Abstract
The concept of smart gas distribution grid implies to enhancing current gas distribution grids by establishing continuous on request and bidirectional data interchange between metering devices, gas flow instrument’s, utilities, and end clients. Smart gas distribution grid (SGDG) integrates IoT in gas distribution system and enhances the management in hazard minimization for gas infrastructure. As a result, the security and privacy of this type of vital infrastructure are frequently overlooked during the design process. Interaction over wireless channel and the lack of computing power on the SGDG make it impossible to use for secure operations. As a solution, we have developed a hyper elliptic curve based proxy signcryption scheme. Data transmission between smart gas metres and a cloud server is supported by a fog layer that provides excellent response times, reliability, and enhanced privacy. Hyper Elliptic Curve Cryptography (HECC) is the foundation of the proposed scheme, which enhances network computation efficiency. Formal security analysis is used to assess the toughness of security measures. Under OFMC and CL-Atse backend, the simulation study using AVISPA tool shows that the proposed scheme is safe. The computation and communication costs of the proposed scheme have also been compared to those of the relevant existing schemes in the performance analysis. The security and performance evaluations show that the proposed scheme is superior.
We’re sorry, something doesn't seem to be working properly.
Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
Due to continuous increase in prices of liquid petroleum gas (LPG) and crudeoil (fossil fuel), natural gas is the best option as fuel with better parameters and has increase in demand for domestic and automobile industry [1, 2]. The processing and distribution of natural gas up to the end users encounters several challenges like leakages in pipe, bursting due to over pressure, contaminations due changing weather conditions and maintaining pressure and flow through pipes.
To deal with these difficulties, access to information related to gas and its grid is very important to develop advanced strategies for gas distribution management. Combining information and Communication technologies (ICT) into the present gas transportation system is one feasible salutation to gather the gas associated data. This upgraded infrastructure that configures ICT into the gas distribution approach [3] is termed as Smart Gas Distribution Grid (SGDG) Fig. 1 describes the overview of Smart Gas Distribution Grid.
By establishing bidirectional data exchange between metering devices, the smart gas distribution grid concept aims to improve existing gas distribution grids. Utilities, gas flow instruments, and end users are all involved. IoT-enabled gas distribution grids provide the same benefits as water and electrical grids while also improving gas infrastructure management in terms of hazard minimization.
Deploying smart metering [4, 5] is believed to be of vital importance towards the fulfilment of smart towns as they support numerous benefits to gas utilities and end clients. In comparison with conventional hand operated metering devices smart gas meters provides precise data acquisition during low pressures, moisture contents in gas which can indicates the problems in system and are more resistive to corrosions from grains in the system. The data gathered from subsequent infrastructure supports the analysis of gas demands that supports better understanding of gas utilization, this encourages the designing of urban gas distribution network [6].
The accessibility of instantaneous data at elevated temporal frequency supports the gas services detecting leakages and fixtures malfunctioning, timely scheduled repair or upgrade of the infrastructure and eventually supports them to take on desired goals for natural gas utilization. Such expertise derived from acquired data also helps in connection with gas utilization demand models to recognize the parameters adding to peak demand. Furthermore, innovative optimization methods can be applied to enhance the gas saving through the urban gas life cycle means improving in operational effectiveness for the proprietor of gas delivery network. Looking ahead the use of data recent improvements in smart network actuators help to develop self-sufficient smart grids, where metering and actuators coordinate to manage the delivery network more effectively than any manual service.
From IOT point of view, one major challenge is the vast amount of data created by smart gas meters and the way it communicates effectively through all elements of system [7]. The multi-modal frameworks of town-based utilization and requirement of data access between various groups introduces additional technical difficulties on transferring enormous database acquired across various infrastructures.
The latest advancements of the upcoming 5th generation communication networks (5G) are likely to enhance the implementation of fog computing with lots of benefits with respect to response time, delays in transmission, cost of energy management in time dependent applications.
Hierarchical arrangement of cloud-fog computing supports various forms of computing services that enhances the resource managing in smart grids [8, 9]. The real-world testimonial in deployments reflects the gains of middleware technologies. Furthermore, fog computing permits application designers to support analytics and instantaneous data that is actionable intuitions direct from IoT end terminal devices with least data exchange (on sites) and low latency, using client-based resources. Assume that the simplest gas usage meter counter as actual, direct feedback system can sufficiently impact client behaviour with regard to gas usage, resulting more modified and sustainable behaviour.
It’s obvious that the personal usage of gas consumption data has crucial significance in smart metering applications. In present smart grid applications where meter communicates all measured data to cloud-based services, giving secondary importance to privacy requirement of data.
Due to this, naturally the personal data can be retrieved from well known measurements. Clients’ lifestyle can be retrieved easily from detailed information acquired of gas utilization, revels information about home stay timings, meal and working schedules or even religious practices. Only solution to this is to provide strict data security [9] system for smart grids that go along with the fog computing protocols to secure the privacy of data collected.
Analysis indicates that slow end devices contributing to fog computing architecture can implement advanced cryptographic mechanism in an energy effective way. Adopting such mechanisms will support in securing the clients data privacy along with minimizing the communication and storage overheads [10]. The hierarchical structure of the fog computing architecture in addition with supportive Hyper elliptic curve identity based proxy signcryption scheme for Smart Gas Distribution Grid in fog computing environment (HYEC-IBPSC-SGDG-FC) scheme safeguards client’s privacy from third partners. Then again differential privacy methods [11] can be utilized to implement effective secrecy preserving techniques for load management.
Modern consumption patterns have been built recently considering fog computing components of the architecture to merge noise to the data acquired at particular points, so supporting a best trade off between usefulness of the data and secrecy assessed with other popular techniques.
The significant contributions of this paper are as follows:
-
A new secure Hyper elliptic curve identity based proxy signcryption scheme for Smart Gas Distribution Grid in fog computing environment (HYEC-IBPSC-SGDG-FC) scheme is proposed for smart gas grid network.
-
Security analysis of proposed HYEC-IBPSC-SGDG-FC proves that the proposed scheme withstands HYEC-DLP and HYEC-DHP.
-
The performance analysis of the proposed HYEC-IBPSC-SGDG-FC scheme is done by using the well-known AVISPA tool shows that the proposed scheme has resilience against replay and man-in-the-middle attacks.
-
Finally the comparison with existing scheme shows that, HYEC-IBPSC-SGDG-FC is more efficient in terms of computation and communication costs.
The rest of the paper is organized as follows. Section 2 contains a discussion of the existing schemes that are related to this topic. In Sect. 3, the proposed scheme's characteristics and security assumptions are discussed. All phases of the proposed scheme are described in detail, and the proposed HYEC-IBPSC-SGDG-FC scheme is also discussed in detail. The meticulous security analysis and correctness of the proposed scheme is discussed in Sect. 4. Section 5 deals with the formal verification of HYEC-IBPSC-SGDG-FC using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also discusses the assessment of performance. Finally, in Sect. 6, we wrap up our investigation.
2 Related work
In 1996, the authors of Ref. [12] proposed the conception of a proxy signature for the first time. The Original signer delegates the signing authority to proxy signer, and proxy signer issued a valid signature on behalf of original signer in accordance with that delegated authority The signcryption algorithm and the proxy signature concept come together to form proxy signcryption. Using an ID-based proxy encryption scheme was proposed by the authors of Ref. [13] in 2004. We found that this scheme did not meet the necessities of unforgeability and forward security. An improved IDPS system without a secure channel was developed by authors of Ref. [14] a year later, in 2005. An identity-based proxy signature was created by authors of Ref. [14] using bilinear pairing in the same year. In the proposed scheme, bilinear pairing was also used, which is a computationally demanding process. There is an ID-PSC (ID-PSC) scheme proposed by the authors of Ref. [15]. This is a public-verifiable, forward secure and computationally efficient scheme. By employing the universally composable (UC) paradigm, the authors of Ref. [16] developed an identity-based proxy sign encryption scheme (IBPSP). The authors of this scheme have provided a proof of semantic security of proposed scheme. To further protect the cloud delegation process, an identity-based signcryption mechanism is described in Ref. [17]. Encrypted messages are generated by the proxy agent and sent to the CSP, where they can be decrypted and checked. Due to the use of bilinear pairing in Ref. [18], the proposed solution was not suitable for drones [19]. Proposes a novel ECC-based IBPS approach to reduce the computational burden of the bilinear pairing approach. This was followed by the authors of Ref. [20] who proposed the use of IBPS scheme for drones, which they claimed to be simpler and more consistent than preceding approaches. a light weight and secure proxy blind signcryption for multi-digital messages based on a hyperelliptic curve (HEC) is proposed by authors of Ref. [21]. Our research essentially adds to that of scheme proposed in Ref. [20]. The use of HECC, which only needs a key size of 80 bits, is a big advantage of our scheme. ECC and bilinear pairing require a lot more keys [22].
3 Proposed HYEC-IBPSC-SGDG-FC scheme
The system model for the proposed HYEC-IBPSC-SGDG-FC is described in Fig. 2.
3.1 Preliminaries
The foundation and fundamental principles of hyper elliptic curve [23, 24], assumption of complexity, nomenclature, and the mathematical formulation of the proposed HYEC-IBPSC-SGDG-FC will be discussed in this segment. Table 1 lists the notations that were utilized in this work.
Definition 1
The hyperelliptic curve discrete logarithm problem (HYEC-DLP)
Given a ℌƴℇ of genus G, the element \(\mathcal{D}\) of order ℕ of Jacobian, the other element \(\mathcal{D}\)1 from the subgroup of \(\mathcal{D}\). The HYEC-DLP is to extract the value of ℕ.
Definition 2
The hyperelliptic curve Diffie-Hellman problem (HYEC-DHP)
Given a ℌƴℇ of genus G, the element \(\mathcal{D}\) of order ℕ of Jacobian, the other elements \({\mathbb{N}}*\mathcal{D}\)1 and P*\(\mathcal{D}\)2 from the subgroup of \(\mathcal{D}\). The HYEC-DHP is to extract the value of ℕ and P.
3.2 Formal model
The HYEC-IBPSC-SGDG-FC Scheme is divided into seven phases as follows. The sequence diagram in Fig. 3 describes the flow and phases of HYEC-IBPSC-SGDG-FC Scheme.
-
1.
Phase 1: System Initialization—This algorithm is accountable for generating public parameters which are openly accessible to all the participating entities and master secret which is a secret of the trusted third party.
-
2.
Phase 2: Key Extraction—Every individual user sends his/her unique identity IDi to the trusted third party. The secret key for the user o with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) is \({S}_{{\mathcal{D}}_{\mathrm{o}}}\) and public key is \({P}_{{\mathcal{D}}_{\mathrm{o}}}\).
-
3.
Phase 3: Warrant generation and Delegation -The original signer shall make a warrant w which contains the information about the type of delegation and time of delegation; it also defines the type of documents to be signcrypted by proxy signcryptor. This algorithm is accountable for generating the signing warrant Sw and delegating it to proxy signer.
-
4.
Phase 4: Warrant Verification-This phase is accountable for the verification of signing warrant received from original signer. If the warrant is verified correctly then the proxy signer executes the next algorithm.
-
5.
Phase 5: Proxy Signcryption-This phase takes the message to be sent M, proxy signers identity IDp, proxy Signers private key \({S}_{\mathrm{Ps}}\) identity of receiver \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}} }\) and public parameters as input and generates the signcrypted message and send to the receiver via a secure channel.
-
6.
Phase 6: Unsigncryption—This algorithm takes received signcrypted message, receivers private key \({S}_{{\mathcal{D}}_{\mathrm{R}}}\) and the identity of both sender and receiver \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\), \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\) and generates the original message M if the signcrypted message has not tampered else it returns \(\perp .\).
3.3 Proposed scheme
3.3.1 Phase 1: system initialization
Input:-ℌƴℇ Security parameters λ
Output:-public system parameters
-
1.
Select \(\vartheta {\in }_{R}{\mathbb{Z}}_{n}\), where \(\vartheta\) is a master secret
-
2.
Compute Master Public key \({M}_{Pub}\) =\(\vartheta *\mathcal{D}\), where \(\mathcal{D}\) is devisor of ℌƴℇ
-
3.
Select irreversible cryptographic hash functions ℋ1, ℋ2, ℋ3, ℋ4
-
4.
The PKG publish the public system parameters as = {\({M}_{Pub}\), \(\mathcal{D},\) ℌƴℇ, ℋ1, ℋ2, ℋ3, ℋ4, n\(\ge {2}^{80}\)}
3.3.2 Phase 2: key extraction
Input:-Identity of Participating entities IDi
Output:-Public and secret keys for IDi
-
1.
For the data owner o with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) PKG Selects \({\varphi }_{{\mathcal{D}}_{o}}{\in }_{R}{\mathbb{Z}}_{n}\)
-
2.
The Public key of data owner o is \({P}_{{\mathcal{D}}_{\mathrm{o}}}\)=\({\varphi }_{{\mathcal{D}}_{o}}*\mathcal{D}\)
-
3.
Compute \({\sigma }_{{\mathcal{D}}_{\mathrm{o}}}\)= ℋ1 \(\left({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathcal{D}}_{\mathrm{o}}}\right)\)
-
4.
The Secret key of data owner o with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) is \({S}_{{\mathcal{D}}_{\mathrm{o}}}\) = \({\varphi }_{{\mathcal{D}}_{o}}+{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta\)
-
5.
The Secret key of proxy signer PS with identity \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) is \({S}_{\mathrm{Ps}}\) = \({\varphi }_{\mathrm{Ps}}+{\sigma }_{\mathrm{Ps}}* \vartheta\)
-
6.
The Secret key of data requester R with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\) is \({S}_{{\mathcal{D}}_{\mathrm{R}}}\) = \({\varphi }_{{\mathcal{D}}_{\mathrm{R}} }+{\sigma }_{{\mathcal{D}}_{\mathrm{R}} }* \vartheta\)
3.3.3 Phase 3: warrant generation and delegation
Input:-public system parameters, \({S}_{{\mathcal{D}}_{\mathrm{o}}}\),w
Output:-Signcrypting warrant Sw
The original signer shall make a warrant w which contains the information about the type of delegation and time of delegation; it also defines the type of documents to be signcrypted by proxy signcryptor.
By using warrant w the original signer generates signcrypting warrant Sw by using original signer’s private key \({S}_{{\mathcal{D}}_{\mathrm{o}}}\)
-
1.
Select \(\alpha {\in }_{R}{\mathbb{Z}}_{n}\)
-
2.
Compute ѵ = \(\alpha\) ∗ \(\mathcal{D}\)
-
3.
\(\mathrm{Compute }\partial =\)ℋ2 (\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},\) w, ѵ)
-
4.
Compute Sw = \(\alpha\) + \(\partial\) ∗ \({S}_{{\mathcal{D}}_{\mathrm{o}}}\)
-
5.
The original signer sends W = (Sw, ѵ, w) to proxy signcryptor
3.3.4 Phase 4: warrant verification
Input:-W = (Sw, ѵ, w).
Output:-Accept or reject the signing warrant.
-
1.
Compute \({\delta }^{`}=\) ℋ2 (\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},\) w, ѵ)
-
2.
The proxy signer verifies the received delegation by computing
-
$${\text{S}}_{{\text{w}}} *{\mathcal{D}\ominus } = \nu + \partial *\left( {\sigma_{{{\mathcal{D}}_{{\text{o}}} }} *M_{Pub} + P_{{{\mathcal{D}}_{{\text{o}}} }} } \right)$$(1)
-
Verification of Eq (1)
-
Consider LHS, Substitute Sw = \(\alpha\) + \(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)
-
Sw * \(\mathcal{D}\) = \(\mathcal{D}*\left(\alpha +\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\right)\)
-
Sw * \(\mathcal{D}\) = \(\mathcal{D}*\alpha +\mathcal{D}*\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)
-
Substitute ѵ =\(\alpha *\mathcal{D}\) and \({S}_{{\mathcal{D}}_{\mathrm{o}}}\) = \({\varphi }_{{\mathcal{D}}_{o}}+{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta\)
-
Sw * \(\mathcal{D}\) = ѵ\(+\mathcal{D}*\partial *({\varphi }_{{\mathcal{D}}_{o}}+{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta )\)
-
Sw * \(\mathcal{D}\) = ѵ\(+\partial *({\mathcal{D}*\varphi }_{{\mathcal{D}}_{o}}+{\mathcal{D}*\sigma }_{{\mathcal{D}}_{\mathrm{o}}}* \vartheta )\)
-
Substitute \({M}_{Pub}\) =\(\vartheta *\mathcal{D}\) and \({P}_{{\mathcal{D}}_{\mathrm{o}}}\)=\({\varphi }_{{\mathcal{D}}_{o}}*\mathcal{D}\)
-
Sw * \(\mathcal{D}\) = ѵ\(+ \partial * ({\sigma }_{{\mathcal{D}}_{\mathrm{o}}}*{M}_{Pub}+{P}_{{\mathcal{D}}_{\mathrm{o}}})\)
-
Hence proved Eq. 1
-
3.3.5 Phase 5: proxy signcryption
If warrant is verified in previous step, the proxy signcryptor then signcrypts the message.
Input:-Public system parameters, m,\(\mathrm{W}, {\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\),\({P}_{{\mathcal{D}}_{\mathrm{R}}}\)
Output:-Signcrypted message \(\Psi\)
-
1.
Select \(\rho {\in }_{R}{\mathbb{Z}}_{{p}^{*}}\)
-
2.
\({\Psi }_{1}=\rho * \mathcal{D}\)
-
3.
\(Compute \mathcal{Q}= \rho *({\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\) *\({M}_{Pub}\) +\({P}_{{\mathcal{D}}_{\mathrm{R}}}\))
-
4.
\(Compute\) ƙ = ℋ3 (\({\Psi }_{1}, \mathcal{Q}\), \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))
-
5.
\({\Psi }_{2}\)= m ⊕ ƙ
-
6.
\(Compute \mu\) = ℋ4 (\({\mathrm{m},\mathrm{W}, \mathcal{Q},\Psi }_{1},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))
-
7.
\({\Psi }_{3}\) = \(\rho + \mu * {S}_{\mathrm{Ps}}\)
-
8.
\(\Psi =\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\)
The proxy signcryptor uploads the signcrypted ciphertext \(\Psi\) on cloud.
3.3.6 Phase 6: unsigncryption
Input:-Public system parameters, \({S}_{{\mathcal{D}}_{\mathrm{R}}}\), \(\Psi\)
Output:-Original message m or \(\perp\)
The receiver with identity \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\) will download the signcrypted ciphertext \(\Psi\) from cloud and perform the following operations to compute the original message m.
-
1.
Compute ѵ = \({S}_{{\mathcal{D}}_{\mathrm{R}} }*{\Psi }_{1}\)
-
2.
Compute ƙ = ℋ3 (ѵ, \({\Psi }_{1}\), \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))
-
3.
Compute m = \({\Psi }_{2}\)⊕ƙ
-
4.
Compute \(\mu\) = ℋ4 (m, W, ѵ, \({\Psi }_{1},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}},}{P}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathrm{P}}_{\mathrm{s}}},{P}_{{\mathcal{D}}_{\mathrm{R}}}\))
-
5.
Verify whether
Verification of Eq. (2)
Consider LHS, substitute \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\)
\({\Psi }_{3}* \mathcal{D}\) = (\(\rho + \mu * {S}_{\mathrm{Ps}}) * \mathcal{D}\)
\({\Psi }_{3}* \mathcal{D}\) = (\(\rho * \mathcal{D}+ \mu * {S}_{\mathrm{Ps}}* \mathcal{D})\)
Substitute \({\Psi }_{1}=\rho * \mathcal{D}\) and \({S}_{\mathrm{Ps}}\) = \({\varphi }_{\mathrm{Ps}}+{\sigma }_{\mathrm{Ps}}* \vartheta\)
\({\Psi }_{3}* \mathcal{D}\)= \(\left({\Psi }_{1}+ \mu * \left({\varphi }_{\mathrm{Ps}}+{\sigma }_{\mathrm{Ps}}* \vartheta \right)* \mathcal{D}\right)\)
\({\Psi }_{3}* \mathcal{D}\)= \(\left({\Psi }_{1}+ \mu * \left({\varphi }_{\mathrm{Ps}}* \mathcal{D}+{\sigma }_{\mathrm{Ps}}* \vartheta * \mathcal{D}\right)\right)\)
\({\mathrm{Substitute }P}_{{\mathrm{P}}_{\mathrm{s}}}\)=\({\varphi }_{{P}_{s}}*\mathcal{D}\) and \({M}_{Pub}\) =\(\vartheta *\mathcal{D}\)
Hence proved.
4 Security model
The proposed HYEC-IBPSC-SGDG-FC scheme should assure confidentiality and unforgeability of original message. Let us consider that there exist an adversary \({\mathcal{A}}_{d}\) for the proposed scheme and \({\mathbb{C}}_{{\text{h}}}\) is a challenger.
Game-1
The following game is played between adversary \({\mathcal{A}}_{d}\) and challenger \({\mathbb{C}}_{{\text{h}}}\) to solve the problem of HYEC-DHP.
Initialization
The challenger \({\mathbb{C}}_{{\text{h}}}\) runs the setup phase to generate the public parameters and a master secret \(\vartheta\).Then \({\mathbb{C}}_{{\text{h}}}\) forward the public parameters to adversary \({\mathcal{A}}_{d}\) and keeps \(\vartheta\) with itself.
Phase 1: Adversary \({\mathcal{A}}_{d}\) executes the following queries which are interdependent.
-
1.
Hash Function query:- Adversary \({\mathcal{A}}_{d}\) can request for any hash function value.
-
2.
Key Extraction query:-Adversary \({\mathcal{A}}_{d}\) selects the unique identity as ID and requests for public and secret key. The challenger \({\mathbb{C}}_{{\text{h}}}\) runs key extraction algorithm and returns the public and secret key to Adversary \({\mathcal{A}}_{d}\).
-
3.
Warrant generation and Delegation query:-The adversary \({\mathcal{A}}_{d}\) sends the request for signing warrant. The challenger \({\mathbb{C}}_{{\text{h}}}\) returns the warrant w and signing warrant Sw
-
4.
Warrant Verification query:-The adversary \({\mathcal{A}}_{d}\) verifies the signing warrant received from challenger \({\mathbb{C}}_{{\text{h}}}\)
-
5.
Proxy Signcryption query:-The adversary \({\mathcal{A}}_{d}\) selects message m and the identities \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) , \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\). The challenger \({\mathbb{C}}_{{\text{h}}}\) executes Proxy Signcryption and sends the signcrypted ciphertext \(\Psi\) to\({\mathcal{A}}_{d}\).
-
7.
Unsigncryption query:-The adversary \({\mathcal{A}}_{d}\) selects the signcrypted ciphertext \(\Psi\) and the identities \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) , \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\). The challenger \({\mathbb{C}}_{{\text{h}}}\) then executes Unsigncryption algorithm and sends result to\({\mathcal{A}}_{d}\).
Challenge: The adversary \({\mathcal{A}}_{d}\) wishes to be challenged on the two messages M0, M1 and identities \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\). The challenger \({\mathbb{C}}_{{\text{h}}}\) produces the random bit Ь \({\in }_{\mathrm{R}}\) {0,1} for which the \(\Psi =\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\) and sends to\({\mathcal{A}}_{d}\). The adversary \({\mathcal{A}}_{d}\) executes the queries like ℋ queries, Key Extraction query, Warrant generation and Delegation query Proxy Signcryption query and Unsigncryption query.
Guess:-The adversary \({\mathcal{A}}_{d}\) produces he random bit Ь’\({\in }_{\mathrm{R}}\) {0,1}. If Ь = Ь’ the adversary \({\mathcal{A}}_{d}\) wins the game. We have following advantage of \({\mathcal{A}}_{d}\)
Game-2
The following game is played between adversary \({\mathcal{A}}_{d}\) and challenger \({\mathbb{C}}_{{\text{h}}}\) to solve the problem of HYEC-DLP.
Setup
The challenger \({\mathbb{C}}_{{\text{h}}}\) executes the setup algorithm in order to obtain the public parameters and a master secret \(\vartheta\). Then \({\mathbb{C}}_{{\text{h}}}\) sends adversary \({\mathcal{A}}_{d}\) the public parameters .
Queries
Then \({\mathcal{A}}_{d}\) performs polynomial limited number of queries like in HYEC-DHP.
Forgery
Finally, adversary \({\mathcal{A}}_{d}\) generates (\(\Psi\),\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\),\({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\)), In phase 2 the private key for \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\) was not asked and the adversary \({\mathcal{A}}_{d}\) wins the game if the output of Unsigncryption (\(\Psi , {S}_{{\mathcal{D}}_{\mathrm{o}}}\),\({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\)) is not\(\perp\).
4.1 Security analysis
In this section the proof of above two games is described. The subsequent Games describes that when the game is played between adversary \({\mathcal{A}}_{d}\) and challenger \({\mathbb{C}}_{{\text{h}}}\) how it provides confidentiality and unforgeability.
Game-1
If the adversary \({\mathcal{A}}_{d}\) possesses the ability to create two genuine jumbled texts in this game and having acceptable advantage \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) and execute maximum \({\mathcal{Q}}_{\mathcal{H}\mathrm{i}}\) queries, \({\mathcal{Q}}_{ke}\) key extraction queries includes (\({\mathcal{Q}}_{pk}\), \({\mathcal{Q}}_{sk}\)) Public key and secret key queries respectively. Warrant generation and Delegation query \({\mathcal{Q}}_{gd}\) and proxy signcryption queries \({\mathcal{Q}}_{psc}\). Then challenger \({\mathbb{C}}_{{\text{h}}}\) can solve HYEC-DHP with the advantage of
\({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)⪰ \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\)
Proof
If the challenger \({\mathbb{C}}_{{\text{h}}}\) selects the two random numbers 1, 2 then the \({\mathbb{C}}_{{\text{h}}}\) has to solve the 1*\(\mathcal{D}\) = 2*\(\mathcal{D}\) = 1* 2*\(\mathcal{D}\) for adversary \({\mathcal{A}}_{d}.\)\(\square\)
Setup: the challenger \({\mathbb{C}}_{{\text{h}}}\) sets = {\({M}_{Pub}\), \(\mathcal{D},\) ℌƴℇ, ℋ1, ℋ2, ℋ3, ℋ4, n\(\ge {2}^{80}\)} as a public system parameters and sends to adversary \({\mathcal{A}}_{d}.\)
Queries: The adversary \({\mathcal{A}}_{d}\) asks for the subsequent queries.
ℋ1 queries: The adversary \({\mathcal{A}}_{d}\) asks for the \(\left({\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},{\sigma }_{\mathrm{i}}\right)\), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with \({\sigma }_{\mathrm{i}}\) if it exists in the list (ℒℋ1), or else reply with a randomly selected value and add \(\left({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}},{P}_{{\mathcal{D}}_{\mathrm{o}}},{\sigma }_{{\mathcal{D}}_{\mathrm{o}}}\right)\) to ℒℋ1.
ℋ2 queries: The adversary \({\mathcal{A}}_{d}\) asks for the (\({\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mathrm{w}\), ѵ, \(\partial\)), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with \(\partial\) if it exists in the list (ℒℋ2), or else reply with a randomly selected value and add (\({\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mathrm{w}\), ѵ, \(\partial\)) to ℒℋ2.
ℋ3 queries: The adversary \({\mathcal{A}}_{d}\) asks for the (\({\Psi }_{1}, \mathcal{Q}, {\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\) ƙ), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with ƙ if it exists in the list (ℒℋ3), or else reply with a randomly selected value and add (\({\Psi }_{1}, \mathcal{Q}, {\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\) ƙ) to ℒℋ3.
ℋ4 queries: The adversary \({\mathcal{A}}_{d}\) asks for the (\({\mathrm{m},\mathrm{W}, \mathcal{Q},\Psi }_{1},{\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mu\)), the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with \(\mu\) if it exists in the list (ℒℋ4), or else reply with a randomly selected value and add (\({\mathrm{m},\mathrm{W}, \mathcal{Q},\Psi }_{1},{\mathrm{ID}}_{\mathrm{i}},{P}_{\mathrm{i}},\mu\)) to ℒℋ4.
Key extraction queries: key extraction queries includes (\({\mathcal{Q}}_{pk}\),\({\mathcal{Q}}_{sk}\)) Public key and secret key queries respectively. When adversary \({\mathcal{A}}_{d}\) asks for \({\mathcal{Q}}_{pk}\) if \({\mathrm{ID}}_{\mathrm{i}}\) =\({\mathrm{ID}}_{\mathrm{j}}\), the challenger \({\mathbb{C}}_{{\text{h}}}\) sets \({P}_{\mathrm{i}}\)=\({\mathcal{n}}_{1}*\mathcal{D}\), or else it will execute \({P}_{\mathrm{i}}\)=\({\varphi }_{i}*\mathcal{D}\), where\({\varphi }_{i}\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\). Then update\({\mathcal{L}}_{pk}\). When adversary \({\mathcal{A}}_{d}\) asks for \({\mathcal{Q}}_{sk}\), if \({\mathrm{ID}}_{\mathrm{i}}\) =\({\mathrm{ID}}_{*},\) the challenger \({\mathbb{C}}_{{\text{h}}}\) terminates the execution, or else sets \({S}_{\mathrm{i}=}\) \({\varphi }_{i}+{\sigma }_{\mathrm{i}}* \vartheta\) and reply the adversary\({\mathcal{A}}_{d}\). Then update\({\mathcal{L}}_{sk}\).
Warrant generation and delegation query: The adversary \({\mathcal{A}}_{d}\) asks for the \({\mathcal{Q}}_{gd}\), if \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\)=\({\mathrm{ID}}_{*}\), the the challenger \({\mathbb{C}}_{{\text{h}}}\) reply with W using Warrant generation and Delegation algorithm to the adversary \({\mathcal{A}}_{d}\), or else it calculates ѵ = w+\(\delta \left({\sigma }_{{\mathcal{D}}_{\mathrm{o}}}*{M}_{Pub}+{P}_{{\mathcal{D}}_{\mathrm{o}}}\right)\) where \(\delta ,\) w \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), then set W = (Sw, ѵ, w) and reply to adversary \({\mathcal{A}}_{d}.\)
Proxy signcryption query: If the adversary \({\mathcal{A}}_{d}\) asks and provides Message M with \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}\),\({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\), if \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) =\({\mathrm{ID}}_{*}\), then the challenger \({\mathbb{C}}_{{\text{h}}}\) reply as it computes \({\Psi }_{1}=\rho * \mathcal{D}\) and \(\mathcal{Q}= \rho *({\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\) *\({M}_{Pub}\) +\({P}_{{\mathcal{D}}_{\mathrm{R}}}\)) where \(\rho\) \(\in {Z}_{n}\), compute \({\Psi }_{2}\)= m ⊕ ƙ, where ƙ \(\in {Z}_{n}\), compute \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\), where \(\mu\) \(\in {Z}_{n}\), and forward \({\Psi }^{*}=\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\) to adversary \({\mathcal{A}}_{d}\). Or else it replies by calling signcryption algorithm.
Unsigncryption query: If the adversary \({\mathcal{A}}_{d}\) asked, if \({\mathrm{ID}}_{{\mathrm{D}}_{\mathrm{R}}}\) \(\ne {\mathrm{ ID}}_{*}\), then the challenger \({\mathbb{C}}_{{\text{h}}}\) replied by calling unsigncryption algorithm.
Challenge: An adversary \({\mathcal{A}}_{d}\) may outputs two messages M0 and M1, and two identities \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) and \({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\), if \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}\) =\({\mathrm{ID}}_{*}\), the challenger \({\mathbb{C}}_{{\text{h}}}\) selects b \(\epsilon\) 0,1 responds as, it calculates \({\Psi }_{1}=\rho * \mathcal{D}\) and \(\mathcal{Q}= \rho *({\sigma }_{{\mathcal{D}}_{\mathrm{R}}}\) *\({M}_{Pub}\) +\({P}_{{\mathcal{D}}_{\mathrm{R}}}\)) where \(\rho\) \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), compute \({\Psi }_{2}\)= m ⊕ ƙ, where ƙ \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), compute \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\), where \(\mu\) \(\in \left\{\mathrm{1,2},3\dots \dots .n\right\}\), and send \({\Psi }^{*}=\left({\Psi }_{1},{\Psi }_{2},{\Psi }_{3},W\right)\) to adversary \({\mathcal{A}}_{d}\). Then the adversary \({\mathcal{A}}_{d}\) continue with ℋ queries, Key Extraction query \({(\mathcal{Q}}_{ke}\)), Warrant generation and Delegation query (\({\mathcal{Q}}_{gd}\)), proxy signcryption queries \({(\mathcal{Q}}_{psc}\)) and Un-signcryption query \(({\mathcal{Q}}_{usc}\)).
Guess: An adversary \({\mathcal{A}}_{d}\) may output Ь/ = Ь, then adversary \({\mathcal{A}}_{d}\) is successful and identify the solution for HYEC-DHP instance, or else an adversary \({\mathcal{A}}_{d}\) terminate.
Then challenger \({\mathbb{C}}_{{\text{h}}}\) can solve HYEC-DHP and be successful in challange phase and its probability as \(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\) so we have the probability as.
\({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)⪰ \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\).
Game 2: The proposed HYEC-IBPSC-SGDG-FC scheme is unforgeable. If an adversary \({\mathcal{A}}_{d}\) has the capability of existential forgery for (EUF- HYEC-IBPSC-SGDG-FC- SPA) selected plaintext attack with acceptable advantage of \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\). Then the challenger \({\mathbb{C}}_{{\text{h}}}\) can solve HYEC-CDH with the advantage of \({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\) ⪰ \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\).
Proof
If the challenger \({\mathbb{C}}_{{\text{h}}}\) gets an instance of HYEC-CDH (\(\mathcal{D}, \mathcal{D}\).\({S}_{{\mathcal{D}}_{\mathrm{o}}}\),\(\mathcal{D}\).\({S}_{\mathrm{Ps}}\)), then the challenger \({\mathbb{C}}_{{\text{h}}}\) has to extract the values of\({S}_{{\mathcal{D}}_{\mathrm{o}}} and {S}_{\mathrm{Ps}}\).\(\square\)
Setup: the challenger \({\mathbb{C}}_{{\text{h}}}\) sets = {\({M}_{Pub}\), \(\mathcal{D},\) ℌƴℇ, ℋ1, ℋ2, ℋ3, ℋ4, n\(\ge {2}^{80}\)} as a public system parameters and sends to adversary \({\mathcal{A}}_{d}.\)
Queries: The adversary \({\mathcal{A}}_{d}\) asks for \({\mathcal{Q}}_{\mathcal{H}\mathrm{i}}\) queries, \({\mathcal{Q}}_{ke}\) key extraction queries includes (\({\mathcal{Q}}_{pk}\), \({\mathcal{Q}}_{sk}\)) Public key and secret key queries respectively. Warrant generation and Delegation query \({\mathcal{Q}}_{gd}\) and \({\mathcal{Q}}_{psc}\) similar as Game 1.
Forgery: The adversary \({\mathcal{A}}_{d}\) generates the tuple {\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}},\) W} or {W, Mw,\({\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{o}}}, {\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}},}{\mathrm{ID}}_{{\mathcal{D}}_{\mathrm{R}}}\)}. The adversary \({\mathcal{A}}_{d}\) wins the game if the following cases hold.
Case-1: The challenger \({\mathbb{C}}_{{\text{h}}}\) gets two delegation signatures Sw = \(\alpha\) +\(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\) and \({S}_{w}^{*}\) = \(\alpha\) + \({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}\), so we have.
Sw−\(\alpha\)−\(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)− (\({S}_{w}^{*}\)−\(\alpha\)−\({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}\)) = Sw−\(\alpha\)−\(\partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\)- \({S}_{w}^{*}\) + \(\alpha\) + \({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}\) = Sw + \({S}_{w}^{*}\) =\({\partial }^{*}*{S}_{{\mathcal{D}}_{\mathrm{o}}}- \partial *{S}_{{\mathcal{D}}_{\mathrm{o}}}\) = Sw + \({S}_{w}^{*}\) = \({(\partial }^{*}- \partial )*{S}_{{\mathcal{D}}_{\mathrm{o}}}\), So the private key can be extracted as \({S}_{{\mathcal{D}}_{\mathrm{o}}}=\frac{{\mathrm{S}}_{\mathrm{w}}+ {S}_{w}^{*}}{{(\partial }^{*}- \partial )}\)
Case-2: The challenger \({\mathbb{C}}_{{\text{h}}}\) gets two delegation signatures \({\Psi }_{3}\)= \(\rho + \mu * {S}_{\mathrm{Ps}}\) and \({{\Psi }_{3}}^{*}\)= \(\rho + {\mu }^{*}* {S}_{\mathrm{Ps}}\), so we have.
\({\Psi }_{3}-\) \(\rho - \mu * {S}_{\mathrm{Ps}}-\)(\({{\Psi }_{3}}^{*}-\) \(\rho - {\mu }^{*}* {S}_{\mathrm{Ps}}\)) = \({\Psi }_{3}-\) \(\rho - \mu * {S}_{\mathrm{Ps}}-{{\Psi }_{3}}^{*}+\) \(\rho +{\mu }^{*}* {S}_{\mathrm{Ps}}\) = \({\Psi }_{3}+{{\Psi }_{3}}^{*}\)=\({\mu }^{*}* {S}_{\mathrm{Ps}}\)−\(\mu * {S}_{\mathrm{Ps}}\) = (\({\mu }^{*}- \mu\))\({S}_{\mathrm{Ps}}\). So the private key can be extracted as \({S}_{\mathrm{Ps}}=\frac{{\Psi }_{3}+{{\Psi }_{3}}^{*}}{{\mu }^{*}- \mu }\)
From the process, we can define 3 events as
E1: The challenger \({\mathbb{C}}_{{\text{h}}}\) is successful in executing queries with the probability of \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\)
E2: The challenger \({\mathbb{C}}_{{\text{h}}}\) is successful in proxy signcryption queries \({\mathcal{Q}}_{psc}\) with the probability of \(\left(1-\frac{1}{{2}^{\uplambda }}\right)\)
E3: The \({\mathrm{ID}}_{{\mathrm{P}}_{\mathrm{s}}}={ID}^{*}\) with the probability of \(\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\)
So the collective probability is
\({\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)}^{*}\)⪰ \(\mathrm{Adv }\left({ \mathcal{A}}_{d}\right)\) \(\left(1-\frac{{\mathcal{Q}}_{sk}}{{\mathcal{Q}}_{pk}}\right)\left(1-\frac{1}{{2}^{\uplambda }}\right)\left(\frac{1}{{\mathcal{Q}}_{pk}-{\mathcal{Q}}_{sk}}\right)\)
5 Performance analysis
In this section, the performance analysis of the proposed HYEC-IBPSC-SGDG-FC scheme is discussed. We use the well-known AVISPA tool [25, 26] to discuss the security proof and demonstrate that the proposed scheme is not susceptible to replay and man-in-the-middle attack. It should be noted that for any security protocol, AVISPA only handles replay and man-in-the-middle threats against an attacker.
The HLPSL [18] code is written for the proposed scheme with the different roles like original signer, proxy signer and trusted third party. This code is then executed using SPAN and AVISPA with the backends OFMC and CL-AtSe. We can see that no attacks were discovered by OFMC. In other words, for a limited number of sessions as specified in the role of the environment, the stated security goals were achieved. The proposed protocol is also executed with CL-AtSe backend for bounded number of sessions. The output shows that the protocol is safe under CL-AtSe also. The software resources such as Oracle VM Virtual Box and Security protocol animator (SPAN) are used. The output of AVISPA is shown in Figs. 4 and 5.
We have done the comparison of our proposed HYEC-IBPSC-SGDG-FC scheme with the existing proxy signcryption schemes [17, 19, 27,28,29,30]. The comparison outcomes are listed in Table 2. We define some notations as follows:
BPM:-Bilinear Pairing multiplications.
P:-Bilinear Pairing operation.
E:-exponentiation operation.
EPM:- elliptic curve point multiplication.
HDM:- hyperelliptic curve divisor multiplication.
The time required to perform the cryptographic operations are 14.90 ms for pairing operation, 4.31 ms for multiplication operation,1.25 ms for each exponentiation operation, 0.97 ms for elliptic curve point multiplication and 0.48 ms for hyperelliptic curve divisor multiplication.
To assess the computing efficiency of the various systems, we employ a simple technique. For example the scheme proposed by Ming [26] requires 11, 1ℇ and 7 operations. Therefore the total time required for this scheme is 213.41 ms. In similar way the operation time required for each scheme is calculated and listed in Table 2.Hence it can be observed from Table 3, that HYEC-IBPSC-SGDG-FC significantly outperformed the alternative schemes describe in Refs. [18, 19, 26,27,28,29]. The comparison of computational costs in terms of time in milliseconds (ms) for each phase of the IDPSC schemes is shown graphically in Fig. 6
The comparison of communication cost is described in Tables 4 and 5. To calculate the communication cost we have considered that a single hash value (ℋ) is communicated it takes 512 bits, a message () is considered to be of 2048 bits and a pairing operation (₢) is considered to be of 1024 bits, is considered to be of 160bits and N is considered to be of 80bits.Fig. 7 shows the details of communication cost comparison of various schemes with proposed scheme in bits. Hence it can be seen that the proposed approach outperforms the alternative schemes.
6 Conclusion
For the natural gas distribution environment, we proposed the HYEC-IBPSC-SGDG-FC approach, which is both secure and efficient. In fog computing based SGDG approach, we showed that the proposed technique is able to be utilized to control data access. The privacy, authentication, integrity, and non-repudiation in our system is carried out logically in one step by using the technique of identity based proxy signcryption. As part of our formal security analysis, we proved that the proposed system is exposed to be selected plaintext attack (SPA) sheltered, assuming that the DDH assumption is hard. It is also demonstrated that the projected scheme is existential unforgeable. We also showed that the proposed technique beats the alternative schemes in terms of computing costs in milliseconds (ms) and communication cost in bits for each step of the HYEC-IBPSC-SGDG-FC scheme. The simulation study performed by utilizing AVISPA tool illustrates that HYEC-IBPSC-SGDG-FC is safe under OFMC and CL-Atse backend. The development of an attribute-based signcryption method with PRE for fine-grained access control will be the focus of our future study.
References
Yeh S (2007) An empirical analysis on the adoption of alternative fuel vehicles: the case of natural gas vehicles. Energy Policy 35(11):5865–5875
Hackbarth A, Madlener R (2013) Consumer preferences for alternative fuel vehicles: a discrete choice analysis. Transp Res Part D: Transp Environ 25:5–17
Dong S, Duan S, Yang Q, Zhang J, Li G, Tao R (2017) MEMS-based smart gas metering for Internet of Things. IEEE Internet Things J 4(5):1296–1303
Khan MF, Zoha A, Ali RL (2007) Design and implementation of smart billing and automated meter reading system for utility gas. In: 2007 International conference on information and emerging technologies. IEEE, pp 1–6
Cascetta F, Vigo P (1994) The future domestic gas meter: review of current developments. Measurement 13(2):129–145
Wang Z, Hu C, Zheng D, Chen X (2021) Ultra-low-power sensing framework for internet of things: a smart gas meter as a case. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2021.3110886
Al-Ali AR, Landolsi T, Hassan MH, Ezzeddine M, Abdelsalam M, Baseet M (2018) An IoT-based smart utility meter. In: 2018 2nd international conference on smart grid and smart cities (ICSGSC). IEEE, pp 80–83
Singh S, Yassine A (2018) IoT big data analytics with fog computing for household energy management in smart grids. In: International conference on smart grid and internet of things. Springer, Cham, pp 13–22
Bhole D, Mote A, Patil R (2016) A new security protocol using hybrid cryptography algorithms. Int J Comput Sci Eng 4(2):18–22
Jalasri M, Lakshmanan L (2018) A survey: integration of iot and fog computing. In: 2018 second international conference on green computing and internet of things (ICGCIoT). IEEE, pp 235–239
Pattewar G, Mahamuni N, Nikam H, Loka O, Patil R (2022) Management of IoT devices security using blockchain—a review. In: Sentimental analysis and deep learning, pp735–743
Mambo M, Usuda K, Okamoto E (1996) Proxy signatures: delegation of the power to sign messages. IEICE Trans Fundam Electron Commun Comput Sci 79(9):1338–1354
Li X, Chen K (2004) Identity based proxy-signcryption scheme from pairings. In: IEEE international conference on services computing, 2004.(SCC 2004). Proceedings. 2004. IEEE, pp 494–497
Wang Q, Cao Z (2005) Efficient ID-based proxy signature and proxy signcryption form bilinear pairings. In: International conference on computational and information science. Springer, Berlin, Heidelberg, pp. 167–172
Swapna G, Gopal PVSSN, Gowri T, Reddy PV (2012) An efficient ID-based proxy signcryption scheme. Int J Inf Netw Secur 1(3):200
Yu H, Wang Z, Li J, Gao X (2018) Identity-based proxy signcryption protocol with universal composability. Secur Commun Netw 2018:1–11
Hundera NW, Mei Q, Xiong H, Geressu DM (2020) A secure and efficient identity-based proxy signcryption in cloud data sharing. KSII Trans Internet Inf Syst (TIIS) 14(1):455–472
Von Oheimb D (2005) The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of APPSEM 2005 workshop, pp 1–17
Guo H, Deng L (2020) An identity based proxy signcryption scheme without pairings. Int J Netw Secur 22(4):561–568
Yang X, Xi W, Ren N, Wang J, Li M (2021) Support outsourcing unsigncryption and member revocation identity-based proxy signcryption scheme with drone environment. J Phys: Conf Ser 1828(1):012119
Waheed A, Umar AI, Zareei M, Din N, Amin NU, Iqbal J, Saeed Y, Mohamed EM (2020) Cryptanalysis and improvement of a proxy signcryption scheme in the standard computational model. IEEE Access 8:131188–131201
Khan A, Ullah I, Algarni F, Naeem M, Uddin MI, Khan MA (2022) An efficient proxy blind signcryption scheme for IoT. CMC-Comput Mater Continua 70(3):4293–4306
Paterson KG (2002) ID-based signatures from pairings on elliptic curves. IEEE Commun Lett 38(18):1025–1026
Yu Y, Yang B, Sun Y, Zhu S (2009) Identity based signcryption scheme without random oracles. Comput Stand Interfaces 31(1):56–62
Yogesh PR (2020) Formal verification of secure evidence collection protocol using BAN logic and AVISPA. Proc Comput Sci 167:1334–1344
Patil RY, Devane SR (2019) Network forensic investigation protocol to identify true origin of cyber crime. J King Saud Univ-Comput Inf Sci
Ming Y, Wang Y (2015) Proxy signcryption scheme in the standard model. Secur Commun Netw 8(8):1431–1446
Zhou C, Zhang Y, Wang L (2018) A provable secure identity-based generalized proxy signcryption scheme. Int J Netw Secur 20(6):1183–1193
Yu H, Wang Z (2019) Construction of certificateless proxy signcryption scheme from CMGs. IEEE Access 7:141910–141919
Hussain S, Ullah I, Khattak H, Khan MA, Chen CM, Kumari S (2021) A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT). J Inf Secur Appl 58:102625
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
This research has no any declarations of interest to be disclosed.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Patil, R.Y., Patil, Y.H., Kachhoria, R. et al. A provably secure data sharing scheme for smart gas distribution grid using fog computing. Int. j. inf. tecnol. 14, 2927–2939 (2022). https://doi.org/10.1007/s41870-022-01043-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-022-01043-3