TY - JOUR
T1 - Self-C2AD
T2 - Enhancing CA Auditing in IoT with Self-Enforcement Based on an SM2 Signature Algorithm
AU - Li, Jianfeng
AU - Liu, Yu
AU - Li, Siqi
AU - Zhang, Guangwei
AU - Gao, Xiang
AU - Gong, Peng
N1 - Publisher Copyright:
© 2023 by the authors.
PY - 2023/9
Y1 - 2023/9
N2 - Malicious certificate authorities (CAs) pose a significant threat to the security of the Internet of Things (IoT). Existing CA auditing schemes primarily rely on passive detection and public data collection, lacking real-time and comprehensive monitoring. In this paper, we propose a novel double-authentication preventing signature scheme based on an SM2 algorithm, referred to as Dap-SM2. We further enhance its functionality by introducing Self-C2AD, a CA auditing mechanism with self-enforcement. In our proposed mechanism, any malicious CA that generates two certificates with different descriptions (such as public key and basic information) for the same IoT device will immediately lose its private key. To ensure the security of our proposed scheme, we provide a detailed security analysis of Dap-SM2. The analysis demonstrates that our Self-C2AD mechanism meets the necessary security requirements, offering robust protection against malicious CAs. Additionally, we conduct an efficiency evaluation and present experimental data to illustrate the promising potential of our construction for future IoT applications. By introducing the Dap-SM2 scheme and the Self-C2AD mechanism, we address the critical issue of malicious CAs in the IoT domain. Our approach provides real-time and comprehensive auditing capabilities, surpassing the limitations of existing schemes. The security analysis confirms the effectiveness of Dap-SM2, while the efficiency evaluation and experimental data demonstrate its suitability for practical IoT applications. In summary, our work presents a novel solution to combat the threat of malicious CAs in the IoT context. The Dap-SM2 scheme, coupled with the Self-C2AD mechanism, offers enhanced security and real-time auditing capabilities. The security analysis validates the robustness of our approach, while the efficiency evaluation and experimental data showcase its potential for future IoT deployments.
AB - Malicious certificate authorities (CAs) pose a significant threat to the security of the Internet of Things (IoT). Existing CA auditing schemes primarily rely on passive detection and public data collection, lacking real-time and comprehensive monitoring. In this paper, we propose a novel double-authentication preventing signature scheme based on an SM2 algorithm, referred to as Dap-SM2. We further enhance its functionality by introducing Self-C2AD, a CA auditing mechanism with self-enforcement. In our proposed mechanism, any malicious CA that generates two certificates with different descriptions (such as public key and basic information) for the same IoT device will immediately lose its private key. To ensure the security of our proposed scheme, we provide a detailed security analysis of Dap-SM2. The analysis demonstrates that our Self-C2AD mechanism meets the necessary security requirements, offering robust protection against malicious CAs. Additionally, we conduct an efficiency evaluation and present experimental data to illustrate the promising potential of our construction for future IoT applications. By introducing the Dap-SM2 scheme and the Self-C2AD mechanism, we address the critical issue of malicious CAs in the IoT domain. Our approach provides real-time and comprehensive auditing capabilities, surpassing the limitations of existing schemes. The security analysis confirms the effectiveness of Dap-SM2, while the efficiency evaluation and experimental data demonstrate its suitability for practical IoT applications. In summary, our work presents a novel solution to combat the threat of malicious CAs in the IoT context. The Dap-SM2 scheme, coupled with the Self-C2AD mechanism, offers enhanced security and real-time auditing capabilities. The security analysis validates the robustness of our approach, while the efficiency evaluation and experimental data showcase its potential for future IoT deployments.
KW - CA auditing
KW - Chinese SM2 algorithm
KW - Internet of Things
KW - double-authentication preventing signature
KW - self-enforcement
UR - http://www.scopus.com/inward/record.url?scp=85176420509&partnerID=8YFLogxK
U2 - 10.3390/math11183887
DO - 10.3390/math11183887
M3 - Article
AN - SCOPUS:85176420509
SN - 2227-7390
VL - 11
JO - Mathematics
JF - Mathematics
IS - 18
M1 - 3887
ER -