Lightweight Session Key Establishment for Android Platform Using ECC

  • Muneer Ahmad DarEmail author
  • Ummer Iqbal Khan
  • Syed Nisar Bukhari
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 41)


Being the lightweight cryptographic technique, the elliptic curve cryptography is considered a suitable cryptography for resource-constraint devices like the small handheld devices called the smartphone. As the computational capabilities of these devices are much less, the elliptic curve cryptography is considered as a much better technique to secure the critical data of these devices. As these devices are always connected with Internet for mobile communications like Facebook, WhatsApp, etc., ensuring the security of these devices on a wireless communication channel is an ongoing challenge. A number of protocols have been proposed and implemented to secure the insecure wireless communication channel and check the authenticity of the user and integrity of messages communicated between the mobile devices. In this paper, we implement a robust and secure elliptic curve cryptography-based authentication to secure the communication between two communicating devices. Our research will demonstrate the implementation and analysis of elliptic curve cryptography on world’s leading smartphone operating system—Android. Being the open-source mobile operating system, we will explore the cryptographic libraries and enhance those libraries to implement the elliptic curve cryptography. The objective of this paper is to secure our mobile user from the threats which include snooping, alteration, replaying, and interruption of message transmission. Our proof of concept implementation includes two client Android applications, communicating with each other. We will establish a secure communication channel between the two devices by implementing the Elliptic Curve Diffie–Hellman (ECDH) algorithm. We also propose an improved ECDH algorithm which can protect our communication from the man-in-the-middle attack. The performance analysis of the improved algorithm is presented in this paper.


Cryptography Authentication ECC Android ECDH 


  1. 1.
    Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., Wustrow, E.: Elliptic curve cryptography in practice. In: IACR Cryptologic, pp. 157–175 (2014)Google Scholar
  2. 2.
    Wu, X., Dandash, O., Le, P.D.: The design and implementation of a smartphone payment system based on limited-used key generation scheme. In: Proceedings of the Third International Conference on Information Technology New Generation ITNG 2006, vol. 2006, pp. 458–463 (2006)Google Scholar
  3. 3.
    Ramkumar, S.: Secure communication using elliptic curve cryptography on Android devices 2(20), 11–13 (2016)Google Scholar
  4. 4.
    Pan, W., Zheng, F., Zhao, Y., Zhu, W.T., Jing, J.: An efficient elliptic curve cryptography signature server with GPU acceleration. IEEE Trans. Inf. Forensics Secur. 12(1), 111–122 (2017)CrossRefGoogle Scholar
  5. 5.
    Li, C.-T.: A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf. Secur. 7(1), 3–10 (2013)CrossRefGoogle Scholar
  6. 6.
    Sudha, G., Ganesan, R.: Secure transmission medical data for pervasive healthcare system using android. In: 2013 Proceedings of the International Conference on Signal Processing ICCSP, pp. 433–436 (2013)Google Scholar
  7. 7.
    Tawalbeh, L., Mowafi, M., Aljoby, W.: Use of elliptic curve cryptography for multimedia encryption. IET Inf. Secur. 7(2), 67–74 (2013)CrossRefGoogle Scholar
  8. 8.
    Khan, M.M., Bakhtiari, M., Bakhtiari, S.: An HTTPS approach to resist man in the middle attack in secure SMS using ECC and RSA. In: International Conference on Intelligent Systems Design and Applications ISDA, pp. 115–120 (2014)Google Scholar
  9. 9.
    Naik, M., Sindkar, A., Benali, P., Moralwar, C.: Secure and reliable data transfer on Android mobiles using AES and ECC algorithmGoogle Scholar
  10. 10.
    Moon, A.H., Ummer, K.: Authentication protocols for WSN using ECC and hidden generator. Int. J. Comput. Appl. 133(13), 42–47 (2016)Google Scholar
  11. 11.
    Druml, N., et al.: A flexible and lightweight ECC-based authentication solution for resource constrained systems. In: 2014 Proceedings of the 17th Euromicro Conference on Digital System Design DSD 2014, pp. 372–378 (2014)Google Scholar
  12. 12.
    Ragunathan, P., Sambath, K., Karthik, V.: Accessing a network using a secure Android application. Int. J. Adv. Netw. Appl. 4(1), 1503–1508 (2012)Google Scholar
  13. 13.
    Wang, L., Wang, H., Khan, M.K., He, D.: Lightweight anonymous key distribution scheme for smart grid using elliptic curve cryptography. IET Commun. 10(14), 1795–1802 (2016)CrossRefGoogle Scholar
  14. 14.
    Sarhan, H., Hafez, A.A., Safwat, A.: Secure Android-based mobile banking scheme. Int. J. Comput. Appl. 118(12), 21–26 (2015)CrossRefGoogle Scholar
  15. 15.
    Rangarajan, S., Ram, N.S., Krishna, N.V.: Securing SMS using cryptography. 4(2), 285–288 (2013)Google Scholar
  16. 16.
    Dar, M.A., Parvez, J.: Security enhancement in Android using ellipic curve cryptography. Int. J. Secur. Appl. 11(6), 27–34 (2017)Google Scholar
  17. 17.
    Simon, L., Anderson, R.: Security analysis of Android factory resets. In: 4th Mobile Security Technologies Workshop, p. 10 (2015)Google Scholar
  18. 18.
    Dar, M.A., Parvez, J.: Novel techniques to enhance the security of smartphone applications 32–36 (2016)Google Scholar
  19. 19.
    Dar, M.A., Parvez, J.: Enhancing security of Android & IOS by implementing need-based security (NBS). In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies, ICCICCT 2014, pp. 728–733 (2014)Google Scholar
  20. 20.
    Dar, M.A., Parvez, J.: A live-tracking framework for Smartphones. In: 2015 IEEE International Conference on Innovations in Information, Embedded and Communication Systems, ICIIECS 2015, pp. 3–6 (2015)Google Scholar
  21. 21.
    Dar, M.A., Parvez, J.: Smartphone operating systems: evaluation & enhancements. In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies, ICCICCT 2014, pp. 734–738 (2014)Google Scholar
  22. 22.
    Acosta, J.C., Mendoza, H., Medina, B.G.: An efficient common substrings algorithm for on-the-fly behavior-based malware detection and analysis. In: Proceedings of the IEEE Military Communications Conference MILCOM, pp. 1–6 (2012)Google Scholar
  23. 23.
    Alomari, M.A., Samsudin, K.: A framework for GPU-accelerated AES-XTS encryption in mobile devices. In: IEEE Region 10 International Conference Proceedings/TENCON, pp. 144–148 (2011)Google Scholar
  24. 24.
    Sanzziri, A., Nandugudi, A., Upadhyaya, S., Qiao, C.: SESAME: Smartphone enabled secure access to multiple entities. In: 2013 International Conference on Computer Communications and Networks (ICCCN), ICNC 2013, pp. 879–883 (2013)Google Scholar
  25. 25.
    Shukla, H., Singh, V., Choi, Y.H., Kwon, J., Hahm, C.H.: Enhance OS security by restricting privileges of vulnerable application. In: 2013 2nd IEEE Global Conference on Consumer Electronics GCCE 2013, pp. 207–211 (2013)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Muneer Ahmad Dar
    • 1
    Email author
  • Ummer Iqbal Khan
    • 1
  • Syed Nisar Bukhari
    • 1
  1. 1.National Institute of Electronics & Information Technology (NIELIT) SrinagarSrinagarIndia

Personalised recommendations