基于快速标量乘算法的椭圆曲线数字签名方案

计算标量乘kP是ECC快速实现的关键,也是ECC研究的热点问题。文中介绍了基于Montgomery思想的快速标量乘算法,重点介绍了白国强等人的运算多标量乘kP+lQ的算法,并分析了其局限性,同时对其进行了改进。在此基础上,设计了一种分段快速标量乘算法,将改进的算法与分段标量乘算法运用到ECDSA中。经分析验证,分段快速标量乘算法,提高了效率,对ECDSA的快速实现具有一定意义。     

Public-key based access control in sensornet

Symmetric cryptography has been mostly used in security schemes in sensor networks due to the concern that public key cryptography (PKC) is too expensive for sensor devices. While these schemes are efficient in processing time, they generally require complicated key management, which may introduce high memory and communication overhead. On the contrary, PKC-based schemes have simple and clean key management, but cost more computational time. The recent progress in PKC implementation, specially elliptic curve cryptography (ECC), on sensors motivates us to design a PKC-based security scheme and compare its performance with the symmetric-key counterparts. This paper proposes a practical PKC-based access control for sensor networks, which consists of pairwise key establishment, local access control, and remote access control. We have implemented both cryptographic primitives on commercial off-the-shelf sensor devices. Building the user access control as a case study, we show that PKC-based protocol is more advantageous than those built on symmetric cryptography in terms of the memory usage, message complexity, and security resilience. Meanwhile, our work also provides insights in integrating and designing PKC-based security protocols for sensor networks.     

Two fast algorithms for computing point scalar multiplications on elliptic curves

The key operation in Elliptic Curve Cryptosystems(ECC) is point scalar multiplication. Making use of Frobenius endomorphism, Mfiller and Smart proposed two efficient algorithms for point scalar multiplications over even or odd finite fields respectively. This paper reduces thec orresponding multiplier by modulo τ^k-1 … τ 1 and improves the above algorithms. Implementation of our Algorithm 1 in Maple for a given elliptic curve shows that it is at least as twice fast as binary method. By setting up a precomputation table, Algorithm 2, an improved version of Algorithm 1, is proposed. Since the time for the precomputation table can be considered free, Algorithm 2 is about (3/2) log2 q - 1 times faster than binary method for an elliptic curve over Fq.     

Attack-resilient time synchronization for wireless sensor networks

The existing time synchronization schemes in sensor networks were not designed with security in mind, thus leaving them vulnerable to security attacks. In this paper, we first identify various attacks that are effective to several representative time synchronization schemes, and then focus on a specific type of attack called delay attack, which cannot be addressed by cryptographic techniques. Next we propose two approaches to detect and accommodate the delay attack. Our first approach uses the generalized extreme studentized deviate (GESD) algorithm to detect multiple outliers introduced by the compromised nodes; our second approach uses a threshold derived using a time transformation technique to filter out the outliers. Finally we show the effectiveness of these two schemes through extensive simulations.     

Fast Reconfigurable Elliptic Curve Cryptography Acceleration for <Emphasis Type="Italic">GF</Emphasis>(2<Superscript><Emphasis Type="Italic">m</Emphasis></Superscript>) on 32 bit Processors

This paper focuses on the design and implementation of a fast reconfigurable method for elliptic curve cryptography acceleration in GF(2 ^m ). The main contribution of this paper is comparing different reconfigurable modular multiplication methods and modular reduction methods for software implementation on Intel IA-32 processors, optimizing point arithmetic to reduce the number of expensive reduction operations through a novel reduction sharing technique, and measuring performance for scalar point multiplication in GF(2 ^m ) on Intel IA-32 processors. This paper determined that systematic reduction is best for fields defined with trinomials or pentanomials; however, for fields defined with reduction polynomials with large Hamming weight Barrett reduction is best. In GF(2⁵⁷¹) for Intel P4 2.8 GHz processor, long multiplication with systematic reduction was 2.18 and 2.26 times faster than long multiplication with Barrett or Montgomery reduction. This paper determined that Montgomery Invariant scalar point multiplication with Systematic reduction in Projective coordinates was the fastest method for single scalar point multiplication for the NIST fields from GF(2¹⁶³) to GF(2⁵⁷¹). For single scalar point multiplication on a reconfigurable elliptic curve cryptography accelerator, we were able to achieve ∼6.1 times speedup using reconfigurable reduction methods with long multiplication, Montgomery’s MSB Invariant method in projective coordinates, and systematic reduction. Further extensions were made to implement fast reconfigurable elliptic curve cryptography for repeated scalar point multiplication on the same base point. We also show that for L > 20 the LSB invariant method combined with affine doubling precomputation outperforms the LSB invariant method combined with López-Dahab doubling precomputation for all reconfigurable reduction polynomial techniques in GF(2⁵⁷¹) for Intel IA-32 processors. For L = 1000, the LSB invariant scalar point multiplication method was 13.78 to 34.32% faster than using the fastest Montgomery Invariant scalar point multiplication method on Intel IA-32 processors.     

A State-of-the-art Elliptic Curve Cryptographic Processor Operating in the Frequency Domain

We propose a novel area/time efficient elliptic curve cryptography (ECC) processor architecture which performs all finite field arithmetic operations in the discrete Fourier domain. The proposed architecture utilizes a class of optimal extension fields (OEF) GF(q ^m ) where the field characteristic is a Mersenne prime q = 2 ⁿ  − 1 and m = n. The main advantage of our architecture is that it achieves extension field modular multiplication in the discrete Fourier domain with only a linear number of base field GF(q) multiplications in addition to a quadratic number of simpler operations such as addition and bitwise rotation. We achieve an area between 25k and 50k equivalent gates for the implementations over OEFs of size 169, 289 and 361 bits. With its low area and high speed, the proposed architecture is well suited for ECC in small device environments such as sensor networks. The work at hand presents the first hardware implementation of a frequency domain multiplier suitable for ECC and the first hardware implementation of ECC in the frequency domain.

An effective key management scheme for heterogeneous sensor networks

Security is critical for sensor networks used in military, homeland security and other hostile environments. Previous research on sensor network security mainly considers homogeneous sensor networks. Research has shown that homogeneous ad hoc networks have poor performance and scalability. Furthermore, many security schemes designed for homogeneous sensor networks suffer from high communication overhead, computation overhead, and/or high storage requirement. Recently deployed sensor network systems are increasingly following heterogeneous designs. Key management is an essential cryptographic primitive to provide other security operations. In this paper, we present an effective key management scheme that takes advantage of the powerful high-end sensors in heterogeneous sensor networks. The performance evaluation and security analysis show that the key management scheme provides better security with low complexity and significant reduction on storage requirement, compared with existing key management schemes.     

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al . proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al . claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al . protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al . protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd.     

High-performance Public-key Cryptoprocessor for Wireless Mobile Applications

We present a high-speed public-key cryptoprocessor that exploits three-level parallelism in Elliptic Curve Cryptography (ECC) over GF(2 ⁿ ). The proposed cryptoprocessor employs a Parallelized Modular Arithmetic Logic Unit (P-MALU) that exploits two types of different parallelism for accelerating modular operations. The sequence of scalar multiplications is also accelerated by exploiting Instruction-Level Parallelism (ILP) and processing multiple P-MALU instructions in parallel. The system is programmable and hence independent of the type of the elliptic curves and scalar multiplication algorithms. The synthesis results show that scalar multiplication of ECC over GF(2¹⁶³) on a generic curve can be computed in 20 and 16 μs respectively for the binary NAF (Non-Adjacent Form) and the Montgomery method. The performance can be accelerated furthermore on a Koblitz curve and reach scalar multiplication of 12 μs with the TNAF (τ-adic NAF) method. This fast performance allows us to perform over 80,000 scalar multiplications per second and to enhance security in wireless mobile applications.

WSNs中基于FPGA的AES-ECC新型加密系统

针对无线传感器网络的特点,提出一种适于FPGA实现的改进的AES-ECC混合加密系统。本方案采用AES模块对数据进行加密,用SHA-1加密算法处理数据得到数据摘要,用ECC加密算法实现对摘要的签名和对AES私钥的加密。各个算法模块采用并行执行的处理方式以提高运算效率。方案优化了AES加密模块的设计,在占用相对较少逻辑资源的同时提高了系统吞吐率,通过优化ECC乘法单元的设计,提高了数字签名生成和认证的速度,完全满足了无线传感器网络对于稳定性、功耗以及处理速度的要求,给数据传输的安全性提供了高强度的保障。     

用替换标量加速椭圆曲线点乘的研究

在优化有限域上椭圆曲线点乘的研究中,寻找标量的等价表示形式以减少点加和倍点运算的数量一直是关注的热点。因为点乘运算在一个H阶有限群中,利用有限群的性质,Q=kP=（n-k）（-P）。对于椭圆曲线,n-k和-P容易计算,于是计算点乘的标量k可以替换为n-k。因此,计算点乘时可通过选取代价更小的标量来减少计算量。理论和实验研究表明,替换标量可在微小的开销下使通常的重复倍加点算法的点加次数平均减少约5％。     

An Authenticated Identity-Based Key Establishment and Encryption Scheme for Wireless Sensor Networks

1Introduction Wirelesscommunicationhasbeenahotissuesince1990.includingAdhocandwirelesssensornetworks,etc.Especially,WirelessSensorNetwork(WSN).Whichhasreceivedconsiderableattentionduringlast decade[1-2].Ithasbeendevelopedforawidevarietyof applications,inc…     

Data security in unattended wireless sensor networks with mobile sinks

Unattended wireless sensor networks operating in hostile environments face the risk of compromise. Given the unattended nature, sensors must safeguard their sensed data of high value temporarily. However, saving data inside a network creates security problems due to the lack of tamper‐resistance of sensors and the unattended nature of the network. In some occasions, a network controller may periodically dispatch mobile sinks to collect data. If a mobile sink is given too many privileges, it will become very attractive for attack. Thus, the privilege of mobile sinks should be restricted. Additionally, secret keys should be used to achieve data confidentiality, integrity, and authentication between communicating parties. To address these security issues, we present mAKPS, an asymmetric key predistribution scheme with mobile sinks, to facilitate the key distribution and privilege restriction of mobile sinks, and schemes for sensors to protect their collected data in unattended wireless sensor networks. Copyright © 2011 John Wiley & Sons, Ltd.     

Koblitz曲线上改进的ECDSA算法

标量乘法的效率决定着椭圆曲线密码体制的性能,而Koblitz曲线上的快速标量乘算法,是标量乘法研究的重要课题.Lee et al算法采用Frobenius映射扩展正整数k,并将其扩展后的系数改写成二进制形式,有效地提高标量乘算法效率.文中将JSF应用到扩展后的系数中,以较小存储空间为代价来提高算法效率k并将算法用到改进...     

Cryptography with Constant Input Locality

We study the following natural question: Which cryptographic primitives (if any) can be realized by functions with constant input locality, namely functions in which every bit of the input influences only a constant number of bits of the output? This continues the study of cryptography in low complexity classes. It was recently shown by Applebaum et al. (FOCS 2004) that, under standard cryptographic assumptions, most cryptographic primitives can be realized by functions with constant output locality, namely ones in which every bit of the output is influenced by a constant number of bits from the input. We (almost) characterize what cryptographic tasks can be performed with constant input locality. On the negative side, we show that primitives which require some form of non-malleability (such as digital signatures, message authentication, or non-malleable encryption) cannot be realized with constant input locality. On the positive side, assuming the intractability of certain problems from the domain of error correcting codes (namely, hardness of decoding a random binary linear code or the security of the McEliece cryptosystem), we obtain new constructions of one-way functions, pseudorandom generators, commitments, and semantically-secure public-key encryption schemes whose input locality is constant. Moreover, these constructions also enjoy constant output locality and thus they give rise to cryptographic hardware that has constant-depth, constant fan-in and constant fan-out. As a byproduct, we obtain a pseudorandom generator whose output and input locality are both optimal (namely, 3).     

Efficient ID-based multiproxy multisignature without bilinear maps in ROM

Most of the previously proposed identity-based multiproxy multisignature (IBMPMS) schemes used pairings in their construction. But pairing is regarded as an expensive cryptographic primitive in terms of complexity. The relative computation cost of a pairing is approximately more than ten times of the scalar multiplication over elliptic curve group. So, to reduce running time, we first define a model of a secure MPMS scheme, then propose an IBMPMS scheme without using pairings. We also prove the security of our scheme against chosen message attack in random oracle model. Our scheme’s construction avoids bilinear pairing operations but still provides signature in the ID-based setting and reduces running time heavily. Therefore, proposed scheme is more applicable than previous schemes in terms of computational efficiency for practical applications.     

Compromise-resilient anti-jamming communication in wireless sensor networks

Jamming is a kind of Denial-of-Service attack in which an adversary purposefully emits radio frequency signals to corrupt the wireless transmissions among normal nodes. Although some research has been conducted on countering jamming attacks, few works consider jamming attacks launched by insiders, where an attacker first compromises some legitimate sensor nodes to acquire the common cryptographic information of the sensor network and then jams the network through those compromised nodes. In this paper, we address the insider jamming problem in wireless sensor networks. In our proposed solutions, the physical communication channel of a sensor network is determined by the group key shared by all the sensor nodes. When insider jamming happens, the network will generate a new group key to be shared only by the non-compromised nodes. After that, the insider jammers are revoked and will not be able to predict the future communication channels used by the non-compromised nodes. Specifically, we propose two compromise-resilient anti-jamming schemes: the split-pairing scheme which deals with a single insider jammer, and the key-tree-based scheme which copes with multiple colluding insider jammers. We implement and evaluate the proposed solutions using Mica2 Motes. Experimental results show that our solutions have low recovery latency and low communication overhead, and hence they are suitable for resource constrained sensor networks.     

Fine-grained data access control for distributed sensor networks

Distributed sensor networks are becoming a robust solution that allows users to directly access data generated by individual sensors. In many practical scenarios, fine-grained access control is a pivotal security requirement to enhance usability and protect sensitive sensor information from unauthorized access. Recently, there have been proposed many schemes to adapt public key cryptosystems into sensor systems consisting of high-end sensor nodes in order to enforce security policy efficiently. However, the drawback of these approaches is that the complexity of computation increases linear to the expressiveness of the access policy. Key-policy attribute-based encryption is a promising cryptographic solution to enforce fine-grained access policies on the sensor data. However, the problem of applying it to distributed sensor networks introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control scheme using KP-ABE with efficient attribute and user revocation capability for distributed sensor networks that are composed of high-end sensor devices. They can be achieved by the proxy encryption mechanism which takes advantage of attribute-based encryption and selective group key distribution. The analysis results indicate that the proposed scheme achieves efficient user access control while requiring the same computation overhead at each sensor as the previous schemes.     

Flexible Hardware Processor for Elliptic Curve Cryptography Over NIST Prime Fields

Exchange of private information over a public medium must incorporate a method for data protection against unauthorized access. Elliptic curve cryptography (ECC) has become widely accepted as an efficient mechanism to secure sensitive data. The main ECC computation is a scalar multiplication, translating into an appropriate sequence of point operations, each involving several modular arithmetic operations. We describe a flexible hardware processor for performing computationally expensive modular addition, subtraction, multiplication, and inversion over prime finite fields $GF(p)$ . The proposed processor supports all five primes $p$ recommended by NIST, whose sizes are 192, 224, 256, 384, and 521 bits. It can also be programmed to automatically execute sequences of modular arithmetic operations. Our field-programmable gate-array implementation runs at 60 MHz and takes between 4 and 40 ms (depending on the used prime) to perform a typical scalar multiplication.      

Access control in wireless sensor networks

Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious “new” nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.