Modified Public Key Cryptosystem for the Internet of Things Applications to Improve Security and Processing Speed

Modified Public Key Cryptosystem for the Internet of Things Applications to Improve Security and Processing Speed

Omar SaptiGuma'a^a, Prof. Qasim Mohammed Hussein^b, Omar SadeqSalman^c ,and Prof.

Ziyad Tariq Mustafa Al-Ta'i^a

aDiyala University, College of Science, Diyala, Iraq

bTikrit University, College of Petroleum & Minerals Engineering, Salah Adin, Iraq Engineer in Islamic Education , Sunni endowment dewan Baghdad. Iraq

c

Abstract

Internet of things (IoT) deals with massive collected data. Most of these data are personality information that needs to be protected from hacking and unauthorized access. In other hand, these massive data needs processing speed. To meet these requirements, this paper provides modifications on NTRU public key cryptosystem to prevent LLL algorithm from recover the plain text from known cipher text.The method is based on a specific swapping process in the encryption process to thwart it.

In addition to use suggest a method that can generatedynamic sequences of keys in a parallel manner that use to encrypt the data in IoT environment applications.

Keywords: IoT, NTRU algorithm, data security, Lattice, LLL algorithm, parallel processing.

1.

The massive confidentially data of personality information in the IoT application need a secure of them. To secure sensitive data, we need to use suitable and powerful encryption techniques. Many techniques are proposed, each one has its pros andcons[1].The IoT devices are constrained devices (processing, storage, and the bandwidth)[2]. Different threats and attacks may cause serious -disasters to the network system without the essential security protection for IoT application data. Therefore, any cryptosystem used with IoT should take into account the capabilities of IoT devices. There are many algorithms that are suitable to use with IoT. One of them is NTRU public-key cryptosystem[3].

NTRU is a fast public key cryptosystem that does not require high computational cost for encryption and decryption compared to several other cryptosystems. Its strong points are short key size, and speed of encryption and decryption in comparison with RSA or ECC. NTRU is based on using a basic arithmetic operations whose complexity is O(N²) in worst case[4].In order to avoidLenstra–Lenstra–

Lovász (LLL) lattice basis reduction algorithm that can be used to attack NTRU under certain conditions to discoverthe plaintext by depending on both the public key and the cipher text, therefore we needs to modifications on NTRU cryptosystem [5].This paper adds modifications to NTRU to avoid attacking by LLL algorithm, as well as to encrypt many of blocks simultaneously with independent keys it suggests generating a dynamicsequence of keys in a parallel manner used in the encryption and decryption process to increase the speed of implementation that needs for the IoT environment.

2.

The cryptosystem that are used with the Internet of Things must take many considerations, such as, the time required to encrypt, the amount of space required for storage. Therefore, many researchers interested to present cryptosystem take into account these considerations. Lattice-based cryptography is a new variant of post quantum cryptography which considered as suitable to use with IoTdevices[6]. Xuanxia et al. In [7] work, a lightweight no-pairing ECC-based ABE(Elliptic Curve Cryptography - Attribute-Based Encryption) scheme is proposed for the resources-constraint Unit IoT based applications to address secure communication and cipher-text access control. By taking the lightweight advantages of ECC and the primitive syntax of KP-ABE (where KP is Key Policy), both lightweight and ABE are achieved in the proposed scheme. The comparison analyses on the existing KP-ABE schemes and CP-ABE (where CP is Ciphertext Policy) schemes are made to indicate that the

proposed scheme is a lightweight one, which does not only have low communication overhead but also have low computational overhead.MingyuanXin [8] proposed a mixed encryption algorithm combines AES and ECC for IoT information security. Hybrid cipher algorithm in asymmetric cryptography and symmetric cryptography in one, with high security and fast speed, small storage space, more suitable for Internet of things some limited environment in such. But the application of the Internet of things is still in the exploration stage.Chaudhary et al. [6] presented a survey on various techniques related to LB-PKC for the IoT environment. The traditional cryptographic techniques and algorithms are not efficient to handle the security challenges in the IoT environment because they are not resilient to quantum attacks. Therefore, to address some of the deficiencies of traditional cryptographic techniques, LB-PKC has been proposed to provide protection against quantum attacks.

Kavitha et al. [9] proposed a hybrid cryptographic algorithm that secures the sensitive medicinal information in IoT health care system, whichincludes the combination of AES_HC and DH_HC. The performance analysis shows that the proposed key generation algorithm reduced computation time which provides faster execution significantly.Omar Sapti et al. [10] proposed modifications on the NTRU cryptosystem algorithm to ensure that the attack by using Lenstra– Lenstra–Lovász (LLL) algorithm can be thwarted by adding a new parameter with a variable value. The implementation results showed that this modification gives NTRU resistance against the attack of LLL algorithm.

3.

Don Coppersmith and Adi Shamir in 1997 was presented method that can be used to attack NTRU under certain conditions in order to discover the plaintext by exploiting the public key and the ciphertext[11].The NTRU-Lattice is the lattice spanned by the basis

Where h is the public key and c is the cipher text.The length of the shortest vector is approximately det(L)^ ¹

2N =√q(q is the large modulus to which each coefficient is reduced)[12]. Further, it is very likely that this vector is a shortest vectors, since its norm is √2. df − 1 + 2. dg < √q(df coefficients equal to +1 in the polynomial f, and dg coefficients equal to +1 in the polynomial g) in the cases recommended by the NTRUEncrypt. So, by reducing the basis with the LLL algorithm, the probabilityis high to find the message(plaintext). An example below showed that.

Example 1.

This example illustratesused LLL algorithm to discover plaintext by the public key and the ciphertext.When the input parameters are (N=7, p=3, q=32) and f= -1 + x¹ + x⁴ + x⁵ - x⁶and g = x¹ - x² - x⁴ + x⁶therefore, the public key is h= 15 + 19x + 24x² + 26x³ + 5x⁴ + 23x⁵ + 16x⁶,

If the message that should be encrypted ism= -1 + x – x² + x³ – x⁵ + x⁶, and the polynomial r= 1 + x – x² – x⁴, then the ciphertext will be

c= 13 + 14x + 4x² + 16x³+ 24x⁴ + 14x⁵ + 11x⁶.

To show how LLL algorithm used to attack NTRU must apply lattice basis reduction algorithm (LLL) to the public key, h and the cipher text, cthat get in the section (3) above leads to a reduced basis like the following:

0 0 I N

c q. I N

h

L=

- 1

- 1

- 1

- 1

- 1

- 1

-

1 0 0 0 0 0 0 0 0 -

1 -

1 1 0 1 0 0 -

1 1 -

1 1 0 -

1 1 1 1 0 -

2 1 0 -

1 0 1 2 1 -

4 0 -

2 2 - 1 2 1 -

3 1 0 - 2

- 1

-

2 2 - 2

-

1 0 1 2 - 1 -

1 0 3 0 -

2 1 2 0 -

3 0 0 3 0 0 0 0 2 -

1 0 0 1 -

1 1 2 - 2

- 1

-

3 1 2 - 1 0 -

3 0 2 - 1

-

2 1 3 0 0 -

3 0 0 0 0 1 -

1 0 2 -

2 0 3 1 2 1 -

1 0 - 2

- 1

- 1 -

1 1 2 1 1 0 -

1 1 4 - 2

-

2 0 1 - 2

- 2 -

2 - 1

- 1

-

2 3 -

1 1 0 -

2 0 1 2 1 - 2

- 2 0 -

1 3 - 2

- 1

-

2 2 0 0 1 - 1

- 1

-

2 3 - 3 3 2 0 -

3 1 -

3 1 3 1 0 1 0 - 3

- 2 0 -

3 1 3 2 0 -

3 1 - 3

-

2 3 1 0 1 0 0 -

2 1 1 -

2 1 -

1 2 1 2 0 - 4

-

1 1 1 2 1 0 -

1 2 -

2 0 0 8 3 3 5 5 3 5 2 Table 2.The LLL algorithm outputs

Therefore, we searching for a row vector in the above array whose (7) first rows that must contain the sequence {-1,0,1} only. This holds for the first and second rows. By trying the next (7) entries, the second row vector contains the sequence of {-1,0,1} equal to the plaintext (-1 1 -1 1 0 -1 1).

Therefore, the LLL algorithm succeeds to break the original NTRU.

4.

In this section, a modifications on NTRU algorithm is introduced toavoid attacking by LLL algorithm, and to increase the execution speedof this algorithm for the applications that needs it. Therefore, the proposed method includes two parts. The first includes the proposed method to prevent the attack by LLL algorithm on NTRU. The second includesgeneratinga dynamic sequence of keys in a parallel manner. The details of this proposal as the following:

4.1 Part one (To avoid LLL algorithm attack):

This part includes three steps: key generation, encryption and decryption. The details as follows:

4.1.1Key Generation:

The proposed method keys are started by choose two polynomials f and g and keep them private, and then find the inverse of f modulo q and the inverse of f modulo p, respectively(f * fq = 1 ( modulo q ), and f * fp = 1 ( modulo p )where * is the cyclic convolution product of two polynomials in R). The system have three parameters areN, p and q (N all polynomial in ring have degree N-1, p the small modulus and q the large modulus). Finally, the public key must compute as follows:

h = p .fq * g ( modulo q ).

L'=

Where ∑^𝑁−1_𝑖=0 𝑔_𝑘−𝑖 +∑^𝑁−1_𝑖=0 𝑓_𝑖𝑔_{𝑁+𝑘−𝑖}

An algorithm below illustrate how public key generation in proposed algorithm.

Input: N, p, q, two polynomials (f and g) Output: new public key (h)

1: Inverse Poly Fq(f , fq, N, q) 2: Inverse Poly Fp(f; fp, N, p) 3: polyMultiply(Fq, g, h, N, q) 4: for i = 0 to N – 1 do

5: if h[i] < 0 then

6: h[i] = h[i] + q // Make all coefficients in h positive.

7: end if

8: h[i] = h[i] . p mod q 9: end for

Algorithm 1.Public key Generation 4.1.2 Encryption:

Assume there is a message m, must concert to the polynomial form whose coefficients are modulo p, and then randomly choose a polynomial r to obscure the message.

To apply the parallel processing,the message, m must divide into blocks according to the number of processors (NP) and then performingthe message encryption for each processor:

e = r * h + m ( modulo q ).

Finally, to avoid LLL algorithm attack, must do swapping between values of encrypted message, e according to RNG function to determine the first and the second locations to swap values.

Input : N, q, Public Key h, message m, random polynomial r, SR[i], x1, x2, and M.

Output : The encrypted message, e.

1: PolyMultiplay ( r , h , e, N, q) 2: for i = 0 to N - 1 do

3: e[i] = e[i] + m[i] mod q 4: location1=RNG()

5: location2=RNG() 6: for i = 0 to 2 do

7: location1 = ( location1 + i ) mod N 8: location2 = ( location2 + i ) mod N 9: temp = e[location1]

10: e[location1] = e[location2]

1

1 : e[location2] = temp 2

1 : end for

Algorithm 2. Encryption process 4.1.3 Decryption:

The first step is dividing the cipher text into blocks according to the number of processors, and then returns the values of cipher textinto the original locations for each processor by using the same seed of random number generator that used in encryption process to get the same values for the first and second locations, then as follows:

▪ Compute a = f * e (mod q), must choose coefficients of a to lie between -q/2 and q/2, e.g. for q=32, coefficients must lie in [-15, 16].

▪ Find b = a (mod p), must choose coefficients of b between -p/2 and p/2, for p=3, the range is [-1,1].

▪ Find m = fp * b (mod p), must choose coefficients of c between -p/2 and p/2, for p=3, the range is [-1,1].

The details of this process illustrated in the algorithm 3.

Input : N, q, p, x1,x2, secret key f, SR, inverse of polynomial Fp, and encryptedmessage e.

Output : The original message, d.

1: location1=RNG() // Random number for the same seed in encryption process 2: location2=RNG()

3: for i = 0 to 2 do

4: location1 = ( location1 + i ) mod N 5: location2 = ( location2 + i ) mod N 6: temp = e[location1]

7: e[location1] = e[location2]

8: e[location2] = temp 9: end for

10: polyMultiply(f, e, a, N, q) 11: for i = 0 to N – 1 do 12: if a[i] < 0 then

13: a[i] = a[i] + q // Make all coefficients positive 14: end if

15: if a[i] > q=2 then

16: a[i] = a[i] – q //Shift coefficients of a into range (-q/2; q/2) 17: end if

18: end for

19: polyMultiply(a, Fp, d, N, p)

•

Algorithm 3. Decryption process

4.2 Part Two (To generate a dynamic sequence of keys):

To encrypt the information, we needs long keys, the proposed method provides way to get this keys as follows:Firstly, each processor computes the first public key by do swapping between values of key that generated in a previous processor and then each processor computing sequential keys, which should be independent and completely different from other processors. The details of second part illustrated in the below algorithm:

Input: the polynomials (f and g), N, p, q, NP(number of processors), m(the message) Output: cipher text

1: k = msg length / NP // data block size for each processor 2: Compute h by using algorithm 1

3: Distributing h for each processor

4: repeat // For each processor 5: Generating two random numbers(n1,n2) // modulo N 6: For i = 0 to 2 do

7: n1= (n1+i) mod N 8: n2 = (n2+i) mod N 9: Temp = h[n1]

10: h[n1] = h[n2]

11: h[n2] = Temp 12:end for

13: g = (h mod p) -1

14: compute new h // by algorithm 1 15: Encryption with N size // by algorithm 2 16: Until(encryption all msg)

Algorithm 4. Generating dynamic sequence of keys

Certainly, the seed that are used for generating a random numbers in the encryption process should be the same for decryption process.

5.

This section firstly discusses the lattice attack on the ciphertext and then implementation analysis for the proposed methodto show the enhancement of the proposed method upon the original NTRU. The same example (example 1) will used in this section. The first step is computing the public key, h = p . fq * g ( modulo q ):

h = 13 + 25x + 24x² + 14x³ + 25x⁴ + 19x⁵ + 16x⁶

To encrypt the message, m= -1 + x – x² + x³ – x⁵ + x⁶, the user must random choose“blinding” the polynomial r= 1 + x – x² – x⁴

Finally, the encrypted message will be:

c= 7 + 10x + 20x² + 16x³ + 24x⁴ + 10x⁵ + x⁶.

To illustrate how the proposed method bypass the lattice-based attack should apply a Lenstra–

Lenstra–Lovász lattice basis reduction algorithm (LLL) to this public key, h and the encrypted message, c leads to a reduced basis like the following:

- 1

-

1 0 0 3 - 1

- 1

- 4

-

1 1 - 2

-

3 2 - 1 0 -

1 - 1

-

4 1 1 4 0 - 2

-

2 2 - 1

-

1 1 3 0 0 0 3 -

1 - 1

- 1

-

1 1 - 2

-

3 2 - 1

- 4

- 1 0 2 -

2 -

2 2 -

3 3 -

3 0 -

1 0 -

2 0 -

2 1 1 2 -

3 - 2

-

2 1 0 1 0 0 0 1 -

2 2 - 1 1 -

1 - 1

- 1

-

1 0 0 3 2 - 1

- 4

-

1 1 - 2

- 3 0 -

3 1 1 1 1 0 0 3 -

2 1 4 1 -

1 2 0 -

1 1 0 0 0 - 1

-

1 0 2 2 -

2 2 - 3

- 1 2 0 0 1 -

1 -

4 0 - 1

- 2

- 1

-

1 3 0 0 1 3 0 0 2 0 -

2 0 0 3 4 0 2 -

2 0 1 - 1 0 -

3 0 0 -

1 0 -

1 2 -

2 0 - 1

-

2 2 1 - 1 -

2 -

1 3 0 2 0 -

1 0 - 1

- 2

- 2

-

1 1 - 3 2 -

1 3 -

1 0 -

1 1 1 1 -

1 2 - 3

-

1 2 0 2 0 -

2 -

2 2 2 -

1 3 2 2 -

1 0 1 1 3 1 -

1 1 -

2 2 -

1 0 - 4

-

3 1 - 4

- 2

-

2 1 1 0 Table 3.The LLL algorithm outputs

In the table 3. don't found any row vector as the form of the sequences {-1,0,1} only, this means the proposed methodsucceeds to avoid the lattice-based attack on the ciphertext by using the LLL algorithm while, the original NTRU cannot.

From another view, about the implementation analysis, when available the parallel processing the execution time will reduce. The proposed algorithm will divide the tasksand data as a block according to the number of available processors, as well asreducing the requirementcomputational cost.

In addition, each block of data (with N degree) will encrypt with independent public key that completely different from other blocks, this give strength to the encryption process because used the same public key for all data will generating iteration in the blocks of the cipher text, which may be exploited in the attack.The next example illustrates there is no relationship between the generated keys for this proposed method:

Example 2:

This example shows the work of an algorithm 4. Assume we have two available processors. The first step is computing the public key byan algorithm 1:

h = 8 25 22 20 12 24 15 19 12 19 16

The first processor should generate two random numbers by random number generators (modulo N), for example these numbers are (3,8) then swapping two or three values or according the agreed between sender and receiver, where number (3) is the first location and (8) is last location, in this example selects do swapping between three sequence values started from first location (3) with other three sequence values started from second location (8) therefore, the public key will be as follows:

h = 8 25 22 12 19 16 15 19 20 12 24

To compute the polynomial g by the above public key must use the formula:

𝑔 = (ℎ 𝑚𝑜𝑑 𝑝) − 1 … (1) The new public key (for first processor ps1) will be:

hps1 = 28 23 11 3 6 31 14 23 12 2 1

Also the second processor generating two random numbers to swap process, for example these numbers (2,9). By doing the same steps that do it in the first processor to compute the public key for the second processor (ps2):

hps2 = 29 25 12 9 21 22 5 24 4 14 1

From the above public keys we noted there is no any relationship between the keys for each processor.

Conclusion

NTRU cryptosystem is a fast compared to cryptosystems used with the IoT environment, but it suffers from being attacked by the LLL algorithm. The proposed method adds modifications to NTRU by swap process between the public key values in order to be secure against this attack, as well as to perform modifications in order to generate a dynamic sequence of keys in a parallel manner to increase processing speed. The proposed method succeeded to avoid the attack by the LLL algorithm and succeeded to give speed and strength to encryption process by used different keys for each block (with N degree).

References

[1] Nada Qasim Mohammed,Qasim Mohammed Hussein, Ahmed M. Sana, Layth A. Khalil, A Hybrid Approach to Design Key Generator of Cryptosystem, Journal of Computational and Theoretical Nanoscience, Volume 16, Number 3, March 2019, pp. 971-977(7).

[2] Paul Zachary Fremantle, An Approach to Enhancing Security and Privacy of the Internet of Things with Federated Identity, PhD thesis, University of Portsmouth, 2017.

[3] J. Hoffstein, J. Pipher, and J. H. Silverman. NTRU: A Ring Based Public Key Cryptosystem in Algorithmic Number Theory, Lecture Notes in Computer Science 1423, Springer-Verlag, pages 267–288, (1998).

[4] Qasim Mohammed Hussein, Recover the NTRU Private Keys from Known Public Information and Public Key, PhD thesis, Tikrit university,2009, P 60.

[5] ArjenKlaasLenstra, Hendrik Willem Lenstra, and La'szlo' Lova'sz.Factoring polynomials with rational coefficients.MathematischeAnnalen, 261(4):515- 534, 1982.

[6] R. Chaudhary, G. S. Aujla, N. Kumar and S. Zeadally, "Lattice-Based Public Key Cryptosystem for Internet of Things Environment: Challenges and Solutions," in IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4897-4909, June 2019.

[7] XuanxiaYaoa, Zhi Chena, and Ye Tian, " A lightweight attribute-based encryption scheme for the Internet of Things", Future Generation Computer Systems 49 (2015) 104–112.

[8] M. Xin, "A Mixed Encryption Algorithm Used in Internet of Things Security Transmission System," 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Xi'an, 2015, pp. 62-65.

[9] Kavitha.S, P.J.A.Alphonse, "A Hybrid Cryptosystem to Enhance Security in IoT Health Care System", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.9, No.1, pp. 1-10, 2019.

[10] Omar SaptiGuma'aa, Qasim Mohammed Husseinb, Ziyad Tariq Mustafa, Q-NTRU Cryptosystem for IoT Applications, Journal of Southwest Jiaotong University, 54 (4), pp. 1-12, 2019.

[11] Abdul Monem S. Rahma&Qasim Mohammed Hussein, A New Attack on NTRU Public Key Cryptosystem Depend on Using Public Key and Public Information, Eng. & Tech. Journal, Vol.28, No.6, 2010.

[12] Jingguo Bi and Qi Cheng. Lower bounds of shortest vector lengths in random NTRU lattices.In Theory and Applications of Models of Computation, pages 143{155.Springer, 2012.