Search Results (47)

5G addresses user privacy concerns in cellular networking by encrypting a subscriber identifier with elliptic-curve-based encryption and then transmitting it as ciphertext known as a Subscriber Concealed Identifier (SUCI). However, an adversary equipped with a quantum computer can break a discrete-logarithm-based elliptic curve algorithm. Consequently, the user privacy in 5G is at stake against quantum attacks. In this paper, we study the incorporation of the post-quantum ciphers in the SUCI calculation both at the user equipment and at the core network, which involves the shared-key exchange and then using the resulting key for the ID encryption. We experiment on different hardware platforms to analyze the PQC key exchange and encryption using NIST-standardized CRYSTALS-Kyber (which is now called an ML-KEM after the standardization selection by NIST). Our analyses focus on the performances and compare the Kyber-based key exchange and encryption with the current (pre-quantum) elliptic curve Diffie–Hellman (ECDH). The performance analyses are critical because mobile networking involves resource-limited and battery-operating mobile devices. We measure and analyze not only the time and CPU-processing performances but also the energy and power performances. Our analyses show that Kyber-512 is the most efficient and even has better performance (i.e., faster computations and lower energy consumption) than ECDH. Full article

The emergence of quantum computing and Shor’s algorithm necessitates an imminent shift from current public key cryptography techniques to post-quantum-robust techniques. The NIST has responded by standardising Post-Quantum Cryptography (PQC) algorithms, with ML-KEM (FIPS-203) slated to replace ECDH (Elliptic Curve Diffie-Hellman) for key exchange. A key practical concern for PQC adoption is energy consumption. This paper introduces a new framework for measuring PQC energy consumption on a Raspberry Pi when performing key generation. The framework uses both the available traditional methods and the newly standardised ML-KEM algorithm via the commonly utilised OpenSSL library. Full article

In trans-border data (data transferred or accessed across national jurisdictions) exchange scenarios, identity authentication mechanisms serve as critical components for ensuring data security and privacy protection, with their effectiveness directly impacting the compliance and reliability of transnational operations. However, existing identity authentication systems face multiple challenges in trans-border contexts. Firstly, the transnational transfer of identity data struggles to meet the varying data-compliance requirements across different jurisdictions. Secondly, centralized authentication architectures exhibit vulnerabilities in trust chains, where single points of failure may lead to systemic risks. Thirdly, the inefficiency of certificate verification in traditional Public Key Infrastructure (PKI) systems fails to meet the real-time response demands of globalized business operations. These limitations severely constrain real-time identity verification in international business scenarios. To address these issues, this study proposes a trans-border distributed certificate-free identity authentication framework (STALE). The methodology adopts three key innovations. Firstly, it utilizes email addresses as unique user identifiers combined with a Certificateless Public Key Cryptography (CL-PKC) system for key distribution, eliminating both single-point dependency on traditional Certificate Authorities (CAs) and the key escrow issues inherent in Identity-Based Cryptography (IBC). Secondly, an enhanced Elliptic Curve Diffie–Hellman (ECDH) key-exchange protocol is introduced, employing forward-secure session key negotiation to significantly improve communication security in trans-border network environments. Finally, a distributed identity ledger is implemented, using the FISCO BCOS blockchain, enabling decentralized storage and verification of identity information while ensuring data immutability, full traceability, and General Data Protection Regulation (GDPR) compliance. Our experimental results demonstrate that the proposed method exhibits significant advantages in authentication efficiency, communication overhead, and computational cost compared to existing solutions. Full article

The development of Vehicle AD Hoc Networks (VANETs) has significantly enhanced the efficiency of intelligent transportation systems. Through real-time communication between vehicles and roadside units (RSUs), the immediate sharing of traffic information has been achieved. However, challenges such as network congestion, data privacy, and low computing efficiency still exist. Data privacy is at risk of leakage due to the sensitivity of vehicle information, especially in a resource-constrained vehicle environment, where computing efficiency becomes a bottleneck restricting the development of VANETs. To address these challenges, this paper proposes a certificateless aggregated signcryption scheme based on edge computing. This scheme integrates online/offline encryption (OOE) technology and a pseudonym mechanism. It not only solves the problem of key escrow, generating part of the private key through collaboration between the user and the Key Generation Center (KGC), but also uses pseudonyms to protect the real identities of the vehicle and RSU, effectively preventing privacy leakage. This scheme eliminates bilinear pairing operations, significantly improves efficiency, and supports conditional traceability and revocation of malicious vehicles while maintaining anonymity. The completeness analysis shows that under the assumptions of calculating the Diffie–Hellman (CDH) and elliptic curve discrete logarithm problem (ECDLP), this scheme can meet the requirements of IND-CCA2 confidentiality and EUF-CMA non-forgeability. The performance evaluation further confirmed that, compared with the existing schemes, this scheme performed well in both computing and communication costs and was highly suitable for the resource-constrained VANET environment. Full article

The increasing interconnectivity of devices on the Internet of Things (IoT) introduces significant security challenges, particularly around authentication and data management. Traditional centralized approaches are not sufficient to address these risks, requiring more robust and decentralized solutions. This paper presents a decentralized authentication protocol leveraging blockchain technology and the IPFS data management framework to provide secure and real-time communication between IoT devices. Using the Ethereum blockchain, smart contracts, elliptic curve cryptography, and ASCON encryption, the proposed protocol ensures the confidentiality, integrity, and availability of sensitive IoT data. The mutual authentication process involves the use of asymmetric key pairs, public key registration on the blockchain, and the Diffie–Hellman key exchange algorithm to establish a shared secret that, combined with a unique identifier, enables secure device verification. Additionally, IPFS is used for secure data storage, with the content identifier (CID) encrypted using ASCON and integrated into the blockchain for traceability and authentication. This integrated approach addresses current IoT security challenges and provides a solid foundation for future applications in decentralized IoT environments. Full article

Ensuring secure communication for mobile patients in e-healthcare requires an efficient and robust key distribution mechanism. This study introduces a novel hierarchical key distribution architecture inspired by federated learning (FL), enabling seamless authentication for patients moving across different healthcare centers. Unlike existing approaches, the proposed system allows a central healthcare authority to share global security parameters with subordinate units, which then combine these with their own local parameters to generate and distribute symmetric keys to mobile patients. This FL-inspired method ensures that patients only need to store a single key, significantly reducing storage overhead while maintaining security. The architecture was rigorously evaluated using SPAN-AVISPA for formal security verification and BAN logic for authentication protocol analysis. Performance metrics—including storage, computation, and communication costs—were assessed, demonstrating that the system minimizes the computational load and reduces the number of exchanged messages during authentication compared to traditional methods. By leveraging FL principles, the solution enhances scalability and efficiency, particularly in dynamic healthcare environments where patients frequently switch between facilities. This work bridges a critical gap in e-healthcare security, offering a lightweight, scalable, and secure key distribution framework tailored for mobile patient authentication. Full article

The growing adoption of smart grid systems presents significant advancements in the efficiency of energy distribution, along with enhanced monitoring and control capabilities. However, the interconnected and distributed nature of these systems also introduces critical security vulnerabilities that must be addressed. This study proposes a secure communication protocol specifically designed for smart grid environments, focusing on authentication, secret key establishment, symmetric encryption, and hash-based message authentication to provide confidentiality and integrity for communication in smart grid environments. The proposed protocol employs the Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, Elliptic Curve Diffie–Hellman (ECDH) for secure key exchange, and Advanced Encryption Standard 256 (AES-256) encryption to protect data transmissions. The protocol follows a structured sequence: (1) authentication—verifying smart grid devices using digital signatures; (2) key establishment—generating and securely exchanging cryptographic keys; and (3) secure communication—encrypting and transmitting/receiving data. An experimental framework has been established to evaluate the protocol’s performance under realistic operational conditions, assessing metrics such as time, throughput, power, and failure recovery. The experimental results show that the protocol completes one server–client request in 3.469 ms for a desktop client and 41.14 ms for a microcontroller client and achieves a throughput of 288.27 requests/s and 24.30 requests/s, respectively. Furthermore, the average power consumed by the protocol is 37.77 watts. The results also show that the proposed protocol is able to recover from transient network disruptions and sustain secure communication. Full article

The rapid advancement of quantum computing technology poses a significant threat to conventional public key cryptographic infrastructure. The SM2 (state key cryptography algorithm no. 2) elliptic curve public key cryptographic algorithm, which adopts elliptic curve cryptography, has demonstrated strong resistance to quantum attacks. However, existing signcryption schemes remain vulnerable due to their reliance on a single certification authority (CA) managing all keys. The cryptography fundamental logics (CFL) authentication process eliminates the need for third-party involvement, achieving decentralized authentication and reducing the burden on certificate generation centers. Therefore, a decentralized signcryption scheme based on CFL was proposed using the SM2 national cryptographic algorithm. Unlike traditional signcryption schemes, this approach does not depend on the certification authority’s private key during the public–private key generation process. This innovation helps avoid risks associated with certification authority private key leakage and ensures decentralized characteristics. The proposed scheme was rigorously verified under the random oracle model (ROM) and based on the complexity assumption of the elliptic curve Diffie–Hellman (ECDH) problem. The theoretical analysis and experimental results demonstrate that compared to traditional methods, the proposed scheme exhibits higher efficiency in communication and computation. Specifically, the proposed scheme reduces computational overheads by approximately 30% and communication overheads by approximately 20% in practical working environments. These quantitative improvements highlight the scheme’s promising application prospects and practical value. Full article

Elliptic Curve Cryptography (ECC) is a technology based on the arithmetic of elliptic curves used to build strong and efficient cryptosystems and infrastructures. Several ECC systems, such as the Diffie–Hellman key exchange and the Elliptic Curve Digital Signature Algorithm, are deployed in real-life applications to enhance the security and efficiency of digital transactions. ECC has gained even more importance since the introduction of Bitcoin, the peer-to-peer electronic cash system, by Satoshi Nakamoto in 2008. In parallel, the integration of artificial intelligence, particularly machine learning, in various applications has increased the demand for robust cryptographic systems to ensure safety and security. In this paper, we present an overview of machine learning and Elliptic Curve Cryptography algorithms. We begin with a detailed review of the main ECC systems and evaluate their efficiency and security. Subsequently, we investigate potential applications of machine learning-based techniques to enhance the security and performance of ECC. This study includes the generation of optimal parameters for ECC systems using machine learning algorithms. Full article

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT’s security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes. Full article

In today’s advanced network and digital age, the Internet of Things network is experiencing a significant growing trend and, due to its wide range of services and network coverage, has been able to take a special place in today’s technology era. Among the applications that can be mentioned for this network are the field of electronic health, smart residential complexes, and a wide level of connections that have connected the inner-city infrastructure in a complex way to make it smart. The notable and critical issue that exists in this network is the extent of the elements that make up the network and, due to this, the strong and massive data exchanges at the network level. With the increasing deployment of the Internet of Things, a wide range of challenges arise, especially in the discussion of establishing network security. Regarding security concerns, ensuring the confidentiality of the data being exchanged in the network, maintaining the privacy of the network nodes, protecting the identity of the network nodes, and finally implementing the security policies required to deal with a wide range of network cyber threats are of great importance. A fundamental element in the security of IoT networks is the authentication process, wherein nodes are required to validate each other’s identities to ensure the establishment of secure communication channels. Through the enforcement of security prerequisites, in this study, we suggested a security protocol focused on reinforcing security characteristics and safeguarding IoT nodes. By utilizing the security features provided by Elliptic Curve Cryptography (ECC) and employing the Elliptic Curve Diffie–Hellman (ECDH) key-exchange mechanism, we designed a protocol for authenticating nodes and establishing encryption keys for every communication session within the Internet of Things. To substantiate the effectiveness and resilience of our proposed protocol in withstanding attacks and network vulnerabilities, we conducted evaluations utilizing both formal and informal means. Furthermore, our results demonstrate that the protocol is characterized by low computational and communication demands, which makes it especially well-suited for IoT nodes operating under resource constraints. Full article

With the rapid development of the Internet of Vehicles (IoV), the demand for secure and efficient signature verification is becoming increasingly urgent. To meet this need, we propose an efficient SM9 aggregate signature scheme implemented on Field-Programmable Gate Array (FPGA). The scheme includes both fault-tolerant and non-fault-tolerant aggregate signature modes, which are designed to address challenges in various network environments. We provide security proofs for these two signature verification modes based on a K-ary Computational Additive Diffie–Hellman (K-CAA) difficult problem. To handle the numerous parallelizable elliptic curve point multiplication operations required during verification, we utilize FPGA’s parallel processing capabilities to design an efficient parallel point multiplication architecture. By the Montgomery point multiplication algorithm and the Barrett modular reduction algorithm, we optimize the single-point multiplication computation unit, achieving a point multiplication speed of 70776 times per second. Finally, the overall scheme was simulated and analyzed on an FPGA platform. The experimental results and analysis indicate that under error-free conditions, the proposed non-fault-tolerant aggregate mode reduces the verification time by up to 97.1% compared to other schemes. In fault-tolerant conditions, the proposed fault-tolerant aggregate mode reduces the verification time by up to 77.2% compared to other schemes. When compared to other fault-tolerant aggregate schemes, its verification time is only 28.9% of their consumption, and even in the non-fault-tolerant aggregate mode, the verification time is reduced by at least 39.1%. Therefore, the proposed scheme demonstrates significant advantages in both error-free and fault-tolerant scenarios. Full article

In the era of ubiquitous connectivity facilitated by the Internet of Things (IoT), ensuring robust security mechanisms for communication channels among resource-constrained devices has become imperative. Elliptic curve Diffie–Hellman (ECDH) key exchange offers strong security assurances and computational efficiency. This paper investigates the challenges and opportunities of deploying ECDH key exchange protocols on resource-constrained IoT devices. We review the fundamentals of ECDH and explore optimization techniques tailored to the limitations of embedded systems, including memory constraints, processing power, and energy efficiency. We optimize the implementation of five elliptic curves and compare them using experimental results. Our experiments focus on electronic control units and sensors in vehicular networks. The findings provide valuable insights for IoT developers, researchers, and industry stakeholders striving to enhance the security posture of embedded IoT systems while maintaining efficiency. Full article

Unmanned aerial vehicles (UAVs) play a critical role in various fields, including logistics, agriculture, and rescue operations. Effective identity authentication and key agreement schemes are vital for UAV networks to combat threats. Current schemes often employ algorithms like elliptic curve cryptography (ECC) and Rivest–Shamir–Adleman (RSA), which are vulnerable to quantum attacks. To address this issue, we propose LIGKYX, a novel scheme combining the quantum-resistant Kyber algorithm with the hash-based message authentication code (HMAC) for enhanced security and efficiency. This scheme enables the mutual authentication between UAVs and ground stations and supports secure session key establishment protocols. Additionally, it facilitates robust authentication and key agreement among UAVs through control stations, addressing the critical challenge of quantum-resistant security in UAV networks. The proposed LIGKYX scheme operates based on the Kyber algorithm and elliptic curve Diffie–Hellman (ECDH) key exchange protocol, employing the HMAC and pre-computation techniques. Furthermore, a formal verification tool validated the security of LIGKYX under the Dolev–Yao threat model. Comparative analyses on security properties, communication overhead, and computational overhead indicate that LIGKYX not only matches or exceeds existing schemes but also uniquely counters quantum attacks effectively, ensuring the security of UAV communication networks with a lower time overhead for authentication and communication. Full article

To ensure the security of sensitive data, elliptic curve cryptography (ECC) is adopted as an asymmetric method that balances security and efficiency. Nevertheless, embedding messages into elliptic curve (EC) points poses a significant challenge. The intricacies of this process can greatly affect the overall security and efficiency of the cryptosystem, reflecting security vulnerabilities observed in many existing schemes that utilize ElGamal ECC-based encryption. In this paper, we introduce an innovative hash-based technique for securely embedding messages into EC points before encryption. A random parameter and a shared secret point generated through the EC Diffie–Hellman protocol are used to bolster the scheme’s security. The security of the proposed method is evaluated against various attack models; moreover, the complexity, and sensitivity of the encryption scheme, as well as its inputs, are analyzed. The randomness assessment of the ciphertext was performed using the NIST statistical test suite. Additionally, we propose a mechanism to ensure the integrity of the message by securely appending a tag to the ciphertext. As a consequence, a comprehensive analysis of our scheme demonstrates its effectiveness in maintaining data security and integrity against various attack models. The algorithm also meets more criteria such as the strict avalanche criterion, linear complexity, and operability. Full article