The 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob)

Comparison of ECDSA and RSA Signature Scheme

on NLSR Performance

Deden Irfan Afryansyah Muhammad Raka Perbawa Riri Fitri Sari

Department of Electrical Department of Electrical Department of Electrical
Engineering Engineering Engineering
Faculty of Engineering Faculty of Engineering Faculty of Engineering
Universitas Indonesia Universitas Indonesia Universitas Indonesia
Kampus Baru UI Depok, 16424, Kampus Baru UI Depok, 16424, Kampus Baru UI Depok, 16424,
Indonesia Indonesia Indonesia
deden.irfan@ui.ac.id muhammad.raka61@ui.ac.id riri@ui.ac.id

Abstract—The Named-data Link State Routing protocol security. The signature, combined with data publisher
(NLSR) is an intra-domain routing protocol for Named Data information, enables its determination of data provenance,
Networking (NDN). It is an application level protocol similar with allowing the consumer’s trust in data where data is obtained.
many IP routing protocols, but NLSR uses NDN’s Interest/Data NDN security can be extended to content access control and
packets to disseminate the routing updates, directly benefit from
NDN’s built-in data authenticity. The security mechanism has
infrastructure security. Applications can control access to data
been directly embedded inside the NDN protocol, thus a digital via encryption and distribute the keys an encrypted NDN data,
signature scheme is needed to check the integrity of each NLSR limiting the data security perimeter to the context of a single
packets that exchanged between node that run NLSR. By default, application. The required signatures on network routing and
NLSR uses RSA and ECDSA as digital signature algorithms that control messages like any other NDN data provides the trust
are proven to be efficient against attacks, but both have their routing protocol security.
respective advantages and disadvantages due to differences in NLSR is a routing protocol in NDN that populates
computation and key methods used. The main purpose of our NDN’s Routing Information Base[3]. NLSR will continue to
research was to find the optimal algorithm that give the best evolve alongside the Named Data Networking protocol. The
synchronization time during the signature scheme. Our
experiment result show that RSA scheme performance speed is
main design goal of NLSR is to provide a routing protocol to
better than ECDSA scheme on NLSR in sync speed with populate NDN’s FIB. NLSR calculates the routing table using
0.062558226% difference. link-state or hyperbolic routing and produces multiple
interfaces for each reachable name prefix in a single
Keywords— Digital Signature; ECDSA; NDN; NLSR; RSA authoritative domain.
In NDN, a public key is simply another type of data
I. INTRODUCTION and can be retrieved using Interest/Data exchange[4]. In other
words, a router can express an Interest with a key name to
Named Data Networking is an alternative network
retrieve the key. Because one must be able to retrieve keys to
technology for the absence of IP addresses. NDN uses two
verify routing updates before routes are established, NLSR lets
types of packets, the interest and data packets[1]. Every
each router retrieve keys from its neighbors. Specifically, a
interest packet has a unique prefix name that identifies the
router expresses an interest for a key to all its direct neighbors.
content requested, which is then followed by nonce. Every
Neighbors will look up the requested keys in their local key
data packet is signed by the publisher, thereby securing the
storage and content storage and return the key if it is found. In
data rather than its container. The content requested is also
case a neighbor does not have the requested key, the neighbor
appended to the data packet.
can further query its neighbors for the key. Such key retrieval
NDN nodes have three data structures, content Store
requests resemble broadcast, but will stop at routers who
(CS), Pending Interest Table (PIT) and Forwarding
either own or cache the requested keys. A special name prefix
Information Base (FIB). All nodes in an NDN have the same
is assigned for the key retrieval, which is prepended to the
components. There is no difference between a node and a
requested key name. Each router also listens to this prefix to
router in NDN architecture. Based on the role a node can
receive the key request. Their response to the key request is an
perform as an end node or a router.
encapsulated data packet whose content is the original data
In NDN, security is built into data itself, rather than
packet containing the requested key. Since the authenticity of
being a function of where, it is obtained[2]. Each piece of data
a key depends on the signature of the inner data packet, the
is signed together with its name and securely binding in them.
signature field of the outer data packet is filled with a SHA-
Data signatures are mandatory part that form the basis of

978-1-5386-2373-2/17/$31.00 ©2017 IEEE 7

The 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob)

256 hash for integrity checking of the packet. Once a key is ChronoSync use the hashes of their LSA name sets to detect
received, it can be cached for future use and for satisfying the the difference in the sets. If a new LSA name is detected,
key request from other neighbors. ChronoSync notifies NLSR to retrieve the corresponding
In this paper, we will compare and evaluate the use of LSA. This synchronization approach avoids unnecessary
SHA-256 with ECDSA and SHA-256 with RSA on the flooding to the network, when the network is stable, only one
performance of NLSR. The performance parameter speed of hash, instead of all the LSA names, is exchanged among the
neighbor adjacency and the convergence time regarding to nodes.
route dissemination.
This paper is organized as follows, Section 1
Introduction, Section 2 literature review, Section 3 Simulation
Scenario, Section 4 Result Analysis and Section 5 Conclusion.
II. LITERATURE REVIEW

A. Named Data Link State Routing (NLSR)

As a link-state protocol, NLSR’s basic functionality
is to discover adjacencies and disseminate both topology and
name prefix information. Such functionality may appear to be
straight-forward to design and implement.
In terms of routing functionality, NLSR
distinguishes itself from previous link-state routing protocols
in two aspects: a) providing multiple next hops for each name
prefix instead of one; and b) signing and verifying all LSAs to
ensure that each router can originate only its own prefix and Fig.2 Adjacency Failure and Recovery detection
connectivity information.
An NLSR router establishes and maintains adjacency NLSR check periodically Adjacency Failure and
relations with neighbor routers. Whenever it detects the failure Recovery detection. NLSR sends periodic info of interests, at
or recovery of any of its links or neighbor processes, it a default interval of 60 seconds, to each neighboring node to
disseminates a new Adjacency LSA to the entire network. detect its status. If the neighbor responds to the Interest with
Moreover, it advertises name prefixes from both static Data and the Data can be validated, the neighbors considered
configuration and dynamic registration by local data up, or active. If an info Interest times out, NLSR will try
producers. Whenever any name prefix is added or deleted, it sending the Interest a few more times at short intervals in case
also disseminates a new Prefix LSA. The latest versions of the the Interest was lost. If there is no response from the neighbor
LSAs are stored in a Link State Database (LSDB) at each during this period, the adjacency with the neighbor is
node. considered down, or inactive.

Prefix LSA Adjacency LSA

/<network>/NLSR/LSA/<site> /<network>/NLSR/LSA/<site> B. Digital Signature
/<route>/name/<version> /<route>/adjacency/<version>
The digital signature provides a means of integrity
Number of prefixes Number of adjacencies checking [7]. This is to provide assurance for the receiver that
Name prefix 1 Neighbor 1, link cost 1 the data was in fact sent by the assumed party. NDN assuring
……………………………….. ………………………………..
Name prefix Neighbor n, link cost n that none could open the data except authorized users. Like
public key encryption scheme, the digital signature scheme
signature signature
also consists of 3 process, key generation, signing and
verification. Some public key crypto systems can be applied as
Fig. 1 LSA Format digital signature schemes such as RSA and ECDSA
algorithms, both are used by default by NLSR.
In Fig.1 we could see that an LSA packet is just
B.1 RSA
another NDN packet. This LSA contain name /<
network>/NLSR/LSA/<site>/<router>/<lsa-type> /<version>, RSA was introduced in 1977. Professor Ron Rivest
where <lsa-type> can be name or adjacency. The <router> of MIT was inspired to develop a public key scheme for the
component identifies the router that originates the LSA. The encryption of plain text into a cipher. Next he invited his
<version> component of an LSA is increased by 1 whenever a colleagues Adi Shamir and Leonard Adleman to join. And in
router creates a new version of the LSA. 1978, they managed to find their public key cryptography
NLSR uses the ChronoSync protocol to synchronize scheme, then publish it, which was later renamed the RSA
changes in the routers’ LSDBs. ChronoSync maintains all the algorithm. After that, many cryptographic experts who co-
LSA names in each LSDB as a name set and uses a hash of the developed various public key cryptography systems. Public
name set as a compact expression of the set. Routers running key crypto system is a method for encrypting messages using

978-1-5386-2373-2/17/$31.00 ©2017 IEEE 8

The 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob)

an undisclosed key (public key). In the RSA system, one will Table. 1 Time to Break Key of Various Sizes with $10 Million to spend
not be able to generate or compute private keys based on an Symmetric ECC RSA Time Number Amount
undisclosed public key. Therefore the encryption key can be Key (Size Key Key to of of
published without harm to the private key that will be used to in Bits) (size (size Break Machine Memory
decrypt the message. in in
The security of RSA are based on the difficulty level Bits) Bits)
of large prime number factorization. Public and private key on 56 112 430 less 105 Trivial
RSA is a function of a pair of large primes. Determining the than 5
plain text on a public key and the ciphertext equivalent to minutes
factoring the product of two large prime numbers. Generally, 80 160 760 600 4300 4 GB
the key used by RSA is 1024 or 2048 bit length. A number of months
lab researchers have revealed that 1024 bit key lengths are 96 192 1020 3 114 170 GB
irrelevant to use because they are believed to be resolvable in million
a short time, looking at the current development of computing years
technology. It encourages industry and government players to 128 256 1620 1016 0.16 120 TB
manikan the RSA key usage standard to 2048 bits. [8] years
B.2 ECDSA
From the table above shows that on solving RSA
Elliptic Curve Cryptography uses the ellipse curve algorithm, the larger the key size used, the more difficult for
with all variables and the coefficients are limited to elements the opponent to be able to break the key, because the amount
of a finite field or Galois Field (GF), ie a field with a finite of memory needed is greater and the computing engine
number of elements. Two families of elliptical curves used in capability must also be high, so the investment that must be
cryptographic applications are prime curves defined over Zp needed very big. And from the above table it is also seen that
and binary curves built into GF (2n). There are many by using the same resources, the number of keys that can be
algorithms which are public key algorithm implementations solved on elliptic curve cryptography is less than that of RSA.
using elliptical curves, one of which is DSA using elliptical So evident from the security aspect, elliptic curve
curves. In 2000, The Elliptic Curve Digital Signature cryptography is more promising.
Algorithm (ECDSA) was approved as FIPS 186-2. In addition to the comparison in the table above, here
As with elliptic curve cryptography in general, the bit are some differences between RSA and ECDSA that have
size of the public key needed for ECDSA is about twice the been investigated in [12]:
size of the security level in bits. By comparison, at a security • ECDSA offers same level of security with smaller
level of 80 bits, meaning an attacker requires the equivalent of key sizes.
about 280 signature generations to find the private key. The • Data size for RSA is smaller than ECDSA.
size of a DSA public key is at least 1024 bits, whereas the size • Encrypted message is a function of key size and data
of an ECDSA public key would be 160 bits. On the other size for both RSA and ECDSA. ECDSA key size is
hand, the signature size is the same for both DSA and relatively smaller than RSA key size, thus encrypted
ECDSA: 4s bits, where s is the security level measured in bits, message in ECDSA is smaller.
that is, about 320 bits for a security level of 80 bits[9]. • Computational power is smaller for ECDSA.
• ECDSA provides faster computations and less
B.3 Comparison of ECDSA with RSA storage space
• ECDSA key sizes are so much shorter than
In public key cryptographic system applications, key
comparable RSA keys
measures are a very important point of concern, as the larger
• The length of the public and private keys is much
the key, the greater the level of security that can be achieved
shorter in ECDSA. This results in faster processing
and the slower the process running public key algorithm on
times, and lower demands on memory and
the computer system used. This happens because of the
bandwidth.
difficult process of prime factorization that requires great
memory, so the speed of computing process depends on the III. SIMULATION SCENARIO
level of speed and capacity of the processor used.
RSA Labs in 2000 also released its research report In this paper, we are using Waxman Model [13] as
[11] about the time it took to break a lock that varied in length the topology to simulate NLSR. Waxman graphs are a popular
with an investment of $10 million, a summary of which can be class of random graphs used for modelling the Internet
seen in Table. 1 topology, especially for the intra-domain part. When used for
network modelling purposes their connectedness properties
are particularly relevant, both for the characteristics of the
realized graph and for the generation time.

978-1-5386-2373-2/17/$31.00 ©2017 IEEE 9

The 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob)

Table. 3 Simulation Parameter

Parameter Value
HS 1000
LS 100
Node 1
Placement
Model 2
Alpha 0.15000000596046448
Beta 0.20000000298023224
M 1
Fig. 3 Waxman Topology
Growth 1
Type
We run topology with Waxman model generated by
BRITE [14] with Flat Topology Router Only mode. Table. 2 MinBW 10
present the parameter used flat topology on mode AS Only or MaxBW 1024
Router Only.
IV. RESULT ANALYSIS
Table. 2 Flat Topology (AS Only or Router Only) [15]
Parameter Description Values Fig. 4 show graph result for Sync time from some
HS Size of one side of Int ≥ 1 variation node number using ECDSA, Fig. 5 using RSA.
the plane
LS Size of one side of Int ≥ 1
a high-level square

Sync Time (seconds)

N Number of nodes Int 1 ≤ N ≤ HS *
HS
Model model id Int ≥ 1
Alpha Waxman-specific 0 < α ≤ 1, α ϵ R
exponent
Beta Waxman-specific 0 < β ≤ 1, β ϵ R
exponent Number of Node
Node Placement how nodes are 1 : Random, 2 :
placed in the plane HT Fig. 4 Simulation result for each different number nodes using ECDSA
M Number of links Int ≥ 1
per new node
Growth Type how nodes join the 1 : Incremental, 2 :
topology Random
Sync Time (seconds)

BWDist bandwidth 1 : Const, 2 : Unif,

assignment to 3 : Exp, 4 : HT
links
MaxBW, MinBW min, max link Float > 0
bandwidth values
Number of Node
To measure effect of using RSA and ECDSA as
signature scheme to NLSR synchronization speed, we run flat Fig. 5 Simulation result for each different number nodes using RSA
topology mode Router Only with the parameters described in
the Table. 3 using 5, 10, 15 and 20 nodes for each signature From two graphs above, we could see that simulation
schemes. using RSA generally faster than if we use ECDSA. This could
occur because in condition of using default key length both of
ECDSA and RSA in NDN, RSA speed performance is proven
faster than ECDSA[16]. Basically the speed of each algorithm
directly affect the NLSR sync, therefore the influence is quite
clearly visible in addition to the generation of pairs of keys on
both algorithm is the process of packet verification that occurs
at the time of sync LSDB’s. The research that has been done
shows different results for each variation of the number of
nodes, resulting in the comparison of results for each
experiment using both algorithms; 5 node = 0.0902709%

978-1-5386-2373-2/17/$31.00 ©2017 IEEE 10

The 2017 IEEE Asia Pacific Conference on Wireless and Mobile (APWiMob)

difference, 10 node = 0.0495457% difference, 15 node = Poisoned Content with Forwarding Strategy," in
0.0934037% difference, 20 node = 0.00400008% difference. Named-Oriented Mobility (NOM) 2016, 2016.
Experiments 5, 15 and 20 nodes using RSA showed that the [10] A. M. Hoque, S. O. Amin, A. Alyyan, B. Zhang, L.
sync time was tied faster than the trial at the same number of Zhang and L. Wang, "NLSR: Named-data Link State
nodes using ECDSA on average 0.062558226%. While in 10 Routing Protocol," 2016.
node experiments, the experiments using ECDSA were faster [11] Burnett, S., and Paine, S. “RSA Security’s Official
0.0495457% of experiments using RSA. The time difference Guide to CRYPTOGRAPHY”, McGraw-Hill
of packet verification using RSA and ECDSA algorithm in Companies, 2001.
NLSR is in accordance with the results of some previous [12] S. S. Khalique Sigh, "Implementation Of Elliptic Curve
research which stated that signing and decryption process on Digital Signature Algorithm," International journal of
ECDSA is faster than RSA, but the process of signature computer applications, vol. 2, 2010.
verification and encryption on ECDSA is a bit slower than [13] M. Naldi, "Connectivity of Waxman topology models,"
RSA [17]. Computer Communications, vol. 29, 2005.
[14] "https://www.cs.bu.edu/brite/," [Online]. Available:
V. CONCLUSION https://www.cs.bu.edu/brite/. [Accessed 2017].
Both of ECDSA and RSA directly influence the [15] " http://www.cs.bu.edu/brite/user_manual/node23.html
performance of NLSR, we could see from the simulation that ," [Online]. Available: http://www.cs.bu.edu/brite/
changing digital signature scheme explicitly affecting the Sync user_manual/node23.html. [Accessed 2017].
time in NLSR. Therefore, based on our simulation using RSA [16] Imem, Ali, "Comparison And Evaluation Of Digital
is best choice for a better performance of NLSR. From the Signature Schemes Employed In NDN Network,"
literature and the need for faster performance on the NLSR, International Journal of Embedded systems and
DSA algorithms need to be implemented that provide a good Applications(IJESA) Vol.5, No.2, June 2015
process speed, both in the process of encryption, decryption, [17] "http://www.garykessler.net/library/crypto.html"
signing and signature verification. [Online]. Available: http://www.garykessler.net/library/
crypto.html. [Accessed 2017].
REFERENCES

[1] "www.named-data.net," [Online]. [Accessed May

2017].
[2] V. Lehman, M. A. K. M. Hoque, Y. Yu, L. Wang, B.
Zhang and L. Zhang, "A Secure Link State Routing
Protocol for NDN," NDN Project, 2016.
[3] "https://github.com/named-data/NLSR," 2015.
[Online]. Available: https://github.com/named-
data/NLSR. [Accessed May 2017].
[4] "Ccnx synchronization protocol," [Online]. Available:
http://www.ccnx.org/releases/latest/doc/technical/
SynchronizationProtocol.html.
[5] L. Elbaz, "Using Public Key Cryptography in Mobile
Phones," 2002.
[6] "RSA," 2012. [Online]. Available:
http://searchsecurity.techtarget.com/definition/RSA.
[7] "Vocal.com," [Online]. Available:
https://www.vocal.com/cryptography/ecdsa-elliptic-
curve-digital-signature-algorithm/. [Accessed 2017].
[8] A. S., G. Karthik G., H. H. and V. V., "Assuaging
cache based attacks in Named Data Network," in IEEE
WiSPNET 2016, 2016.
[9] S. DiBenedetto and C. Papadopoulos, "Mitigating

978-1-5386-2373-2/17/$31.00 ©2017 IEEE 11