An Enhanced Elliptic Curve Cryptography for
Biometric
Ohood S. Althobaiti1, Prof.Dr. Hatim A. Aboalsamh 2
Computer Science Department, King Saud University
Riyadh, Saudi Arabia
[email protected]
2
[email protected]
Abstract— Cryptography is one of the important sciences in the
current era. The importance of cryptography comes from the
intensive digital transactions which we daily perform on the
internet and other communication channels. In this paper, we
will discuss the relationship between cryptography and
mathematics in the context of Elliptic Curve (EC). ECs are
mathematical NP-hard problems, which are proofed to be
intractable in term of complexity. Cryptography has efficiently
utilized the strength EC in developing several cryptosystems such
as key agreement protocols, digital signatures and others. Elliptic
Curve Cryptography (ECC) usage with smaller key to give high
security and high speed in a low bandwidth. ECC is considered
as the best method for upcoming applications. This paper
presents the idea of biometric signature - a new method to
combine biometrics with public key infrastructure (PKI), the
security can be increased using the ECC in biometric signature
creation, because the private and public keys are produced
without saving and sending any secret information anywhere.
Keywords— Elliptic Curve (EC), Elliptic Curve Cryptography
(ECC), Security, cryptographic algorithms, Public Key
Cryptography, Biometrics.
I. INTRODUCTION
Cryptography is the fundamental component for any
computer security application used to provide cryptographic
services for secure communication over public and unsecured
channels. Cryptography focuses on issues of securing
messages so that only the relevant parties can read the
message [1]. The main purpose of cryptography is to encode
the data (plaintext) to unreadable form (ciphertext) and vice
versa. Transforming a message to an incomprehensive form is
accomplished by a process known as encryption. In contrast,
transforming an encrypted message to its original form is
accomplished by a process known as decryption.
The use of cryptography was important through the
centuries, in which cryptographic applications were used for
civilian usage (companies, individuals, etc.), or even were
used in military operations as in World War I (e.g. cipher
wheels or marks on papers) and World War II (e.g. Purple
machine and Enigma) [2][3]. Cryptography is generally
designed to provide confidentiality, authentication, integrity
and accessibility services [2]. Confidentiality service is used
to ensure that messages are accessible only to authorized
recipients. Authentication is normally used to authenticate the
identity of the connected parties. Preventing eavesdroppers
from changing the content of the messages sent from source to
destination is basically a service provided by the integrity
service. Lastly, accessibility is designed to only allow
authorized parties to use the available information resources.
In modern times, cryptographic systems (cryptosystems)
have been used extensively in our daily communications to
provide us with high level of security. In practice,
cryptography is applied in numerous applications such as:
internet communication, wireless communication (mobile
phones) and banking transactions [4]. The development of the
cryptographic tools and systems has played an important role
in re-shaping the communication style in a significant manner.
Fig. 1 sheds light on the main components of a conventional
cryptosystem model to understand the environment that
cryptographers are dealing with its.
Almost all the products and standards that benefit from
public-key cryptography apply the Rivest, Shamir, and
Adleman (RSA) public-key encryption algorithm. The length
of bit for safe RSA use has grown through latest years, and
this has set an extreme processing load on applications that are
applying RSA. This load has results, mainly for e-commerce
sites that perform great numbers of safe transactions. Lately, a
rival system has started to challenge RSA: Elliptic Curve
Cryptography (ECC) [5].
In this paper, we are interested to study the usage of Elliptic
Curves in cryptography. The study will show why Elliptic
Curves are important in the field of Cryptography. In addition,
we will explore several cryptographic primitives, which are
based on Elliptic Curves. Furthermore, we propose a new
method applying biometric signatures, founded on the ECC.
The electronic transaction security can be increased using the
ECC in biometric signature creation, because the private and
public keys are produced without saving and sending any
secret information anywhere. The remainder of this paper will
be organized as follows. In section II, we first provide a brief
overview on the Cryptography and study of the principles of
public key cryptography. In section III, we will discuss the
mathematics behind NP-hard Problem. In section IV, we will
discuss the Elliptic Curve Discrete Logarithm Problem
(ECDLP). In section V, we present the advantages of ECC
over RSA. The applications of Elliptic Curves in cryptography
are described in section VI. The proposed model will be
presented in section VII .There will be a review of recent ECC
applications on the market in section VIII. The findings and
discussions will be presented in section IX. Finally,
concluding remarks are given in section X.
K*
Symmetric key encryption algorithm (secret key algorithm)
though easy and simple to implement, has observable
shortcomings [2], some of which are recorded here:
X*
Cryptanalyst




Sender
X
Encryptio
n
Y
Decryption
X
Receive
r
K
Secure Channel
Key
Source
Fig. 1 Model of conventional cryptosystem [6].
II. BACKGROUND
Cryptography has been in usage for centuries now, and the
first ciphers were used substitution, and messages were
encoded and decoded by hand. However, these schemes
fulfilled just the essential requirement of confidentiality. In
more recent times, with the discovery of processing machines,
more robust algorithms were needed, as the simple ciphers
were easy to decode by these machines. Secure data
communication became a necessary in the 20th century and a
lot of research was done in this area by government agencies,
during and following the world-wars. The most well-known
machine of this time, Enigma was an electro-mechanical
device which was exploited by the German Army [2].
A. Symmetric Algorithms
The symmetric algorithms assumed that both
communicating parties shared secret information, which was
unique to them, similar to the older One Time Pads. Using this
secret information, also called a key, the sender encrypted the
message, and the recipient was able to decrypt. Imagine Alice
needs to transmit a message m to Bob, and suppose that Alice
and Bob have previously shared a key k. Alice encrypts m by
the secret key k to obtain the cipher text.
C1(k,m) = E2k(m).
The communicating parties must agree upon a secret
key.
The need for a new key for every correspondence.
Origin or receipt Authenticity cannot be confirmed
since the key is shared.
The symmetric keys management becomes difficult.
B. Public Key cryptography
The Public Key cryptography (PKC) concept was first
pioneered by Diffie and Hellman in 1976, in their influential
article, New Directions in Cryptography. This article also
tackled the key exchange issue, founded on the intractability
of the discrete logarithm problem. In a public key
cryptography, each party has a pair of keys, one distributed in
public, known as the public key, and the other is saved in a
secure place, known as a private key (secret key). Public key
cryptography depends on the trapdoor function, that makes
decryption achievable provided the knowledge of the secret
key corresponding to the public key. Bearing in mind a case
like the one explained within the symmetric keys case,
whereby Alice needs to send a message m to Bob. The
following steps will achieve the task:
1) Alice passes Bob’s public key B4 and the message m to
a suitable encryption algorithm to form the encoded message.
C(∑ ,m) = E∑B (m).
B
2) The encrypted message was sent by Alice to Bob.
3) Bob decrypts the encoded message received by him,
via his private key ΔB 5 and the suitable decryption algorithm.
DΔB (C(∑ ,m) ) = DΔB (E∑B (m)) = m.
B
(1)
(2)
1
denotes the cipher text relating to message m and key k
denotes the Encryption function
3
denotes the Decryption function
2
(4)
Bob ensures that the data he received is not tampered with
or leaked, as only his private key can decrypt the data.
Likewise, Bob can transmit data to Alice using her public key
A. The PKC scheme also fulfills the Non-Repudiation and
Authenticity by utilizing inventive approaches such as Digital
Signatures [7]. The PKC system is shown in Fig. 2.
Bob decrypts this message using his copy of the secret key
k, and obtains the original message m.
D3k (C(k,m)) = Dk(Ek(m)) = m.
(3)
4
5
∑x denotes the public key of party x
∆T denotes the private key of party T
of the obstacles that enabled Elliptic Curve Cryptography
(ECC) to break the domination of RSA on asymmetric key
cryptosystems. In other words, what makes ECC attractive
compared to RSA is that it appears to offer equal security for a
smaller key size, thereby minimizing the processing overhead
[8][9].
The security of ECC is primarily based on the hardness
provided by the Elliptic Curve Discrete Logarithm Problem
(ECDLP). The first introduction of ECDLP started in 1985 by
Koblitz [15] and Vector Miller [16] independently. The new
proposed cryptosystem was known as Elliptic Curve
Cryptosystem, whose security depends on ECDLP over the
points on Elliptic curves. The ECDLP is defined as follows:
Definition (ECDLP): Given the points P and Q on elliptic
curve E defined over a finite field with q (large prime number)
elements Fq, find the integer k such that Q = kP.
Fig. 2 PKC encryption.
III. NON-DETERMINISTIC POLYNOMIAL TIME HARD
PROBLEM
NP-hard problems are complex mathematical problems
with no algorithm to solve them in polynomial time is exist.
NP-hard problems are well known in the field of cryptography
since they proved to provide cryptosystems with high security.
The use of NP-hard problems was efficient in different
symmetric key cryptosystems, key exchange protocols, digital
signature algorithms, and many others.
There are two distinguish classes of algorithms. The first
class is the polynomial time algorithms class which includes
algorithms with time complexity function expressed in terms
of a polynomial. The second class includes algorithms with
time complexity function not bounded by complexity O(nk )
for some k, and we refer to it by exponential algorithms class
[10]. From the other perspective, one can also classify
problems based on how difficult they are to be solved. The
problems are classified as P, NP, NP-complete and NP-hard
problems [10]. In this section we focus on NP-hard problems
due to its importance in this paper.
Definition (NP-Hard): For a given problem A, the problem
A is NP-hard problem if a polynomial-time algorithm for
solving A would imply a polynomial-time algorithm to solve
any other NP-problem.
If there is a polynomial time solution to any NP-hard
problem, then because of polynomial time translatability for all
other NP-problems, there must be a polynomial time solution
to all NP-problems. Therefore, no one knows a polynomial
time solution to any NP-hard problem; the best known
solutions are exponentially explosive. Hence, NP-hard
problems are generally referred to as computationally
intractable.
IV. ELLIPTIC CURVE DISCRETE LOGARITHM
PROBLEM (ECDLP)
Over recent years, RSA was the primary cryptosystem for
performing asymmetric encryption processes and generating
digital signatures. The key length requirement of RSA was one
Multiplying P by an integer k means that we add the point
to itself k times. An example of point multiplication is shown
in Fig. 3, which describes the multiplication of integer k = 2
by the point P = (2, 2.65) in a process also known as point
doubling. The result of doubling the point P is a new point R
= 2P on the same curve 𝑦 2 = 𝑥 3 − 3𝑥 + 5.
Fig. 3 The geometry of point doubling on Elliptic Curve.
There are several cryptographic applications that have used
ECDLP in their implementation. One important example is the
announcement by the National Security Agency (NSA)
regarding Suite B at the RSA conference in 2005 [11], which
exclusively uses ECC for digital signature and key exchange
schemes. Other cryptographic schemes relying on ECDLP in
their design are: the Elliptic Curve Diffie-Hellman key
agreement (ECDH) protocol, the Elliptic Curve Digital
Signature Algorithm (ECDSA), and Elliptic Curve MenezesQu-Vanstone (ECMQV) authentication protocol for key
agreement. Intensive research and applications show that the
elliptic curve cryptography has a promising future due to the
provided high level of security with smaller key size, resulting
in higher performance in some cryptographic primitives.
V. ADVANTAGES OVER RSA
A. Security
The major benefit ECC has over RSA is that the essential
operation in ECC is point addition that is known to be
computationally very costly. This is one of the motives why it
is not likely that a sub-exponential attack on ECC will be
found out in the near future, although ECC has a few attacks
on a few specific curve classes. These curves can be easily
evaded. Conversely, RSA already has a known sub-exponential
attack that operates generally. Consequently, to maintain the
same security degree, considering increasing computing
power, the bits number needed in the RSA generated key pair
will increase much faster than in the ECC generated key pair
[2], as seen in Table 1.
TABLE 1
COMPARISON BETWEEN STRENGTH OF RSA AND ECC [2].
Time to break
(in MIPS- years)
104
108
1011
1020
1078
RSA key – size
(in bits)
512
768
1024
2048
21000
ECC key – size
(in bits)
106
132
160
210
600
From Fig. 4, we see that to accomplish acceptable security,
RSA should use 1024-bit moduli, while a 160-bit modulus
should be enough for ECC. Furthermore, the security gap
between the systems enlarges dramatically as the moduli sizes
increases. Such as, 300-bit ECC is dramatically more secure
than 2048-bit RSA.
Most attacks on ECC are founded on attacks on analogous
discrete logarithm problems, but these work out to be much
slower because of the additional complexity of point addition.
Moreover, methods to evade each of the attacks have already
been designed [13].
B. Space Requirements
Because of increasing computation needed for higher bit
encryption, more transistors are needed onboard the smart card
to achieve the operation. This causes a growth in the area
employed for processor. By ECC, the transistors number can
be cut back on since the numbers involved are much smaller
than an RSA with as similar-level security. Furthermore, the
bandwidth requirements for RSA and ECC is the same when
the messages to be signed are long, but ECC is faster when the
messages are short [2]. This is more pertinent, because PKC is
employed to send generally short messages, such as session
ids.
C. Efficiency
Both methods can be made faster – in RSA system, by
utilizing smaller public exponent, although this holds a larger
security risk and in ECC, some results of the calculation can be
stored in advance. Certicom, a Canadian company, has been
analyzing and upgrading the ECC system since the early ’80s.
Some of their results of fast implementations of ECC
compared to RSA system are presented in Table 2 [2].
TABLE 2
COMPARISON OF RSA AND ECC
Function
Key Generation
Sign
Verify
ECC 163 – bit
(in ms)
3.8
2.1(ECNRA)
3.0(ECDSA)
9.9(ECNRA)
10.7(ECDSA)
RSA 1024 – bit
(in ms)
4708.3
228.4
12.7
VI. THE APPLICATIONS OF ECDLP IN CRYPTOGRAPHY
In this section we will explore some of the well-known
algorithms which rely on elliptic curves in their security. The
applications are vary from key-exchange, digital signatures and
authentication protocols.
Fig. 4 Security Levels Comparison [12].
A. EC Diffie-Hellman Key Agreement Protocol
The Diffie-Hellman key agreement protocol is one of the
most important protocols in the field of key exchange. Say
Alice and Bob want to agree on a secret key over public
channel. Both of Alice and Bob will make some computation
in a fixed cyclic group G with an agreed generator g. These
computations are based on ECDLP. The security strengths of
Diffie- Hellman lie behind the fact that Diffie-Hellman is
based on NP-hard problem which cannot be broken,
mathematically. The general form of Diffie-Hellman protocol
is described as follows:
1) Alice chooses random 𝑎 ∈ 𝐺, and sends 𝑔𝑎 to Bob.
2) Bob chooses a random 𝑏 ∈ 𝐺, and sends 𝑔𝑏 to Alice.
3) The agreed key is 𝑔𝑎𝑏 for both Alice and Bob.
However, it is preferred that the order of G to be prime in
order to prevent Pohlig- Hellman attack [14]. In the ECDLPbased Diffie-Hellman, both of a and b are two points, a and b
are multiplied, a new point z will be generated on the curve E.
Therefore, given z and 𝑔𝑎𝑏 , it is impossible to find a and b.
B. EC Menezes-Qu-Vanstone Authentication Protocol
Menezes-Qu-Vanstone (MQV) is an authentication
protocol for key exchange based on Diffie-Hellman scheme.
MQV is designed to provide protection against active
attackers. Since the first release of MQV, the protocol has been
modified to work in finite group, where it is particularly known
as Elliptic Cave MQV (ECMQV). One important feature in
ECMQV is that the key authentication and establishment can
be obtained in one calculation. The general form of ECMQV is
described in the following series of steps:
Alice
1- Alice posses a key pair
(A,a) where A and a are the
public key and private key
of Alice, respectively.
Bob
1-Bob posses a key pair (B, b)
where B and b are the public
key and private key of Bob,
respectively.
2- Generate a session key pair
(X, x) such that x is a
random integer value and
X= x x p is a point in curve
E.
2- Generate a session key pair
(Y, y) such that y is a random
integer value and Y=y x p is a
point in curve E.
3- Alice sends X to Bob.
A biometric signature is created via methods of producing a
private key (secret key) from a biometric and utilizing this
private key to form a digital signature [18]. Digital Signatures
are designed to provide communication with important security
features such as authentication and verification. The recipient
can utilize the digital signature to verify the sender's identity
[17]. Digital signature needs a PKI, in which each entity has a
pair of public and private keys. Biometric signatures have the
benefits of both biometrics and PKI, in addition to some
benefits, for example, there is not a necessity to store the
private key or the biometric template. This biometric template
should be extremely accurate to generate the same private key
always.
These days, the extensively exploited biometric approaches
are iris scans and fingerprint. On the other hand, in the last
years, the vein recognition development causes it become a
promise alternative. As stated by a great amount of test
outcomes described in literatures, it surpasses the iris scans and
fingerprints in the features of high reliability and security. For
instance, fingerprint is an extensively exploited approach, but
the need to touch the sensor is considered unhealthy. For
another instance, iris recognition is a high accuracy selection,
but price of the scanner may possibly be intolerable in a
number of situations. Additionally, a number of obstacle
substances, for example, hairs and glasses may make the
deformations in image acquisition. The vein recognition
benefits are as the following.
1) The vein image acquisition is touch-less (there is no
need to contact the sensor) and the public health problem is
reduced.
2) No obstacles are included and therefore the vein
recognition quality is acceptable
3-Bob sends Y to Alice.
4- Compute SA = (x + x’a)
mod n.
4-Compute SB=(y+ y’b) mod n.
5- Alice has the shared key K.
5-Bob has the shared key K.
However, ECMQV is considered secure against
cryptanalysis attacks since it is based on NP-hard problem.
Therefore, ECMQV protocol is considered secure protocol for
key sharing.
VII.
THE PROPOSED MODEL
Biometrics is one of the widespread exploited approaches
for the question of who you are. Biometric based systems are
employed in a person identification and authentication by
handling her/his biometric data. A biometric identifier is
formed via iris scan, fingerprint, vein patterns, hand geometry,
voice patterns or DNA. Then a person’s biometric data is saved
within a database. In biometric based system, persons should
firstly register in the system. A procedure in which an input
device gathers their biometric data and a master template is
formed from this data and saved. At this point, in every
identification case, the biometric data is gathered from the
person and then a new template will be formed. After that this
template will be compared against the master template and
using a matching rate threshold the system makes a decision to
allow or refuse the received identity [18].
3) Vein recognition is the live body identification, as hand
shape and fingerprint recognition may possibly be not.
4) Vein is hard to forge and is an internal attribute. As a
result of this and the live body identification, high security of
vein recognition is conserved [19].
In addition, it is confirmed that the vein recognition can be
used in several applications, for example, bank ATM
(Automatic Teller Machine) systems, identification of driver,
surveillance, etc. Hence, the vein recognition seems to be a
good choice for the Biometric signatures.
In this section, the elliptic curve digital signature algorithm
(ECDSA) using biometric private keys is explained. The
elliptic curve digital signature algorithm is divided into three
main stages as follows:
Stage 1: Key Generation
Stage 2: Generation of Signature
Stage 3: Verification
In stage 1, we select a large prime number P and elliptic
curve Ep. After that, select a base point G on Ep. Finally,
Generation of secret key d as a follow: α = vein template, d=
Hash (α), then d becomes a number less than n (where n is the
curve order and Hash () is a cryptographic hash function) then
calculate PA= d x G (where PA is a public key). The
parameters EP, G and n are publicized. On the other hand, in
stage 2, we choose an integer k∈[1, n-1], then calculate R=
(XR, YR) = k x G. Finally, the signature on a given message M
is stored in (r, s), where r = XR mod n and s = k -1 {h(m) + d.r}
mod n.
In the final stage (stage 3), we check if r and s belongs to
[1, n-1] and then calculate w=s-1mod n and h(m). After that,
we calculate u1 = h(m).w mod n and u2 = r.w mod n. Next, we
calculate R’= (X’R, Y’R)= u1 x G+ u2 x PA. Finally, we check
if r = X’R mod n, then the signature is valid.
The main benefit of combination of ECC and biometric is
that no need to save biometric templates or private keys
anywhere that can solve PKI’s key management problem. The
other benefit is that the ECDSA keys are smaller than RSA
keys and with equal security that can enhance communication
performance.
Fig. 5 The combination of biometrics and PKI.
VIII.
APPLICATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY
While the ECC was presented by Koblitz and Vector Miller
in 1985, there were lots of doubts about its security. After
approximately a decade of deep search and analysis, ECC has
produced greatly secure and efficient. Currently, a lot of
manufactured goods traders have incorporated ECC in their
produces. Doubt yet remains among a number of supporters of
conventional cryptographic schemes, However, they are
beginning to turn out to be more adopting of this modern way
(ECC). RSA Inc., for instance, has expressed interest about
the ECC security since its presentation. Lately, RSA has
studied on effective ECC, and it has included ECC into a
number of its produces. A significant thing for this promising
tendency is the ECDSA incorporation in a number of
governments and main research institution security standards,
involving ANSI X9.63, IEEE P1363 and ISO 11770-3. An
additional issue is the ECC usage by a Canadian-based
Certicom Corporation. Certicom is a corporation which
concentrates on security of information in all wireless
networks and mobile devices. Over time, Certicom has issued
many articles in ECC encouragement and additionally has
implemented ECC in all its manufactured goods. Its
achievement triggered a lot of corporations to gaze at the ECC
advantages. At the present, ECC is turning out to be the main
cryptographic system in all wireless networks and mobile
devices [4].
Below is a review of recent ECC applications in the market
these days.
A. Web Security
The Secure Socket Layer (SSL) and the Transport Layer
Security (TLS) which is much connected to SSL are
considered the protocols, which are dominating the provision
of security in the internet [20]. Nevertheless, the usage of
these protocols creates a considerable performance burden on
the web servers. In the website of Sun Microsystems [21], it
has been shown that the usage of ECC-224 over RSA-2048,
highly improved the server performance. The Sun
Microsystems is famous of being one of the great promoters
of ECC and active in issues like standardizing the ECC in
Internet security protocols.
The experiment conducted by Vipul Gupta and et al. [22]
shows that the substitution of RSA with ECC decreases the
server's processing time for new SSL connections across the
entire range of page size for seven times less.
The Secure Electronic Transaction (SET) is developed by
Visa and MasterCard as a result of high demand of security of
transactions on the internet [4]. The specification of SET
allows shopping in the Internet using credit cards with high
security. The Advanced Secure Electronic Payment (ASEP)
protocol was developed by Byung Kwan Lee [4], which uses
ECC for online transactions security. Strangio and Me [23]
proposed the EC-PAY e-Cheque Payment Scheme, which
utilizes the ECC primitives for the transactions of local
payment that are distributed in a PKI infrastructure in a
wireless environment or a mobile devices.
B. Personal Computers
The ECC is considered as relevant for equipments with
fewer resources. Nevertheless, ECC based software which is
providing security on personal computers is built by some
companies, aimed to mainly protect data and encrypt mails.
For example, the Data Protection Platform of GuardianEdge
Technologies Company supports ECC. The Encryption
Software Inc. developed the Top Secret Messenger software.
The messages of most famous instant messengers, such as
MSN and ICQ are encrypted by this software. It is also
possible to be used with email clients like Microsoft Outlook
and Outlook Express for email messages encryption. This
software applies private key as well as public key
cryptosystems, containing a 307-bit key to implement the
ECC.
C. Hand-held and other small devices
master key exchange via ECC. ECC based Threshold
Cryptography (ECC-TC) is implemented by Ertaul et al. [4].
they proposed three efficient ECC encryption algorithms, make
an advancement in the capability of utilizing these algorithms
in different scenarios in a MANET. They have also proposed a
new secret sharing alternative that make limitation in
communication overheads for transmitting multiple secrets
simultaneously.
ECC is minimizing the power consumption and
cryptographically is considered very strong. Therefore, it is a
low-cost PKC resolution intended for security services, like
authentication and key-distribution needed for Wireless Sensor
Network. In [28][29], many optimized arithmetic algorithms
and hardware applications, which highly increasing the speed
of ECC schemes have been presented. Also the reduction in
time of processing produces a great lower power consumption
of ECC schemes [4]. This makes the asymmetric cryptography
idea in the field of Ubiquitous Sensor Networks (USANs),
with all its usage for authentication and key-distribution, a
stage nearer to reality. An algorithm based on 1's complement
D. Identification devices for example RFIDs and smart cards
subtraction to present scalar multiplication is proposed by
RFID (Radio Frequency Identification) tags are tiny Huang et al [4]. This algorithm offers less Hamming weight
devices used for identification and tracking in many and improves to high extend the computational efficiency of
applications, e.g. tracking patients in hospitals, tracking cattles, scalar multiplication.
An authentication technique that uses ECC along with the
and e-tolling in motorways. RFID has gained popularity as an
emerging technology to prevent counterfeiting problems. An Time of arrival (TOA) positioning scheme is suggested by V.
ECC based RFIED Authentication Protocol for secure, mutual Vijayalakshmi et al. [30]. The technique was performed to
solve the problem of insecurity in sensor networks. This
offline authentication has been proposed by Ahmed et al. [4].
ECC is suitable for smart cards, because they have performance of this technique is compared with RSA and
exceptionally severe constrains on processing power, Mean Power with Rivest-Shamir-Adelman (MPRSA). The
results have shown that ECC is suitable for secure localization
parameter storage and code space. Basically, smart cards are
in sensor networks.
used for signing and decryption operation wherever ECC is
Mobile networks are distributed in an untrustworthy
highly satisfactory, because it fast and needs small amount of environment with open mobility, this let them to be insecure.
computing power. Smart cards that utilize ECDSA have been For this reason, they are open targets to attacks. An efficient
produced by many manufacturing companies. The flexibility protocol using ECC is proposed by Rajeswari et al. [4], this
of smart cards let them be usable in many situations like credit protocol is developed to establish a secure communication
and debits cards in banks, e-tickets and personal identification between the base station and mobile nodes.
or registration card. Woodbury et al. [26] show the usage of
IX. FINDINGS AND DISCUSSIONS
ECC on smart cards without coprocessors. In their work, it has
been shown that scalar multiplication on a fixed point of an
In the sections above, we have seen that ECC is faster, and
EC can be done in less than two seconds on 8051 uses less memory space than a rival RSA. This denotes that it
microcontroller. An authentication protocol based on ECDSA is appropriate for constrained environments, particularly in
for smarts card is proposed by Chatterji and Gupta [25].
smart cards, where fast operations are required. Though the
industry has been extremely slow in accepting the new
E. Wireless networks
technique, RSA Security in a paper on their website has
The secure path find in the decentralized Mobile Ad-hoc implicitly agreed that ECC is the way to the future. The
Networks must:
difference in the key-sizes between RSA and ECC will grow
exponentially to maintain the same relative strength as
 satisfy the needs of preclude of DoS attacks on compared to the average computing power obtainable. The one
thing working against ECC is that although elliptic curves have
data traffic.
been a well-researched area, albeit an esoteric and extremely
 be adaptive and tolerant.
vast one 6, its cryptographic applications have been perceived
 have high speed and low power overhead.
only lately. This is the only advantage that RSA has over ECC.
As a general perception, the complexity and slowness of RSA has been well-researched and has been the topic of
PKC let it to be considered as not suitable for ad-hoc networks. several determining theses. Actually, the cryptographic usage
In contrast to this common opinion, ECC is implemented for a
resource constrained systems such as MANETs. In [27],
implementing the Antnet routing protocol, the mutual 6
”It is possible to write endlessly on elliptic curves. (This is not a threat.)”–
authentication between sender and receiver is performed by
Ubiquitous computing is often wireless, mobile and
networked which engages many computational devices and
systems concurrently, such as cell phones, home appliances,
PDAs, and scientific and medical instruments. Such kind of
devices have very restricted computational resources,
therefore are ideal selections for the ECC use. M-commerce
employing PDAs or mobile phones, needs very high level of
security. The security of m-commerce relies on the underlying
PKC functions to provide integrity, authentication, encryption
and non-repudiation. PDAs are considered computationally
more powerful than other mobile devices (for example pagers
and cell phone). Therefore, they are considered more common
alternative for implementing public key cryptosystems. In [24],
various ways of ECC and PDAs implementations have been
studies. The steady increase of security requirements forced to
an increased key size which represents a big problem for small
devices. In such circumstances, ECC for sure would be the
best choice.
Serge Lang.
for elliptic curves was only found out in the process of
discovering new attacks on the RSA system.
[14]
X. CONCLUSION
In this paper we have conducted a study on EC-based
primitives in the field of cryptography. We have seen that
several important cryptographic primitives have been
designed based on elliptic curve discrete logarithm problem
(ECDLP). ECDLP was, mathematically, proofed to be
“intractable” since no algorithm can solve it in a polynomial
time. From the performance perspective, EC is found efficient
since it can provide higher level of security with smaller key
size compared to other cryptosystems. Furthermore, we
propose a new approach using biometric signatures, based on
the ECC. The electronic transaction security can be increased
using the ECC in biometric signature creation, because the
public and private keys are produced without saving and
sending any secret information anywhere. ECC is the most
appropriate PKC scheme for usage in a constrained
environment. Its efficiency and security make it a desirable
substitute to traditional cryptosystems, such as RSA, not only
in constrained environments, but as well on powerful devices.
[15]
ACKNOWLEDGEMENT
The authors gratefully thank King Saud University for
supporting this study.
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
R. Ali, "Elliptic Curve Cryptography a new way for encryption". In
Inter-national Sysmpoium on Biometrics and Security Technologies,
ISBAST 2008 , pp. 1-5, 23-24 April 2008.
V. Kapoor, V. Abraham and R. Singh “Elliptic Curve Cryptography”,
ACM Ubiquity, Vol. 9, No. 20 , pp. 1-3 , May 20–26, 2008.
J. Hoffstein, J. Pipher, and J. H. Silverman, An Introduction to
Mathematical Cryptography. Springer Verlag, 2008.
V. Katiyar, K. Dutta, S. Gupta," A Survey on Elliptic Curve
Cryptography for Pervasive Computing Environment", International
Journal of Computer Applications, INDIA,pp.41–46, 2010.
M. A. Aydin and G. Z. Aydin ," A Survey Of Elliptic Curve
Cryptography " , vol.6, No.2, pp.211-121. 2006.
W. Stalling, Cryptography and network security: principles and
practice, 3rd ed., New Jersey: Prentice Hall, 2003.
Z. Peng and J. Fang ," Comparing and Implementation of Public Key
Cryptography Algorithms on Smart Card " , Computer Application and
System Modeling (ICCASM) , Taiyuan , pp. 508 -510. 22-24 Oct.
2010 .
M. Prabu, R. Shanmugalakshmi," A Study of Elliptic Curve
Cryptography and Its Application" , ACM New York, India, pp.425427, 2010.
M. Prabu, R. Shanmugalakshmi, "A Comparative and Overview
Analysis of Elliptic Curve Cryptography over Finite Fields" , IEEE ,
India,pp.495-499, 2009.
H. Eiselt and C. Sandblom, Linear Programming and its Applications.
Berlin: Springer.2007.
(2008) National Security Agency. NSA Suite B Cryptography. [Online]
Available : http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
D. Jena, S. Panigrahy, S. Jena, " A novel and efficient cryptosystem
for long message encryption," Industrial and Information Systems
(ICIIS) , pp. 7–9, 2009.
H. Pietiläinen, “Elliptic Curve Cryptography on Smart Cards,” M.Sc.,
Helsinki Univ. of Technology, 2000.
[28]
[29]
[30]
B. Tsaban. "Fast Generators for the Diffie-Hellman Key Agreement
Protocol and Malicious Standards". Information Processing Letters , pp.
145-148,2006.
N. Koblitz,. "Elliptic Curve Cryptosystems. Mathematics of
Computation" , pp. 203-209. 1987.
V. Miller, "Use of Elliptic Curves in Cryptography". In Proc. Advances
in Cryptology - CRYPTO '85. Springer.1985.
T. Chen, "A Threshold Signature Scheme Based on the Elliptic Curve
Cryptosystem". Applied Mathematics and Computation , pp.11191134.2005.
S. Mohammadi and S. Abedi, “ECC-Based Biometric Signature: A
New Approach in Electronic Banking Security” International
Symposium on Electronic Commerce and Security, IEEE, 2008.
H. Luo, F. Yu, J. Pan, S. Chu and P. Tsai ," A Survey of Vein
Recognition Techniques ", Information Technology Journal ,vol.9 ,
pp.1142-1149, 2010.
V. Gupta, S. Gupta, S. Chang and D. Stebila, “Performance Analysis of
Elliptic Curve Cryptography for SSL”, WiSe‟02, September 28, 2009.
(2011) Sun Microsystems Inc., “Speeding up Secure Web Transactions
Using Elliptic Curve Cryptography”, [Online] .available:
http://research.sun.com/projects/crypto
V. Gupta, D. Stebila, and S.C. Shantz, “Integrating Elliptic Curve
Cryptography into the Web‟s Security Infrastructure” WWW2004,
May 17–22, 2004 .
G. Me and M. A. Strangio, in Proc. International Conference on
Information Technology and Applications (ICITA‟05), IEEE, 2005.
A. Dabholkar and K. yow “Efficient Implementation of Elliptic Curve
Cryptography (ECC) for Personal Digital Assistants (PDAs)” Wireless
Personal Communications 29, pp. 233–246.2004.
K. Chatterjee and D. Gupta, “Secure access of smart cards using
Elliptic Curve Cryptosystems”, IEEE, 2009.
A. Woodbury, D. Bailey and C. Paar, “Elliptic Curve Cryptography on
smart cards without coprocessors”, in proc. The Fourth Smart Card
Research and Advanced Applications (CARDIS 2000), September
2000.
V. Vijayalakshmi and T.G. Palanivelu, “Secure Antnet Routing
Algorithm for Scalable Adhoc Networks Using Elliptic Curve
Cryptography” Journal of Computer Science, Vol. 3, No. 12, pp. 939943. 2007.
L. Uhsadel, A. Poschmann, and C. Paar "An Efficient General Purpose
Elliptic Curve Cryptography Module for Ubiquitous Sensor Networks"
2006.
L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede
“Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks”
L. Buttyan, V. Gligor, and D. Westhoff (Eds.): ESAS 2006, LNCS
4357, pp. 6–17, 2006.
V. Vijayalakshmi, and T.G. Palanivelu, "Secure Localization Using
Elliptic Curve Cryptography in Wireless Sensor Networks", IJCSNS
International Journal of Computer Science and Network Security,
Vol.8 No.6, pp.1-7, June 2008.