CryptoQuest : Adapting Modern Cryptographic Schemes for Resource-Constrained Devices
Frimpong, Eugene Kwaku (2025)
Tampere University
2025
Tieto- ja sähkötekniikan tohtoriohjelma - Doctoral Programme in Computing and Electrical Engineering
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Väitöspäivä
2025-02-07
Julkaisun pysyvä osoite on
https://urn.fi/URN:ISBN:978-952-03-3679-0
https://urn.fi/URN:ISBN:978-952-03-3679-0
Tiivistelmä
Even though the idea of transforming basic objects into smart objects with sensors is not new, it is only now that we have started seeing the incredible impact of this digital transformation in our societies. There is no doubt that the Internet of Things (IoT) has the power to change our world and drive us to a complete social evolution. However, due to the vastly resource-constrained nature of the devices used in IoT, implementing secure and privacy-preserving services using standard cryptographic algorithms as designed has been a real challenge. To this end, this dissertation discusses seven publications that explore four modern cryptographic primitives, namely Symmetric Searchable Encryption (SSE), Functional Encryption (FE), Hybrid Homomorphic Encryption (HHE), and Certificateless Public Key Cryptography (CLPKC). And adapt these primitives for resource-constrained devices by designing protocols considering specific IoT use cases. Publication I is the foundational piece and implements a lightweight cryptographic library that secures communication protocols between multiple communicating nodes without the need for external trusted entities or a server. Publication II builds on the library implemented in Publication I and explores the SSE primitive. SSE allows the outsourcing of encrypted data to possible untrusted third-party services while simultaneously allowing users to search over the encrypted data in a secure and privacy-preserving way. Publication II proves that SSE schemes can, under certain circumstances, work on constrained devices and eventually be adopted by IoT services. To this end, we designed and implemented a forward private dynamic SSE scheme that runs smoothly on resource-constrained devices. In Publication III, we propose a pairing-free certificateless group-authenticated key distribution protocol for drone-based applications that considers drones with varying computational resources. The proposed scheme ensures key freshness, group key secrecy, forward secrecy, and backward secrecy while ensuring that the scheme is lightweight enough to be implemented on very resource-constrained drones or smart devices. Using the CL-PKC primitive discussed in Publication III, Publication IV proposes a distributed access control architecture where the core components are distributed between fog nodes and the cloud. To facilitate secure communication between entities in the architecture, we utilize a Certificateless Hybrid Signcryption scheme without pairing. The approach’s effectiveness is evaluated by providing a comparative analysis of its performance compared to the commonly used cloudbased centralized architectures.
In Publications V and VI, we explore the HHE primitive. Homomorphic Encryption (HE) is a modern cryptographic technique that allows direct computations on encrypted data. Despite the technological advancements HE offers, its inherent computational inefficiencies render it impractical for deployment in realistic scenarios. To overcome these inefficiencies and bring HE closer to a realization phase, HHE, a primitive that combines symmetric cryptography with HE, was introduced. Using HHE, users perform local data encryptions using a symmetric encryption scheme and then outsource them to the cloud. Upon reception, the cloud transforms the symmetrically encrypted data to homomorphic ciphertexts without decrypting them. Publication V introduces the design of a secure cryptographic protocol based on HHE that shows how HHE can be used as the primary building block of a protocol that allows an analyst to collect data from multiple sources and compute specific functions over them in a privacy-preserving way. Subsequently, Publication VI introduces HHE to Machine Learning (ML). ML has become one of the most impactful fields of data science in recent years. However, a significant concern with ML is its privacy risks due to rising attacks against ML models. Privacy-Preserving Machine Learning (PPML) methods have been proposed to mitigate ML models’ privacy and security risks. HHE potentially provides a foundation to build new efficient and privacy-preserving services that transfer expensive HE operations to the cloud. We utilize HHE as the primary building block to design two PPML protocols. Finally, in Publication VII, we explore the FE primitive. FE is a cryptographic technique that enables a user with a specific functional decryption key to determine a certain function of encrypted data without gaining access to the underlying data. Publication VII investigates how FE can be applied to resource-constrained environments and presents the first lightweight FE scheme explicitly designed for resource-constrained devices. We also propose a use case protocol demonstrating how our scheme can secure an IoT architecture where relevant devices collect data and securely deliver them to a storage server, where an analyst can request access to the encrypted data.
In Publications V and VI, we explore the HHE primitive. Homomorphic Encryption (HE) is a modern cryptographic technique that allows direct computations on encrypted data. Despite the technological advancements HE offers, its inherent computational inefficiencies render it impractical for deployment in realistic scenarios. To overcome these inefficiencies and bring HE closer to a realization phase, HHE, a primitive that combines symmetric cryptography with HE, was introduced. Using HHE, users perform local data encryptions using a symmetric encryption scheme and then outsource them to the cloud. Upon reception, the cloud transforms the symmetrically encrypted data to homomorphic ciphertexts without decrypting them. Publication V introduces the design of a secure cryptographic protocol based on HHE that shows how HHE can be used as the primary building block of a protocol that allows an analyst to collect data from multiple sources and compute specific functions over them in a privacy-preserving way. Subsequently, Publication VI introduces HHE to Machine Learning (ML). ML has become one of the most impactful fields of data science in recent years. However, a significant concern with ML is its privacy risks due to rising attacks against ML models. Privacy-Preserving Machine Learning (PPML) methods have been proposed to mitigate ML models’ privacy and security risks. HHE potentially provides a foundation to build new efficient and privacy-preserving services that transfer expensive HE operations to the cloud. We utilize HHE as the primary building block to design two PPML protocols. Finally, in Publication VII, we explore the FE primitive. FE is a cryptographic technique that enables a user with a specific functional decryption key to determine a certain function of encrypted data without gaining access to the underlying data. Publication VII investigates how FE can be applied to resource-constrained environments and presents the first lightweight FE scheme explicitly designed for resource-constrained devices. We also propose a use case protocol demonstrating how our scheme can secure an IoT architecture where relevant devices collect data and securely deliver them to a storage server, where an analyst can request access to the encrypted data.
Kokoelmat
- Väitöskirjat [5009]