Skip to main content
SpringerLink
Log in

NOMOP-ECDSA: A Lightweight ECDSA Engine for Internet of Things

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Internet of Things (IoT) has received attention recently, featuring tremendous applications. Due to the lack of authentication, popular IoT applications are prone to various attacks. However, because of resource limitation and heterogeneous characteristics of IoT applications, the cryptographic algorithms may fail to be universal adopted and thus, it is challenging to defend against these attacks. In this paper, we proposed NOMOP-ECDSA, a lightweight Elliptic Curve Digital Signature Algorithm for IoT applications, which can address the aforementioned challenge. Our idea is that the resource-consuming operations can be replaced with other basic operations, and therefore, achieve better performance. As a demonstration, we also proposed a mutual authentication protocol for smart cards. In terms of security and efficiency, systematic analysis is performed to validate our NOMOP-ECDSA and protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Farash, M. S., Turkanović, M., Kumari, S., & Holbl, M. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks, 36, 152–176.

    Article  Google Scholar 

  2. Forbes Inc. (2018). The Internet Of Things: From theory to reality-how companies are leveraging IoT to move their businesses forward. Retrieved 2017, from https://www.forbes.com/forbes-insights/our-work/internet-of-things/.

  3. Gartner. (2018). Gartner identifies top 10 strategic IoT technologies and trends. Retrieved 7, November 2018, from https://www.gartner.com/en/newsroom/press-releases/2018-11-07-gartner-identifies-top-10-strategic-iot-technologies-and-trends.

  4. Finjan Inc. (2016). Smart card attacks—A look at how hardware tokens are being exploited. Retrieved 19, September 2016, from https://blog.finjan.com/smart-card-attacks-a-look-at-how-hardware-tokens-are-being-exploited/.

  5. Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., et al. (2018). IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In NDSS.

  6. Zhang, Y., Weng, J., Weng, J., Hou, L., Yang, A., Li, M., Xiang, Y., & Deng, R. (2019). Looking back! Using early versions of android apps as attack vectors. IEEE Transactions on Dependable and Secure Computing.

  7. Luo, L., Zhang, Y., Pearson, B., Ling, Z., Yu, H., & Fu, X. (2018). On the security and data integrity of low-cost sensor networks for air quality monitoring. Sensors, 18(12), 4451.

    Article  Google Scholar 

  8. SonicWall. (2019). Iot attacks escalating with a 217.5% increase in volume. Retrieved 29, March 2019, from https://www.bleepingcomputer.com/news/security/iot-attacks-escalating-with-a-2175-percent-increase-in-volume/.

  9. Johnson, D., & Ketel, M. (2019). Iot: Application protocols and security. International Journal of Computer Network and Information Security, 11, 1–8.

    Article  Google Scholar 

  10. Pastrana, S., Tapiador, J., Suarez-Tangil, G., & Peris-López, P. (2016). AVRAND: A software-based defense against code reuse attacks for AVR embedded devices. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 58–77). Springer, Cham.

  11. Pearson, B., Luo, L., Zhang, Y., Dey, R., Ling, Z., Bassiouni, M., & Fu, X. (2019). On misconception of hardware and cost in IoT security and privacy. In ICC 2019–2019 IEEE international conference on communications (ICC) (pp. 1–7). IEEE.

  12. Chaudhry, S. A., Naqvi, H., Mahmood, K., Ahmad, H. F., & Khan, M. K. (2017). An improved remote user authentication scheme using elliptic curve cryptography. Wireless Personal Communications, 96(4), 5355–5373.

    Article  Google Scholar 

  13. Huang, B., Khan, M. K., Wu, L., Muhaya, F. T. B., & He, D. (2015). An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wireless Personal Communications, 85(1), 225–240.

    Article  Google Scholar 

  14. Huang, H. F., Chang, H. W., & Yu, P. K. (2014). Enhancement of timestamp-based user authentication scheme with smart card. IJ Network Security, 16(6), 463–467.

    Google Scholar 

  15. Patil, P., Narayankar, P., Narayan, D., & Meena, S. M. (2016). A comprehensive evaluation of cryptographic algorithms: Des, 3des, aes, rsa and blowfish. Procedia Computer Science, 78, 617–624.

    Article  Google Scholar 

  16. Qing, L., Liang, C., Mei, F., Cheng-Hui, L., & Jing, F. (2017). Analysis of several typical data encryption algorithms. Information system engineering, 11, 148–149. in Chinese.

    Google Scholar 

  17. Zhao, K., Cui, J., & Xie, Z. (2017). Algebraic cryptanalysis scheme of AES-256 using Gröbner basis. Journal of Electrical and Computer Engineering.

  18. Bauer, J., Staudemeyer, R. C., Pöhls, H. C., & Fragkiadakis, A. (2016). ECDSA on things: IoT integrity protection in practise. In International conference on information and communications security (pp. 3–17). Springer, Cham.

  19. Zhong, X., Guanzhong, D., & Deming, Y. (2006). An efficient ECDSA-based signature scheme for wireless networks. Wuhan University Journal of Natural Sciences, 11(6), 1707–1710.

    Article  Google Scholar 

  20. Muthukuru, J., & Sathyanarayana, B. (2013). A secure elliptic curve digital signature approach without inversion. International Journal of Engineering and Advanced Technology (IJEAT).

  21. Junru, H. (2011). The improved elliptic curve digital signature algorithm. In Proceedings of 2011 international conference on electronic & mechanical engineering and information technology (Vol. 1, pp. 257–259). IEEE.

  22. Amin, R., Maitra, T., Giri, D., & Srivastava, P. (2017). Cryptanalysis and improvement of an RSA based remote user authentication scheme using smart card. Wireless Personal Communications, 96(3), 4629–4659.

    Article  Google Scholar 

  23. Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.

    Google Scholar 

  24. Islam, S. H., & Biswas, G. (2014). Dynamic id-based remote user mutual authentication scheme with smart card using elliptic curve cryptography. Journal of Electronics (China), 31(5), 473–488.

    Article  Google Scholar 

  25. Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for iot and cloud servers. Pervasive and Mobile Computing, 24, 210–223.

    Article  Google Scholar 

  26. Kaul, S. D., & Awasthi, A. K. (2016). Security enhancement of an improved remote user authentication scheme with key agreement. Wireless Personal Communications, 89(2), 621–637.

    Article  Google Scholar 

  27. Kumari, S., Khan, M. K., & Li, X. (2014). An improved remote user authentication scheme with key agreement. Computers & Electrical Engineering, 40(6), 1997–2012.

    Article  Google Scholar 

  28. Mo, J., Hu, Z., & Lin, Y. (2018). Remote user authentication and key agreement for mobile client-server environments on elliptic curve cryptography. The Journal of Supercomputing, 74(11), 5927–5943.

    Article  Google Scholar 

  29. Qu, J., & Tan, X. L. (2014). Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. Journal of Electrical and Computer Engineering, 2014, 16.

    Article  Google Scholar 

  30. Roy, S., Chatterjee, S., & Mahapatra, G. (2018). An efficient biometric based remote user authentication scheme for secure internet of things environment. Journal of Intelligent & Fuzzy Systems, 34(3), 1403–1410.

    Article  Google Scholar 

  31. Turkanovic, M., Brumen, B., & Holbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112.

    Article  Google Scholar 

  32. Wang, L. (2014). Analysis and enhancement of a password authentication and update scheme based on elliptic curve cryptography. Journal of Applied Mathematics.

  33. Sarvabhatla, M., & Vorugunti, C. S. (2015). A secure and robust dynamic ID-based mutual authentication scheme with smart card using elliptic curve cryptography. In 2015 seventh international workshop on signal design and its applications in communications (IWSDA) (pp. 75–79). IEEE.

  34. Luo, M., Zhang, Y., Khan, M. K., & He, D. (2017). A secure and efficient identity-based mutual authentication scheme with smart card using elliptic curve cryptography. International Journal of Communication Systems, 30(16), e3333.

    Article  Google Scholar 

  35. Chang, C. C., Wu, H. L., & Sun, C. Y. (2017). Notes on “secure authentication scheme for iot and cloud servers.” Pervasive and Mobile Computing, 38, 275–278.

    Article  Google Scholar 

  36. Park, Y. (2018). A secure user authentication scheme with biometrics for iot medical environments. International Journal of Advanced Computer Science and Applications, 9(11), 607–615.

    Article  Google Scholar 

  37. Chien, H. Y. (2017). Elliptic curve cryptography-based rfid authentication resisting active tracking. Wireless Personal Communications, 94(4), 2925–2936.

    Article  Google Scholar 

  38. Lee, C. I., & Chien, H. Y. (2015). An elliptic curve cryptography-based RFID authentication securing E-health system. International Journal of Distributed Sensor Networks, 11(12), 642425.

    Article  Google Scholar 

  39. Lin, Y., Kang, K., & Shi, Y. (2013). Research on encryption model based on AES and ECC in RFID. In 2013 international conference on computer sciences and applications (pp. 9–13). IEEE.

  40. Abdullah, K. E., & Ali, N. H. M. (2018). Security improvement in elliptic curve cryptography. International Journal of Advanced Computer Science and Applications, 9(5), 122–131.

    Article  Google Scholar 

  41. Boahen, E. K., Hayfron-Acquah, J. B., & Twum, F. (2018). An enhanced elliptic curve cryptosystem for securing data. International Journal of Computer Applications, 182(9), 47–53.

    Article  Google Scholar 

  42. Dake, S. S., & Ighare, R. U. (2017). A proposed ECC algorithm for smart cards cell phones and wireless networks. In 2017 International Conference on Nascent Technologies in Engineering (ICNTE) (pp. 1–4). IEEE.

  43. Jun, L., Song-hao, J., & Cai, Y. (2014). Application of improved ECC algorithms in digital CA system. Research and exploration in Laboratory, 33(2), 108–111. in Chinese.

    Google Scholar 

  44. Raj, S. P., & Renold, A. P. (2015). An enhanced elliptic curve algorithm for secured data transmission in wireless sensor network. In 2015 global conference on communication technologies (GCCT) (pp. 891–896). IEEE.

  45. Chen, C.-L., et al. (2020). An IoT-based traceable drug anti-counterfeiting management system. IEEE Access, 8, 224532–224548.

    Article  Google Scholar 

  46. Nyame, G., et al. (2020). An ECDSA approach to access control in knowledge management systems using blockchain. Information, 11(2), 111.

    Article  Google Scholar 

  47. Amnalou, S., & Bakar, K. A. A. Lightweight security mechanism over MQTT protocol for IoT devices.

  48. Dhanvijay, M. M., & Patil, S. C. (2021). Optimized mobility management protocol for the IoT based WBAN with an enhanced security. Wireless Networks, 27(1), 537–555.

    Article  Google Scholar 

  49. Soni, A., & Saxena, N. (2013). Elliptic curve cryptography: An efficient approach for encryption and decryption of a data sequence. International Journal of Science and Research (IJSR), 2(5).

  50. Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International journal of information security, 1(1), 36–63.

    Article  Google Scholar 

  51. Sarath, G., Jinwala, D. C., & Patel, S. (2014). A survey on elliptic curve digital signature algorithm and its variants. Computer Science & Information Technology (CS & IT)-CSCP (pp. 121–136).

  52. Tsague, H. D., Nelwamondo, F., & Msimang, N. (2012). An advanced mutual-authentication algorithm using 3DES for smart card systems. In 2012 second international conference on cloud and green computing (pp. 660–666). IEEE.

  53. Yang, X. B., Chen, Y. P., & Xiao, Y. L. (2017). An improved scheme of secure access and detection of cloud front-end device. In The Euro-China conference on intelligent data analysis and applications (pp. 51–63). Springer.

  54. Jurišic, A., & Menezes, A. (1997). Elliptic curves and cryptography. Dr. Dobb’s Journal, 26–36.

  55. Long, T., & Liu, X. (2009). Two improvements to digital signature scheme based on the elliptic curve cryptosystem. In Proceedings. The 2009 International Workshop On Information Security And Application (IWISA 2009) (pp. 104). Academy Publisher.

Download references

Acknowledgements

This research was supported by Science and Technology Project in Shaanxi Province of China (Program No. 2019ZDLGY07-08) and the National Natural Science Foundation of China (Grant No. 61741216), New Star Team of Xi’an University of Posts and Telecommunications. The authors thank the anonymous reviewers for their constructive comments which help improve the quality of this paper.

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Northwestern Polytechnical University, Xi’an, 710072, People’s Republic of China

    Xiao-bao Yang

  2. School of Computer Science and Technology, Xi’an University of Posts and Telecommunications, Xi’an, 710121, People’s Republic of China

    Yuan Liu, Ya-xue Liu & Xiao-qiang Xi

  3. Shaanxi Key Laboratory of Network Data Analysis and Intelligent Processing, Xi’an University of Posts and Telecommunications, Xi’an, 710121, People’s Republic of China

    Xiao-bao Yang

  4. School of Software, Northwestern Polytechnical University, Xi’an, 710072, People’s Republic of China

    Jun-sheng Wu

  5. National Engineering Laboratory for Wireless Network Security Technology, Xi’an University of Posts and Telecommunications, Xi’an, 710121, People’s Republic of China

    Gang Han

Authors
  1. Xiao-bao Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jun-sheng Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gang Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ya-xue Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiao-qiang Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiao-bao Yang.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yang, Xb., Liu, Y., Wu, Js. et al. NOMOP-ECDSA: A Lightweight ECDSA Engine for Internet of Things. Wireless Pers Commun 121, 171–190 (2021). https://doi.org/10.1007/s11277-021-08629-3

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08629-3

Keywords

Search

Navigation