Volume 5 , Issue 1 , PP: 49-67, 2021 | Cite this article as | XML | PDF | Full Length Article
Ali E. Takieldeen 1 , Fahmi Khalifa 2 *
With the progressive development of a wide range of applications that interconnect things, internet of things (IoT) become an imperative required trend by industries and academicians. IoT allows these things to be remotely accessed or controlled depending on internet protocol (IP) networks. This technology increases accuracy and efficiency of the tasks relied on, also facilitate daily people life. The huge applications domain infrastructure which depends on IoT, requires a trusted connection to guarantee a security and privacy while transferring data. IoT Privacy insurance essentially encounter many challenges to apply effective authentication protocols and procedures due to heterogeneous and dynamic nature. A lot of researches and theses have offered multiple ways for data authentication schemes depending on the underlying system architecture and a treatment to the security breaching problem caused by flaws and weak points in previous schemes. This paper provides complete and up-to-date review of lightweight cryptography for IoT authentication based on elliptic curve cryptography (ECC). ECC has many advantages if compared with other cryptographic systems. It is ideal to be implemented in most IoT devices specially in resource constrained devices with optimum implementation. That has been accomplished through delving into schemes with detailed explanation to guide future researchers in IoT lightweight authentication field. Furthermore, a comparison was performed with the proposals presented in the study to identify the considerations to design lightweight ECC scheme..
Cryptography, Elliptic Curve, Internet of Things, Authentication, and Security analysis
References
1. M. El-hajj, A. Fadlallah, M. Chamoun and A. Serhrouchni “A Survey of Internet of Things (IoT) Authentication Schemes”, Sensors, Vol.19, No.5, 2019, Art. No.1141, doi: 10.3390/s19051141.
2. M. G. Samaila, M. Neto, D. A. Fernandes, M. M. Freire and P. R. Inácio, “Challenges of securing Internet of Things devices: A survey”, Security and Privacy Vol.1, No.2, 2018, doi: 10.1002/spy2.20.
3. S. Symanovich, “The future of IoT: 10 predictions about the Internet of Things,” Accessed: Aug. 25, 2020. [Online]. Available: https://us.norton.com/internetsecurity-iot-5-predictions-for-the-future-of-iot.html.
4. M. Naeem, S. A. Chaudhry, K. Mahmood, M. Karuppiah and S. Kumari, “A scalable and secure RFID mutual authentication protocol using ECC for Internet of Things”, International Journal of Communication systems, Vol.33, No.13, 2019, doi: 10.1002/dac.3906.
5. S. Rostampourab, M. Safkhanic, Y. Bendavida and N. Bagheri, “ECCbAP: A secure ECC-based authentication protocol for IoT edge devices”, Pervasive and Mobile Computing, Vol. 67, Sep. 2020, doi: 10.1016/j.pmcj.2020.101194.
6. I. Abdellatif and Y. Bendavid, “Using a multi-perspective approach in the selection of an Internet-of-Things system,” in: Proceedings of the 2018 International Conference of the Association of Global Management Studies, Montreal, vol. 1, pp. 46-52, 2018.
7. O. Abualghanam, M. Qatawneh and W. Almobaideen, “A Survey of Key Distribution in the Context of Internet of Things,” Journal of Theoretical and Applied Information Technology, vol. 97, no. 22, pp. 3217–3241, 2019.
8. M. Saadeh, A. Sleit, K E. Sabri and W. Almobaideen, “Object Authentication in the Context of the Internet of Things: A Survey”, Journal of Cyber Security and Mobility, Vol. 9, No.3, pp. 385–448, 2020.
9. S. Kavianpour, B. Shanmugam, S.Azam , M. Zamani , G. N. Samy and F. De Boer, “A Systematic Literature Review of Authentication in Internet of Things for Heterogeneous Devices”, Journal of Computer Networks and Communications, Vol. 2019, Art. No. 5747136, doi :10.1155/2019/5747136.
10. W. M. Kang, S.Y. Moon and J. H. Park, “An enhanced security framework for home appliances in smart home”, Human-centric Computing and Information Sciences, Vol.7, 2017, Art. No.6, doi :10.1186/s13673-017-0087-4.
11. S. Batool, N. Hassan, N. A. Saqib, and M. A. K. Khattak, “Authentication of Remote IoT Users Based on Deeper Gait Analysis of Sensor Data”, IEEE Access, vol. 8, pp. 101784-101796, 2020, doi :10.1109/ACCESS.2020.2998412.
12. Z. Vahdati, S. M. Yasin, A. Ghasempour, M. Salehi, “Comparison of ECC and RSA Algorithms in IoT Devices”, Journal of Theoretical and Applied Information Technology, Vol.97. No 16, Aug. 2019.
13. M. Ali, R. Reaz and M. G. Gouda, “Nonrepudiation protocols without a trusted party”, 4th International Conference on Networked Systems, NETYS 2016, vol 9944, pp 1-15 May 2016, Springer 2016, doi : 10.1007/978-3-319-46140-3_1.
14. S. S. Dhanda, B. Singh, P. Jindal, “Lightweight Cryptography: A Solution to Secure IoT”, Wireless Personal Communications, Vol.112, pp. 1947–1980, 2020, https://doi.org/10.1007/s11277-020-07134-3
15. K. A. McKay, L. Bassham, M. S. Turan, and N. Mouha, ``Report on lightweight cryptography,'' Nat. Inst. Standards Technol., Gaithersburg, MD, USA, Tech. Rep. NISTIR 8114, Mar. 2017, doi : 10.6028/NIST.IR.8114.
16. Mohammed F. Albrawy, Ali Takieldeen, and Rashed Moktar El Awade. “Digital Data Encryption using Modified Method for Point Operations in ECC using Matlab” International Journal of Computer Science Engineering and Information Technology (IJCSEIT), ISSN (P): 2249-6831; ISSNI: 2249-7943, Vol. 4, Issue 3, PP: 159-170, Jun 2014, India.
17. C. Jiang, B. Li, and H. Xu, “An efficient scheme for user authentication in wireless sensor networks,” in Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07), pp. 438–442, Niagara Falls, Canada, May 2007, doi :10.1007/978-3-642-25255-6_34.
18. X. H. Le, M. Khalid, R. Sankar, and S. Lee, “An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare,” Journal of Networks, vol. 6, no. 3, pp. 355–364, 2011, doi: 10.4304/jnw.6.3.355-364.
19. S. Garg, K. Kaur, G. Kaddoum, S. H. Ahmedy, F.Gagnon, and M. Guizaniz, “ECC-based Secure and Lightweight Authentication Protocol for Mobile Environment”, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Paris, France, 2019, pp. 1-6, doi :10.1109/INFOCOMWKSHPS47286.2019.9093756.
20. J. Joglekar, S. Bhutani, N. Patel, and P. Soman, “Lightweight Elliptical Curve Cryptography (ECC) for Data Integrity and User Authentication in Smart Transportation IoT System”, International Conference on Sustainable Communication Networks and Application (ICSCN): Sustainable Communication Networks and Application, Lecture Notes on Data Engineering and Communications Technologies, vol 39. 2019, Springer, Cham. Doi :10.1007/978-3-030-34515-0_28
21. Sameh N. Gobran , Ali Takieldeen, and El-Sayed A. El-Badawy. "Digital Image Encryption Based on RSA Algorithm" International Organization of Scientific Research Journal of Electronics and Communication Engineering (IOSR-JECE), Volume 9, Issue 1, PP 69-73 , e-ISSN: 2278-2834, p- ISSN: 2278-8735, Jan. 2014, India
22. A. A. Alamr, F. Kausar, J. Kim and C. Seo, “A secure ECC-based RFID mutual authentication protocol for internet of things”, The Journal of Supercomputing, Vol.74, pp. 4281–4294, 2018, springer, doi: 10.1007/s11227-016-1861-1.
23. P. K. Dhillon, S. Kalra, “Secure and efficient ECC based SIP authentication scheme for VoIP communications in internet of things”, Multimedia Tools and Applications, Vol.78, pp.22199–22222,2019, doi: 10.1007/s11042-019-7466-y.
24. Z. Liu, X. Huang, Z. Hu, M. K. Khan, H. Seo and L. Zhou, "On Emerging Family of Elliptic Curves to Secure Internet of Things: ECC Comes of Age," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 3, pp. 237-248, 1 May-June 2017, doi: 10.1109/TDSC.2016.2577022.
25. Ali Takieldeen, Said H. Abd Elkhalik, Ahmed S. Samra,Mohamed A. Mohamed and Fahmi Khalifa.“A Robust Security Scheme Based on Novel Encoding with LSB Steganography” The 2021 International Telecommunications Conference, ITC-Egypt'2021, July 13 - 15, 2021, ADC, Alexandria, Egypt
26. Unit 42, “2020 Unit 42 IoT Threat Report,” Accessed: Aug. 26, 2020. [Online]. Available: https://unit42.paloaltonetworks.com/iot-threat-report-2020.
27. M. Nikooghadam and H. Amintoosi, “A secure and robust elliptic curve cryptography-based mutual authentication scheme for session initiation protocol”, security and privacyVol.3, No.1,2019, doi: 10.1002/spy2.92.
28. E. Shaikh, I. Mohiuddin and A. Manzoor, "Internet of Things (IoT): Security and Privacy Threats," 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 2019, pp.1-6, doi: 10.1109/CAIS.2019.8769539.
29. M. Zaminkar and R. Fotohi, “SoS‑RPL: Securing Internet of Things Against Sinkhole Attack Using RPL Protocol‑Based Node Rating and Ranking Mechanism”, Wireless Personal Communications, Vol.144, pp.1287–1312, 2020, doi: 10.1007/s11277-020-07421-z.
30. A. Biryukov, A. Shamir and D. Wagner, “Real time cryptanalysis of A5/1 on a PC, Fast Software Encryption (FSE)”, LNCS, Vol. 1978, pp. 1–18, 2001, New York: Springer.
31. L. JIAO1, Y. HAO and D. FENG, “Stream cipher designs: a review”, SCIENCE CHINA Information Sciences, Vol.63, No.3, 2020, doi: 10.1007/s11432-018-9929-x.
32. C. Manifavas, G. Hatzivasili, K. Fysarakis and Y. Papaefstathiou, “A survey of lightweight stream ciphers for embedded systems”, Security and Communication Networks, Vol. 9, pp. 1226– 1246, 2016, doi: 10.1002/sec.1399.
33. N. AlFardan, D. J. Bernstein, K.G. Paterson, B. Poettering and J. C. Schuldt. “On the security of RC4 in TLS”, 22nd USENIX Security Symposium, USENIX Security, Washington DC, USA, pp. 305–320, 2013.
34. J. Massey, “Shift-register synthesis and BCH decoding”, IEEE Transactions on Information Theory, Vol.15, No.1, pp.122–127, 1969, doi: 10.1109/TIT.1969.1054260.
35. S. B. Sadkhan and Z. Hamza, "Proposed Enhancement of A5/1 stream cipher," 2019 2nd International Conference on Engineering Technology and its Applications (IICETA), Al-Najef, Iraq, 2019, pp. 111-116, doi: 10.1109/IICETA47481.2019.9013008.
36. R. Bonnerji, S. Sarkar, K. Rarhi and A. Bhattacharya, “COZMO - A new lightweight stream cipher”, PeerJ Preprints, Vol.6, doi: 10.7287/peerj.preprints.6571v1.
37. B. J. Mohd and T. Hayajneh, "Lightweight Block Ciphers for IoT: Energy Optimization and Survivability Techniques," in IEEE Access, vol. 6, pp. 35966-35978, 2018, doi: 10.1109/ACCESS.2018.2848586.
38. D. Sehrawat, N. S. Gill and M. Devi, "Comparative Analysis of Lightweight Block Ciphers in IoT-Enabled Smart Environment," 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN), Noida, India, 2019, pp. 915-920, doi: 10.1109/SPIN.2019.8711697.
39. A. Biswas, A. Majumdar, S. Nath, A. Dutta and K. L. Baishnab, “LRBC: a lightweight block cipher design for resource constrained IoT devices”, Journal of Ambient Intelligence and Humanized Computing, 2020, doi: 10.1007/s12652-020-01694-9.
40. Y. Su, Y. Gao, O. Kavehei and D. C. Ranasinghe, "Hash Functions and Benchmarks for Resource Constrained Passive Devices: A Preliminary Study," 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kyoto, Japan, 2019, pp. 1020-1025, doi: 10.1109/PERCOMW.2019.8730835.
41. B. Seok, J. Park and J. H. Park, “A Lightweight Hash-Based Blockchain Architecture for Industrial IoT”, Applied Sciences, vol.9, No.18, 2019, doi: 10.3390/app9183740.
42. A. Kumar, A. Aggarwal, N. J. Ahuja and R. Singhal “Design and Analysis of Elliptic Curve Cryptography-Based Multi-Round Authentication Protocols for Resource-Constrained Devices”, Intelligent Communication, Control and Devices. Advances in Intelligent Systems and Computing, vol.989, pp.707-717, 2019, Springer, Singapore, doi: 10.1007/978-981-13-8618-3_72.
43. S. Adhikari and S. Ray, “A Lightweight and Secure IoT Communication Framework in Content-Centric Network Using Elliptic Curve Cryptography”, Recent Trends in Communication, Computing, and Electronics, Lecture Notes in Electrical Engineering, vol.524, pp. 207-216, Dec.2018, Springer, Singapore, doi: 10.1007/978-981-13-2685-1_21.
44. Y. Jiang, Y. Shen and Q. Zhu, “A Lightweight Key Agreement Protocol Based on Chinese Remainder Theorem and ECDH for Smart Homes”, vol. 20, no.5, 2020, Sensors, doi: 10.3390/s20051357.
45. D. Noori, H. Shakeri and M. N. Torshiz, “Scalable, efficient, and secure RFID with elliptic curve cryptosystem for Internet of Things in healthcare environment”, EURASIP Journal on Information Security, No.13, 2020 doi: 10.1186/s13635-020-00114-x
46. A. Shafiq, I. Altaf, K. Mahmood, S. Kumari and C. M. Chen, “An ECC Based Remote User Authentication Protocol”, Journal of Internet Technology, vol.21, pp.285-294, 2020, doi:10.3966/160792642020012101024.
47. Y. S. Wei and J. h. Chen. “Tripartite Authentication Protocol RFID/NFC Based on ECC”, International Journal of Network Security, Vol.22, No.4, PP.664-671, July 2020, doi: 10.6633/IJNS.202007 22(4).15.
48. X. Qin, Y. Huang and X. Li, “An ECC-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks”, Soft Computing, 2020, doi: 10.1007/s00500-020-05117-x.
49. J. Guruprakash and S. Koppu, "EC-ElGamal and Genetic Algorithm-Based Enhancement for Lightweight Scalable Blockchain in IoT Domain," in IEEE Access, vol. 8, pp. 141269-141281, 2020, doi: 10.1109/ACCESS.2020.3013282.
50. L. C. Thungon, N. Ahmed, S. C. Sahana and M. I. Hussain, “A lightweight authentication and key exchange mechanism for IPv6 over low-power wireless personal area networks-based Internet of things”, Transactions on Emerging Telecommunications Technologies, 2020, doi: 10.1002/ett.4033.
51. A. Aziz and K. Singh, “Lightweight Security Scheme for Internet of Things”, Wireless Personal Communications, vol.104, pp.577-593, 2019, doi: 10.1007/s11277-018-6035-4.
52. A. Kumar and A. K. Jain, “A Lightweight Authentication Scheme for RFID Using ECC”, 4th International Conference on Internet of Things and Connected Technologies (ICIoTCT), Advances in Intelligent Systems and Computing, vol 1122, pp. 177-183, 2019, Springer, Cham., doi: 10.1007/978-3-030-39875-0_19.
53. M. A. Khan, M. T. Quasim, N. S. Alghamdi and M. Y. Khan, "A Secure Framework for Authentication and Encryption Using Improved ECC for IoT-Based Medical Sensor Data," in IEEE Access, vol. 8, pp. 52018-52027, 2020, doi: 10.1109/ACCESS.2020.2980739.
54. P. K. Panda and S. Chattopadhyay, “A secure mutual authentication protocol for IoT environment”, Journal of Reliable Intelligent Environments, vol.6, pp.79-94, 2020, doi: 10.1007/s40860-020-00098-y.
55. P. G. Chilveri and M. S. Nagmode, “A novel node authentication protocol connected with ECC for heterogeneous network”, Wireless Networks, vol.26, pp.4999–5012, 2020, doi: 10.1007/s11276-020-02358-4.
56. S. Chatterjee and S. G. Samaddar, “A Robust Lightweight ECC-Based Three-Way Authentication Scheme for IoT in Cloud”, Smart Computing Paradigms: New Progresses and Challenges, vol. 767, pp.101-111, 2019, doi: 10.1007/978-981-13-9680-9_7
57. B. A. Alzahrani, S.A. Chaudhry, A. Barnawi, A. Al-Barakati, and T. Shon, “An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices”, Electronics vol.9, no.3, 2020, doi: 10.3390/electronics9030520.
58. K. Sowjanya, M. Dasgupta and S. Ray, “An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems”, International Journal of Information Security, vol.19, pp.129–146, 2020, doi: 10.1007/s10207-019-00464-9.
59. Z. Xie and L. Jiang, “An improved authentication scheme for Internet of things”, IOP Conf. Series: Materials Science and Engineering, vol. 715, 2020, doi: 10.1088/1757-899X/715/1/012031.
60. E. Gyamfi, J. A. Ansere and L. Xu, "ECC Based Lightweight Cybersecurity Solution for IoT Networks Utilising Multi-Access Mobile Edge Computing," 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC), Rome, Italy, 2019, pp. 149-154, doi: 10.1109/FMEC.2019.8795315.
61. C.A. L. Nino, A. D. Perez and M. M. Sandoval, “Lightweight elliptic curve cryptography accelerator for internet of things applications”, Ad Hoc Networks, vol.103, no.1, 2020, doi: 10.1016/j.adhoc.2020.102159.
62. P. Kasyoka, M. Kimwele and S. M. Angolo, “Multi-user broadcast authentication scheme for wireless sensor network based on elliptic curve cryptography”, Engineering Reports, vol.2, no.7, 2020; doi: 10.1002/eng2.12176.
63. A. K. Das, M. Wazid, A. R. Yannam, J. J. P. C. Rodrigues and Y. Park, "Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment," in IEEE Access, vol. 7, pp. 55382-55397, 2019, doi: 10.1109/ACCESS.2019.2912998.
64. B. Seok, J.C. S. Sicato, T. Erzhena, C. Xuan, Y. Pan and J. H. Park, “Secure D2D Communication for 5G IoT Network Based on Lightweight Cryptography”, Applied Sciences , vol.10, no.1, 2020, doi: 10.3390/app10010217.
65. L. ZHOU, C. SU, Z. HU, S. LEE and H. SEO, “Lightweight Implementations of NIST P-256 and SM2 ECC on 8-bit Resource-Constraint Embedded Device” ACM Transactions on Embedded Computing Systems, Vol. 18, No. 3, Article 23, 2019, doi: 10.1145/3236010.
66. G. Gaubatz, JP. Kaps and B. Sunar, “Public Key Cryptography in Sensor Networks—Revisited”, Ad-hoc and Sensor Networks. ESAS 2004. Lecture Notes in Computer Science, vol.3313, 2004, Springer, Berlin, Heidelberg, doi:10.1007/978-3-540-30496-8_2
67. Ali Takieldeen, Said H. Abd Elkhalik, Ahmed S. Samra, Mohamed A. Mohamed and Fahmi Khalifa. “A Robust and Hybrid Cryptosystem for Identity Authentication” MDPI Information, Vol 12, Issue 3, ISSN 2078-2489, July2021, Switzerland.
68. A. Gawade and R. Vinchhi, “Lightweight Random Number Generation for Elliptic Curve Cryptography for Use in IoT”, pp. 67-73, 2020, Advanced Computing Technologies and Applications, Algorithms for Intelligent Systems, Springer, Singapore, doi: 10.1007/978-981-15-3242-9_7.
69. J. Mo, Z. Hu, and Y. Lin, “Cryptanalysis and Security Improvement of Two Authentication Schemes for Healthcare Systems Using Wireless Medical Sensor Networks”, Security and Communication Networks, Volume 2020, Art. ID. 5047379, doi: doi.org/10.1155/2020/5047379.
70. C. Patel and N. Doshi, "Cryptanalysis of ECC-based key agreement scheme for generic IoT network model," 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India, 2019, pp. 1-7, doi: 10.1109/ICCCNT45670.2019.8944674.