A Robust and Hybrid Cryptosystem for Identity Authentication

: With the progressive development of a wide range of applications, interconnect things and internet of things (IoT) became an imperative required trend by industries and academicians. became a base infrastructure for remote access or control depending on internet protocol (IP) networks, especially after the COVID-19 pandemic. The huge application domain’s infrastructure, which depends on IoT, requires a trusted connection to guarantee security and privacy while trans-ferring data. This paper proposes a hybrid identity authentication pipeline that integrates three schemes, namely, an elliptic curve cryptography (ECC) scheme is integrated with the Ong, Schnorr, and Shamir (OSS) signature scheme and chaotic maps. The latter satisﬁes both security and guarantee criteria. The novelty of the proposal is in using chaotic mapping and a cyclic group to deduce a substitution box (S-Box) and a reversible matrix as a portion of the OSS signature equation. The ECC-based security part is an efﬁcient public key cryptography mechanism with less computational cost, which makes it the most convenient to be used in IoT devices for authentication and privacy. The strength of the proposed scheme relies on combining the discrete logarithm problem (DLP) and integer factorization problem (IFP). The proposed approach was simulated using Lab-View and compared with other state-of-the art schemes. Extensive simulation results and analysis of the security and time rendering results conﬁrmed its durability against different types of attacks, such as linear and differential attacks.


Introduction
In recent years, remote access technology and device control have become an imperative requirement. Particularly, this is evident nowadays due to the increased spread of the coronavirus pandemic (COVID- 19), which necessitated the imposition of some restrictions, including mandatory social distancing in many countries. Therefore, it became clear how developing remote access communication technology is of immense importance depending on the Internet service, especially research in improving the technology of the Internet of things (IoT). The IoT is the technology to assemble devices that need to be monitored, linked, and interacted [1]. IoT is associated with great prospects of physical objects with the cyber world, such as healthcare devices, intelligent transportation systems, home appliances, sensors, and environmental monitoring [2]. Connected devices to the IoT are exponentially increasing [3], which add more security challenges that must be taken into consideration [4]. Cryptosystems based on asymmetric keys play vital roles in the security of diverse communication systems. Cryptanalysis techniques motivate researchers to develop novel signature schemes to dominate the growth in security attacks [5]. The financial field of Bitcoin has become one of the most required research areas for security from cyber-attacks. The blockchain concept succeeded in achieving that, as it provides reliable and secure decentralized solutions [6]. The elliptic curve cryptography (ECC)-based digital signature algorithm (DSA) is used for data signature and verification in wireless devices. Identity-based authentication and access control in wireless network devices help to protect from illegitimate access and preserve the security issues of the wireless nodes [7]. DSA is a robust tool in data authentication and privacy. Since the emergence of public key cryptography in 1970, many schemes have been developed, such as the efficient ECC technique [8]. The cyclic group of order p was also developed, which is isomorphic to the additive group of ((Z/pZ) * ,.), where Z is the set of all integers, and p is a prime number.
The ECC algorithm has demonstrated a considerable effectiveness on public key cryptography [9]; as a result, an efficient digital signature approach was proposed in [10]. The strength of the scheme in [10] is its dependence on the discrete logarithm problem (DLP). On the contrary, traditional schemes are challenged by more complicated and effective attacks. This paved the way for the robust security schemes previously represented, while the era of the traditional techniques is expired [11].
To ensure a strong and efficient cryptosystem, it is necessary to achieve Shannon properties, where the permutation process is an important operation. Logistic mapping and cyclic groups are very important steps to ensure the randomness of performance. However, for a robust algorithm that can withstand different attacks, it is important to achieve confusion and diffusion properties [12]. Another goal, in addition to robustness, is to minimize execution time to be applicable in real-time applications. Logistic mapping and cyclic groups are used to generate S-Box, which is important to guarantee the cryptographic strength, such as nonlinearity, bijection, strict avalanche criterion, output bits independence criterion (BIC), and equiprobable input/output XOR distribution [13].
This work proposes a novel signature scheme based on the integration of the ECC algorithm with the Ong-Schnorr-Shamir (OSS) scheme. The robustness of the proposed approach relies on using a reversible key matrix of 4×4 as a portion of the OSS signature equation with decoding modification on ECC algorithm. This consolidation increases the degree of complexity and thus increases the confidentiality of the data. To prove the novelty and credibility of the presented technique, the new scheme was tested and demonstrated robustness against other approaches.
The rest of this manuscript is sequenced as follows. Section 2 introduces the previous work related to the proposed pipeline. Section 3 details the proposed methodology and the employed schemes (i.e., the ECC and the OSS signature schemes). Section 4 outlines the details of the proposed OSS-ECC digital signature technique. Robustness measures of the proposed scheme are demonstrated and discussed in Section 5, and conclusions are given is Section 6.

Related Work
Many institutions, including the US government, rely on elliptic curve (EC) technology to encrypt their data, as it is a multi-factor robust authentication and encryption technique [14]. Khatoon et al. [15] proposed an efficient and secure, bilinear pairing-based mutual authentication and key agreement protocol based on elliptic curve cryptography hardness for healthcare applications. Nikooghadam and Amintoosi [16] demonstrated the weaknesses of the protocol in [15], as it is vulnerable to known session-specific temporary information attack and is not able to provide perfect forward secrecy. Rahim et al. [17] applied the Ong-Schnorr-Shamir (OSS) subliminal channel scheme in securing data communication, which is a cryptographic method and supports verification based on the OSS digital signature scheme. Depending on OSS, as the basic signature algorithm is no longer possible, Pollard and Schnorr [18] presented an efficacious solution to solve the quadratic equation x 2 + ky 2 = m mod n. Their technique succeeded in obtaining the signature without any knowledge about the private key. This would be a critical point if we decided to depend on the OSS scheme for authentication. So, the authentication scheme proposed in [18] has shown more robustness and reliability in data security than in previous works.
Recently, Biswas [19] introduced an alternative approach to realize better privacy and lower decentralized identifiers by implementing ring signatures for anonymous authentication. Their approach was implemented based on an android phone with real data, and the signature was designed using the combination of Curve25519 and SHA-512 hashing algorithms. The generation and verification consumed time was 0.875 and 1.06 msec, respectively. An authentication model, called the tree of trust (VTT), for use in IoT was presented by Shingala [20]. The VTT aimed to provide embedded device-friendly entity authentication and limit the trust peripheries. Based on an embedded platform, the public key identifier was evaluated based on the ability of the elliptic curve digital signature algorithm (ECDSA) to verify and SHA-256 digest operations. Chen et al. [21] proposed an authentication scheme applying authenticating identity-based cryptography to protect an entire system from the compromised machine-to-machine service provider (MSP). In their scheme, partial secrets are stored in MSP to prevent it from endangering the whole system.

Methodology
The proposed security scheme is based on the integration of (i) the ECC algorithm, (ii) chaotic maps, and (iii) the OSS digital signature algorithm. An overview of the main components of the proposed system is given in the following subsections.

Elliptic Curve Cryptosystem (ECC)
The elliptic curve cryptosystem, or ECC, provides most of the significant features when compared with other public key algorithms [22]. With fewer mathematics, small key length, and less storage space, the ECC presents an adequate level of data security. This has led researchers to consider ECC as a lightweight authentication scheme in many IoT applications [23][24][25]. Currently, it is the security backbone for many applications and systems, such as mobile devices and network protocols [26,27]. Mathematically, the ECC can be defined using the Weierstrass equation as: where (x, y) ∈ Z p is the set of all integers; p is a prime number >3; and a and b ∈ Zp are subject to 4a 3 + 27b 2 = 0 mod p The EC group, or E(Z p ), contains all points satisfying Equation (1) and the point at the infinity O [28]. In the literature, there are many curves introduced for ECC; see Figure 1. There are two fundamental mathematical point operations for the ECC algorithm: addition and multiplication. Scalar multiplication consists of point summation and dou-bling [30]. Figure 2 shows both operations. As demonstrated in the figure, two points are used, P = (x 1 , y 1 ) and Q = (x 2 , y 2 ), and the summation point R = (x 3 , y 3 ) can be estimated in two different scenarios: (1) If P > Q: R = P + Q, which can be calculated by drawing a line passing through P and Q, then R is the mirror point of the third intersection point (R ), as shown in Figure 2a.
(2) If P = Q: R = 2Q, which can be estimated by drawing a tangent line through Q, then the doubling point R is the mirror point of the second intersection point, as clarified in Figure 2b. where and ECC computations depend on the nature that they are defined for, which can be finite field operations, EC group operations, or curve operations. Figure 3 shows the differences between these computations.

OSS Signature Scheme
Rapidity and guarantee are prime features in any authorized signature scheme. Any technique that satisfies those two features will be realizable and effective in many fields. Ong, Schnorr, and Shamir designed an effective scheme that is based on a functional quadratic equation [31]. Their scheme has an importance advantage of providing speedy signature generation and verification, while requiring only a single inversion and two modular multiplications. However, three multiplications are needed for validation.
The robustness of the OSS is in its underlying mathematical equation: x 2 + ky 2 = m mod n, which is hard to solve. Here, m represents the original message, k is the public key, and n is derived from Euler's theorem [32]. Figure 4 illustrates the OSS scheme's flowchart. The receiver (interrogator) checks correctness of the previous formula using the received pair (x, y) generated at the receiver. The computation of w −1 (mod n) and k = w 2 (mod n), where k, n, and w are the public key and w −1 is the private key, is illustrated at Figure 4.

Logistic Map and Cyclic Group
The third scheme that is utilized in our system is chaotic maps. Chaotic systems are strong tools to select random numbers. They have desirable features, such as ergodicity, complex structural, high randomness, and mixing, according to the following equation: where x(n) is the initial condition, and λ is the system parameter that is used as a key [33]. The above map is chaotic when 3.9 < λ < 4.0. If every element in a given group (G) can be represented as a power α r (r is integer) of a fixed element α ∈ G, then G is said to be a cyclic group. Here, α is known as the generator of group, which can be finite or infinite [34]: α r modulo p; here, r ∈ [1, p − 1] and p is a prime number. By considering p = 17, each number in {3, 5, 6, 7,10, 11, 12, 14} is said to be a generator.
According to the cyclic group theory, it can be noticed that the prime number 257 has 128 generators, and we can choose between them. A chaotic equation is used to choose randomly between the 128 generators, and the seed number for this chaotic equation is considered as the key. Table 1 contains the 128 generators of 257.  3  5  6  7  10  12  14  19  20  24  27  28  33  37  38  39  40  41  43  45  47  48  51  53  54  55  56  63  65  66  69  71  74  75  76  77  78  80  82  83  85  86  87  90  91  93  94  96  97  101  102  103  105  106  107  108  125  109  110  112  115  119  126  127  130  131  132  138  142  145  147  148  149  150  151  152  154  155  156  160  161  163  164  166  167  170  171  172  174  175  177  179  180  181  182  183  186  188 Figure 5 presents the flowchart of the proposed data signature. The interrogator sends data to the transponder, which are the S-Box output with EC parameters and the public key. The transponder receives the data and performs inverse S-Box to obtain the message "m" and uses the public key and EC parameters to calculate "t". Using t and m, the transponder generates the signature x, y and sends it to the interrogator, which verifies the signature of the transponder and produces m. As mentioned above, the proposed pipeline utilizes three hybrid authentication schemes: the ECC algorithm, chaotic maps, and the OSS digital signature algorithm. The robustness of the proposed technique depends on the hardness of the ECDLP and the modifications using chaotic mapping and cyclic groups. The integration of those three schemes is intended to increase the privacy and makes it more efficient than traditional authentication schemes. Additionally, the signature generation became faster than before and the inverse of the key matrix became unnecessary.

Substitution-Box (S-Box) Construction
Substitution-Box (S-Box) is an important concern in constructing any secure cryptosystem. S-Boxes are used to provide diffusion and confusion [35]. Various work has been proposed in the literature. For example, Ruming et al. [36] proposed an S-box that depended on the iteration of continuous chaotic maps. Their key-dependent S-box was constructed with the logistic map. Guo et al. [37] presented an extended method for designing S-Box based on three-dimensional chaotic Baker maps. This depends on obtaining strong 8 × 8 S-boxes. Three-dimensional chaotic Baker maps present an intensive chaotic character in addition to resist several attacks. In this paper, an 8-bit input/output S-box was constructed based on the cyclic group. Unlike previous work, it is a 16 × 16 S-box. Table 1 presents all possible generators for prime number 257, which was used to construct the required S-Box based on Equation (8) of the 2D logistic equation.

Random Choice
In this process, one random generator (RNG, α) is chosen from Table 1, which is used to construct the required S-Box, by using the 2D logistic equation to select the random generator as follows: x (n + 1) = [λx(n) (1 − x(n)) Modulo 128] + 1 (8) where x(n) is the initial (integer number) condition, and λ is the system parameter, which works as the secret key. The map is chaotic for 3.9 < λ < 4.0, which is used as a key. The S-Box of each round is computed by calculating the cyclic group of the generator using: where r ∈ [1,256]. The substitution process is based on replacing the 8-bit input with the "location of the similar 8 bits from the cyclic group-1". The inverse of the substitution process relies on computing: The resulted data output is the same as the original data input. Figure 6 presents the cyclic group outputs with length 256. This process is simulated using Lab-View, and the results are organized as shown.

Signature Generation and Verification
The interrogator (User A) shares information from the ECDSA with the transponder (User B). Information that is shared is {a, b, G, p}, where a and b are the coefficients of the ECC mentioned in (1), G is the generator basepoint, and p is the prime number equal to n = [P × Q], which is the Rivest, Shamir, and Adleman (RSA) moduli. Both interrogator and transponder select their private key {n A , n B } randomly from the interval [1, p − 1]. Equation (11) shows the generation of the interrogator's public key.
The transponder uses the interrogator's public key to generate the key pair (KP) matrix to generate the initial key V I = (x, y), by multiplying its private key by the public key of the interrogator. KP = n B ·P A = n B ·n A ·G = (x, y) where Now, the transponder (User B) uses the resulted KP matrix to generate a reversible matrix "t", where t = t −1 . Then, the inverse of the KP matrix is not needed. The reversible matrix "t" is a 4 × 4 matrix that is generated as follows: The proposed technique considers that V A equals where m is the message to be signed, w is the random integer with a range 1 to p − 1, and t is the reversible matrix, so that the great common divisor or GCD (t, n) =1. The signature {x, y} must be sent back to the interrogator, which must test whether A simulation of the proposed system with Lab-View is demonstrated in Figure 7. The processes can be summarized as follows:

1.
Transponder and interrogator agree on parameters of the elliptic curve function; 2.
The transponder sends a signal with digital signature to interrogator; 3.
Interrogator verifies the signature.

Experimental Results and Discussion
The quantitative/qualitative performance evaluation of both the traditional and proposed technique could be measured using various parameters, including (i) timing analysis, (ii) security analysis, and (iii) robustness to security attacks. In particular, timing analysis is among the critical points in any digital signature's schemes, namely, the encryption speed plays a vital role in real-time applications. The longer the encryption/decryption process is, the less suitable the method for some applications, such as video conferencing and live streaming. Thus, a comparison of the execution time of the proposed scheme and different digital signature schemes (signature generation) was conducted. Figure 8 summarizes the comparison with the approach proposed by Al-Sewadi et al. [36], where their authentication algorithm based on NIST-DSA is performed. As readily seen in the figure, the resulting data highlight the high speed of applying the ECC with the OSS scheme with a key length of 1024. However, the proposed method is slightly faster than OSS-ECC as an additional level of S-Box is added to the total processing time. It is worth mentioning that for the RSA algorithm to achieve the same level of security as the ECC technique, it basically requires an increased key length. Although RSA introduces simple computations, the ECC depends on DLP with a lesser key length [37]. Table 2 summarizes the comparative results between RSA, OSS-ECC, and the modified OSS-ECC in signature computation time with respect to key length, which achieved the same security level for all compared schemes. Moreover, Table 2 shows the signature time between RSA, OSS-ECC, and modified OSS-ECC. It is clear that the proposed modification cost is slightly higher than OSS-ECC, as an additional step of S-box and reversible matrix is added to the traditional OSS-ECC scheme. Table 3 summarizes the performance comparison between RSA, EC-DSA, OSS-ECC, and the proposed digital signature. As can be seen, the OSS-ECC and the modified OSS-ECC have the best performance.  [32]. Note that "RSA", "DSA", "OSS", and ""ECC" stand for Rivest, Shamir and Adleman; digital signature algorithm, Ong, Schnorr, and Shamir; and elliptic curve cryptography, respectively. Table 2. Signature generation computational cost (in milliseconds) of different signature schemes and the proposed scheme. Note that "RSA", "DSA", "OSS", and ""ECC" stand for Rivest, Shamir and Adleman; digital signature algorithm, Ong, Schnorr, and Shamir; and elliptic curve cryptography, respectively. In addition to the timing analysis, the strength of the proposed S-Box was measured using two strong cryptanalytic attacks: differential and linear attacks. Typically, differential cryptanalysis aims to detect the "difference" between related encrypted plaintexts. The plaintexts may vary by a few bits. It attacks depending on a chosen plaintext: the attacker chooses the plaintext to be encrypted without the key, and then encrypts the related plaintexts [38]. The difference distribution tables of cyclic group sub-bytes were constructed, a worst case assumption was made in our consideration, which has a probability of 22/256 with input data difference ∆X = {0, 1, 1, 1, 1, 0, 0, 0}, as illustrated in Table 4, except the cases of a one bit input/output difference, which are considered to be impossible (probability is zero). On the other hand, linear cryptanalysis exploits the high probability occurrences in bits of plaintext, ciphertext, and sub-key [39]. Such an expression takes the form:

RSA (OSS-ECC) DSA
where x represents the input x = [x 1 , x 2 . . . ] and y represents corresponding output y = [y 1 , y 2 . . . ]. Equation (18) represents the exclusive-OR "sum" of u input bits and v output bits [40]. If the scheme shows a tendency to hold with high probability or not for Equation (18), this illustrates failure in randomization abilities [41,42]. The main factor that assesses the efficiency of the scheme is the linear probability bias, which is the amount of probability of a linear expression deviating from 1 2 . The higher the magnitude of the probability bias, | 1 2 ± P L |, the worse the security is [36]. In linear cryptanalysis, the relations between two bits of cyclic group sub-bytes can be found; the probability ( 1 2 ± P) of these relations is restricted by 1 2 ± 24 256 , as illustrated in Algorithm 1.  Finally, the performance of the proposed technique can be evaluated by its robustness to security attacks, such as (i) brute-force, (ii) password sniffing, (iii) man-in-the-middle, and (iv) replay attacks. The former is the most popular public key attack, which tries to derive the private key from the know public key [43]. A given system is said to be secured against this type of attack if its key length is ≥70 bits with a probability of 2 70 [44]. In the proposed scheme, the key length is considered to be the summation of the ECC key length with a probability of 2 163 bits in addition to 2 7 generators of the proposed S-Box. Thus, the robustness of the proposed scheme implies that if a third party has the main parameters of EC function, {a, b, p, G} and {P A , k}, which are the public keys, it is not possible to estimate the signature {x, y} using trial and error with a probability of 2 (163+7) bits. Second, the password sniffing attack eavesdrops the network to intercept keys or passwords by capturing passing data. Attackers analyze data to predict keys. Encryption algorithms are the best way to be resilient against sniffing attack. The proposed scheme basically depends on the ECC, which works as a firewall against that types of attack.
Third, Pollard and Schnorr [18] succeeded in forging the signature without solving the quadratic equation. Their scheme approves its strength, as the signatures x and y are a 4 × 4 matrix with a large key length, which makes it hard to estimate. If a third party tried to estimate the second part of signature y where the attacker intercepts and/or modifies the data in transit, a constant value of x could be assumed. Here is a quadratic equation with a complex term. It is hard to calculate the square root to obtain y, while estimating x and fixing the second part y equals factoring n. Such quadratic equation is difficult to solve, which can be explained in the following algorithm (Algorithm 1): Last, in replay attacks, the attackers try to intercept and record the plaintext. The captured data are used another time to try and recreate authentication. The hybrid ECC is used in the declared scheme, as the main parameters a, b, p, and G are generated randomly for each iteration, i.e., it has completely different signatures in each round. Therefore, the modified ECC-OSS approved its strength against this type of attack.

Conclusions
A hybrid scheme of an elliptic curve cryptosystem with a modified digital signature scheme was presented in this paper. A logistic map was used to produce the S-Box in addition to a reversible matrix as a portion of the OSS signature equation. The goal was to propose a robust scheme with minimal execution time. The illustrated results documented the robustness and efficiency of our technique against cryptanalysis in terms of implementation and security standardization. However, it requires a slightly longer processing time than DSA without S-Box due to the added complexity of combining the integer factorization problem and discrete logarithm problem. Moreover, the proposed scheme has a high immunity to resist the differential cryptanalysis. This scheme is comparable to existing, related schemes; it is also applicable to resource constrained devices, such as IoT network devices.

Data Availability Statement:
The data presented in this study are available within the article.

Conflicts of Interest:
The authors declare no conflict of interest.