CERTIFICATE AUTHORITY SCHEMES USING ELLIPTIC CURVE CRYPTOGRAPHY, RSA AND THEIR VARIANTS-SIMULATION USING NS2

A PKI (public key infrastructure) enables users of a basically unsecure public network to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. The two major digital signature algorithms are Elliptic Curve Digital Signature Algorithm (ECDSA) which is the elliptic curve analogue of the Digital Signature Algorithm (DSA) and RSA algorithm. The two algorithms are used for generating the certificates exchanged between computer systems. Elliptic curve based systems can give better security compared to RSA with less key size. This study compares the performance of ECC based signature schemes and RSA schemes using NS2 simulation. It is observed that ECC based certificate authority schemes gives better speed and security. Elliptic curve based schemes are the best for time and resource constrained wireless applications.


INTRODUCTION
The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet and other applications for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography (Dou et al., 2012).
In public key cryptography, a public and private key are created simultaneously using the Same Algorithm (RSA) by a Certificate Authority (CA). The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the network. The private key is used to decrypt the text that has been encrypted with the public key by someone else (who can find out the public key from a public directory). In addition to encrypting messages (which ensures privacy), a user can authenticate himself by using the private key to encrypt a digital certificate. A digital signature is a cryptographically secure method of establishing with a high degree of certainty that the person who electronically signs a message can be verified as the signer with the same confidence as that provided by a witness to a handwritten signature. A digital signature is similar to the Message Authentication Code (MAC) used with symmetric (secret) key systems. The signature is a cryptographic checksum computed as a function of a message and the user's private key. Because public-key systems tend to be slow, digital signatures are often used to sign a condensed version of a message, called a message digest, rather than the message itself. A message digest can be readily generated by a hashing function. Figure 1 illustrates a generalized signature generation and verification process. The two users must agree to use the same hash function and have access to each other's public key.

AJAS
It may also be useful to be able to encrypt the message. If that is the case, a digital signature is used to exchange a secret key with authentication, integrity, nonrepudiation. Following the exchange of the secret key, messages are encrypted with the secret key and exchanged. Each transmission can also contain a digest with signature to afford continued integrity and nonrepudiation assurance. As indicated in Fig. 1 a message digest produced by a hash function is used to confirm that the message was not changed in transit and that it truly represented the original message.
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the DSA. ECDSA was first proposed by Scott Vanstone in the year 1992 in response to National Institute of Standards and Technology (NIST's) request for public comments on their first proposal for DSS. It was accepted in 1998 as an International Standards Organization (ISO) standard (ISO 14888-3), accepted in 1999 as an American National Standards Institute (ANSI) standard (ANSI X9.62) and accepted in 2000 as an Institute of Electrical and Electronics Engineers (IEEE) standard (IEEE 1363(IEEE -2000 and a FIPS standard (FIPS 186-2) Digital signature schemes can be used to provide the following basic cryptographic services (FIPSP, 2000): • Data integrity (the assurance that data has not been altered by unauthorized or unknown means) • Data origin authentication (the assurance that the source of data is as claimed) • Non-repudiation (the assurance that an entity cannot deny previous actions or commitments) The rest of the paper is organized as follows: Section 2 discusses RSA algorithm. Elliptic curve digital signature algorithm is given in section 3. Related works are discussed in section 4. Simulation results and discussions are given in section 5 and conclusion is presented in section 6.

RSA
RSA is one of the oldest and most widely used public key cryptographic algorithms. The algorithm was invented in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman. The RSA cryptosystem is based on the assumption that factoring is a computationally hard task. This means that given sufficient computational resources and time, an adversary should not be able to "break" RSA (obtain a private key) by factoring. This does not mean that factoring is the only way to "break" RSA. In fact, breaking RSA may be easier than factoring.

RSA Key Generation
A RSA public and private key pair can be generated using the algorithm below: • Choose two random prime numbers p and q • Compute n such that n = p * q • Compute φ (n) such that φ (n) = (p-1)*(q-1).
• Choose a random integer e such that 1< e < φ (n) and gcd (e, φ (n)) = 1, then compute the integer d such that: e*d ≡ 1 mod φ (n) • (e, n) is the public key and (d, n) is the private key

RSA Signature Generation and Verification
Signature of a message m is a straightforward modular exponentiation using the hash of the message and the private key. The signature s can be obtained by:

Fig. 1. Generalized signature generation and authentication
A common hash algorithm used is SHA-1.To verify a signature s for message m, the signature must first be decrypted using the author's public key (e, n). The hash h is thus obtained by: h = s e (mod n) If h matches hash (m), then the signature is valid. The message was signed by the author and the message has not been modified since signing.

ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM (ECDSA)
Elliptic Curve Digital Signature Algorithm is implemented over elliptic curve P-192 as mandated by ANSI X9.62 in C language. The Project contains necessary modules for domain parameters generation, key generation, signature generation and signature verification over the elliptic curve. ECDSA has three phases, key generation, signature generation and signature verification (Hankerson et al., 2004).

ECDSA Signature Generation and Verification
To sign a message m, an entity A with domain parameters D = (q, FR, a, b, G, n, h) does the following: • Select a random or pseudorandom integer k in the interval [1, n-1] • Compute k.G = (x 1 , y 1 ) and convert x 1 to an integer x 1' • Compute r = x 1 mod n. If r = 0 then go back to step 1 • Compute k -1 mod n • Compute hash (m) and convert this bit string to an integer • Compute s= k -1 {e + d.r} mod n. If s = 0, then go to first step. • A's signature for the message m is the pair of integers (r, s) To verify A's signature (r, s) on m, B obtains an authenticated copy of A's domain parameters D = (q, FR, a, b, G, n, h) and associated public key Q and does the following: • Verify that r and s are integers in the interval [1, n-1] • Compute hash(m) and convert this bit string into an integer e • Compute w = (s -1 ) mod n • Compute u 1 = e w mod n and u 2 = r w mod n • Compute X = u 1 G + u 2 G • If X = 0, then reject the signature, else convert the x coordinate of X to an integer x 1' and compute v = x 1' mod n • Accept the signature iff v = r Science Publications

RELATED WORK
Internet Key Exchange (IKE) protocol is the most common usable mechanism to exchange keying materials and negotiate security associations between two distant entities. This study proposes a new flexible approach for complexity reduction and security improvement of the IKE implementation. In this study, an initial secret key negotiation based on Elliptic Curve Cryptography (ECC) for phase 1 of IKE has been proposed, which instead of RSA, uses ECC-based public key certificate for authentication of the entities (Ray and Biswas, 2012).
Establishing a distributed virtual CA is an important tool to ensure the security of the wireless mesh networks. In these scenarios, several nodes jointly reserve the system's private key. This article proposes a RSA key sharing scheme based on dynamic threshold secret sharing algorithm (Min and Ting-Lei, 2010).
Secure Electronic Transaction (SET) is a standard protocol for the credit card transaction in e-commerce. Adopting Elliptic Curve Cryptography (ECC) instead RSA performed authentication and verified the integrity of data and the public key and private key of cardholder, merchant, payment gateway and certificate authority were distributed based on ECC. Security analysis shows that this scheme has high security and efficient authentication (Cao, 2011).
The use of X.509v3 certificates to carry out authentication tasks is an approach to improve security. These certificates are usually employed with the RSA algorithm. Elliptic Curve Cryptography (ECC) is a cryptographic technique eminently suited for small devices, like those used in wireless communications and is gaining momentum. The main advantage of ECC versus RSA is that for the same level of security it requires a much shorter key length. The purpose of this study is to design and implement a free open-source Certification Authority able to issue X.509v3 certificates using ECC. The result of this research may assist organizations to increase their security level in wireless devices and networks, in a costless way, by including authentication techniques based on ECC digital certificates (Cano et al., 2007).
Elliptic Curve Cryptography (ECC) is emerging as an attractive alternative to traditional public-key cryptosystems (RSA, DSA, DH). ECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth savings. While these characteristics make ECC especially appealing for mobile devices, they can also alleviate the computational burden on secure web servers. This article studies the performance impact of using ECC with Secure Sockets Layer (SSL), the dominant Internet security protocol. We benchmark the Apache web server with an ECC-enhanced version of open SSL under a variety of conditions. Our results show that an Apache web server can handle 11-31% more HTTPS requests per second when using ECC rather than RSA at short-term security levels. At security levels necessary to protect data beyond 2010, the use of ECC over RSA improves server performance by 110-279% under realistic workloads (Gupta et al., 2004). Lee and Kim (2002) proposed a two-pass hybrid key distribution and authentication protocol. The proposed protocol minimizes the number of message exchanges and the key management problem as it eliminates KDC, by using both symmetric-key and asymmetric-key schemes. In addition, it guarantees explicit entity and key authentication via a signature scheme based on Elliptic Curve Cryptosystems (ECC) whose efficiency is superior to existing signature schemes with only two-message exchanges. Savari et al. (2012) compared elliptic curve cryptography with RSA algorithm on a multipurpose smart card. ECC is compared with 160 and 1024 bit key size with RSA.

SIMULATION RESULTS
NS2 is used for simulation. In our simulation, the channel capacity of mobile hosts is set to the same value: 2 Mbps. The Distributed Coordination Function (DCF) of IEEE 802.11 for wireless LANs is used as the MAC layer protocol. It has the functionality to notify the network layer about link breakage.
In our simulation, 100 mobile nodes move in a 1500×500 m region for 50 sec simulation time. It is assumed that each node moves independently with the same average speed. All nodes have the same transmission range of 250 m. The number of attacking nodes varies from 2-10. The simulated traffic is Constant Bit Rate (CBR). The simulation settings and parameters are summarized in Table 1.

Performance Metrics
The performance is evaluated according to the following metrics.

Average End-to-End Delay
The end-to-end-delay is averaged over all surviving data packets from the sources to the destinations.

Average Packet Delivery Ratio
It is the ratio of the number of packets received successfully and the total number of packets transmitted.

Drop
It is the number of packets is dropped during the transmission.
The various combinations of ECC and RSA along with other algorithms used for hash function, encryption/decryption and signature generation are given in Table 2. Each combination is given a code. For key generation ECC and RSA are used. SHA 1 is the commonly used algorithm for message digest generation and it is compared with MD5. These two algorithms are used with ECC and RSA and its performance is compared. For encryption and decryption we have chosen ECIES which is an elliptic curve based algorithm and RSA. ECDSA and RSA are used for digital signature generation and their performance is compared based on the combination of algorithms as given in Table 2.
The time delay involved in generating the certificate for all the combination of ECC based algorithms and RSA algorithm is measured. It is found that the ECC based schemes have less delay compared to RSA algorithm. The simulations are done using Network Simulator NS2 and the measured delay for all the combinations are given in Table 3.
A Certificate Authority server generates certificates upon the request from the client. The delay between the client requesting for the certificate and the server issuing the certificate to the client is measured as end to end delay between the client and server. This end to end delay for some combinations of ECC and RSA algorithms is given in Table 4 along with throughput. There is a little variation in throughput between the two schemes but the time delay is manifold for RSA compared to ECC.
A screen shot showing the simulation is shown in Fig. 2. This gives the delay in communication between wireless node 3 and 9.The process involves decryption, hash generation and verification of the certificate. The simulated results of throughput, delay and jitter are shown in the screenshot. Figure 3 shows the delay involved in the generation of certificates using various combinations of ECC scheme. It may be noted that both DSA and ECDSA with MD5 message digest algorithm produces less delay in generating the certificates. This is because of the less complexity of MD5 message digest algorithm compared to SHA 1. Figure 4 shows the delay involved in the generation of certificates using various combinations of RSA scheme. In this, the encryption scheme used is ECIES and this leads to lesser delay compared to other combinations. The main reason for the attractiveness of ECDSA is the fact that there is no sub exponential algorithm known to solve the elliptic curve discrete logarithm problem on a properly chosen elliptic curve.
Hence, it takes full exponential time to solve while the best algorithm known for solving the underlying integer factorization for RSA and discrete logarithm problem in DSA both take sub exponential time. Figure 5 gives the delay involved in various combinations of algorithms using RSA for key generation and encryption. The combinations using ECIES and MD5 involve less delay than SHA 1 and RSA algorithms. Higher delay in RSA is due to the calculation of exponents for getting private and public keys. Figure 6 compares the throughput of ECIES and RSA algorithms. The combination of Elliptic curve and SHA-I algorithm provides strong cryptographic strength and optimizes the computational speed as well as space. As the proposed method is based on the strength of the elliptic curve discrete logarithm problem, it is not vulnerable for cryptanalytic attacks which are readily available.
The key generated by the implementation is highly secured and it consumes lesser bandwidth because of small key size used by the elliptic curves. Significantly smaller parameters can be used in ECDSA than in other competitive systems such as RSA and DSA but with equivalent levels of security. Some benefits of having smaller key size include faster computation time and reduction in processing power, storage space and bandwidth. This makes ECDSA ideal for constrained environments such as wireless networks. These advantages are especially important in other environments where processing power, storage space, bandwidth, or power consumption are lacking. The end-to-end delay measured for ECC scheme is shown in Fig. 7.       Alese et al. (2012) has done the comparison of ECC and RSA algorithms. In our paper two different encryption and digital signature algorithms are used along with RSA algorithm. One of the combination uses RSA algorithm for encryption, decryption and digital signature generation. The key size is 1024 bits. Table 5 gives the comparison of RSA algorithm.

Comparison with Other Works
For the elliptic curve cryptography, we have used the EC group P-224. The comparison of simulation results are given in Table 6.

CONCLUSION
In this study, we presented the simulation of ECC and RSA algorithms for various combinations of ECDSA, DSA, RSA, MD5, SHA-1 used for encryption, decryption and digital signature operations. The certificate generation delay, encryption delay, throughput, end-to-end delay in generating and issuing certificate to clients are measured for all the combinations. It is found that ECC based combinations outperform RSA based combinations of algorithms in terms of encryption, throughput and end-to-end delay.
This concludes that ECC is best suited for wireless applications which demands speed, time and bandwidth. Our results are compared with other works which shows that we are able to obtain lesser key generation time, encryption time and throughput because of our optimized code simulation. Our work implies that ECDSA used for generating certificates is more efficient than other combinations. ECC gives the same level of security with less key size when compared to RSA.
ECC based authentication protocol for wireless applications is recently proposed. Wireless applications require low power, less memory space and bandwidth. ECC suits the best for this application because of its speed and security. With these timings, the execution of the ECC-based wireless authentication protocol takes around 140 ms on the ARM7TDMI processor, which is a widely used, lowpower core processor for wireless applications.
Using this processor our combination codes can be implemented in future and required combination can be selected from the library. This will reduce cost and time.
Also in future low power ASICs can be designed which could be customized to meet the wireless requirements.