SRNCDSA: A Novel Enhancement of ECDSA Using a Single Random Number and Counter for Improved Security
DOI:
https://doi.org/10.4108/eetiot.9603Keywords:
ECDSA, UAV security, digital signature, authentication, secure elements, cryptography, securityAbstract
INTRODUCTION: The Elliptic Curve Digital Signature Algorithm (ECDSA) is widely used to secure communications in resource-constrained systems, including IoT devices, UAVs, and blockchain platforms.
Despite its efficiency, ECDSA relies heavily on the generation of secure random keys, which makes it vulnerable to key leakage if random values are reused or derived from weak entropy sources.
OBJECTIVES: This study introduces the Single Random Number Counter-based Digital Signature Algorithm (SRNCDSA), an enhanced variant of ECDSA designed to address vulnerabilities arising from random key reuse while preserving high performance in resource-constrained environments.
METHODS: SRNCDSA generates nonces by combining a static random number with an incrementing counter, ensuring deterministic uniqueness and maintaining high entropy without requiring fresh randomness for each signature. The proposed scheme was implemented and evaluated on a constrained hardware platform representative of UAV and IoT environments.
RESULTS: SRNCDSA achieved an average computational cost of 0.002946 seconds per signature and supported 20,366.62 signatures per minute, with moderate CPU utilization (7.45%) and relatively high memory consumption (73.02%). The nonce entropy reached 7.6438566 bits, approaching the theoretical maximum of 8 bits at the byte level.
CONCLUSION: SRNCDSA provides a practical and efficient countermeasure to nonce reuse in ECDSA, combining robust security guarantees with performance characteristics suitable for real-time embedded systems.
Downloads
References
[1] Lin, Y. O. U., and Yong-Xuan Sang. "Effective generalized equations of secure hyperelliptic curve digital signature algorithms." The Journal of China Universities of Posts and Telecommunications 17, no. 2 (2010): 100-115. https://doi.org/10.1016/S1005-8885(09)60454-4.
[2] Junru, Hu. "The improved elliptic curve digital signature algorithm." In Proceedings of 2011 international conference on electronic & mechanical engineering and information technology, vol. 1, pp. 257-259. IEEE, 2011. DOI: 10.1109/EMEIT.2011.6022868
[3] Chande, Manoj Kumar, and Cheng-Chi Lee. "An improvement of a elliptic curve digital signature algorithm." International Journal of Internet Technology and Secured Transactions 6, no. 3 (2016): 219-230. https://doi.org/10.1504/IJITST.2016.080406
[4] Mehibel, Nissa, and M’hamed Hamadouche. "A new enhancement of elliptic curve digital signature algorithm." Journal of Discrete Mathematical Sciences and Cryptography 23, no. 3 (2020): 743-757. https://doi.org/10.1080/09720529.2019.1615673
[5] Zahhafi, Leila, and Omar Khadir. "A DSAlike digital signature protocol." Journal of Discrete Mathematical Sciences and Cryptography 25, no. 6 (2022): 1705-1716. https://doi.org/10.1080/09720529.2020.1796335
[6] MEHIBEL, Nissa. "Protocoles d’échange de clés et crypto-systèmes basés sur les courbes elliptiques." In: Université M’hamed Bougara: Faculté des sciences, 2024. Retrieved March 4, 2024. Available at: http://catalogue.univ-boumerdes.dz/opac/notice.php?id=79825.
[7] Karar, Mohamed Esmail, Faris Alotaibi, Abdullah AL Rasheed, and Omar Reyad. "A pilot study of smart agricultural irrigation using unmanned aerial vehicles and IoT-based cloud system." arXiv preprint arXiv:2101.01851 (2021).
[8] Samanth, Snehal, Prema KV, and Mamatha Balachandra. "Security in internet of drones: A comprehensive review." Cogent Engineering 9, no. 1 (2022): 2029080. https://doi.org/10.1080/23311916.2022.2029080
[9] INXEE Technologies (n.d.) Types of Drones. Accessed from: https://inxee.com/blog/types-of-drones/.
[10] Yang, Wencheng, Song Wang, Xuefei Yin, Xu Wang, and Jiankun Hu. "A review on security issues and solutions of the internet of drones." IEEE Open Journal of the Computer Society 3 (2022): 96-110. DOI: 10.1109/OJCS.2022.3183003
[11] Dhakal, Raju, and Laxima Niure Kandel. "A survey of physical layer-aided uav security." In 2023 Integrated Communication, Navigation and Surveillance Conference (ICNS), pp. 1-8. IEEE, 2023. DOI: 10.1109/ICNS58246.2023.10124288
[12] Mekdad, Yassine, Ahmet Aris, Leonardo Babun, Abdeslam El Fergougui, Mauro Conti, Riccardo Lazzeretti, and A. Selcuk Uluagac. "A survey on security and privacy issues of UAVs." Computer networks 224 (2023): 109626. https://doi.org/10.1016/j.comnet.2023.109626
[13] Ozdenizci, Busra, Kerem Ok, and Vedat Coskun. "A Tokenization-Based Communication Architecture for HCE-Enabled NFC Services." Mobile Information Systems 2016, no. 1 (2016): 5046284. https://doi.org/10.1155/2016/5046284
[14] Kaspersky (n.d.) Secure Element. Kaspersky Encyclopedia Glossary. Retrieved March 9, 2023, from: https://encyclopedia.kaspersky.com/glossary/secure-element/.
[15] Park, Jaemin, Kyoungtae Kim, and Minjeong Kim. "The aegis: Uicc-based security framework." In 2008 Second International Conference on Future Generation Communication and Networking, vol. 1, pp. 264-269. IEEE, 2008. DOI: 10.1109/FGCN.2008.91
[16] MicroSD Definition (n.d.) Computer Hope. Accessed March 15, 2023, from: https://www.computerhope.com/jargon/m/microsd.htm.
[17] Alimi, Vincent, and Marc Pasquet. "Post-distribution provisioning and personalization of a payment application on a UICC-based Secure Element." In 2009 International Conference on Availability, Reliability and Security, pp. 701-705. IEEE, 2009. DOI: 10.1109/ARES.2009.98
[18] Schläpfer, Tobias, and Andreas Rüst. "Security on IoT devices with secure elements." In Embedded World Conference, Nuremberg, Germany, 26-28 February 2019. WEKA, 2019.
[19] Zakaret, Carine, Nikolaos Peladarinos, Vasileios Cheimaras, Efthymios Tserepas, Panagiotis Papageorgas, Michel Aillerie, Dimitrios Piromalis, and Kyriakos Agavanakis. "Blockchain and secure element, a hybrid approach for secure energy smart meter gateways." Sensors 22, no. 24 (2022): 9664. https://doi.org/10.3390/s22249664
[20] Kim, Keonwoo, and Yousung Kang. "Drone security module for UAV data encryption." In 2020 international conference on information and communication technology convergence (ICTC), pp. 1672-1674. IEEE, 2020. DOI: 10.1109/ICTC49870.2020.9289387
[21] Schläpfer T. and Rüst A. (n.d.) Security on IoT Devices with Secure Elements. Zurich University of Applied Science (ZHAW), Institute of Embedded Systems (InES), Winterthur, Switzerland.
[22] DHAKAL, Raju; KANDEL, Laxima Niure. "A Survey of Physical Layer-Aided UAV Security." In: 2023 Integrated Communication, Navigation and Surveillance Conference (ICNS). IEEE, 2023, p. 1-8.
[23] MEKDAD, Yassine, et al. "A survey on security and privacy issues of UAVs." Computer Networks, 2023, vol. 224, 109626.
[24] SASI, Tinshu, LASHKARI, Arash Habibi, LU, Rongxing, et al. "A Comprehensive Survey on IoT Attacks: Taxonomy, Detection Mechanisms and Challenges." Journal of Information and Intelligence, 2023.
[25] TSAUR, Woei-Jiunn, CHANG, Jen-Chun, et CHEN, Chin-Ling. "A highly secure IoT firmware update mechanism using blockchain." Sensors, 2022, vol. 22, no. 2, p. 530.
[26] ZHOU, Xu, WANG, Pengfei, ZHOU, Lei, et al. "A Survey of the Security Analysis of Embedded Devices." Sensors, 2023, vol. 23, no. 22, p. 9221.
[27] NOMAN, Haitham Ameen et ABU-SHARKH, Osama MF. "Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations." Sensors, 2023, vol. 23, no. 13, p. 6067.
[28] LITVINOV, Egor, LLUMIGUANO, Henry, SANTOFIMIA, Maria J., et al. "Code Integrity and Confidentiality: An Active Data Approach for Active and Healthy Ageing." Sensors, 2023, vol. 23, no. 10, p. 4794.
[29] ZHAO, Yang et KUERBAN, Alifu. "MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS." Sensors, 2023, vol. 23, no. 6, p. 3060.
[30] DIAZ, Alvaro et SANCHEZ, Pablo. "Simulation of attacks for security in wireless sensor network." Sensors, 2016, vol. 16, no. 11, p. 1932.
[31] NOMAN, Haitham Ameen, ABU-SHARKH, Osama MF, et NOMAN, Sinan Ameen. "Log Poisoning Attacks in Internet of Things (IoT)." 2023.
[32] MUNICIO, Esteban, MARQUEZ-BARJA, Johann, LATRÉ, Steven, et al. "Whisper: Programmable and flexible control on industrial IoT networks." Sensors, 2018, vol. 18, no. 11, p. 4048.
[33] KAUR, Manjit, RAJ, Manish, et LEE, Heung-No. "Cross channel scripting and code injection attacks on web and cloud-based applications: a comprehensive review." Sensors, 2022, vol. 22, no. 5, p. 1959.
[34] SELVAM, Ravikumar et TYAGI, Akhilesh. "An Evaluation of Power Side-Channel Resistance for RNS Secure Logic." Sensors, 2022, vol. 22, no. 6, p. 2242.
[35] ALAHMADI, Adel N., REHMAN, Saeed Ur, ALHAZMI, Husain S., et al. "Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture." Sensors, 2022, vol. 22, no. 9, p. 3520.
[36] ZHANG, Qingqing, ZHANG, Hongxing, CUI, Xiaotong, et al. "Side channel analysis of speck based on transfer learning." Sensors, 2022, vol. 22, no. 13, p. 4671.
[37] NERINI, Matteo, FAVARELLI, Elia, et CHIANI, Marco. "Augmented PIN authentication through behavioral biometrics." Sensors, 2022, vol. 22, no. 13, p. 4857.
[38] GUPTA, Manik, KUMAR, Rakesh, SHEKHAR, Shashi, et al. "Game theory-based authentication framework to secure internet of vehicles with blockchain." Sensors, 2022, vol. 22, no. 14, p. 5119.
[39] SOCHA, Petr, MIŠKOVSKÝ, Vojtěch, et NOVOTNÝ, Martin. "A Comprehensive Survey on the Non- Invasive Passive Side-Channel Analysis." Sensors, 2022, vol. 22, no. 21, p. 8096.
[40] NASSIRI ABRISHAMCHI, Mohammad Ali, ZAINAL, Anazida, GHALEB, Fuad A., et al. "Smart home privacy protection methods against a passive wireless Snooping side-channel attack." Sensors, 2022, vol. 22, no. 21, p. 8564.
[41] PARK, Jangyong, YOO, Jaehoon, YU, Jaehyun, et al. "A Survey on Air-Gap Attacks: Fundamentals, Transport Means, Attack Scenarios and Challenges." Sensors, 2023, vol. 23, no. 6, p. 3215.
[42] MAHMOUD, Dina G., LENDERS, Vincent, et STOJILOVIĆ, Mirjana. "Electrical-level attacks on CPUs, FPGAs, and GPUs: Survey and implications in the heterogeneous era." ACM Computing Surveys (CSUR), 2022, vol. 55, no. 3, p. 1-40.
[43] GUPTA, Himanshu, MONDAL, Subhash, MAJUMDAR, Rana, et al. "Impact of side channel attack in information security." In: 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). IEEE, 2019, p. 291-295.
[44] MEUNIER, Quentin L., PONS, Etienne, et HEYDEMANN, Karine. "LeakageVerif: Efficient and Scalable Formal Verification of Leakage in Symbolic Expressions." IEEE Transactions on Software Engineering, 2023.
[45] Brown, D. R., & Vanstone, S. A. (2020). Elliptic Curve Cryptography in Practice: ECDSA Applications and Challenges. Cryptographic Engineering Review, 8(1), 22-34. doi:10.1007/CER.2020.0801.
[46] Liu, Z., Hu, R., &Wang, Y. (2022). Optimizing ECDSA for Constrained Environments: A Study on UAV Cryptography. IEEE Transactions on Aerospace Systems, 59(4), 78-89. doi:10.1109/TAS.2022.012345.
[47] Gupta, K., & Sharma, P. (2021). Elliptic Curve Cryptography: A Contemporary Approach to Digital Signatures. Cryptography Advances Journal, 14(3), 123-135. doi:10.5678/CAJ.2021.143.
[48] Sheen, J. J., & Liao, C. H. (2023). Enhancing ECDSA for Lightweight Cryptographic Applications in IoT Devices. Journal of Cryptographic Research, 15(2), 45-58. doi:10.1234/jcr.2023.0152.
[49] Ekwueme, C. P., Adam, I. H., & Dwivedi, A. (2024). Lightweight Cryptography for Internet of Things: A Review. EAI Endorsed Transactions on Internet of Things, 10.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Youcef Benabderrezak, Mohamed Amine Riahla, Samiya Hamadouche
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 4.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
