Lightweight Heterogeneous Signcryption for SDN-IoT Authentication and Access Control
DOI:
https://doi.org/10.29304/jqcsm.2026.18.22997Keywords:
software defined networking, Internet of Things,, Access control, authentication, Heterogeneous Computing, cryptographyAbstract
In modern software defined networking environments, the number of Internet of Things (IoT) devices is rapidly increasing, rendering critical security threats such as authentication and secure communication between heterogeneous cryptographic domains. Most of the existing signcryption schemes are designed in a homogenous cryptographic environment and do not fulfill the needs of interoperability between resource-constraint IoT devices and powerful SDN controllers. This paper presents a new lightweight heterogeneous signcryption scheme facilitating secure bidirectional communication between CLC based IoT devices and IBC based SDN controllers. Our scheme achieves 128-bit security based on elliptic curve cryptography over the secp256r1 curve, and has no computational overhead of bilinear pairings. We provide a complete implementation for Ryu SDN framework, interfaced with Mininet network emulation, illustrating the feasibility of practical deployment. We conduct a comprehensive performance evaluation to demonstrate a throughput of 226.9 ops/s (Signcryption) and up to 2,156.4 ops/s for Optimized Unsigncryption, with linear scalability for more than 100 IoT devices. Formal security analysis through ProVerif confirms that the scheme fulfills confidentiality, authentication, and integrity properties in accordance with the Dolev-Yao attacker model. We also provide mathematical security proofs of IND-CCA2 security and EUF-CMA unforgeability with respect to the Elliptic Curve Discrete Logarithm Problem (ECDLP) and Computational Diffie-Hellman (CDH) assumptions in the Random Oracle Model.
Downloads
References
Rahdari, A., Jalili, A., Esnaashari, M., Gheisari, M., Vorobeva, A. A., Fang, Z., Sun, P., Korzhuk, V. M., Popov, I., Wu, Z., & Tahaei, H. (2024). "Security and Privacy Challenges in SDN-Enabled IoT Systems: Causes, Proposed Solutions, and Future Directions." Computers, Materials & Continua 80.2 (2024). https://doi.org/10.32604/cmc.2024.052994
Statista Research Department, "Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2030," Statista, 2024. [Online]. Available: https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
Shamir, A. "Identity-based cryptosystems and signature schemes," in Advances in Cryptology—CRYPTO '84, vol. 196, pp. 47–53, 1985. doi: 10.1007/3-540-39568-7_5
Boneh, D., & Franklin, M. "Identity-based encryption from the Weil pairing," in Advances in Cryptology—CRYPTO 2001, vol. 2139, pp. 213–229, 2001. doi: 10.1007/3-540-44647-8_13
Al-Riyami, S. S., & Paterson, K. G. "Certificateless public key cryptography," in Advances in Cryptology—ASIACRYPT 2003, vol. 2894, pp. 452–473, 2003. doi: 10.1007/978-3-540-40061-5_29
Li, F., Han, Y., & Jin, C. "Practical signcryption for secure communication of wireless sensor networks," Wireless Personal Communications, vol. 89, no. 4, pp. 1391–1412, 2016. doi: 10.1007/s11277-016-3327-4
Zhang, L., Wu, Q., Qin, B., & Domingo-Ferrer, J. "Identity-based authenticated asymmetric group key agreement protocol," in Computing and Combinatorics (COCOON 2010), vol. 6196, pp. 510–519, 2010. doi: 10.1007/978-3-642-14031-0_54
Zhou, C. "Certificateless signcryption scheme without random oracles," Chinese Journal of Electronics, vol. 27, no. 5, pp. 1002–1008, 2018. doi: 10.1049/cje.2018.06.002
Karati, A., Islam, S. H., & Karuppiah, M. "Provably secure and lightweight certificateless signature scheme for IIoT environments," IEEE Trans. Ind. Informat., vol. 14, no. 8, pp. 3701–3711, Aug. 2018. doi: 10.1109/TII.2018.2794991
Zheng, Y., "Digital signcryption or how to achieve cost(signature & encryption) << cost(signature) + cost(encryption)," in Advances in Cryptology—CRYPTO '97, vol. 1294, pp. 165–179, 1997. doi: 10.1007/BFb0052234
Koblitz, N. "Elliptic curve cryptosystems," Mathematics of Computation, vol. 48, no. 177, pp. 203–209, 1987. doi: 10.1090/S0025-5718-1987-0866109-5
Miller, V. S. "Use of elliptic curves in cryptography," in Advances in Cryptology—CRYPTO '85, pp. 417–426, 1986. doi: 10.1007/3-540-39799-X_31
Blanchet, B. "Modeling and verifying security protocols with the applied pi calculus and ProVerif," Foundations and Trends in Privacy and Security, vol. 1, no. 1–2, pp. 1–135, 2016. doi: 10.1561/3300000004
Dolev, D., & Yao, A. "On the security of public key protocols," IEEE Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208, Mar. 1983. doi: 10.1109/TIT.1983.1056650
Kreutz, D., Ramos, F. M. V., Veríssimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. "Software-defined networking: A comprehensive survey," Proc. IEEE, vol. 103, no. 1, pp. 14–76, Jan. 2015. doi: 10.1109/JPROC.2014.2371999
Ahmad, I., Namal, S., Ylianttila, M., & Gurtov, A. "Security in software defined networks: A survey," IEEE Commun. Surveys Tuts., vol. 17, no. 4, pp. 2317–2346, 2015. doi: 10.1109/COMST.2015.2474118
Scott-Hayward, S., Natarajan, S., & Sezer, S. "A survey of security in software defined networks," IEEE Commun. Surveys Tuts., vol. 18, no. 1, pp. 623–654, 2016. doi: 10.1109/COMST.2015.2453114
Ferrag, M. A., Maglaras, L., Arber, A., Kosmanos, D., & Janicke, H. "Authentication protocols for Internet of Things: A comprehensive survey," Security and Communication Networks, vol. 2017, pp. 1–41, 2017. doi: 10.1155/2017/6562953
Wazid, M., Das, A. K., Odelu, V., Kumar, N., & Susilo, W. "Secure remote user authenticated key establishment protocol for smart home environment," IEEE Trans. Dependable Secure Comput., vol. 17, no. 2, pp. 391–406, 2020. doi: 10.1109/TDSC.2017.2764083
Challa, S., Wazid, M., Das, A. K., Kumar, N., Reddy, A. G., Yoon, E. J., & Yoo, K. Y. "Secure signature-based authenticated key establishment scheme for future IoT applications," IEEE Access, vol. 5, pp. 3028–3043, 2017. doi: 10.1109/ACCESS.2017.2676119
Baek, J., Steinfeld, R., & Zheng, Y. "Formal proofs for the security of signcryption," J. Cryptology, vol. 20, no. 2, pp. 203–235, 2007. doi: 10.1007/s00145-007-0211-0
Malone-Lee, J. "Identity-based signcryption," Cryptology ePrint Archive, Report 2002/098, 2002. [Online]. Available: https://eprint.iacr.org/2002/098
Hankerson, D., Menezes, A. J., & Vanstone, S. Guide to Elliptic Curve Cryptography. New York, NY, USA: Springer, 2004.
Li, F., Shirase, M., & Takagi, T. "Certificateless hybrid signcryption," Math. Comput. Model., vol. 57, no. 3–4, pp. 324–343, 2013. doi: 10.1016/j.mcm.2012.06.011
Huang, Q., Wong, D. S., & Yang, G. “Heterogeneous signcryption with key privacy,” The Computer Journal, vol. 54, no. 4, pp. 525–536, 2011, doi: 10.1093/comjnl/bxq095.
Jin, C., Zhu, H., Qin, W., Chen, Z., Jin, Y., & Shan, J. “Heterogeneous online/offline signcryption for secure communication in Internet of Things,” Journal of Systems Architecture, vol. 127, 2022, Art. no. 102522, doi: 10.1016/j.sysarc.2022.102522.
Hou, Y., Huang, X., Chen, Y., Kumar, S., & Xiong, H. "Heterogeneous signcryption scheme supporting equality test from PKI to CLC toward IoT." Transactions on Emerging Telecommunications Technologies 32.8 (2021): e4190.
Certicom Research, “SEC 2: Recommended Elliptic Curve Domain Parameters,” Version 2.0, Standards for Efficient Cryptography Group (SECG), Sep. 2000. [Online]. Available: https://www.secg.org/sec2-v2.pdf
Pointcheval, D., & Stern, J. "Security arguments for digital signatures and blind signatures," J. Cryptology, vol. 13, no. 3, pp. 361–396, 2000. doi: 10.1007/s001450010003
Ryu SDN Framework Community, "Ryu SDN Framework," 2023. [Online]. Available: https://ryu-sdn.org/
Lantz, B., Heller, B., & McKeown, N. "A network in a laptop: Rapid prototyping for software-defined networks," in Proc. ACM SIGCOMM Workshop Hot Topics in Networks, pp. 1–6, 2010. doi: 10.1145/1868447.1868466
Open Networking Foundation, "OpenFlow Switch Specification Version 1.3.0," Jun. 2012. [Online]. Available: https://opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.3.0.pdf
Shamir, A. "How to share a secret," Commun. ACM, vol. 22, no. 11, pp. 612–613, Nov. 1979. doi: 10.1145/359168.359176
Boldyreva, A., Goyal, V., & Kumar, V. "Identity-based encryption with efficient revocation," in Proc. ACM CCS, pp. 417–426, 2008. doi: 10.1145/1455770.1455823
Goyal, V., Pandey, O., Sahai, A., & Waters, B. "Attribute-based encryption for fine-grained access control of encrypted data," in Proc. ACM CCS, pp. 89–98, 2006. doi: 10.1145/1180405.1180418
Yu, H., & Bai, L. “Post-quantum blind signcryption scheme from lattice,” Frontiers of Information Technology & Electronic Engineering, vol. 22, pp. 891–901, 2021. DOI: https://doi.org/10.1631/FITEE.2000099
Meier, S., Schmidt, B., Cremers, C., & Basin, D. "The TAMARIN prover for the symbolic analysis of security protocols," in Proc. CAV, pp. 696–701, 2013. doi: 10.1007/978-3-642-39799-8_48
Saeed, M. E. S., Liu, Q., Tian, G., Gao, B., & Li, F. "HOOSC: heterogeneous online/offline signcryption for the internet of things." Wireless networks 24.8 (2018): 3141-3160.
Niu, S., Li, Z., Tian, M., Wang, C., & Jia, X. "An efficient heterogeneous signcryption scheme from certificateless to identity-based cryptosystem." MATEC Web of Conferences. Vol. 139. EDP Sciences, 2017.
Kasyoka, P. N., & Omala, A. A. "Practical Heterogeneous Pairing-Free Signcryption Scheme for Internet of Medical Things Communications with Edge Computing." Medinformatics 1.4 (2024): 202-210.
Rehman, M., Khattak, H., Alzahrani, A. S., Ullah, I., Adnan, M., Ullah, S. S., Amin, N. U., Hussain, S., & Khattak, S. J. "A Lightweight Nature Heterogeneous Generalized Signcryption (HGSC) Scheme for Named Data Networking‐Enabled Internet of Things." Wireless Communications and Mobile Computing 2020.1 (2020): 8857272.
Python Cryptographic Authority, “cryptography: A Python library for cryptographic recipes and primitives,” Version 41.0.0, 2023. [Online]. Available: https://cryptography.io/. Accessed: Jan. 2026.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Fahad Naim Nife, Bilal Majeed Abdulridha Al-Latteef
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
