Chang-Seop Park

DOI: https://doi.org/10.1109/jsen.2016.2625821

IF: 4.3

2017-04-01

IEEE Sensors Journal

Abstract:For the purpose of securing mutual communication, Internet of Things (IoT) applications should establish a security association in advance for two or more sensor devices acting as the roles of sensors and actuators. Even though the X-509-based public key certificate can be a viable solution for such purpose, it is not efficient to employ in the IEEE 802.15.4 network, since it is too large to be loaded in IEEE 802.15.4 frames. So, the elliptic-curve Qu-Vanstone (ECQV) implicit certificate has been employed for lightweight security association establishment for the IoT environment. However, it is mandatory to secure the transaction between the sensor device requesting the certificate and the certificate authority. The previous ECQV certificate issuance protocol has several weaknesses, in terms of security and efficiency. In this paper, we propose a new ECQV certificate issuance protocol that addresses the security problems of the previous protocol. Our protocol design is based on integration into the secure join protocol of the IEEE 802.15.4, where we employ a cryptographically generated address for security bootstrapping to secure the join and certificate issuance protocol. We extensively analyze and compare our protocol with the previous protocol in terms of security and performance.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Manisha Malik,Kamaldeep,Maitreyee Dutta,Jorge Granjal

DOI: https://doi.org/10.1109/access.2023.3261666

IF: 3.9

2023-04-14

IEEE Access

Abstract:The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer. We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 2- %, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Duy An Ha,Kha Tho Nguyen,John K. Zao

DOI: https://doi.org/10.1145/3011077.3011108

2016-12-08

Abstract:This paper introduces a design and implementation of a security scheme for the Internet of Things (IoT) based on ECQV Implicit Certificates and Datagram Transport Layer Security (DTLS) protocol. In this proposed security scheme, Elliptic curve cryptography based ECQV implicit certificate plays a key role allowing mutual authentication and key establishment between two resource-constrained IoT devices. We present how IoT devices get ECQV implicit certificates and use them for authenticated key exchange in DTLS. An evaluation of execution time of the implementation is also conducted to assess the efficiency of the solution.

Dae-Hwi Lee,Im-Yeong Lee

DOI: https://doi.org/10.3390/s20185350

2020-09-18

Abstract:In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the internet to provide IoT services. Smart devices are becoming more intelligent and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will have difficulty applying existing public key cryptography systems to provide security. Therefore, communication protocols for various kinds of participating devices should be applicable in the IoT environment, and these protocols should be lightened for resources-restricted devices. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between the communication objects and to generate the session key. In this paper, we propose two kinds of lightweight authentication and key agreement schemes to enable fast and secure authentication among the objects participating in the IoT environment. The first scheme is an authentication and key agreement scheme with limited resource devices that can use the elliptic curve Qu-Vanstone (ECQV) implicit certificate to quickly agree on the session key. The second scheme is also an authentication and key agreement scheme that can be used more securely, but slower than first scheme using certificateless public key cryptography (CL-PKC). In addition, we compare and analyze existing schemes and propose new schemes to improve security requirements that were not satisfactory.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Zi-Yuan Liu,Yi-Fan Tseng,Raylin Tso,Peter Shaojui Wang,Qin-Wen Su

DOI: https://doi.org/10.1016/j.jisa.2022.103176

IF: 4.96

2022-06-01

Journal of Information Security and Applications

Abstract:In public key infrastructure, a certificate, issued by a certificate authority (CA), is used to guarantee the connection between a user and her/his public key. In order to improve the efficiency, the concept of implicit certificate protocol is introduced by Girault and Gönther. In the existing implicit certificate protocol, a user must issue a certificate request to the CA for each key pair. However, in certain applications (e.g., IoT, sensor networks, and cryptocurrency), a user (or a device) will have multiple public/private key pairs that are related to the same identity. Therefore, the communication cost will be linearly related to the number of key pairs the user has. Furthermore, the storage cost of a large number of certificates is not an ideal property in practice. In this paper, to address the above issues, we proposed two schemes from the most widely used elliptic curve Qu–Vanstone implicit certificate scheme (ECQV). In our first scheme, called M-ECQV I, an ECQV certificate holder, who obtains an ECQV certificate issued by the certificate authority, can further issue multiple credentials with the same identity as ECQV certificate holder and the corresponding key pairs from the ECQV certificate. In our second scheme, called M-ECQV II, it not only supports the comparable functionality of M-ECQV I, but the verifier can ensure that the credentials are only used by the ECQV certificate holder (i.e., these credential are "self-use") to be suitable to different scenarios. In addition, the security models are well-defined and the rigorous security proofs are also given. Experimental results show that our schemes not only greatly improve the performance, but also reduce the storage cost.

computer science, information systems

Fikret Basic,Christian Steger,Robert Kofler

DOI: https://doi.org/10.23919/DATE56975.2023.10137025

2023-11-20

Abstract:Be it in the IoT or automotive domain, implicit certificates are gaining ever more prominence in constrained embedded devices. They present a resource-efficient security solution against common threat concerns. The computational requirements are not the main issue anymore. The focus is now placed on determining a good balance between the provided security level and the derived threat model. A security aspect that often gets overlooked is the establishment of secure communication sessions, as most design solutions are based only on the use of static key derivation, and therefore, lack the perfect forward secrecy. This leaves the transmitted data open for potential future exposures by having keys tied to the certificates rather than the communication sessions. We aim to patch this gap, by presenting a design that utilizes the Station to Station (STS) protocol with implicit certificates. In addition, we propose potential protocol optimization implementation steps and run a comprehensive study on the performance and security level between the proposed design and the state-of-the-art key derivation protocols. In our comparative study, we show that with a slight computational increase of 20\% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities that would otherwise remain open.

Cryptography and Security

Francesco Pollicino,Dario Stabili,Luca Ferretti,Mirco Marchetti

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348712

2020-11-01

Abstract:Emerging Cooperative Intelligent Transportation Systems (C-ITS) enable improved driving experience and safety guarantees, but require secure Vehicular Ad-hoc NETworks (VANETs) that must comply to strict performance constraints. Specialized standards have been defined to these aims, such as the IEEE 1609.2 that uses network-efficient cryptographic protocols to reduce communication latencies. The reduced latencies are achieved through a combination of the Elliptic Curve Qu-Vantstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA), to guarantee data integrity and authenticity. However, literature lacks implementations and evaluations for vehicular systems. In this paper, we consider the IEEE 1609.2 standard for secure VANETs and investigate the feasibility of ECQV and ECDSA schemes when deployed in C-ITSs. We propose a prototype implementation of the standard ECQV scheme to evaluate its performance on automotive-grade hardware. To the best of our knowledge, this is the first open implementation of the scheme for constrained devices that are characterized by low computational power and low memory. We evaluate its performance against C-ITS communication latency constraints and show that, although even highly constrained devices can support the standard, complying with stricter requirements demands for higher computational resources.

Bing Li,Guohe Zhang,Shaochong Lei,Haisheng Fu,Jinlei Wang

DOI: https://doi.org/10.1109/IEEECONF52377.2022.10013341

2022-01-01

Abstract:The quick development of the Internet of Things (IoT) makes the IoT devices become appealing targets of various cyberattacks. Authentication and key agreement (AKA) protocol are the most important measures to ensure the security of IoT. However, it is still quite challenging to devise proper AKA protocols for IoT because of the resource-constrained nature of IoT devices. In this paper, we have proposed a new lightweight AKA protocol for IoT based on elliptic curve cryptography (ECC). Our proposed AKA protocol can achieve mutual authentication and ECC-based session key establishment simultaneously. To enhance security and provide anonymity, our protocol uses the one-time password and dynamic identity information which are updated in every round of mutual authentication through a well-designed update operation. To assess our protocol, we carry out security and performance analyses. The obtained results show that our protocol with a high level of security has low complexity and small computational cost and is appropriate to be applied in resource-constrained IoT devices.

Susovan Chanda,Ashish Kr. Luhach,J. Sharmila Anand Francis,Indranil Sengupta,Diptendu Sinha Roy

DOI: https://doi.org/10.1155/2024/5998163

2024-03-23

Wireless Communications and Mobile Computing

Abstract:The exponential growth of the Internet of Things (IoT) has led to a surge in data generation, critical for business decisions. Ensuring data authenticity and integrity over unsecured channels is vital, especially due to potential catastrophic consequences of tampered data. However, IoT's resource constraints and heterogeneous ecosystem present unique security challenges. Traditional public key infrastructure offers strong security but is resource intensive, while existing cloud-based solutions lack comprehensive security and rise to latency and unwanted wastage of energy. In this paper, we propose a universal authentication scheme using edge computing, incorporating fully hashed Elliptic Curve Menezes–Qu–Vanstone (ECMQV) and PUF. This approach provides a scalable and reliable solution. It also provides security against active attacks, addressing man-in-the-middle and impersonation threats. Experimental validation on a Zybo board confirms its effectiveness, offering a robust security solution for the IoT landscape.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2207.10353

2022-07-21

Abstract:The Internet of Things (IoT) is giving a boost to a plethora of new opportunities for the robust and sustainable deployment of cyber physical systems. The cornerstone of any IoT system is the sensing devices. These sensing devices have considerable resource constraints, including insufficient battery capacity, CPU capability, and physical security. Because of such resource constraints, designing lightweight cryptographic protocols is an opportunity. Remote User Authentication ensures that two parties establish a secure and durable session key. This study presents a lightweight and safe authentication strategy for the user-gateway (U GW) IoT network model. The proposed system is designed leveraging Elliptic Curve Cryptography (ECC). We undertake a formal security analysis with both the Automated Validation of Internet Security Protocols (AVISPA) and Burrows Abadi Needham (BAN) logic tools and an information security assessment with the Delev Yao channel. We use publish subscribe based Message Queuing Telemetry Transport (MQTT) protocol for communication. Additionally, the performance analysis and comparison of security features show that the proposed scheme is resilient to well known cryptographic threats.

Cryptography and Security

Wenzhan Zhang,Yanhui Zhang,Chong Guo,Qi An,Yuming Guo,Ximing Liu,Shijun Zhang,Junjia Huang

DOI: https://doi.org/10.1155/2022/3687332

IF: 3.12

2022-02-26

Computational Intelligence and Neuroscience

Abstract:The rapid development of the Internet of Things (IoT) has accelerated the integration of science and technology with life, enabling the public to start enjoying the convenience brought by intelligent living. However, there are multiple resource-constrained sensing devices in IoT, which are always facing various external or internal attacks, making it difficult to ensure the secure transmission of sensitive data in IoT. Therefore, to address the problem of data transmission in resource-constrained devices in IoT, we propose a new certificateless hybrid signcryption scheme for IoT. It is a novel scheme that satisfies confidentiality and unforgeability, showing higher computational efficiency and lower overhead of transmission. To prove that it satisfies the efficent transmission of IoT, we conduct simulation experiments, and the experimental results show that our proposed scheme has higher efficiency than the existing schemes.

mathematical & computational biology,neurosciences

Abdullah M. Almuhaideb,Sammar S. Algothami

DOI: https://doi.org/10.3390/bdcc6040102

2022-09-27

Big Data and Cognitive Computing

Abstract:In the near future, using electric vehicles will almost certainly be required for the sustainability of nature and our planet. The most significant challenge that users are concerned about is the availability of electric vehicle charging stations. Therefore, to maximize the availability of electric vehicle charging stations, we suggest taking benefit from individual sellers who produce renewable energy from their homes or electric vehicle owners who have charging piles installed in their homes. However, energy services that are rapidly being offered by these businesses do not have a trust connection developed with the consumers and stakeholders in these new systems. Exchange of data related to electric vehicles and energy aggregators can be used to identify users’ behavior and compromise their privacy. Consequently, it is necessary to set up a charging system that will guarantee privacy and security. Several electric vehicle charging systems have been proposed to provide security and privacy preservation. However, ensuring anonymity alone is not enough to guarantee protection from reconstructing the victim vehicle’s route by the tracking adversary, even if the exchanged messages are completely anonymous. Furthermore, anonymity should not be absolute in order to protect the system and function as necessary by all entities. In this research, we propose an effective, secure, and privacy-preserving authentication method based on the Elliptic Curve Qu–Vanstone for an electric vehicle charging system. The proposed scheme provides all the necessary requirements and a reauthentication protocol to minimize the overhead of subsequent authentication processes. To create credentials and validate electric vehicles and energy aggregators, the scheme makes use of the Elliptic Curve Qu–Vanstone implicit certificate mechanism. The new protocols give EVs security and privacy while cutting computational time by 95% thanks to reauthentication, as demonstrated by the performance comparison with earlier works.

Dipanwita Sadhukhan,Sangram Ray,G. P. Biswas,M. K. Khan,Mou Dasgupta

DOI: https://doi.org/10.1007/s11227-020-03318-7

IF: 3.3

2020-05-07

The Journal of Supercomputing

Abstract:Internet of things (IoT) has become a new era of communication technology for performing information exchange. With the immense increment of usage of smart devices, IoT services become more accessible. To perform secure transmission of data between IoT network and remote user, mutual authentication, and session key negotiation play a key role. In this research, we have proposed an ECC-based three-factor remote user authentication scheme that runs in the smart device and preserves privacy, and data confidentiality of the communicating user. To support our claim, multiple cryptographic attacks are analyzed and found that the proposed scheme is not vulnerable to those attacks. Finally, the computation and communication overheads of the proposed scheme are compared with other existing protocols to confirm that the proposed scheme is lightweight. A formal security analysis using AVISPA simulation tool has been done that confirms the proposed scheme is robust against relevant security threats.

Hee-Yong Kwon,Mun-Kyu Lee

DOI: https://doi.org/10.1109/tvt.2019.2902382

IF: 6.8

2019-05-01

IEEE Transactions on Vehicular Technology

Abstract:In many bandwidth-critical environments, including vehicle-to-vehicle and vehicle-to-infrastructure communications, implicit certificates such as elliptic curve Qu-Vanstone (ECQV) are frequently employed as a means to reduce the bandwidth requirement of digital signatures. In these environments, however, certain recipients such as roadside units need to verify signatures for multiple messages within considerably short time periods. In this paper, we propose two efficient methods of reducing the computational costs of signature verification when multiple digital signatures are provided together with the ECQV implicit certificates. The first method achieves this by sharing the intermediate results that are computed when public keys are extracted from ECQV certificates. The second guarantees a further speed improvement by merging the public key extraction processes into a batch signature verification process. We also present an algorithm that adaptively chooses the best verification method for the given signatures in real time. Our experimental results show that the proposed methods allow for a signature verification that is five times faster than existing methods.

telecommunications,engineering, electrical & electronic,transportation science & technology

Abel C. H. Chen

DOI: https://doi.org/10.1109/ICMLANT59547.2023.10372987

2023-09-27

Abstract:In IEEE 1609.2 and IEEE 1609.2.1 standards for Vehicle-to-everything (V2X) secure communication, various security algorithms based on Elliptic Curve Cryptography (ECC) have been adopted and designed. To enhance the efficiency of the Security Credential Management System (SCMS), this study evaluates the computational time for key generation, key expansion, signature generation, and signature verification under different security strengths. This study discusses relevant techniques based on Elliptic Curve Qu-Vanstone (ECQV) implicit certificates, analyzes the length of uncompressed elliptic curve points, compressed elliptic curve points, explicit certificates, and implicit certificates. Furthermore, this study proposes mathematical models to demonstrate the probability of ECQV cracking and provides suggestions for mitigating ECQV cracking risks.

Cryptography and Security,Networking and Internet Architecture

Guanglu Wei,Kai Fan,Kuan Zhang,Haoyang Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3323275

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent years, the Internet of Things (IoT) has gained immense popularity in various aspects of work, learning, and daily life. Within the Internet of Things realm, there is a growing concern regarding communication security issues between users and servers. However, addressing the communication security between servers is equally imperative, which has not received as much attention. To this end, we propose a certificateless anonymous authenticated key agreement (AKA) algorithm based on Learning with Errors (LWE) and Inhomogeneous Small Integer Solution (ISIS) security assumptions. Our scheme provides strong resistance to quantum attacks and protects the privacy of communication servers. It also has constant communication costs and lower computational requirements than existing lattice-based anonymous AKA algorithms on the broadcast channel. Additionally, the proposed scheme eliminates the resource consumption of managing complex certificates and addresses the security risks associated with key escrow in the key generation center (KGC). Through security and performance analysis, we demonstrate that our approach can enhance the security of IoT-based healthcare systems while significantly improving communication efficiency. Our proposed scheme provides a promising solution to security issues related to server communication in IoT systems.

computer science, information systems,telecommunications,engineering, electrical & electronic