Amidst daily reports of cyber attack and cyber crime, a cyber security technology called signcryption has been formally recognized as an international standard by ISO, the International Organization for Standardization. Signcryption protects confidentiality and authenticity, seamlessly and simultaneously, a noteworthy improvement over current two-step encryption methods.
Yuliang Zheng, the University of North Carolina — Charlotte professor who invented signcryption, calls the technology the Swiss Army knife of data security. The adoption of signcryption as an international standard is significant in several ways.
“It will now be the standard worldwide for protecting confidentiality and authenticity during transmissions of digital information,” Zheng said.
Zheng said signcryption offers the functions of both electronic signature (for authentication) and public key encryption (for confidentiality) and does them at a significantly smaller cost than doing signature and encryption separately, “cost” in this sense being computational time and communication delay.
He told Homeland1 that several types of homeland security applications are improved by signcryption, including secure communication and emergency response, which require minimal communications delay.
“Due to its fast operation, signcryption can greatly shorten the handshake process during the initial setup stage of communication,” he said.
Also improved are devices and equipment powered by batteries, including smart phones and PDAs, 3G and 4G mobile devices, and emerging technologies such as radio frequency identifiers and wireless sensor networks. Zheng said the reason is simple: Signcryption can be used as a drop-in upgrade for existing encryption and signature algorithms.
“Once the upgrade is done, these devices will not only work faster, but also have a longer battery life, all due to the fact that signcryption requires fewer CPU cycles to deliver the same kind of security services as were done by older algorithms,” Zheng said.
At a different level, Zheng said signcryption also simplifies the management of digital (public key) certificates for authentication of servers, devices, users and applications.
One manifestation of this, he said, will be an earlier arrival of swarms of smart sensors, or “smart dust”, that work autonomously to collect environmental data, then transmit that data to central servers. Smart dust devices are tiny wireless microelectromechanical sensors that can detect everything from light to vibrations to biohazards.
Zheng said these sensors can now be equipped with signcryption instead of old-fashioned digital signature and public key encryption, thereby enhancing security and prolonging battery life.