When the Wireless Sensor Network (WSN) is combined with the Internet of Things (IoT), it can be employed in a wide range of applications, such as agriculture, industry 4.0, health care, smart homes, among others. Accessing the big data generated by these applications in Cloud Servers (CSs), requires higher levels of authenticity and confidentiality during communication conducted through the Internet. Signcryption is one of the most promising approaches nowadays for overcoming such obstacles, due to its combined nature, i.e., signature and encryption. A number of researchers have developed schemes to address issues related to access control in the IoT literature, however, the majority of these schemes are based on homogeneous nature. This will be neither adequate nor practical for heterogeneous IoT environments. In addition, these schemes are based on bilinear pairing and elliptic curve cryptography, which further requires additional processing time and more communication overheads that is inappropriate for real-time communication. Consequently, this paper aims to solve the above-discussed issues, we proposed an access control scheme for IoT environments using heterogeneous signcryption scheme with the efficiency and security hardiness of hyperelliptic curve. Besides the security services such as replay attack prevention, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy, the proposed scheme has very low computational and communication costs, when it is compared to existing schemes. This is primarily because of hyperelliptic curve lighter nature of key and other parameters. The AVISPA tool is used to simulate the security requirements of our proposed scheme and the results were under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) proved to be SAFE when the presented scheme is coded in HLPSL language. This scheme was proven to be capable of preventing a variety of attacks, including confidentiality, integrity, unforgeability, non-repudiation, forward secrecy, and replay attacks.

The Internet of Things (IoT) represents a system of interconnected objects/things and devices that communicate through the Internet in a continuous manner [

Prior studies within this field have noted the importance of security as a crucial requirement for IoT communications [

In addition, previous studies of access control for IoT environments have developed various schemes that encountered the mutual shortcoming in terms of their roots as mathematical algorithms, their massive costs and huge computations. Bilinear pairing method is the first algorithm that has contributed significantly in this context [

We designed a heterogeneous signcryption (Users belongs to CLC and the sensor nodes uses the concept of IBC) based on Hyper elliptic curve.

The new scheme assures that the security properties of Replay Attack, confidentiality, integrity, Unforgeability, Non-repudiations, and forward secrecy, respectively.

The AVISPA Tool is used to simulate the security requirements of the proposed scheme and the result under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) are SAFE when the proposed scheme is coded in HLPSL language.

By applying the concept of hyper elliptic curve, this scheme will significantly reduce the computational cost timing and require smaller amount of bits for communication.

The paper is organized as follows: Section 1 contains a brief introduction, Section 2 encompasses the advantages and disadvantages of related work, Section 3 includes the syntax of heterogeneous signcryption, Section 4 represents the network model, Section 5 comprises the proposed heterogeneous signcryption for IoT, Section 6 covers the security analysis, Section 7 covers the computational cost, and Section 8 involves the communication cost, Section 9 includes scheme simulation, and Section 10 presents the conclusion.

Recently, access control techniques for IoT environments have attracted a considerable amount of scholars due to its vital roles in achieving higher levels of security. Li et al. [

Heterogeneous signcryption contains the steps such as Setup, PKI Key Generation, Certificateless (CL) Key Generation (CLKG), CL-Partial Private Key Processing (CL-PPKG), CL-Secret Value Selection (CL-SVS), CL- Private Key Processing (CL-PKG), CL-Public Key Processing (CL-PBKG), CL-Signcrypt (CL-SCT), and CL-Un-Signcrypt (CL-Un-SCT), respectively. The definition of each step is explained in the following sections.

Given

A receiver with PKI picks a private key

The application provider (AP) picks a random number

The sender picks a random number

The sender makes his private key like that

The sender makes his public key like that

By using the message

By using

The explanation of each step-in construction of the proposed scheme is described in the following subsections.

Given

A receiver with PKI pick a private key

It contains the following four steps:

The application provider (AP) picks a random number

The sender picks a random number

The sender makes his private key like that

The sender makes his public key like that

By using the message (

It picks

Compute

Calculate

Calculate

By using

Calculate

Calculate

Accept only

It contains the correctness and the descriptive analysis about replay attack, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy. Most of the security services are based on hyper elliptic curve discrete logarithm problem. Suppose a

The receiver first checks the correctness of

Finally it accepts only

A replay attack occurs when someone attempts to capture an old message and replay to it. In our scheme, a replay attack is impossible because we add a NC to the message prior to sending it. In this case, NC is included within the message. The receiver then can check whether a NC is new, thus, a replay attack is unachievable in our scheme.

Confidentiality means no one can see the original contents of message other than sender and receiver. In our scheme, sender at the first step encrypts the message (

The attacker has to solve

To solve

Integrity means that the receiver receives the message in the same format which has been sent by the sender. In our scheme, before sending the data, sender calculates the hash function of the message is shown as =

Unforgeability means that no one else than the sender can generate the digital signature. In our scheme, a sender generates digital signature

It means that in case if even the private key (

Non-repudiation means that no one can deny something they said did or commit. In the context of our research, it means that the sender can not deny the signatures because he/she uses his/her private key (

Before doing the comparison, one must remember that the computational costs are always the main concern for both the sender and receiver. Now in this case, the existing schemes used elliptic curve point multiplication and bilinear pairing.

These have always been considered the costly options for measuring the computational costs. In our mechanism we are using hyper-elliptic curve divisor multiplication which is considered to be very cheaper than others in measuring computational costs.

Access control schemes | Total operations | Total cost in milli seconds (ms) |
---|---|---|

Li et al. [ |
6T-Pair + 3T-P-M | 6(11.9845) + 3(1.7090) = 77.034 |

Challa et al. [ |
14 T-E-M | 14(0.0321) = 0.4494 |

Luo et al. [ |
5T-Pair + 3T-P-M | 5(11.9845) + 3(1.7090) = 65.0495 |

Das et al. [ |
18T-E-M | 18(0.0321) = 0.5136 |

Chaudhry et al. [ |
10T-E-M | 10(0.0321) = 0.321 |

Malani et al. [ |
13T-E-M | 13(0.0321) = 0.4173 |

Proposed | 8T-D-M | 8(0.01605) = 0.1284 |

According to the experimental results of [

Intel Core i7-7700 CPU@3.6 GHz2.0 GHz

8GB Random Access memory

pairing-based cryptography library in VC++ 6.0

So, the single time Pairing Operation (T-Pair), time for multiplication in bilinear pairing (T-P-M), time for multiplication in ECC (T-E-M), are consumed 11.9845, 1.7090, and 0.0321 milliseconds (ms), respectively. Accordingly, the time for multiplication in HECC (T-D-M) will be the half of multiplication in ECC i.e., 0.01605 ms [

The

Here, we perform some computations in

|M| represents plaintext or cipher text size and equals to 60 bits

|G| the group size of bilinear pairing and equals to 256 bits

|Q| the size of ECC point and equals to 160 bits

|N| the size of HECC devisor and equals to 80 bits

|H| the size of hash value and equals to 512 bits

|NON/T| the size of nonce or time stamp and equals to 80 bits in hyper elliptic curve environment and 80 bits in elliptic curve based environment

|ID| represents the size of identity and equals to 80 bits in hyper elliptic curve environment and 160 bits in elliptic curve based environment

|CERT| represents the size of certificate and equals to 80 bits in hyper elliptic curve environment and 160 bits in elliptic curve-based environment.

Access control schemes | Communication cost | Communication cost in bits |
---|---|---|

Li et al. [ |
|M| + 2|G| | |60| + 2|256| = 572 |

Challa et al. [ |
2|M| + 8|Q| + 4|T| + 1|H| | 2|60| + 8|160| + 4|160| + 1|512| = 2552 |

Luo et al. [ |
|M| + 2|G| | |60| + 2|256| = 572 |

Das et al. [ |
10|Q| + 3|T| + 2|H| + 2|ID| | 10|160| + 3|160| + 2|512| + 2|160| = 3224 |

Chaudhry et al. [ |
9|Q| + 2|T| + 1|H| + 2|ID| | 9|160| + 2|160| + 1|160| + 2|160| = 1880 |

Malani et al. [ |
6|Q| + 2|T| + 1|H| + 2|CERT| | 6|160| + 2|160| + 1|512| + 2|160| = 2112 |

Proposed | |M| + 2|N| | |60| + 2|80| = 220 |

Finally, we created

By analyzing the security requirement of our scheme regarding man in the middle attack

Achieving higher levels of security in IoT environments is critical for protecting users’ privacy and enhancing the overall functionality of such interconnected systems. In this work, we have proposed “an efficient heterogeneous signcryption scheme for access control within IoT environments to address the computational and communication cost issues of the existing approaches. We demonstrated that the proposed scheme prevented various attacks such as confidentiality, integrity, Unforgeability, Non-repudiations, Forward secrecy, and Replay attacks. AVISPA was utilized to perform formal security simulations, and the results supported our claim. We then compared the proposed scheme to existing schemes in terms of “computational costs” and “communication costs”. As a result, our proposed scheme efficiently reduced both computational and communication costs. Accordingly, the proposed scheme proved to be more practical and appropriate than existing schemes for heterogeneous IoT applications.

Authors would like to thanks their universities for the support provided during this research.