L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things

Bibliographic Details
Main Author: Malik, Manisha
Publication Date: 2023
Other Authors: Kamaldeep, null, Dutta, Maitreyee, Granjal, Jorge
Format: Article
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: https://hdl.handle.net/10316/114713
https://doi.org/10.1109/ACCESS.2023.3261666
Summary: The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer.We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 27%, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.
id RCAP_e5da63a3e0943baab8a98032fefa7c9e
oai_identifier_str oai:estudogeral.uc.pt:10316/114713
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of ThingsCryptographic primitiveauthenticationkey agreementInternet of Things (IoT)elliptic curve Qu Vanstone (ECQV)ephemeral Diffie-Hellman over COSE (EDHOC)The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer.We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 27%, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.IEEE2023info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttps://hdl.handle.net/10316/114713https://hdl.handle.net/10316/114713https://doi.org/10.1109/ACCESS.2023.3261666eng2169-3536Malik, ManishaKamaldeep, nullDutta, MaitreyeeGranjal, Jorgeinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-04-05T11:55:00Zoai:estudogeral.uc.pt:10316/114713Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T06:07:54.343373Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
title L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
spellingShingle L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
Malik, Manisha
Cryptographic primitive
authentication
key agreement
Internet of Things (IoT)
elliptic curve Qu Vanstone (ECQV)
ephemeral Diffie-Hellman over COSE (EDHOC)
title_short L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
title_full L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
title_fullStr L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
title_full_unstemmed L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
title_sort L-ECQV: Lightweight ECQV Implicit Certificates for Authentication in the Internet of Things
author Malik, Manisha
author_facet Malik, Manisha
Kamaldeep, null
Dutta, Maitreyee
Granjal, Jorge
author_role author
author2 Kamaldeep, null
Dutta, Maitreyee
Granjal, Jorge
author2_role author
author
author
dc.contributor.author.fl_str_mv Malik, Manisha
Kamaldeep, null
Dutta, Maitreyee
Granjal, Jorge
dc.subject.por.fl_str_mv Cryptographic primitive
authentication
key agreement
Internet of Things (IoT)
elliptic curve Qu Vanstone (ECQV)
ephemeral Diffie-Hellman over COSE (EDHOC)
topic Cryptographic primitive
authentication
key agreement
Internet of Things (IoT)
elliptic curve Qu Vanstone (ECQV)
ephemeral Diffie-Hellman over COSE (EDHOC)
description The vast expansion of the Internet of Things (IoT) devices and related applications has bridged the gap between the physical and digital world. Unfortunately, security remains a major challenge and the lack of secure links have fueled the increased attacks on IoT devices and networks. Due to its inherent scalability, Public Key Infrastructure (PKI) is the well-known and classic approach to bring public-key certificate based security to IoT. Even though the standard X.509 explicit certificates can be viable solution, they are inefficient and too large for resource constrained IoT networks and therefore, smaller, faster and more efficient Elliptic Curve Qu Vanstone (ECQV) implicit certificates can be employed for establishing authenticated connections in IoT. Moreover, the existing certificate-based authentication proposals in standardized IoT networks have either been deployed at the transport or physical layers. Thus, these proposals fail to provide true end-to-end security to messages at the application layer in the presence of intermediate CoAP proxies. This challenging aspect is addressed in this proposal by focusing on the certificate-based authentication at the application layer to ensure true end-to-end security of messages. Additionally, IoT application layer security protocols like EDHOC lacks mechanism for authenticated distribution of public keys and thus, there is a need for lightweight authentication based cryptographic primitive for establishing secure key agreement in IoT. This paper introduces a design and implementation of a lightweight ECQV implicit certificate and use them for authenticated key exchange in EDHOC at the application layer.We also design a lightweight profile with a novel encoding mechanism for ECQV implicit certificate, called L-ECQV. To prove its viability, L-ECQV has been implemented and evaluated on Contiki operating system. Our evaluation results show that the proposed L-ECQV certificate approach reduces energy consumption by 27%, message overhead of EDHOC handshake by 52%, and shows improvements in certificate validation time. The security analysis demonstrates that proposed L-ECQV certificates for EDHOC protocol is secure against a number of attack vectors present in the IoT network. This novel combination of ECQV certificates with EDHOC key exchange leads to a secure and lightweight authenticated key agreement in IoT networks.
publishDate 2023
dc.date.none.fl_str_mv 2023
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/10316/114713
https://hdl.handle.net/10316/114713
https://doi.org/10.1109/ACCESS.2023.3261666
url https://hdl.handle.net/10316/114713
https://doi.org/10.1109/ACCESS.2023.3261666
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2169-3536
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv IEEE
publisher.none.fl_str_mv IEEE
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833602586585858048

Similar Items