I Introduction
Today, the development of wireless networks (such as WiMAX, ad hoc, and sensor networks) has attracted worldwide attention by providing more convenient communication services. As an emerging paradigm, Internet of Vehicles (IoV) [1]
is evolving from Vehicular Ad hoc Networks (VANETs). It merges vehicles, infrastructure, human and networks to an intelligent unit that is more efficient compared with VANETs. Moreover, IoV adopts different kinds of technologies (e.g. selforganization, deep learning and cloud computing) to improve the network survivability and reliability.
In recent years, lots of works [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14] have been proposed to the reliability, flexibility, survivability, and security of wireless networks. To better understand IoV, many researchers have raised several reference models: the threelevel model [15], the fourlevel model [16], and the fivelevel model [17]. Combining the merits of these models, we propose a comprehensive model for IoV, as shown in Fig. 1.
Nowadays, IoV is playing an important role in smart city. It has made the traffic more efficient [18]. Nevertheless, for the intrinsic features of IoV, it has to face lots of challenges about the network survivability. Security and performance are two key factors of affecting the network survivability. When an malicious attacker uploads wrong information such as fake accident message, it may cause traffic control center to make incorrect decisions. So it is important to verify all of the uploaded data to enhance the survivability of IoV. However, the burden of collecting the monitoring data from different sources (such as vehicle s sensors, infrastructures, smart terminals, and so on) may increase with vehicles, and affect the transmission efficiency. In order to enhance the network survivability and prevent the data from being falsified, the protection and verification mechanisms should be considered [19, 20]. Aggregate Signature (AS) is a suitable cryptographic primitive to batch verify big data in IoV scenarios, because it can merge n signatures on n different messages into a single short signature. Thereby, it is deployed in MDBV to improve the survivability and performance of IoV.
In 2003, Boneh et al. proposed the first AS scheme [21]. Following the original work, many aggregate schemes over different public key cryptosystems have been proposed. These schemes are widely used in vehicular communications, mobile networks, and other resourceconstrained scenarios [22].
The main contribution of our paper is summarized as follows:

A CLASbased monitoring data batch verification scheme with lower computation and communication overhead is proposed to enhance the survivability of IoV scenarios.

A state information is introduced for vehicles to join or leave the system dynamically. Once knowing the state information, vehicles can generate their data authentication information independently.

The security properties of MDBV are proved in detail, assuming the hardness of the CDH problem, even though the super adversary launches the adaptivechosenmessage attack and adaptivechosenidentity attack.

The performance evaluation indicates that MDBV achieves the less overhead in the phase of individual monitoring data signing and batch verification among these selected schemes, which is more compatible and preferred by vehicles and the data center respectively.
The remainder of this paper is organized as follows. Section II introduces the related work about aggregate signature. Some preliminaries are briefly introduced, involving bilinear pairing and security model in section III. In section IV, the proposed scheme MDBV is described in detail. Then, we analyze the security of MDBV in section V. The next section evaluates the performance of MDBV. Conclusion of this paper is drawn in section VII.
Ii Related Work
Cheon et al. [23] proposed the first IDbased AS scheme in 2004. In 2007, Gong et al. [24] introduced a certificateless aggregate signature to solve the key escrow problem of IDPKC. They constructed two specific schemes using bilinear mapping that can resist to two types of attackers. Nevertheless, the size of the aggregated signature was related to user number. Since the merits of CLPKC, soon afterwards, many CLAS schemes [25, 26, 27, 28, 29, 30, 31, 32] were proposed. In [25], the authors designed an efficient CLAS scheme that required short group elements in aggregation phase and constant pairing operations in batch verification phase, whereas it cannot achieve unforgeability. Though the size of the aggregated signature was independent of the number of signers, the scheme in [26] required the participants to negotiate a new status information to generate an individual signature every time. In [27], the scheme was more efficient than the schemes in [24, 26]. Unfortunately, it was proved to be insecure in the case of Type II adversary in [32]. To address the above issues, we propose an improved CLAS for our batch verification scheme.
Iii Preliminaries
To better understand our scheme, we introduce some preliminaries about the properties of bilinear pairings and the security model of MDBV.
Iiia Bilinear Pairings
Definition 1. Bilinear Pairings: and are two groups with same prime order . We utilizes a bilinear pairing to indicate the relation of two groups, and it has the following properties:

Bilinearity: We have , where , , random number , ;

Nondegeneracy: There exists , , such that ;

Computability: There is an efficient algorithm to compute for any , .
Definition 2. Computational DiffieHellman (CDH) Problem: Given for any , , output .
IiiB Security Model of MDBV
According to the definition in [33], adversaries are divided into three types: normal, strong, and super adversaries based on the different abilities of accessing signature oracles. The normal attacker is able to replace the public key of target user without obtaining his/her signature. The strong adversary can not obtain the target signer’s signature unless a challenger knows the secret value associated with a replaced public key. The super adversary can also obtain the target user’s signature even if the challenger doesn’t know the secret value. Obviously, the super adversary has the strongest attack power. Thus, we assume there are two types of super adversaries in the proposed scheme: and . is able to replace any user’s public key and get valid message signature pairs, while can replace any user’s public key except the target user. Here, we utilize the security model in [33] to prove the security of MDBV. Our scheme is proved to be secure against and .
Iv An Efficient Monitoring Data Batch Verification for Survivability of Internet of Vehicles
Vehicles can gather a large number of monitoring data from their own sensors, other vehicles, infrastructure and so on, then they uploads the data to IoV data center. Therefore, when the number of vehicles is increasing, it has been a key challenge for IoV to make sure the timeliness and validity of the massive sensing data. So, we design an efficient monitoring data batch verification scheme for the survivability of IoV. To facilitate understanding, the relevant notations are listed in Table I.
Iva Design Objectives
With the increasing of vehicles, the burden of authentication becomes heavier. To address this problem, we propose an efficient method for verifying masses of data in IoV. It can provide batch verification of monitoring data based on an improved certificateless aggregate scheme. The network architecture of MDBV is shown in Fig. 2, which contains Key Generation Center (KGC), vehicles, roadside units and IoV data center. The KGC is responsible for generating the cryptographic keys of all entities in IoV.
Notations  Description 
KGC  A key generation center 
The number of vehicles  
The identity of vehicle  
The state information  
A generator in cyclic group  
The order of cyclic group  
A cyclic additive group  
A cyclic multiplicative group  
A bilinear map  
A MapToPoint hash function  
A secure hash function  
The KGC’s public key and system parameters  
The KGC’s master secret key  
The public key and private key of vehicle  
The aggregated signature 
IvB Monitoring Data Batch Verification Scheme
Our scheme mainly consists of five algorithms: System Setup, Registration, Individual Monitoring Data Signing, Aggregation, and Batch Verification. A state information with random length is introduced to improve security. When a vehicle enters a new area, it chooses the appropriate and broadcasts it. The following is the detailed steps:

System Setup: KGC performs the following steps to initialize the system:

Given the security parameter , KGC creates a cyclic additive group and a cyclic multiplicative group with prime order , and generates a bilinear map .

KGC selects a random as the system master key, and keeps in secret. Next, it computes its public key .

KGC chooses two hash functions , . Finally, KGC publishes the system parameters .


Registration: Upon receiving a registration request from a vehicle , KGC calculates and sets the partial private key for the vehicle. Then, the vehicle picks randomly a number , and calculates , then sets and as its secret value and public key, respectively. is its whole private key. Finally, KGC returns to IoV data center via a secure channel.

Individual Monitoring Data Signing: Before uploading the collected monitoring data to RSU, vehicles can preprocess the data and filter irrelevant information to reduce the network traffic. Then, based on the common state information , vehicle with identity signs a requested monitoring using its private key as follows:

Choose a number at random and calculate , , ;

Compute . Here, ;

Send to RSU. Here, is the individual verification information on .


Aggregation: Upon receiving a large number of data with individual verification information, RSU converges a collection of messages with the same state information . For vehicles with identities , the public keys are and the corresponding datasignature pairs are , respectively. RSU computes , and sets as the aggregated signature. Eventually, RSU forwards all data with the single verifiable signature to the data center.

Batch Verification: To check the validity of the final signature on uploaded monitoring data, the IoV data center does as follows:

Calculate ;

Calculate , , for all ,;

Verify the equation . If it holds, the uploaded data is valid. Otherwise, the data center refuses to accept these data.

Fig. 3 indicates the flowchart of MDBV.
IvC Correctness
The correctness of MDBV is proved as follows:
For individual verification: We can verify the individual data via the following equation:
For batch verification: From above, we have the following equation:
V Security Analysis
The security analysis of MDBV is given in this section, including security proof and security property.
Va Security Proof
To prove the existential unforgeability of MDBV, we introduce two types of super adversaries and to play the games with a challenger respectively.
Theorem 1. MDBV is existential unforgeable against the adversaries in ROM assuming the hardness of CDHP.
Proof: is a challenger try to solve a random CDH instance . Adversary can help achieve this goal in the following games.
Setup: sets and , and returns to .
Simulation: and are two hash functions. Meanwhile, keeps two lists and . can adaptively perform the following queries.

Registerquery: first randomly chooses , then makes Registerquery on an identity . If , picks at random, where the tuple is not in , and computes , , ; Otherwise, randomly chooses , , and sets , . Then, inserts to and returns and as the answer.

PartialPrivateKeyquery: makes a query on an identity . When , scans , and responds to . Otherwise, aborts.

PublicKeyReplacequery: asks a question on , scans , replacing with .

SecretValuequery: asks a question on an identity . first searches , if , it sends to ; Otherwise, it sends .

query: can make a query on . If the tuple is not in , chooses . Then, it sets , and sends it to . Finally, will be added to .

query: asks a question on any . If contains tuples or , chooses or . Then, it returns or to and inserts the tuple to .

IndividualSigningquery: makes a signing query on any , does as follows:

Select randomly, while and are not in .

Compute .

Search in and compute .
stores the above information in the relevant lists and sends to . , is valid, since


Forgery: Finally, returns vehicles, whose identities are and corresponding public keys are , monitoring data , a same state information , and a forged aggregate signature . Moreover, the aggregate signature must satisfy the following conditions:

.

There exists at least an identity has not made PartialPrivateKeyquery and IndividualSigningquery on .
According to Forking lemma [34], can forge a new signature through replaying technology with the same random tape but a different response to . In this process, if , ; otherwise, . Hence, we have the following equations:
If , meaning , calculates and sets as the solution of CDHP; otherwise, it aborts.

Through the analysis on the attack of adversary , we can also deduce Theorem 2 in the similar way.
Theorem 2. MDBV is existentially unforgeable against the adversaries in ROM assuming the intractability of CDHP.
Proof: plays the same role as in Theorem 1. Adversary can help to solve the CDH problem.
Setup: randomly selects a number as the system secret key and calculates its public key . Then, it sends to .
Simulation: can adaptively question all the following queries except PartialPrivateKeyquery. holds two lists and .

Registerquery: first randomly picks , then can make a Registerquery on an identity . picks at random, where does not exist in . If , calculates , ; otherwise, computes , and sets . Then, inserts the tuple to and returns and as answer.

PublicKeyReplacequery: makes a query on , then checks it in and does as follows:

If , performs a public key replacement. Namely, replaces with ;

If , aborts.


SecretValuequery: can query on any . Then, checks it in and does as follows:

If and , returns to . Otherwise, it outputs ;

If , aborts.


query: can ask a question on . chooses . Next, it computes , and sends it to . Finally, will be inserted to .

query: queries on an identity , picks or . Then, it sends or to and inserts or to .

IndividualSigningquery: makes a signing query on any , does as follows:

Select randomly, while and are not in .

Compute .

Search in and compute .
stores the above information to the relevant lists and sends to . According to the equation and the individual signing verification algorithm, we can check if , is valid, since


Forgery: Finally, returns vehicles, whose identities are and corresponding public keys are , monitoring data , a same , and a forged that satisfies the following cases:

.

There is at least an identity , which has not made IndividualSigningquery on .
Here, according to Forking lemma, can forge a new signature using replaying technology. In this process, if , ; otherwise, . Hence, we have the following equations:
Then the below equation is obtained.
If , then and . could solve the CDHP by computing according to the above equation. Otherwise, it aborts.

Schemes  GLHC[24]1  GLHC[24]2  ZQWZ[26]  XGCL[27]  CWZY[28]  DHW[29]  LYX[35]  YZW[36]  MDBV  
Adversary  Normal  
Strong  
Super  
Security Property  weak  weak  strong  strong  strong  weak  strong  strong  strong  
Adversary  Normal  
Strong  
Super  
Security Property  weak  weak  weak  weak  strong  weak  weak  weak  strong 
VB Security Property
We have the security property comparison of our scheme with the existing schemes [24, 26, 27, 28, 29, 35, 36] in this part. As shown in Table II, the schemes in [29, 35] can only resist the normal adversary and , and their security is weak. Also, the schemes [24]1 and [24]2 have weak security property though they have the resistance to the strong adversary and the normal adversary . Meanwhile, although the resistance to the first type of adversary is stronger in [26, 36], both of them can’t resist the second normal adversary (). Moreover, the scheme in [27] can resist the super adversary but it is not strong enough to resist the second super adversary (). From Theorem 1 and Theorem 2, MDBV can resist both two types of super adversaries and , it achieves better security property compared with other schemes.
Vi Performance Evaluation
In this section, we compare MDBV with several existing schemes [26, 28, 29, 30] in terms of performance evaluation. The details are as follows:
Via Computation Overhead
We set up a simulation environment to evaluate the computation costs. Firstly, we test the performance in terms of computation and then closely compare MDBV with its nonaggregate mode, named unAgg mode, and other four schemes. In unAgg mode, all data is verified by RSU one by one. Then, we analyze the computation efficiency of all schemes.
Schemes  Signing  Batch verification  Length 
ZQWZ[26]  
CWZY[28]  
DHW[29]  
CTMHH[30]  
unAgg mode  
MDBV 
Table III shows the computation complexity among the selected schemes. Let “” denote the bilinear pairing in , “” denote multiplication in , “” denote the MapToPoint operation, and “” denote the length of the elements in . From Table III, MDBV only involves three “” and one “” in the individual signing stage, and requires less computation complexity than the other schemes in the phase of batch verification. Moreover, we find that all except for the scheme in [28] have the fixed length of the batch verification signature—. We will describe the trend of computation overheads with the number of vehicles in the following part.
ViA1 Platform setup
In order to measure the computation overhead of the selected schemes, we set Raspberry Pi 3B+ as the hardware environment that runs Raspbian GNU/Linux 8.0 (jessie) over Broadcom BCM2837 64 Bit ARMv7 Quad Core 1.2GHz Processor with 1GB 400MHz SDRAM. The simulation is implemented based on the GNU Multiple Precision Arithmetic (GMP) library and Pairing Based Cryptography (PBC) library. The elliptic curve is , in which the pairing operation is symmetric and the embedding degree k is 2. We run each scheme 1000 times to eliminate the randomness of the results.
ViA2 Simulation results and analysis
There are three brief kinds of cryptographic operations causing major computation overhead in these schemes: “”, “”, and “” operations. Table IV shows that the time consumption of the three basic cryptographic operations. The time consumption on individual data signing is shown in Table V.
Operations  Multiplication  MapToPoint  Pairing 
Time(ms)  10.087  23.417  15.063 
Schemes  Time consumption (ms) 
ZQWZ[26]  122.529 
CWZY[28]  88.571 
DHW[29]  87.664 
CTMHH[30]  88.978 
MDBV  54.324 
We can easily calculate the time consumption of the “Individual monitoring data signing” stage and the “Batch verification” stage based on the running time of the three basic cryptographic operations. Fig. 4(a) shows that MDBV takes less computation overhead with the increasing number of vehicles than the other schemes [26, 28, 29, 30] in the individual data signing stage. And, it also requires less time overhead on batch verification than the other four selected schemes from Fig. 4(b). Meanwhile, the efficiency of batch verification in MDBV is much higher than that in unAgg mode.
ViB Communication Overhead
To evaluate the communication overhead, we mainly analyze the message size in the communication process between RSU and IoV data center.
A point on an elliptic curve is represented by coordinates over a finite field . Once a coordinate or is given, the point on a specific elliptic curve, such as , can be easily constructed. Thus, when a vehicle tries to send a point , it only needs to transmit the single coordinate or to reduce the communication overhead. Meanwhile, because the group order is 160 bits long and the order of the base field is 512 bits long over the elliptic curve, the length of point is 512 bits or 64 bytes.
In MDBV, the signature of vehicle consists of two points on the elliptic curve. We use to denote the length of . And, we utilize a similar approach in [37, 38, 39] to calculate the message size of MDBV, assuming that is 160 bits. So, in MDBV, the total communication overhead for a signed data is 148 bytes, as bytes. If we adopt other supersingular elliptic curves, like the scheme in [40], the total communication overhead will be reduced to 60 bytes, as bytes.
On account that all schemes have the same traffic between vehicles and RSU, we mainly analyze the communication overhead between RSU and IoV data center. Fig. 6(a) shows the comparison on communication overhead in different schemes. Among these schemes, MDBV has a fixed length of (a constant) for data verification, as shown in Table III. Therefore, the length of authentication message in ZQWZ [26], DHW [29], CTMHH [30] and MDBV is . It is far shorter than that of CWZY[28] and unAgg mode.
ViC Energy Cost
In this subsection, we connect a kind of mote with Raspberry Pi 3B+ via USB interface to simulate the communication between RSU and the data center, as shown in Fig. 5, which is built upon an 8bit ATmega128L processor with a Chipcon CC2420 radio transceiver. To evaluate the total energy overhead, we calculate the computation energy overhead on Raspberry Pi 3B+ and the communication energy overhead on the mote. By deploying asynchronous counters, we can record the start and end time for the corresponding operation with the precision of 1 millisecond.
Mode  Current consumption (mA) 
Transmitting  17.4 
Receiving  19.7 
Meanwhile, according to the method in [41], we record the size of a message to transmit or receive on the mote. Then, we transfer it into the communication energy consumption via the equation: , as shown in Table VI. Here, “” represents the energy magnitude, “” represents the power level of the mote, “” represents the current mode of the mote, and “” represents the size of a message (in bits), “” represents the the data rate. Moreover, the data rate is 250 kbps, and we assume the power level of the mote is 3.0V. In addition, we can compute the computation energy overhead through the equation: . Here, “” represents the energy magnitude, “” represents the power level of the Raspberry Pi 3B+, “” represents the current of the Raspberry Pi 3B+, and “” represents the time of an operation. Here, we assume that the power level of the Raspberry Pi 3B+ is 5.0V, the current is 1.0A. Then, we obtain the computation energy overhead. Eventually, we analyze the total energy overheads of MDBV as follows:
ViC1 Rsu

Energy cost on computation: RSU only make simple aggregation operations, so its energy cost can be ignored;

Energy cost on communication: According to [42], we used a packet size of 41 bytes, 32 bytes for the payload and 9 bytes for the header. The header, ensuing a 8byte preamble, consists of source, destination, length, packet ID, CRC, and a control byte. Thus, we can calculate the RSU’s communication consumption for data transmission on the mote as ;

Total energy cost: The total energy overhead for each member node on the mote is .
ViC2 Data Center

Energy cost on computation: The time of verifying a message in MDBV is 113.375 ms, so it requires ;

Energy cost on communication: The data center receives a message with the length of from RSU. Here, denotes the number of vehicles, and we assume bytes. For simplification of comprehension, we set and respectively, and then calculate communication consumption (namely, ) for receiving message in side of data center, as follows: , and ;

Total energy cost: we set , so the total energy of the data center on the mote is .
From the above results, the energy consumption on communication in RSU and data center is both insignificant, compared with the overhead on computation. So, the computation complexity mainly determines the performance of a scheme. Next, assuming bits, we evaluate the total energy overhead in these schemes, as shown in Fig.6(b). Consequently, we find that MDBV minimizes energy consumption and achieves the best performance among all the selected schemes.
For all above, our scheme achieves quick data authentication and strengthens the security and survivability of IoV. It is more suitable for realistic IoV scenarios.
Vii Conclusion
In this paper, we design a CLASbased monitoring data batch verification scheme for IoV scenarios–MDBV that enhances the survivability and reduces the computation overhead effectively. The scheme is proved to be secure in the random oracle model under the hardness of CDHP. Furthermore, MDBV has the fixed length of the aggregated authentication message with the increasing number of vehicles. Each vehicle can dynamically participate in the system using own information and public system parameter. Moreover, the performance evaluation shows that the computation overhead, communication overhead, and energy cost of the proposed scheme are less than the other relevant schemes. MDBV is more suitable for the survivability of IoV.
References
 [1] M. Gerla, E. K. Lee, G. Pau, and U. Lee, “Internet of Vehicles: From intelligent grid to autonomous cars and vehicular clouds,” in Proc. of IEEE World Forum on Internet of Things (WFIoT), 2014, pp. 241–246.
 [2] E. Ahmed, I. Yaqoob, A. Gani, M. Imran, and M. Guizani, “InternetofThingsbased smart environments: state of the art, taxonomy, and open research challenges,” IEEE Wireless Communications, vol. 23, no. 5, pp. 10–16, 2016.
 [3] A. Mosenia and N. K. Jha, “A comprehensive study of security of InternetofThings,” IEEE Transactions on Emerging Topics in Computing, vol. 5, no. 4, pp. 586–602, 2017.
 [4] Y. Mehmood, F. Ahmad, I. Yaqoob, A. Adnane, M. Imran, and S. Guizani, “InternetofThings based smart cities: Recent advances and challenges,” IEEE Communications Magazine, vol. 55, no. 9, pp. 16–24, 2017.
 [5] X. Yao, X. Han, X. Du, and X. Zhou, “A lightweight multicast authentication mechanism for small scale IoT applications,” IEEE Sensors Journal, vol. 13, no. 10, pp. 3693–3701, 2013.
 [6] I. Yaqoob, E. Ahmed, I. A. T. Hashem, A. I. A. Ahmed, A. Gani, M. Imran, and M. Guizani, “Internet of Things architecture: Recent advances, taxonomy, requirements, and open challenges,” IEEE Wireless Communications, vol. 24, no. 3, pp. 10–16, 2017.
 [7] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of Things (IoT): A vision, architectural elements, and future directions,” Future generation computer systems, vol. 29, no. 7, pp. 1645–1660, 2013.
 [8] X. Du and H.h. Chen, “Security in wireless sensor networks,” IEEE Wireless Communications, vol. 15, no. 4, pp. 60–66, 2008.
 [9] J. Shu, X. Liu, X. Jia, K. Yang, and R. H. Deng, “Anonymous privacypreserving task matching in crowdsourcing,” IEEE Internet of Things Journal, vol. 15, no. 4, pp. 3068–3078, 2018.
 [10] “The Internet of Things reference model,” CISCO, 2014, [Online]. Available: http://cdn.iotwf.com/resources/71/IoTReferenceModelWhitePaperJune42014.pdf.
 [11] X. Du, M. Guizani, Y. Xiao, and H. H. Chen, “A routingdriven elliptic curve cryptography based key management scheme for heterogeneous sensor networks,” IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1223–1229, 2009.
 [12] X. Hei, X. Du, J. Wu, and F. Hu, “Defending resource depletion attacks on implantable medical devices,” in Proc. of 2010 IEEE Global Telecommunications Conference, 2010, pp. 1–5.
 [13] X. Hei and X. Du, “Biometricbased twolevel secure access control for implantable medical devices during emergencies,” in 2011 Proceedings IEEE INFOCOM, 2011, pp. 346–350.
 [14] X. Du, M. Guizani, Y. Xiao, and H. H. Chen, “Secure and efficient time synchronization in heterogeneous sensor networks,” IEEE transactions on vehicular technology, vol. 57, no. 4, pp. 2387–2394, 2008.
 [15] N. Liu, “Internet of Vehicles: Your next connection,” Huawei WinWin, vol. 11, pp. 23–28, 2011.
 [16] F. Bonomi et al., “The smart and connected vehicle and the Internet of Things,” in Proc. of Workshop on Synchronization in Telecommunication Systems (WSTS), 2013.
 [17] O. Kaiwartya, A. H. Abdullah, Y. Cao, A. Altameem, M. Prasad, C. T. Lin, and X. Liu, “Internet of Vehicles: Motivation, layered architecture, network model, challenges, and future aspects,” IEEE Access, vol. 4, pp. 5356–5373, 2016.
 [18] D. Lin, Y. Tang, F. Labeau, Y. Yao, M. Imran, and A. V. Vasilakos, “Internet of Vehicles for ehealth applications: A potential game for optimal network capacity,” IEEE Systems Journal, vol. 11, no. 3, pp. 1888–1896, 2017.
 [19] X. Du, Y. Xiao, M. Guizani, and H. H. Chen, “An effective key management scheme for heterogeneous sensor networks,” Ad Hoc Networks, vol. 5, no. 1, pp. 24–34, 2007.
 [20] Y. Xiao, V. K. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway, “A survey of key management schemes in wireless sensor networks,” Computer communications, vol. 30, no. 1112, pp. 2314–2341, 2007.
 [21] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “Aggregate and verifiably encrypted signatures from bilinear maps,” in Proc. of International Conference on the Theory and Applications of Cryptographic Techniques, 2003, pp. 416–432.
 [22] J. Liu, J. Han, L. Wu, R. Sun, and X. Du, “Vdas: Verifiable data aggregation scheme for internet of things,” in Proc. of 2017 IEEE International Conference on Communications (ICC), 2017, pp. 1–6.
 [23] J. H. Cheon, Y. Kim, H. Yoon et al., “A new idbased signature with batch verification,” IACR Cryptology ePrint Archive, vol. 2004, p. 131, 2004.

[24]
Z. Gong, Y. Long, X. Hong, and K. Chen, “Two certificateless aggregate
signatures from bilinear maps,” in
Proc. of Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)
, vol. 3, 2007, pp. 188–193.  [25] H. Liu, M. Liang, and H. Sun, “A secure and efficient certificateless aggregate signature scheme,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 97, no. 4, pp. 991–995, 2014.
 [26] L. Zhang, B. Qin, Q. Wu, and F. Zhang, “Efficient manytoone authentication with certificateless aggregate signatures,” Computer Networks, vol. 54, no. 14, pp. 2482–2491, 2010.
 [27] H. Xiong, Z. Guan, Z. Chen, and F. Li, “An efficient certificateless aggregate signature with constant pairing computations,” Information Sciences, vol. 219, pp. 225–235, 2013.
 [28] H. Chen, S. Wei, C. Zhu, and Y. Yang, “Secure certificateless aggregate signature scheme,” Journal of Software, vol. 26, no. 5, pp. 1173–1180, 2015.
 [29] H. Z. Du, M. J. Huang, and Q. Y. Wen, “Efficient and provablysecure certificateless aggregate signature scheme,” Dianzi Xuebao(Acta Electronica Sinica), vol. 41, no. 1, pp. 72–76, 2013.
 [30] Y. C. Chen, R. Tso, M. Mambo, K. Huang, and G. Horng, “Certificateless aggregate signature with efficient verification,” Security and Communication Networks, vol. 8, no. 13, pp. 2232–2243, 2015.
 [31] B. Kang and D. Xu, “A secure certificateless aggregate signature scheme,” International Journal of Security and Its Applications, vol. 10, no. 3, pp. 55–68, 2016.
 [32] D. He, M. Tian, and J. Chen, “A note on’an efficient certificateless aggregate signature with constant pairing computations’.” IACR Cryptology ePrint Archive, vol. 2012, p. 445, 2012.
 [33] X. Huang, Y. Mu, W. Susilo, D. S. Wong, and W. Wu, “Certificateless signatures: New schemes and security models,” The computer journal, vol. 55, no. 4, pp. 457–474, 2011.
 [34] D. Pointcheval and J. Stern, “Security arguments for digital signatures and blind signatures,” Journal of cryptology, vol. 13, no. 3, pp. 361–396, 2000.
 [35] H. J. Lu, X. Y. Yu, and Q. Xie, “Provably secure certificateless aggregate signature with constant length,” Journal of Shanghai Jiaotong University, vol. 46, no. 2, pp. 259–263, 2012.
 [36] M. Yang, X. M. Zhao, and Y. M. Wang, “Certificateless aggregate signature scheme,” Journal of University of Electronic Science and Technology of China, vol. 43, no. 2, pp. 188–193, 2014.
 [37] K. Ren, W. Lou, K. Zeng, and P. J. Moran, “On broadcast authentication in wireless sensor networks,” IEEE Transactions on Wireless Communications, vol. 6, no. 11, pp. 4136–4144, 2007.
 [38] K. A. Shim, Y. R. Lee, and C. M. Park, “EIBAS: An efficient identitybased broadcast authentication scheme in wireless sensor networks,” Ad Hoc Networks, vol. 11, no. 1, pp. 182–189, 2013.
 [39] F. Li, Z. Zheng, and C. Jin, “Secure and efficient data transmission in the Internet of Things,” Telecommunication Systems, vol. 62, no. 1, pp. 111–122, 2016.
 [40] D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the Weil pairing,” in Proc. of International Conference on the Theory and Application of Cryptology and Information Security, 2001, pp. 514–532.
 [41] K. A. Shim and C. M. Park, “A secure data aggregation scheme based on appropriate cryptographic primitives in heterogeneous wireless sensor networks,” IEEE transactions on parallel and distributed systems, vol. 26, no. 8, pp. 2128–2139, 2015.
 [42] A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, “Energy analysis of publickey cryptography for wireless sensor networks,” in Proc. of Third IEEE International Conference on Pervasive Computing and Communications, 2005, pp. 324–328.
Comments
There are no comments yet.