Fujitsu Laboratories is in the news again, this time announcing a development in collaboration with the University of Tokyo and Toho University of authentication technology for Internet-of-Things (IoT) devices that reduces the time needed for authentication in the Transport Layer Security (TLS) cryptographic protocol by nearly 80%, compared to previous methods with the same security strength.
The TLS protocol, which is widely used in PCs and other devices, employs public key cryptography.
TLS requires a certain amount of processing capacity, so it had been difficult to apply to IoT devices, which, with their simplified structure, had taken a second or more for authentication. Now, by reducing the processing load of the core authenticated key exchange method, and by accelerating the arithmetic operation speed, the research team succeeded in developing authentication technology that could accommodate TLS.
Envisioning actual applications, the team performed field trials of the newly developed technology by connecting it to an energy management system for air conditioning equipment in the Green University of Tokyo Project (GUTP).
With this technology, IoT devices, which have lower processing capacity than PCs, can use communications technology with the same level of safety as that used by PCs. This enables the IoT to be used even in applications requiring security and privacy.
Details on this technology will be released at SCIS2016, the Symposium on Cryptography and Information Security, opening today in Kumamoto, Japan.
The goal of the IoT is to bring greater convenience and comfort to social infrastructure and people’s lives by connecting a wide variety of devices, such as sensors and home appliances, to the Internet to enable automated data collection and system controls without human intervention. In addition, because it is envisioned that it will handle private data on people’s lives, there is a need for technology that further raises the level of safety to protect against the risk of data leaks and unauthorised operation of devices.
With PCs and smartphones, the TLS cryptographic protocol, which employs public key cryptography, is widely used to prevent identity fraud, data theft, and tampering in communications. This is an important technology for enabling safe Internet communications, but because it requires a certain amount of processing capacity, IoT devices require a second or more to authenticate communications as they have lower processing capacity than PCs. In addition, a significant amount of electricity is consumed in communications. As a result, from a practical standpoint, it has been difficult to widely apply TLS to IoT devices across the board.
About the technology
In collaboration with the University of Tokyo and Toho University, Fujitsu Laboratories has developed TLS authentication using an ID-based authenticated key exchange method, which reduces authentication time to nearly one-fifth of previous methods.
The newly-developed authentication method is envisaged to be used in gateway devices, which have processing capabilities that are about half-way between small-scale sensors and PCs. The gateway devices, which communicate through the Internet, would be installed at the exit of a network that connects multiple small-scale sensors and non-Internet-connected devices.
The features of the technology include:
Reduces the processing load of the authenticated key exchange method in TLS
Under specific management, public key cryptography that uses a device’s assigned ID as a public key for cryptographic processing, called ID-based cryptography, obviates the need for certificates as the correctness of the ID is directly bound to that of the public key. Therefore, it is possible to eliminate the processing involved in certificate validation, transmission, and reception. To apply TLS, however, further reductions in the processing load were necessary.
In addition to limiting the implemented functions to the authentication and key exchange required for TLS and employing an authenticated key exchange scheme with fewer operations, the research team also created an efficient communications sequence by devising a scheme that sends ID notifications first.
This is the world’s first use of an efficient ID-based authenticated key exchange scheme in TLS.
Accelerates calculation processing
The research team found that many similar arithmetic operations are carried out multiple times during key exchange. To remedy this, they devised a method to execute them all at once, accelerating the speed of key exchange for ID-based cryptography.
In order to make it simple to deploy in systems using OpenSSL, which is widely used around the world, the research team implemented this newly developed technology as an extension of OpenSSL. In addition, they have incorporated it into communications software using the IEEE 1888 protocol, which is a communications standard for smart cities.
The IEEE 1888 communication software incorporating the newly developed technology was installed on gateway devices and servers at the University of Tokyo and Toho University, and field trials were performed through the Internet from November to December.
Envisioning actual applications, in these trials the team connected the new technology to an energy management system for air conditioning equipment in the GUTP.
In the joint development, Fujitsu Laboratories primarily took responsibility for the design and implementation of the authentication method; the University of Tokyo handled the application of the IEEE 1888 communication software and building the experimental environment; and Toho University focused on improvements to the TEPLA cryptography implementation.
Compared to previous methods with the same security strength, the new technology reduced the time required for TLS authentication by nearly 80%, enabling TLS authentication time of several hundred milliseconds, even by IoT devices with relatively low processing capacity. As a result, even when IoT devices communicate, data leaks or unauthorized operation of devices can be prevented, enabling the IoT’s scope of use to be expanded to applications requiring security and privacy.