Elliptic Curve Cryptography (2014 Year in Review), Part 3

	Elliptic Curve Cryptography (2014 Year in Review)  Part 3

Elliptic curve cryptography is a major research area globally.  In 2014, more than one hundred articles of interest to the Science of Security community have been published.  We cite them here in five parts. 

Azarderakhsh, R.; Karabina, K., "A New Double Point Multiplication Algorithm and Its Application to Binary Elliptic Curves with Endomorphisms," Computers, IEEE Transactions on, vol. 63, no. 10, pp.2614,2619, Oct. 201. doi: 10.1109/TC.2013.112 We present a new double point multiplication algorithm based on differential addition chains. Our proposed scheme has a uniform structure and has some degree of built-in resistance against side channel analysis attacks. We discuss deploying our scheme in a hardware implementation of single point multiplication on binary elliptic curves with efficiently computable endomorphisms. Based on operation counts, we expect to gain accelerations of 30% and 18% for computing single point multiplication with and without availability of parallel multipliers, respectively, and these results are verified in our implementations.
Keywords: public key cryptography; binary elliptic curves; computable endomorphisms; differential addition chains; double point multiplication algorithm; hardware implementation; parallel multipliers; side channel analysis attacks; single point multiplication; Algorithm design and analysis; Elliptic curve cryptography; Elliptic curves; Resistance; Elliptic curve cryptosystems; differential addition chains; double point multiplication; endomorphism (ID#: 15-4228)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6514031&isnumber=6891494

Yang, Yatao; Zhang, Shuang; Yang, Junming; Li, Jia; Li, Zichen, "Targeted Fully Homomorphic Encryption Based On A Double Decryption Algorithm For Polynomials," Tsinghua Science and Technology, vol.19, no. 5, pp.478,485, Oct. 2014. doi: 10.1109/TST.2014.6919824 Several public-key encryption schemes used to solve the problem of ciphertext data processing on the fly are discussed. A new targeted fully homomorphic encryption scheme based on the discrete logarithm problem is presented. Public-key encryption cryptosystems are classified to examine homomorphic encryption. Without employing techniques proposed by Gentry such as somewhat homomorphic and bootstrapping techniques, or relinearization technique proposed by Brakerski, et al., a new method called “Double Decryption Algorithm” is employed in our cryptography to satisfy a fully or targeted fully homomorphic property. Inspired by ElGamal and BGN cryptography, we obtain the desired fully homomorphic property by selecting a new group and adding an extra component to the ciphertext. Proof of semantic security is also demonstrated.
Keywords: Algorithm design and analysis; Elliptic curve cryptography; Encryption; Polynomials; discrete logarithm problem; exponential function method; power function method; targeted fully homomorphic encryption (ID#: 15-4229)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6919824&isnumber=6919815

Hsin-Yu Ting; Chih-Tsun Huang, "Design of Low-Cost Elliptic Curve Cryptographic Engines for Ubiquitous Security," VLSI Design, Automation and Test (VLSI-DAT), 2014 International Symposium on, pp. 1, 4, 28-30 April 2014. doi: 10.1109/VLSI-DAT.2014.6834883 This paper presents Elliptic Curve Cryptographic (ECC) engines for very constrained devices in ubiquitous security such as passive RFID tags. The proposed scheduling of atomic operations optimizes the EC scalar multiplication at a higher level of finite field arithmetic with improved resource arrangement. Our architecture of arithmetic unit (AU) and circular-shift-based register file (RF) realizes the scheduling effectively. Using 65nm process technology, the ECC engine can produce one scalar multiplication in 250ms with 10.5K gates. The area overhead is 1.23× to 1.54× smaller than other designs; the power of 4.68μW and energy of 1.17μJ is also the lowest. The comparison shows that our ECC engines outperform others in terms of cycles, area, power and energy.
Keywords: digital arithmetic; flip-flops; public key cryptography; radiofrequency identification; shift registers; telecommunication security; ubiquitous computing;65nm process technology; EC scalar multiplication; ECC engine; arithmetic unit architecture; atomic operation scheduling; circular-shift-based register file; finite field arithmetic; low-cost elliptic curve cryptographic engine design; passive RFID tags; resource arrangement improvement; ubiquitous security; Elliptic curve cryptography; Engines; Gold; Radio frequency; Radiofrequency identification; Registers (ID#: 15-4230)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6834883&isnumber=6834858

Xiao Chun Yin; Zeng Guang Liu; Hoon Jae Lee, "An Efficient And Secured Data Storage Scheme In Cloud Computing using ECC-based PKI," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.523, 527, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779015 Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centres located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The rapid growth in field of "cloud computing" also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security, cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. This paper proposes a scheme to securely store and access of data via internet. We have used ECC based PKI for certificate procedure because the use of ECC significantly reduces the computation cost, message size and transmission overhead over RSA based PKI as 160-bit key size in ECC provides comparable security with 1024-bit key in RSA. We have designed Secured Cloud Storage Framework (SCSF). In this framework, users not only can securely store and access data in cloud but also can share data with multiple users through the unsecure internet in a secured way. This scheme can ensure the security and privacy of the data in the cloud.
Keywords: cloud computing; computer centres; data privacy; open systems; public key cryptography; security of data; storage management; ECC-based PKI; RSA based PKI; SCSF; certificate procedure; cloud computing; cloud services; computation cost; data centres; data privacy;data security; message size; open systems; secured cloud storage framework; secured data storage scheme; security concern; transmission overhead; unsecure Internet; virtual resources; Cloud computing; Educational institutions; Elliptic curve cryptography; Elliptic curves; Certificate; Cloud computing; Cloud storage; ECC; PKI (ID#: 15-4231)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779015&isnumber=6778899

Kannavara, R.; Schaumont, P.; Maniatakos, M.; Smith, M.A.; Buck, S., "Innovative Engineering Outreach Using Intel® Security And Embedded Tools," Microelectronics Education (EWME), 10th European Workshop on, pp.127,132, 14-16 May 2014. doi: 10.1109/EWME.2014.6877411 During Spring 2013, the Evaluation Platforms Program from Intel and the Intel Software and Services Group donated Intel® Atom™ processor based development kits to the Electrical and Computer Engineering (ECE) Departments at Virginia Tech University and Polytechnic Institute of New York University (NYU Poly). The goal was to enable engineering faculty to develop projects based on Intel® security and embedded tools. The projects thus developed, key learnings and project outcomes are elucidated in this paper. Further, we evaluate the outreach projects to highlight the two different, yet important approaches to security curriculum development emphasizing security engineering versus security attacks.
Keywords: computer science education; embedded systems; innovation management; microprocessor chips; security of data; ECE departments; Intel Atom processor based development kits; Intel Software and Services Group; Intel embedded tools; Intel security tools; NYU Poly; Polytechnic Institute of New York University; Virginia Tech University; electrical and computer engineering departments; engineering faculty; evaluation platform program; innovative engineering outreach; security curriculum development; Elliptic curve cryptography; Law; Libraries; NIST; Computer Security; Embedded Platforms; Engineering Outreach; Intel® Atom^TM Processors (ID#: 15-4232)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6877411&isnumber=6877377

Poppelmann, T.; Guneysu, T., "Area Optimization Of Lightweight Lattice-Based Encryption On Reconfigurable Hardware," Circuits and Systems (ISCAS), 2014 IEEE International Symposium on, pp.2796, 2799, 1-5 June 2014. doi: 10.1109/ISCAS.2014.6865754 Ideal lattice-based cryptography gained significant attraction in the last years due to its versatility, simplicity and performance in implementations. Nevertheless, existing implementations of encryption schemes reported only results trimmed for high-performance what is certainly not sufficient for all applications in practice. To the contrary, in this work we investigate lightweight aspects and suitable parameter sets for Ring-LWE encryption and show optimizations that enable implementations even with very few resources on a reconfigurable hardware device. Despite of this restriction, we still achieve reasonable throughput that is sufficient for many today's and future applications.
Keywords: cryptography; area optimization; ideal lattice-based cryptography; lightweight lattice-based encryption scheme; reconfigurable hardware device; ring-LWE encryption; Digital signal processing; Elliptic curve cryptography; Encryption; Hardware; Lattices; Polynomials (ID#: 15-4233)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6865754&isnumber=6865048

Suresh, J.S.; Manjushree, A.; Eswaran, P., "Differential Power Analysis (DPA) Attack On Dual Field ECC Processor For Cryptographic Applications," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 5, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921775 Exchange of private information over a public medium must incorporate a method for data protection against unauthorized access. To enhance the data security against the DPA attack in network communication, a dual field ECC processor supporting all finite field operations is proposed. The ECC processor performs hardware designs in terms of functionality, scalability, performance and power consumption. A unified scheme is introduced to accelerate EC arithmetic functions. The hardware is optimized by a very compact Galois field arithmetic unit with fully pipelined technique. A key-blinded technique is designed against power analysis attacks.
Keywords: Galois fields; pipeline arithmetic; public key cryptography; DPA attack; EC arithmetic functions; Galois field arithmetic unit; cryptographic applications; data security; differential power analysis; dual field ECC processor; elliptical curve cryptography; fully pipelined technique; hardware optimization; key-blinded technique; network communication; Algorithm design and analysis; Computers; Elliptic curve cryptography; Elliptic curves; Hardware; DPA; Dual fields; ECC; Galois field; Public key cryptography (ID#: 15-4234)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921775&isnumber=6921705

Huaqun Wang, "Authentic and Confidential Policy Distribution In Software Defined Wireless Network," Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International, pp. 1167, 1171, 4-8 Aug. 2014. doi: 10.1109/IWCMC.2014.6906520 Software-defined networking (SDN) empowers network operators with more flexibility to program their networks. By separating the complexity of state distribution from network specification, SDN provides new ways to deal with age-old problems in networking, for example, routing. At the same time, SDN also brings about some new security problems, such as forged traffic flow, vulnerability, etc. In wireless SDN, the controller will send some policies to the switches. It is very important to remain these policies authentic and confidential due to the wireless and insecure channel. In this paper, we propose a secure and efficient policy distribution scheme in wireless SDN which can realize authentication and secrecy simultaneously. The proposed scheme takes use of the symmetric encryption/decryption algorithms, bilinear pairings and multi-linear map. Through security analysis and efficiency analysis, our scheme is provably secure and efficient in the random oracle model (ROM).
Keywords: cryptography; radio networks; software radio; wireless channels; bilinear pairings; multilinear map; network specification; policy distribution; random oracle model; software defined wireless network; state distribution; symmetric encryption decryption algorithms; wireless channel; Communication system security; Control systems; Elliptic curve cryptography; Encryption; Wireless communication; Authentication; Multi-linear map; Policy distribution; SDN; Secrecy (ID#: 15-4235)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6906520&isnumber=6906315

Sarvabhatla, M.; Giri, M.; Vorugunti, C.S., "Cryptanalysis of “a Biometric-Based User Authentication Scheme For Heterogeneous Wireless Sensor Networks”," Contemporary Computing (IC3), 2014 Seventh International Conference on, pp. 312, 317, 7-9 Aug. 2014. doi: 10.1109/IC3.2014.6897192 With the advancement of Internet of Things (IoT) technology and rapid growth of WSN applications, provides an opportunity to connect WSN to IoT, which results in the secure sensor data can be accessible via in secure Internet. The integration of WSN and IoT effects lots of security challenges and requires strict user authentication mechanism. Quite a few isolated user verification or authentication schemes using the password, the biometrics and the smart card have been proposed in the literature. In 2013, A.K Das et al. designed a biometric-based remote user verification scheme using smart card for heterogeneous wireless sensor networks. A.K Das et al insisted that their scheme is secure against several known cryptographic attacks. Unfortunately, in this manuscript we will show that their scheme fails to resist replay attack, user impersonation attack, failure to accomplish mutual authentication and failure to provide data privacy.
Keywords: Internet; Internet of Things; authorisation; biometrics (access control); cryptography; message authentication; smart cards; wireless sensor networks; Internet of Things technology; IoT technology; WSN applications; biometric-based remote user verification scheme; cryptanalysis; cryptographic attack; data privacy; heterogeneous wireless sensor network; mutual authentication; password; replay attack; secure Internet; secure sensor data; smart card; user authentication mechanism; user impersonation attack; Authentication; Biometrics (access control);Elliptic curve cryptography; Smart cards; Wireless sensor networks; Biometric; Cryptanalysis; Smart Card; User Authentication; Wireless Sensor Networks (ID#: 15-4236)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6897192&isnumber=6897132

Khan, A.K.; Mahanta, H.J., "Side Channel Attacks And Their Mitigation Techniques," Automation, Control, Energy and Systems (ACES), 2014 First International Conference on, pp.1, 4, 1-2 Feb. 2014. doi: 10.1109/ACES.2014.6807983 Side channel cryptanalysis is one of the most volatile fields of research in security prospects. It has proved that cryptanalysis is no more confined to its dependence on plain text or cipher text. Indeed side channel attack uses the physical characteristics of the cryptographic device to find the cryptographic algorithm used and also the secret key. It is one of the most efficient techniques and has successfully broken almost all the cryptographic algorithms today. In this paper we aim to present a review on the various side channel attacks possible. Also, the techniques proposed to mitigate such an attack have been stated.
Keywords: cryptography; cryptographic device; Ivolatile field; mitigation technique; security prospect; side channel attack; side channel cryptanalysis; Ciphers; Elliptic curve cryptography; Encryption; Hardware; Timing; AES; DES; DPA; Power Analysis; SPA; cryptographic device (ID#: 15-4237)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6807983&isnumber=6807973

Yezhen Liang; Guoqiang Bai, "A Randomized Window-Scanning RSA Scheme Resistant To Power Analysis," Computer and Information Science (ICIS), 2014 IEEE/ACIS 13th International Conference on, pp.217,221, 4-6 June 2014. doi: 10.1109/ICIS.2014.6912137 An effective randomized window-scanning RSA scheme resistant to power analysis is presented in this paper. Unlike the traditional countermeasures such as message blinding or the multiply-always exponentiation scheme, our proposal focuses on randomizing the position information of the exponentiation bits which is a brand new direction for anti-power analysis research. Experimental results show that it works effectively against power analysis with a minimum overhead compared with other countermeasures.
Keywords: public key cryptography; randomised algorithms; antipower analysis; exponentiation bits; position information; randomized window-scanning RSA scheme; Correlation; Elliptic curve cryptography; Elliptic curves; Hardware; Proposals; RSA; power analysis; randomized window-scanning (ID#: 15-4238)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6912137&isnumber=6912089

Xueyuan Su; Gang Peng; Chan, S., "Multi-Path Routing and Forwarding in Non-Cooperative Wireless Networks," Parallel and Distributed Systems, IEEE Transactions on, vol.25, no.10, pp.2638, 2647, Oct. 2014. doi: 10.1109/TPDS.2013.200 Multi-path routing and forwarding in non-cooperative networks is extremely challenging due to the co-existence of both rational and Byzantine nodes. They both might deviate from the protocol; however, their intentions and behaviors are totally different. Rational nodes aim to maximize their utilities, while Byzantine nodes purposefully deviate from the protocol to disrupt the normal operation of a network. Most work in the literature treat both kinds of misbehavior without distinction and thus lead to ineffective solutions. This paper presents a hybrid design that seamlessly integrates mechanisms for different misbehavior in a unified framework. The GSP auction provides incentives for rational nodes to cooperate and results in truth-telling Nash equilibria. With the possible inclusion of Byzantine nodes in the least cost paths selected by GSP, the FORBID mechanism builds a decentralized reputation system such that malicious behavior is effectively detected. This in turn triggers the GSP auction to update the least cost paths so as to exclude the malicious nodes from being selected for communication. It is proved that the unified protocol is cooperation-optimal. Experiments have been conducted to further investigate the performance of the proposed protocol and the impact of various parameters.
Keywords: game theory; radio networks; routing protocols; Byzantine node; FORBID mechanism; GSP auction; cooperation-optimal unified protocol; decentralized reputation system; hybrid design; least cost paths; malicious behavior; malicious nodes; multipath routing-forwarding; noncooperative wireless networks; rational node; truth-telling Nash equilibria; Elliptic curve cryptography; Packet loss; Resource management; Routing; Routing protocols; Distributed networks; mechanism design and analysis; non-cooperative networks; routing and forwarding (ID#: 15-4239)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6577364&isnumber=6895194

von Maurich, I.; Guneysu, T., "Lightweight Code-Based Cryptography: QC-MDPC Mceliece Encryption On Reconfigurable Devices," Design, Automation And Test In Europe Conference And Exhibition (DATE), 2014, Pp. 1, 6, 24-28 March 2014. doi: 10.7873/DATE.2014.051 With the break of RSA and ECC cryptosystems in an era of quantum computing, asymmetric code-based cryptography is an established alternative that can be a potential replacement. A major drawback are large keys in the range between 50kByte to several MByte that prevented real-world applications of code-based cryptosystems so far. A recent proposal by Misoczki et al. showed that quasi-cyclic moderate density parity-check (QC-MDPC) codes can be used in McEliece encryption - reducing the public key to just 0.6 kByte to achieve a 80-bit security level. Despite of reasonably small key sizes that could also enable small designs, previous work only report highperformance implementations with high resource consumptions of more than 13,000 slices on a large Xilinx Virtex-6 FPGA for a combined en-/decryption unit. In this work we focus on lightweight implementations of code-based cryptography and demonstrate that McEliece encryption using QC-MDPC codes can be implemented with a significantly smaller resource footprint - still achieving reasonable performance sufficient for many applications, e.g., challenge-response protocols or hybrid firmware encryption. More precisely, our design requires just 68 slices for the encryption and around 150 slices for the decryption unit and is able to en-/decrypt an input block in 2.2ms and 13.4 ms, respectively.
Keywords: {cyclic codes; field programmable gate arrays; parity check codes; public key cryptography; quantum computing; reconfigurable architectures; ECC cryptosystems ;QC-MDPC McEliece encryption; QC-MDPC codes; RSA cryptosystems; Xilinx Virtex-6 FPGA; combined encryption-decryption unit; lightweight code-based cryptography; quantum computing; quasicyclic moderate density parity-check codes; reconfigurable devices; resource consumption; resource footprint; security level; word length 80 bit; Decoding; Elliptic curve cryptography; Encryption; Field programmable gate arrays; Generators; Vectors (ID#: 15-4240)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6800252&isnumber=6800201

Ullah, R.; Nizamuddin; Umar, A.I.; ul Amin, N., "Blind Signcryption Scheme Based On Elliptic Curves," Information Assurance and Cyber Security (CIACS), 2014 Conference on, pp. 51, 54, 12-13 June 2014. doi: 10.1109/CIACS.2014.6861332 In this paper blind signcryption using elliptic curves cryptosystem is presented. It satisfies the functionalities of Confidentiality, Message Integrity, Unforgeability, Signer Non-repudiation, Message Unlink-ability, Sender anonymity and Forward Secrecy. The proposed scheme has low computation and communication overhead as compared to existing blind Signcryption schemes and best suited for mobile phone voting and m-commerce.
Keywords: public key cryptography; blind signcryption scheme; communication overhead; confidentiality; elliptic curves cryptosystem; forward secrecy; m-commerce; message integrity; message unlink-ability; mobile phone voting; sender anonymity; signer nonrepudiation; unforgeability; Digital signatures; Elliptic curve cryptography; Elliptic curves; Equations; Mobile handsets; Anonymity; Blind Signature; Blind Signcryption; Elliptic curves; Signcryption (ID#: 15-4241)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6861332&isnumber=6861314

Debiao He; Kumar, N.; Jong-Hyouk Lee; Sherratt, R.S., "Enhanced Three-Factor Security Protocol For Consumer USB Mass Storage Devices," Consumer Electronics, IEEE Transactions on, vol. 60, no.1, pp. 30, 37, February 2014. doi: 10.1109/TCE.2014.6780922 The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs.
Keywords: cryptographic protocols; digital storage; message authentication; MSD; consumer USB mass storage devices; denial-of-service attack; enhanced three-factor security protocol; mass storage devices; multifactor authentication; password guessing attack; replay attack; universal serial bus; Authentication; Elliptic curve cryptography; Encryption; Protocols; Universal Serial Bus; Authentication; Consumer Storage; Mass Storage Device; USB (ID#: 15-4242)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6780922&isnumber=6780912

Gallo, P.; Levicky, D.; Bugar, G.; Banoci, V., "Edwards Curve Addition And Doubling Formula Analysis For Effective Parallel Decomposition," ELMAR (ELMAR), 2014 56th International Symposium, pp. 1, 4, 10-12, Sept.  2014. doi: 10.1109/ELMAR.2014.6923365 The Elliptic Curve Cryptosystem is an emerging alternative for traditional Public-Key Cryptosystem like RSA, DSA and DH. It provides the highest strength-per-bit of any cryptosystem known today with smaller key sizes resulting in faster computations, lower power consumption and memory. It also provides a methodology for obtaining high-speed, efficient and scalable implementation of protocols for authentication. The objective is to give the reader an overview on efficient addition and doubling formulas of Edwards curves together with analysis and effective parallel decomposition of these formulas. Practical analysis is provided with implementation consideration.
Keywords: cryptographic protocols; parallel processing; public key cryptography; Edwards curve; addition formulas; authentication protocols; doubling formulas; elliptic curve cryptosystem; high-speed implementation; parallel decomposition; power consumption; scalable implementation; Elliptic curve cryptography; Elliptic curves; Galois fields; Jacobian matrices; Standards; ECDLP; Edwards curve; Elliptic curve arithmetic; Parallel computation (ID#: 15-4243)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6923365&isnumber=6923293

Pontie, S.; Maistri, P., "Randomized Windows For Secure Scalar Multiplication On Elliptic Curves," Application-specific Systems, Architectures and Processors (ASAP), 2014 IEEE 25th International Conference on, pp.78, 79, 18-20 June 2014. doi: 10.1109/ASAP.2014.6868638 Elliptic curve cryptosystems (ECCs) may be chosen instead of RSA in secure embedded systems, thanks to shorter keys. However, ECC may be vulnerable, as any other cryptographic implementation, to side channel analysis, which may reveal secret information by analyzing collateral sources of information, such as power consumption. To protect the device against Timing, Simple and Differential Power Analysis, we propose the implementation of a new scalar multiplication algorithm based on randomized windows method.
Keywords: digital arithmetic; embedded systems; power consumption; public key cryptography; ECC; RSA; collateral information sources; cryptographic implementation; differential power analysis; elliptic curve cryptosystems; power consumption; randomized windows; randomized windows method; scalar multiplication algorithm; secret information; secure embedded systems; secure scalar multiplication; side channel analysis; Acceleration; Algorithm design and analysis; Computational efficiency; Elliptic curve cryptography; Elliptic curves; Partitioning algorithms; Elliptic curves; power analysis; scalar multiplication; side channel analysis (ID#: 15-4244)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868638&isnumber=6868606

Flood, P.; Schukat, M., "Peer to Peer Authentication For Small Embedded Systems: A Zero-Knowledge-Based Approach To Security for the Internet of Things," Digital Technologies (DT), 2014 10th International Conference on, pp.68, 72, 9-11 July 2014. doi: 10.1109/DT.2014.6868693 With an estimated 50 billion internet-enabled devices deployed by 2020, the arrival of the Internet of Things (IoT) or Internet of Everything (IoE) raises many questions regarding the suitability and adaptability of current computer security standards to provide privacy, data integrity and end entity authentication between communicating peers. In this paper we present a new protocol which combines zero-knowledge proofs and key exchange mechanisms to provide secure and authenticated communication in static machine-to-machine (M2M) networks. This approach addresses all of the aforementioned issues while also being suitable for devices with limited computational resources and can be deployed in wireless sensor networks. While the protocol requires an a-priori knowledge about the network setup and structure, it guarantees perfect forward secrecy.
Keywords: Internet of Things; cryptographic protocols; data integrity; data privacy; embedded systems; peer-to-peer computing; wireless sensor networks; Internet of Everything; Internet of Things security; Internet-enabled devices;IoE;IoT;M2M network; computer security standards; data integrity; embedded systems; end entity authentication ;key exchange mechanisms; peer to peer authentication; perfect forward secrecy; privacy; static machine-to-machine network; wireless sensor networks; zero-knowledge proofs; zero-knowledge-based approach; Authentication; Elliptic curve cryptography; Embedded systems; Protocols; Diffie-Hellman key exchange; GMW protocol; Zero knowledge proof (ID#: 15-4245)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868693&isnumber=6868673

Papanikolaou, A.; Rantos, K.; Androulidakis, I., "Proxied IBE-Based Key Establishment for LLNs," Digital Technologies (DT), 2014 10th International Conference on, pp.275, 280, 9-11 July 2014. doi: 10.1109/DT.2014.6868727 Embedded systems devices have a wide application range, an instance of which is their use in Low-power and Lossy Networks (LLNs), which are anticipated to become one of the fundamental building blocks for the realisation of the Internet of Things (IoT). The security issues emerging from the requirement for Web accessibility can be fulfilled by appropriate cryptographic techniques, so as to secure the communicated information, supported by appropriate key exchange protocols, able to cope with the particular nature of such networks. The properties of Identity-Based Encryption (IBE) seem to match well the nature of such networks, thus an IBE-based key establishment protocol would be a good choice to be used in an LLN. However, severe limitations on those devices resources render deployment of expensive key establishment protocols inappropriate. Alternatives are therefore proposed such as offloading some of the computationally-intensive tasks to other, more powerful devices. Our IBE-based key establishment protocol enables a constrained node to exchange a shared secret with a remote party, that typically operates outside the node's network through an also non-constrained proxy node that undertakes the task of performing some of the expensive computations. The proposed key establishment scheme facilitates secure communications among embedded systems devices providing information and services to remote parties, towards the realisation of the Internet of Things.
Keywords: Internet of Things; cryptographic protocols; embedded systems; IBE-based key establishment protocol; Internet of Things; IoT; LLN; embedded systems devices; identity-based encryption; key exchange protocols; low-power and lossy networks; nonconstrained proxy node; proxied IBE-based key establishment; secure communications; Elliptic curve cryptography; Identity-based encryption; Peer-to-peer computing; Protocols; embedded systems; identity-based encryption; key establishment; low-power and lossy networks; wireless sensor networks (ID#: 15-4246)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868727&isnumber=6868673

Farouk, A.; Miri, A.; Fouad, M.M.; Abdelhafez, A.A., "Efficient Pairing-Free, Certificateless Two-Party Authenticated Key Agreement Protocol For Grid Computing," Digital Information and Communication Technology and it's Applications (DICTAP), 2014 Fourth International Conference on, pp.279,284, 6-8 May 2014. doi: 10.1109/DICTAP.2014.6821696 The most prevalent grid security standard, grid security infrastructure uses an authentication protocol based on public key infrastructure (PKI). Certificateless public key cryptography (CL-PKC) overcomes PKI certificate management problems and is well aligned with grid computing demands. Security and efficiency are the main grid authentication protocol objectives. Practical, efficient CL-PKC-based authentication protocols for real grid environments is widely acknowledged as a challenging issue. Unfortunately, certificateless authenticated key agreement protocols rely on bilinear pairings, which are extremely computational expensive. In this paper, we present a novel pairing-free certificateless two-party authenticated grid key agreement (GPC-AKA) protocol, providing a lighter weight key management approach for grid users. We then propose the first practical GPC-AKA implementation as a proof of concept. We also compare the efficiency of GPC-AKA to other proposed work in the literature.
Keywords: cryptographic protocols; grid computing; public key cryptography; CL-PKC; authentication protocol; bilinear pairings; certificateless public key cryptography; certificateless two-party authenticated key agreement protocol; grid computing; grid security infrastructure; grid security standard; public key infrastructure; Authentication; Elliptic curve cryptography; Elliptic curves; Protocols; Grid computing; certificateless authenticated key agreement; pairing-free (ID#: 15-4247)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821696&isnumber=6821645

Zhiguo Wan; Guilin Wang; Yanjiang Yang; Shenxing Shi, "SKM: Scalable Key Management for Advanced Metering Infrastructure in Smart Grids," Industrial Electronics, IEEE Transactions on, vol. 61, no. 12, pp. 7055, 7066, Dec. 2014. doi: 10.1109/TIE.2014.2331014 Advanced metering infrastructure (AMI) plays a critical role in the smart grid. It enables intelligent applications such as load control switching, demand side management, and meter data management by creating a bidirectional communication network for smart meters and utility systems. Consequently, AMI should be strictly protected to ensure reliable and secure operations of smart grid. In this paper, we first show that a recently proposed key management scheme for AMI by Liu et al. suffers from the desynchronization attack, and, at the same time, it lacks scalability due to inefficient key management. Then, we propose a new scalable key management (SKM) scheme characterized by combining identity-based cryptosystem and efficient key tree technique. The scheme SKM possesses advantages of efficiency and flexibility in key management. In particular, the cost of SKM is O(log n) in either aspect of computation and communication (n is the number of smart meters), which is significantly reduced from the cost of O(n) in the scheme of Liu et al. We analyze security and performance of SKM in detail to show that SKM is efficient in computation and communication cost.
Keywords: cryptographic protocols; power system security; smart meters; smart power grids; AMI; SKM scheme; advanced metering infrastructure; bidirectional communication network; demand side management; desynchronization attack; identity-based cryptosystem; key tree technique; load control switching; scalable key management; smart grid reliability; smart grid security; smart meter data management; Authentication; Elliptic curve cryptography; Protocols; Smart grids; Security; smart grids (ID#: 15-4248)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6834788&isnumber=6898054

Kilinc, H.H.; Yanik, T., "A Survey of SIP Authentication and Key Agreement Schemes," Communications Surveys & Tutorials, IEEE, vol. 16, no. 2, pp.1005, 1023, Second Quarter 2014. doi: 10.1109/SURV.2013.091513.00050 We present a survey of authentication and key agreement schemes that are proposed for the SIP protocol. SIP has become the center piece for most VoIP architectures. Performance and security of the authentication and key agreement schemes are two critical factors that affect the VoIP applications with large number of users. Therefore, we have identified, categorized and evaluated various SIP authentication and key agreement protocols according to their performance and security features. Although the performance is inversely proportional to the security features provided in general, we observed that there are successful schemes from both the performance and security viewpoint.
Keywords: Internet telephony; cryptographic protocols; telecommunication security; SIP authentication; SIP protocol; VoIP architectures; Voice over Internet Protocol; key agreement protocols; key agreement schemes; security features; security viewpoint; survey; Authentication; Elliptic curve cryptography; Encryption; Protocols; Servers; Authentication Protocols; SIP; SIP Security (ID#: 15-4249)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6644333&isnumber=6811383

Kapse, A.D.; Ingole, P.K., "Secure and Efficient Search Technique in Cloud Computing," Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on, pp.743,747, 7-9 April 2014. doi: 10.1109/CSNT.2014.156 Cloud computing is nowadays widely used technology. Various advanced technologies in the world are taking cloud computing very seriously as the new era for mobile as well as a steady computing environment. In cloud computing the data privacy and its security is highly recommended, that's why the data which have to be stored on the cloud server database requires encryption. This results into complex utilization of cloud data access. So, it is highly recommended to improve the trust on cloud server as well as not to make its utilization a complex task for computation. This process should not increase the burden on overall system. This paper represents brief review of various methodologies which helps user for secured storage and efficient access to the data. Later a very secure and efficient system has been proposed to reduce the burden of the system thus to decrease complexity and to improve performance of overall system.
Keywords: cloud computing; cryptography; data privacy; file servers; information retrieval; mobile computing; search problems; cloud computing; cloud data access; cloud server; cloud server database; data privacy; encryption; secure search technique; steady computing environment; Cloud computing; Elliptic curve cryptography; Encryption; Indexes; Servers; cloud computing; data encryption; keyword search; ranked search (ID#: 15-4250)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821498&isnumber=6821334

Hui Li; Zhonghua Liu; Junkai Yi, "Fast Elliptic Scalar Multiplication Using Lagged Fibonacci Generator," Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, pp. 488, 491, 27-29 June 2014.  doi: 10.1109/ICSESS.2014.6933612 Scalar multiplication is the dominant and time consuming operation in Elliptic Curve Cryptosystem. A number of works bearing on improving the efficiency of scalar multiplication have been done during the past several years. In this paper, we attempt to present a new strategy by combining scalar multiplication with the pseudorandom number generator: lagged Fibonacci generator to accelerate the process of scalar multiplication. Experimental results identify the efficiency of the strategy.
Keywords: cryptography; random number generation; elliptic curve cryptosystem; elliptic scalar multiplication; lagged Fibonacci generator; pseudorandom number generator; Computational efficiency; Educational institutions; Elliptic curve cryptography; Elliptic curves; Generators; Information science; Elliptic curve cryptosystem; Lagged Fibonacci generator; Pseudorandom number generator; Scalar multiplication (ID#: 15-4251)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6933612&isnumber=6933501

Adj, G.; Rodriguez-Henriquez, F., "Square Root Computation over Even Extension Fields," Computers, IEEE Transactions on, vol. 63, no. 11, pp. 2829, 2841, Nov. 2014. doi: 10.1109/TC.2013.145 This paper presents a comprehensive study of the computation of square roots over finite extension fields. We propose two novel algorithms for computing square roots over even field extensions of the form BBFq2, with q = pn, p an odd prime and n ≥ 1. Both algorithms have an associate computational cost roughly equivalent to one exponentiation in BBFq2. The first algorithm is devoted to the case when q ≡ 1 mod 4, whereas the second one handles the case when q ≡ 3 mod 4. Numerical comparisons show that the two algorithms presented in this paper are competitive and in some cases more efficient than the square root methods previously known.
Keywords: number theory; even extension fields; finite extension fields; number theoretical problem; square root computation; Algorithm design and analysis; Complexity theory ;Computational efficiency; Elliptic curve cryptography; Elliptic curves; Modular square root; finite field arithmetic (ID#: 15-4252)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6564285&isnumber=6919806

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.