Conference PaperPDF Available

NanoPBC: Implementing Cryptographic Pairings on an 8-bit Platform

Authors:
Diego F. Aranha at Aarhus University
Diego F. Aranha
Leonardo Oliveira at Federal University of Minas Gerais
Leonardo Oliveira
Julio López at State University of Campinas (UNICAMP)
Julio López
Ricardo Dahab at State University of Campinas (UNICAMP)
Ricardo Dahab
Download full-text PDF
Read full-text
Download citation

Abstract

Wireless Sensor Networks (WSNs) are networks composed of thousands of resource-constrained sensor nodes and one or more base stations. They are emerging as a technology for monitoring different environments of interest and they find applications ranging from battlefield reconnaissance to environmental protection. On the other hand, Pairing-Based Cryptography (PBC), is an emerging research field that allows a wide range of applications. Pairings, for short, have enabled the design of original cryptographic schemes and turned well-known cryptographic protocols more efficient. In this work we present NanoPBC, a cryptographic library for resource-constrained devices. In NanoPBC, we have implemented all big number, finite field, and elliptic curve arithmetic from scratch therefore allowing us to extract the most from the platform. Besides, in order to maximize speed, all time critical routines were implemented using Assembly.
Content uploaded by Diego F. Aranha
Author content
All content in this area was uploaded by Diego F. Aranha on Nov 16, 2014
Content may be subject to copyright.
NanoPBC: Implementing Cryptographic Pairings on
an 8-bit Platform
Diego F. Aranha1
Unicamp, Brazil
dfaranha@ic.unicamp.br
Leonardo B. Oliveira2
Unicamp, Brazil
leob@ic.unicamp.br
Julio L´
opez
Unicamp, Brazil
jlopez@ic.unicamp.br
Ricardo Dahab
Unicamp, Brazil
rdahab@ic.unicamp.br
I. ABS TR AC T
Wireless Sensor Networks (WSNs) are networks com-
posed of thousands of resource-constrained sensor nodes
and one or more base stations. They are emerging as a
technology for monitoring different environments of in-
terest and they find applications ranging from battlefield
reconnaissance to environmental protection.
On the other hand, Pairing-Based Cryptography
(PBC) [1], is an emerging research field that allows
a wide range of applications. Pairings, for short, have
enabled the design of original cryptographic schemes and
turned well-known cryptographic protocols more effi-
cient. In the context of WSNs, particularly, PBC enables
a wide range of useful cryptographic applications:
Identity-Based Key Distribution: WSNs cannot af-
ford the burden of establishing and maintaining a
PKI. Therefore, ID-based key distribution schemes
(e.g., [1]) seem to be most adequate way of boot-
strapping security in WSNs.
Short Signatures: communication consumes three
orders of magnitude more energy than computation.
Energy in turn is the most constrained resource
in a sensor node. As a result, a scheme as the
Boneh-Lynn-Shacham (BLS) [2] looks like the ideal
signature scheme for WSNs.
Finally, it is worth mentioning that the use of PBC in
WSNs is specially interesting since in WSNs there is a
central and trusted entity (i.e., the base station) that can
play the role of a Private Key Generator in ID-based
protocols.
Despite of all these advantages, a question still re-
mained: are sensor nodes able to compute pairings – the
most expensive PBC operation – efficiently? And it was
only recently that pairings have been shown to be viable
in sensor devices (e.g.[3]).
1Supported by FAPESP, Grant No. 2007/06950-0.
2Microsoft Research Fellow.
In this work we present NanoPBC, a cryptographic
library for resource-constrained devices. In NanoPBC,
we have implemented all big number, finite field, and
elliptic curve arithmetic from scratch therefore allowing
us to extract the most from the platform. Besides, in
order to maximize speed, all time critical routines were
implemented using Assembly.
By using NanoPBC, one is able to compute the ηT[4]
pairing, over binary fields, on the popular MICAz sensor
node platform (8-bit/7.3828-MHz ATmega128L) in only
2.14 s, i.e., a speedup of 2.54 compared to the fastest
implementation so far [3]. Another key factor for achiev-
ing this performance was our implementation of the
L´
opez-Dahab [5] binary finite field multiplication. It was
optimized for minimizing memory access operations,
which are expensive on our target platform.
To sum up, our key contributions are:
1) Provide an in-depth description of how to imple-
ment pairings efficiently in resource-constrained
devices;
2) Show a novel implementation of the L´
opez-Dahab
binary field multiplication method; and
3) Present the fastest figures for pairing computation
on an 8-bit platform.
REFERENCES
[1] R. Sakai, K. Ohgishi, and M. Kasahara, “Cryptosystems based
on pairing,” in Symposium on Cryptography and Information
Security (SCIS’00), Jan 2000, pp. 26–28.
[2] D. Boneh, B. Lynn, and H. Schacham, “Short signatures from
the Weil pairing,” Journal of Cryptology, vol. 17, no. 4, 2004.
[3] L. B. Oliveira, M. Scott, J. L´
opez, and R. Dahab, “TinyPBC:
Pairings for authenticated identity-based non-interactive key dis-
tribution in sensor networks,” in 5th International Conference on
Networked Sensing Systems (INSS’08), 2008, pp. 173–180.
[4] P. S. L. M. Barreto, S. Galbraith, C. O. hEigeartaigh, and
M. Scott, “Efficient pairing computation on supersingular abelian
varieties,” in Designs Codes And Cryptography, 2006.
[5] J. L´
opez and R. Dahab, “High-speed software multiplication in
GF(2m),” in Lecture Notes in Computer Science: INDOCRYPT
’00. Springer-Verlag, 2000, pp. 203–212.

Supplementary resource (1)

NanoPBC: Implementing Cryptographic Pairings on an 8-bit Platform (slides for CHiLE 2009)
Data
January 2009
Diego F. Aranha · Leonardo Oliveira · Julio López · Ricardo Dahab
... Recently several authors observed that only hardware-based cryptography is not needed, but software-based cryptography is feasible and practical to implements. Several author proposed their software-based cryptographic implementation for MICAs, sensor node platform, for example, TinyECC [42,43], NanoECC [44], NanoPBC [45], TinyPBC [46], etc. This implementation optimized the high computational operation and made it possible to embed in the sensor network. ...
... ATmega128L micro-controller. Other efficient pairing for WSN are [54,46,45]. ...
AOR-ID-KAP: An Authenticated One-Round Identity-Based Key Agreement Protocol for Wireless Sensor Network
Chapter
Full-text available
  • Jan 2019
Today, Wireless sensor network has large applications in different areas such as home appliances, healthcare, defenses, submarine, weather forecasting, etc. Sensor node gathers data, processes it and transmits data to the other node in the sensor network. To enable two nodes that communicated, they need a secret key which protects them over the public wireless network. Since the resource-constrained sensor node in WSN has insufficient memory that incapable to store secret keys. So, there is a need for the distribution of key over the network. The keys distribution on resource-constraints sensor nodes in the WSN is the challenging area of interest. Though, the resource constraints behavior of sensor node restricts to manage a lot of keys in WSN. Many solutions have been proposed for WSN recently. In this article, we demonstrate how public key cryptography, especially, identity-based encryption gives the right approach for key distribution on WSN without interacting the nodes in the network. Besides, we inspect several highly optimized, energy and memory efficient, and scalable variant of Elliptic curve cryptography that is quickly and flexible to integrate on WSN. Further, we examine another light-weight pairing based cryptography implementation and show the feasibility of pairing-based cryptography in WSN. We then proposed a one-round identity-based key agreement protocol (AOR-ID-KAP) based on the light-weight pairing-based cryptosystem. We show that our proposed scheme AOR-ID-KAP is authenticated and scalable to large network size, and secure against man-in-middle-attack, and node capture. In terms of computational cost, bandwidth cost and message exchange, our proposed system performed better as compare to the other related schemes.
View
... Apesar de vários grupos de pesquisa estarem atuando nesta área, a autenticação e a autorização ainda são problemas em aberto em IoT [Oliveira et al. 2017]. Neste contexto, ambas podem se dar de duas formas: (1) de dispositivo para dispositivos (device-to-device -D2D) ou [Aranha et al. 2009, Oliveira et al. 2011, Souza et al. 2013(2) de usuário para dispositivo (user-to-device -U2D) [Souza et al. 2018]. As propostas tradicionais que abordam D2D são, muitas vezes, baseadas no modelo tradicional de ICP/certificados digitais. ...
O Futuro da Gestão de Identidades Digitais
Conference Paper
  • Oct 2018
Este artigo apresenta uma visão de futuro sobre temas com potencial para pesquisas e desenvolvimento em Gestão de Identidades de acordo com pesquisadores que têm atuado na área e colaborado no Comitê Técnico de Gestão de Identidades (CT-GId), vinculado à Rede Nacional de Ensino e Pesquisa (RNP). Os resultados apontam para a existência de muitos desafios e oportunidades nesta área, a qual está ganhando uma importância cada vez maior nos cenários nacional e internacional. A atenção da RNP para os novos desafios que se assomam no horizonte, conforme descrito neste documento, permitirá que a instituição e os serviços providos por esta se mantenham na vanguarda tecnológica e operacional.
View
... Com o recente desenvolvimento de soluções assimétricas bem mais leves do que algoritmos tradicionais, como é o caso da criptografia de curvas elípticas (ECC) [48]), os esquemas auto-regulados passaram a receber uma maior atenção. De fato, de acordo com a recente análise apresentada em [5], o tempo necessário para calcular um emparelhamento (o processo geralmente mais dispendioso neste tipo de solução) em um sensor MICAz pode ser tão baixo quanto 2 segundos. ...
View
... It means that authentication solutions must rely on methods that require low computing resources, low bandwidth, and low energy consumption. To achieve this, proposed solutions rely on cheaper authentication tools such as short signature schemes, 35,57 group signatures, 58 IBC, 59,60 or even traditional symmetric cryptography. 15 These approaches leverage the presence of the resourceful base station to bootstrap and manage the necessary cryptosystems. ...
Internet of Things device authentication via electromagnetic fingerprints
Article
Full-text available
  • Jul 2020
We quickly approach a future where Internet of Things (IoT) devices are the norm. In this scenario, humans are surrounded by a multitude of heterogeneous devices that assist them in almost every aspect of their daily routines. The realization of this future demands strong authentication guarantees to ensure that these devices are not abused and that their users are not endangered. However, providing authentication for these systems is challenging due to the high heterogeneity of IoT applications. In this paper, we first review several IoT application scenarios and promising authentication methods for each. We identify th e key characteristics of each IoT application scenario, present the strengths and weaknesses of prominent authentication methods from the literature, and review which authentication methods have been proposed in the literature for each application. Then, we present a novel authentication method for IoT based on electromagnetic noise. The key advantage of electromagnetic noise is that any electronic device intrinsically generates electromagnetic noise during normal operation. We extract features from these electromagnetic emanations and use machine learning algorithms to identify devices based on these features. Our method achieves 77% accuracy when identifying devices among a set of seven devices. In this paper, we review several IoT application and authentication methods and analyze which methods are better fit to secure each application. We also propose, implement, and evaluate an authentication method based on a device's electromagnetic emanations.
View
... Some pairing-based cryptographic techniques such as TinyPBC, 10 NanoPBC, 11 and TinyPairing 12 are based on ECC, and these techniques contribute high computational and communication overheads. Therefore, hybrid security mechanisms have been designed like SCUR, 13 MASA, 14 and SecFleck, 15 where the secret key is used for the generation of the pair of a public-private key to enhancing the security. ...
Simple, secure, and lightweight mechanism for mutual authentication of nodes in tiny wireless sensor networks
Article
Full-text available
  • Jun 2020
  • INT J COMMUN SYST
Wireless sensor networks (WSNs) are widely used in large areas of applications; due to advancements in technology, very tiny sensors are readily available, and their usage reduces the cost. The mechanisms designed for wireless networks cannot be implied on networks with tiny nodes due to battery and computational constraints. Understanding the significance of security in WSNs and resource constraintness of tiny WSNs, we propose a node authentication mechanism for nodes in wireless sensor networks to avoid security attacks and establish secure communication between them. In the proposed mechanism, a base station (BS) generates a secret value and random value for each sensor node and stores at the node. The sensor node authenticates using secret value and random number. Random nonce ensures freshness, efficiency, and robustness. The proposed mechanism is lightweight cryptographic, hence requires very less computational, communication, and storage resources. Security analysis of the proposed mechanism could not detect any security attack on it, and the mechanism was found to incur less storage, communication, and computation overheads. Hence, the proposed mechanism is best suitable for wireless sensor networks with tiny nodes. In this, we have proposed a mutual node authentication mechanism for tiny wireless sensor networks (WSNs). The proposed mechanism uses lightweight operations like exclusive OR (XOR) and one‐way hash; it is secure, lightweight, and most suitable for tiny networks. The proposed mechanism is proved to be secure and also consumes very less resources compared to the existing mechanisms.
View
FLAT: Federated Lightweight Authentication for the Internet of Things
Article
  • Jun 2020
  • AD HOC NETW
Federated Identity Management schemes (FIdMs) are of great help for traditional systems as they improve user authentication and privacy. In this paper, we claim that traditional FIdMs are mostly cumbersome and then ill-suited for IoT. As a solution to this problem, we came up with Federated Lightweight Authentication of Things (FLAT), namely a federated identity authentication protocol exclusively tailored to IoT. FLAT replaces weighty protocols and public-key cryptographic primitives used in traditional FIdMs by lighter ones, like symmetric cryptographic primitives and Implicit Certificates. Our results show that FLAT can reduce the data exchange overhead by around 31% when compared to a baseline solution. Also, the FLAT Client, the role played by an IoT device in the protocol, is more efficient than the baseline Client in terms of data exchange, storage, memory, and computation time. Our results indicate that FLAT runs efficiently, even on top of resource-constrained devices like Arduino.
View
View
A Comprehensive Technical Review on Security Techniques and Low Power Target Architectures for Wireless Sensor Networks
Chapter
  • Mar 2018
Advancements in wireless sensor networks (WSNs) technologies have enabled their introduction in various application fields. A large number of these applications use sensitive data that require securing algorithms. In this paper, we present a comprehensive survey on the most commonly used security techniques in wireless sensor networks. In this survey, we also present the different implementations on numerous platforms used to realize these security algorithms with special attention to power consumption. Based upon our findings, we propose the main characteristics and parts of a new solution to realize a low power wireless sensor node with high level of security.
View
View
Implementação eficiente em software de curvas elípticas e emparelhamentos bilineares
Thesis
Full-text available
  • Aug 2011
O advento da criptografia assimétrica ou de chave pública possibilitou a aplicação de criptografia em novos cenários, como assinaturas digitais e comércio eletrônico, tornando-a componente vital para o fornecimento de confidencialidade e autenticação em meios de comunicação. Dentre os métodos mais eficientes de criptografia assimétrica, a criptografia de curvas elípticas destaca-se pelos baixos requisitos de armazenamento para chaves e custo computacional para execução. A descoberta relativamente recente da criptografia baseada em emparelhamentos bilineares sobre curvas elípticas permitiu ainda sua flexibilização e a construção de sistemas criptográficos com propriedades inovadoras, como sistemas baseados em identidades e suas variantes. Porém, o custo computacional de criptossistemas baseados em emparelhamentos ainda permanece significativamente maior do que os assimétricos tradicionais, representando um obstáculo para sua adoção, especialmente em dispositivos com recursos limitados. As contribuições deste trabalho objetivam aprimorar o desempenho de criptossistemas baseados em curvas elípticas e emparelhamentos bilineares e consistem em: (i) implementação eficiente de corpos binários em arquiteturas embarcadas de 8 bits (microcontroladores presentes em sensores sem fio); (ii) formulação eficiente de aritmética em corpos binários para conjuntos vetoriais de arquiteturas de 64 \emph{bits} e famílias mais recentes de processadores Desktop dotadas de suporte nativo à multiplicação em corpos binários; (iii) técnicas para implementação serial e paralela de curvas elípticas binárias e emparelhamentos bilineares simétricos e assimétricos definidos sobre corpos primos ou binários. Estas contribuições permitiram obter significativos ganhos de desempenho e, conseqüentemente, uma série de recordes de velocidade para o cálculo de diversos algoritmos criptográficos relevantes em arquiteturas modernas que vão de sistemas embarcados de 8 bits a processadores com 8 cores.
View
Efficient Pairing Computation on Supersingular Abelian Varieties.
Article
Full-text available
  • Jan 2004
We present a general technique for the e cient computation of pair- ings on supersingular Abelian varieties. This formulation, which we call the eta pairing, generalises results of Duursma and Lee for computing the Tate pairing on supersingular elliptic curves in characteristic three. We then show how our general technique leads to a new algorithm which is about twice as fast as the Duursma-Lee method. These ideas are then used for elliptic and hyperelliptic curves in characteristic 2 with very e cient results. In particular, the hyperelliptic case is faster than all previously known pairing algorithms.
View
View
High-Speed Software Multiplication in F
Conference Paper
  • Jan 2000
  • Lect Notes Comput Sci
In this paper we describe an efficient algorithm for multiplication in F2m, where the field elements of F2m are represented in standard polynomial basis. The proposed algorithm can be used in practical software implementations of elliptic curve cryptography. Our timing results, on several platforms, show that the new method is significantly faster than the “shift-and-add” method
View
View
TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks
Conference Paper
  • Jul 2008
Key distribution in Wireless Sensor Networks (WSNs) is challenging. Symmetric cryptosystems can perform it efficiently, but they often do not provide a perfect trade-off between resilience and storage. Further, even though conventional public key and elliptic curve cryptosystem are computationally feasible on sensor nodes, protocols based on them are not. They require exchange and storage of large keys and certificates, which is expensive. Using Pairing-based Cryptography (PBC) protocols, conversely, parties can agree on keys without any interaction. In this work, we (i) show how security in WSNs can be bootstrapped using an authenticated identitybased non-interactive protocol and (ii) present TinyPBC, to our knowledge, the most efficient implementation of PBC primitives for an 8-bit processor. TinyPBC is able to compute pairings in about 5.5s on an ATmega128L clocked at 7.3828-MHz (the MICA2 and MICAZ node microcontroller).
View
Lecture Notes in Computer Science
Conference Paper
  • May 2002
We introduce a short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves. For standard security parameters, the signature length is about half that of a DSA signature with a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or are sent over a low-bandwidth channel. We survey a number of properties of our signature scheme such as signature aggregation and batch verification.
View
Short signatures from the Weil pairing
  • Jan 2004
  • J CRYPTOL
  • D Boneh
  • B Lynn
  • H Schacham
D. Boneh, B. Lynn, and H. Schacham, "Short signatures from the Weil pairing," Journal of Cryptology, vol. 17, no. 4, 2004.
Cryptosystems based on pairing
  • Jan 2000
  • 26-28
  • R Sakai
  • K Ohgishi
  • M Kasahara
R. Sakai, K. Ohgishi, and M. Kasahara, "Cryptosystems based on pairing," in Symposium on Cryptography and Information Security (SCIS'00), Jan 2000, pp. 26-28.