Internet of Things (IoT); Security protocol; Elliptic curve cryptography; Cryptographic permutation; Efficient implementation
Résumé :
[en] Most widely-used protocols for end-to-end security, such as TLS and its datagram variant DTLS, are highly computation-intensive and introduce significant communication overheads, which makes them impractical for resource-restricted IoT devices. The recently-introduced Disco protocol framework provides a clean and well-documented basis for the design of strong end-to-end security with lower complexity than the (D)TLS protocol and no legacy baggage. Disco consists of two sub-protocols, namely Noise (known from e.g., WhatsApp) and Strobe, and is rather minimalist in terms of cryptography since it requires only an elliptic curve in Montgomery form and a cryptographic permutation as basic building blocks. In this paper, we present IoTDisco, an optimized implementation of the Disco protocol for 16-bit TI MSP430 microcontrollers. IoTDisco is based on David Wong's EmbeddedDisco software and contains hand-written Assembly code for the prime-field arithmetic of Curve25519. However, we decided to replace the Keccak permutation of EmbeddedDisco by Xoodoo to reduce both the binary code size and RAM footprint. The experiments we conducted on a Zolertia Z1 device (equipped with a MSP430F2617 microcontroller) show that IoTDisco is able to perform the computational part of a full Noise NK handshake in 26.2 million clock cycles, i.e., 1.64 seconds when the MSP430 is clocked at 16 MHz. IoTDisco's RAM footprint amounts to 1.4 kB, which is less than 17% of the overall RAM capacity (8 kB) of the Zolertia Z1.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > APSIA - Applied Security and Information Assurance Interdisciplinary Centre for Security, Reliability and Trust (SnT) > CryptoLUX – Cryptography
Disciplines :
Sciences informatiques
Auteur, co-auteur :
CHENG, Hao ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
FOTIADIS, Georgios ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
GROSZSCHÄDL, Johann ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
RYAN, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
IoTDisco: Strong yet Lightweight End-to-End Security for the Internet of Constrained Things
Date de publication/diffusion :
octobre 2023
Nom de la manifestation :
9th International Conference on Mobile, Secure and Programmable Networking (MSPN 2023)
Lieu de la manifestation :
Paris, France
Date de la manifestation :
from 26 to 27 October 2023
Manifestation à portée :
International
Titre de l'ouvrage principal :
Mobile, Secure, and Programmable Networking: 9th International Conference, MSPN 2023, Paris, France, October 26–27, 2023, Revised Selected Papers
AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.: On the security of RC4 in TLS. In: King, S.T. (ed.) Proceedings of the 22th USENIX Security Symposium (USS 2013), pp. 305–320. USENIX Association (2013)
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207– 228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853 14
Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 389– 405. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9 26
Bernstein, D.J., van Gastel, B., Janssen, W., Lange, T., Schwabe, P., Smetsers, S.: TweetNaCl: a crypto library in 100 tweets. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 64–83. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16295-9 4
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference, version 3.0 (2011). http://keccak.team/files/Keccak-reference-3.0.pdf
Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. IETF, Light-Weight Implementation Guidance Working Group, RFC 7228 (2014)
Costello, C., Smith, B.: Montgomery curves and their arithmetic. J. Cryptogr. Eng. 8(3), 227–240 (2018)
Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Xoodyak, a lightweight cryptographic scheme. IACR Trans. Symmetric Cryptol. 2020(S1), 60–87 (2020)
Düll, M., et al.: High-speed Curve25519 on 8-bit, 16-bit and 32-bit microcontrollers. Des. Codes Crypt. 77(2–3), 493–514 (2015)
Durumeric, Z., et al.: The matter of Heartbleed. In: Williamson, C., Akella, A., Taft, N. (eds.) Proceedings of the 14th Internet Measurement Conference (IMC 2014), pp. 475–488. ACM (2014)
Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013), pp. 387–398. ACM (2013)
Guha Sarkar, P., Fitzgerald, S.: Attacks on SSL: a comprehensive study of BEAST, CRIME, TIME, BREACH, Lucky 13 & RC4 biases. Technical report, iSEC Partners Inc. (Part of NCC Group) (2013). http://www.nccgroup.com/globalassets/our-research/us/whitepapers/ssl attacks survey.pdf
Hristozov, S., Huber, M., Xu, L., Fietz, J., Liess, M., Sigl, G.: The cost of OSCORE and EDHOC for constrained devices. In: Joshi, A., Carminati, B., Verma, R.M. (eds.) Proceedings of the 11th ACM Conference on Data and Application Security and Privacy (CODASPY 2021), pp. 245–250. ACM (2021)
Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). https://doi.org/10. 1007/978-3-540-45146-4 24
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-756705 1
Law, L., Menezes, A., Qu, M., Solinas, J.A., Vanstone, S.A.: An efficient protocol for authenticated key agreement. Des. Codes Crypt. 28(2), 119–134 (2003)
Menezes, A.J., Stebila, D.: End-to-end security: when do we have it? IEEE Secur. Priv. 19(4), 60–64 (2021)
Moskowitz, R., Hummen, R., Komu, M.: HIP Diet EXchange (DEX). IETF, Internet draft draft-ietf-hip-dex-24 (2021)
Nie, P., Vähä-Herttua, J., Aura, T., Gurtov, A.V.: Performance analysis of HIP diet exchange for WSN security establishment. In: Chen, H., Ben-Othman, J., Cesana, M. (eds.) Proceedings of the 7th ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet 2011), pp. 51–56. ACM (2011)
Perrin, T.: The Noise protocol framework (revision 34). Specification (2018). http://noiseprotocol.org/noise.pdf
Rescorla, E.K.: The transport layer security (TLS) protocol version 1.3. IETF, Network Working Group, RFC 8446 (2018)
Restuccia, G., Tschofenig, H., Baccelli, E.: Low-power IoT communication security: on the performance of DTLS and TLS 1.3. In: Proceedings of the 9th IFIP International Conference on Performance Evaluation and Modeling in Wireless Networks (PEMWN 2020), pp. 1–6. IEEE (2020)
Selander, G., Preuß Mattsson, J., Palombini, F.: Ephemeral Diffie-Hellman over COSE (EDHOC). IETF, Internet draft draft-ietf-lake-edhoc-22 (2023)
Stallings, W.: Cryptography and Network Security: Principles and Practice, 7th edn. Pearson (2016)
