IoT technology has been developing rapidly, while at the same time, notorious IoT malware such as Mirai is a severe and inherent threat. We believe it is essential to consider systems that enable us to remotely control infected devices in order to prevent or limit malicious behaviors of infected devices. In this paper, we design a promising candidate for such remote-control systems, called IoT-REX (REmote-Control System for IoT devices). IoT-REX allows a systems manager to designate an arbitrary subset of all IoT devices in the system, and every device can confirm whether or not the device itself was designated; if so, the device executes a command given by the systems manager. Towards realizing IoT-REX, we introduce a novel cryptographic primitive called centralized multi-designated verifier signatures (CMDVS). Although CMDVS works under a restricted condition compared to conventional MDVS, it is sufficient for realizing IoT-REX. We provide an efficient CMDVS construction from any approximate membership query structures and digital signatures, yielding compact communication sizes and efficient verification procedures for IoT-REX. We then discuss the feasibility of IoT-REX through the cryptographic implementation of the CMDVS construction on a Raspberry Pi. Our promising results demonstrate that the CMDVS construction can compress communication size to about 30% compared to a trivial construction, and thus its resulting IoT-REX becomes three times faster than a trivial construction over typical low-power wide area networks with an IoT device.

翻译：物联网技术迅速发展，与此同时，臭名昭著的Mirai等物联网恶意软件构成了严重且固有的威胁。我们认为，有必要设计能够远程控制受感染设备的系统，以预防或限制其恶意行为。本文设计了一种有望实现此类远程控制系统的候选方案，称为IoT-REX（物联网设备远程控制系统）。IoT-REX允许系统管理员指定系统中任意子集的物联网设备，每台设备均可确认自身是否被指定；若是，则执行系统管理员下达的命令。为实现IoT-REX，我们提出了一种新型密码学原语——中心化多指定验证者签名（CMDVS）。尽管CMDVS在受限条件下工作，但足以实现IoT-REX。我们通过任意近似成员查询结构与数字签名构造出高效的CMDVS方案，从而为IoT-REX提供紧凑的通信尺寸与高效的验证流程。进一步，我们在树莓派上通过CMDVS方案的密码学实现论证了IoT-REX的可行性。实验结果表明，与朴素构造相比，CMDVS方案可将通信尺寸压缩至约30%，因此在典型低功耗广域网络环境下，基于CMDVS的IoT-REX系统相较于朴素构造实现了三倍的速度提升。