Digital signatures are basic cryptographic tools to provide authentication and integrity in the emerging ubiquitous systems in which resource-constrained devices are expected to operate securely and efficiently. However, existing digital signatures might not be fully practical for such resource-constrained devices (e.g., medical implants) that have energy limitations. Some other computationally efficient alternatives (e.g., one-time/multiple-time signatures) may introduce high memory and/or communication overhead due to large private key and signature sizes.
In this paper, our contributions are two-fold: First, we develop a new lightweight multiple-time digital signature scheme called Signer Efficient Multiple-time Elliptic Curve Signature (SEMECS), which is suitable for resource-constrained embedded devices. SEMECS achieves optimal signature and private key sizes for an EC-based signature without requiring any EC operation (e.g., EC scalar multiplication or addition) at the signer. We prove SEMECS is secure (in the random oracle model) with a tight security reduction. Second, we fully implemented SEMECS on an 8-bit AVR microprocessor with a comprehensive energy consumption analysis and comparison. Our experiments confirm up to 19× less battery-consumption for SEMECS as compared to its fastest (full-time) counterpart, SchnorrQ, while offering significant performance advantages over its multiple-time counterparts in various fronts. We open-source our implementation for public testing and adoption.
more »
« less
Energy-Aware Digital Signatures for Embedded Medical Devices
Authentication is vital for the Internet of Things (IoT) applications involving sensitive data (e.g., medical and financial systems). Digital signatures offer scalable authentication with non-repudiation and public verifiability, which are necessary for auditing and dispute resolution in such IoT applications. However, digital signatures have been shown to be highly costly for low-end IoT devices, especially when embedded devices (e.g., medical implants) must operate without a battery replacement for a long time.
We propose an Energy-aware Signature for Embedded Medical devices (ESEM) that achieves near-optimal signer efficiency. ESEM signature generation does not require any costly operations (e.g., elliptic curve (EC) scalar multiplication/addition), but only a small constant-number of pseudo-random function calls, additions, and a single modular multiplication. ESEM has the smallest signature size among its EC-based counterparts with an identical private key size. We achieve this by eliminating the use of the ephemeral public key (i.e, commitment) in Schnorrtype signatures from the signing via a distributed construction at the verifier without interaction with the signer while permitting a constant-size public key. We proved that ESEM is secure (in random oracle model), and fully implemented it on an 8-bit AVR microcontroller that is commonly used in medical devices. Our experiments showed that ESEM achieves 8.4× higher energy efficiency over its closest counterpart while offering a smaller signature and code size. Hence, ESEM can be suitable for deployment on resource-limited embedded devices in IoT. We
more »
« less
- Award ID(s):
- 1917627
- NSF-PAR ID:
- 10128458
- Date Published:
- Journal Name:
- IEEE Conference on Communications and Network Security (CNS)
- Page Range / eLocation ID:
- 55 to 63
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Digital signatures provide scalable authentication with non-repudiation and therefore are vital tools for the Internet of Things (IoT). IoT applications harbor vast quantities of low-end devices that are expected to operate for long periods with a risk of compromise. Hence, IoT needs post-quantum cryptography (PQC) that respects the resource limitations of low-end devices while offering compromise resiliency (e.g., forward security). However, as seen in NIST PQC efforts, quantum-safe signatures are extremely costly for low-end IoT. These costs become prohibitive when forward security is considered. We propose a highly lightweight post-quantum digital signature called HArdware-Supported Efficient Signature (HASES) that meets the stringent requirements of resource-limited signers (processor, memory, bandwidth) with forward security. HASES transforms a key-evolving one-time hash-based signature into a polynomial unbounded one by introducing a public key oracle via secure enclaves. The signer is non-interactive and only generates a few hashes per signature. Unlike existing hardware-supported alternatives, HASES does not require secure-hardware on the signer, which is infeasible for low-end IoT. HASES also does not assume non-colluding servers that permit scalable verification. We proved that HASES is secure and implemented it on the commodity hardware and the 8-bit AVR ATmega2560 microcontroller. Our experiments confirm that HASES is 271 and 34 faster than (forward-secure) XMSS and (plain) Dilithium. HASES is more than twice and magnitude more energy-efficient than (forward-secure) ANT and (plain) BLISS, respectively, on an 8-bit device. We open-source HASES for public testing and adaptation.more » « less
-
A digital signature is an essential cryptographic tool to offer authentication with public verifiability, non-repudiation, and scalability. However, digital signatures often rely on expensive operations that can be highly costly for low-end devices, typically seen in the Internet of Things and Systems (IoTs). These efficiency concerns especially deepen when post-quantum secure digital signatures are considered. Hence, it is of vital importance to devise post-quantum secure digital signatures that are designed with the needs of such constraint IoT systems in mind. In this work, we propose a novel lightweight post-quantum digital signature that respects the processing, memory, and bandwidth limitations of resource-limited IoTs. Our new scheme, called ANT, efficiently transforms a one-time signature to a (polynomially bounded) many-time signature via a distributed public key computation method. This new approach enables a resource-limited signer to compute signatures without any costly lattice operations (e.g., rejection samplings, matrix multiplications, etc.), and only with a low-memory footprint and compact signature sizes. We also developed a variant for ANT with forward-security, which is an extremely costly property to attain via the state-of-the-art postquantum signatures.more » « less
-
Trustworthy and Efficient Digital Twins in Post-Quantum Era with Hybrid Hardware-Assisted Signaturesmore » « less
Digital Twins (DT) virtually model cyber-physical objects via sensory inputs by simulating or monitoring their behavior. Therefore, DTs usually harbor vast quantities of Internet of Things (IoT) components (e.g., sensors) that gather, process, and offload sensitive information (e.g., healthcare) to the cloud. It is imperative to ensure the trustworthiness of such sensitive information with long-term and compromise-resilient security guarantees. Digital signatures provide scalable authentication and integrity with non-repudiation and are vital tools for DTs. Post-quantum cryptography (PQC) and forward-secure signatures are two fundamental tools to offer long-term security and breach resiliency. However, NIST-PQC signature standards are exorbitantly costly for embedded DT components and are infeasible when forward-security is also considered. Moreover, NIST-PQC signatures do not admit aggregation, which is a highly desirable feature to mitigate the heavy storage and transmission burden in DTs. Finally, NIST recommends hybrid PQ solutions to enable cryptographic agility and transitional security. Yet, there is a significant gap in the state of the art in the achievement of all these advanced features simultaneously. Therefore, there is a significant need for lightweight digital signatures that offer compromise resiliency and compactness while permitting transitional security into the PQ era for DTs.
We create a series of highly lightweight digital signatures called Hardware-ASisted Efficient Signature (
HASES ) that meets the above requirements. The core ofHASES is a hardware-assisted cryptographic commitment construct oracle (CCO ) that permits verifiers to obtain expensive commitments without signer interaction. We created threeHASES schemes:PQ-HASES is a forward-secure PQ signature,LA-HASES is an efficient aggregate Elliptic-Curve signature, andHY-HASES is a novel hybrid scheme that combinesPQ-HASES andLA-HASES with novel strong nesting and sequential aggregation.HASES does not require a secure-hardware on the signer. We prove thatHASES schemes are secure and implemented them on commodity hardware and and 8-bit AVR ATmega2560. Our experiments confirm thatPQ-HASES andLA-HASES are two magnitudes of times more signer efficient than their PQ and conventional-secure counterparts, respectively.HY-HASES outperforms NIST PQC and conventional signature combinations, offering a standard-compliant transitional solution for emerging DTs. We open-sourceHASES schemes for public-testing and adaptation. -
Efficient authentication is vital for IoT applications with stringent minimum-delay requirements (e.g., energy delivery systems). This requirement becomes even more crucial when the IoT devices are battery-powered, like small aerial drones, and the efficiency of authentication directly translates to more operation time. Although some fast authentication techniques have been proposed, some of them might not fully meet the needs of the emerging delay-aware IoT. In this paper, we propose a new signature scheme called ARIS that pushes the limits of the existing digital signatures, wherein commodity hardware can verify 83,333 signatures per second. ARIS also enables the fastest signature generation along with the lowest energy consumption and end-to-end delay among its counterparts. These significant computational advantages come with a larger storage requirement, which is a favorable trade-off for some critical delay-aware applications. These desirable features are achieved by harnessing message encoding with cover-free families and a special elliptic curve based one-way function. We prove the security of ARIS under the hardness of the elliptic curve discrete logarithm problem in the random oracle model. We provide an open-sourced implementation of ARIS on commodity hardware and an 8-bit AVR microcontroller for public testing and verification.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/CNS.2019.8802675
