一种面向工业物联网环境的离线—在线签名方案

doi:10.3969/j.issn.1671-1122.2025.03.003

信息网络安全 ›› 2025, Vol. 25 ›› Issue (3): 392-402.doi: 10.3969/j.issn.1671-1122.2025.03.003

一种面向工业物联网环境的离线—在线签名方案

李强¹, 沈援海², 王锦泽³(), 黄晏瑜³, 孙建国³

1.西安电子科技大学计算机科学与技术学院，西安 710071
2.中移（杭州）信息技术有限公司，杭州 310023
3.西安电子科技大学杭州研究院，杭州 311231

收稿日期:2024-04-12 出版日期:2025-03-10 发布日期:2025-03-26
通讯作者: 王锦泽 E-mail:wjzoreo@163.com
作者简介:李强（1986—），男，陕西，高级工程师，博士研究生，主要研究方向为智慧家庭、光通信和人工智能|沈援海（1986—），男，江苏，工程师，硕士，主要研究方向为智慧家庭、人工智能和信息安全|王锦泽（1999—），男，浙江，硕士研究生，主要研究方向为网络安全|黄晏瑜（1993—），女，浙江，讲师，博士，主要研究方向为密码学和信息安全|孙建国（1981—），男，浙江，教授，博士，主要研究方向为工业信息安全、智能安全
基金资助:
国家自然科学基金(62302365);网络与信息安全安徽省重点实验室开放课题(AHNIS2022004);中移（杭州）2023-2024年工业互联网标识与平台互通中间件联合测试验收项目(CMHY-202300856)

An Offline-Online Signature Scheme for Industrial Internet of Things Environment

LI Qiang¹, SHEN Yuanhai², WANG Jinze³(), HUANG Yanyu³, SUN Jianguo³

1. School of Computer Science and Technology, Xidian University, Xi’an 710071, China
2. China Mobile (Hangzhou) Information Technology Co., Ltd., Hangzhou 310023, China
3. Hangzhou Research Institute, Xidian University, Hangzhou 311231, China

Received:2024-04-12 Online:2025-03-10 Published:2025-03-26
Contact: WANG Jinze E-mail:wjzoreo@163.com

摘要/Abstract

摘要：

近年来，工业物联网技术及相关产业发展迅速，工业设备的数据安全问题受到广泛关注。传统方案通常采用数字签名技术确保工业设备身份合法性及数据的真实性。然而，传统数字签名方案存在证书管理或密钥托管问题，难以满足当前需求。为此，文章提出一种面向工业物联网环境的离线—在线签名方案，旨在解决工业物联网环境下的身份认证问题。该方案基于双线性配对技术构建系统参数，并基于离线—在线技术将签名生成分为两个阶段。在离线签名阶段，无须消息参与，负责完成计算量较大的密码学操作，并生成离线签名值；在线签名阶段则仅需利用预先准备好的离线签名值、系统参数及待签名消息进行少量密码学运算，即可生成完整的签名值。此外，该方案在随机预言机模型中被证明能够抵御恶意攻击，具备较高的安全性。实验结果表明，该方案有效减少了在线签名阶段的长耗时计算次数，显著降低了计算成本，同时有效应对两类敌手的安全威胁。

关键词: 离线—在线签名, 身份认证, 无证书签名, 物联网

Abstract:

In recent years, industrial Internet of things (IIoT) technology and related industries have developed rapidly, and the data security issues of industrial equipment have received widespread attention. In the past to ensure the legitimacy of industrial equipment identity and data authenticity often use traditional digital signature technology, while the traditional digital signature program has a certificate management or key escrow problems, can not meet the current requirements. In this paper, an offline-online signature scheme for industrial Internet of things environment was proposed, constructing system parameters through bilinear pairing technology, and generating signatures that were divided into two-phase signatures based on offline-online technology. In the offline signature stage there was no need for message participation, responsible for completing computationally intensive cryptographic operations to generate offline signature values. In the online signature stage, only needed to use the prepared offline signature value, the system parameters, and the message that needed to be signed to carry out a small portion of the cryptographic operations to obtain the complete signature value. The scheme was proved to be secure against malicious attacks in the stochastic predicate machine model. This scheme reduces the number of time-consuming calculations in online signatures, significantly reduces the computational cost, while also overcoming the security issues of two types of adversaries.

Key words: offline-online signature, identity authentication, certificateless signature, Internet of things

中图分类号:

TP309

李强, 沈援海, 王锦泽, 黄晏瑜, 孙建国. 一种面向工业物联网环境的离线—在线签名方案[J]. 信息网络安全, 2025, 25(3): 392-402.

LI Qiang, SHEN Yuanhai, WANG Jinze, HUANG Yanyu, SUN Jianguo. An Offline-Online Signature Scheme for Industrial Internet of Things Environment[J]. Netinfo Security, 2025, 25(3): 392-402.

图/表 4

表1

表2

表3

表4

参考文献 27

[1]	AGRAWAL S, VIEIRA D. A Survey on Internet of Things[J]. Abak Ó S, 2013, 1(2): 78-95.
[2]	KIEL D, ARNOLD C, VOIGT K I. The Influence of the Industrial Internet of Things on Business Models of Established Manufacturing Companies-A Business Level Perspective[J]. Technovation, 2017, 68: 4-19.
[3]	DIFFIE W, HELLMAN M E. New Directions in Cryptography[C]// ACM. Democratizing Cryptography. New York: ACM, 2022: 365-390.
[4]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Proceedings of CRYPTO 1984. Heidelberg:Springer, 2007: 47-53.
[5]	XU Yan. Research on Certificateless Digital Signature Scheme for Multi-Users[D]. Hefei: University of Science and Technology of China, 2015.
	许艳. 面向多用户的无证书数字签名方案研究[D]. 合肥: 中国科学技术大学, 2015.
[6]	JIN Lin. Research on Privacy Protection Methods Supporting Graded Diagnosis and Treatment[D]. Guiyang: Guizhou University, 2022.
	金琳. 支持分级诊疗的隐私保护方法研究[D]. 贵阳: 贵州大学, 2022.
[7]	LI Mingyu. Design and Implementation of Electronic Official Document Security Exchange System Based on Certificateless Signature[D]. Wuhan: Huazhong University of Science and Technology, 2021.
	李铭宇. 基于无证书签名的电子公文安全交换系统设计与实现[D]. 武汉: 华中科技大学, 2021.
[8]	ALRIYAMI S S, PATERSON K G. Certificateless Public Key Cryptography[C]// Springer. Proceedings of ASIACRYPT 2003. Heidelberg: Springer, 2003: 452-473.
[9]	EVEN S, GOLDREICH O, MICALI S. Online/Offline Digital Signatures[C]// Springer. Proceedings of CRYPTO’89. Heidelberg:Springer, 2007: 263-275.
[10]	LIAO Yongjian, LIU Yulu, LIANG Yukuan, et al. Revisit of Certificateless Signature Scheme Used to Remote Authentication Schemes for Wireless Body Area Networks[J]. IEEE Internet of Things Journal, 2020, 7(3): 2160-2168. doi: 10.1109/JIOT.2019.2959602
[11]	SAEED M E S, LIU Qinying, TIAN Guiyun, et al. Remote Authentication Schemes for Wireless Body Area Networks Based on the Internet of Things[J]. IEEE Internet of Things Journal, 2018, 5(6): 4926-4944.
[12]	ADDOBEA A A, HOU Jun, LI Qianmu. MHCOOS: An Offline-Online Certificateless Signature Scheme for M-Health Devices[EB/OL]. (2020-01-01)[2024-04-07]. https://doi.org/10.1155/2020/7085623.
[13]	BELLARE M, BOLDYREVA A, PALACIO A. An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem[C]// Springer. Proceedings of EUROCRYPT 2004. Heidelberg: Springer, 2004: 171-188.
[14]	YANG Qing, WANG Haoxuan, LIANG Lei, et al. Improved Elliptic Curve Digital Signature Scheme and Case Analysis[J]. Computer Applications and Software, 2023, 40(1): 327-330, 343.
	杨青, 王昊轩, 梁磊, 等. 改进的椭圆曲线数字签名方案及实例分析[J]. 计算机应用与软件, 2023, 40(1): 327-330, 343.
[15]	ULLAH R, MEHMOOD A, KHAN M A, et al. An Optimal Secure and Reliable Certificateless Proxy Signature for Industrial Internet of Things[J]. Peer-to-Peer Networking & Applications, 2024, 17(4): 2205-2220.
[16]	KAR J. Provably Secure Online/Offline Identity-Based Signature Scheme for Wireless Sensor Network[J]. International Journal of Network Security, 2014, 16(1): 29-39.
[17]	GAO Ya, ZENG Peng, CHOO K K R, et al. An Improved Online/Offline Identity-Based Signature Scheme for WSNs[J]. International Journal of Network Security, 2016, 18(6): 1143-1151.
[18]	LUO Ming, TU Min, XU Jianfeng. A Security Communication Model Based on Certificateless Online/Offline Signcryption for Internet of Things[J]. Security and Communication Networks, 2014, 7(10): 1560-1569.
[19]	SHI Wenbo, KUMAR N, GONG Peng, et al. On the Security of a Certificateless Online/Offline Signcryption for Internet of Things[J]. Peer-to-Peer Networking and Applications, 2015, 8(5): 881-885.
[20]	LIU Dan, ZHANG Shun, ZHONG Hong, et al. An Efficient Identity-Based Online/Offline Signature Scheme without Key Escrow[J]. International Journal of Network Security, 2017(19): 127-137.
[21]	PENG Cong, LUO Min, LI Li, et al. Efficient Certificateless Online/Offline Signature Scheme for Wireless Body Area Networks[J]. IEEE Internet of Things Journal, 2021, 8(18): 14287-14298. doi: 10.1109/JIOT.2021.3068364
[22]	HONG Hanshu, HU Bing, SUN Zhixin. An Efficient and Secure Attribute-Based Online/Offline Signature Scheme for Mobile Crowdsensing[J]. Human-Centric Computing and Information Sciences, 2021(11): 1-12.
[23]	CHEN Jiasheng, WANG Liangliang, WEN Mi, et al. Efficient Certificateless Online/Offline Signcryption Scheme for Edge IoT Devices[J]. IEEE Internet of Things Journal, 2022, 9(11): 8967-8979.
[24]	HOU Yingzhe, CAO Yue, XIONG Hu, et al. An Efficient Online/Offline Heterogeneous Signcryption Scheme with Equality Test for IoVs[J]. IEEE Transactions on Vehicular Technology, 2023, 72(9): 12047-12062.
[25]	LIU Tongwei, PENG Wei, ZHU Kai, et al. A Secure Certificateless Signature Scheme for Space-Based Internet of Things[J]. Security and Communication Networks, 2022(22): 13-26.
[26]	POINTCHEVAL D, STERN J. Security Arguments for Digital Signatures and Blind Signatures[J]. Journal of Cryptology, 2000, 13(3): 361-396.
[27]	ARANHA D F. RELIC is an Efficient LIbrary for Cryptography[EB/OL]. (2020-11-29)[2024-04-07]. https://dfaranha.github.io/project/relic/.

符号	含义
${{1}^{k}}$	安全参数
$q$	素数
${{G}_{1}}$	素数阶为$q$的循环加法群
${{G}_{2}}$	素数阶为$q$的循环乘法群
$\hat{e}$	双线性配对$\hat{e}:{{G}_{1}}\times {{G}_{1}}\to {{G}_{2}}$
$P$	群${{G}_{1}}$的生成元
${{H}_{i}}\left( i=1,2,3 \right)$	哈希函数
$prm$	$\text{CC}$的公共参数
$ID$	$\text{TE}$的身份标识
$D$	$\text{TE}$的部分私钥
$x$	$\text{TE}$的秘密值
$SK$	$\text{TE}$的完整私钥
$PK$	$\text{TE}$的完整公钥
$\sigma $	离线签名值
m	消息
$\delta $	在线签名值

符号标识	符号含义	耗时/ms
${{T}_{m}}$	$Z_{q}^{*}$模的乘法	$0.001$
${{T}_{i}}$	$Z_{q}^{*}$模的求逆	$0.071$
${{T}_{add}}$	群$\left\langle {{G}_{1}},+ \right\rangle $标量点加	$0.002$
${{T}_{mul}}$	群$\left\langle {{G}_{1}},+ \right\rangle $标量点乘	$0.143$
${{T}_{e}}$	群$\left\langle {{G}_{2}},\times \right\rangle $取幂	$0.913$
${{T}_{h}}$	哈希运算	$0.003$
${{T}_{p}}$	双线性配对	$1.482$

签名方案	抗第一类敌手	抗第二类敌手	不可抵赖性
文献[10]方案	√	√	√
文献[11]方案	×	×	×
文献[12]方案	×	×	×
本文方案	√	√	√

签名方案	通信开销		总体通信开销
签名方案	离线签名阶段	在线签名阶段	总体通信开销
文献[10]方案	$2\left\| Z_{q}^{*} \right\|+3\left\| {{G}_{1}} \right\|+\left\| {{G}_{2}} \right\|$	$2\left\| Z_{q}^{*} \right\|+\left\| {{G}_{1}} \right\|$	$4\left\| Z_{q}^{*} \right\|+4\left\| {{G}_{1}} \right\|+\left\| {{G}_{2}} \right\|$
文献[11]方案	$2\left\| Z_{q}^{*} \right\|+3\left\| {{G}_{1}} \right\|+\left\| {{G}_{2}} \right\|$	$2\left\| Z_{q}^{*} \right\|+3\left\| {{G}_{1}} \right\|$	$4\left\| Z_{q}^{*} \right\|+6\left\| {{G}_{1}} \right\|+\left\| {{G}_{2}} \right\|$
文献[12]方案	$3\left\| Z_{q}^{*} \right\|+\left\| {{G}_{1}} \right\|$	$\left\| Z_{q}^{*} \right\|+2\left\| {{G}_{1}} \right\|$	$4\left\| Z_{q}^{*} \right\|+3\left\| {{G}_{1}} \right\|$
本文方案	$2\left\| Z_{q}^{*} \right\|+3\left\| {{G}_{1}} \right\|+\left\| {{G}_{2}} \right\|$	$2\left\| Z_{q}^{*} \right\|+2\left\| {{G}_{1}} \right\|+\left\| {{G}_{2}} \right\|$	$4\left\| Z_{q}^{*} \right\|+5\left\| {{G}_{1}} \right\|+2\left\| {{G}_{2}} \right\|$

一种面向工业物联网环境的离线—在线签名方案

An Offline-Online Signature Scheme for Industrial Internet of Things Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 27

相关文章 15

编辑推荐

Metrics

本文评价

[1]	袁征, 张跃飞, 冯笑, 乔雅馨. 基于PUF的电力物联网智能终端认证协议[J]. 信息网络安全, 2025, 25(1): 13-26.
[2]	夏喆, 夏学志, 吕文杰, 张明武. 车联网中基于证书的局部可验证聚合签名方案[J]. 信息网络安全, 2025, 25(1): 48-62.
[3]	张学旺, 陈思宇, 罗欣悦, 雷志滔, 谢昊飞. 面向云辅助工业物联网的高效可搜索属性基加密方案[J]. 信息网络安全, 2024, 24(9): 1352-1363.
[4]	段昊哲, 李志慧, 韦性佳, 胡珂欣. d维量子系统中无需纠缠的量子身份认证协议[J]. 信息网络安全, 2024, 24(9): 1364-1374.
[5]	邢长友, 王梓澎, 张国敏, 丁科. 基于预训练Transformers的物联网设备识别方法[J]. 信息网络安全, 2024, 24(8): 1277-1290.
[6]	黄旺旺, 周骅, 王代强, 赵麒. 基于国密SM9的物联网可重构密钥安全认证协议设计[J]. 信息网络安全, 2024, 24(7): 1006-1014.
[7]	张晓均, 张楠, 郝云溥, 王周阳, 薛婧婷. 工业物联网系统基于混沌映射三因素认证与密钥协商协议[J]. 信息网络安全, 2024, 24(7): 1015-1026.
[8]	刘一丹, 马永柳, 杜宜宾, 程庆丰. 一种车联网中的无证书匿名认证密钥协商协议[J]. 信息网络安全, 2024, 24(7): 983-992.
[9]	李志华, 陈亮, 卢徐霖, 方朝晖, 钱军浩. 面向物联网Mirai僵尸网络的轻量级检测方法[J]. 信息网络安全, 2024, 24(5): 667-681.
[10]	沈卓炜, 汪仁博, 孙贤军. 基于Merkle树和哈希链的层次化轻量认证方案[J]. 信息网络安全, 2024, 24(5): 709-718.
[11]	杨杰超, 胡汉平, 帅燕, 邓宇昕. 基于时变互耦合双混沌系统的轻量级序列密码[J]. 信息网络安全, 2024, 24(3): 385-397.
[12]	冯光升, 蒋舜鹏, 胡先浪, 马明宇. 面向物联网的入侵检测技术研究新进展[J]. 信息网络安全, 2024, 24(2): 167-178.
[13]	翟鹏, 何泾沙, 张昱. 物联网环境下基于SM9算法和区块链技术的身份认证方法[J]. 信息网络安全, 2024, 24(2): 179-187.
[14]	印杰, 陈浦, 杨桂年, 谢文伟, 梁广俊. 基于人工智能的物联网DDoS攻击检测[J]. 信息网络安全, 2024, 24(11): 1615-1623.
[15]	陈宝刚, 张毅, 晏松. 民航空管信息系统用户多因子持续身份可信认证方法研究[J]. 信息网络安全, 2024, 24(11): 1632-1642.