Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Lightweight and Resilient Signatures for Cloud-Assisted Embedded IoT Systems

Saif E. Nouma, Attila A. Yavuz

TL;DR

<3-5 sentence high-level summary> This work tackles the challenge of scalable, secure authentication for resource-constrained IoT by introducing two signatures, LRSHA and FLRSHA, that combine commitment separation with hardware-assisted distributed verification. The signer is kept computationally lightweight by offloading commitment handling to a network of TEEs (ComC servers), while FLRSHA adds forward security through key evolution without central trust or heavy verification burden. The authors provide formal security proofs (HD-EU-CMA and FHD-EU-CMA) and validate performance through full implementations on commodity hardware and 8-bit MCUs, demonstrating large speedups, compact keys/signatures, and robust breach resilience. The work also emphasizes practical deployment via open-source code and a realistic IoT/cloud model that avoids single-point-of-failure roots of trust.</paper_summary>

Abstract

Digital signatures provide scalable authentication with non-repudiation and are vital tools for the Internet of Things (IoT). Many IoT applications harbor vast quantities of resource-limited devices often used with cloud computing. However, key compromises (e.g., physical, malware) pose a significant threat to IoTs due to increased attack vectors and open operational environments. Forward security and distributed key management are critical breach-resilient countermeasures to mitigate such threats. Yet forward-secure signatures are exorbitantly costly for low-end IoTs, while cloud-assisted approaches suffer from centrality or non-colluding semi-honest servers. In this work, we create two novel digital signatures called Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forward-secure version (FLRSHA). They offer a near-optimally efficient signing with small keys and signature sizes. We synergize various design strategies, such as commitment separation to eliminate costly signing operations and hardware-assisted distributed servers to enable breach-resilient verification. Our schemes achieve magnitudes of faster forward-secure signing and compact key/signature sizes without suffering from strong security assumptions (non-colluding, central servers) or a heavy burden on the verifier (extreme storage, computation). We formally prove the security of our schemes and validate their performance with full-fledged open-source implementations on both commodity hardware and 8-bit AVR microcontrollers.

Lightweight and Resilient Signatures for Cloud-Assisted Embedded IoT Systems

TL;DR

<3-5 sentence high-level summary> This work tackles the challenge of scalable, secure authentication for resource-constrained IoT by introducing two signatures, LRSHA and FLRSHA, that combine commitment separation with hardware-assisted distributed verification. The signer is kept computationally lightweight by offloading commitment handling to a network of TEEs (ComC servers), while FLRSHA adds forward security through key evolution without central trust or heavy verification burden. The authors provide formal security proofs (HD-EU-CMA and FHD-EU-CMA) and validate performance through full implementations on commodity hardware and 8-bit MCUs, demonstrating large speedups, compact keys/signatures, and robust breach resilience. The work also emphasizes practical deployment via open-source code and a realistic IoT/cloud model that avoids single-point-of-failure roots of trust.</paper_summary>

Abstract

Digital signatures provide scalable authentication with non-repudiation and are vital tools for the Internet of Things (IoT). Many IoT applications harbor vast quantities of resource-limited devices often used with cloud computing. However, key compromises (e.g., physical, malware) pose a significant threat to IoTs due to increased attack vectors and open operational environments. Forward security and distributed key management are critical breach-resilient countermeasures to mitigate such threats. Yet forward-secure signatures are exorbitantly costly for low-end IoTs, while cloud-assisted approaches suffer from centrality or non-colluding semi-honest servers. In this work, we create two novel digital signatures called Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forward-secure version (FLRSHA). They offer a near-optimally efficient signing with small keys and signature sizes. We synergize various design strategies, such as commitment separation to eliminate costly signing operations and hardware-assisted distributed servers to enable breach-resilient verification. Our schemes achieve magnitudes of faster forward-secure signing and compact key/signature sizes without suffering from strong security assumptions (non-colluding, central servers) or a heavy burden on the verifier (extreme storage, computation). We formally prove the security of our schemes and validate their performance with full-fledged open-source implementations on both commodity hardware and 8-bit AVR microcontrollers.
Paper Structure (16 sections, 2 theorems, 3 equations, 5 figures, 4 tables, 2 algorithms)

This paper contains 16 sections, 2 theorems, 3 equations, 5 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Our Contributions
  4. Preliminaries
  5. System, threat, and security models
  6. System Model
  7. Threat and Security Model
  8. Proposed Schemes
  9. Lightweight and Resilient Signature with Hardware Assistance (LRSHA)
  10. Forward-secure Lightweight and Resilient Signature with Hardware Assistance (FLRSHA)
  11. Security Analysis
  12. Performance Analysis
  13. Evaluation Metrics and Experimental Setup
  14. Performance on Commodity Hardware
  15. Performance on 8-bit AVR Microcontroller
  16. ...and 1 more sections

Key Result

Theorem 1

If a PPT adversary $\mathcal{A}$ can break the $$HD-EU-CMA -secure $$LRSHA in time $t$ and after $q_s$ signature and commitment queries to $\texttt{LRSHA.Sig}_{ { \mathit{sk} }{\xspace}}(.)$ and $\texttt{LRSHA.ComC}_{\vec{a}}(.)$ oracles, and $q_H$ queries to $$RO(.), then one can build a polynomial

Figures (5)

  • Figure 1: Our System Model
  • Figure 2: High-Level Overview of $$LRSHA.
  • Figure 3: The high-level overview of $$FLRSHA.
  • Figure 4: High-level overview of the (F)$$LRSHA building blocks and their interplay. Each entity’s internal components show the main cryptographic and arithmetic methods used to implement each of the signature algorithms.
  • Figure 5: Impact of signing operations on the battery lifetime for $$LRSHA and $$FLRSHA schemes and their counterparts

Theorems & Definitions (12)

  • Definition 1
  • Definition 2
  • Definition 3
  • Remark 1
  • Definition 4
  • Definition 5
  • Definition 6
  • Definition 7
  • Definition 8
  • Definition 9
  • ...and 2 more