Design and Implementation of Certificateless Cryptography for IoT Applications
This work introduces a cryptographic module for IoT devices that addresses the security vulnerabilities that come with their widespread adoption. Four core cryptographic mod- ules are implemented, including data confidentiality, message integrity, authentication, and secure communication channels. Specifically, the SHA-256 hashing and AES128-CBC/GCM cipher modules are very efficient, with an execution time of just a few μs. For the key exchange functionality, we opted to leverage Elliptic Curve Cryptography (ECC) and, in particular, the BLS12-381 curve, because it enables the implementation of certificateless public-key cryptography. We demonstrate the performance of the Hash to Curve and pairing operations that are required by both the BLS12-381 digital signature scheme and the session key agreement protocol. The pairing operation consists of two main steps, namely, the Miller loop and the final exponentiation. On a 10 MHz clock frequency (simulated in FPGA), a pairing operation between two elliptic curve points takes around 3.68s to complete. Under the BLS12-381 digital signature scheme, the module for signing messages takes 0.76s, while the module for verifying signatures takes 7.35s. Finally, we identified that the parallel point-scalar multiplication technique was the most efficient, and the module for generating a session key on an IoT node takes around 4.03s. To summarize, this paper highlights the importance of addressing the security risks associated with IoT devices and presents a low-cost implementation of hardware- based cryptography for achieving robust security.
Journal/Conference/Book titleIEEE International Midwest Symposium on Circuits and Systems (MWSCAS), AUG 6-9 2023, Phoenix, Arizona, USA.