Skip to main content

Fujitsu

Global

Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Fujitsu, Others Develop High-Speed Authentication Technology for Encrypted Communications with IoT Devices

Nearly 80% reduction in authentication time verified in joint research with University of Tokyo and Toho University

Fujitsu Laboratories Ltd.

Kawasaki, Japan, January 19, 2016

Fujitsu Laboratories Ltd. today announced that, in collaboration with the University of Tokyo and Toho University, it has developed authentication technology for Internet-of-Things (IoT) devices that reduces the time needed for authentication in the Transport Layer Security (TLS)(1) cryptographic protocol by nearly 80%, compared to previous methods with the same security strength. The TLS protocol, which is widely used in PCs and other devices, employs public key cryptography.

TLS requires a certain amount of processing capacity, so it had been difficult to apply to IoT devices, which, with their simplified structure, had taken a second or more for authentication. Now, by reducing the processing load of the core authenticated key exchange method, and by accelerating the arithmetic operation speed, the research team succeeded in developing authentication technology that could accommodate TLS.

Envisioning actual applications, the team performed field trials of the newly developed technology by connecting it to an energy management system for air conditioning equipment in the Green University of Tokyo Project (GUTP)(2).

With this technology, IoT devices, which have lower processing capacity than PCs, can use communications technology with the same level of safety as that used by PCs. This enables the IoT to be used even in applications requiring security and privacy.

Details on this technology will be released at SCIS2016, the Symposium on Cryptography and Information Security, opening today in Kumamoto, Japan.

Background

The goal of the IoT is to bring greater convenience and comfort to social infrastructure and people's lives by connecting a wide variety of devices, such as sensors and home appliances, to the Internet to enable automated data collection and system controls without human intervention. In addition, because it is envisioned that it will handle private data on people's lives, there is a need for technology that further raises the level of safety to protect against the risk of data leaks and unauthorized operation of devices.

Technological Issues

With PCs and smartphones, the TLS cryptographic protocol, which employs public key cryptography, is widely used to prevent identity fraud, data theft, and tampering in communications. This is an important technology for enabling safe Internet communications, but because it requires a certain amount of processing capacity, IoT devices require a second or more to authenticate communications as they have lower processing capacity than PCs. In addition, a significant amount of electricity is consumed in communications. As a result, from a practical standpoint, it has been difficult to widely apply TLS to IoT devices across the board.

About the Technology

In collaboration with the University of Tokyo and Toho University, Fujitsu Laboratories has developed TLS authentication using an ID-based authenticated key exchange method, which reduces authentication time to nearly one-fifth of previous methods.

The newly developed authentication method is envisaged to be used in gateway devices, which have processing capabilities that are about half-way between small-scale sensors and PCs. The gateway devices, which communicate through the Internet, would be installed at the exit of a network that connects multiple small-scale sensors and non-Internet-connected devices (Figure 1).

Figure 1: Areas of applicability for the newly developed technologyFigure 1: Areas of applicability for the newly developed technology

The features of the newly developed technology are as follows:

1. Reduces the processing load of the authenticated key exchange method in TLS

Under specific management, public key cryptography that uses a device's assigned ID as a public key for cryptographic processing, called ID-based cryptography, obviates the need for certificates as the correctness of the ID is directly bound to that of the public key. Therefore, it is possible to eliminate the processing involved in certificate validation, transmission, and reception. To apply TLS, however, further reductions in the processing load were necessary.

In addition to limiting the implemented functions to the authentication and key exchange required for TLS and employing an authenticated key exchange scheme with fewer operations, the research team also created an efficient communications sequence by devising a scheme that sends ID notifications first (Figure 2).

This is the world's first use of an efficient ID-based authenticated key exchange scheme in TLS.

Figure 2: Authentication procedure using the new methodFigure 2: Authentication procedure using the new method

2. Accelerates calculation processing

The research team found that many similar arithmetic operations are carried out multiple times during key exchange. To remedy this, they devised a method to execute them all at once, accelerating the speed of key exchange for ID-based cryptography.

In order to make it simple to deploy in systems using OpenSSL, which is widely used around the world, the research team implemented this newly developed technology as an extension of OpenSSL. In addition, they have incorporated it into communications software using the IEEE 1888 protocol(3), which is a communications standard for smart cities.

The IEEE 1888 communication software incorporating the newly developed technology was installed on gateway devices and servers at the University of Tokyo and Toho University, and field trials were performed through the Internet from November to December, 2015.

Envisioning actual applications, in these trials the team connected the new technology to an energy management system for air conditioning equipment in the GUTP (Figure 3).

Figure 3: Structure of the field trial systemFigure 3: Structure of the field trial system

In the joint development, Fujitsu Laboratories primarily took responsibility for the design and implementation of the authentication method; the University of Tokyo handled the application of the IEEE 1888 communication software and building the experimental environment; and Toho University focused on improvements to the TEPLA(4) cryptography implementation.

Results

Compared to previous methods with the same security strength, the new technology reduced the time required for TLS authentication by nearly 80%, enabling TLS authentication time of several hundred milliseconds, even by IoT devices with relatively low processing capacity (Figure 4). As a result, even when IoT devices communicate, data leaks or unauthorized operation of devices can be prevented, enabling the IoT's scope of use to be expanded to applications requiring security and privacy.

Figure 4: Performance comparison of TLS authentication with the existing methodFigure 4: Performance comparison of TLS authentication with the existing method

Future Plans

With the aim of practical application in fiscal 2017, Fujitsu Laboratories will work with Toho University to provide IEEE 1888 communications software to bring this technology to organizations participating in the GUTP, and will work to expand its applications.


  • [1] Transport Layer Security (TLS)

    A standard authentication and encrypted communications protocol that is a successor to the Secure Sockets Layer (SSL) protocol. It is widely used in HTTPS and SSL VPNs (Secure Sockets Layer virtual private networks).

  • [2] Green University of Tokyo Project (GUTP)

    A University of Tokyo project to collaborate with industry initiated in 2008 to address the earth’s environmental problems using ICT. It has produced such results as the development of IEEE 1888, and, in the summer of 2011, a 30% reduction in peak electricity usage for the University of Tokyo’s five campuses compared to the prior fiscal year by bringing visibility to power consumption.

  • [3] IEEE 1888 protocol

    The Ubiquitous Green Community Control Network (UGCCNet) protocol. A communications standard promulgated by the Institute of Electrical and Electronics Engineers (IEEE) in the US in 2011 to monitor and control building energy management systems and other communities needed to create smart cities. In 2015, it was also published as International Standard ISO/IEC 18880.

  • [4] TEPLA

    Acronym for University of Tsukuba Elliptic Curve and Pairing Library. An open source library that provides an arithmetic operation called pairing that is needed for ID-based cryptography.

About Fujitsu

Fujitsu is the leading Japanese information and communication technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 159,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.8 trillion yen (US$40 billion) for the fiscal year ended March 31, 2015. For more information, please see http://www.fujitsu.com.

About Fujitsu Laboratories

Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Ltd. is one of the premier research centers in the world. With a global network of laboratories in Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://www.fujitsu.com/jp/group/labs/en/.

Press Contacts

Public and Investor Relations Division
Inquiries

Company:Fujitsu Limited

Technical Contacts

Knowledge Information Processing Laboratory


E-mail: E-mail: tls-id-2016@ml.labs.fujitsu.com
Company:Fujitsu Laboratories Ltd.


All company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.

Date: 19 January, 2016
City: Kawasaki, Japan
Company: Fujitsu Laboratories Ltd.