Energy-Aware Digital Signatures for Embedded Medical Devices

Authentication is vital for the Internet of Things (IoT)applications involving sensitive data (e.g., medical and financial systems). Digital signatures offer scalable authentication with non-repudiation and public verifiability, which are necessary for auditing and dispute resolution in such IoT applications. However, digital signatures have been shown to be highly costly for low-end IoT devices, especially when embedded devices (e.g., medical implants)must operate without a battery replacement for a long time. We propose an Energy-aware Signature for Embedded Medical devices (ESEM)that achieves near-optimal signer efficiency. ESEM signature generation does not require any costly operations (e.g., elliptic curve (EC)scalar multiplication/addition), but only a small constant-number of pseudo-random function calls, additions, and a single modular multiplication. ESEM has the smallest signature size among its EC-based counterparts with an identical private key size. We achieve this by eliminating the use of the ephemeral public key (i.e, commitment)in Schnorr-type signatures from the signing via a distributed construction at the verifier without interaction with the signer while permitting a constant-size public key. We proved that ESEM is secure (in random oracle model), and fully implemented it on an 8-bit AVR microcontroller that is commonly used in medical devices. Our experiments showed that ESEM achieves $8.4\times$ higher energy efficiency over its closest counterpart while offering a smaller signature and code size. Hence, ESEM can be suitable for deployment on resource limited embedded devices in IoT. We open-sourced our software for public testing and wide-adoption.

[1]  Robert Jueneman Securing wireless medicine confidentiality, integrity, nonrepudiation, & malware prevention , 2011, 2011 8th International Conference & Expo on Emerging Technologies for a Smarter World.

[2]  Cesar Pereida García,et al.  "Make Sure DSA Signing Exponentiations Really are Constant-Time" , 2016, CCS.

[3]  Roberto Di Pietro,et al.  MASS: An efficient and secure broadcast authentication scheme for resource constrained devices , 2013, 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS).

[4]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[5]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[6]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[7]  Attila Altay Yavuz,et al.  ETA: efficient and tiny and authentication for heterogeneous wireless systems , 2013, WiSec '13.

[8]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[9]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[10]  Craig Costello,et al.  Fourℚ: Four-Dimensional Decompositions on a ℚ-curve over the Mersenne Prime , 2015, ASIACRYPT.

[11]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[12]  Chiara Petrioli,et al.  Low-Cost Standard Signatures for Energy-Harvesting Wireless Sensor Networks , 2017, ACM Trans. Embed. Comput. Syst..

[13]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[14]  Zhe Liu,et al.  Four \mathbb Q on Embedded Devices with Strong Countermeasures Against Side-Channel Attacks , 2017, CHES.

[15]  Juan E. Tapiador,et al.  Security and privacy issues in implantable medical devices: A comprehensive survey , 2015, J. Biomed. Informatics.

[16]  Sorin-Aurel Moraru,et al.  Signal conditioning techniques for health monitoring devices , 2012, 2012 35th International Conference on Telecommunications and Signal Processing (TSP).

[17]  Aleksandr Ometov,et al.  Feasibility characterization of cryptographic primitives for constrained (wearable) IoT devices , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[18]  Willi Meier,et al.  SHA-3 proposal BLAKE , 2009 .

[19]  Peter Schwabe,et al.  NaCl on 8-Bit AVR Microcontrollers , 2013, AFRICACRYPT.

[20]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[21]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[22]  Zhe Liu,et al.  FourQ on embedded devices with strong countermeasures against side-channel attacks , 2018, IACR Cryptol. ePrint Arch..

[23]  Ramarathnam Venkatesan,et al.  Speeding up Discrete Log and Factoring Based Schemes via Precomputations , 1998, EUROCRYPT.

[24]  Athanasios V. Vasilakos,et al.  A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment , 2018, IEEE Journal of Biomedical and Health Informatics.

[25]  Attila A. Yavuz,et al.  ARIS: Authentication for Real-Time IoT Systems , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[26]  Reihaneh Safavi-Naini,et al.  An Efficient Post-Quantum One-Time Signature Scheme , 2015, SAC.

[27]  Phong Q. Nguyen,et al.  Distribution of Modular Sums and the Security of the Server Aided Exponentiation , 2001 .

[28]  Colleen Swanson,et al.  SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks , 2014, 2014 IEEE Symposium on Security and Privacy.

[29]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[30]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[31]  Attila A. Yavuz,et al.  Compact Energy and Delay-Aware Authentication , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[32]  Attila A. Yavuz,et al.  Low-Cost Standard Public Key Cryptography Services for Wireless IoT Systems , 2017, IoT S&P@CCS.

[33]  Johannes A. Buchmann,et al.  Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey , 2015, Comput. Secur..