Performance Analysis of Certificateless Signature for IKE Authentication
Elliptic curve-based certificateless signature is slowly
gaining attention due to its ability to retain the efficiency of
identity-based signature to eliminate the need of certificate
management while it does not suffer from inherent private
key escrow problem. Generally, cryptosystem based on elliptic
curve offers equivalent security strength at smaller key sizes
compared to conventional cryptosystem such as RSA which
results in faster computations and efficient use of computing
power, bandwidth, and storage. This paper proposes to implement
certificateless signature based on bilinear pairing to
structure the framework of IKE authentication. In this paper,
we perform a comparative analysis of certificateless signature
scheme with a well-known RSA scheme and also present the
experimental results in the context of signing and verification
execution times. By generalizing our observations, we discuss the
different trade-offs involved in implementing IKE authentication
by using certificateless signature.
[1] Certicom Research: Standards for efficient cryptography - SEC1: Elliptic
curve cryptography (2000)
[2] Certicom Research: Standards for efficient cryptography - SEC2: Recommended
elliptic curve domain parameters (2000)
[3] Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE
Transactions on Information Theory IT-22(6), 644-654 (1976)
[4] Eastlake 3rd, D.: Domain name system security extensions (1999)
[5] Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly
elliptic curves. Journal Of Cryptology 23(2), 224 - 280 (2010)
[6] Fu, D., Solinas, J.: IKE and IKEv2 Authentication Using the Elliptic
Curve Digital Signature Algorithm (ECDSA). RFC 4754 (Proposed
Standard) (2007)
[7] Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409
(Proposed Standard) (1998). Obsoleted by RFC 4306, updated by RFC
4109
[8] Jancic, A., M.J.Warren: PKI - advantages and obstacles. In: 2nd
Australian Information Security Management Conference (2004)
[9] Lifeng, G., Lei, H., Yong, L.: A practical certificateless signature
scheme. Internation Symposium on Data, Privacy, and E-Commerce
pp. 248-253 (2007)
[10] Lynn, B.: The pairing-based cryptography (PBC) library.
http://crypto.stanford.edu/pbc/
[11] Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms
to logarithms in a finite field. IEEE Transactions on Information
Theory 39(5), 1639 - 1646 (1993)
[12] Peyravian, M., Roginsky, A., Zunic, N.: Non-PKI methods for public
key distribution. Computers & Security 23(2), 97 - 103 (2004)
[13] Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital
signatures and public-key cryptosystems. Communications of the ACM
21, 120-126 (1978)
[14] Smetters, D.K., Durfee, G.: Domain-Based Authentication of Identity-
Based Cryptosystems for Secure Email and IPsec. In: 12th Usenix
Security Symposium. Washington, D.C. (2003)
[15] Terada, R., Denise, H.G.: A certificateless signature scheme based
in bilinear pairing functions. In: symposium on Cryptography and
Information Security (2007)
[16] The OpenSSL Project: Openssl. http://www.openssl.org
[17] Vixie, P., Gudmundsson, O., 3rd, D., Wellington, B.: Secret key transaction
authentication for DNS (TSIG) (2000)
[18] Wang, C., Huang, H., Tang, Y.: An efficient certificateless signature from
pairings. Internation Symposium on Data, Privacy, and E-Commerce pp.
236-238 (2007)
[1] Certicom Research: Standards for efficient cryptography - SEC1: Elliptic
curve cryptography (2000)
[2] Certicom Research: Standards for efficient cryptography - SEC2: Recommended
elliptic curve domain parameters (2000)
[3] Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE
Transactions on Information Theory IT-22(6), 644-654 (1976)
[4] Eastlake 3rd, D.: Domain name system security extensions (1999)
[5] Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly
elliptic curves. Journal Of Cryptology 23(2), 224 - 280 (2010)
[6] Fu, D., Solinas, J.: IKE and IKEv2 Authentication Using the Elliptic
Curve Digital Signature Algorithm (ECDSA). RFC 4754 (Proposed
Standard) (2007)
[7] Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409
(Proposed Standard) (1998). Obsoleted by RFC 4306, updated by RFC
4109
[8] Jancic, A., M.J.Warren: PKI - advantages and obstacles. In: 2nd
Australian Information Security Management Conference (2004)
[9] Lifeng, G., Lei, H., Yong, L.: A practical certificateless signature
scheme. Internation Symposium on Data, Privacy, and E-Commerce
pp. 248-253 (2007)
[10] Lynn, B.: The pairing-based cryptography (PBC) library.
http://crypto.stanford.edu/pbc/
[11] Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms
to logarithms in a finite field. IEEE Transactions on Information
Theory 39(5), 1639 - 1646 (1993)
[12] Peyravian, M., Roginsky, A., Zunic, N.: Non-PKI methods for public
key distribution. Computers & Security 23(2), 97 - 103 (2004)
[13] Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital
signatures and public-key cryptosystems. Communications of the ACM
21, 120-126 (1978)
[14] Smetters, D.K., Durfee, G.: Domain-Based Authentication of Identity-
Based Cryptosystems for Secure Email and IPsec. In: 12th Usenix
Security Symposium. Washington, D.C. (2003)
[15] Terada, R., Denise, H.G.: A certificateless signature scheme based
in bilinear pairing functions. In: symposium on Cryptography and
Information Security (2007)
[16] The OpenSSL Project: Openssl. http://www.openssl.org
[17] Vixie, P., Gudmundsson, O., 3rd, D., Wellington, B.: Secret key transaction
authentication for DNS (TSIG) (2000)
[18] Wang, C., Huang, H., Tang, Y.: An efficient certificateless signature from
pairings. Internation Symposium on Data, Privacy, and E-Commerce pp.
236-238 (2007)
@article{"International Journal of Information, Control and Computer Sciences:55951", author = "Nazrul M. Ahmad and Asrul H. Yaacob and Ridza Fauzi and Alireza Khorram", title = "Performance Analysis of Certificateless Signature for IKE Authentication", abstract = "Elliptic curve-based certificateless signature is slowly
gaining attention due to its ability to retain the efficiency of
identity-based signature to eliminate the need of certificate
management while it does not suffer from inherent private
key escrow problem. Generally, cryptosystem based on elliptic
curve offers equivalent security strength at smaller key sizes
compared to conventional cryptosystem such as RSA which
results in faster computations and efficient use of computing
power, bandwidth, and storage. This paper proposes to implement
certificateless signature based on bilinear pairing to
structure the framework of IKE authentication. In this paper,
we perform a comparative analysis of certificateless signature
scheme with a well-known RSA scheme and also present the
experimental results in the context of signing and verification
execution times. By generalizing our observations, we discuss the
different trade-offs involved in implementing IKE authentication
by using certificateless signature.", keywords = "Certificateless signature, IPSec, RSA signature, IKE authentication.", volume = "5", number = "2", pages = "135-8", }