Abstract
Internet of Things (IoT) has received attention recently, featuring tremendous applications. Due to the lack of authentication, popular IoT applications are prone to various attacks. However, because of resource limitation and heterogeneous characteristics of IoT applications, the cryptographic algorithms may fail to be universal adopted and thus, it is challenging to defend against these attacks. In this paper, we proposed NOMOP-ECDSA, a lightweight Elliptic Curve Digital Signature Algorithm for IoT applications, which can address the aforementioned challenge. Our idea is that the resource-consuming operations can be replaced with other basic operations, and therefore, achieve better performance. As a demonstration, we also proposed a mutual authentication protocol for smart cards. In terms of security and efficiency, systematic analysis is performed to validate our NOMOP-ECDSA and protocol.
Similar content being viewed by others
References
Farash, M. S., Turkanović, M., Kumari, S., & Holbl, M. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks, 36, 152–176.
Forbes Inc. (2018). The Internet Of Things: From theory to reality-how companies are leveraging IoT to move their businesses forward. Retrieved 2017, from https://www.forbes.com/forbes-insights/our-work/internet-of-things/.
Gartner. (2018). Gartner identifies top 10 strategic IoT technologies and trends. Retrieved 7, November 2018, from https://www.gartner.com/en/newsroom/press-releases/2018-11-07-gartner-identifies-top-10-strategic-iot-technologies-and-trends.
Finjan Inc. (2016). Smart card attacks—A look at how hardware tokens are being exploited. Retrieved 19, September 2016, from https://blog.finjan.com/smart-card-attacks-a-look-at-how-hardware-tokens-are-being-exploited/.
Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., et al. (2018). IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In NDSS.
Zhang, Y., Weng, J., Weng, J., Hou, L., Yang, A., Li, M., Xiang, Y., & Deng, R. (2019). Looking back! Using early versions of android apps as attack vectors. IEEE Transactions on Dependable and Secure Computing.
Luo, L., Zhang, Y., Pearson, B., Ling, Z., Yu, H., & Fu, X. (2018). On the security and data integrity of low-cost sensor networks for air quality monitoring. Sensors, 18(12), 4451.
SonicWall. (2019). Iot attacks escalating with a 217.5% increase in volume. Retrieved 29, March 2019, from https://www.bleepingcomputer.com/news/security/iot-attacks-escalating-with-a-2175-percent-increase-in-volume/.
Johnson, D., & Ketel, M. (2019). Iot: Application protocols and security. International Journal of Computer Network and Information Security, 11, 1–8.
Pastrana, S., Tapiador, J., Suarez-Tangil, G., & Peris-López, P. (2016). AVRAND: A software-based defense against code reuse attacks for AVR embedded devices. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 58–77). Springer, Cham.
Pearson, B., Luo, L., Zhang, Y., Dey, R., Ling, Z., Bassiouni, M., & Fu, X. (2019). On misconception of hardware and cost in IoT security and privacy. In ICC 2019–2019 IEEE international conference on communications (ICC) (pp. 1–7). IEEE.
Chaudhry, S. A., Naqvi, H., Mahmood, K., Ahmad, H. F., & Khan, M. K. (2017). An improved remote user authentication scheme using elliptic curve cryptography. Wireless Personal Communications, 96(4), 5355–5373.
Huang, B., Khan, M. K., Wu, L., Muhaya, F. T. B., & He, D. (2015). An efficient remote user authentication with key agreement scheme using elliptic curve cryptography. Wireless Personal Communications, 85(1), 225–240.
Huang, H. F., Chang, H. W., & Yu, P. K. (2014). Enhancement of timestamp-based user authentication scheme with smart card. IJ Network Security, 16(6), 463–467.
Patil, P., Narayankar, P., Narayan, D., & Meena, S. M. (2016). A comprehensive evaluation of cryptographic algorithms: Des, 3des, aes, rsa and blowfish. Procedia Computer Science, 78, 617–624.
Qing, L., Liang, C., Mei, F., Cheng-Hui, L., & Jing, F. (2017). Analysis of several typical data encryption algorithms. Information system engineering, 11, 148–149. in Chinese.
Zhao, K., Cui, J., & Xie, Z. (2017). Algebraic cryptanalysis scheme of AES-256 using Gröbner basis. Journal of Electrical and Computer Engineering.
Bauer, J., Staudemeyer, R. C., Pöhls, H. C., & Fragkiadakis, A. (2016). ECDSA on things: IoT integrity protection in practise. In International conference on information and communications security (pp. 3–17). Springer, Cham.
Zhong, X., Guanzhong, D., & Deming, Y. (2006). An efficient ECDSA-based signature scheme for wireless networks. Wuhan University Journal of Natural Sciences, 11(6), 1707–1710.
Muthukuru, J., & Sathyanarayana, B. (2013). A secure elliptic curve digital signature approach without inversion. International Journal of Engineering and Advanced Technology (IJEAT).
Junru, H. (2011). The improved elliptic curve digital signature algorithm. In Proceedings of 2011 international conference on electronic & mechanical engineering and information technology (Vol. 1, pp. 257–259). IEEE.
Amin, R., Maitra, T., Giri, D., & Srivastava, P. (2017). Cryptanalysis and improvement of an RSA based remote user authentication scheme using smart card. Wireless Personal Communications, 96(3), 4629–4659.
Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.
Islam, S. H., & Biswas, G. (2014). Dynamic id-based remote user mutual authentication scheme with smart card using elliptic curve cryptography. Journal of Electronics (China), 31(5), 473–488.
Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for iot and cloud servers. Pervasive and Mobile Computing, 24, 210–223.
Kaul, S. D., & Awasthi, A. K. (2016). Security enhancement of an improved remote user authentication scheme with key agreement. Wireless Personal Communications, 89(2), 621–637.
Kumari, S., Khan, M. K., & Li, X. (2014). An improved remote user authentication scheme with key agreement. Computers & Electrical Engineering, 40(6), 1997–2012.
Mo, J., Hu, Z., & Lin, Y. (2018). Remote user authentication and key agreement for mobile client-server environments on elliptic curve cryptography. The Journal of Supercomputing, 74(11), 5927–5943.
Qu, J., & Tan, X. L. (2014). Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem. Journal of Electrical and Computer Engineering, 2014, 16.
Roy, S., Chatterjee, S., & Mahapatra, G. (2018). An efficient biometric based remote user authentication scheme for secure internet of things environment. Journal of Intelligent & Fuzzy Systems, 34(3), 1403–1410.
Turkanovic, M., Brumen, B., & Holbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112.
Wang, L. (2014). Analysis and enhancement of a password authentication and update scheme based on elliptic curve cryptography. Journal of Applied Mathematics.
Sarvabhatla, M., & Vorugunti, C. S. (2015). A secure and robust dynamic ID-based mutual authentication scheme with smart card using elliptic curve cryptography. In 2015 seventh international workshop on signal design and its applications in communications (IWSDA) (pp. 75–79). IEEE.
Luo, M., Zhang, Y., Khan, M. K., & He, D. (2017). A secure and efficient identity-based mutual authentication scheme with smart card using elliptic curve cryptography. International Journal of Communication Systems, 30(16), e3333.
Chang, C. C., Wu, H. L., & Sun, C. Y. (2017). Notes on “secure authentication scheme for iot and cloud servers.” Pervasive and Mobile Computing, 38, 275–278.
Park, Y. (2018). A secure user authentication scheme with biometrics for iot medical environments. International Journal of Advanced Computer Science and Applications, 9(11), 607–615.
Chien, H. Y. (2017). Elliptic curve cryptography-based rfid authentication resisting active tracking. Wireless Personal Communications, 94(4), 2925–2936.
Lee, C. I., & Chien, H. Y. (2015). An elliptic curve cryptography-based RFID authentication securing E-health system. International Journal of Distributed Sensor Networks, 11(12), 642425.
Lin, Y., Kang, K., & Shi, Y. (2013). Research on encryption model based on AES and ECC in RFID. In 2013 international conference on computer sciences and applications (pp. 9–13). IEEE.
Abdullah, K. E., & Ali, N. H. M. (2018). Security improvement in elliptic curve cryptography. International Journal of Advanced Computer Science and Applications, 9(5), 122–131.
Boahen, E. K., Hayfron-Acquah, J. B., & Twum, F. (2018). An enhanced elliptic curve cryptosystem for securing data. International Journal of Computer Applications, 182(9), 47–53.
Dake, S. S., & Ighare, R. U. (2017). A proposed ECC algorithm for smart cards cell phones and wireless networks. In 2017 International Conference on Nascent Technologies in Engineering (ICNTE) (pp. 1–4). IEEE.
Jun, L., Song-hao, J., & Cai, Y. (2014). Application of improved ECC algorithms in digital CA system. Research and exploration in Laboratory, 33(2), 108–111. in Chinese.
Raj, S. P., & Renold, A. P. (2015). An enhanced elliptic curve algorithm for secured data transmission in wireless sensor network. In 2015 global conference on communication technologies (GCCT) (pp. 891–896). IEEE.
Chen, C.-L., et al. (2020). An IoT-based traceable drug anti-counterfeiting management system. IEEE Access, 8, 224532–224548.
Nyame, G., et al. (2020). An ECDSA approach to access control in knowledge management systems using blockchain. Information, 11(2), 111.
Amnalou, S., & Bakar, K. A. A. Lightweight security mechanism over MQTT protocol for IoT devices.
Dhanvijay, M. M., & Patil, S. C. (2021). Optimized mobility management protocol for the IoT based WBAN with an enhanced security. Wireless Networks, 27(1), 537–555.
Soni, A., & Saxena, N. (2013). Elliptic curve cryptography: An efficient approach for encryption and decryption of a data sequence. International Journal of Science and Research (IJSR), 2(5).
Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International journal of information security, 1(1), 36–63.
Sarath, G., Jinwala, D. C., & Patel, S. (2014). A survey on elliptic curve digital signature algorithm and its variants. Computer Science & Information Technology (CS & IT)-CSCP (pp. 121–136).
Tsague, H. D., Nelwamondo, F., & Msimang, N. (2012). An advanced mutual-authentication algorithm using 3DES for smart card systems. In 2012 second international conference on cloud and green computing (pp. 660–666). IEEE.
Yang, X. B., Chen, Y. P., & Xiao, Y. L. (2017). An improved scheme of secure access and detection of cloud front-end device. In The Euro-China conference on intelligent data analysis and applications (pp. 51–63). Springer.
Jurišic, A., & Menezes, A. (1997). Elliptic curves and cryptography. Dr. Dobb’s Journal, 26–36.
Long, T., & Liu, X. (2009). Two improvements to digital signature scheme based on the elliptic curve cryptosystem. In Proceedings. The 2009 International Workshop On Information Security And Application (IWISA 2009) (pp. 104). Academy Publisher.
Acknowledgements
This research was supported by Science and Technology Project in Shaanxi Province of China (Program No. 2019ZDLGY07-08) and the National Natural Science Foundation of China (Grant No. 61741216), New Star Team of Xi’an University of Posts and Telecommunications. The authors thank the anonymous reviewers for their constructive comments which help improve the quality of this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Yang, Xb., Liu, Y., Wu, Js. et al. NOMOP-ECDSA: A Lightweight ECDSA Engine for Internet of Things. Wireless Pers Commun 121, 171–190 (2021). https://doi.org/10.1007/s11277-021-08629-3
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-08629-3