Internet of Things (IoT) and Storage-as-a-Service (STaaS) continuum permit cost-effective maintenance of security-sensitive information collected by IoT devices over cloud systems. It is necessary to guarantee the security of sensitive data in IoT-STaaS applications. Especially, log entries trace critical events in computer systems and play a vital role in the trustworthiness of IoT-STaaS. An ideal log protection tool must be scalable and lightweight for vast quantities of resource-limited IoT devices while permitting efficient and public verification at STaaS. However, the existing cryptographic logging schemes either incur significant computation/signature overhead to the logger or extreme storage and verification costs to the cloud. There is a critical need for a cryptographic forensic log tool that respects the efficiency requirements of the IoT-STaaS continuum.
In this paper, we created novel digital signatures for logs called Optimal Signatures for secure Logging (OSLO), which are the first (to the best of our knowledge) to offer both small-constant signature and public key sizes with near-optimal signing and batch verification via various granularities. We introduce new design features such as one-time randomness management, flexible aggregation along with various optimizations to attain these seemingly conflicting properties simultaneously. Our experiments show that OSLO offers 50× faster verification (for 235 entries) than the most compact alternative with equal signature sizes, while also being several magnitudes of more compact than its most logger efficient counterparts. These properties make OSLO an ideal choice for the IoT-STaaS, wherein lightweight logging and efficient batch verification of massive-size logs are vital for the IoT edge and cold storage servers, respectively.
more »
« less
Compact and Resilient Cryptographic Tools for Digital Forensics
Audit logs play a crucial role in the security of computer systems and are targeted by the attackers due to their forensic value. Digital signatures are essential tools to ensure the authentication/integrity of logs with public verifiability and nonrepudiation. Especially, forward-secure and aggregate signatures (FAS) offer compromise-resiliency and append-only features such that an active attacker compromising a computer cannot tamper or selectively delete the logs collected before the breach. Despite their high-security, existing FAS schemes can only sign a small pre-defined number (K) of logs, and their key-size/computation overhead grows linearly with K. These limitations prevent a practical adoption of FAS schemes for digital forensics. In this paper, we created new signatures named COmpact and REsilient (CORE) schemes, which are (to the best of our knowledge) the first FAS that can sign (practically) unbounded number of messages with only a sub-linear growth in the keysize/computation overhead. Central to CORE is the creation of a novel K-time signature COREKBase that has a small-constant key generation overhead and public key size. We then develop CORE-MMM that harnesses COREK Base via forward-secure transformations. We showed that CORE-MMM significantly outperforms its alternatives for essential metrics. For instance, CORE-MMM provides more than two and one magnitudes faster key updates and smaller signatures, respectively, with smaller private keys. CORE-MMM also offers extra efficiency when the same messages are signed with evolving keys. We formally prove that CORE schemes are secure. Our analysis indicates that CORE schemes are ideal tools to enhance the trustworthiness of digital forensic applications.
more »
« less
- Award ID(s):
- 1917627
- NSF-PAR ID:
- 10206542
- Date Published:
- Journal Name:
- IEEE Conference on Communications and Network Security (CNS)
- Page Range / eLocation ID:
- 1 to 9
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Trustworthy and Efficient Digital Twins in Post-Quantum Era with Hybrid Hardware-Assisted Signaturesmore » « less
Digital Twins (DT) virtually model cyber-physical objects via sensory inputs by simulating or monitoring their behavior. Therefore, DTs usually harbor vast quantities of Internet of Things (IoT) components (e.g., sensors) that gather, process, and offload sensitive information (e.g., healthcare) to the cloud. It is imperative to ensure the trustworthiness of such sensitive information with long-term and compromise-resilient security guarantees. Digital signatures provide scalable authentication and integrity with non-repudiation and are vital tools for DTs. Post-quantum cryptography (PQC) and forward-secure signatures are two fundamental tools to offer long-term security and breach resiliency. However, NIST-PQC signature standards are exorbitantly costly for embedded DT components and are infeasible when forward-security is also considered. Moreover, NIST-PQC signatures do not admit aggregation, which is a highly desirable feature to mitigate the heavy storage and transmission burden in DTs. Finally, NIST recommends hybrid PQ solutions to enable cryptographic agility and transitional security. Yet, there is a significant gap in the state of the art in the achievement of all these advanced features simultaneously. Therefore, there is a significant need for lightweight digital signatures that offer compromise resiliency and compactness while permitting transitional security into the PQ era for DTs.
We create a series of highly lightweight digital signatures called Hardware-ASisted Efficient Signature (
HASES ) that meets the above requirements. The core ofHASES is a hardware-assisted cryptographic commitment construct oracle (CCO ) that permits verifiers to obtain expensive commitments without signer interaction. We created threeHASES schemes:PQ-HASES is a forward-secure PQ signature,LA-HASES is an efficient aggregate Elliptic-Curve signature, andHY-HASES is a novel hybrid scheme that combinesPQ-HASES andLA-HASES with novel strong nesting and sequential aggregation.HASES does not require a secure-hardware on the signer. We prove thatHASES schemes are secure and implemented them on commodity hardware and and 8-bit AVR ATmega2560. Our experiments confirm thatPQ-HASES andLA-HASES are two magnitudes of times more signer efficient than their PQ and conventional-secure counterparts, respectively.HY-HASES outperforms NIST PQC and conventional signature combinations, offering a standard-compliant transitional solution for emerging DTs. We open-sourceHASES schemes for public-testing and adaptation. -
The Internet of Things (IoT) harbors a large number of resource-limited devices (e.g., sensors) that continuously generate and offload sensitive information (e.g., financial, health, personal). It is imperative the ensure the trustworthiness of this data with efficient cryptographic mechanisms. Digital signatures can offer scalable authentication with public verifiability and nonrepudiation. However, the state-of-the-art digital signatures do not offer the desired efficiency and are not scalable for the connected resource-limited IoT devices. This is without considering long term security features such as post-quantum security and forward security. In this paper, we summarize the main challenges to an energy-aware and efficient signature scheme. Then, we propose new scheme design improvements that uniquely embed different emerging technologies such as Mutli-Party Computation (MPC) and secure enclaves (e.g., Intel SGX) in order to secret-share confidential keys of low-end IoT devices across multiple cloud servers. We also envision building signature schemes with Fully Homomorphic Encryption (FHE) to enable verifiers to compute expensive commitments under encryption. We provide evaluation metrics that showcase the feasibility and efficiency of our designs for potential deployment on embedded devices in IoT.more » « less
-
A digital signature is an essential cryptographic tool to offer authentication with public verifiability, non-repudiation, and scalability. However, digital signatures often rely on expensive operations that can be highly costly for low-end devices, typically seen in the Internet of Things and Systems (IoTs). These efficiency concerns especially deepen when post-quantum secure digital signatures are considered. Hence, it is of vital importance to devise post-quantum secure digital signatures that are designed with the needs of such constraint IoT systems in mind. In this work, we propose a novel lightweight post-quantum digital signature that respects the processing, memory, and bandwidth limitations of resource-limited IoTs. Our new scheme, called ANT, efficiently transforms a one-time signature to a (polynomially bounded) many-time signature via a distributed public key computation method. This new approach enables a resource-limited signer to compute signatures without any costly lattice operations (e.g., rejection samplings, matrix multiplications, etc.), and only with a low-memory footprint and compact signature sizes. We also developed a variant for ANT with forward-security, which is an extremely costly property to attain via the state-of-the-art postquantum signatures.more » « less
-
Digital signatures provide scalable authentication with non-repudiation and therefore are vital tools for the Internet of Things (IoT). IoT applications harbor vast quantities of low-end devices that are expected to operate for long periods with a risk of compromise. Hence, IoT needs post-quantum cryptography (PQC) that respects the resource limitations of low-end devices while offering compromise resiliency (e.g., forward security). However, as seen in NIST PQC efforts, quantum-safe signatures are extremely costly for low-end IoT. These costs become prohibitive when forward security is considered. We propose a highly lightweight post-quantum digital signature called HArdware-Supported Efficient Signature (HASES) that meets the stringent requirements of resource-limited signers (processor, memory, bandwidth) with forward security. HASES transforms a key-evolving one-time hash-based signature into a polynomial unbounded one by introducing a public key oracle via secure enclaves. The signer is non-interactive and only generates a few hashes per signature. Unlike existing hardware-supported alternatives, HASES does not require secure-hardware on the signer, which is infeasible for low-end IoT. HASES also does not assume non-colluding servers that permit scalable verification. We proved that HASES is secure and implemented it on the commodity hardware and the 8-bit AVR ATmega2560 microcontroller. Our experiments confirm that HASES is 271 and 34 faster than (forward-secure) XMSS and (plain) Dilithium. HASES is more than twice and magnitude more energy-efficient than (forward-secure) ANT and (plain) BLISS, respectively, on an 8-bit device. We open-source HASES for public testing and adaptation.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/CNS48642.2020.9162236
