Real-Time Digital Signatures for Time-Critical Networks

The secure and efficient operation of time-critical networks, such as vehicular networks, smart-grid, and other smart-infrastructures, is of primary importance in today’s society. It is crucial to minimize the impact of security mechanisms over such networks so that the safe and reliable operations of time-critical systems are not being interfered. For instance, if the delay introduced by the crypto operations negatively affects the time available for braking a car before a collision, the car may not be able to safely stop in time. In particular, as a primary authentication mechanism, existing digital signatures introduce a significant computation and communication overhead, and therefore are unable to fully meet the real-time processing requirements of such time-critical networks. In this paper, we introduce a new suite of real-time digital signatures referred to as <italic>Structure-free and Compact Real-time Authentication</italic> (<inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula>), supported by hardware acceleration, to provide delay-aware authentication in time-critical networks. <inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula> is a novel signature framework that can transform any secure aggregate signature into a signer efficient signature. We instantiate <inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula> framework with condensed-RSA, BGLS, and NTRU signatures. Our analytical and experimental evaluation validates the significant performance advantages of <inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula> schemes over their base signatures and the state-of-the-art schemes. Moreover, we push the performance of <inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula> schemes to the edge via highly optimized implementations on vehicular capable system-on-chip as well as server-grade general purpose graphics processing units. We prove that <inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula> is secure (in random oracle model) and show that <inline-formula> <tex-math notation="LaTeX">${SCRA}$ </tex-math></inline-formula> can offer an ideal alternative for authentication in time-critical applications.

[1]  Attila A. Yavuz,et al.  HAA: Hardware-Accelerated Authentication for internet of things in mission critical vehicular networks , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[2]  William Whyte,et al.  Practical Signatures from the Partial Fourier Recovery Problem , 2014, IACR Cryptol. ePrint Arch..

[3]  Zoubir Mammeri,et al.  Authentication and consensus overhead in vehicular ad hoc networks , 2013, Telecommun. Syst..

[4]  Rosario Gennaro,et al.  Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results , 2008, Public Key Cryptography.

[5]  Attila Altay Yavuz,et al.  Immutable Authentication and Integrity Schemes for Outsourced Databases , 2018, IEEE Transactions on Dependable and Secure Computing.

[6]  Rachid El Bansarkhani,et al.  Towards Lattice Based Aggregate Signatures , 2014, AFRICACRYPT.

[7]  Xavier Boyen,et al.  Sealing the Leak on Classical NTRU Signatures , 2014, PQCrypto.

[8]  Roberto Tamassia,et al.  Multicast authentication in fully adversarial networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[9]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[10]  Attila Altay Yavuz,et al.  An Efficient Real-Time Broadcast Authentication Scheme for Command and Control Messages , 2014, IEEE Transactions on Information Forensics and Security.

[11]  Donald E. Knuth,et al.  The Art of Computer Programming: Volume 3: Sorting and Searching , 1998 .

[12]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[15]  Donald E. Knuth,et al.  The art of computer programming: sorting and searching (volume 3) , 1973 .

[16]  Markus Rückert,et al.  Lattice-based signature schemes with additional features , 2011 .

[17]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[18]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[19]  Gene Tsudik,et al.  Signature Bouquets: Immutability for Aggregated/Condensed Signatures , 2004, ESORICS.

[20]  Guang Gong,et al.  Accelerating signature-based broadcast authentication for wireless sensor networks , 2012, Ad Hoc Networks.

[21]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[22]  Papapanagiotou Ioannis,et al.  HARENS: Hardware Accelerated Redundancy Elimination in Network Systems , 2016 .

[23]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[24]  David M'Raïhi,et al.  Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard , 1994, EUROCRYPT.

[25]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[26]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[27]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[28]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[29]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[30]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[31]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[32]  Vinit Malpure The Pairing-Based Cryptography Mechanism to Provide Confidentiality and Authentication for Broker-Less Content-Based Publish / Subscribe System , 2015 .

[33]  Ç. Koç Analysis of sliding window techniques for exponentiation , 1995 .

[34]  Peng Ning,et al.  BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems , 2012, TSEC.

[35]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[36]  Léo Ducas,et al.  Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures , 2012, ASIACRYPT.

[37]  Antoine Joux,et al.  Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups , 2003, Journal of Cryptology.

[38]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[39]  Jean-Sébastien Coron,et al.  Boneh et al.'s k-Element Aggregate Extraction Assumption Is Equivalent to the Diffie-Hellman Assumption , 2003, ASIACRYPT.

[40]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.