Sie sind auf Seite 1von 11

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No.

ECC Public Key Cryptosystem for Security Services in Mobile Communication: A Study
Ganesh Chandra
Department of CSE Kamla Nehru Institute of Technology (U.P.), India ganesh.iiscgate@gmail.com

Dharmendra Lal Gupta


Assistant Professor, Department of CSE2 Kamla Nehru Institute of Technology (U.P.), India dlgupta2002@gmail.com

Dr. Anil Kumar Malviya


Associate Professor, Department of CSE3 Kamla Nehru Institute of Technology (U.P.), India

anilkmalviya@yahoo.com

Satyendra Singh
Department of CSE Kamla Nehru Institute of Technology (U.P.), India

satyendra.cse@gmail.com

Vinod Kumar Yadav


Department of CSE Kamla Nehru Institute of Technology (U.P.), India

vinodrockcsit@gmail.com

Abstract
Elliptic Curve Cryptography is a complex public key cryptosystem where several parameters have to be selected carefully before its implementation for wireless communication system. A huge amount of research are going on for the security of wireless system. A current research validate both symmetric and asymmetric cryptography where as public key cryptography such as Elliptic Curve Cryptography(ECC) is more feasible and provide better security for wireless communication system. This paper serves the complexity of ECC on wireless communication system and also present a better end-to-end security by using TLS handshake protocol, SSL and authentication protocol. Keywords: ECC, Wireless network, end-to-end security, TLS handshake protocol, SSL, authentication protocol.

1.Introduction
The importance of security in wireless communication system has become increasingly important and key system cryptography technologies have been developing rapidly to address them. Wireless network (WN) has been experiencing an explosive growth in recent years and offered attractive flexibility to network operators and users. Elliptic Curve Cryptosystem is relatively new. This system was first introduced by Victor Miller [Mil86] and Neil Koblitz [Kob87][1],[2]. The theory of Elliptic Curve Cryptosystem is a classical topic in many branches of algebra and number theory, but recently it is receiving more attention in cryptography because of its linear scalability, a small footprint, low hardware implementation cost, low bandwidth requirement, security and high device performance. Now a days there are many encryption algorithms exist to help our communication system secure. These algorithms vary in complexity and ability to resist cracking. Ciphers are two major types, 12

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

symmetric and asymmetric. Each algorithm has their advantages and disadvantages. Symmetric Cipher is significantly faster than asymmetric cipher.

1.1 Public Key Encryption:


This method consisting of two keys a public key and a private key. The algorithm used in asymmetric, such as RSA are usually based on solving number theoretical problems. The security of these algorithms is assured by the inherent difficulty of solving a problem. Example is decomposing large mount into their prime factors. The advantage of asymmetric is in its functionality. It provide security in wide range of application that cannot be solved using only symmetric technique [3],[4]. The following figure 1 shows the typical Asymmetric encryption.

Figure 1: Asymmetric Encryption [4]

1.1.1 RSA Public Key Encryption:


RSA(Rivest, Shamir and Adleman) is widely used public key stream. It is an asymmetric key stream, which uses variable key size 512-bit, 1024-bit and 2048-bit RSA are the most common. Its security lies in the difficulty of factoring large composite integers. Although RSA is the most popular asymmetric cryptograph, ECC offers a smaller key sizes, faster computation, as well memory, energy and bandwidth savings and is thus better suited for small devices. The difficulty of the encryption process lies in the exponentiation. In 512bit RSA, M, e and n are potentially 512-bit number, which cannot be represented in standard integers format. C = Me mod n

1.1.2 ECC as Public Key Encryption:


Elliptic Curve Cryptosystem , few years ago ECC was still a new cryptosystem and researchers did not know if ECC schemes could be implemented efficiently and securely .Since then researchers have studied ECC and determined it is stronger ,more efficient technology that is ideally suited for resource-constrained environment , such as smart cards , cell phones , and personal digital assistants (PDSs)[5]. Moreover, due to the apparent hardness of the underlying elliptic curve discrete algorithm problem (ECDLP). ECC system also suited for applications that need long-term security requirements. This requires much processing while at the same time being much harder to crack. For instance, a 256-bit ECC key is secure as a 3072-bit RSA key. An elliptic curve E over field F is defined by the Weierstrass equation [6]: y2 = x3 + ax + b An important characteristic of elliptic curves is that the points on the elliptic curves form a group .Details of this elliptic curve you may refer to [7]. Various researcher have proved that ECC requires more time to break as compared RSA and DSE Certiom[5], in Certicom the result of their study had been summarized. ECC 13

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

provides greater efficiency than either integer factorization systems or discrete algorithm systems, in terms of computation and code size reductions. ECC has been accepted as a standard by various bodies.

1.1.3 Benefits of ECC over RSA:


The significant smaller parameters used in ECC than with RSA is an advantage that can be gained from smaller parameters included in speed in smaller keys or certificates. These advantages are specifically important in environments where at least one of the following resources is limited: Power consumption Processing power Storage space Bandwidth

Thus, ECC is especially well suited for constrained environments such as small cards, cellular phones, PDAs, digital potage marks, to name a few. 128-bit protection is necessary to achieve relatively lasting security. The comparison between RSA and ECC [8] can be explained by below table 1:
Table 1: The comparison between RSA and ECC using bits

Security (Bits) 80 112 128 192 256 1.2 Secret Key Encryption:

Symmetric encryption algorithm sklpjack 3DES AES-128 AES-192 AES-256

Minimum Size (Bits) of public keys DSA/DH RSA 1024 1024 2048 2048 3072 3072 7680 7680 15360 15360 ECC 160 224 256 384 512

In this instance, the same key is used for encryption and decryption. Symmetric Cryptography involve to parties who share a joint secret or key. This exclusive knowledge of the key enables private and secure communication between the two parties. Figure 2 depicts a Shared Secrete Key mode of a Symmetric Encryption [3].

Figure 2: Symmetric Encryption [3]

14

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

2. Related Work
In the literature, many authors have tried to exploit the features of ECC field to deploy for security applications. We have, outlined some of the highlights of the relevant work in this section. A comprehensive guide for elliptic curve cryptography is given in [9]. Additional documentation on ECC can be found in [10] [11]. There have been numerous ECC implementations in various contexts (e.g., Crypto[12]). Most of these implementations are aimed at traditional computing platforms such as PCs. M.Aydos et al. [13] has presented an implementation of ECC over the field GF(p) on an 80 MHz, 32 bit RAM microprocessor along with the result. Kristin Lauter has provided an overview of ECC for wireless security [14]. It focuses on the performance advantages in the wireless environment or mobile communication system by using ECC instead of the traditional RSA cryptosystem. Using symmetric encryption to authenticate needs to carry large amount of pre-distribution key, and the node will consume too large memory space. So, using this authentication method in the large-scale mobile communication system will make the network expandability very bad. Public Key Cryptography (PKC) has unique authentication reliability and can prevent the Man-In-Middle Attack [15] effectively. Many scholars studied on the public key arithmetic in WSN. Such as TinyPK [16] entity authentication protocol Which based on low-level RSA [17] proposed by R. Watro, and strong user authentication protocol [18] proposed by Z.Benenson et al. Security issues in ad-hoc network are similar to those in sensor networks and well explained in literature[19] [20] but security solution of ad-hoc network can not be directly implemented on wireless sensors. Some security mechanisms for authentication and secure routing protocols are based on public key cryptography [21]. Usually public key cryptography is computationally expensive for sensor nodes, for e.g. RSA cryptosystem. Compared with RSA and other public-key cryptosystem, elliptic curve cryptography (ECC) has many special advantage such as lower requirements of the bits length of key, higher intensity, less parameters, which is especially for space constrained and bandwidth constrained situation [22]. So, ECC is more compatible to be used in the WSNs which have limited resources [23].Table 2 [24] show the key length of three cryptography under the same security property , as follows:
Table 2:Comparision table

Key Length of RSA/DSA

512 768 1024 2048

Key Length of ECC 106 132 160 210

Key Length Ratio of RSA/ECC

5:1 6:1 7:1 10:1

3. Wireless Communication Network System


A wireless communication network consists of different sensors to monitors environmental parameter such as temperature, sound, pressure or motion. A wireless communication network is based on real time changes in environment by a network of sensors. So wireless communication system are used to solve various problems related to real time monitoring. In real time environment security is an essential requirement to send secure data to the base station on time without any changes in wireless communication system. In this system nodes are small and inexpensive computers that have limited computation and wireless capabilities. In this network, it is 15

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

extremely important to provide certain basic security mechanism and protocols in order to avoid attacks from malicious adversaries or unauthorized persons. This system can be represented by following figure 3:
Detection Area

Internet/ Satellite

sink Sink-to- sink Server-to-server Sink-to-sensor

sensor Task Manager Node (User)

sensor-to-sensor

Figure 3: WSN communication model

Wireless Communication System or Wireless Sensors Networks (WSNs) [25] are a variant of Low Power Wireless Personal Area Network (Low PAN,s). Considered efforts are being deployed to integrate Low PANs with other wired and wireless IP networks, in order to make use of pervasive nature and the existing infrastructure associated with IP technologies. The Internet Engineering Task Force (IETF) is standardized the deployment of IPv6 over Low PANs through a working group known as 6 lowPAN. LowPAN has introduced the notion of IP-based Wireless Sensors Networks (IP-based WSNs). Indeed, the emergence of IP-based WSNs makes the need to define security mechanism more and more important.

3.1 Security Mechanism for Wireless Communication System by ECC


The security and safety orientation is an important aspect for secure communication between different nodes wireless communication networks. ECC [26] has many advantages such as new encryption technology, fast encryption result, sort key and so on. So it has gradual known and used in mobile office security system. The ECC [28] is based on the algebraic concepts relative with elliptic curve over finite fields FP or F2m. The measure benefit of ECC is the size of its key (160-bit against 1024-bit in the RSA [27]). To encrypt and send a message Pm to B, A chooses a random positive integer k and produce the cipher text Cm as given by equation (1) consisting of the pair of points. Cm = [kG, Pm + kPB] .1 Where, PB is a public key of B. To decrypt the cipher text, B multiple the first point in the pair by Bs private key and nB and subtract the result from the second by as shown by equation(2). Pm+kPB-nB(kG) = Pm+k(nBG)-nB(kG) = Pm .2 A key exchange between A and B can be accomplished as follow: Step1: A select an integer nA < n as A' s private key. Step2: A generates a public key PA=nA*G, which is a point in Eq (a,b). Step3: B select an integer nB < n as Bs private key. Step4: B generates a public key PB = nB*G 16

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

Step5: Public key are exchanged between A and I B, A generates the secret key K=nA*PB, B generates the secret key K=nB*PA

3.2 ECC Security Protocol


A security protocol formally specifies a set of steps to be followed by two or more communicating parties, so that the mutually desired security objectives are satisfied. The term security objectives are often used to denote the security services or functionality required in a system or network to protect sensitive data and/or identity. The four main security objectives include.

3.2.1 Confidentiality
This is the most popular requirement of security protocols, and it means that the secrecy of the data being exchanged by the communicating parties is maintained, i.e., no one other than the legitimate parties should know the content of the data being exchanged.

3.2.2 Authentication
It should be possible for the receiver of a message to ascertain its origin, i.e., to ensure that the sender of the message is who he claims to be, and the message was sent by him. This prevents a malicious entity from masquerading and other security factors. 3.2.3 Integrity It provides a means for the receiver of a message to verify that the message was not altered in transit. This is necessary to prevent a malicious entity from substituting a false message in the place of a legitimate one or to tamper with the original message.

3.2.4 No repudiation
The sender of a message should not be able to falsely deny later that he sent the message, and this fact should be verifiable independently by an independent third-party without knowing too much about the content of the disputed message. This feature has important applications in the E-commerce domain, where it is common for users to send online messages authorizing the intended recipients of the messages to perform important actions on their behalf.

4. TLS And Handshake Protocol


TLS handshake protocol has a complex certificate management overhead and long handshake security. TLS ensure that security requirements for IP-based WSN. Transport layer security (TLS) has been identified as a good solution to ensure such security through handshake protocol. However, it is reliance on public-key cryptography and certificate use, TLS is considered too heavy-weight for highly constrained embedded devices like the WSN. TLS comprises two main components; handshake protocol and record protocol. It is responsible for negotiating and establishing secure connections, while the latter is responsible for securing data transmission. We present in figure1 the TLS protocol stack.

17

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

Change Cipher Spec

Alert Protocol

TLS handshake Protocol

TLS Record Protocol TCP(Transmission Control Protocol) IP(Internet Protocol)


Figure 4: Architecture of TLS protocol

TLS handshake protocol is the core of TLS protocol. During the establishment of a TLS session, handshake protocol negotiates security parameters, and agrees on necessary session keys to protect the communication traffic. Fig 5 presents the message flow for a full handshake.
Client ClientHellow serverHellow Server certificate Server key exchange Certificate request serverHellow done Client certificate Client key exchange Premaster secret Certificate verify changecipherspace Finished message Changecipher space Finished messge Premaster secret {Computer master secret} Server

{computer master secret}

Figure 5: Message flow for a full handshake

5. Secure Sockets Layer (SSL) Protocol


SSL is one of the most widely used security protocols on the Internet. It is implemented at the transport layer of the protocol stack.

Figure 6: Sequence of client-side operation for SSL session [29]

18

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

The basic security services of encryption, source authentication and integrity protection for data exchanged over underlying unprotected networks. The SSL protocol is typically layered on top of TCP/IP layers of the protocol and is either embedded in the protocol suite or is integrated with applications such as web browsers. The SSL protocol consists of two main layers, as shown in Fig. 6. The SSL record protocol provides the basic services of privacy and integrity to the higher-layer protocols. SSL handshake, SSL change cipher, and SSL alert. Let us now examine how the SSL record protocol is used to encrypt application data. The first step involves breaking the application data into smaller fragments. Each fragment is then compressed, if compression options are enabled. The next step involves computing a message authentication code (MAC), which facilitates message integrity. The compressed message plus MAC is then encrypted using a symmetric cipher. If the symmetric cipher is a block cipher, then a few padding bytes may be added. An SSL header is attached to complete the assembly of the SSL record. The header contains various fields, including the higher-layer protocol used to process the attached fragment.

5.1 Hash Function


Table 3 summarize the energy cost of commonly-used hash function algorithms. In general, hash algorithm are the least complex of the cryptographic algorithms and should intuitively incur the least energy cost. From Table 3, MD2 and HMAC are observed to be more compute-intensive than the rest of the hash algorithms. HMAC is a keyed hash, and as the bit-width of the key is increased from 0 (no key) to 128 bits, the energy cost varies by a very small amount.
Table 3:Energy Consumption Characteristics of Hash Functions
Algorithm MD2 MD4 MD5 SHA SHA1 HMAC

Energy (J/B)

4.12

0.52

0.59

0.75

0.76

1.16

. SHA and SHA1 are newer hash algorithms and have a larger number of steps than MD4 and MD5. Also, SHA and SHA1 are supposed to have better collision resistance, i.e., probability of two inputs mapping to the same hash value, than MD4 and MD5. These benefits of SHA (and SHA1) come at the cost of a slightly higher energy cost than MD4 and MD5.

6. Future Work
The use of ECC will decrease the storage requirements for the execution of different security protocols. The use of ECC with information compression technique will further reduce the storage requirements and it is highly recommended for implementing the protocol in real time environment and providing the performance result.

7. Conclusion
In this paper we study the various applications of ECC in open communication environments like cell phones, PDAs, sensor networks, mobile networks, Internet, Wi-Fi signature verification etc. the major benefits of ECC in wireless communication are low bandwidth implementation etc. The ECC is also used to provide securities in communication network by securing mails, web browsing, corporate network. The ECC is also used to secure many existing protocols like SSL/TLS and cyber security. In this work we examined several cryptography 19

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

algorithms such as Symmetric and Asymmetric. Asymmetric algorithms have the highest and least energy cost which dependent on the key size while that of Symmetric algorithm is not significantly affected by the key size.

8. References
[1] Miller, V.S., (1986), uses of elliptic curves in cryptography, in Advances in Cryptology, CRYPTO85, ser . Lecture Notes in Computer Science, vol. 218, Springer,. pp. 417-428. [2] Koblitz, N.,( Jan 1987). Elliptic curve cryptosystems, Mathematics of Compution, vol. 48, no.177, pp.203209. [3] http://www.cs.technion.ac.il/~biham/ [4]http://www.rsasecurity.com/rsalabs/faq/index.html [5] http://www.design-reuse.com/articles. [6] Cohen H , Gerhard Frey, Handbook of Elliptic and Hyper-elliptic curve Cryptography, Chapman & Hall CRC, NW, FL, 2006 [7] Certicom whitepaper, Remarks on the Security of the Elliptic Curve Cryptosystem. September 1997. [8]http://csrc.nist.gov/publications/fips/fips197/fips-197. [9] ] Hankerson, D., Menezes, A., and Vanstone, S.,(2004), Guide to Elliptic Curve Cryptography. Springer. [10] American Bankers Association. ANSI X9.62-1998: Public Key cryptography for the Financial Services Industry: the Elliptic Curve Digital Signature Algorithm (ECDSA),1999. [11]Certicom Research. Standards for efficient cryptography SEC 2: Recommended elliptic curve domain parameter. http://www.secg.org/collateral/sec2_final.pdf , September 2000. [12]W.Dai. Cryto++ library 5.5. http://www.cryptopp.com/,May 2007. [13] Aydos , M. , .Yanik, T and Kog, C.K., (October 2001). High-speed implementation of an ECC based wireless authentication protocol on an ARM microprocessor , IEE Proc Commun, Vol.148, No.5,pp.273-279. [14] Kristin Lauter, The Advantages of Elliptic Cryptography for Wireless Security , IEEE Wireless Communication , pp.62-67, Feb.2006. [15] Jiang ,Yi, Haoshan Shi, (2007) ., Cluster- Based Strategies for Public Key Authentication in Wireless Sensor Network[J].,Chinese Journal of Sensor and Actuators, vol20,no.6. [16]W A TRO R,et al. TinyPk:secuting sensor networks with public key technology.Proceeding of the 2nd ACM Workshop on security of Ad hoc and Sensor Network[C].New York, 2005. 135-142. [17]D Boneh, H Shacham Fast Variants of RSA[C].RSA LaboratoriesCrytobytes,2002,5(1):1-8. [18]Zinaida Benenson, Nils Gedicke , Ossi Raivio. Realizing Robust User Authentication in Sensor Network[C].Workshop on Real-World Wireless Sensor Network(REAL WSN),2005. 135-142. [19] L.Zhou and Z. Hass, Securing ad hoc network, IEEE Network Magazine 13(6) (1999) 24-30. 20

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

[20] Chris Karlof, David Wagner, Secure routing in wireless sensor networks: attacks and countermeasures, University of California at Berkeley, Berkeley, CA 94720, USA. [21] Krzyszto of Piotrowski, Peter Langendoerfer and Steffen Peter, IHP, Im Technologiepark 25. September 18, 2006. [22] Youan Xiao. The Study of Elliptic Curve Cryptography System[M]. Huazhong University of Science and Technology press, 2006:140-144. [23] Limin Sun, Jianzhong Li, Yu Chen. Wireless Sensor Network[M]. Tsinghua University Press, 2005. [24] WANG Wei-hong,LIN YU-bing, CHEN Tie-ming. The study and Applicationof Elliptic Curve Cryotography Library on Wireless Sensor Network. 2008 II th IEEE International Conference on Communication Technology Proceedings[C].

[25] G. Montenegro, N. Kushalnagar, D. E. Culler, and J. W. Hui,Transmission of IPv6 Packets over IEEE 802.15.4 Networks. Internet-Draft Version 13, IETF, April 2007. Networks, Vol. 8, No. 1, pp. 16-29. [26]Kyong Hoon, Extending adaptive ECC scheme for window-constrained realtime communications in wireless networks,Proceedings of the 4th IASTED International Multi-Conference on Wireless and Optical Communications, Banff, Canada,2004.686-691. [27] K.C. HO, and W. Xu, "An Accurate algebraic solution for moving source location using TDOA and FDOA measurements", IEEE Trans. Signal processing, vol.52, Issue 9, Sep 2004. [28]Wander, A.S., Gura, N., Eberle, H., Gupta, V., and Shantz, S.C."Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks", In proceedings of PerCom pp. 324-328, 2005. [29]. OpenSSL Project, http://www.openssl.org, 2001.

Biographies
Ganesh Chandra was born in Kanpur, India. He received the B.Tech. Degree in Computer Science and Engineering in 2009 from Dr. Ambedkar Institute of Technology for Handicapped, Kanpur, India. He is currently pursing M.Tech in Computer Science and Engineering at Kamla Nehru Institute of Technology, Sultanpur, U.P., India. His areas of interest in research are Operating System, Cryptography and Network Security. D.L.Gupta is currently working as an Assistant Professor in the Department of Computer Science & Engineering at KNIT, Sultanpur (U.P.) India. And he is also pursuing his Ph.D. in Computer Science & Engineering from Mewar University Chittorgarh (Rajasthan). He Received B.Tech. (1999) from Kamla Nehru Institute of Technology (KNIT) Sultanpur, in Computer Science & Engineering, M.Tech. Hons (2003) in Digital Electronics and systems from Kamla Nehru Institute of Technology (KNIT) Sultanpur.He has published about 5 papers in International journal of Computer Science.His research interests are Cryptography and Network Security, Software Quality Engineering, and Software Engineering. Dr. Anil Kumar Malviya is an Associate Professor in the Computer Science & Engg.Department at Kamla Nehru Institute of Technology, (KNIT), and Sultanpur. He received his B.Sc. & M.Sc. both in Computer Science from Banaras Hindu University, Varanasi respectively in 1991 and 1993 and Ph.D. degree in Computer Science from Dr. B.R. Ambedkar University; Agra in 2006.He is Life Member of CSI, India. He has published about 27 papers in International/National Journals, conferences and seminars. His research interests are Data

21

International Journal of Computational Intelligence and Information Security, January 2012 Vol 3, No. 1

mining, Software Engineering, Cryptography & Network Security.

Satyendra Singh was born in Bareilly, India. He received the B.Tech. Degree in Computer Science and Engineering in 2009 from Invertis Institute of Engg & Technology, Bareilly, India. He is currently pursing M.Tech in Computer Science and Engineering at Kamla Nehru Institute of Technology, Sultanpur, U.P., and India. His areas of interest in research are Cryptography and Network Security, AODV.

Vinod Kumar Yadav was born in Jaunpur, India. He received the B.Tech. Degree in Computer Science and Information Technology in 2008 from I.E.T., M.J.P. Rohilkhand University Bareilly, India. He is currently pursing M.Tech in Computer Science and Engineering at Kamla Nehru Institute of Technology, Sultanpur, U.P., and India. His areas of interest in research are Cryptography and Network Security, Database.

22