CSProp: Ciphertext and Signature Propagation Low-Overhead Public-Key Cryptosystem for IoT Environments


Fatemah Alharbi, Taibah University, Yanbu; Arwa Alrawais, Prince Sattam Bin Abdulaziz University; Abdulrahman Bin Rabiah, University of California, Riverside, and King Saud University; Silas Richelson and Nael Abu-Ghazaleh, University of California, Riverside


Cryptographic operations can be prohibitively expensive for IoT and other resource-constrained devices. We introduce a new cryptographic primitive which we call Ciphertext and Signature Propagation (CSProp) in order to deliver security to the weak end-devices. CSProp is a cryptographic propagation algorithm whereby an untrusted machine sitting upstream of a lightweight device can modify an authenticated message so it can be efficiently verified. Unlike proxy-based solutions, this upstream machine is stateless and untrusted (making it possible for any device to serve that role), and the propagated signature is mathematically guaranteed to be valid only if the original signature is also valid. CSProp relies on RSA security and can be used to optimize any operations using the public key such as signature validation and encryption, which our experiments show are the most common public key operations in IoT settings. We test CSProp by using it to extend DNSSEC to edge devices (validation), and to optimize the performance of TLS (validation and encryption) on a range of resource constrained devices. CSProp reduces DNSSEC validation latency by 78x and energy consumption by 47x on the Raspberry Pi Zero. It reduces TLS handshake latency and energy by an average of 8x each. On an Arduino-based IoT board, CSProp significantly outperforms traditional RSA public key operations (e.g., 57x and 36x reductions in latency and energy consumption, respectively, for encryption).

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {274555,
author = {Fatemah Alharbi and Arwa Alrawais and Abdulrahman Bin Rabiah and Silas Richelson and Nael Abu-Ghazaleh},
title = {{CSProp}: Ciphertext and Signature Propagation {Low-Overhead} {Public-Key} Cryptosystem for {IoT} Environments},
booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {609--626},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/alharbi},
publisher = {USENIX Association},
month = aug

Presentation Video