Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Lino Zachariah, Dr. Poonam Sinha / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 6, November- December 2012, pp.043-047 Analysis and comparison of ECC & ECIES using IBE for securing patient’s privacy Lino Zachariah Dr. Poonam Sinha M-Tech(IT), BU Bhopal HOD-Information Technology BU, Bhopal (MP)ABSTRACTThe work that we are presenting here denotes the communications device, a small microcontroller,comparison between Elliptic curve cryptography and an energy source, usually a battery. Theand elliptic curve integrated Encryption Scheme envisaged size of a single sensor node can vary fromusing Identity Based Encryption implemented on shoebox-sized nodes down to devices the size ofsensor networks, motivated by those networks grain of dust although functioning motes ofneed for an efficient, secure mechanism for genuine microscopic dimensions have yet to beshared cryptographic keys distribution and created. The cost of sensor nodes is similarlyredistribution among nodes. Both the variable, ranging from hundreds of dollars to a fewcryptographic technique can be implemented as cents, depending on the size of the sensor networkan application for securing the patient’s privacy and the complexity required of individual sensorin wireless body sensor networks. Hence, we are nodes. Size and cost constraints on sensor nodescomparing the their implementation on body result in corresponding constraints on resourcessensor network for the encryption and such as energy, memory, computational speed anddecryption of patient’s private record. bandwidth. Sensor nodes can be imagined as small computers, extremely basic in terms of theirINTRODUCTION interfaces and their components. They usually Body Sensor Networks (also known as consist of a processing unit with limitedbodynets or Body Area Networks) have the potential computational power and limited memory, sensorsto revolutionize healthcare monitoring. These (including specific conditioning circuitry), anetworks are comprised of wearable devices with communication device (usually radio transceivers orattached sensors that can measure various alternatively optical), and a power source usually inphysiological and environmental signals. Bodynet the form of a battery. The base stations are one ordevices communicate wirelessly with networked more distinguished components of the WSN withgateways (mobile phones, computers and PDAs) much more computational, energy andwhich store, analyse and communicate vital communication resources. They act as a gatewayinformation in real-time. A Bodynet can be designed between sensor nodes and the end user.to immediately alert emergency personnel to acritical situation like a heart attack or a debilitating IDENTITY BASED ENCRYPTIONfall. Bodynets can also help physicians catch Identity-based encryption (IBE) is a public-warning signs of a disease earlier or remotely key encryption technology that allows a public keymonitor the progress of a recovering surgery patient. to be calculated from an identity and a set of public A Wireless Sensor Network (WSN) is a mathematical parameters and for the correspondingwireless network consisting of spatially distributed private key to be calculated from an identity, a set ofautonomous devices using sensors to cooperatively public mathematical parameters and a domain-widemonitor physical or environmental conditions, such secret value. An IBE public key can be calculatedas temperature, sound, vibration, pressure, motion or by anyone who has the necessary public parameters;pollutants, at different locations. The development a cryptographic secret is needed to calculate an IBEof wireless sensor networks was originally private key, and the calculation can only bemotivated by military applications such as performed by a trusted server which has this secret.battlefield surveillance. However, wireless sensor Identity-based systems allow any party to generate anetworks are now used in many civilian application public key from a known identity value such as anareas, including environment and habitat monitoring, ASCII string. A trusted third party, called thehealthcare applications, home automation, and Private Key Generator (PKG), generates thetraffic control. corresponding private keys. To operate, the PKG In addition to one or more sensors, each first publishes a master public key, and retains thenode in a sensor network is typically equipped with corresponding master private key (referred to asa radio transceiver or other wireless master key). Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with 1|Page
  2. 2. Lino Zachariah, Dr. Poonam Sinha / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 6, November- December 2012, pp.043-047the identity value. To obtain a corresponding private hash function h(). Finally, we have the secret key xkey, the party authorized to use the identity ID and public parameters (y, P, p, q, h(.)). Encrypting acontacts the PKG, which uses the master private key message m using public key y as EccEncrypt(m, y).to generate the private key for identity ID. The resulting ciphertext is denoted by c. The As a result, parties may encrypt messages decryption of ciphertext c using the secret key x is(or verify signatures) with no prior distribution of given as EccDecrypt(c, x).keys between individual participants. This is The algorithms for EccEncrypt and EccDecryptextremely useful in cases where pre-distribution of are found in following Alg. 1 and Alg. 2authenticated keys is inconvenient or infeasible due respectively.to technical restraints. However, to decrypt or signmessages, the authorized user must obtain the Algorithm1: EccEncrypt(m, y)appropriate private key from the PKG. A caveat ofthis approach is that the PKG must be highly trusted, 1: Generate a random number r ∈ GF(p). Encrypt mas it is capable of generating any users private key with r, Er(m)and may therefore decrypt (or sign) messages 2: Calculate Ar = h(r) · ywithout authorization. Because any users private 3: Calculate Br = h(r) · Pkey can be generated through the use of the third 4: Calculate α r = r ⊕x(Ar), where x(Ar) is the xpartys secret, this system has inherent key escrow. coordinate of ArA number of variant systems have been proposed 5: Return ciphertext c = < α r, Br, Er(m)>which remove the escrow including certificate-basedencryption, secure key issuing cryptography andcertificate less cryptography [25]. Algorithm2: EccDecrypt(c, x)IBE scheme consists of four algorithms: 1: Calculate x · Br = x · h(r) · P = h(r)·y = Ar(1) Setup generates global system parameters and a 2: Determine the x coordinate, x(Ar)master-key. 3: Derive symmetric key r with αr ⊕x(Ar) = r(2) Extract uses the master-key to generate the ⊕x(Ar) ⊕x(Ar) = rprivate key corresponding to an arbitrary public key 4: Apply r to Er(m) to return mstring ID.(3) Encrypt encrypts messages using the public keyID, and ELLIPTIC CURVE INTEGRATED(4) Decrypt decrypts messages using thecorresponding private key. ENCRYPTION SCHEME In 1997, Mihir Bellare and Philip Rogaway(1) Setup: IBE systems rely upon a trusted central [28] presented the Discrete Logarithm Augmentedauthority that manages the parameters with which Encryption Scheme (DLAES), which waskeys are created. This authority is called the Private subsequently improved by the same authors andKey Generator or PKG. The PKG creates its Michel Abdalla, being first renamed as the Diffie-parameters, including a master secret from which Hellman Augmented Encryption Scheme (DHAES)private keys are created. in 1998 [26] and later as the Diffie-Hellman(2) Extraction: When doctor wishes to decrypt the Integrated Encryption Scheme (DHIES) in 2001message C that was encrypted, he/she authenticates [27], in order to avoid confusions with thehimself to the PKG and obtains the secret key that Advanced Encryption Standard (AES). DHIEShe/she uses to decrypt messages. represents an enhanced version of the ElGamal(3) Encryption: When patient wishes to encrypt a encryption scheme, using elliptic curves in anmessage, he encrypts the message by computing or integrated scheme which includes public keyobtaining the public key, and then encrypting a operations, symmetric encryption algorithms, MACplaintext message M with public key to obtain codes, and hash computations. Because of theciphertext C. integration of different functions, DHIES is secure(4) Decryption: When doctor has C and private key, against chosen ciphertext attacks without having tohe/she decrypts C to obtain the plaintext message M. increase the number of operations or the key lengthHere we are providing the application of Identity [27].Based Encryption on ECC and ECIES.ELLIPTIC CURVE CRYPTOGRAPHY ECIES FUNCTIONAL COMPONENENT As it name indicates, ECIES is an To setup ECC, we first select a particular integrated encryption scheme that uses the followingelliptic curve E over GF (p), where p is a big prime functions:number. We also denote P as the base point of E andq as the order of P, where q is also a big prime. We  Key Agreement (KA): Function used bythen pick a secret key x, and the corresponding two parties for the creation of a sharedpublic key y, where y = x · P, and a cryptographic secret. 2|Page
  3. 3. Lino Zachariah, Dr. Poonam Sinha / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 6, November- December 2012, pp.043-047  Key Derivation (KDF): Mechanism that ECIES Encryption produces a set of keys from keying material and some optional parameters. INPUT: Message m and public key  Hash (HASH): Digest function. OUTPUT: The ciphertext ( U,c,r)  Encryption (ENC): Symmetric encryption 1. Choose k € R(1…………….q-1) algorithm. 2. U  [k]G  Message Authentication Code (MAC): 3. T  [k]Y Information used to authenticate a message. 4. (k1||k2)  KD(T,l) 5. Encrypt the message c  Ek1(m) The elliptic curve integrated encryption 6. Compute the MAC on the ciphertext r system (ECIES) is the standard elliptic curve based MACk2(c)encryption algorithm. It is called integrated, since it 7. Output (U,c,r)is a hybrid scheme that uses a public –key system totransport a session key for use by a symmetric ECIES encryption requires a message andcipher. the key to encrypt the message.First a random prime ECIES is a public-key encryption number is selected between range.then U isalgorithm where there is assumed to be a set of predicted which is public key.domain parameters (K,E,q,h,G). With these Each element of the ciphertext (U,c,r) is important:parameters, we also add a choice of symmetric U is needed to agree the ephemeral Diffie Hellmanencryption/decryption functions which we shall key T.denote Ek(m) and Dk(c). The use of a symmetric c is actual encryption of the message.encryption function makes it easy to encrypt long r is used to avoid adaptive chosen ciphertext attacks.messages. In addition instead of a simple hashfunction we require two special types of hash Notice that the data item U can befunction: compressed to reduce bandwisth, since it is anA message authentication code MAC k(c). elliptic curve point. Notice that the T computed in the decryptionMAC : {0.1}^n * {0,1}^*  {0,1}^m algorithm is the same as the T computed in the encryption algorithm sinceThis acts precisely like a standard hash function Tdecryption = [r]U = [x][k]G = [k]([x]G) =except that it has a secret key passed to it as well as [k]Y=Tencryption.a message to be hashed.A key derivation function KD(T,l) ECIES DecryptionKD : E * N  {0,1}^* INPUT: Ciphertext ( U,c,r) and a private key r. A key derivation function acts precisely OUTPUT: The message m or an ‘invalidlike a hash function except that output length could ciphetext’ message.be quite large. The output is used as a key to encrypta message hence if the key is to be used in a xor- 1. T  [x]Ubased encryption algorithm the output needs to be as 2. (k1||k2)  KD(T,l)long as the message being encrypted. 3. Decrypt the message m  Dk(c). The x-or based encryption requires key 4. if r ≠ MACk2(c) then output ‘Invalidderivation and the MAC function to encrypt the Ciphertext’message on the basis of x-or operation on bits. 5. output m. The ECIES scheme works like a one-passDiffie Hellman key transport, where one of the BACKGROUNDparties is using a fixed long term rather than an The Elliptic curve with identity basedephemeral one. This is followed by symmetric encryption technique provides the security of singleencryption of the actual message. For example the data over the network, but here we are comparingcombined length of the required MAC key and the the Elliptic curve integrated encryption schemerequired key for the symmetric encryption is given using IBE and analyse the comparison between theby l. The recipient is assumed to have a long-term two elliptic curve standards to secure patient’spublic /private key pair ( Y,x) where record. The elliptic curve using Identity based encryption is the technique where the data reading Y = [x] G from the sensors can be encrypted using n number of identities, one for each record of the patient. The doctor can only decrypt a particular data even if he knows the identity of the other records also. The 3|Page
  4. 4. Lino Zachariah, Dr. Poonam Sinha / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 6, November- December 2012, pp.043-047elliptic curve integrated encryption system (ECIES) As shown in the fig. 1 that the proposed algorithmis the standard elliptic curve based encryption when implemented gives less time than thealgorithm. It is called integrated, since it is a hybrid existing ECC technique, Also the proposedscheme that uses a public –key system to transport a algorithm requires less storage in the sensor tosession key for use by a symmetric cipher. The store the data. Hence requires less storage.algorithm provides an x-or based encryptiontechnique over key distribution function and the Storage (bytes) ECC-IBE ECIESMAC code. The idea is to use multiple sensors inmultiple patients, where the sensors notes different 2500 50 N*50reading and collect over to the storage site. The 5000 100 N*100ECIES has an advantage over ECC as our algorithm 10000 200 N*200is very useful for the integration of more than one 25000 500 N*500data at the storage site and to encrypt and decrypt 50000 1000 N*1000them easily. Also our algorithm used a MAC Figure 1.2 Key Required Vs Storage Size in Bytefunction to generate number in a more secure wayand also this algorithm uses the concept of Where ‘N’ is the number of patients.symmetric as well as asymmetric key. As our proposed algorithm generates ‘n’A body sensor network (BSN), is a network of number of public keys and different on the numbersensors de- of public keys the sensors read that number of data.ployed on a person’s body, usually for health care As shown in the fig. 1.2 that as the memory requiredmonitor-ing. Since the sensors collect personal to store the data will depends on the number ofmedical data, secu-rity and privacy are important public keys and the storage will increase if thecomponents in a body sensor network. At the same number of public keys generated will increase.time, the collected data has to read- ily available inthe event of an emergency. Time(S) 3.45 6.9 10.35 13.8 17.25 20.7RESULTS COMPASION BETWEEN ECC& ECIES Keys 5 10 15 20 25 30Public key: The key generated when the sensorsstarts reading from the patient. Figure 1.3 Time Required Vs Key RequiredSignature: The sensors when reads the data and encrypted that data using signatures Result Analysis (verification of the sender and the receiver The fig. 1.3 shows the time required to so that the unauthorised user can’t access generate the public key, as our proposed algorithm the data) so that data can’t be access generates ‘n’ number of public keys, so the time eavesdropped and the signatures when required for generating ‘n’ public keys will increase matched can be decrypted. the time according to the number of public keysEncrypted Data: The data which is not in actual generated. form but can be converted into another form such that the even if the data is Conclusion accessed can’t understand by the others. This paper has presented the working of aDecrypted Data: The data which is encrypted to system of compact, wearable, wireless body sensing provide a security to the data will be devices implanted in the human body. The novel decrypted by the same technique used for achievement is that we have proposed is the encryption such that data is correct and improvement in the existing protocol for data readable. encryption, decryption and transfer between BSN,Data storage: The memory required to store a single storage site and doctor with the need for high data data from the patient in the sensor. rates. The main idea to implement the ellipticParameters ECC-IBE ECIES curve algorithms that may be used for securing of multiple patient’s data over sensor network, here wePublic key 0.74 sec 0.69 sec are implementing and analysing two elliptic curve technique and comparing on different parameters.Signature time 0.77 sec 0.7 secTime to encrypt 5.7 sec 5.5 secTime to decrypt 1.12 sec 2.07 secStorage 1.6 KB 45 bytesFig. 1.1 Analysis on different parameters 4|Page
  5. 5. Lino Zachariah, Dr. Poonam Sinha / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 6, November- December 2012, pp.043-047REFERENCES [18] D. J. Malan, M. Welsh, and M. D. Smith. A [1] N. Asokan, K. Kostiainen, P. Ginzboorg, J. public-key infrastructure for key Ott, and C. Luo. Applicability of identity- distribution in tinyos based on elliptic based cryptography for disruption-tolerant curve cryptography. In SECON 2004. networking. In MobiOpp 2007. [19] K. Malasri and L. Wang. Addressing [2] D. Boneh and M. Franklin. Identity-based security in medical sensor networks. In encryption from the Weil pairing. In HealthNet 2007. CRYPTO 2001. [20] M. Mont, P. Bramhall, and K. Harrison. A [3] S. Capkun, L. Butty´an, and J.-P. Hubaux. flexible role-based secure messaging Self organized public-key management for service: exploiting IBE technology for mobile ad hoc networks. IEEE TMC 2003. privacy in health care. In International [4] H. Chan, A. Perrig, and D. Song. Random Workshop on Database and Expert Systems key predistribution schemes for sensor Applications 2003. networks. In IEEE SP 2003. [21] E. Mykletun, J. Girao, and D. Westhoff. [5] C. Cocks. An identity based encryption Public key based cryptoschemes for data scheme based on. quadratic residues. In concealment in wireless sensor networks. LNCS 2260 (2001). In ICC2006. [6] W. Du, R. Wang, and P. Ning. An efficient [22] A. Perrig, R. Szewczyk, V. Wen, D. Culler, scheme for authenticating public keys in and J. D. Tygar. SPINS: Security protocols sensor networks. In MobiHoc 2005. for sensor networks. In Mobicom 2001. [7] L. Eschenauer and V. D. Gligor. A key- [23] A. Shamir. Identity-based cryptosystems management scheme for distributed sensor and signature schemes. In CRYPTO 1984. networks. In CCS 2002. [24] L. Zhong, M. Sinclair, and R. Bittner. A [8] R. Ganti, P. Jayachandran, and T. phone centered body sensor network Abdelzaher. Satire: A software architecture platform: cost, energy efficiency and user for smart attire. In Mobisys 2006. interface. In BSN 2006. [9] J. Girao, D. Westhoff, E. Mykletun, and T. [25] Araki.Tinypeds: Tiny persistent encrypted http://en.wikipedia.org/wiki/Identity_based data storage in asynchronous wireless _encryption. sensor networks. Ad Hoc Networks 2007. [26] M. Abdalla, M. Bellare, P. Rogaway. [10] U. Hengartner and P. Steenkiste. DHAES: An Encryption Scheme Based on Exploiting hierarchical identity-based the Diffie-Hellman Problem, contribution encryption for access control to pervasive to IEEE P1363a, 1998. computing information. In SecureComm [27] M. Abdalla, M. Bellare, P. Rogaway. The 2005. Oracle Diffie- Hellman Assumptions and [11] C. Karlof, N. Sastry, and D. Wagner. an Analysis of DHIES, Lecture Notes in Tinysec: a link layer security architecture Computer Science, 2020, pp. 143–158, for wireless sensor networks. In SenSys 2001. 2004. [28] M. Bellare and P. Rogaway. Minimizing [12] A. Kate, G. Zaverucha, and U. Hengartner. the Use of Random Oracles in Anonymity and security in delay tolerant Authenticated Encryption Schemes, networks. In SecureComm 2007. Lecture Notes in Computer Science, 1334, [13] L. Lazos and R. Poovendran. Serloc: pp. 1–16, 1997. Secure range independent localization for wireless sensor networks. ACM TOSN 2005. [14] A. Liu, P. Kampanakis, and P. Ning. Tinyecc: Elliptic curve cryptography for sensor networks (version 0.3). 2007. [15] D. Liu and P. Ning. Establishing pairwise keys in distributed sensor networks. In CCS 2003. [16] B. Lo and G. Z. Yang. Key technical challenges and current implementations of body sensor networks. In BSN 2005. [17] D. Malan, T. Fulford-Jones, M. Welsh, and S. Moulton. Codeblue: An ad hoc sensor network infrastructure for emergency medical care. In BSN 2004. 5|Page