An official website of the United States government
A digital signature is an essential cryptographic tool to offer authentication with public verifiability, non-repudiation, and scalability. However, digital signatures often rely on expensive operations that can be highly costly for low-end devices, typically seen in the Internet of Things and Systems (IoTs). These efficiency concerns especially deepen when post-quantum secure digital signatures are considered. Hence, it is of vital importance to devise post-quantum secure digital signatures that are designed with the needs of such constraint IoT systems in mind. In this work, we propose a novel lightweight post-quantum digital signature that respects the processing, memory, and bandwidth limitations of resource-limited IoTs. Our new scheme, called ANT, efficiently transforms a one-time signature to a (polynomially bounded) many-time signature via a distributed public key computation method. This new approach enables a resource-limited signer to compute signatures without any costly lattice operations (e.g., rejection samplings, matrix multiplications, etc.), and only with a low-memory footprint and compact signature sizes. We also developed a variant for ANT with forward-security, which is an extremely costly property to attain via the state-of-the-art postquantum signatures.
more »
« less
Lightweight Digital Signatures for Internet of Things: Current and Post-Quantum Trends and Visions
The Internet of Things (IoT) harbors a large number of resource-limited devices (e.g., sensors) that continuously generate and offload sensitive information (e.g., financial, health, personal). It is imperative the ensure the trustworthiness of this data with efficient cryptographic mechanisms. Digital signatures can offer scalable authentication with public verifiability and nonrepudiation. However, the state-of-the-art digital signatures do not offer the desired efficiency and are not scalable for the connected resource-limited IoT devices. This is without considering long term security features such as post-quantum security and forward security. In this paper, we summarize the main challenges to an energy-aware and efficient signature scheme. Then, we propose new scheme design improvements that uniquely embed different emerging technologies such as Mutli-Party Computation (MPC) and secure enclaves (e.g., Intel SGX) in order to secret-share confidential keys of low-end IoT devices across multiple cloud servers. We also envision building signature schemes with Fully Homomorphic Encryption (FHE) to enable verifiers to compute expensive commitments under encryption. We provide evaluation metrics that showcase the feasibility and efficiency of our designs for potential deployment on embedded devices in IoT.
more »
« less
- Award ID(s):
- 1917627
- PAR ID:
- 10486663
- Publisher / Repository:
- IEEE
- Date Published:
- ISBN:
- 979-8-3503-8211-2
- Page Range / eLocation ID:
- 1 to 2
- Subject(s) / Keyword(s):
- Authentication Internet of Things post-quantum security embedded devices lightweight cryptography
- Format(s):
- Medium: X
- Location:
- Tampa, FL, USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Digital signatures provide scalable authentication with non-repudiation and therefore are vital tools for the Internet of Things (IoT). IoT applications harbor vast quantities of low-end devices that are expected to operate for long periods with a risk of compromise. Hence, IoT needs post-quantum cryptography (PQC) that respects the resource limitations of low-end devices while offering compromise resiliency (e.g., forward security). However, as seen in NIST PQC efforts, quantum-safe signatures are extremely costly for low-end IoT. These costs become prohibitive when forward security is considered. We propose a highly lightweight post-quantum digital signature called HArdware-Supported Efficient Signature (HASES) that meets the stringent requirements of resource-limited signers (processor, memory, bandwidth) with forward security. HASES transforms a key-evolving one-time hash-based signature into a polynomial unbounded one by introducing a public key oracle via secure enclaves. The signer is non-interactive and only generates a few hashes per signature. Unlike existing hardware-supported alternatives, HASES does not require secure-hardware on the signer, which is infeasible for low-end IoT. HASES also does not assume non-colluding servers that permit scalable verification. We proved that HASES is secure and implemented it on the commodity hardware and the 8-bit AVR ATmega2560 microcontroller. Our experiments confirm that HASES is 271 and 34 faster than (forward-secure) XMSS and (plain) Dilithium. HASES is more than twice and magnitude more energy-efficient than (forward-secure) ANT and (plain) BLISS, respectively, on an 8-bit device. We open-source HASES for public testing and adaptation.more » « less
-
Internet of Things (IoT) and Storage-as-a-Service (STaaS) continuum permit cost-effective maintenance of security-sensitive information collected by IoT devices over cloud systems. It is necessary to guarantee the security of sensitive data in IoT-STaaS applications. Especially, log entries trace critical events in computer systems and play a vital role in the trustworthiness of IoT-STaaS. An ideal log protection tool must be scalable and lightweight for vast quantities of resource-limited IoT devices while permitting efficient and public verification at STaaS. However, the existing cryptographic logging schemes either incur significant computation/signature overhead to the logger or extreme storage and verification costs to the cloud. There is a critical need for a cryptographic forensic log tool that respects the efficiency requirements of the IoT-STaaS continuum. In this paper, we created novel digital signatures for logs called Optimal Signatures for secure Logging (OSLO), which are the first (to the best of our knowledge) to offer both small-constant signature and public key sizes with near-optimal signing and batch verification via various granularities. We introduce new design features such as one-time randomness management, flexible aggregation along with various optimizations to attain these seemingly conflicting properties simultaneously. Our experiments show that OSLO offers 50× faster verification (for 235 entries) than the most compact alternative with equal signature sizes, while also being several magnitudes of more compact than its most logger efficient counterparts. These properties make OSLO an ideal choice for the IoT-STaaS, wherein lightweight logging and efficient batch verification of massive-size logs are vital for the IoT edge and cold storage servers, respectively.more » « less
-
Authentication is vital for the Internet of Things (IoT) applications involving sensitive data (e.g., medical and financial systems). Digital signatures offer scalable authentication with non-repudiation and public verifiability, which are necessary for auditing and dispute resolution in such IoT applications. However, digital signatures have been shown to be highly costly for low-end IoT devices, especially when embedded devices (e.g., medical implants) must operate without a battery replacement for a long time. We propose an Energy-aware Signature for Embedded Medical devices (ESEM) that achieves near-optimal signer efficiency. ESEM signature generation does not require any costly operations (e.g., elliptic curve (EC) scalar multiplication/addition), but only a small constant-number of pseudo-random function calls, additions, and a single modular multiplication. ESEM has the smallest signature size among its EC-based counterparts with an identical private key size. We achieve this by eliminating the use of the ephemeral public key (i.e, commitment) in Schnorrtype signatures from the signing via a distributed construction at the verifier without interaction with the signer while permitting a constant-size public key. We proved that ESEM is secure (in random oracle model), and fully implemented it on an 8-bit AVR microcontroller that is commonly used in medical devices. Our experiments showed that ESEM achieves 8.4× higher energy efficiency over its closest counterpart while offering a smaller signature and code size. Hence, ESEM can be suitable for deployment on resource-limited embedded devices in IoT. Wemore » « less
-
The rapid proliferation of resource-constrained IoT devices across sectors like healthcare, industrial automation, and finance introduces major security challenges. Traditional digital signatures, though foundational for authentication, are often infeasible for low-end devices with limited computational, memory, and energy resources. Also, the rise of quantum computing necessitates post-quantum (PQ) secure alternatives. However, NIST-standardized PQ signatures impose substantial overhead, limiting their practicality in energy-sensitive applications such as wearables, where signer-side efficiency is critical. To address these challenges, we present LightQSign (LiteQS), a novel lightweight PQ signature that achieves near-optimal signature generation efficiency with only a small, constant number of hash operations per signing. Its core innovation enables verifiers to obtain one-time hash-based public keys without interacting with signers or third parties through secure computation. We formally prove the security of LiteQS in the random oracle model and evaluate its performance on commodity hardware and a resource-constrained 8-bit AtMega128A1 microcontroller. Experimental results show that LiteQS outperforms NIST PQ standards with lower computational overhead, minimal memory usage, and compact signatures. On an 8-bit microcontroller, it achieves up to 1.5–24×higher energy efficiency and 1.7–22×shorter signatures than PQ counterparts, and 56–76×better energy efficiency than conventional standards–enabling longer device lifespans and scalable, quantum-resilient authentication.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/DSC61021.2023.10354177
