Efficient Forward-Secure and Compact Signatures for the Internet of Things (IoT)

Author

Efe Ulas Akay Seyitoglu, University of South Florida

Graduation Year

2020

Document Type

Thesis

Degree

M.S.C.S.

Degree Name

MS in Computer Science (M.S.C.S.)

Degree Granting Department

Computer Science and Engineering

Major Professor

Attila Altay Yavuz, Ph.D.

Committee Member

Jay Ligatti, Ph.D.

Committee Member

Mehran Mozaffari Kermani, Ph.D.

Keywords

Aggregation, Audit logs, Resource-constrained devices, Storage efficiency, Unbounded message signing

Abstract

In the modern Internet of Things (IoT) applications, the system entities collect security-sensitive information that must be cryptographically protected. In particular, authentication and integrity, as foundational security services, are essential for any IoT applications. Digital signatures provide both authentication and integrity to these applications. Nevertheless, once an IoT device is compromised, its signature private key is leaked to an adversary. Forward-secure digital signatures mitigate the impact of such key compromises by incorporating a key-evolving mechanism into the authentication process. However, existing forward-secure signatures suffer from large signature/key sizes, heavy computational overhead, and some prominent variants that can only sign a limited number of messages. Hence, there is a critical need for forward-secure and compact digital signatures that can be used to authenticate large amounts of critical information.

In this work, we proposed two forward-secure signatures with signature and partial public key aggregation capabilities that we refer to as CORE^K_Base and CORE-MMM. Our first scheme, to the best of our knowledge, is the first K-time forward-secure and aggregate signature scheme with a public-key aggregation feature. The idea is to use a hash-chain mechanism to evolve the keys and pre-compute the aggregated public key. For each message, we compute its signature and aggregate it. CORE^K_Base offers compact public keys as well as compact signatures with low verification overhead. We fully implemented CORE^K_Base in commodity hardware and tested for various performance metrics. We also compared CORE^K_Base with its most efficient counterparts. For instance, CORE^K_Base has 180x faster signature verification compared to its most verification-efficient counterpart, it also has 16.5x more compact public-keys compared to the most public-key compact counterpart. Our second scheme CORE-MMM, is a practically unbounded forward-secure signature scheme that leverages CORE^K_Base. Our use of CORE^K_Base is central to the design of CORE^K_Base because we crafted CORE^K_Base to optimize the performance of unbounded signing capability under the generic MMM transformation. To the best of our knowledge, this specific design led to the most efficient compromise-resilient and compact signature which we refer to as CORE-MMM. We also compared the performance of CORE-MMM with its state-of-art alternatives. Our analysis shows that CORE-MMM outperforms its state-of-art counterparts in most performance metrics. Some notable examples include small public keys (only 32 Bytes), more than two magnitudes more efficient key updates, compact signatures, and a magnitude smaller private keys compared to its most efficient counterparts for each metric.

Scholar Commons Citation

Seyitoglu, Efe Ulas Akay, "Efficient Forward-Secure and Compact Signatures for the Internet of Things (IoT)" (2020). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/8297