Implicit Certificate Research Articles

Secure device authentication and key agreement mechanism for LoRaWAN based IoT networks

SummaryThe proposed work introduces two schemes for secure device authentication and key agreement (SDA & KA) mechanisms. Initially, an efficient implicit certificate approach based on the Elliptic curve Qu–Vanstone (EIC‐EcQuV) scheme is developed in the first stage to instantly concur on the session key. The proposed scheme implicitly performs quick authentication of the public key. Also, this scheme prevents the attacker from creating fake key combinations. Through EIC‐EcQuV, the implicit certificate (IC) is distributed which helps to implicitly authenticate the user. This work also proposes ithe developed Public Key Certificateless Cryptosystem (PKCIC) scheme in the second stage, whch was also for the SDA & KA mechanism. In the EIC‐EcQuV scheme, efficient authentication is enabled, but public key theft is possible. However, in the PKCIC scheme, authentication is performed through partial keys, and the public key is secured via the Schnorr signature. The efficiency of the proposed schemes is proved by comparing the attained results with previous schemes. The proposed method obtains the computational cost of 0.0583 s for end‐to‐end devices, 0.06111 for network servers, and 0.00071 s for the gateway, with an execution time of 78.624 for 1000 devices. The attained key agreement of the proposed EIC‐EcQuV is 0.953 s, and PKCIC is 0.9988 s.

Investigating Sustainable Business Ecosystems and the University Role: A Cluster Analysis

Abstract This research paper aims to identify the factors, components, and key aspects that significantly contribute to the establishment of a sustainable business ecosystem through a comprehensive bibliometric analysis. By analysing prominent publications, we seek to describe coherent strategies with an expected impact. Our objectives encompass exploring trends from both theoretical perspectives, such as predictions by scientists, and empirical perspectives, including figures derived from studies. We outline several secondary objectives that guide our step-by-step approach. Firstly, we identify defining elements of a sustainable business environment based on insights from specialized literature. Secondly, we categorize ecosystems into different types, such as economic, digital, ecological, and entrepreneurial, providing further elaboration later in the paper. Thirdly, we present an updated understanding of the dynamic evolution of ecosystems and their components. This includes examining the influence of digital advancements and digitalization on the business environment, as well as the opportunities and threats they generate. Of particular importance is the role of universities as a significant landmark within the business ecosystem. We discuss the university's involvement in technological and informational transfer to ensure sustainability, focusing on the levers through which universities consolidate and stimulate the business ecosystem. To achieve our objectives, we employ bibliometric analysis, utilizing the VOSviewer software, which offers valuable insights for constructing diagnostic schemes and development models tailored to specific business environment challenges. The research methodology relies on the VOSviewer software for processing academic publication databases. To align with the theme and purpose of this study, we selected the SCOPUS database for its implicit certification of superior academic quality in the publications it contains.

L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things

The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer. We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 27%, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.

ECQV-Based Lightweight Revocable Authentication Protocol for Electric Vehicle Charging

In the near future, using electric vehicles will almost certainly be required for the sustainability of nature and our planet. The most significant challenge that users are concerned about is the availability of electric vehicle charging stations. Therefore, to maximize the availability of electric vehicle charging stations, we suggest taking benefit from individual sellers who produce renewable energy from their homes or electric vehicle owners who have charging piles installed in their homes. However, energy services that are rapidly being offered by these businesses do not have a trust connection developed with the consumers and stakeholders in these new systems. Exchange of data related to electric vehicles and energy aggregators can be used to identify users’ behavior and compromise their privacy. Consequently, it is necessary to set up a charging system that will guarantee privacy and security. Several electric vehicle charging systems have been proposed to provide security and privacy preservation. However, ensuring anonymity alone is not enough to guarantee protection from reconstructing the victim vehicle’s route by the tracking adversary, even if the exchanged messages are completely anonymous. Furthermore, anonymity should not be absolute in order to protect the system and function as necessary by all entities. In this research, we propose an effective, secure, and privacy-preserving authentication method based on the Elliptic Curve Qu–Vanstone for an electric vehicle charging system. The proposed scheme provides all the necessary requirements and a reauthentication protocol to minimize the overhead of subsequent authentication processes. To create credentials and validate electric vehicles and energy aggregators, the scheme makes use of the Elliptic Curve Qu–Vanstone implicit certificate mechanism. The new protocols give EVs security and privacy while cutting computational time by 95% thanks to reauthentication, as demonstrated by the performance comparison with earlier works.

Extension of elliptic curve Qu–Vanstone certificates and their applications

In public key infrastructure, a certificate, issued by a certificate authority (CA), is used to guarantee the connection between a user and her/his public key. In order to improve the efficiency, the concept of implicit certificate protocol is introduced by Girault and Gönther. In the existing implicit certificate protocol, a user must issue a certificate request to the CA for each key pair. However, in certain applications (e.g., IoT, sensor networks, and cryptocurrency), a user (or a device) will have multiple public/private key pairs that are related to the same identity. Therefore, the communication cost will be linearly related to the number of key pairs the user has. Furthermore, the storage cost of a large number of certificates is not an ideal property in practice. In this paper, to address the above issues, we proposed two schemes from the most widely used elliptic curve Qu–Vanstone implicit certificate scheme (ECQV). In our first scheme, called M-ECQV I, an ECQV certificate holder, who obtains an ECQV certificate issued by the certificate authority, can further issue multiple credentials with the same identity as ECQV certificate holder and the corresponding key pairs from the ECQV certificate. In our second scheme, called M-ECQV II, it not only supports the comparable functionality of M-ECQV I, but the verifier can ensure that the credentials are only used by the ECQV certificate holder (i.e., these credential are “self-use”) to be suitable to different scenarios. In addition, the security models are well-defined and the rigorous security proofs are also given. Experimental results show that our schemes not only greatly improve the performance, but also reduce the storage cost.

Efficient and provably secure multi-receiver signcryption scheme using implicit certificate in edge computing

Edge computing is an emerging computing paradigm, which extends the functions of cloud center to the edge of the networks, and brings great convenience to solving problems of delay and bandwidth in the traditional cloud computing paradigm. In edge computing architecture, one-to-many communication is a important communication mode that supports the edge nodes to send one message to multiple terminal devices in one broadcast report. To build a secure one-to-many communication, several multi-receiver signcryption (MRSC) schemes have been brought forward to ensure the security of broadcast messages. However, the existing MRSC schemes need the heavy computation and communication cost, and is not suitable for IoT terminal devices with limited resources. Besides, most of the existing MRSC schemes are vulnerable to the security and privacy leakage, and fail in achieving the decryption fairness. To solve these problems, based on the implicit certificate (IC) cryptosystem and polynomial interpolation evaluation, this paper proposes an provably secure multi-receiver IC-based signcryption (MRICSC) scheme for one-to-many communication in edge computing. The security analysis evidences the proposed MRICSC scheme can ensure the security. With the experimental results indicating that the proposed MRICSC scheme achieves the better performance than existing schemes.

Secure and Efficient Implicit Certificates: Improving the Performance for Host Identity Protocol in IoT

Implicit certificates own the shorter public key validation data. This property makes them appealing in resource-constrained IoT systems where public-key authentication is performed very often, which is common in Host Identity Protocol (HIP). However, it is still a critical challenge in IoT how to guarantee the security and efficiency of implicit certificates. This article presents a forgery attack for the Privacy-aware HIP (P-HIP), and then propose a Secure and Efficient Implicit Certificate (SEIC) scheme that can improve the security of the P-HIP and the efficiency of elliptic-curve point multiplications for IoT devices. For a fix-point multiplication, the proposed approach is about 1.5 times faster than the method in SIMPL scheme. Furthermore, we improve the performance of SEIC with the butterfly key expansion process, and then construct an improved P-HIP. Experimental results show that compare to the existing schemes, the improved scheme makes a user/device have both the smallest computation cost and the smallest communication cost.

Hardware Limitations to Secure C-ITS: Experimental Evaluation and Solutions

Cooperative Intelligent Transportation Systems (C-ITS) improve driving experience and safety through secure Vehicular Ad-hoc NETworks (VANETs) that satisfy strict security and performance constraints. Relevant standards, such as the IEEE 1609.2, prescribe network-efficient cryptographic protocols to reduce communication latencies through a combination of the Elliptic Curve Qu-Vanstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA). However, literature lacks open implementations and performance evaluations for vehicular systems. This paper assesses the applicability of IEEE 1609.2 and of ECQV and ECDSA schemes to C-ITSs. We release an open implementation of the standard ECQV scheme to benchmark its execution time on automotive-grade boards. Moreover, we evaluate its performance in real road and traffic scenarios and show that compliance with strict latency requirements defined for C-ITS requires computational resources that are not met by many automotive-grade embedded hardware platforms. As a final contribution, we propose and evaluate novel heuristics to reduce the number of signatures to be verified in real C-ITS scenarios.

ECQV-IBI: Identity-based identification with implicit certification

Identity-based identification (IBI) schemes allow a prover to provide entity identification, based on its unique identity. This paper provides the first non-trivial IBI scheme with implicit certification by using the Elliptic Curve Qu Vanstone (ECQV) implicit certification scheme. In contrast to the conventional identity-based schemes, the implicit certificate based approach is resistant against key escrow since the trusted authority only a part of the secret key, which is used as input by the user to construct its own user secret key. We show our scheme is able to achieve Trust Level 3 according to Girault’s definitions, while requiring less resources when compared to certificateless identification. A corresponding formal security model is defined, showing the resistance of our proposed scheme against impersonation attacks. Compared to other Schnorr-based IBI schemes, our proposed IBI scheme with implicit certification outperforms in storage, computation and communication efficiency and thus offers a viable solution to be applied in an internet of things (IoT) context.

A provably secure RFID authentication protocol based on ECQV for the medical internet of things

Radio Frequency Identification (RFID) is an emerging technology that is used for the unique identification of objects. RFID can be used in different application domains, including Health-care systems, where the safety of patient-sensitive data is a primary concern. Since the RFID technology is used in various medicine sectors, particularly real-time patient monitoring, patient medicine Information, medical emergency, and drug administration system, the use of RFID raises severe security and privacy concerns. In order to cope with these security issues, we propose an Elliptic curve based authentication protocol for RFID. The proposed model uses an implicit certificate concept to secure health-care data. We prove this claim for secure communication using the formal security analysis, i.e., BAN logic, security analysis based on the mathematical model, i.e., ROR model, formal verification using AVISPA tool, and informal security analysis. We review some of the RFID authentication schemes based on ECC in terms of performance and security. Our analysis indicates that the proposed protocol provides mobility, scalability, security, and privacy in the health care environment.

A Lightweight Authentication and Key Agreement Schemes for IoT Environments.

In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the internet to provide IoT services. Smart devices are becoming more intelligent and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will have difficulty applying existing public key cryptography systems to provide security. Therefore, communication protocols for various kinds of participating devices should be applicable in the IoT environment, and these protocols should be lightened for resources-restricted devices. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between the communication objects and to generate the session key. In this paper, we propose two kinds of lightweight authentication and key agreement schemes to enable fast and secure authentication among the objects participating in the IoT environment. The first scheme is an authentication and key agreement scheme with limited resource devices that can use the elliptic curve Qu–Vanstone (ECQV) implicit certificate to quickly agree on the session key. The second scheme is also an authentication and key agreement scheme that can be used more securely, but slower than first scheme using certificateless public key cryptography (CL-PKC). In addition, we compare and analyze existing schemes and propose new schemes to improve security requirements that were not satisfactory.

An ECC-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks

Nowadays, more and more data are stored on cloud for sharing in vehicular networks, but the increasing number of cloud data security incidents makes how to guarantee confidentiality of sharing data one of the main concerns. Attribute-based encryption is considered as a suitable method to solve this issue. However, the requirements of lightweight and privacy make it difficult to apply the existing attribute-based encryption schemes directly in vehicular networks. In this paper, we put forward an access control scheme with lightweight decryption and conditional authentication for secure data sharing in vehicular networks. In this scheme, we extend elliptic-curve cryptography-based key-policy attribute-based encryption scheme with token-based decryption for lightweight access control. Moreover, we integrate Elliptic Curve Qu-Vanstone implicit certificate with ELGamal encryption algorithm to achieve both mutual authentication and conditional privacy protection. The performance analysis shows that the proposed scheme requires less time for both encryption and decryption on the user side. The security analysis shows that the proposed scheme can provide conditional anonymity.

FLAT: Federated lightweight authentication for the Internet of Things

Federated Identity Management schemes (FIdMs) are of great help for traditional systems as they improve user authentication and privacy. In this paper, we claim that traditional FIdMs are mostly cumbersome and then ill-suited for IoT. As a solution to this problem, we came up with Federated Lightweight Authentication of Things (FLAT), namely a federated identity authentication protocol exclusively tailored to IoT. FLAT replaces weighty protocols and public-key cryptographic primitives used in traditional FIdMs by lighter ones, like symmetric cryptographic primitives and Implicit Certificates. Our results show that FLAT can reduce the data exchange overhead by around 31% when compared to a baseline solution. Also, the FLAT Client, the role played by an IoT device in the protocol, is more efficient than the baseline Client in terms of data exchange, storage, memory, and computation time. Our results indicate that FLAT runs efficiently, even on top of resource-constrained devices like Arduino.

Two-Pass Privacy Preserving Authenticated Key Agreement Scheme for Smart Grid

The design of an authenticated key agreement protocol for securing the smart meter communications in smart grid networks has attracted growing attention recently. Typically, realizing mutual authentication and key agreement without active involvement of a trusted third party is expected in this field. Thus, to achieve this aim, several authenticated key agreement schemes for smart grid have been presented; while as investigated in the following section of this work, most of these schemes remain vulnerable to various attacks. Therefore, to design a truly secure authenticated key agreement protocol for smart grid and make some contributions to this field, this work presents our new authenticated key agreement scheme for smart grid using Elliptic Curve Qu-Vanstone (ECQV) implicit certificate as the building block. Our scheme is pairing-free and just uses two passes to realize mutual authentication and key agreement as well as strong credential privacy, making it with high efficiency in both computation and communication overheads. Moreover, its security is formally proved under the widely accepted Canetti and Krawczyk (CK) security model, and is further confirmed by a heuristic security analysis.

Schnorr-Based Implicit Certification: Improving the Security and Efficiency of Vehicular Communications

In the implicit certification model, the process of verifying the validity of the signer's public key is combined with the verification of the signature itself. When compared to traditional, explicit certificates, the main advantage of the implicit approach lies in the shorter public key validation data. This property is particularly important in resource-constrained scenarios where public key validation is performed very often, which is common in vehicular communications (V2X) that employ pseudonym certificates. In this article, we show an alternative Schnorr-based implicit certification procedure that can improve the efficiency of a popular V2X-oriented Vehicular Public Key Infrastructure (VPKI), the Security Credential Management System (SCMS). As an additional contribution, we show that SCMS's underlying certificate provisioning procedure, based on butterfly keys, is vulnerable to existential forgery attacks under certain conditions. We then discuss how this issue can be fixed in an effective and efficient manner.

Robust and Lightweight Mutual Authentication Scheme in Distributed Smart Environments

In the smart environments several smart devices are continuously working together to make individuals' lives more comfortable. Few of the examples are smart homes, smart buildings, smart airports, etc. These environments consist of many resource constrained heterogeneous entities which are interconnected, controlled, monitored and analyzed through the Internet. One of the most challenging tasks in a distributed smart environment is how to provide robust security to the resource constraint Internet-enabled devices. However, an authentication can play a major role ensuring that only authorized devices are being connected to the distributed smart environment applications. In this paper, we present a robust and lightweight mutual-authentication scheme (RLMA) for protecting distributed smart environments from unauthorized abuses. The proposed scheme uses implicit certificates and enables mutual authentication and key agreement between the smart devices in a smart environment. The RLMA not only resists to various attacks but it also achieves efficiency by reducing the computation and communication complexities. Moreover, both security analysis and performance evaluation prove the effectiveness of RLMA as compared to the state of the art schemes.

Study on Network Security Based on PCA and BP Neural Network Under Green Communication

In response to the energy consumption caused by the exponential growth of mobile network capacity demand, the Chen Shanzhi team proposed a user-centric ultra-dense network. It dynamically organizes multiple access nodes into a group of access nodes centered on the user. It can “accompany” user services without perception. The result is increased system capacity and user experience. This paper systematically analyzes the key security issues of user-centric ultra-dense networks. Based on the security characteristics of the access node group, a security system adapted to the user-centered ultra-dense network architecture is designed. Aiming at the problem of data security transmission between network entities, a lightweight data security transmission algorithm based on implicit certificate is proposed. The algorithm uses a lightweight implicit certificate to generate a temporary session key by means of a reconfigurable public-private key pair, so as to encrypt and protect the transmitted data, and solve the problem of data security transmission when the access nodes cooperate. The simulation shows that the algorithm consumes 34kB less on average than the traditional key method in different scenarios, and the speed is fast and the encryption key remains stable. At the same time, it also saves storage space and can be conveniently applied to access nodes with limited resources. Then, aiming at the network information security problem, an information security detection method based on improved BP neural network based on PCA is proposed. Simulation experiments were carried out on four types of attack types using the KDD CUP data set. The simulation results show that the improved BP neural network classifier combined with PCA has higher performance in network training. The false alarm rate for the DOS, R2L and PROBE attack types dropped to about 10%, and the false alarm rate for the U2R attack types dropped by 8.07%.

A Lightweight Authentication Protocol using Implicit Certificates for Securing IoT Systems

IoT’s population is converging at a rate exceeding the population rate of many countries. IoT environment consist of many heterogeneous entities which are interconnected, controlled and monitored through internet. One of the most challenging tasks in IoT is providing authentication in the heterogeneous environment. Authentication ensures the security of the devices and information that are interconnected in the IoT network. In this paper, the authors proposed a light weight authentication protocol which uses implicit certificates to provide mutual authentication and key agreement between the IoT devices. The proposed protocol (LAPIC) is resistant to various attacks such as replay, masquerade, node compromise and man in the middle attack. The efficiency and reliability of the proposed technique is verified through performance, security and comparative analysis. The results revealed that proposed authentication protocol consumes nominal time and energy for its operation and is found to be resistant against many attacks which make it a suitable approach for resource constrained IoT applications.

Kleptographic Attack on Elliptic Curve Based Cryptographic Protocols

Kleptography is the study of pilfering secure data secretly and subliminally. The concept of inserting backdoors was introduced two decades ago by Young and Yung. However, still it is a serious threat for modern cryptography. Different studies have proved that exploiting implementation errors of cryptographic algorithms needs less effort as compared to attacking its mathematical structure. Inserting the backdoor modifies the standard method of generating public and private key pairs in such away that the public information is meaningful for the attacker. This paper presents the kleptographic attack on cryptographic algorithm based on Elliptic curves. We show the technique of implementing backdoor against Edwards-curve Digital Signature Algorithm, Elliptic curve Diffie-Hellman key exchange scheme, Elliptic curve Digital Signature Algorithm, Elliptic curve Integrated Encryption Scheme, Elliptic curve ElGamal Encryption and Elliptic curve Qu-Vanstone implicit certificate scheme. In practical approach, backdoors are inserted in such a way that their identification is impossible by analyzing the output of an algorithm. Detection of kleptographic implementation is a complex task and very few studies can be found in this direction. We have explored the possibility of detection of malicious code inside the Elliptic curve based algorithms by using the idea of running time analysis. We have shown that by implementing strong Secretly Embedded Trapdoor with Universal Protection (SETUP) attack against Elliptic curve based algorithms, one can detect the presence of backdoor by analyzing the time difference in execution of an honest vs malicious version of code. We also modified the backdoor insertion mechanism in Edwards-curve Digital Signature Algorithm that results in negligible time difference making it impossible for the user to detect backdoor presence.

Robust and Lightweight Key Exchange (LKE) Protocol for Industry 4.0

Industry 4.0 has brought solutions for faster data accessibility, fault identification, performance analysis, and control of machines remotely by managers. Though beneficial but dangerous as the IoT (Internet of Things) nodes communicate over the unsecured wireless medium. The communication over unsecured wireless channel opened enormous ways for the illegitimate nodes to access the information and take control over the industrial machines despite being physically away. These threats can be overpowered with secure sessions; however, the exchange of keys to establish a secure session over a vulnerable channel becomes a challenge. Our approach (LKE) intend to solve this problem. LKE provides a lightweight key exchange platform to the legitimate IoT nodes and prohibit the unauthorized abuses. LKE uses lightweight Elliptic Curve Qu-Vanstone (ECQV) based implicit certificates for trust-building and generating keys among entities. All the messages exchanged are secured to prevent unauthorized access to information and preventing against forgery, replay, modification, impersonation and man-in-the-middle attacks, etc. The proposed scheme is tested on the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">AVISPA</i> tool and results indicate its trustworthiness and strong resistivity against potential attacks. LKE has less computation and communication complexities due to the utilization of limited cryptographic operations which make it superior in comparison to other state-of-the-work.