Find in Library

Malicious certificate authorities (CAs) pose a significant threat to the security of the Internet of Things (IoT). Existing CA auditing schemes primarily rely on passive detection and public data collection, lacking real-time and comprehensive monitoring. In this paper, we propose a novel double-authentication preventing signature scheme based on an SM2 algorithm, referred to as <span style="font-variant: small-caps;">Dap</span>-SM2. We further enhance its functionality by introducing <span style="font-variant: small-caps;">Self</span>-C2AD, a CA auditing mechanism with self-enforcement. In our proposed mechanism, any malicious CA that generates two certificates with different descriptions (such as public key and basic information) for the same IoT device will immediately lose its private key. To ensure the security of our proposed scheme, we provide a detailed security analysis of <span style="font-variant: small-caps;">Dap</span>-SM2. The analysis demonstrates that our <span style="font-variant: small-caps;">Self</span>-C2AD mechanism meets the necessary security requirements, offering robust protection against malicious CAs. Additionally, we conduct an efficiency evaluation and present experimental data to illustrate the promising potential of our construction for future IoT applications. By introducing the <span style="font-variant: small-caps;">Dap</span>-SM2 scheme and the <span style="font-variant: small-caps;">Self</span>-C2AD mechanism, we address the critical issue of malicious CAs in the IoT domain. Our approach provides real-time and comprehensive auditing capabilities, surpassing the limitations of existing schemes. The security analysis confirms the effectiveness of <span style="font-variant: small-caps;">Dap</span>-SM2, while the efficiency evaluation and experimental data demonstrate its suitability for practical IoT applications. In summary, our work presents a novel solution to combat the threat of malicious CAs in the IoT context. The <span style="font-variant: small-caps;">Dap</span>-SM2 scheme, coupled with the <span style="font-variant: small-caps;">Self</span>-C2AD mechanism, offers enhanced security and real-time auditing capabilities. The security analysis validates the robustness of our approach, while the efficiency evaluation and experimental data showcase its potential for future IoT deployments.