YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

Chang-Seop Park

DOI: https://doi.org/10.1109/jsen.2016.2625821

IF: 4.3

2017-04-01

IEEE Sensors Journal

Abstract:For the purpose of securing mutual communication, Internet of Things (IoT) applications should establish a security association in advance for two or more sensor devices acting as the roles of sensors and actuators. Even though the X-509-based public key certificate can be a viable solution for such purpose, it is not efficient to employ in the IEEE 802.15.4 network, since it is too large to be loaded in IEEE 802.15.4 frames. So, the elliptic-curve Qu-Vanstone (ECQV) implicit certificate has been employed for lightweight security association establishment for the IoT environment. However, it is mandatory to secure the transaction between the sensor device requesting the certificate and the certificate authority. The previous ECQV certificate issuance protocol has several weaknesses, in terms of security and efficiency. In this paper, we propose a new ECQV certificate issuance protocol that addresses the security problems of the previous protocol. Our protocol design is based on integration into the secure join protocol of the IEEE 802.15.4, where we employ a cryptographically generated address for security bootstrapping to secure the join and certificate issuance protocol. We extensively analyze and compare our protocol with the previous protocol in terms of security and performance.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Manisha Malik,Kamaldeep,Maitreyee Dutta,Jorge Granjal

DOI: https://doi.org/10.1109/access.2023.3261666

IF: 3.9

2023-04-14

IEEE Access

Abstract:The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer. We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 2- %, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Duy An Ha,Kha Tho Nguyen,John K. Zao

DOI: https://doi.org/10.1145/3011077.3011108

2016-12-08

Abstract:This paper introduces a design and implementation of a security scheme for the Internet of Things (IoT) based on ECQV Implicit Certificates and Datagram Transport Layer Security (DTLS) protocol. In this proposed security scheme, Elliptic curve cryptography based ECQV implicit certificate plays a key role allowing mutual authentication and key establishment between two resource-constrained IoT devices. We present how IoT devices get ECQV implicit certificates and use them for authenticated key exchange in DTLS. An evaluation of execution time of the implementation is also conducted to assess the efficiency of the solution.

Francesco Pollicino,Dario Stabili,Luca Ferretti,Mirco Marchetti

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348712

2020-11-01

Abstract:Emerging Cooperative Intelligent Transportation Systems (C-ITS) enable improved driving experience and safety guarantees, but require secure Vehicular Ad-hoc NETworks (VANETs) that must comply to strict performance constraints. Specialized standards have been defined to these aims, such as the IEEE 1609.2 that uses network-efficient cryptographic protocols to reduce communication latencies. The reduced latencies are achieved through a combination of the Elliptic Curve Qu-Vantstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA), to guarantee data integrity and authenticity. However, literature lacks implementations and evaluations for vehicular systems. In this paper, we consider the IEEE 1609.2 standard for secure VANETs and investigate the feasibility of ECQV and ECDSA schemes when deployed in C-ITSs. We propose a prototype implementation of the standard ECQV scheme to evaluate its performance on automotive-grade hardware. To the best of our knowledge, this is the first open implementation of the scheme for constrained devices that are characterized by low computational power and low memory. We evaluate its performance against C-ITS communication latency constraints and show that, although even highly constrained devices can support the standard, complying with stricter requirements demands for higher computational resources.

Zi-Yuan Liu,Yi-Fan Tseng,Raylin Tso,Peter Shaojui Wang,Qin-Wen Su

DOI: https://doi.org/10.1016/j.jisa.2022.103176

IF: 4.96

2022-06-01

Journal of Information Security and Applications

Abstract:In public key infrastructure, a certificate, issued by a certificate authority (CA), is used to guarantee the connection between a user and her/his public key. In order to improve the efficiency, the concept of implicit certificate protocol is introduced by Girault and Gönther. In the existing implicit certificate protocol, a user must issue a certificate request to the CA for each key pair. However, in certain applications (e.g., IoT, sensor networks, and cryptocurrency), a user (or a device) will have multiple public/private key pairs that are related to the same identity. Therefore, the communication cost will be linearly related to the number of key pairs the user has. Furthermore, the storage cost of a large number of certificates is not an ideal property in practice. In this paper, to address the above issues, we proposed two schemes from the most widely used elliptic curve Qu–Vanstone implicit certificate scheme (ECQV). In our first scheme, called M-ECQV I, an ECQV certificate holder, who obtains an ECQV certificate issued by the certificate authority, can further issue multiple credentials with the same identity as ECQV certificate holder and the corresponding key pairs from the ECQV certificate. In our second scheme, called M-ECQV II, it not only supports the comparable functionality of M-ECQV I, but the verifier can ensure that the credentials are only used by the ECQV certificate holder (i.e., these credential are "self-use") to be suitable to different scenarios. In addition, the security models are well-defined and the rigorous security proofs are also given. Experimental results show that our schemes not only greatly improve the performance, but also reduce the storage cost.

computer science, information systems

Abel C. H. Chen

DOI: https://doi.org/10.1109/ICMLANT59547.2023.10372987

2023-09-27

Abstract:In IEEE 1609.2 and IEEE 1609.2.1 standards for Vehicle-to-everything (V2X) secure communication, various security algorithms based on Elliptic Curve Cryptography (ECC) have been adopted and designed. To enhance the efficiency of the Security Credential Management System (SCMS), this study evaluates the computational time for key generation, key expansion, signature generation, and signature verification under different security strengths. This study discusses relevant techniques based on Elliptic Curve Qu-Vanstone (ECQV) implicit certificates, analyzes the length of uncompressed elliptic curve points, compressed elliptic curve points, explicit certificates, and implicit certificates. Furthermore, this study proposes mathematical models to demonstrate the probability of ECQV cracking and provides suggestions for mitigating ECQV cracking risks.

Cryptography and Security,Networking and Internet Architecture

Hee-Yong Kwon,Mun-Kyu Lee

DOI: https://doi.org/10.1109/tvt.2019.2902382

IF: 6.8

2019-05-01

IEEE Transactions on Vehicular Technology

Abstract:In many bandwidth-critical environments, including vehicle-to-vehicle and vehicle-to-infrastructure communications, implicit certificates such as elliptic curve Qu-Vanstone (ECQV) are frequently employed as a means to reduce the bandwidth requirement of digital signatures. In these environments, however, certain recipients such as roadside units need to verify signatures for multiple messages within considerably short time periods. In this paper, we propose two efficient methods of reducing the computational costs of signature verification when multiple digital signatures are provided together with the ECQV implicit certificates. The first method achieves this by sharing the intermediate results that are computed when public keys are extracted from ECQV certificates. The second guarantees a further speed improvement by merging the public key extraction processes into a batch signature verification process. We also present an algorithm that adaptively chooses the best verification method for the given signatures in real time. Our experimental results show that the proposed methods allow for a signature verification that is five times faster than existing methods.

telecommunications,engineering, electrical & electronic,transportation science & technology

Francesco Pollicino,Dario Stabili,Luca Ferretti,Mirco Marchetti

DOI: https://doi.org/10.1109/tvt.2021.3122333

IF: 6.8

2021-12-01

IEEE Transactions on Vehicular Technology

Abstract:Cooperative Intelligent Transportation Systems (C-ITS) improve driving experience and safety through secure Vehicular Ad-hoc NETworks (VANETs) that satisfy strict security and performance constraints. Relevant standards, such as the IEEE 1609.2, prescribe network-efficient cryptographic protocols to reduce communication latencies through a combination of the Elliptic Curve Qu-Vanstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA). However, literature lacks open implementations and performance evaluations for vehicular systems. This paper assesses the applicability of IEEE 1609.2 and of ECQV and ECDSA schemes to C-ITSs. We release an open implementation of the standard ECQV scheme to benchmark its execution time on automotive-grade boards. Moreover, we evaluate its performance in real road and traffic scenarios and show that compliance with strict latency requirements defined for C-ITS requires computational resources that are not met by many automotive-grade embedded hardware platforms. As a final contribution, we propose and evaluate novel heuristics to reduce the number of signatures to be verified in real C-ITS scenarios.

Paulo S. L. M. Barreto,Marcos A. Simplicio,Jefferson E. Ricardini,Harsh Kupwade Patil

DOI: https://doi.org/10.1109/tc.2020.2988637

IF: 3.183

2021-03-01

IEEE Transactions on Computers

Abstract:In the implicit certification model, the process of verifying the validity of the signer's public key is combined with the verification of the signature itself. When compared to traditional, explicit certificates, the main advantage of the implicit approach lies in the shorter public key validation data. This property is particularly important in resource-constrained scenarios where public key validation is performed very often, which is common in vehicular communications (V2X) that employ pseudonym certificates. In this article, we show an alternative Schnorr-based implicit certification procedure that can improve the efficiency of a popular V2X-oriented Vehicular Public Key Infrastructure (VPKI), the Security Credential Management System (SCMS). As an additional contribution, we show that SCMS's underlying certificate provisioning procedure, based on butterfly keys, is vulnerable to existential forgery attacks under certain conditions. We then discuss how this issue can be fixed in an effective and efficient manner.

engineering, electrical & electronic,computer science, hardware & architecture

Abdullah M. Almuhaideb,Sammar S. Algothami

DOI: https://doi.org/10.3390/bdcc6040102

2022-09-27

Big Data and Cognitive Computing

Abstract:In the near future, using electric vehicles will almost certainly be required for the sustainability of nature and our planet. The most significant challenge that users are concerned about is the availability of electric vehicle charging stations. Therefore, to maximize the availability of electric vehicle charging stations, we suggest taking benefit from individual sellers who produce renewable energy from their homes or electric vehicle owners who have charging piles installed in their homes. However, energy services that are rapidly being offered by these businesses do not have a trust connection developed with the consumers and stakeholders in these new systems. Exchange of data related to electric vehicles and energy aggregators can be used to identify users’ behavior and compromise their privacy. Consequently, it is necessary to set up a charging system that will guarantee privacy and security. Several electric vehicle charging systems have been proposed to provide security and privacy preservation. However, ensuring anonymity alone is not enough to guarantee protection from reconstructing the victim vehicle’s route by the tracking adversary, even if the exchanged messages are completely anonymous. Furthermore, anonymity should not be absolute in order to protect the system and function as necessary by all entities. In this research, we propose an effective, secure, and privacy-preserving authentication method based on the Elliptic Curve Qu–Vanstone for an electric vehicle charging system. The proposed scheme provides all the necessary requirements and a reauthentication protocol to minimize the overhead of subsequent authentication processes. To create credentials and validate electric vehicles and energy aggregators, the scheme makes use of the Elliptic Curve Qu–Vanstone implicit certificate mechanism. The new protocols give EVs security and privacy while cutting computational time by 95% thanks to reauthentication, as demonstrated by the performance comparison with earlier works.

Jie Wang,Shengbao Wang,Kang Wen,Bosen Weng,Xin Zhou,Kefei Chen

DOI: https://doi.org/10.3390/electronics13061109

IF: 2.9

2024-03-19

Electronics

Abstract:Dynamic wireless charging emerges as a promising technology, effectively alleviating range anxiety for electric vehicles in transit. However, the communication between the system's various components, conducted over public channels, raises concerns about vulnerability to network attacks and message manipulation. Addressing data security and privacy protection in dynamic charging systems thus becomes a critical challenge. In this article, we present an authentication protocol tailored for dynamic charging systems. This protocol ensures secure and efficient authentication between vehicles and roadside devices without the help of a trusted center. We utilize a physical unclonable function (PUF) to resist physical capture attacks and employ the elliptic curve discrete logarithm problem (ECDLP) to provide forward security protection for session keys. We validated the security of our proposed scheme through comprehensive informal analyses, and formal security analysis using the ROR model and formal analysis tool ProVerif. Furthermore, comparative assessments reveal that our scheme outperforms other relevant protocols in terms of efficiency and security.

engineering, electrical & electronic,computer science, information systems,physics, applied

Abel C. H. Chen

2024-01-03

Abstract:In recent years, the elliptic curve Qu-Vanstone (ECQV) implicit certificate scheme has found application in security credential management systems (SCMS) and secure vehicle-to-everything (V2X) communication to issue pseudonymous certificates. However, the vulnerability of elliptic-curve cryptography (ECC) to polynomial-time attacks posed by quantum computing raises concerns. In order to enhance resistance against quantum computing threats, various post-quantum cryptography methods have been adopted as standard (e.g. Dilithium) or candidate standard methods (e.g. McEliece cryptography), but state of the art has proven to be challenging to implement implicit certificates using lattice-based cryptography methods. Therefore, this study proposes a post-quantum cryptography McEliece-Chen (PQCMC) based on an efficient random invertible matrix generation method to issue pseudonymous certificates with less computation time. The study provides mathematical models to validate the key expansion process for implicit certificates. Furthermore, comprehensive security evaluations and discussions are conducted to demonstrate that distinct implicit certificates can be linked to the same end entity. In experiments, a comparison is conducted between the certificate length and computation time to evaluate the performance of the proposed PQCMC. This study demonstrates the viability of the implicit certificate scheme based on PQC as a means of countering quantum computing threats.

Cryptography and Security,Networking and Internet Architecture

Devishree Naidu,Niranjan K. Ray

DOI: https://doi.org/10.1002/cpe.8283

2024-10-04

Concurrency and Computation Practice and Experience

Abstract:Summary The proposed work introduces two schemes for secure device authentication and key agreement (SDA & KA) mechanisms. Initially, an efficient implicit certificate approach based on the Elliptic curve Qu–Vanstone (EIC‐EcQuV) scheme is developed in the first stage to instantly concur on the session key. The proposed scheme implicitly performs quick authentication of the public key. Also, this scheme prevents the attacker from creating fake key combinations. Through EIC‐EcQuV, the implicit certificate (IC) is distributed which helps to implicitly authenticate the user. This work also proposes ithe developed Public Key Certificateless Cryptosystem (PKCIC) scheme in the second stage, whch was also for the SDA & KA mechanism. In the EIC‐EcQuV scheme, efficient authentication is enabled, but public key theft is possible. However, in the PKCIC scheme, authentication is performed through partial keys, and the public key is secured via the Schnorr signature. The efficiency of the proposed schemes is proved by comparing the attained results with previous schemes. The proposed method obtains the computational cost of 0.0583 s for end‐to‐end devices, 0.06111 for network servers, and 0.00071 s for the gateway, with an execution time of 78.624 for 1000 devices. The attained key agreement of the proposed EIC‐EcQuV is 0.953 s, and PKCIC is 0.9988 s.

computer science, theory & methods, software engineering