a comparative study of rsa and ecc and implementation of ecc on embedded systems

International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN: 2349-2763 Issue 03, Volume 3 (March 2016) www.ijirae.com

_________________________________________________________________________________________________ IJIRAE: Impact Factor Value – SJIF: Innospace, Morocco (2015): 3.361 | PIF: 2.469 | Jour Info: 4.085 |

Index Copernicus 2014 = 6.57 © 2014- 16, IJIRAE- All Rights Reserved Page -86

A Comparative Study of RSA and ECC and Implementation of ECC on Embedded Systems

Mashrufee Alam*

Department of Computer Science and Engineering, Jahangirnagar University, Savar, Dhaka, Bangladesh.

Israt Jahan Department of Computer Science and Engineering, Jahangirnagar University, Savar, Dhaka, Bangladesh.

Liton Jude Rozario Department of Computer Science and Engineering, Jahangirnagar University, Savar, Dhaka, Bangladesh.

Israt Jerin

Department of Computer Science and Engineering, Jahangirnagar University, Savar, Dhaka, Bangladesh

Abstract— A large share of embedded applications are wireless, which makes the communication channel especially vulnerable. The research in the field of ECC is mostly focused on its implementation on application specific systems, which have restricted resources like storage, processing speed and domain specific CPU architecture. The focus of this research is on the implementation of ECC in an embedded iOS application to compare the performance measures obtained in the wireless environment or embedded systems by using elliptic curve cryptography (ECC), with a traditional cryptosystem like RSA.

Keywords— ECC, RSA,iOS, Embedded Systems, Cryptography.

I. INTRODUCTION

With the emergence of ubiquitous computing, pervasive computing, and all the other interesting areas, which promise network and computer resource access everywhere, interesting developments can be witnessed. Small devices that fit in the palm of your hand are able to do complex operations for which super computers were needed an only a couple of decades ago. Using sensor networks to monitor facilities at companies allows for a constant supervision in order to reduce maintenance cost and predict faults well in advance. With these developments however, securing communications across the network becomes ever more important. However, due to the mobile aspect of many devices and also the computing resources available in for instance sensor nodes in a sensor network, this can be quite a challenge. Embedded chips don’t have the same computing resources available then say, a desktop computer. Battery life in mobile devices is again a limiting factor in what can be achieved. Cryptography in general is mathematically very intensive, and in order to allow such resource constrained devices to encrypt the data that is send over the network, special care has to be taken as to what form of cryptography one can use, and to optimize the algorithms used to limit the power consumption and computing cycles required.

Since the inception of elliptic curve cryptography (ECC) it has gained wide acceptance mostly due to its smaller key size and greater security. Cryptography in general is mathematically very intensive, and in order to allow resource constrained devices like embedded systems to encrypt the data that is send over the network, what form of cryptography one can use, and to optimize the algorithms used to limit the power consumption and computing cycles required. Even optimized implementations of asymmetric algorithms, e.g., elliptic curve cryptography (ECC), are orders of magnitude more expensive than established symmetric primitives. The establishment of RSA and later ECC has shown, asymmetric primitives need a thorough study of implementation aspects until they reveal their full potential. One factor that has been out of scope of scientific research on many of these alternative primitives is the efficiency with regard to implementation on embedded systems. Not only is it desirable to have alternatives ready for the case RSA and ECC might get broken. Some of the alternative schemes can also turn out to be more efficient than current schemes, possibly possessing better implementation properties than prevailing ones. Accordingly, the study of implementation aspects of alternative public key cryptosystems can influence the cost, performance, and security of future embedded security applications.

1) Overview of Functional Security Several functional security primitives have been proposed in the context of network security. These include various cryptographic algorithms used for encrypting and decrypting data, and for checking the integrity of data. Most cryptographic algorithms fall into one of three classes – symmetric ciphers, asymmetric ciphers and hashing algorithms [1]-[2].

Symmetric ciphers require the sender to use a secret key to encrypt data (the data being encrypted is often referred to as plaintext) and transmit the encrypted data (usually called the cipher text) to the receiver. On receiving the cipher text, the receiver then uses the same secret key to decrypt it and regenerate the plaintext. The cipher text should have the property that it is very hard for a third party to deduce the plaintext, without having access to the secret key. Thus, confidentiality or privacy of data is ensured during transmission. Examples of symmetric ciphers include DES, 3DES, AES, and RC4. Most symmetric ciphers are constructed from computationally lightweight operations such as permutations, substitutions, etc. Thus, they are well suited for securing bulk data transfers.




Hashing algorithms such as MD5 and SHA convert arbitrary messages into unique fixed-length values, thereby providing unique “thumbprints” for messages. Hash functions are often used to construct Message Authentication Codes (MACs), such as HMAC-SHA [15], which additionally incorporate a key to prevent adversaries who tamper with data from avoiding detection by re- computing hashes.

Asymmetric algorithms (also called public key algorithms), on the other hand, typically use a private (secret) key for decryption, and a related public (non- secret) key for encryption. Encryption requires only the public key, which is not sufficient for decryption. Digital signatures are also constructed using public key cryptography and hashes. Asymmetric algorithms (e.g., RSA, Diffie-Hellman, etc.) rely on the use of more computationally intensive mathematical functions such as modular exponentiation for encryption and decryption. Therefore, they are often used for security functions complementary to secure bulk data transfers such as exchanging symmetric cipher keys.

Security solutions to meet the various security requirements out- lined in the previous section typically rely on security mechanisms that use a combination of the aforementioned cryptographic primitives in a specific manner (i.e., security protocols). Various security technologies and mechanisms have been designed around these cryptographic algorithms in order to provide specific security services. Secure communication protocols (popularly called security protocols) provide ways of ensuring secure communication channels to and from the embedded system. IPSec [3] and SSL [4] are popular examples of security protocols, widely used for Virtual Private Networks (VPNs) and secure web transactions, respectively.

Digital certificates provide ways of associating identity with an entity, while biometric technologies [5] such as fingerprint recognition and voice recognition aid in end-user authentication. Digital signatures, which function as the electronic equivalent of handwritten signatures, can be used to authenticate the source of data as well as verify its identity.

Digital Rights Management (DRM) protocols such as OpenIPMP [6], MPEG [7],ISMA [8] and MOSES [9], provide secure frameworks intended to protect application content against unauthorized use.

Secure storage and secure execution require that the architecture of the system be tailored for security considerations. Simple examples include the use of bus application or a process [11], HW/SW techniques to preserve the privacy and integrity of data throughout the memory hierarchy [12], execution of encrypted code in processors to prevent bus probing [13]-[14] etc.

II. PRELIMINARIES

This section briefly discusses the fundamental arithmetic operations required for elliptic curve cryptography defined over prime field Fp . At the same time we will go though the brief of RSA and security in embedded systems.

A. Elliptic Curve Arithmetic The equation of elliptic curve is defined over Fp as

E : y2 = x3 +ax+b,

Where 4a3 +27b2 ¹0. . All operations on coefficients are performed by modulo p in Fp . Let E Fp( ) be the set of all rational points on the curve defined over Fp and it includes the point at infinity denoted by O. Let us consider two

rational points J = xJ , yJ( ), K = xK , y K( ), and their addition L = J +K, where L = xL , yL( )and J, K, L Î E FP( ). 1) Point addition: Point addition of two points J and K will result another point L on the same elliptic curve. For

Geometric visualization we can consider J, K, L Î E R( ).




Fig. 1 Geometric explanation of point addition on real number R

Here the tangent s is calculated as follows

S = yK - yJ

xK - xJ

(J ¹K And xK ¹ xJ )

Then, the x and y coordinates of L is calculated as follows,

xL, yL( ) = s2 - xJ - xK( ), x J-xL( )s- yJ( ), If s ¹0

xL, yL( ) = 0 if s =0 Considering point J such that yJ ¹0 Let L = 2J. Then

s = 3xJ2 +a

2yJ

xL, yL( ) = s2 -2xJ( ),-yJ + xJ - xL( )s( ), If s ¹0

S is the tangent at the point on EC and O it the additive unity in E Fp( ). When J =-K then J +K =O is called elliptic curve addition (ECA). If J =K then J +K = 2J , which is known as elliptic curve doubling (ECD).

Fig. 2Geometric explanation of point doubling on real numbers R




B. RSA encryption and decryption

RSA [3] algorithm is the widely used PKC which security depends on prime factorization problems. Its

operation involves four steps key generation, key distribution, encryption and decryption. The main idea is to find large positive integers e, d and n such that with modular exponentiation for all m is me( )d

mod n =m where encryption key e , decryption key d and n is a composite number which is a product of two large prime number. Here knowing e and n or even m it can be extremely difficult to find d .

1) Encryption:First at senders side message M is converted into an integer m where 0 m <n and gcd m,n( )=1 .

The cipher text c , is calculated by using receivers public key e as follows

c ºme modn Which is send to the receiver. 2) Decryption:At receiver’s end m is deciphered from c by using receiver’s private key d by computing

cd º me( )dºmmod n

3) Key Generation:RSA key generation algorithm is as follows

Input: p,q two large prime numbers Output: e, d 1. Select 2 large prime numbers of about the same size, p and q 2. Compute n = pq , and j n( )= q-1( ) p-1( ) 3. Select encryption key e, 1< e <j(n) , such that gcd(e,j(n))=1 4. Calculate d =e-1 modj n( )( ); i.e., d is the modular multiplicative inverse of e modj n( )( )

III. IMPLEMENTATION AND RESULTS There are various embedded systems now days. For our simulation we choose mobile platform from Apple. We

developed an iOS application, which can be run in iPad, iPhone or iPod. In which we have implemented the algorithms RSA, ECC to make comparison between them on different aspects.

A. Simulation environment

For our implementation we choose iOS platform and Objective-c and C as out base programming language. The

simulation environment is an iOS 64bit Simulator that consists of ARM64 bit processor and 1 gigabyte of primary memory. Apple Security Library is used for protocol implementations. Therefore the result also compares the library itself for different protocols of RSA and ECC. NIST recommended parameters be used for both RSA and ECC. In short,

For our Experiment we choose the following environment Mac OS X 10.11 iOS Simulator as our embedded device GCC 4.2.1 Compiler Objective – C as implementation Language iOS Security Library from Apple.

B. Screenshots from iOS Application

In the following Fig. 3, the input and output of the implementation of RSA in a iOS device is shown. Base64 Encoding is used here.




Fig. 3Input Output from RSA Algorithm.

In the following Fig. 4, the input and output of the implementation of ECC 128 bits in an iOS device is shown.

Fig. 4 Output from ECC using 128 bit.


Fig. 5 Output from ECC using 192bits.





Fig. 6 Output from ECC using 256bits.

In the following Fig. 7, The input and output of the implementation of ECC 384 bits in a iOS device is shown.

Fig. 7 Output from ECC using 385 bits.


C. Performance analysis and Simulation Results Performance of encryption algorithms, RSA, ECC is evaluated considering the following parameters 1. Key size in bits. 2. The time consumption signature generation and verification.




When it comes to ECC, the basic operation is point multiplication, which is known to be very expensive. Some efficient scalar multiplication algorithm over comes this. Meanwhile, RSA already has a known sub-exponential attack. So, the bits requirement for RSA generated key pair is supposed to rise much faster than that for ECC generated one. Also, for a similar level of security, the numbers involved in ECC are smaller as compared to RSA, as can be derived from the data displayed in table 1 to 4.

TABLE I - ECC AND COMPARABLE KEY SIZE (IN BITS).

RSA and ECC are compared for their performance taking in account the time factors in the table.

Table II KEY GENERATION PERFORMANCE.

KEY LENGTH (BITS) TIMES (S) RSA ECC RSA ECC 1024 163 0.16 0.08 2240 233 7.47 0.18 3072 283 9.80 0.27 7680 409 133.90 0.64

15360 571 679.06 1.44

Table III SIGNATURE GENERATION PERFORMANCE.


15360 571 9.20 3.07

Table IV SIGNATURE VERIFICATION PERFORMANCE.


15360 571 0.03 4.53

D. Result Analysis

From the above table we can find that RSA has roughly 10 times computational overheads than ECC. Systems

parameters and key pairs are shorter for ECC. ECC offers considerable bandwidth saving over RSA as for same level of security RSA requires much larger key size. Key generation is faster in ECC than RSA. Encryption is faster in ECC but decryption is slower than RSA. So we can say for iOS devices ECC will be more efficient in terms of security. An overview of all the comparisons can be summarized into the following TABLE V.

ECC KEY SIZE (bits)

RSA KEY SIZE (bits)

KEY SIZE RATIO (bits)

163 1024 1/6 256 3072 1/12 384 7680 1/20 512 15360 1/30




Table V ECC AND RSA AN OVERALL COMPARISON.

PARAMETERS ECC RSA Computational Overheads Roughly 10 times than that of RSA

can be saved More than ECC

Key Sizes System parameters and key pair are shorter for the ECC

System parameters and key pair are larger for the RSA

Bandwidth saving ECC offers considerable bandwidth saving over RSA

Much less bandwidth saving than ECC

Key generation Faster Slower Encryption Much faster than RSA At good speed but slower than ECC Decryption Slower than RSA Faster than ECC Small Devices Efficiency Much more efficient Less efficient than ECC

IV. CONCLUSION AND FUTURE WORK

The elliptic curve discrete logarithm problem makes ECC most efficient with smaller key size compared to RSA algorithm. It is mostly considered for resource-constrained devices. Our findings suggest that RSA key generation is significantly slower than ECC key generation in iOS. Considering there are affordable devices that can break RSA keys smaller than 1024 bits in a matter of days, the cost of key generation can be considered as a factor in the choice of public key systems to use when using digital signatures, especially for smaller devices with lesser computational resources. As our future work we would like to implement ECC in a real world scenario.

ACKNOWLEDGMENT

We gratefully acknowledge the support from Department of Computer Science & Engineering, Jahangirnagar University, Savar, Dhaka, Bangladesh. Without which the present study could not have been completed.

REFERENCES

[1] W. Diffie, M. E. Hellman, New directions in cryptography. IEEE Transactions on Information Theory, IT-22,

pp644654, November 1976. [2] N., Koblitz. Elliptic curve cryptography, Mathematics of Computation 48: 203-209. 1987. [3] R L Rivest, A Shamir, L Adleman, On Digital Signatures and Public Key Cryptosystems, Communications of the

ACM, vol 21 no 2, pp120-126, Feb 1978. [4] Nicholas Jansma, Brandon Arrendondo, Performance Comparison of Elliptic Curve and RSA Digital

Signatures,Communications of the ACM, vol 21 no 2, pp120-126, Feb 1978. [5] Dr.M.Gobi, R.Sridevi, R.Rahini priyadharshini, A Comparative Study on the Performance and the Security of RSA

and ECC Algorithm, National Conference on Advanced Networking and Applications, March 2015. [6] Miguel Salas, A Secure Framework for OTA Smart Device Ecosystems Using ECC Encryption and Biometrics ,

Advances in Security of Information and Communication Networks, Vol 381, pp204-218, 2013. [7] W. Stallings, Cryptography and Network Security: Principles and Practice, Prentice Hall, Sixth Edition, 1998. [8] B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C, Second Edition, John Wiley and

Sons, 1996. [9] Applied Cryptography: Protocols, Algorithms and Source Code in C, Second Edition, John Wiley and Sons, 1996. [10] Paul Reid, Biometrics and Network Security,Second Edition, Sixth Edition, Prentice, Hall PTR, 2003. [11] D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, M. Horowitz, Architectural support for

copy and tamper resistant software,Proc. ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp168 177, 2000.

[12] G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, S. Devadas, AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing, Proc. Intl Conf. Supercomputing (ICS 03), pp160171, June 2003. A. J. Menezes, P. C. van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, Florida, USA,Fifth Edition, 1997.

[13] Federal Information Processing Standards, National Bureau of Stan- dards, U.S. Department of Commerce, NIST FIPS PUB 46, Data En- cryption Standard, January 15, 1977.

[14] X. Lai, J. L. Massey, Markov Ciphers and Differential Cryptanalysis In D. W. Davies, editor, Advances in Cryptology, EUROCRYPT 91, vol.LNCS 547 no.91, pp1738, Berlin, Germany, 1991.

[15] U.S. Department of Commerce/National Institute of Standard and Technology, FIPS PUB 197, Specification for the Advanced.