Implementation of Elliptical Curve Cryptography Based Diffie-Hellman Key Exchange Mechanism in Contiki Operating System for Internet of Things

░ ABSTRACT - Wireless Sensor Networks have gradually upgraded to Internet of Things (IoT) of embedded devices wherein the constrained devices have been connected directly onto the Internet. This transformation has not only facilitated the expansion in connectivity and accessibility of the sensor network but has also enabled one sensor network to interact with other through Internet. Security of IoT devices has been researched extensively. The challenge to transform the complex cryptographic algorithms into lighter and faster has kept researchers on their toes. Contiki-OS is one of the purest implementations of 6LoWPAN and IEEE 802.15.4. That makes Contiki-OS lightest and therefore preferred OS for implementation on ultra-low power sensor nodes. Elliptical Cryptography has proved to be the choice of most of the security researchers for constrained devices. However, there is very limited literature available on implementation of Elliptical Cryptography on Contiki-OS. The open-source libraries available for security implementation have not found to be supporting Cooja simulator of Contiki-OS. In this research work we demonstrate improved results in processing the Elliptical Cryptography Based implementation of Diffie-Hellman Key exchange mechanism in Contiki-OS using Cooja simulator. SECP160K1 curve has been implemented and the results in terms of ECDH computational time have been compared with previously published research works. This research demonstrates improved results in Cooja simulator than previous known results on hardware providing a leap ahead in efficiency of implementation.

Smart devices like Kitchen Electronics, Security cameras and fences, Health Monitoring Systems, Connected Vehicles and Industrial Automation are latest trends in the field of Internet of Things currently and planned in near future. However, the IoT devices used in such applications are predominantly powered and therefore can afford to use IEEE 802.11 protocol for connecting to the Internet. Whereas, there are ultra-low power IoT devices which have bare minimum power to sustain the constrained requirement of resources so as to accomplish a considerable life. Such IoT devices / motes / constrained nodes have minimal resources to be consumed by security protocol.
There are numerous lightweight libraries implementing symmetric cryptography and hash functions specifically designed for embedded devices. However the keys for asymmetric cryptographic functions are large integers and demand large memory and processing cycles for deployment. This makes the implementation of protocols difficult in an efficient way. A well-known example for a 16-bit platform targeted towards IoT applications is the MSP430 family of ultra-low power microcontrollers from Texas Instruments [1]. The C standard mathematical library of MSP430 includes mathematical functions defined in <math.h>. This library is widely used for microcontrollers as it is part of C compiler. It provides only basic math functions like trigonometric, exponentiation and logarithmic functions [2].
Our literature survey indicates that there are very few attempts to build numerical computation libraries that can perform heavy computations on microcontrollers. Texas Instruments provide IQMath and QMath libraries for its MSP430 and MSP432 devices. These libraries contain a collection of mathematical routines for C programmers. However, this collection is restricted only to basic mathematical functions such as trigonometry and algorithmic functions [3].
Another peculiarity among the libraries is that they have limited support to Contiki-OS. Tiny ECC [4] utilizes C code of large integer operations in RSAREF 2.0 [5] by porting it to NesC code on TinyOS for implementation. TinyDTLS [6] is implementation of Elliptic Curve Cryptography (ECC) on an 8bit microcontroller but the implementation on GitHub is only for 32-bit architecture and with pre-shared key mode. Other libraries that are available online are NanoECC [7], BearSSL [8], FlexibleECC [9], MicroECC [10], WolfSSL [11] and PolarSSL [12].
This research work is focused on implementation of our mathematical engine on ultra-low power microcontroller MSP430 using WisMote of Cooja simulator in Contiki-OS. Diffie Hellman Key Exchange is discussed in Section 2. Section 3 comprises of elliptic curves and mathematical operations on elliptic curves in finite field. The experimental setup and results are thereafter explained in Section 4 and the research work is concluded in Section 5.

░ 2. DIFFIE HELLMAN KEY EXCHANGE
A message in the pure form, without any alterations or additions, conveying the intended meaning is known as message in plain text. This plain text message, when in a coded form, having worked upon with intentions to hide the message from third party, is called cipher text. The process of conversion of plain text to cipher text is call encryption and the reversal from cipher text to plain text is called decryption. The study of algorithms or schemes used for encryption and decryption is called cryptography. The encryption algorithms have been developed through research and are publicly known. However, the key used for encryption is the guarded secret that prevents unauthorized decryption of the cipher text.
The knowledge of encryption algorithm used and the key can expose the cipher text to third party. Since the computational power of computers is so high, the brute force programs use almost all the encryption algorithms to convert the cipher text to plain text if the key is known. This process would not even take minutes. Therefore, key management is one of the most focused research topic under cryptography. Whitfield Diffie and Martin E. Hellman under a paper "New Directions in Cryptography" [13] introduced the concept of key exchange that is popularly known as Diffie-Hellman key exchange mechanism.
Typically to the cryptographic texts, considering Alice (A) as source or first party and Bob (B) as destination or second party, where A needs to communicate with B in form of a message (m). The message m in plain text is converted to cipher text using a cryptographic algorithm and a secret key (k). The challenge now is to communicate the cipher text along with the secret key. In case, both are communicated on same line or method of communication, there is high probability of the third party or eavesdropper Eve (E) to get both cipher text and secret key. Such communications required a separate secure communication line for transmission of secret key for keeping the message secure.
Diffie-Hellman introduced the concept of Public Key Cryptosystem and public key distribution system to handle the requirement of a separate secure line for communication of secret key. The public key cryptosystem works with two keys with each party known as his private key and public key. The private key as the name suggests is not shared with anyone while the public key is freely distributed to public. The set of keys have following properties: (a) It is feasible to compute inverse pairs of keys known as private and public key. (b) Text encrypted by using public key can be decrypted by only using private key and vice a versa. (c) It is not feasible to derive private key from known public key and the algorithm.
Diffie-Hellman proposed that the private key is the secret key that remains with the owner of the key while the public key is freely distributed among others. The key pair as per the properties is such that anything encrypted by private key can only be decrypted by use of its paired public key and vice a versa. Therefore, this scheme provides not only the confidentiality of the message but also serves the purpose of authentication due to its property. The key pair is also used as digital signature for the purpose of authentication in client server architecture.

░ 3. ELLIPTICAL CURVES
An elliptic curve over a field (K) is a nonsingular cubic curve in two variables, f (X,Y)=0, with a K-rational point (which may be a point at infinity). The field K is usually taken to be the complex numbers (C), reals (R), rationals (Q), algebraic extensions of (Q), p-adic numbers (Q_p), or a finite field [14]. The curve is defined by a math function and is symmetric along X-Axis. The curve is described by following equation:y 2 =x 3 +ax+b Where 4a 3 +27b 2 ≠0 (1)

Figure 1: Adding Point (P and Q) on an Elliptic Curve
This equation is called Weierstrass normal form for elliptic curves and the condition is required to exclude singular curves. Additionally, negative of a point is defined as the reflection of that point on the curve in x-axis. Since, the equation of elliptic curve has only two solutions for any given x value, the resultant of addition of a point and its reflections is Zero. This Zero (0) denotes the Point at Infinity, also known as Identity Element.
Hence the solution to the equations now may be written as:- The points on elliptic curve form an Abelian group as following groups of mathematics are applicable to them: In event of three aligned points on an elliptic curve, their sum is Zero. Hence: This equation enables us to derive the sum of two points on the curve. Elliptical Curve cryptography requires to perform below mentioned two basic arithmetic operations on the points on curve (P and Q to get R):-

Double and Add Algorithm for Point Multiplication
In order to use Elliptic Curve for implementation of Diffie-Hellman Key Exchange, we require the private key to be large integer of the order of 256 bits. This integer is multiplied to the primitive element that raises its complexity exponentially. An efficient method of performing this multiplication is Double and Add algorithm as explained here under: Step 1: Convert integer into Binary format. = + + ⋯ + ∈ ( ) Step 2: Start from right most bit to the left most bit in steps of one bit.
Step 3: Double the point in each step.
Step 3(a): In addition to step 3, Add the point when the encountered bit value is 1.
Through use of Double and Add method to compute multiples of a point, we perform log 2 ( ) doublings and

Hasse's Theorem
Given an Elliptic Curve E modulo p, the number of points on the curve is denoted by #E and is bounded by:- Since we are dealing with large prime number p, the value 1 − 2√ or 1 + 2√ is too small to be considered. Hence, it can be easily considered that the no. of points on curve are approximately equal to the range of prime p. Consequently, in order to select a curve of this 2 256 elements, a prime number having 256 bits is required.

Elliptic Curve Based Discrete Logarithmic Problem (ECDLP)
Authors in [13] were the first to propose use of Discrete Logarithmic Problem as a One Way Function in pursuit of creation of a secure connection over a public channel. One way function may be considered such a function f: X->Y in which it is feasible to compute f(x) given x, however, it is infeasible to calculate x with f(x) =y. Hence its use in public key cryptosystem where the public key can be shared along with the cipher text on a public channel without compromising the security as the private key is secure with the owner.
In terms of Elliptic Curve Cryptography, the Discrete Logarithmic Problem is to find the integer 'd' where

≤ ≤ # (E being the Elliptic Curve)
Integer 'd' is the one used to compute a point 'T' on the curve by performing the group operation on primitive point 'P' such that = ECDLP when applied in Public Key Cryptosystem represents 'd' as private key (integer) and 'T' as the point on Elliptic Curve (E) whose equation and primitive point 'P' is shared on the public channel.

Elliptic Curve Over Finite Field
Finite Field is a set of finite elements like set of integers modulo p, where p is a prime number denoted as . Implementation of public key cryptosystem uses a pair of algorithms constituting Discrete Logarithmic problem over a finite field of elements. A finite field with modulo p, where p is a prime number, consists of all integers from 0 to p-1.
Addition and multiplication are the two binary operations that are applicable on finite field. These operations are associative and commutative. These operations follow 'Clock Arithmetic' as the remainder (modulo) starts from 0 and increments till p-1 and repeats thereafter.

338
The formulae for the algebraic addition or doubling of points under finite fields may be represented as hereunder: However, the division in a finite field is not a simple operation.
In order to perform a ÷ b in , we need to first find the multiplicative inverse of b over and then multiply it with a as in a ÷ b = a.b -1 The multiplicative inverse of a number in finite field can be found using the Extended Euclidean Algorithm.

Recursive iterations of this down till you get a = 1 and then the reverse substitution gets the value ( )
Since we have calculated till a = 1 Hence equations forms as 1 ( ) => b -1 (mod p) (12)

Function Extended Euclidean
Input: a Positive integer argument. b Positive integer argument. Output: k The greatest common divisor of a and b

Mathematical Implementation
Contiki-OS is a pure 'C' language implementation so as to keep the minimum footprint in the flash memory of constrained nodes. The constrained nodes have very limited memory and processing power. Therefore, in order to keep the program implementation light and use minimum power while operation, C programming language is used. This limits the use of heavy mathematical operations on the constrained node. However, the mathematical operations involved in cryptographic implementations are quite bulky in terms of utilization of large prime numbers and also programming complex mathematical equations. Python programming language is high level and fast programming language, which is generally used for solving the cryptographic problems, but it requires much higher computational power and corresponding memory, which is not available in constrained nodes. Hence, usage of python programming language is not recommended.
Therefore, the using pure C operations are mandatory in programming the functionalities in constrained nodes. C programming language supports only two byte integers with a limitation till 65,535 in case of unsigned integer. However, the cryptographic operations require prime numbers ranging from 128 bits to 2048 bits or higher. This necessitates the requirement of usage of an efficient cryptographic implementation, which would provide higher complexity in solving the cryptographic equations with shorter prime numbers as keys.
Hence the merit of using Elliptic Curve cryptography in constrained nodes. Still, the issue of programming the mathematical operations remains a challenge. This challenge is mitigated through use of structures of integers posing as building blocks for large numbers used in these cryptographic operations. The operations are performed using Hex values in form of strings as input and output. These hex values are there after converted into structures having array of integers representing the values.
The inbuilt mathematical functions of addition, subtraction, multiplication, division, modulo etc. cannot be used due to the large numbers being represented as array of integers. Due to this limitation all the basic functions, over and above the other necessary equations, have to be programmed in this implementation. Hence, a major portion of the implementation of ECDH is actually implementation of mathematical functions using large numbers as array of integers. This increases the difficulty of programming by multifold, still keeping the memory footprint low and lower requirement of computational power and hence low usage of battery and thereby increasing the life of a constrained sensor node.

░4. EXPERIMENTAL SETUP AND RESULTS
The mathematical engine has been programmed in C language so as to work as a shared library in the Contiki operating system for experimental purpose. The mathematical engine along with the code for ECDH can be used in other operating systems for IoT as most of the operating systems are implemented using C language. We have chosen SECP160K1 curve [17] for our experimentation with standard parameters as shown in Table 1.

░ Table 2: Comparison of Execution Time in Clock Cycles
We determined the time in clock cycles as is available on Cooja simulator. Two nodes of WisMote were taken in this network with 100% visibility to each other so that no packets are dropped in the communication. As shown in the Table 2, the results in this research work are faster than the previous published researches available with the authors.
However, it is pertinent to note that the experimentation has been carried out in simulator which is run at 1000% speed for 10 times at a random time gap. Additionally, a disclaimer,