and wireless communications enables for the 2020 information society) project [1]. In Asia, South Korea started the “GIGA Korea” 5G project [2] in 2013. Chinese IMT-2020 promotion group and the “863” plan were also launched in June, 2013 and March, 2014 respectively [3]. Due to 5G services having the advantages of faster speed, larger capacity, and lower cost, many scholars all over the world are carrying out a wide range of research on the candidate frequency bands of 5G communication, the development of 5G vision, 5G’s application requirements and key technologies [4], while, at the same time they also raise more security challenges. People who use 5G’s services face more extensive and complex security threats.

Fig. 1: The system architecture of 5G

Since a variety of 5G application scenarios may have different requirements, 5G network resources are divided into different network slicings to meet these demands. Dividing the network can reduce the network operating cost and improve the efficiency.

I-a Network Slicing

The 5G system is composed of three layers shown as follows. They correlate to each other through the entities of network layout [5]:

  • Infrastructure Resource Layer: Through virtualization principles, the physical resources of the fixed and mobile convergence network are exposed to the orchestration entity. These resources are composed of access nodes, cloud nodes, 5G devices, network nodes and related links.

  • Business Enablement Layer: All the functions of the convergence network should be constructed in a modular form and documented to the database. The functions of the software module and the configuration parameters of the specific network parts can be downloaded from the resource database.

  • Business Application Layer: This layer deploys the specific applications and services in 5G network [6].

In 2015, Ericsson proposed that 5G systems would be built to logical network slicings, which can enable operators to meet the wide range of users demands. The network slicings are also called the “5G network slicings”. They comprise a group of network functions, resources, connection relationships and typically covering multiple technical domains including terminals, access networks, etc. Through the virtual independent logic network infrastructure, the 5G network slicings technology provide an isolated network environment for different applications. In this way, a wide variety of scenarios can be customized according to the demands of network functions and characteristics. Different network slicings include different proprietary networks with separate logics. A 5G slicing is composed of various functions and specific Radio Access Technology (RAT) sets [7]. It can span all domains of the network: software modules running on the cloud, specific configurations of the transport network supporting flexible and accurate positioning, dedicated radio configurations, ect. The specific application scenarios or business models can decide the utilization forms of network functions and the compound modes of RAT sets.

Via the virtualization technology, network infrastructure resources are virtualized into a number of proprietary networks according to the requirements of specific applications. Slicings can customize network functions and manage network resources based on different business scenarios [8]. Each network slicing can be abstracted as a logical network formed by the collection of network functions and their corresponding configurations [9]. These logical networks (different 5G slicings) can provide network services accordingly.

There are three steps in a slicing’s life cycle: the creation, the management, and the revocation. As shown in Fig. 1, the business requirement operator puts forward requirements to the network operator, upon receiving these requirements, the network operator matches the network slicing template according to the requirements of the business scenario. A slicing template contains the network function components required, the component interaction interfaces, and the description of the network resources. When the template is imported, the service engine can apply for network resources from the resource platform. After acquiring the resources, the service engine can use them to achieve virtual network functions and make it entitative [10]. Fig. 1 shows that 5G network slicings could be the Mobile Internet, Internet of Vehicles, Internet of Things, etc.

I-B Related Work

In a traditional PKI cryptosystem, there is a Certification Authority (CA) that issues public key certificates for each user and binds certificates with their identities. However, as the number of users increases, this method uses a great deal of time and storage space in certificate management. In order to solve this problem, Identity-Base Cryptosystem (IBC) [11] was proposed by Shamir in 1984. In IBC, users’ public keys are their identities and private keys are generated by Key Generation Centers (KGC). However, it leads another issue of key escrow; because of this issue, some key management schemes have been proposed to address this problem [12, 13]. In [14], CLC was also introduced to solve this problem in which the private key is formed by two parts. One problem is the secret value of the user’s choice and the other is the partial private key issued by KGC. Hence, KGC has no way to get the full private key, so the key escrow problem is solved effectively.

In order to achieve confidentiality, integrity, authentication and nonrepudiation simultaneously, a traditional approach is first to sign a message and then to encrypt it, called the signature-then-encryption approach. For the sake of optimizing algorithm and improving efficiency, the concept of signcryption [15] was first introduced by Zheng 1997, and the formal security model of signcryption [16] was first proposed in 2002. Signcryption is a new cryptographic primitive that fulfills the functions of digital signature and public key encryption in a single logical step, at a cost significantly lower than that required by the traditional signature-then-encryption approach. Although some signcryption schemes based on PKI or CLC [17, 18] were proposed in the past few years, they are only suitable for homogeneous environments. Research on heterogeneous communications has been considered by scholars around the world, in order to facilitate communications [19, 20, 21]. Similarly, in the 5G system, different network slicings may deploy different public cryptosystems. In order to ensure the secure communications between 5G network slicings over different public key systems, we put forward two innovative mutual heterogeneous signcryption schemes.

In 2010, Sun et al. proposed a heterogeneous signcryption scheme between PKI and IBC [22] and discussed it in the multi receiver setting, however their scheme could only resist outside attacks, and it did not satisfy the non-repudiation. In 2011, Huang et al. [23] proposed a heterogeneous signcryption scheme for PKI-to-IBC that can achieve the insider security. Regardless, it only permits a sender in the IBC to transmit a message to a receiver in the PKI and does not provide the mutual communications. In 2013, Li et al. [24] proposed two signcryption schemes that provided bidirectional communication between PKI and IBC. This scheme relied on the cumbersome pairing operations which lead to the inefficiency. In 2016, Li et al. [25] proposed a heterogeneous signcryption to design an access control scheme without certificates. In 2017, a concrete heterogeneous signcryption scheme of IBC-to-CLC was presented in [26]. In the same year, Wang et al. [27] proposed an IBC-to-PKI heterogeneous signcryption scheme in the standard model.

Fig. 2: The PCHS scheme.

In this paper, we propose two mutual heterogeneous signcryption schemes between PKI and CLC public cryptosystems named PCHS (PKI-CLC Heterogeneous Signcryption) and CPHS (CLC-PKI Heterogeneous Signcryption). When the users in the 5G slicing based on PKI environment (such as a Mobile Internet slicing) try to communicate with the users in the 5G slicing based on CLC (such as a Vehicle Internet slicing), they can use the PCHS scheme to establish a secure communication, if in the opposite case, the CPHS scheme can be used.

The rest of paper is organized as follows. We introduce the preliminary work e.g. the generic signcryption model and the complexity assumptions in Section II. Then, we propose two efficient mutual heterogeneous signcryption schemes in Section III. The security analysis of the proposed schemes are given in Section IV. The performance is evaluated in Section V. Section VI concludes this paper.

Ii Preliminaries

A heterogeneous signcryption scheme generally consists of the following five algorithms:

Setup: This is a probabilistic algorithm running by Private Key Generator (PKG). It inputs a security parameter , and outputs the system parameters and the master key. PKG publishes the system parameters while keeping the master key in secret.

PKI-KG: This is a key generation algorithm for PKI users. Each user chooses his/her private key and publishes the public key .

CLC-KG: This is a key generation algorithm for CLC users.

  • Partial Private Key Extract: The user inputs the system parameters, the master key and his/her identity , PKG outputs the partial private key and transmits it to the user in a secure way.

  • Set Secret Value: The user inputs an identity , and outputs a secret value .

  • Private Key Extract: The user inputs a partial private key and a secret value , and outputs a full private key .

  • Public Key Extract: The user inputs an identity and the secret value , and outputs a public key .

Signcrypt: This is a probabilistic signcryption algorithm running by a sender. It takes a message , the sender’s private key and a receiver’s public key , then outputs the ciphertext .

Unsigncrypt: This is a deterministic unsigncryption algorithm running by a receiver. It takes the ciphertext , the sender’s public key and the receiver’s secret key . Then, it outputs the plaintext , or the symbol if is an invalid ciphertext between the specific sender and receiver.

Ii-a Bilinear Pairings

The bilinear pairing namely Weil pairing or Tate pairing of algebraic curves is defined as a map . Here, is a cyclic additive group of a large prime order . is a generator of . is a cyclic multiplicative group of the same order . Let and be elements in . A bilinear pairing has the following properties:

  • Bilinearity: Let , and . This can be related as , and .

  • Nondegeneracy: There exist , such that . Here, denotes the identity element of .

  • Computability: There is an efficient algorithm to compute for all .

Fig. 3: The CPHS scheme.

Ii-B Complexity Assumptions

The security of our schemes relies on the hardness of the following problems.

is a cyclic additive group of a large prime order . is a generator of .

Definition 1. Computational Diffie-Hellman Problem (CDHP): Given an instance , for any , it is difficult to compute .

Definition 2. Discrete Logarithm Problem (DLP): Given an instance , it is difficult to compute the integer .

We assume there are two types of adversaries with different capabilities. The Type I adversary can replace users’ public keys, but it does not know the master secret key . The Type II adversary can access the master secret key , but can not replace users’ public keys.

Iii Proposed Schemes

In this section, we assume that a 5G Mobile Internet slicing is in PKI public cryptosystem, and a 5G Vehicle Internet slicing is in CLC public cryptosystem. We propose two efficient signcryption schemes for the security authentication between the two heterogeneous 5G slicings. The first scheme PCHS allows users in PKI cryptosystem to signcrypt the messages and send them to users in CLC cryptosystem. Upon receiving these signcrypted messages, the users in CLC cryptosystem can decrypt and verify them. The second scheme CPHS is the inverse of PCHS. The detailed processes are shown in Fig. 2 and Fig. 3.

Iii-a Pchs

The PCHS is described as follows:

Setup: Given a security parameter , PKG chooses a cyclic additive group of a large prime order . is a generator of . Then, PKG defines three cryptographic hash functions: , , and . PKG selects a master secret key randomly and computes the master public key . Then, it publishes system parameters and keeps the master key secret.

PKI-KG: A user in PKI cryptosystem chooses a random number as his/her private key and computes as his/her public key .

CLC-KG:

  • Partial Private Key Extract: PKG randomly selects and computes , , and . Then, PKG sends and to the user securely. is the user’s partial private key.

  • Set Secret Value: The user randomly chooses as his/her secret value.

  • Private Key Extract: The user sets his/her full private key as .

  • Public Key Extract: The user sets his/her public key as .

Signcrypt: The user in PKI cryptosystem uses his/her private key and the receiver’s public key in CLC cryptosystem to signcrypt a message as follows:

1) Choose a number randomly.

2) Compute , , .

3) Compute .

4) Compute .

5) Compute .

The ciphertext is .

Unsigncrypt: The user in CLC cryptosystem uses his/her private key and the sender’s public key in PKI cryptosystem to unsigncrypt the ciphertext as follows:

1) Compute .

2) Compute .

3) Compute .

4) Compute .

5) Accept the message if and only if , return otherwise.

Now we verify the correctness of the PCHS.

Firstly:

Secondly:

Finally:

Iii-B Cphs

In CPHS, the Setup, PKI-KG and CLC-KG algorithms are the same as PCHS. And CPHS can be described as follows:

Signcrypt: The user in CLC cryptosystem uses his/her private key and the receiver’s public key in PKI cryptosystem to signcrypt a message as follows:

1) Choose a number randomly.

2) Compute , , .

3) Compute .

4) Compute .

5) Compute .

The ciphertext is .

Unsigncrypt: The user in PKI cryptosystem uses his/her private key and the sender’s public key in CLC cryptosystem to unsigncrypt the ciphertext as follows:

1) Compute .

2) Compute .

3) Compute .

4) Compute .

5) Accept the message if and only if , return otherwise.

Now we verify the correctness of the CPHS.

Firstly:

Secondly:

Finally:

Iv The Security Proof of Schemes

In this section, we prove the security of the proposed schemes.

Theorem 1. (PKI-CLC IND-CCA2-1): In the random oracle model [28], if an adversary has a nonnegligible advantage against the IND-CCA2-1 security of the PCHS when performing queries to oracles , there exists an algorithm through which the challenger can solve the CDHP with an advantage . Here, , denotes partial private key queries of CLC system, denotes private key queries of CLC system, and denotes unsigncryption queries.

Proof: To solve a random CDHP instance , uses as a subroutine. should ask for before the identity is used in any other queries.

Initialization: initializes and returns the system parameters to . Next, it picks a challenged identity randomly without leaking anything about to . needs to maintain the list of ~, and that are used to simulate the ~ hash oracles and the key extraction oracles respectively. Then, it answers these queries as follows.

Phase 1: performs a polynomially bounded number of queries in an adaptive manner.

1. -Queries: When presents this query on an identity , checks whether the tuple exists in . If so, returns to . Otherwise, the public key query on is made to generate to subsequently.

2. -Queries: For a query, first checks if has been in previously. If so, returns the value . Otherwise, returns a random , and adds new tuple to .

3. -Queries: For a query, first checks if the value of query has been in previously. If so, returns it. Otherwise, randomly chooses from , returns and adds to .

4. PKI Private-Key-Queries: For a private key query on , will invoke and search , then returns the private key .

5. CLC Partial-Private-Key-Queries: For a partial private key query on , makes the following response:

(1) If , aborts.

(2) If , will invoke and search , then return the partial private key .

6. CLC Private-Key-Queries: For a private key query above , responds as follows:

(1) If , aborts.

(2) If , will invoke and search , then return .

7. CLC Public-Key-Queries: When submits a query on identity for his/her public key, searches for the tuple and responds as follows:

(1) If the public key exists, returns .

(2) If , randomly chooses , with unknown , then it sets , , where . updates in and in .

(3) If , selects randomly. Next, calculates , , where . Then, updates with and with .

8. CLC Public-Key-Replacement-Queries: When replaces the public key of the identity with , updates with the tuple . Here, denotes an unknown value. The new public key is used by the challenger to solve the CDHP or is requested by the adversary in the public key queries.

9. Signcrypt-Queries: Suppose and are the identities of a sender and a receiver respectively. When makes this query on the tuple , makes responses as below:

(1) If , runs the signcrypt algorithm normally and sends the ciphertext to .

(2) If and , finds from and and generates the ciphertext in following steps:

  • Choose randomly, compute ;

  • Compute , , store into ;

  • Compute ;

  • Compute , ;

  • The ciphertext is .

10. Unsigncrypt-Queries: Upon receiving a unsigncrypt query of , responds as follows:

(1) If , runs the unsigncrypt algorithm normally and returns the result.

(2) If , searches for . computes . If and only if , the message is accepted. Otherwise, the ciphertext is rejected.

Challenge phase: generates two equal-length plaintexts and two challenged identities , . In phase 1, the public key of can not be replaced and the partial private key queries can not be asked as well as the secret value. If , aborts. Otherwise, asks public key request oracle on , sets receiver’s partial public key to (an instance of CDHP) for an unknown . Next, randomly selects , , and a random bit , then sets , , , computes and returns to .

Phase 2: As in Phase 1, will also present adaptively queries with the limitations of Type I adversary in this phase. However, (1) cannot submit the private key query on . (2) cannot ask the partial private key query on if the public key is replaced before the challenge. (3) cannot present the unsigncrypt query on .

Guess: In order to get a correct guess, should obtain the outputs , and from the challenge phase. Given an instance , can solve CDHP: .

Probability Analysis: In above discussions, there are four situations leading to the aborting of :

  • : asks the partial private key queries of the challenged identity .

  • : presents the private key queries of the challenged identity .

  • : does not choose as the receiver’s identity in the challenge phase.

  • : aborts in an unsigncryption query because of rejecting a valid ciphertext.

Only if does not reject the game, the CDHP can be solved. As a result, the probability of not aborting is: .

We know that , , , and . Therefore, .

In addition, the probability that randomly chooses a from and outputs it as a solution of CDHP is . In conclusion, we have .

Theorem 2. (PKI-CLC IND-CCA2-2): In the random oracle model, if an adversary has a nonnegligible advantage against the IND-CCA2-2 security of the PCHS when performing queries to oracles , then there exists an algorithm through which the challenger can solve the CDHP with an advantage . Here, .

The ~ hash oracles and the key extraction oracles are similar with PKI-CLC IND-CCA2-1. The second type adversary knows the master key of PKG, but it is not allowed to replace any user’s public key.

Probability Analysis: In Phase 2, can not ask a private key query on and an unsigncryption query on for the corresponding plaintext. will abort the game in following situations:

  • : asks the private key queries of the challenged identity .

  • : does not choose as the receiver’s identity in the challenge phase.

  • : aborts in an unsigncryption query because of rejecting a valid ciphertext.

Only if does not reject the game, the CDHP can be solved. As a result, the probability of not aborting is: .

We know that , , and . Therefore, .

In addition, the probability that randomly chooses a from and outputs it as a solution of CDHP is . In conclusion, we have .

Theorem 3. (PKI-CLC EUF-CMA): In the random oracle model, if an adversary has a nonnegligible advantage against the EUF-CMA security of the PCHS when performing queries to oracles , then there exists an algorithm through which the challenger can solve the DLP with an advantage . Here, , denotes private key queries of PKI system and denotes signcryption queries.

Proof: To solve a random DLP instance , uses as a subroutine. should ask for before the identity is used in any other queries.

Initialization: initializes and returns the system parameters to . Next, it picks a challenged identity randomly without leaking anything about to . needs to maintain the list of ~, and that are used to simulate the ~ hash oracles and the key extraction oracles respectively.

Training: performs a polynomially bounded number of queries in an adaptive manner. The queries in this phase are the same as the queries described in Theorem 1.

Forgery: After the training, outputs a forgery . During the training, cannot make a private key query on . If , aborts. If , invokes the and to search , , and . Then, obtains and . Finally, outputs as the solution of DLP. The proof is as follows:

Probability Analysis: For above discussions, there are three situations leading to the aborting of :

  • : asks the private key queries of the challenged identity .

  • : does not choose as the sender’s identity in the challenge phase.

  • : aborts in a signcryption query due to the collision on hash operation.

Only if does not reject the game, the DLP can be solved. As a result, the probability of not aborting is: .

Fig. 4: The structure diagram of the interprocess communication.

We know that , , and . Therefore, .

In addition, the probability that correctly guesses the hash value of is . In conclusion, we have .

The security proof of CPHS is similar to that of PCHS.

V Performance Analysis

In this section, we assume that the client is in 5G Mobile Internet slicing (PKI environment) and the server is in 5G Vehicle Internet slicing (CLC environment). To simulate the interprocess communication between the client and the server in different public cryptosystems. We set up two Raspberry Pis as the experimental platform. The structure diagram of the interprocess communication is shown in Fig. 4. and the simulation results are shown in Fig. 5.

The scheme Key Generation Signcryption Unsigncryption Communication cost Communication Direction
LZT-I[24] 4S+H P+3S+3H+E 3P+2H+E 2+ PKI IBC

LZT-II[24]
4S+H P+2S+2H+E 3P+S+3H+E 2+ IBC PKI

LHJ[25]
4S+2H P+3S+3H+E 5P+3H 2+ CLC IBC

ZZW[26]
P+5S+2H P+3S+2H+2E 2P+2S+3H+E 3++ IBC CLC

WLZ[27]
2P+7E 3S+H+4E 5P+2S+H+E 3+ IBC PKI

PCHS
4S+H 4S+2H 3S+2H ++ PKI CLC

CPHS
4S+H 3S+2H 4S+2H ++ CLC PKI
TABLE I: Performance comparison of each signature scheme
(a) The client
(b) The server
Fig. 5: The simulation result between the client and the server.
(a) Time comparison on key generation
(b) Time comparison on signcryption and unsigncryption
(c) Time comparison in total
Fig. 6: Comparison of time consumption among different schemes.

In the first step, the client generates the public key and sends it to the server. Also the server receives his/her public key to the client. In the second step, via the signcryption, the client generates the ciphertext and sends it to the server. Then, the server unsigncrypts and verifies the ciphertext. If it is verified, the server sends “Verification Success!” to the client. In the last step, if the client obtains the response from the server, it sends “The client has received the result.” to the server as a reply.

For the theoretical complexity analysis, we compare our schemes with several existing schemes [24], [25], [26] and [27] in Table I. Let and denote the length of the elements in group and respectively, denote the length of an element in field , denote the length of a message, denote the the length of a user’s identity. is the scalar multiplication in , means the exponentiation in , denotes the bilinear pairing, is the hash operation in .

From Table I, we can clearly find that all schemes except ours use bilinear pairings and exponentiation computations in the signcryption and unsigncryption stages. Furthermore, compared to the schemes in [24, 25, 26], the scheme [27] involves more bilinear pairings, which lead to more time consumption. As for the communication overhead, WLZ [27] is the highest among these schemes because one of its ciphertext elements is in group . Observing the last column in Table I, we find that the schemes in [25, 26, 27] are one-way communications, which have the limitations in practice. The schemes in [24-27] are only suit for the heterogeneous environments of PKI-to-IBC or IBC-to-CLC. Our schemes are designed specially for the mutual heterogeneous communication of PKI-to-CLC public cryptosystems innovatively.

For the quantitative analysis, we set up two different environments for simulation. The first experimental platform is in Ubuntu OS over an Inter Pentium 2.70 GHz dual core processor and 1024 MB memory. The second one is in Raspberry Pi 3B+. The cryptography library we used is PBC-0.5.14. We choose the type A curve in simulation because the math algorithm is more efficient on exponentiation in . We first assess the cryptographic operations, and each operation is run 10000 times to eliminate the influence of random disturbance. The detailed results are shown in Table II. Generally, the time overhead in Raspberry Pi is about ten times higher than that in Ubuntu. Furthermore, we also find that the time cost on the scalar multiplication is higher than that on the bilinear pairing in Ubuntu environment, while the result is opposite in Raspberry Pi platform, which would lead to the significant changes among schemes in the two simulation environments.

Environment Operation P S E H
Ubuntu OS 1.396 1.812 0.197 0.001
Raspberry Pi 15.104 10.006 1.955 0.002

TABLE II: Operating Time in different simulation environments(ms)

Before running the schemes, we first test the time consumption on their private/public key pair generation. As shown in Fig. 6(a), although the time cost on key generation of each scheme is very close, WLZ [27] achieves the lowest computation cost in this part because there is no scalar multiplication but only a few bilinear pairings. Fig. 6(b) shows the time consumption on the signcryption and unsigncryption among different schemes in two platforms. Fig. 6(c) indicates the total overhead of the key generation, the signcryption and the unsigncryption. As a whole, ZZW [26] has the highest computational overhead in Ubuntu environment, while WLZ [27] takes the highest cost in Raspberry Pi platform. Without any bilinear pairing, our scheme is more efficient on the computational overhead.

Vi Conclusion

In this paper, we propose two signcryption schemes without the bilinear pairing between PKI and CLC cryptosystems, which can achieve secure mutual heterogeneous communications of 5G network slicings. When the users in the 5G slicing based on PKI environment (such as a Mobile Internet slicing) try to communicate with the users in the 5G slicing based on CLC (such as a Vehicle Internet slicing), our schemes can provide the available and efficient solutions. Meanwhile, they have the IND-CCA2 under the CDHP and the EUF-CMA under the DLP in the random oracle model. We also simulate the interprocess communication between two different public cryptosystems on Raspberry Pi. Compared to the existing schemes, our schemes are innovative and more efficient for heterogeneous communications of 5G network slicings.

References

  • [1] A. Osseiran, F. Boccardi and V. Braun, “Scenarios for 5G mobile and wireless communications: the vision of the METIS project,” Communications Magazine IEEE, vol. 52, no. 5, pp. 26-35, 2014.
  • [2] Y. G. Ren and L. Zhang, “Prospect of the fifth generation mobile communication system,” Information & communications, vol. 8, pp. 255-256, 2014.
  • [3] T. Wen and P. Y. Zhu, “5G: A technology vision,” [Online]. Available: http://www.huawei.com/en/about-huawei/publications/winwin-magazine /hw-329304.htm, Huawei, 2013.
  • [4] H. Li and Y. L. Fu, “Analysis and Prospect on 5G Network Security,” Radio Communications Technology, vol. 41, no. 4, pp. 1-7, 2015.
  • [5] X. Yao, X. Han, X. Du, and X. Zhou, “A Lightweight Multicast Authentication Mechanism for Small Scale IoT Applications,” IEEE Sensors Journal, vol. 13, no. 10, pp. 3693-3701, Oct. 2013.
  • [6] M. Iwamura, “NGMN View On 5G Architecture,” in Proceedings of IEEE Vehicular Technology Conference(VTC Spring), Glasgow, UK, pp. 1-5, 2015.
  • [7] X. Du, and H. H. Chen, “Security in Wireless Sensor Networks,” IEEE Wireless Communications Magazine, vol. 15, no. 4, pp. 60-66, 2008.
  • [8] X. H. You, Z. W. Pan and X. Q. Gao, “The 5G mobile communication: the development trends and its emerging key techniques,” Science China, vol. 44, no. 5, pp. 551-563, 2014.
  • [9] Y. Xu, G. Y. Gao and L. Wang, “Initial Analysis of 5G Mobile Network Slicing Technology,” Designing Techniques of Posts and Telecommunications, vol. 7, pp. 19-22, 2016.
  • [10] H. Hu and X. Fei, “Architecture design and standardization progress of 5G network,” Telecommunications Science, vol. 4, pp. 126-132, 2016.
  • [11] A. Shamir, “Identity-based cryptosystem and signature scheme,” in Proceedings of Advances in Cryptology. CRYPTO 1984, Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, vol. 196, pp. 47-53, 1985.
  • [12] Y. Xiao, V. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway, “A Survey of Key Management Schemes in Wireless Sensor Networks,” Journal of Computer Communications vol. 30, no. 11-12, pp. 2314-2341, 2007.
  • [13] X. Du, Y. Xiao, M. Guizani, and H. H. Chen, “An Effective Key Management Scheme for Heterogeneous Sensor Networks,” Ad Hoc Networks, Elsevier, vol. 5, no. 1, pp 24-34, 2007.
  • [14] S. S. Al-riyami and K. G. Paterson, “Certificateless public key cryptography,” in Proceedings of Advances in Cryptology - ASIACRYPT 2003, Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, vol. 2894, pp. 452-473, 2003.
  • [15] Y. L. Zhang, “Digital signcryption or how to achieve cost (signature and encryption) cost (signature) and cost(encryption),” in Proceedings of the Cryptology-Crypto 1997, California, USA, pp. 165-179, 1997.
  • [16] J. Baek, R. Steinfeld and Y. L. Zhang, “Formal proofs for the security of signcryption,” in Proceedings of the Cryptology PKC 2002, Paris, France, pp. 81-98, 2002.
  • [17] C. K. Li, G. Yang and D. S. Wong, “An efficient signcryption scheme with key privacy,” in Proceedings of the 4th European Public Key Infrastructure : Theory and Practice, EuroPKI 2007, Palma de Mallorca, Spain, pp. 78-93, 2007.
  • [18] A. Yin and H. Liang, “Certificateless hybrid signcryption scheme for secure sommunication of wireless sensor networks,” Wireless Personal Communications, vol. 80, no. 3, pp. 1049-1062, 2015.
  • [19] X. Du, M. Guizani, Y. Xiao, and H. H. Chen, “Secure and Efficient Time Synchronization in Heterogeneous Sensor Networks,” IEEE Transactions on Vehicular Technology, vol. 57, no. 4, pp. 2387-2394, July. 2008.
  • [20] X. Du, Y. Xiao, H. H. Chen, and Q. Wu, “Secure Cell Relay Routing Protocol for Sensor Networks,” Wireless Communications and Mobile Computing, Wiley, vol. 6, no 3, pp. 375-391, May. 2006.
  • [21] X. Du, M. Guizani, Y. Xiao and H. H. Chen, “A Routing-Driven Elliptic Curve Cryptography based Key Management Scheme for Heterogeneous Sensor Networks,” IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1223-1229, 2009.
  • [22] Y. X. Sun and H. Li, “Efficient signcryption between TPKC and IDPKC and its multi-receiver construction,” Science China, vol. 53, no. 3, pp. 557-566, 2010.
  • [23] Q. Huang, D. S. Wong, and G. Yang, “Heterogeneous signcryption with key privacy,” Computer Journal, vol. 54, no. 4, pp.525-536, 2011.
  • [24] F. G. Li, H. Zhang and T. Takagi, “Efficient signcryption for heterogeneous systems,” IEEE Systems Journal, vol. 7, no. 3, pp. 420-429, 2013.
  • [25] F. G. Li, Y. Y. Han and C. H. Jin, “Practical access control for sensor networks in the context of the Internet of Things,” Computer Communications, pp. 154-164, 2016.
  • [26] Y. L. Zhang, L. G. Zhang and C. F. Wang, “Provable Secure IDPKC-to-CLPKC Heterogeneous Signcryption Scheme,” Journal of Electronics and Information Technology, vol. 39, no. 9, pp. 2127-2133, 2017.
  • [27] C. F. Wang, Y. H. Li and Y. L. Zhang, “Efficient Heterogeneous Signcryption Scheme in the Standard Model,” Journal of Electronics and Information Technology, vol. 39, no. 4, pp. 881-886, 2017.
  • [28] A. A. Omala, N. Robert and F. G. Li, “A Provably-Secure Transmission Scheme for Wireless Body Area Networks,” Journal of Medical Systems, vol. 40, no. 11, pp. 247-261, 2016.