Authors: Nazrul M. Ahmad, Asrul H. Yaacob, Ridza Fauzi, Alireza Khorram

Abstract:

Elliptic curve-based certificateless signature is slowly gaining attention due to its ability to retain the efficiency of identity-based signature to eliminate the need of certificate management while it does not suffer from inherent private key escrow problem. Generally, cryptosystem based on elliptic curve offers equivalent security strength at smaller key sizes compared to conventional cryptosystem such as RSA which results in faster computations and efficient use of computing power, bandwidth, and storage. This paper proposes to implement certificateless signature based on bilinear pairing to structure the framework of IKE authentication. In this paper, we perform a comparative analysis of certificateless signature scheme with a well-known RSA scheme and also present the experimental results in the context of signing and verification execution times. By generalizing our observations, we discuss the different trade-offs involved in implementing IKE authentication by using certificateless signature.

Keywords: Certificateless signature, IPSec, RSA signature, IKE authentication.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1332764

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1758

References:

[1] Certicom Research: Standards for efficient cryptography - SEC1: Elliptic curve cryptography (2000)
[2] Certicom Research: Standards for efficient cryptography - SEC2: Recommended elliptic curve domain parameters (2000)
[3] Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644-654 (1976)
[4] Eastlake 3rd, D.: Domain name system security extensions (1999)
[5] Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal Of Cryptology 23(2), 224 - 280 (2010)
[6] Fu, D., Solinas, J.: IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 4754 (Proposed Standard) (2007)
[7] Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409 (Proposed Standard) (1998). Obsoleted by RFC 4306, updated by RFC 4109
[8] Jancic, A., M.J.Warren: PKI - advantages and obstacles. In: 2nd Australian Information Security Management Conference (2004)
[9] Lifeng, G., Lei, H., Yong, L.: A practical certificateless signature scheme. Internation Symposium on Data, Privacy, and E-Commerce pp. 248-253 (2007)
[10] Lynn, B.: The pairing-based cryptography (PBC) library. http://crypto.stanford.edu/pbc/
[11] Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639 - 1646 (1993)
[12] Peyravian, M., Roginsky, A., Zunic, N.: Non-PKI methods for public key distribution. Computers & Security 23(2), 97 - 103 (2004)
[13] Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120-126 (1978)
[14] Smetters, D.K., Durfee, G.: Domain-Based Authentication of Identity- Based Cryptosystems for Secure Email and IPsec. In: 12th Usenix Security Symposium. Washington, D.C. (2003)
[15] Terada, R., Denise, H.G.: A certificateless signature scheme based in bilinear pairing functions. In: symposium on Cryptography and Information Security (2007)
[16] The OpenSSL Project: Openssl. http://www.openssl.org
[17] Vixie, P., Gudmundsson, O., 3rd, D., Wellington, B.: Secret key transaction authentication for DNS (TSIG) (2000)
[18] Wang, C., Huang, H., Tang, Y.: An efficient certificateless signature from pairings. Internation Symposium on Data, Privacy, and E-Commerce pp. 236-238 (2007)