[Retracted] Identity-Based Designated-Verifier Proxy Signature Scheme with Information Recovery in Telemedicine System

Zhou, Yuping; Hu, Yu; Chen, Jianneng; Huang, Zengjie; Huang, Hui; Zhang, Yi Fan

doi:https://doi.org/10.1155/2022/1580444

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Review Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Machine Learning Enabled Signal Processing Techniques for Large Scale 5G and 5G Networks

View this Special Issue

Review Article | Open Access

Volume 2022 | Article ID 1580444 | https://doi.org/10.1155/2022/1580444

[Retracted] Identity-Based Designated-Verifier Proxy Signature Scheme with Information Recovery in Telemedicine System

Yuping Zhou,^1,2Yu Hu,¹Jianneng Chen,¹Zengjie Huang,¹Hui Huang,¹and Yi Fan Zhang¹

Academic Editor: Mohammad Farukh Hashmi

Received01 Feb 2022

Revised17 Feb 2022

Accepted23 Feb 2022

Published18 Mar 2022

Abstract

With the promotion of Remote Medical Treatment, the sharing of big telemedicine data becomes more and more popular. Telemedicine based on wireless sensor networks collects blood pressure, pH value, pulse, and other medical information from the telemedicine healthcare terminal. The medical information is sent to the hospital or medical server for processing. The security protection of patient medical data, such as confidentiality and authenticity, has gradually become a critical problem to be solved in the development of cloud medical service platform. A provably secure identity-based designated-verifier proxy signature scheme with information recovery for cloud medical diagnosis network is proposed. The scheme is on the basis of computational Diffie-Hellman difficult problem and existential unforgeable against adaptive chosen message attacks in the random oracle model. The performance analysis shows that the scheme is appropriate to the remote medical diagnosis system.

1. Introduction

Cloud health care refers to that the supremacy of medical technology and equipment owned by only a few first-class hospitals or specialized hospitals has been brought into full play to perform remote diagnosis, treatment, and consultation for remote patients by relying on these technologies, such as computer technology, remote sensing, and remote-control technology [1, 2]. As the demand for telemedicine is expanding, electronic diagnosis and treatment systems based on wireless sensor networks develop rapidly [3]. In the electronic medical system, the medical data of a patient, like blood oxygen, pH value, pulse, and electrocardiogram (ECG), can be collected by the sensors embedded or worn on the remote patient and transmitted to the remote medical expert through the wireless networks. The confidentiality and authenticity of the medical data of patients often become the target of malicious attackers.

Network attackers generally utilize active attacks or passive attacks [4]. Active attack refers to the attacker interfering with the data communication, such as modifying, replaying, discarding, or delaying data packets, to achieve more efficient analysis and extraction of traffic characteristics. The diagnosis errors can be caused by tampering with the content of the medical data in the electronic diagnosis and treatment system. The Denial of Service and the rejection of diagnosis request are caused because of physical interference. Passive attack is to obtain the effective data sent from departure to destination without affecting the regular data communication. If there is only a passive attack existing, the confidentiality of the transmitted data is destroyed, and the data information is divulged through monitoring effective data flow, but the integrity and availability are not affected, so the passive attack is not easy to be monitored [5]. Passive attack indirectly affects the network by way of listening to the useful data. The advantage lies in its strong concealment performance, and the remote medical data can be stolen by attackers. In short, the security issues caused by the attack should be added more focus.

To solve these security problems, the wireless sensor network framework of cloud medical treatment based on some security technologies is proposed. Ng et al. [6] proposed a type of system framework; as shown in Figure 1, some terminal sensors are deployed on a patient. The server collects information by using a wireless internet connection, and it analyzes and transmits this information to a local or remote doctor. This framework has become a universal wireless sensor network framework of cloud medical treatment. To ensure secure communication, the collected medical data is transmitted to the hospital server after being digitally signed to ensure data integrity. In order to ensure authenticity confirmation, a method which that authorizes the designated recipient is proposed. According to this scheme of things, the hospital administrator or web developer acting as Deploying Authority (DA) authorizes its signing ability to the sensor. A trained doctor is designated as the recipient. In this way, the Deploying Authority acts as the original signer, the terminal sensor acts as the proxy signer, and the healthcare professional is designated as the recipient. Because of the restrictions of storage space and energy, the medical terminal needs a digital signature scheme satisfying storage space and energy efficiency, so an efficient designated-verifier proxy signature scheme is the highly urgent request of a telemedicine system.

Mambo et al. [7] presented the proxy signature (PS); this method implements authorization of signing power. According to the idea, the proxy signer is licensed for signing an efficient proxy signature, and the verifier trusts this authorization protocol. The proxy signature scheme applying warrant is widely used in realistic communication systems. The warrant contains information about the identity of concerned people, including both principal and agent, and the validity of the agency agreement. The original signer encrypts the authorization with his private key and transmits it to the proxy signer. The proxy signer verifies the validity of the warrant with the original signer’s public key and then signs the file by using the warrant and his private key. A certificateless designated-verifier proxy signature (CLDVPS) scheme was proposed by He et al. [8]; the method can meet the requirement of certification management and key escrow and achieve high-speed operation of unmanned aerial vehicle executing commands. Only the designated verifier is able to validate the signature in the scheme. Zheng et al. [9] presented a scheme that can be deployed over the existing quantum key distribution networks without complex quantum operations. The correlated key strings are generated by the use of the scheme protecting the communication against potential eavesdroppers. A designated verifier proxy resignature (DVPRS) is proposed by Wei et al. [10]; the proxy can reappoint a new verifier in DVPRS, which is applicable to deniable and/or anonymous authentication. Shi et al. [11] proposed a real quantum designated verifier signature scheme on the basis of quantum deniable authentication protocol. One of the strengths of the scheme is the power of resisting impersonation attacks and entangle-measure attacks. Singh and Verma [12] utilized the advantages of information recovery signature and proxy signature to present an identity-based information recovery proxy signature scheme.

In 2020, an aggregatable certificateless designated verifier signature scheme (ACLDVS) was presented by Thorncharoensri et al. to implement secure data access and sharing for cloud storage. ACLDVS is efficient for privacy protection system of the Internet of Things or VANET, the security of the scheme relies on Computational Diffie-Hellman (CDH) assumption [13]. In 2017, an identity-based aggregate signature (IBAS) scheme with designated verifier for WSNs was presented by Shen et al., and the scheme was shown to be secure and efficient; it can keep data integrity; at the same time, the bandwidth and the storage efficiency are high for WSNs [14]. This scheme is secure in the random oracle model under the CDH assumption. In 2011, Shim [15] presented a short designated verifier proxy signature scheme which is confirmed to be safe in the enhanced attacker model. Lin et al. [16] proposed a short DVPS scheme, which is existentially unforgeable against chosen message attack in the random oracle model, but the scheme does not consider the fully attack model. In 2018, a provably secure message recovery designated verifier proxy signature (MRDVPS) scheme was proposed by Verma et al. [17], which is applicable for healthcare wireless sensor networks (HWSN). The scheme satisfies the confidentiality and authentication of data. Hu et al. [18] presented a short provably secure DVPS based on linear pairs in random oracle. The scheme considers an enhanced attack model including six types of attackers with different abilities. In terms of the length of a tuple consisting of information and signature, the scheme produces a signature shorter than the existing information recovery DVPS scheme.

The deployment of cloud medical care in wireless sensor networks makes secure communication more urgent. The authenticity of the receiver and sender and the authenticity and confidentiality of patient medical data are all key issues that need to be resolved, especially different security requirements, including integrity, authenticity, confidentiality, and timeliness. To deal with these problems, Verma et al. [19] presented an information recovery proxy signature scheme applied in electronic medical wireless sensor networks, but the scheme only satisfies authenticity and timeliness. In order to meet the four security requirements, at the same time, it is necessary to study the information recovery proxy signature with more features. In the designated-verifier proxy signature, only the verifier who is designated can verify the signature. Combining a message recovery signature, the designated-verifier signature can better solve the four security challenges. In the improved DVPS scheme, the information is permitted to be retrieved only by the designated verifier, so the security features of integrity and confidentiality are achieved. In the solution design, the hospital administrator or deployment authority authorizes their signing right to the sensor, and the sensor signs information on behalf of the hospital administrator or deployment authority. Only the designated recipient, that is a professional doctor, can verify the signature. Due to constraints of energy and bandwidth in wireless sensor networks, designing an authorization method meeting more requirements on security is one of the main considerations. For the required purpose, we present an effective authentication scheme based on identity information to recover the designated-verifier proxy signature. In the scheme, it is all signature and no information which is sent to the designated verifier. The information is recovered during the verification process. The shorter length of signature and the better confidentiality are guaranteed at the same time. The scheme is existentially unforgeable against chosen message attack in the random oracle model and has better performance on computing cost and length.

2. Preliminaries

2.1. Bilinear Pairing

Let and be cyclic groups whose order is the large prime ; the Discrete Logarithm Problem (DLP) is held in and . A bilinear pairing map possesses the following properties: (1)Bilinearity: for any and , it has .(2)Nondegeneracy: there exists to satisfy .(3)Computability: for any , there is an efficient algorithm to compute .

That is, is bilinear groups. Generally, contains point on elliptic curve. can be Tate pairing or Weil pairing.

2.2. CDH Problem

and , compute.

3. System Framework

3.1. System Model

There are five entities existing in the telemedicine wireless sensor networks as shown in Figure 2: Private Key Generator (PGK), Deploying Authority (DA), Sensor, Medical Server (MS), and medical professional. The main functions of each entity are as follows: (1)Private Key Generator (PKG): the PKG creates a private key for each participant and then sends it to the user through a secure channel. It is a trusted third party.(2)Deploying Authority (DA): the DA is a network developer. It develops and maintenances the system and is responsible for solving related network problems. In some special scenarios, the hospital administrator takes on the role.(3)Sensor: the sensors are embedded or wearable on patients to collect patient healthcare information and then send these data to the medical server through the wireless gateway. A short message is appropriate for the sensors with limited storage and energy.(4)Medical Server (MS): Medical Server is the core unit of the system with powerful storage and computing capabilities. Medical information is acquired from the relevant wireless gateways and sent to doctors with the help of MS.(5)Medical professional: medical professional is a trained professional. They receive medical data from the patients for diagnosis and then make clinical treatment strategies according to the medical data.

In the system model, the Deploying Authority is the original signer who can authorize the signature rights to others; the sensor acts as a proxy signer, which accepts signature right from the Deploying Authority, signs the information, and then sends the signature to the designated recipient through the medical server. Receiving the signature from any sensor, the medical server sends the signatures to the relevant doctor; finally, the doctor uses his private key to recover the patient’s medical data in the process of signature verification, performs diagnosis, and then makes clinical treatment strategies according to the medical data.

3.2. The Algorithm Framework

The paradigm of the identity-based designated-verifier proxy signature scheme (IDDVPS) scheme includes three active entities: Alice (original signer), Bob (proxy signer), and Cindy (designated verifier). The scheme is on the basis of the schemes of Singh and Verma [12] and Hu et al. [18]. The program framework contains 8 polynomial-time algorithms: Setup, Extract, DeleGen, DeleVerify, DVProxySign, DBProxySVerify, DVPSimulation, and Correctness. (1)Setup: a Probabilistic Polynomial Time (PPT) algorithm Setup enters a security parameter and outputs system parameters.(2)Extract: a PPT algorithm Extract takes input system parameters and outputs user’s key pair , including the original signer Alice’s key pair , the proxy signer Bob’s key pair , and the designated verifier Cindy’s key pair .(3)DeleGen: PPT algorithm DeleGen enters the PKG’s master key and the warrant . It outputs the delegation passed to Bob by a security tunnel.(4)DeleVerify: PPT algorithm DeleVerify takes input and the PKG’s master key; it outputs . If , it accepts the validity of ; otherwise, it refuses the validity of . If , the proxy signer computes as the proxy signature key.(5)DVProxySign: PPT algorithm DVProxySign takes input the proxy signer’s key , the warrant , the designated verifier’s public key , and the message ; it outputs proxy signature .(6)DVProxySVerify: PPT algorithm DVProxySVerify enters verifier Cindy’s private key , Bob’s public key , and the proxy signature ; it outputs and . If , the message and the proxy signature are accepted; otherwise, the message and the proxy signature are refused.(7)DVPSimulation: by using PPT algorithm DVPSimulation, verifier Cindy can imitate a proxy signature which someone is unable to tell from the original signature.(8)Correctness: PPT algorithm Correctness outputs the correctness proof of information recovery and validation process.

3.3. Security Model

Implementation of security in the IDDVPS scheme is mainly considered from several inspects, including unforgeability, nontransferability, and nonauthorization. A Universal Designated Verifier Signature (UDVS) scheme is derived on the basis of the Designated Verifier Signature (DVS) scheme proposed by Parvin et al. [20], and the signature holder can transform it into DVS. The UDVS is said to be the first nondelegatable UDVS scheme.

In 2012, Singh and Verma [12] presented the first information recovery proxy signature scheme with a shorter signature length, and the unforgeability of the scheme is mainly considered. Hu et al. [18] put forward the security model with six types of the strongest adversaries. According to these previous studies, we take into account five types of adversaries and design a play-based method to check that the IDDVPS scheme is unforgeable, nontransferability, and identifiable under the random oracle model. The attackers are divided into five types of adversaries according to their attack ability: (1)Type 1 adversary (): knows the public keys of Alice, Bob, and Cindy .(2)Type 2 adversary (): knows the public keys of Alice, Bob, and Cindy and the private key of Bob .(3)Type 3 adversary (): knows the public keys of Alice, Bob, and Cindy and the private key of Alice .(4)Type 4 adversary (): knows the public keys of Alice, Bob, and Cindy and the private key of Cindy .(5)Type 5 adversary (): knows the public keys of Alice, Bob, and Cindy and the private keys of Bob and Cindy (, ).

It can be clearly seen from the above classification that if the security model can resist type 5 adversary (), it will be sure to resist type 1 (), type 2 (), type 3 (), and type 4 (). The scheme can be proved to be provably secure against adaptive-chosen-plaintext attack in random oracle model by analyzing the type 5 adversary.

3.3.1. Game 1 (Aimed at the Unforgeability of the Type 5 Adversary ())

Aimed at the type 5 adversary, the model is existentially unforgeable against adaptive chosen plaintext attacks in the random oracle model. The type 5 adversary gets the public keys of signer and verifier , the private key of the proxy signer, and designated verifier (,), so the proxy signature key can be obtained. To analyze EUF-ACMA, the general model of type 5 () and challenger (CH) is as follows: (1)Setup(.): the challenger runs algorithm Setup(.), , where superscript is security param; it outputs system params.(2)Extract(.): the challenger runs algorithm Extract(.); it enters system params and generates the key pair for all user including the original signer Alice’s key pair , the proxy signer Bob’s key pair , and the designated verifier Cindy’s key pair . And then CH provides the public keys of the original signer Alice, proxy signer Bob, designated signer Cindy , and the private keys of proxy signer Bob, designated signer Cindy to the adversary .(3)DeleGen(.): adversary queries the DeleGen(.) oracle, adaptively chooses input warrant , and obtains delegation from CH.(4)DvproxySign(.): adversary queries the DvproxySign(.) oracle and adaptively chooses to input message, warrant, and delegation ; the CH returns proxy signature .(5)DVproxySVerify(.) : adversary queries the DVproxySVerify(.) oracle and adaptively inputs signature; if the output is valid, the return value of CH is the corresponding message strings; otherwise, the return value of CH is invalid.(6)Output(.): it queries the oracle; it inputs to obtain a target message string and the corresponding proxy signature , where(i) is not in the output list of DeleGen(.) oracle(ii) is not in the output list of DVProxySign(.) oracle(iii) and are the valid delegation and proxy signature

The success rate of an attack of Adversary is , which equals to the winning probability of Adversary in game 1.

Definition 1. When a forger requests no more than queries, no more than hash queries, no more than DVProxySign(.) queries, and no more than DVProxySVerify(.) queries, an attack is successfully achieved with probability within at most time. If the probability of success of in-game forger is negligible, then the IDEMR-DVPS scheme is robust against under adaptive-chosen-plaintext attack. In other words, the IDEMR-DVPS scheme is -existential unforgeability.

4. Identity-Based Designated-Verifier Proxy Signature Scheme with Information Recovery in Telemedicine System

The medical data of telemedicine system is required to meet some security characteristics: integrity, authenticity, confidentiality, and freshness. The application of the Message Recovery Proxy Signature (MR-PS) scheme applied in telemedicine system can only satisfy authenticity and freshness.

To meet more security characteristics, new features need to be added to the existing MR-PS scheme. In identity-based Message Recovery-Designated Verifiers Proxy Signature (IDMR-DVPS) scheme, the signature can only check the validity by the designated verifier and the message is recovered during the verification process, and thus, the confidentiality and integrity are provided; data flow of telemedicine system is shown in Figure 3.

There are eight steps in the scheme defined as follows: (1)Setup: a probabilistic polynomial time algorithm (Setup) inputs as security parameters. The PKG selects the main key , calculates

keeps the main key secret, and outputs system public parameters , where is a plus cyclic group with prime order, is a multiplicative cyclic group, is bilinear map, , , , and . (2)Extract: the user calculates user’s public key

The PKG calculates private key

to send to user. User verified whether this equation

holds after receiving the private key. If it holds, the user will accept the private key. Thus, the initial signer Alice has a pair of keys , the proxy signer Bob has a pair of keys , and the designated signer Cindy has a pair of keys . (3)DeleGen; the initial signer Alice calculates

according to the authorization information (authorization information includes the identity information of the initial signer and proxy signer, authorization validity period, the type of signature information string , and other related information), and sends WCMC_1580444 to PKG; the PKG verified whether the equation

holds. If it holds, the PKG computes

and then sends to the proxy signer Bob secretly by secure channel. (4)DeleVerify: the proxy signer can validate the effect of warrant according to whether the equation

holds. If the equation holds, the proxy signer calculates the proxy signature key (5)DVProxySign: the proxy signer performs the following calculations according to the input information string the proxy signer calculates

chooses randomly, calculates

and returns proxy signature . The schematic diagram in which the patient signs the information is shown in Figure 4. (6)DVProxySVerify: the designated verifier Cindy executes the following calculation during the verification process and calculateswheremeans the first bits offrom the left side.means the firstbits offrom the right side. Cindy verified whether the equation

holds. If it holds, the signature and message are accepted. If it does not hold, the signature and message are rejected. (7)DVPSimulation: receiving a string , the designated verifier Cindy randomly selects and then calculates

and simulates proxy signature . The distribution of the simulated proxy signature and the original proxy signature verification is consistent and indistinguishable. (8)Correctness: the process of DVProxySVerify is correct. For , , thus,

For , thus, verified whether the equation

is tenable. If it is tenable, the designated verifier Cindy recognizes the valid of for the information .

5. Security Analysis

The scheme has security characteristics of EUF-ACMA, nondelegation, nontransferability, and strong-identifiability.

5.1. Unforgeability

For example, in game 1, the scheme is EUF-ACMA against type 5 adversary.

Theorem 1. Let adversary be a PPT Adversary who plays by using , , , , , and oracles to produce recovery designated verifier’s signature based on the identity within t times, and the signature can be verified by with a nonnegligible probability . requests , , , , , , , and time queries for , , , , , , , and oracle, respectively. Then, the polynomial time algorithm can be designed as a solution to the BDH problem with successful probability where is the max value of , is the base of a natural logarithm, and simulates a challenger as the following proof.

Proof. chooses randomly and sets the public key of the PKG , the public key of original signer Alice , the public key of proxy signer Bob , and the public key of designated verifier Cindy . The PKG sends to . The goal of is to compute according to , and then the BDH problem is solved. Assume controls , , , , , , , and oracles and holds all answer lists such as , , , , , , , ; all lists are empty initially.

query: ’s response outputs to all asked are saved as the records of . first inquires oracle according to the enquired warrant . If there is a corresponding record in the list, the record is output to the adversary . Otherwise, chooses randomly, sets , and then updates .

query: the adversary inquires oracle about Hash value by inputting . ’s response outputs for all Hash requests are saved as the records of . first inquires , if there exists a corresponding record in the list; the record is output to the adversary . Otherwise, selects , , randomly, sends to the adversary , and then updates .

query: if the adversary queries from oracle, when does not exist in the output list of , saves the list of records responded from query to adversary . searches first, if there exists a corresponding record in the list, B sends it to. Otherwise, chooses randomly, sets

sends record to , and updates .

query: saves the list of records responded from query to . searches according to output from query first. If there exists a corresponding record in the list, sends it to. Otherwise, chooses randomly, sets

sends it to , and updates .

query: saves the list of records responded from query. searches target in according to . If there exists a corresponding record in the list, sends it to . Otherwise, requests to get the output and chooses randomly to make

If , quits and output fails. If , outputs

to as delegation updates . If holds, the output is a valid delegation.

query: supposing the adversary inquires according to . saves the list of records responded from . inquires according to input. If the corresponding item can be found, the output is sent to the adversary . Otherwise, B runs , , , , and to acquire , , , and and calculates

If , stops running and quits. If , calculates

and sends to . If holds, is a valid signature.

: the adversary generates a forged signature as follows:

Adversary generates as a valid proxy signature of and .

If the adversary succeeds in forging, is the valid proxy signature.

If , quits and output fails.

If , then, . calculates

Then,

is the solution of BDH problem.

Consider the probability of successfully solving the CDH problem in the following two situations.

(): in request.

(): the adversary forges a valid signature.

Then,

To achieve the optimal probability of success, set , where , then

5.2. Nontransferability

The designated verifier Cindy cannot confirm to a third party whether the signature was signed by the proxy signer Bob or himself. In short, the proxy signature and the simulated signature have the same distribution. Through simulation, the distribution of probability and probability are the same, and the scheme is nontransferable.

5.3. Strong Identifiability

The program provides a warrant, and the proxy signer Bob can be identified by verifying the warrant , so the scheme has strong identifiability.

In the anti-misuse attack, the warrant contains the signed information string, so that the proxy signer Bob cannot sign proxy signature by using illegal information string, which can effectively prevent misuse attacks. At the same time, apart from the designated verifier, no third party can validate the proxy signature, which makes the scheme robust.

6. Performance Analysis

In the wireless medical sensor networks, the collection of remote medical data is completed by the sensor embedded in or worn on the patient, and then the sensor transmits the medical data to the medical server, so the signature length and the computational cost of sensor become the main performance indicator of design scheme. Different steps of the scheme are completed by different entities. For example, proxy verification and proxy signature are performed on the sensor while some steps are performed on the authority or the medical server. Therefore, it is necessary to consider the signature length and overall consumption of transmission in different stages. Related notations are denoted in Table 1.

Here, elliptic curve point addition, XOR, , , modular addition, and other effective operations are ignored. In order to achieve the 3072-bit RSA security level, the element lengths of are considered to be 256 bits (), 3072 bits , and 256 bits separately, and the length of the information string is . Because the message is recovered during the signature verification process and no message string is attached to the signature, the signature length of the scheme is .

We evaluate the costs of the basic operations on a client machine with Intel i7-4600U 2.70GHz CPU and 4GB RAM. The operating system of the host is Ubutu 14.04 for 64 bit. As shown in Table 2, the computing cost of IDEMR-DVPS is smaller than that of literature [15] and equal to that of the literature [21]. The computing cost of literature [18] is 0.3 ms less than that of IDEMR-DVPS scheme, but their signature length is , , and bits larger than that of IDEMR-DVPS, respectively. As far as computation cost and bandwidth are concerned, the performance of IDEMR-DVPS scheme is better. In the telemedicine wireless sensor networks, and are executed on the sensor, but is not executed in every session of signing, which is executed more frequently than . And its computing cost is (6.81 ms) affordable for the sensor.

In summary, the IDEMR-DVPS scheme consumes 17.97 ms overall and is highly efficient. Meanwhile, the scheme with several attributes such as the designated verifier and message recovery satisfies the four security requirements and short bandwidth, while other schemes have low bandwidth efficiency or can only meet part of the security requirements. The IDEMR-DVPS scheme is suitable for telemedicine wireless sensor networks.

7. Conclusion

Telemedicine wireless sensor networks have been gaining popularity in practice, and the authorized signature scheme of the designated verifier is adopted in most system development. A safe and bandwidth-available IDEMR-DVPS scheme applying elliptic curve bilinear pair mapping is proposed in our paper, and the message is not attached to the signature to be sent to the verifier in the scheme. During the verification process, the scheme satisfies security requirements of telemedicine wireless sensor networks such as data integrity, authenticity, and confidentiality for the verifier’s private key used. The scheme can resist replay attacks effectively due to the construction of warrant. The scheme based on random oracles is EUF-ACMA to be against a stronger adversary in the enhanced attack model. Further, the IDEMR-DVPS scheme has the advantage of being suitable for telemedicine wireless sensor networks applications.

The IDEMR-DVPS scheme ignoring pair computing will be the next step because pair operation costs much more than scalar multiplication operation. Designing an MR-DVPS scheme in the standard model is also an open issue.

Data Availability

The simulation experiment data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This work was supported in part by the National Social Science Fund of China (Grant No. 21XTQ015) and the Natural Science Foundation of Fujian Province of China (Grant No. 2020J01814).

References

S. Hussain, I. Ullah, H. Khattak, M. A. Khan, C. M. Chen, and S. Kumari, “A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT),” Journal of Information Security and Applications, vol. 58, article 102625, 2021.
View at: Publisher Site | Google Scholar
L. Dong, W. Wu, Q. Guo, M. N. Satpute, T. Znati, and D. Z. Du, “Reliability-aware offloading and allocation in multilevel edge computing system,” IEEE Transactions on Reliability, vol. 70, no. 1, pp. 200–211, 2021.
View at: Publisher Site | Google Scholar
W. Shu, K. Cai, and N. Xiong, “Research on strong agile response task scheduling optimization enhancement with optimal resource usage in green cloud computing,” Future Generation Computer Systems, vol. 124, pp. 12–20, 2021.
View at: Publisher Site | Google Scholar
M. Zhang, D. Zhang, S. Fu, P. Kujala, and S. Hirdaris, “A predictive analytics method for maritime traffic flow complexity estimation in inland waterways,” Reliability Engineering and System Safety, vol. 220, article 108317, 2022.
View at: Publisher Site | Google Scholar
H. Rong, Z. Wang, H. Jiang, X. Zhu, and F. Zeng, “Energy-aware clustering and routing in infrastructure failure areas with D2D communication,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8645–8657, 2019.
View at: Publisher Site | Google Scholar
H. Ng, M. Sim, and C. Tan, “Security issues of wireless sensor networks in healthcare applications,” BT Technology Journal, vol. 24, no. 2, pp. 138–144, 2006.
View at: Publisher Site | Google Scholar
M. Mambo, K. Usuda, and E. Okamoto, “Proxy signatures: delegation of the power to sign messages,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science, vol. 79, no. 9, pp. 1338–1354, 1996.
View at: Google Scholar
L. He, J. Ma, L. Shen, and D. Wei, “Certificateless designated verifier proxy signature scheme for unmanned aerial vehicle networks,” Science China Information Sciences, vol. 64, no. 1, 2021.
View at: Publisher Site | Google Scholar
M. Zheng, K. Xue, S. Li, and N. Yu, “A practical quantum designated verifier signature scheme for E-voting applications,” Quantum Information Processing, vol. 20, no. 7, pp. 1–22, 2021.
View at: Publisher Site | Google Scholar
J. Wei, G. Yang, and Y. Mu, “Designated verifier proxy re-signature for deniable and anonymous wireless communications,” Wireless Personal Communications, vol. 97, no. 2, pp. 3017–3030, 2017.
View at: Publisher Site | Google Scholar
W. M. Shi, S. Wang, Y. M. Wang, Y. H. Zhou, and Y. G. Yang, “A scheme on converting quantum deniable authentication into universal quantum designated verifier signature,” Optik, vol. 190, pp. 10–20, 2019.
View at: Publisher Site | Google Scholar
H. Singh and G. K. Verma, “ID-based proxy signature scheme with message recovery,” Journal of Systems and Software, vol. 85, no. 1, pp. 209–214, 2012.
View at: Publisher Site | Google Scholar
P. Thorncharoensri, W. Susilo, and J. Baek, “Aggregatable certificateless designated verifier signature,” IEEE Access, vol. 8, pp. 95019–95031, 2020.
View at: Publisher Site | Google Scholar
L. Shen, J. Ma, X. Liu, F. Wei, and M. Miao, “A secure and efficient ID-based aggregate signature scheme for wireless sensor networks,” IEEE Internet of Things Journal, vol. 4, no. 2, pp. 546–554, 2017.
View at: Publisher Site | Google Scholar
K. A. Shim, “Short designated verifier proxy signatures,” Computers and Electrical Engineering, vol. 37, no. 2, pp. 180–186, 2011.
View at: Publisher Site | Google Scholar
H. Y. Lin, T. S. Wu, and S. K. Huang, “An efficient strong designated verifier proxy signature scheme for electronic commerce,” Journal of Information Science and Engineering, vol. 28, no. 4, pp. 771–785, 2012.
View at: Google Scholar
I. K. Verma, B. B. Singh, and H. Singh, “Bandwidth efficient designated verifier proxy signature scheme for healthcare wireless sensor networks,” Ad Hoc Networks, vol. 81, no. 12, pp. 100–108, 2018.
View at: Publisher Site | Google Scholar
X. Hu, W. Tan, H. Xu, and J. Wang, “Short and provably secure designated verifier proxy signature scheme,” IET Information Security, vol. 10, no. 2, pp. 69–79, 2016.
View at: Publisher Site | Google Scholar
G. K. Verma, B. Singh, and H. Singh, “Provably secure message recovery proxy signature scheme for wireless sensor networks in e-healthcare,” Wireless Personal Communications, vol. 99, no. 1, pp. 539–554, 2018.
View at: Publisher Site | Google Scholar
R. Parvin, B. Mehdi, D. Mohammad, and S. Willy, “Universal designated verifier signature scheme with non-delegatability in the standard model,” Information Sciences, vol. 479, pp. 321–334, 2019.
View at: Publisher Site | Google Scholar
B. Kang, C. Boyd, and E. Dawson, “Identity-based strong designated verifier signature schemes: attacks and new construction,” Computers and Electrical Engineering, vol. 35, no. 1, pp. 49–53, 2009.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Yuping Zhou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies