Energy measure cluster based concealed aggregation for confidentiality and integrity in WSN

Abstract

Wireless sensor networks (WSNs) is a network of resource constrained sensors deployed in unattended region for environmental monitoring. The resource constrained and ad-hoc nature of WSN stances lot of challenges to the research community when designing protocols for such environments. Now a days WSN is widely deployed from environmental monitoring to military applications. So secure data transmission is mandated in WSNs when it is used for mission critical applications. Data aggregation is a widely used method in WSNs for reducing communication overhead by mitigating unwanted data transmissions. But upholding accuracy of such aggregated data and providing security for the same is a challenging task. In this paper we propose Cluster based Concealed data Aggregation for Confidentiality and Integrity(C-CASIN) in WSN. It uses Elliptic Curve Cryptography based Elgamal additive homomorphic encryption scheme for providing Confidentiality and Integrity.EC-Elgamal Signature algorithm supports for authenticity. By supporting end-to-end encryption proposed method provides security with reduced computation and communication overheads. Results show that proposed method defend against various possible attacks and malicious behavior with the extended network lifetime of 15 to 20 percentage when comparing with basic secure model.

Keywords

WSNs concealed data aggregation clustering end-to-end encryption homomorphic encryption

1 Introduction

Wireless sensor network (WSNs) encompasses a huge number of small-sized and inexpensive sensors. Every sensor is fabricated with limited resources like battery, processing power and memory [1]. WSN is widely applied to environmental monitoring like forest fire detection, monitoring enemies invading in battle field, providing physical security for military operations, health sector, wild animals tracking, bio medical applications, etc. [2]. As the main energy source of sensor nodes are non-rechargeable batteries, once nodes are deployed in unattended environment replacement of energy source is impractical. Hence, we need to overcome the limitations and reduce energy consumption.

One principle practice used to bring down the energy consumption in WSN is data aggregation with clustering. Data aggregation is the process of collecting sensed information from nearby nodes to reduce unwanted data transmission in the network [3, 4]. To decide an aggregator, topology-based network organization is required. One such construction is clustering, in which sensor nodes are grouped by considering number of parameters like location, remaining energy and an application for which nodes are deployed [5]. Cluster heads are acting as an aggregator which collects data from cluster members [6]. However, because of data aggregation the major quality of services in the network like data accuracy, latency and fault tolerance may be degraded. Also, data aggregation creates room for vulnerabilities. For example, if an aggregator node is compromised, it may reveal entire collected data to the attackers or may send arbitrary values to the base station.

When deploying wireless sensor networks in public environments, it may become necessary to ensure confidentiality for their data storage. Since these are infrastructure-less and wireless networks, the communication speed is very less when compared to a wired network and also these can be easily distracted by radio waves, Bluetooth, etc. Some of the possible attacks are node-compromise, eavesdropping, sinkhole attacks, sybil attacks and selective forwarding [7, 8]. There is also a possibility of having malicious nodes which lead to DDos attacks. However, designing security for WSN is a challenging task because of its resource constrained and ad-hoc nature. So, researchers must trade-off between effective energy utilization, data confidentiality, data accuracy and fault tolerance. For this reason, Efficient secure data aggregation is essential for confidentiality and integrity of sensory information’s of WSN in the publicly deployed domain [9].

In this paper our contribution towards secure data aggregation is manifold. We propose a better scheme, Energy Measure Cluster based Concealed Aggregation for Confidentiality and Integrity in WSN(C-CACIN). An elliptic Curve Cryptography based secure homomorphic data aggregation for preserving confidentiality and integrity in unattended, resource constrained WSN. The proposed protocol uses K-means clustering for efficient cluster formation and aggregator selection. It uses ECC based homomorphic end to end data encryption scheme for confidentiality. It also uses RSA based digital signature verification algorithm for ensuring data integrity.

The rest of the paper is organised as follows. Section 2 gives an overview of related work on clustering and secure data aggregation. Section 3 explains proposed ECC based secure data aggregation. Theoretical analysis and performance evaluation of proposed scheme is explained in section 4. Finally, section five discusses conclusion and future work.

2 Related work

Security in WSN have attained considerable attention from researchers to design energy aware light weight secure algorithms for ensuring confidentiality. Due to resource constraint and ad-hoc nature of sensor networks, the security design for WSN is significantly challenging [10, 11].

In [12] author proposes a security architecture by combing features of TESLA and Bloom filters. It helps in hoarding against compromised node attack and avoids network jamming by multipath routing. However, topology construction and data aggregation highly influence the design of Energy efficient secure algorithm. In [13] data density correlation degree (DDCD) clustering method was proposed for more accurate data aggregation and clustering. It also reduces the amount of data conveyed to sink holes by using spatial correlation measurement between neighboring nodes.

In [14] author explains basic supporting characteristics of Information Management Systems with context aware and privacy preservation policies for secure and real time data transmission in dynamic manner. In [15] author proposed nearest closer routing protocol and they analyzed closure relationship among the parameters like density, reliability and lifetime. The trade-off among the parameters are examined by five different evaluation models for efficient routing. In [16] cloud supported large scale video surveillance system is proposed to secure our life now a days. Here multi-tier framework is proposed by utilizing various technologies of Internet of Things (IoT) umbrella to achieve an optimal bandwidth usage with reduced video distortion.

In [17] author proposes an effective clustering approach with data aggregation using multiple mobile sinks for heterogeneous WSN. It uses an intelligent technique for data gathering by retracing the same path with multiple mobile sink which intern reduces the delay. In [18] authors proposed optimized ECC based additive homomorphic encryption for Tiny PEDS environment. By using pseudo-Mersenne prime reduction and the Interleave method it offers fast point multiplication. Genetic algorithm is used [19] for cluster head election and cluster formation. Authors proposed an encryption schema which is constructed based on GASONeC algorithm. Also, they have used ECC key, node id and CH distance for key formation and homomorphic encryption for secure data transmission. In [20] proposes malleability resilient data aggregation scheme which achieves conflicting objectives against insider and outsider adversaries. Authors used homomorphic encryption and homomorphic MAC for encrypted data processing.it reduces communication overhead in resource constraint WSN. In [21] author proposes an encryption method to generate binary string using ECC algorithm. It uses node ID, distance to cluster head and transmission round index for key generation. And the proposed framework overcomes selective forwarding attack, hello flood attack and brute force attack. In [22] symmetric-key based homomorphic encryption with homomorphic signature is proposed for data privacy and to ensure data integrity. At the time of decryption, the base station can classify encrypted and aggregated data based on the encryption key. It can effectively preserve data privacy, check data integrity, and achieve high data transmission efficiency.

3 Methods and materials

Assuming Sensor network G comprises of n randomly deployed nodes represented as G = sn₁, sn₂, sn₃, ... , sn_n and a powerful Base station (BS). Each sensor sn_i is sensing environmental data and same needs to be periodically updated to the base station. In the resource constrained environment, since communication module consumes most of the node energy efficient network organization and routing protocols design plays vital role.

Clustering is one of the ways of grouping nodes, by considering essential parameters like distance with base station, Residual energy, Node proximity, application etc. Each cluster comprises cluster head and its members. In the proposed work we use K-means algorithm for clustering. It is used to locate position of preliminary centroids by measuring collected distance metric with the previous centroid selection rounds and the data point which has located apart with the current iteration point will be selected. Finally, K-means algorithm locate all centroids with the maximum distance as far as possible with the initial centroid in the data distribution. And the selected initial centroids are known as Cluster Heads (CHs) which then forms the clusters by grouping nearby sensor nodes.

Base station broadcasts an authenticated query to WSN. Resource constrained sensors (For example Mica2 motes equipped with 8-bit Atmel processor(4 MHz) with instruction memory 128 KB and 4 KB RAM) acting upon the query by progressing sensed information to the next level (CH). Cluster heads also acting as an aggregator, which aggregates the sensed information from cluster members (sensor nodes) and by averaging it without loss of generality.

Aggregated data is encrypted by the cluster head to provide secure data communication over an insecure network. However, resource constrained nature of WSN poses challenge to the researchers to design light weight secure algorithm. Homomorphic encryption is such kind which permits convoluted calculations on the cipher text without compromising the security.

Homomorphic encryption generates the cipher text, when it is decrypted that matches result of the operations as if they had been performed on the plaintext. So, it allows performing arithmetic operations (aggregation) on encrypted data. Formal description of Homomorphic encryption is given below.

Let E() be the encryption scheme and let P and C be the plaint text and cipher text respectively [23].

If P is a group under additive operation, then we can say that E() be the ⊕ homomorphic encryption scheme. For any instance of an encryption scheme, let m1, m2∈P and c1, c2,∈C such that c1 = E(m1, k) and c2 = E(m2,k). Calculating c3 such that, $c 3 = c 1 \oplus c 2$

And let’s assume D() be the decryption function then $D (c 3, k) = (m 1 \oplus m 2) .$

In other words, by decrypting c3 with the key k produces m1⊕m2. It shows that privacy of plain text is preserved even convolutions with cipher text is done, by use of additive homomorphic property. Homomorphic encryption can be done by using symmetric or asymmetric cryptography. But asymmetric cryptography avoids secret key sharing and contest against chosen plain text attack.

To ensure authenticity between sender and receiver a new functionality known as signature is used. Signature is a piece of information sent by sender and eventually verified by the receiver. In public key cryptography sender creates its signature by using his private key and the receiver uses senders public key to verify the sender and ensures authenticity.

In [24] boneh et al., proposed aggregation-based signature scheme, in which Individual signatures on corresponding messages were aggregated to create a single signature. Then aggregated signature is encrypted and sent over the insecure link. At the base station the received aggregate signature verified after decryption.

It uses bilinear map with two cyclic multiplicative groups of prime order say, G₁ and G₂ and G₁×G₁ ⟶ G₂. Signers create signature by applying hash function h on the generated message and encrypts the same using senders secret key. At the base station if received aggregate signature is ∂ for set of users U and given n original messages m₁, m₂ ... mn, and for the user u_i∈U compute h_i = h(m_i) for 1≤i≤n.computed hash values are aggregated and verified against received signature ∂.

4 Proposed cluster based concealed aggregation scheme

Providing security in unattended WSN environment is a challenging task. Proposed C-CACIN method uses ECC based Homomorphic encryption and Signature algorithm for secure data aggregation in WSN which is shown in Figs. 1 and 2. Proposed C-CASIN comprises of four stages namely Setup, EC-Elgamal Encryption, Aggregate Signature and Verify. Detailed description of the same is given below.

Fig. 1

Encrypted message and Tag generation.

Fig. 2

Reception and verification at Base station.

4.1 Setup phase

Aggregation clusters are constructed over a randomly deployed sensors by using pillar K-means algorithm. Initial centroids identified by K-means are cluster heads and nearby nodes connects with the cluster head and forms clusters. Cluster head is acting as an aggregator which collects sensed information from its members.

Nodes are embedded with private key S_k and deployed in harsh environment by typical way of deploying (Dropping from plane). Base station broadcast query by requesting sensors to send sensed information. So, cluster heads collect data from its members aggregates the same to create cipher text. Also generates Tag from aggregated message by using same private key S_k. Base station uses (S_k, P_k) for decryption. Where P_k = S_k * P and P point on the Elliptic curve [25].

4.2 EC-Elgamal for encryption phase

This procedure is caused when cluster head needs to encrypt the aggregated information. Detailed algorithm is given below.

EC-Elgamal Encryption algorithm

Choose large prime P

Choose an Elliptic Curve E over F_p

Select a point P on E(F_p)

Use embedded secret key S_k and compute,

P_{k} = S_{k} * P over E (F_{p})

Encryption:

For a plaintext m ∈ E (F_p)

Compute ciphertext

c 1 = r . p and c 2 = m + r . P_{k}

Decryption:

Decrypt the ciphertext, D = c2–S _k.c₁ = m

Aggregating Ciphertexts at cluster heads:

For the message m_i, generated cipher texts are E(m_i) ⟶ c_i₁ and c_i₂

For the message m_j, generated cipher texts are E(m_j) ⟶ c_j₁ and c_j₂

Aggregate ciphertexts in such a way that, C₁ = c_i₁ ₊ c_j₁ and C₂ = c_i₂ ₊ c_j₂

Decryption of aggregated ciphertext at the base station gives plaintext m₁, m₂, ... m_n on E(F_p)

4.3 Aggregate signature phase

Cluster head (CH₁) generates Signature Tag (S₂) by using its private key S_k. Instead of taking raw message which may leads to confidentiality breach, we compute hash value of aggregated message using SHA-512 algorithm for signature generation [22]. Then generated signature is encrypted and sent to the neighboring cluster head (CH₂).

At base station aggregated signature is decrypted to get (S₂₁, S₂₂, ... S_2n) if there are ^′n^′ cluster heads. Base station then calculates (S₁), (V₁) and (V₂) to verify signature.

Generating S₁and S₂:

Choose random numbers α and q (such that (0≤m≤q–1))

Choose random integer k (0≤k≤q–1) and gcd (k, q–1) = 1

Calculate S₁ =α^K mod q

Calculate K^–1mod q–1

Calculate $S_{2} = K^{- 1} (m - S_{k}^{S_{1}}) \mod q - 1$

Generated S₂ is encrypted and sent to the neighbouring cluster head.

4.4 Verify phase

At the base station received aggregated signature is decrypted to get (S₂₁, S₂₂, ... , S₂ _n ). Then it calculates (V₁) and (V₂) for verification.

Given a set of signature and identifier pair (S₂₁, id₁), (S₂₂, id₂), ... ,(S_2n, id_n), with a set of message and identifier pair (m₁, id₁), (m₂, id₂), ... ,(m_n, id_n), base station calculates S₁ and accepts the message if and only if $(V_{1}) = (V_{2})$

Computing V ₁ and V ₂

V₁ = a ^m mod q

$V_{2} = P_{k}^{S_{1}} S_{1}^{S_{2}} \mod q$

Accepts if V₁ = V₂.

5 Security analysis

Basically, any network should ensure some of the essential characteristics like confidentiality, Integrity, Authentication and Access control for security. Confidentiality means keeping the privacy of each node’s communication. Data integrity simply means the assurance of accuracy of data. Authentication is ensuring the data is from the place where it says to be from and Access control is a way to find if any node has access to that particular node’s resources.

Providing security in unattended environments such as WSN is mandatory since it is highly utilized by mission critical applications. But employing security in WSN is a challenging task because of its resource constrained nature and infrastructure less networking environment. However, proposed C-CASIN is defending against following attacks and try to provide its best effort service over an insecure environment.

HELLO flood attack: In Most of the protocols base station broadcast hello message to the nodes in the environment for requesting response or to identify nodes. But an adversary can act like a base station and may flood HELLO packets to collect data from legitimate nodes, which may lead to confidentiality breach and resource wastage. But, proposed C-CASIN with the help of EC-Elgamal homomorphic encryption, ensures confidentiality with less energy resource.

Exhaustion: In WSN, a node that is performing large number of unnecessary calculations may lose or exhaust its energy soon. So, providing security in such environment is a challenging task because each node has to do number of calculations which reduces its energy may reduce lifetime of entire network. C-CASIN is a light weight security algorithm which allows convoluted calculations on encrypted text. So, energy usage is notably reduced.

Passive and Active attackers: Passive attacks are caused by insider or outsider adversaries which is difficult to locate the attacker. They collect sensed information silently to breach confidentiality and privacy requirements. But Active attackers may inject faulty data into the victim network and creates congestion. Proposed method protects against such attacks by providing end-to-end homomorphic encryption.

Sinkhole attacks: Traffic is attracted towards malicious nodes placed by adversaries (works for selective forwarding attack) which may act as base station or near to the base station. So, nodes in the network attracted by compromised node and forwards data. Proposed method fights against sinkhole attack by EC-Elgamal Encryption and signature algorithms

Sybil attacks: Nodes in the sensor networks may steal legitimate node identities or create duplicate identities and acts like an authentic node.EC-Elgamal signature algorithm in the proposed C-CASIN is defending against such sybil attack by implementing signature and verification algorithms. Nodes create signature S₂ and the same is verified at base station using public key cryptosystem.

6 Results and discussions

The performance of the proposed C-CASIN is validated by implementing it in MATLAB. The simulation parameters are given in Table 1. Parameters like energy consumption, data transmission time, computational time, remaining energy and network lifetime are measured and compared with raw benchmark and encryption without homomorphic technique.

Table 1
Simulation Parameters

Parameters for simulation Values

1. Simulation area 300∗300 square meters

2. Number of nodes 500

3. The initial energy of the node 0.5 J

4. Size of the packet to be transmitted 500 bytes

5. Location of base station 50,200

6. Channel Wireless

7. Number of clusters 20

8. Simulation time 4500 ms

Parameters for simulation	Values
1. Simulation area	300∗300 square meters
2. Number of nodes	500
3. The initial energy of the node	0.5 J
4. Size of the packet to be transmitted	500 bytes
5. Location of base station	50,200
6. Channel	Wireless
7. Number of clusters	20
8. Simulation time	4500 ms

6.1 Energy consumption

Energy consumption is defined as amount of energy required for a sensor node to sense, process and to send the data to next neighbor node. Figure 3 shows energy consumption comparison for proposed method with raw benchmark (Transmission over Insecure link) and encryption scheme without homomorphic technique (Basic secure model).

Fig. 3

Energy Consumption.

Energy consumed for insecure transmission is very low when compared to other two methods, because the aggregated data will not be encrypted which intern leads to eavesdrop on the sensed data, so data encryption is needed. The next two methods (proposed, Basic secure model) will encrypt the data, but basic secure model will consume more energy than proposed method, as basic secure model will have to do consecutive encryption and decryption, which require more energy and time than proposed method. Here C-CASIN will encrypt an aggregated data and forwards the same to immediate neighboring cluster head for further aggregation and the decryption is performed only at the base station. So, it consumes less energy than basic secure model hence increases overall network lifetime.

6.2 Data transmission time

Data transmission time is the time taken to transmit the data from sensor node to base station. Figure 4 shows the data transmission of proposed method and basic secure model. Data transmission time of C-CASIN takes less time than basic secure model, this is because proposed method will encrypt data and sends that encrypted data, whereas basic secure model will do consecutive encryption and decryptions which in turn takes longer time.

Fig. 4

Data Transmission time.

6.3 Residual energy

Residual energy is the energy left in sensor nodes after performing necessary transactions. In Fig. 5 the residual energy of proposed method is better than other two methods. This is because they perform more computations than raw benchmark model and less computations than basic secure model.

Fig. 5

Residual Energy.

6.4 Network lifetime

Network lifetime is the lifetime of overall network in which at least one node should survive. It is an elapsed time between node deployment and survival of last node in the target area. Figure 6 shows network lifetime of proposed method compared with raw benchmark and basic secure model.

Fig. 6

Network Lifetime.

Life time of proposed C-CASIN is extended comparing to basic secure model because it avoids decryption at intermediate nodes.

7 Conclusion

Wireless sensor networks (WSNs) is a group of resource constrained sensors deployed in unmanned environment for recording the physical conditions of the surrounding and will organize the sensed data at a central location called base station. Data aggregation is a principle practice widely used in WSN to reduce communication overhead. Secure transmission of aggregated data is essential in mission critical applications. Employing security in such resource constrained environment is a challenging task. So lightweight encryption algorithms are required for providing security. In this paper we proposed C-CASIN, a light weight EC-Elgamal additive homomorphic based encryption and signature algorithm for confidentiality and authentication. By promoting convoluted computations on encrypted data proposed scheme reduces energy consumption even with supporting confidentiality and authentication. Proposed scheme increases network lifetime by efficient energy usage. Results show that C-CASIN performs well by reducing Energy consumption and Data transmission time. And increases network lifetime when compared with raw benchmark and basic secure model. Also, it defends against HELLO flood attack, Sinkhole attack, Energy Exhaustion, Sybil attacks, Passive and Active attackers.

References

Karim

and Zeadally

, Energy harvesting in wireless sensor networks: A comprehensive review, Renewable and Sustainable Energy Reviews55 (2016), 1041–1054. doi: 10.1016/j.rser.2015.11.010

Authors

, Article information: (2015).

Liu

, Luo

and Song

, Correlative pattern based data aggregation mechanism for WSN, 31 (2016), 991–999. doi: 10.3233/JIFS-169028

Xiaohua

, Li

Xiang-Yang

, Mao

Xufei

, Tang

Shaojie

and Wang

Shiguang

, A delay-efficient algorithm for data aggregation in multihop wireless sensor networks, IEEE Transactions on Parallel and Distributed Systems22 (2010), 163–175. doi: 10.1109/tpds.2010.80

Yassen

M.B.

, Aljawaerneh

and Abdulraziq

, Based on Internet of Things for Wireless Sensor, 2016 International Conference on Engineering & MIS (ICEMIS). (2016) 1–9. doi:10.1109/ICEMIS.2016.7745310.

Behera

T.M.

, Mohapatra

S.K.

, Samal

U.C.

, Khan

M.S.

, Daneshmand

and Gandomi

A.H.

, Residual energy-based cluster-head selection in WSNs for IoT application, IEEE Internet of Things Journal6 (2019), 5132–5139. doi: 10.1109/JIOT.2019.2897119

Pradesh

, Pawar

, Pradesh

, Agarwal

and Pradesh

, A Literature Survey on Security Issues of WSN and Different Types of Attacks in Network8 (2017), 80–83.

Saravanan

and Sethukarasi

, Optimal Hop Selection Based Novel Trust Based DDoS Attack Removal Framework for Reliable and Secured Transmission of Data in VANETs, Wireless Personal Communications (2019), doi:10.1007/s11277-019-06385-z.

Elhoseny

, Yuan

, El-minir

H.K.

and Riad

A.M.

, An energy efficient encryption method for secure dynamic WSN, (2016) 2024–2031. doi:10.1002/sec.

10.

Zin

, Badrul

, Mat

and Pathan

A.K.

, Journal of Network and Computer Applications Routing protocol design for secure WSN: Review and open research issues, Journal of Network and Computer Applications41 (2014), 517–530. doi: 10.1016/j.jnca.2014.02.008

11.

Chelli

, Security Issues in Wireless Sensor Networks: Attacks and Countermeasures, I (2015).

12.

Khan

, Secure Communication and Routing Architecture in Wireless Sensor Networks, 2014 IEEE 3rd Global Conference onConsumer Electronics (GCCE) (2014), 647–650. doi:10.1109/GCCE.2014.7031298.

13.

Yuan

, Zhan

and Wang

, for Data Aggregation in WSN, IEEE Sensors Journal14 (2014), 1089–1098. doi: 10.1109/JSEN.2013.2293093

14.

Gupta

B.B.

, Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives, CRC Press, 2018.

15.

Cao

, Liu

, Li

, Zhang

, Cao

, Yan

and Gupta

B.B.

, Evaluation models for the nearest closer routing protocol in wireless sensor networks, IEEE Access6 (2018), 77043–77054. doi: 10.1109/ACCESS.2018.2825441

16.

Alsmirat

M.A.

, Jararweh

, Obaidat

and Gupta

B.B.

, Internet of surveillance: a cloud supported large-scale wireless surveillance system, Journal of Supercomputing73 (2017), 973–992. doi: 10.1007/s11227-016-1857-x

17.

Krishnan

A.M.

and Kumar

P.G.

, An effective clustering approach with data aggregation using multiple mobile sinks for heterogeneous WSN, Wireless Personal Communications90 (2016), 423–434. doi: 10.1007/s11277-015-2998-6

18.

Ugus

, Westhoff

, Laue

, Shoufan

and Huss

S.A.

, Optimized implementation of elliptic curve based additive homomorphic encryption for wireless sensor networks, Proc. 2ndWorkshop Embedded Syst. Secur. (WESS) (2007), 11–16.

19.

Elhoseny

, Elminir

, Riad

and Yuan

, A secure data routing schema for WSN using Elliptic Curve Cryptography and homomorphic encryption, Journal of King Saud University –Computer and Information Sciences28 (2016), 262–275. doi: 10.1016/j.jksuci.2015.11.001

20.

Parmar

and Jinwala

D.C.

, Malleability resilient concealed data aggregation in wireless sensor networks, Wireless Personal Communications87 (2016), 971–993. doi: 10.1007/s11277-015-2633-6

21.

Kamesh and Sakthi Priya

, Gbaam, International Journal of Applied Engineering Research9 (2014), 5968–5974. doi: 10.1002/sec

22.

Ben

, Abdullah

, Bahattab

, Trad

and Youssef

, Confidentiality and integrity for data aggregation in WSN using homomorphic encryption (2015), 867–889. doi:10.1007/s11277-014-2061-z.

23.

, El-latif

A.A.A.

and Niu

, Elliptic curve ElGamal based homomorphic image encryption scheme for sharing secret images, 92 (2012), 1069–1078. doi: 10.1016/j.sigpro.2011.10.020

24.

Boneh

, Lynn

and Gentry

, Aggregate and Verifiably Encrypted Signatures from Bilinear Maps, International conference on theory and applications of cryptographic techniques, Springer, Berlin, pp. 416–432.

25.

Gilbert

Henri

, “Advances in Cryptology -EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques”, French Riviera, May 30–June 3, 2010.