It is essential to provide authentication and integrity services for emerging Internet of Things (IoT) systems that include resource-constrained devices. Due to their computational efficiency, symmetric key primitives (e.g., message authentication codes) are usually preferred for such systems. On the other hand, these primitives might not be scalable for large and ubiquitous systems, and they also do not offer public verifiability and non-repudiation properties, which are essential for some IoT applications [1], [2], [3]. For instance, in financial IoT applications and implantable medical devices, digital forensics (e.g., legal cases) need non-repudiation and public verifiability [2], [3], [4]. Moreover, such systems may include many devices that require scalability.
Digital signatures rely on public key infrastructure and achieve a scalable authentication with non-repudiation and public verifiability. Therefore, they are an ideal authentication tool for security and safety critical IoT applications. On the other hand, most of the compact digital signatures (e.g., elliptic curve (EC) based signatures) require costly operations such as elliptical curve scalar multiplication and addition during signature generation. It has been shown [5], [6], [7], and further demonstrated by our experiments that, these operations can be energy costly, and therefore, can negatively impact the battery life of highly resource-limited embedded devices. For instance, as one of the many potential applications, embodiments herein can refer to a resource-limited sensor (e.g., a medical device [1]) that frequently generates and digitally signs sensitive data (medical readings), which are verified by a resourceful cloud service provider.
There are two main lines of work to offer authentication for embedded medical devices: symmetric key primitives (e.g., MACs) and public key primitives (e.g., digital signatures).
One-time signatures (e.g., [6], [26], [27]) offer high computational efficiency, but usually have very large key and signature sizes that hinder their adoption in implantable medical devices. Moreover, they can only sign a pre-defined number of messages with a key pair, which introduce key renewal overhead. The extensions of hash-based one-time signatures to multiple-time signatures (e.g., SPHINCS [28] have extreme signing overhead, and therefore are not suitable for medical implantables. Some MAC based alternatives (e.g., TESLA [29], [30]) use time asymmetries to offer computational efficiency and compactness, they cannot offer non-repudiation and requires a continuous time synchronization. Elliptical Curve-based digital signatures (e.g., [11], [25], [31], [32], [33]) are currently the most prevalent alternatives to be used on embedded devices due to their compact key/signature sizes and a better signing efficiency compared to other standard signatures (e.g., RSA, multiple-time signatures).
There is a critical need for lightweight signatures that can meet the computation, memory and battery limitations of these IoT applications.