Efficient and Fine-grained Signature for IIoT with Resistance to Key Exposure

Attribute-based signature (ABS) can provide fine-grained and anonymous authentication for the industrial Internet of Things (IIoT). However, key exposure and the computational performance bottleneck of resource-constrained devices raise a challenge to the IIoT-oriented ABS schemes. To confront the above challenge, this paper proposes an intrusion-resilient server-aided attribute-based signature (IR-SA-ABS) scheme. This scheme designs to periodically update the signing key with the assistance of a helper device, and the signing key is refreshed for multiple rounds aperiodically within each time period under the supervision of the helper device. In this way, the system remains secure even if both the helper device and the signing device are compromised. During this process, we significantly reduce the computational overheads of resource-constrained devices by delegating all of the key update and refresh operations and most of the signature generation and verification operations to a powerful server. Subsequently, we present the rigorous security proof of IR-SA-ABS. The comparison and experiment demonstrate the efficiency and practicality of IR-SA-ABS in the IIoT scenario.