See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/320651892

Elliptic Curve Cryptography Based Security Framework for Internet of Things

(IoT) Enabled Smart Card

Conference Paper · February 2017

DOI: 10.1109/WCCCT.2016.20

CITATIONS READS
6 124

3 authors:

Daisy Premila Bai T Michael Raj K

Holy Cross College, Trichy St. Joseph's College of Tiruchchirappalli
12 PUBLICATIONS   56 CITATIONS    7 PUBLICATIONS   7 CITATIONS   

SEE PROFILE SEE PROFILE

S. Albert Rabara
St. Joseph's College of Tiruchchirappalli
52 PUBLICATIONS   222 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Internet of things View project

All content following this page was uploaded by Michael Raj K on 02 October 2018.

The user has requested enhancement of the downloaded file.

 World
2016Congress
World Congress
on Computing
on Computing
and Communication
and Communication
Elliptic Curve Cryptography based Security Framework for Internet of Things
(IoT) Enabled Smart Card
T. Daisy Premila Bai, K. Michael Raj, S. Albert Rabara
Department of Computer Science
St. Joseph’s College
Tiruchirapalli, India
[email protected]
,
[email protected]
,
[email protected]
Abstract—Smart cards are adopted by people worldwide for
different applications and they are only intra domain oriented
due to security concerns. The literature study reveals that
research has been carried out all over the world to strengthen
the security requirements of the smart cards. But there is no
research proposal to report that one smart card to support all
application domains invariably. Hence, in this paper a novel
Elliptic Curve Cryptography (ECC) based security framework
for Internet of Things (IoT) enabled Smart Card is proposed.
This is a secured and novel one for the public to access
diversified smart applications with one Smart Card at
anywhere and anytime. The security analysis ensures that ECC
provides strong security for Smart Card implementation.
Keywords-internet of things; elliptic curve cryptography;
security; integrity; confidentiality; smart card
I. INTRODUCTION
People around the world use Smart Cards for different
applications such as mobile communications, banking and
financial services, passport, identity cards, transportation,
health care services, education, remote working, etc [1].
Different types of smart cards in use today are contact,
contactless, dual interface and hybrid cards. Contact Cards
are widely used for many applications currently. Contactless
Smart Card is a general purpose Internet of Things (IoT)
enabled application device.
Internet of things is not a single technology, it is the
concept in which many of the new things are getting
networked and connected anytime, anyplace, with anything
and anyone ideally using any path or network and any
service in a heterogeneous environment [2].
European Research Cluster on the Internet of Things
(IERC) states that “Internet of Things is a dynamic global
network infrastructure with self-configuring capabilities
based on standard and interoperable communication
protocols where physical and virtual things have identities,
physical attributes and virtual personalities and use
intelligent interface and are seamlessly integrated into the
information network”[3]. In a nutshell, IoT is characterized
by the real world of smart objects with limited storage and
processing power [4].
In this regard the research reveals that Contactless IoT
enabled Smart Cards are very few in their design and still in
the infancy stage [5]. Security is one of the major concerns in
implementing IoT enabled Smart Card to all application
978-1-5090-5573-9/17 $31.00 © 2017
978-1-5090-5573-9/16 2016 IEEE
DOI 10.1109/WCCCT.2016.20
Technologies
Technologies
(WCCCT)
domains. The various security requirements are mutual
authentication, confidentiality, integrity and non-
repudiation. To enhance the security requirements of the IoT
enabled Smart Card, Elliptic Curve Cryptography (ECC) is
adopted, recommended by NIST [6].
Elliptic curve cryptography is like RSA public key
cryptography. The security strength of ECC depends on the
difficulty of Elliptic Curve Discrete Logarithm Problem
(ECDLP) [7]. ECC adopts scalar multiplication, which
includes point doubling and adding operation which is
computationally more efficient than RSA exponentiation.
The complexity of ECC puts the attacker in difficulty to
understand the ECC and to break the security key. The
security level given by RSA with 1024 bit key can be
achieved with 160 bit key by ECC. It is well suited for
resource constraint devices like smart cards, mobile devices,
etc. [8]. Hence in this paper Elliptic Curve Cryptography
based security framework for IoT enabled Smart Card is
proposed.
This paper is organized as follows. Section II describes
the proposed work. Section III presents security analysis
and Section IV concludes the paper.
II. ELLIPTIC CURVE CRYPTOGRAPHY BASED SECURITY
FRAMEWORK
The proposed ECC based security framework for IoT
enabled smart card involves ECC based encryption and
decryption and digital signature creation and verification.
This section also briefs the IoT enabled smart card
deployment environment where ECC is incorporated. The
various scenarios are as follows:
A. IoT enabled Smart Card
IoT enabled Smart Card is designed as per the ISO/IEC
14443/7816 standard [9]. This IoT enabled smart card is
referred as User Adoptable Intelligent Smart Card (UAISC).
It adopts Elliptic Curve Cryptography and facilitates to avail
secure smart services and applications distributed in cloud
environment and perform transactions anywhere, anytime in
a smart environment over the Global Secure Management
System (GSMS) with one twenty digit Unique Identification
(UID) number per citizen with an end to end security
through the IoT enabled intelligent systems [10]. The
scenario where UAISC is deployed in smart environment is
presented in Fig.1.
43

Fig. 1. UAISC in Smart Environment
In this scenario, the service requester who wishes to
access the services through the proposed system, registers at
Global Secure Management System (GSMS) with the
required credentials such as name, date of birth and mobile
number along with users’ mobile device credentials. The
Global Secure Management System (GSMS) verifies the
user information, generates Unique Identification (UID)
number, creates Biometric Templates for the users, places
them on the Smart Card along with the required information
and issues the Smart Card to the users. The service providers
who offer the services through the proposed system
registered themselves in the Global Secure Management
System (GSMS) through the website by sending their
credentials such as Service Identification (SID) Number and
Digital Certificate.
The user enters the service portal with User Adaptable
Intelligent Smart Card (UAISC). The Intelligent Smart
Reader (ISR) activates the Smart Card and performs mutual
authentication. Then the Intelligent Smart Reader (ISR) reads
the Unique Identification (UID) number from the UAISC
and sends the UID to the Global Secure Management System
(GSMS) for validation through Smart Gateway. If UID is
valid, user is authenticated with biometric match on card
process at Smart Gateway. The ‘success message’ of user
authentication is sent to the Security Gateway. When the user
is authenticated, Global Secure Management System
(GSMS) sends the verification code to the registered mobile
device followed by the welcome message. The user
activates the ‘Mobile App’ by entering the verification code.
When the ‘Mobile App’ is activated, list of registered
services are loaded on to the users’ mobile device. User can
choose the respective service and make the service request.
The service request is forwarded to the security gateway
through smart gateway and IPMPLS core. Security Gateway
verifies the credentials of the user and the service providers
and forwards the service request to the corresponding service
provider in cloud platform. Security Gateway receives the
service response from the service provider and sends the
service response to the user’s mobile device in a secure
manner followed by One Time Password (OTP) verification.
This process is applicable for all the services since the UIDs
of the registered users are linked with SIDs of the registered
44
service. In this way, one UID for all applications and
transactions will be realized with the proposed framework.
ECC based security mechanisms are incorporated in this
framework to ensure the integrity of the information stored
on the UAISC, privacy of the UAISC holders and
confidentiality and authentication of the UAISC.
B. ECC based Encryption and Decryption
An Elliptic Curve E is described as y2=x3+ax+b. The
highest degree of this equation is 3. In order to perform
higher order encryption and decryption the equation should
satisfy the standards proposed by NIST. In the proposed
model ECC encrypts the plain text (M) into ciphertext (C)
and vice versa by using the finite set of points in the Elliptic
Curve over GF(p). The finite fields are usually called Galois
Fields and denoted as GF(pn ). When n=1, we have GF(p)
field. This field can be the set Zp, {0,1,2,3,…p-1}.
The Elliptic Curve E: y2 = x3 + ax + b mod p is used to
generate points. The Elliptic Curve domain parameters are p,
a, b, G, N, h, r where ‘p’ is a prime number, ‘a’ and ‘b’ are
coefficients, ‘G’ is a generator point, ‘N’ is the cryptographic
prime factor, ‘h’ is the cofactor and ‘r’ is the random integer
less than ‘N’. According to NIST the prime p should be
greater than 2160. Hence the equation is y2 = x3 + ax + b mod
p (p>2160). For illustration, the finite field Elliptic Curve with
modulo 997 is chosen. The points on the Elliptic Curve are
generated by selecting an Elliptic Curve with modulo p
where p is assigned 997, ‘a’ is assigned (-3) which is very
much applicable and recommended by NIST for smart cards
and the resource constrained devices and ‘b’ is assigned ‘1’.
Hence, the equation for generating point is y2 = x3 +(-3)x+1
mod 997. The Elliptic Curve domain parameters over GF(p)
are validated and the chosen Elliptic Curve satisfies the
following conditions to ensure higher security:
• 4a3 + 27b2  0 (mod p)
• yG2= xG2 + axG + b (modp)
• ‘N’ is a prime number
• h”4
• NG=0
To generate the points on the defined elliptic curve, ‘x’
coordinate takes the value from 0 to (p-1) and ‘y’ is
calculated by introducing a variable ‘d’ which takes the
value from 0 to (p+1)/2. To simplify the notation ‘S’ is
chosen in the place of ‘y2’. Temporary variable ‘T’ is
introduced which is equivalent to d2 mod p. When ‘T’
becomes equivalent to S, ‘y’ value is generated as y1 = d and
y2 = p-d. If ‘T’ is not equivalent to S for particular value of
‘x’ then it is considered that it does not have any
corresponding ‘y’ coefficient. Hence there is no point on the
curve with the specified ‘x’. Then the ‘x’ value will be
incremented.
The above steps are stated as
S = x3 + ax + b mod p
T = d2 mod P
When T = S
y1 = d and y2 = p-d
 When T  S, d will be incremented up to (p+1)/2
The points on the curve is (x,y1), (x,y2). When the points
are generated for the defined Elliptic Curve, the generator
point ‘G’ and ‘N’ which is the next largest prime for ‘p’ are
chosen. For the defined Elliptic Curve the chosen N is 979
and the generator point is (17,427). When N is multiplied by
the point generator ‘G’ it produces zero and is capable of
reproducing all the points generated with the defined curve.
The generated points over the proposed Elliptic Curve (Ep
(a, b)) are given in Fig. 2.
From the generated points, eighty points are randomly
chosen for character assignment and those points are used to
carry out the message encryption and decryption. The sample
assignment is given in Table 1. Then plain text (M) is
encoded into a point P(M) from the finite set of points
generated in the elliptic curve Ep (a, b). When the points are
generated, selecting a generator point ‘G’ is the important
factor, where G ‫ א‬Ep (a, b). The generator point and the
Ep(a, b) will be made public. In the proposed model, the
generator point is (17, 427). Sender and Receiver can select a
private key (Pr) and calculate the public key Pu = Pr*G. The
simple method of ECC based encryption and decryption is
given below.
TABLE I. CHARACTER ASSIGNMENT TO THE ELLIPTIC
CURVE POINTS
To encrypt the message random integer ‘r’ is chosen. ‘r’
is multiplied with the generator point ‘G’ which is the first
point and then public key of the receiver is multiplied with
‘r’ and with the plain text which is the second point. Hence
the encrypted message CT is [(r.G), (M+r. Pu)]. To decrypt
the message, multiply the first point of the ciphertext pair
(r.G) with the private key (Pr). Add this result to the second
point of the ciphertext pair. Hence the decrypted message PT
is (M+r.Pu)-(Pr(r.G))=(M+r.PrG) - (Pr(r.G)).
To do this cryptography point addition, point doubling
and point multiplication are employed. To make encryption
and decryption more feasible both sender and the receiver
should know and agree upon the table defined with the
chosen Elliptic Curve. It is rather difficult for any attacker to
break or hack the information during transaction since it
adopts Elliptic Curve Cryptography. The example for
encryption and decryption using ECC is presented.
Pain text taken is “Q” = (4,433)
Y2 = X3-aX+b (mod 997)
45
Fig. 2. Generated Points
a = (-3), b=3, Y2 = (-3)3+1 (mod 997)
G = (17,427), r = Random Number = 7
Pr = Private Key = 11, Pu = Public Key = (706, 620)
Cipher Text (CT)
CT= (r*G), T+ r*(G.Pr)
= (542, 665), (960,832) = D, 2
Cipher text for ‘Q” is ‘D’, ‘2’
The reverse process is adopted to decrypt the plain
text.1st point of the cipher text is multiplied by the private
key i.e (‘a’ * ‘pr’). This answer will be added with the
inverse of the 2nd point. Hence, Plain Text (PT) is as
follows:
PT = b - (‘a’ * ‘pr’)
‘a’ * ‘pr’ = (542,665)*11 = (482,299)
b – (‘a’ * ‘pr’) = (960,832) – (482,299)
Adding the inverse we get
PT = (960,832) + (482,299) = (4,433) = ‘Q’
To do this cryptography point addition, point doubling
and point multiplication are employed. To make encryption
and decryption more feasible both sender and the receiver
should know and agree upon the table defined with the
chosen Elliptic Curve. It is rather difficult for any attacker to
break or hack the information during transaction since it
adopts Elliptic Curve Cryptography.
C. Mutual Authentication
To initiate any communication IoT enabled Smart Card
should be mutually authenticated with the Intelligent Smart
Reader (ISR) to ensure its identity and authenticity. This
process involves ECC based encryption and decryption and
digital signature creation and verification. This is depicted in
Fig.3. After mutual authentication, the authenticated
messages are transmitted in an encrypted form for effective
and secure communication. It prevents an adversary to
perform malicious activities and enhances confidentiality.
III. SECURITY ANALYSIS
The Security Framework for UAISC involves mutual
authentication and UAISC authentication. During mutual
authentication, the communicating devices UAISC and the
Card Reader authenticate mutually to ensure that the UAISC
is an authenticated one. Since the information stored on the
card encrypted and digitally signed using ECC privacy and
integrity are achieved.
 The values given in Table 2 and Fig. 4 prove that ECC
can provide same security level of RSA with shorter key
length and cost effectiveness. The advantage of ECC over
RSA is very obvious.
IV. CONCLUSION
The proposed Elliptic Curve Cryptography based
Security framework for IoT enabled smart card is a unique
one to avail any applications and any services anywhere,
anytime with an end to end security. Implementing this
security framework will help every citizen to have secure
access for any applications with one IoT enabled smart card
in a smart environment. This IoT enabled smart card can
connect people and enable secure automatic machine to
Fig. 3. Mutual Authentication machine communication. The message encryption and the
authentication ensure unique authentication, integrity,
confidentiality and privacy of the information and smart
A. Comparison of Public Key Cryptosystems card. The security analysis presented proves the efficiency of
The comparison of public key cryptosystems has been the Elliptic Curve Cryptography to be implemented for IoT
carried out with bouncy castle package. The performance of enabled Smart Card.
ECC depends on the efficient computation of scalar
multiplication. ECC can use small size key and offer the REFERENCES
same level of security as the other public key cryptographic [1] R.N.Akram and K.Markantonakis, “Smart Cards: State-of-the-Art to
algorithms do with large size keys. Table 2 presents the key Future Directions”, IEEE,pp. 154-162, 2013.
size ratio and cost ratio of ECC and RSA. Fig. 4 presents the [2] Gubbi, J., Buyya, R., Palaniswami, M., Marusic, S., “Internet of
Things (IoT): A Vision, Architectural Elements, and Future
results of the comparative study made between ECC and Directions”. Future Generation Computer Systems, Vol.29, pp. 1645-
RSA. 1660, 2013.
[3] Vermesan, O., Friess, P., “Internet of Things: Converging
TABLE II. KEY SIZE AND COST SIZE RATIO OF ECC AND RSA Technologies for Smart Environments and Integrated Ecosystems”.
River Publishers Series in Communications, Aalborg, 2013.
ECC Key RSA Key Key Size Cost
[4] Roman, R., Najera, P., Lopez, J., “Securing the Internet of Things”.
Size (bits) Size(bits) Ratio Ratio IEEE Computer, Vol.44, pp. 51-58, 2011,
160 1024 1:7 1:3 [5] K.Mayes and K. Markantonakis, “An Introduction to Smart Cards and
Rfids”, Secure Smart Embedded Devices, Platforms and
224 2048 1:10 1:6 Applications, pp. 3-25, Springer Science, 2014.
256 3072 1:12 1:10 [6] M.Amara and A.Siad, “Elliptic Curve Cryptography and its
Applications”, 7th International Workshop on Systems, Signal
384 7680 1:20 1:32 Processing and their Applications (WOSSPA), pp. 247-250, IEEE,
521 15360 1:30 1:64 2011.
[7] Moncef, A., Amar, S., “Elliptic Curve Cryptography and its
Applications”, Proceedings IEEE International Workshop on
Systems, Signal Processing and their Applications (WOSSPA), 9th-
11th May, Algeria. Pp. 247-250, 2011.
[8] Sandeep, S.K., “Elliptc Curve Cryptography for Constrained
Devices”, Ph.D Thesis, Ruhur University Bochum, 2006.
[9] Daisy Premila Bai T, Albert Rabara S, Vimal Jerald M, “An
Adaptable Secure Smart Card Architecture for Internet of Things and
Cloud Computing”, IJRET, Vol. 5, pp. 162-170, 2016.
[10] Daisy Premila Bai T, Albert Rabara S, “Design and Development of
Integrated, Secured and Intelligent Architecture for Internet of Things
and Cloud Computing”, International Conference on Future Internet
of Things and Cloud, IEEE Computer Society, pp. 817-822, IEEE,
Fig. 4. ECC Vs RSA Comparison 2015.

46

View publication stats