|
| Tuesday, 19 January 2016, 18:00 JST | |
| |  | |
Source: Fujitsu Ltd | |
|
|
|
|
| Nearly 80% reduction in authentication time verified in joint research with University of Tokyo and Toho University |
KAWASAKI, Japan, Jan 19, 2016 - (JCN Newswire) - Fujitsu Laboratories Ltd. today announced that, in collaboration with the University of Tokyo and Toho University, it has developed authentication technology for Internet-of-Things (IoT) devices that reduces the time needed for authentication in the Transport Layer Security (TLS)(1) cryptographic protocol by nearly 80%, compared to previous methods with the same security strength. The TLS protocol, which is widely used in PCs and other devices, employs public key cryptography.
TLS requires a certain amount of processing capacity, so it had been difficult to apply to IoT devices, which, with their simplified structure, had taken a second or more for authentication. Now, by reducing the processing load of the core authenticated key exchange method, and by accelerating the arithmetic operation speed, the research team succeeded in developing authentication technology that could accommodate TLS.
Envisioning actual applications, the team performed field trials of the newly developed technology by connecting it to an energy management system for air conditioning equipment in the Green University of Tokyo Project (GUTP)(2).
With this technology, IoT devices, which have lower processing capacity than PCs, can use communications technology with the same level of safety as that used by PCs. This enables the IoT to be used even in applications requiring security and privacy.
Details on this technology will be released at SCIS2016, the Symposium on Cryptography and Information Security, opening today in Kumamoto, Japan.
Background
The goal of the IoT is to bring greater convenience and comfort to social infrastructure and people's lives by connecting a wide variety of devices, such as sensors and home appliances, to the Internet to enable automated data collection and system controls without human intervention. In addition, because it is envisioned that it will handle private data on people's lives, there is a need for technology that further raises the level of safety to protect against the risk of data leaks and unauthorized operation of devices.
Technological Issues
With PCs and smartphones, the TLS cryptographic protocol, which employs public key cryptography, is widely used to prevent identity fraud, data theft, and tampering in communications. This is an important technology for enabling safe Internet communications, but because it requires a certain amount of processing capacity, IoT devices require a second or more to authenticate communications as they have lower processing capacity than PCs. In addition, a significant amount of electricity is consumed in communications. As a result, from a practical standpoint, it has been difficult to widely apply TLS to IoT devices across the board.
About the Technology
In collaboration with the University of Tokyo and Toho University, Fujitsu Laboratories has developed TLS authentication using an ID-based authenticated key exchange method, which reduces authentication time to nearly one-fifth of previous methods.
The newly developed authentication method is envisaged to be used in gateway devices, which have processing capabilities that are about half-way between small-scale sensors and PCs. The gateway devices, which communicate through the Internet, would be installed at the exit of a network that connects multiple small-scale sensors and non-Internet-connected devices (Figure 1).
The features of the newly developed technology are as follows:
1. Reduces the processing load of the authenticated key exchange method in TLS
Under specific management, public key cryptography that uses a device's assigned ID as a public key for cryptographic processing, called ID-based cryptography, obviates the need for certificates as the correctness of the ID is directly bound to that of the public key. Therefore, it is possible to eliminate the processing involved in certificate validation, transmission, and reception. To apply TLS, however, further reductions in the processing load were necessary.
In addition to limiting the implemented functions to the authentication and key exchange required for TLS and employing an authenticated key exchange scheme with fewer operations, the research team also created an efficient communications sequence by devising a scheme that sends ID notifications first (Figure 2).
This is the world's first use of an efficient ID-based authenticated key exchange scheme in TLS.
2. Accelerates calculation processing
The research team found that many similar arithmetic operations are carried out multiple times during key exchange. To remedy this, they devised a method to execute them all at once, accelerating the speed of key exchange for ID-based cryptography.
In order to make it simple to deploy in systems using OpenSSL, which is widely used around the world, the research team implemented this newly developed technology as an extension of OpenSSL. In addition, they have incorporated it into communications software using the IEEE 1888 protocol(3), which is a communications standard for smart cities.
The IEEE 1888 communication software incorporating the newly developed technology was installed on gateway devices and servers at the University of Tokyo and Toho University, and field trials were performed through the Internet from November to December, 2015.
Envisioning actual applications, in these trials the team connected the new technology to an energy management system for air conditioning equipment in the GUTP (Figure 3).
In the joint development, Fujitsu Laboratories primarily took responsibility for the design and implementation of the authentication method; the University of Tokyo handled the application of the IEEE 1888 communication software and building the experimental environment; and Toho University focused on improvements to the TEPLA(4) cryptography implementation.
Results
Compared to previous methods with the same security strength, the new technology reduced the time required for TLS authentication by nearly 80%, enabling TLS authentication time of several hundred milliseconds, even by IoT devices with relatively low processing capacity (Figure 4). As a result, even when IoT devices communicate, data leaks or unauthorized operation of devices can be prevented, enabling the IoT's scope of use to be expanded to applications requiring security and privacy.
Future Plans
With the aim of practical application in fiscal 2017, Fujitsu Laboratories will work with Toho University to provide IEEE 1888 communications software to bring this technology to organizations participating in the GUTP, and will work to expand its applications.
To view this press release complete with the Figures, please visit www.fujitsu.com/global/about/resources/news/press-releases/2016/.
[1] Transport Layer Security (TLS): A standard authentication and encrypted communications protocol that is a successor to the Secure Sockets Layer (SSL) protocol. It is widely used in HTTPS and SSL VPNs (Secure Sockets Layer virtual private networks).
[2] Green University of Tokyo Project (GUTP): A University of Tokyo project to collaborate with industry initiated in 2008 to address the earth's environmental problems using ICT. It has produced such results as the development of IEEE 1888, and, in the summer of 2011, a 30% reduction in peak electricity usage for the University of Tokyo's five campuses compared to the prior fiscal year by bringing visibility to power consumption.
[3] IEEE 1888 protocol: The Ubiquitous Green Community Control Network (UGCCNet) protocol. A communications standard promulgated by the Institute of Electrical and Electronics Engineers (IEEE) in the US in 2011 to monitor and control building energy management systems and other communities needed to create smart cities. In 2015, it was also published as International Standard ISO/IEC 18880.
[4] TEPLA: Acronym for University of Tsukuba Elliptic Curve and Pairing Library. An open source library that provides an arithmetic operation called pairing that is needed for ID-based cryptography.
About Fujitsu Laboratories
Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Ltd. is one of the premier research centers in the world. With a global network of laboratories in Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://jp.fujitsu.com/labs/en.
Contact:
Fujitsu Limited
Public and Investor Relations
Tel: +81-3-3215-5259
URL: www.fujitsu.com/global/news/contacts/
Technical Contacts:
Fujitsu Laboratories Ltd.
Knowledge Information Processing Laboratory
E-mail: tls-id-2016@ml.labs.fujitsu.com
Topic: Press release summary
Source: Fujitsu Ltd
Sectors: IT Individual
https://www.acnnewswire.com
From the Asia Corporate News Network
Copyright © 2024 ACN Newswire. All rights reserved. A division of Asia Corporate News Network.
|
|
|
|
|
|
|
|
