Επέκταση σχεδιασμού κρυπτογραφικών μηχανισμών και εκτίμηση τεχνικών διοχέτευσης

Παπαδογιάννης, Ιωάννης

16 June 2011

Σκοπός αυτής της διπλωαμτικής εργασίας είναι ο σχεδιασμός και η υλοποίηση (σε γλώσσα περιγραφής υλικού VHDL) των κρυπτογραφικών αλγορίθμων SHA-1 και SHA-256. Απώτερος στόχος υπήρξε η σύγκριση και αξιολόγηση της κάθε υλοποίησης για να επιτευχθεί όσο το δυνατόν καλύτερο throughput/area. Οι τεχνικές που χρησιμοποιήθηκαν ήταν η βελτίωση του αλγορίθμου μαζί με την τεχνική της διοχέτευσης. / Aim of this work is the planning and the concretisation (in VHDL)of the cryptographic algorithms SHA-1 and SHA-256. Final objective is the comparison and evaluation of each concretisation in order to achieve optimum throughput/area. The techniques that were used were the improvement of algorithm with the technique of pipeline.

005.82

Cryptographic algorithms

SHA-1

SHA-256

Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks

Fan, Xinxin

12 April 2010

As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices. Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device. Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level. As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations. In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4×4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method.

Mobile Ad Hoc Netwoks

Resource-Constrained Devices

Cryptographic Algorithms

Security Protocols

Electrical and Computer Engineering

Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks

Fan, Xinxin

12 April 2010

As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices. Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device. Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level. As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations. In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4×4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method.

Mobile Ad Hoc Netwoks

Resource-Constrained Devices

Cryptographic Algorithms

Security Protocols

Electrical and Computer Engineering

Συμμετρικοί αλγόριθμοι κρυπτογράφησης δεδομένων : η περίπτωση του αλγορίθμου AES

Λυκούδης, Κωνσταντίνος

28 February 2013

Στη σύγχρονη ζωή του ανθρώπου η ανταλλαγή και η διακίνηση της πληροφορίας αποτελεί πλέον αναπόσπαστο κομμάτι. Η τεράστια ανάπτυξη των δικτύων υπολογιστών και η επικοινωνία πληροφοριών κάθε μορφής έφερε ένα τεράστιο πρόβλημα στην επιφάνεια, την ανάγκη για προστασία αυτής της πληροφορίας. Το πρόβλημα αυτό καλείται να το αντιμετωπίσει η επιστήμη της Κρυπτογραφίας όπου μέσα από διάφορους μετασχηματισμούς προσπαθεί θα μετατρέψει τα δεδομένα σε μια ακατανόητη μορφή η οποία θα είναι δυνατόν να αντιστραφεί μόνο από τον νόμιμο παραλήπτη. Για το λόγο αυτό έχουν αναπτυχθεί πληθώρα αλγορίθμων κρυπτογράφησης όπου παρόλο που η δουλειά τους είναι η ίδια, χειρίζονται και μετασχηματίζουν τα δεδομένα με διαφορετικό τρόπο. Στην παρούσα εργασία γίνεται παρουσίαση του αλγορίθμου AES (Advanced Encryption Standard) που αποτελεί το τρέχον πρότυπο από το NIST (National Institute of Standards and Technology). Ο AES ο οποίος είναι και γνωστός ως Rijndael, είναι ένας συμμετρικός αλγόριθμος τμήματος και βασίζεται στα δίκτυα μετάθεσης – αντικατάστασης, ενώ είναι υλοποιήσιμος και γρήγορος τόσο σε λογισμικό όσο και σε υλικό. Αντίθετα με τον προκάτοχο του DES, δεν χρησιμοποιεί το δίκτυο Feistel. Εφαρμόζεται σε έναν πίνακα Bytes 4x4 (128 bits), που ορίζεται ως κατάσταση (state), με τους περισσότερους μετασχηματισμούς να πραγματοποιούνται σε ένα πεπερασμένο πεδίο. Ο αλγόριθμος AES, δίνει τη δυνατότητα κρυπτογράφησης με τρία κλειδιά διαφορετικού μήκους, 128 bits κλειδί με 10 κύκλους επανάληψης, 192 bits κλειδί με 12 κύκλους επανάληψης και 256 bits κλειδί με 14 κύκλους επανάληψης παρουσιάζοντας κάθε φορά μεγάλη ανθεκτικότητα σε κρυπταναλυτικές επιθέσεις.Στα πλαίσια της εργασίας έγινε λεπτομερής ανάλυση των μετασχηματισμών που χρησιμοποιεί ο AES στην κρυπτογράφηση και αποκρυπτογράφηση σύμφωνα με το πρότυπο Fips-197 αρχικά σε θεωρητικό επίπεδο και έπειτα πραγματοποιήθηκαν υλοποιήσεις σε λογισμικό και σε υλικό. Συγκεκριμένα, στο 1ο κεφάλαιο της εργασίας γίνεται μια εισαγωγή στην Κρυπτογραφία, παρουσιάζοντας τις βασικές της έννοιες και την ιστορική της εξέλιξη από τα πρώτα χρόνια εμφάνισης της ως σήμερα. Στο κεφάλαιο 2, αρχικά παρουσιάζονται τα υπάρχοντα κρυπτοσυστήματα, αναδεικνύοντας κάθε φορά τον τρόπο με τον οποίο λειτουργούν, τους αλγόριθμους που υπάγονται σε αυτά και τις εφαρμογές που έχουν. Στη συνέχεια γίνεται σύγκριση μεταξύ των αλγορίθμων ενός συστήματος αλλά και μεταξύ των κρυπτοσυστημάτων. Το κεφάλαιο 3 αποτελεί το κυρίως σώμα της εργασίας καθώς σε αυτό παρουσιάζεται και επεξηγείται ο αλγόριθμος AES. Δίνεται το απαραίτητο μαθηματικό υπόβαθρο και αναλύονται οι μετασχηματισμοί του αλγορίθμου. Παρουσιάζεται ο τρόπος που επεκτείνονται τα κλειδιά του αλγορίθμου καθώς και οι διαδικασίες κρυπτογράφησης και αποκρυπτογράφησης. Τέλος γίνεται αναφορά σε ζητήματα ασφάλειας και στην αντοχή του AES σε κρυπταναλυτικές επιθέσεις, καθώς και στις εφαρμογές που χρησιμοποιείται. Στο 4ο κεφάλαιο παρουσιάζονται και συγκρίνονται οι μέθοδοι υλοποίησης του αλγορίθμου. Περιγράφεται μια υλοποίηση σε λογισμικό με τη χρήση της γλώσσας προγραμματισμού C++, η οποία επεκτείνεται και σε μια διαδικτυακή υλοποίηση και μια υλοποίηση σε υλικό με τη χρήση της περιγραφικής γλώσσας VHDL και το σχεδιαστικό εργαλείο Quartus II. Τέλος στο 5ο κεφάλαιο εξάγονται συμπεράσματα και γίνονται προτάσεις για μελλοντική εργασία. / In modern life the exchange and transfer of information has become an integral part. The enormous development of computer networks and the information communication of every form, has brought a new massive problem on the surface, the need to protect this information.The science of Cryptography is challenged to face this problem, so through various transformations is trying to convert tha data in a incomprehensive form, which will be possible to be inverted only from the legal receiver. For this reason a variety of algorithms have been developed and although their work is the same, they handle and convert data in different ways. In the present thesis the AES (Advanced Encryption Standard) algorithm is presented, which is the current standard of NIST (National Institute of Standards and Technology). AES, which is also known as Rijndael, is a symmetric block cipher and is based on substitution - permutation networks, while it can be efficiently implemented both in software and hardware. Unlike it's predecessor DES, it does not use Feistel network. It is applied in 4x4 Bytes matrix (128 bits), which is defined as state, with the most transformations to be performed in a finite field. AES algorithm provides encryption capability with three keys of different size: key of 128 bits with 10 rounds, key of 192 bits with 12 rounds and key of 256 bits with 14 rounds. This thesis includes detailed analysis of transformations that AES uses in ecryption and decryption according to the Fips-197 standard, along with software and hardware implementations. Specifically, in the first chapter an introduction to Cryptography is made, presenting basic concepts and a historical overview. In chapter 2, contemporary cryptosystems are introduced. In chapter 3 the AES algorithm is presented and explained. The necessary mathematical background is provided and the transformations of the algorithm are analysed. The way the algorithm keys are expanded is presented, as well as the encryption and decryption processes. In chapter 4 the implementations of AES are presented and compared. An implementation in software is described using the programming language C++, and an implementation in hardware is given using the VHDL language and the design tool Altera Quartus II. Finally in chapter 5 the conclusions are given and proposals are made for future work.

Αλγόριθμος AES

005.82

Cryptographic algorithms

AES advanced encryption standard

Contributions à l'efficacité des mécanismes cryptographiques

Atighehchi, Kevin

21 September 2015

Les besoins constants d’innovation en matière de performances et d’économie des ressources nous poussent à effectuer des optimisations dans la conception et l’utilisation des outils cryptographiques. Cela nous amène à étudier plusieurs aspects dans cette thèse : les algorithmes cryptographiques parallèles, les algorithmes cryptographiques incrémentaux et les dictionnaires authentifiés.Dans le cadre de la cryptographie parallèle, nous nous intéressons aux fonctions de hachage basées sur des arbres. Nous montrons en particulier quelles structures arborescentes utiliser pour atteindre un temps d’exécution optimum avec un nombre de processeurs que nous cherchons à minimiser dans un second temps. Nous étudions également d'autres formesd'arborescence favorisant l'équité et la scalabilité.Les systèmes cryptographiques incrémentaux permettent, lorsque nous modifions des documents, de mettre à jour leurs formes cryptographiques efficacement. Nous montrons que les systèmes actuels restreignent beaucoup trop les modifications possibles et introduisons de nouveaux algorithmes s’appuyant sur ces derniers, utilisés comme des boites noires, afin de rendre possible une large gamme de modifications aux documents tout en conservant une propriété de secret de l’opération effectuée.Notre intérêt porte ensuite sur les dictionnaires authentifiés, utilisés pour authentifier les réponses aux requêtes des utilisateurs sur un dictionnaire, en leur fournissant une preuve d’authenticité pour chaque réponse. Nous nous focalisons sur des systèmes basés sur des arbres de hachage et proposons une solution pour amoindrir leur principal inconvénient, celui de la taille des preuves. / The need for continuing innovation in terms of performances and resource savings impel us to optimize the design and the use of cryptographic mechanisms. This leads us to consider several aspects in this dissertation: parallel cryptographic algorithms, incremental cryptographic algorithms and authenticated dictionaries.In the context of parallel cryptography we are interested in hash functions. In particular, we show which tree structures to use to reach an optimal running time. For this running time, we show how to decrease the amount of involved processors. We also explore alternative (sub-optimal) tree structures which decrease the number of synchronizations in multithreaded implementations while balancing at best the load of the work among the threads.Incremental cryptographic schemes allow the efficient updating of cryptographic forms when we change some blocks of the corresponding documents. We show that the existing incremental schemes restrict too much the possible modification operations. We then introduce new algorithms which use these ones as black boxes to allow a broad range of modification operations, while preserving a privacy property about these operations.We then turn our attention to authenticated dictionaries which are used to authenticate answers to queries on a dictionary, by providing to users an authentication proof for each answer. We focus on authenticated dictionaries based on hash trees and we propose a solution to remedy their main shortcoming, the size of proofs provided to users.

Arbres de hachage

Cryptographie incrémentale

Dictionnaires authentifiés

Structures de données

Parallelism of cryptographic algorithms

Tree hashing

Incremental cryptography

Authenticated dictionaries

Data structures

004

Méthodologie de conception de composants intégrés protégés contre les attaques par corrélation / A design methodology for integrated components protected from correlation attacks

Laabidi, Selma

19 January 2010

Les circuits cryptographiques, parce qu'ils contiennent des informations confidentielles, font l'objet de manipulations frauduleuses, appelées communément attaques, de la part de personnes mal intentionnées. Plusieurs attaques ont été répertoriées et analysées. Parmi elles, les attaques DPA (Differential Power Analysis), DEMA (Differential Electromagnetic Analysis), DBA (Differential Behavior Analysis) et les attaques en probing forment la classe des attaques par corrélation et sont considérés comme les plus redoutables car elles permettent de retrouver, à moindre coût, les clefs de chiffrement des algorithmes cryptographiques. Les concepteurs de circuits sécurisés ont été donc amené à ajouter des parades, appelées contre-mesures, afin de protéger les circuits de ces attaques. Ces contremesures doivent impacter au minimum les performances et le coût du circuit. Dans cette thèse, nous nous intéressons dans un premier temps aux attaques par corrélation, le principe de ces attaques est décrit ainsi que les principales contre-mesures pour y parer. Un formalisme décrivant de manière unique ces attaques est aussi proposé. Dans un deuxième temps, nous étudions les outils d'évaluation sécuritaires qui permettent d'estimer la résistance des circuits intégrés face aux attaques par corrélation. Après un état de l'art sur les outils existants, nous décrivons notre outil basé sur une recherche de corrélations entre le modèle du concepteur et le modèle qui peut être prédit par un attaquant. L'analyse de corrélations permet de déterminer les bits les plus sensibles pour mener à bien une attaque. Cet outil est intégré dans le flot de conception permettant ainsi d'évaluer la résistance des algorithmes cryptographiques au niveau RTL (Register Transfer Level) et portes. / The cryptographic circuits, because they contain confidential information, are subject to fraudulent manipulations called attacks from malicious people. Several attacks have been identified and analyzed. Among them DPA (Differential Power Analysis), DEMA (Differential Electromagnetic Analysis), DBA (Differential Behaviour Analysis) and probing attacks form the class of correlation attacks and are considered as the most dangerous because they allow to retrieve, at lower cost, secret keys of cryptographic algorithms. Designers of secure circuits have thus added counter-measures to protect their circuits from these attacks. Counter-measures overhead got to have a minimum of impact on circuit’s cost and performances. In this thesis, we first focus on correlation attacks; the principle of these attacks is described as well as the main counter-measures to address them. A formalism describing these attacks is also proposed. Second, we study the safe evaluation tools to estimate the resistance of integrated circuits towards correlation attacks. After a state of the art on the existing tools, we describe our tool based on a search of correlations between the designer's model and the model which can be predicted by an attacker. The analysis of the correlations determines the most sensitive bits to complete an attack. This tool is integrated into the design flow to asses the strength of cryptographic algorithms at RTL (Register Transfer Level) and gate levels. An application of our flow on several models of the algorithm AES (Advanced Encryption Standard) with and without counter-measures is proposed. The obtained results have demonstrated the effectiveness of our technique.Les circuits cryptographiques, parce qu'ils contiennent des informations confidentielles, font l'objet de manipulations frauduleuses, appelées communément attaques, de la part de personnes mal intentionnées. Plusieurs attaques ont été répertoriées et analysées. Parmi elles, les attaques DPA (Differential Power Analysis), DEMA (Differential Electromagnetic Analysis), DBA (Differential Behavior Analysis) et les attaques en probing forment la classe des attaques par corrélation et sont considérés comme les plus redoutables car elles permettent de retrouver, à moindre coût, les clefs de chiffrement des algorithmes cryptographiques. Les concepteurs de circuits sécurisés ont été donc amené à ajouter des parades, appelées contre-mesures, afin de protéger les circuits de ces attaques. Ces contremesures doivent impacter au minimum les performances et le coût du circuit. Dans cette thèse, nous nous intéressons dans un premier temps aux attaques par corrélation, le principe de ces attaques est décrit ainsi que les principales contre-mesures pour y parer. Un formalisme décrivant de manière unique ces attaques est aussi proposé. Dans un deuxième temps, nous étudions les outils d'évaluation sécuritaires qui permettent d'estimer la résistance des circuits intégrés face aux attaques par corrélation. Après un état de l'art sur les outils existants, nous décrivons notre outil basé sur une recherche de corrélations entre le modèle du concepteur et le modèle qui peut être prédit par un attaquant. L'analyse de corrélations permet de déterminer les bits les plus sensibles pour mener à bien une attaque. Cet outil est intégré dans le flot de conception permettant ainsi d'évaluer la résistance des algorithmes cryptographiques au niveau RTL (Register Transfer Level) et portes.

algorithmes cryptographiques

attaques

DPA (Differential Power Analysis)

sécurité

corrélation

flot de conception

cryptographic algorithms

attacks

DPA (Differential Power Analysis)

security

correlation

design flow

Performance Evaluation of Cryptographic Algorithms on ESP32 with Cryptographic Hardware Acceleration Feature

Jin, Qiao

January 2022

The rise of the Internet of Things (IoT) and autonomous robots/vehicles comes with a lot of embedded electronic systems. Small printed circuit boards with microcomputers will be embedded almost everywhere. Therefore, the security and data protection of those systems will be a significant challenge to take into consideration for the future development of IoT devices. Cryptographic algorithms can be used to provide confidentiality and integrity for data transmitted between those embedded devices. It is important to know what kind of algorithm is the most suitable for the specified task and the selected embedded device.  In this thesis, several commonly used cryptographic algorithms are evaluated and an EPS32 based IoT device is chosen as the evaluation platform. ESP32 is a series of low cost and low power System-on-Chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. Additionally, ESP32 has the hardware acceleration feature for commonly used cryptographic algorithms. The goal of this thesis is to evaluate the performances of different cryptographic algorithms on the ESP32 with and without using the hardware acceleration feature. The execution times of different cryptographic algorithms processing data with varying sizes are collected, and the performance of each cryptographic algorithm is then evaluated.  A data logging scenario is evaluated as a case study where the ESP32 periodically sends data to a remote database. Under different configurations of the ESP32, the transmission time of encrypted and non-encrypted communications via Hypertext Transfer Protocol Secure (HTTPS) and Hypertext Transfer Protocol (HTTP) will be compared.  The results can be used to simplify the calculation of performance/protection trade-offs for specific algorithms. It also shows that the built-in hardware acceleration has a significant impact on increasing those algorithms’ performances. For Advanced Encryption Standard (AES), the throughput for encryption increased by 257.8%, and for decryption 222.7%. For Secure Hash Algorithm (SHA-2), the throughput increased by 165.2%. For Rivest-Shamir-Adleman (RSA), the encryption throughput has a decrease of 40.7%, and decryption has an increase of 184%. Furthermore, the results can also aid the design and development of a secure IoT system incorporating devices built with ESP32. / Uppkomsten av Internet of Things (IoT) och autonoma robotar / fordon kommer med många inbyggda elektroniska system. Små kretskort med mikrodatorer kommer att vara inbäddade nästan överallt. Därför kommer säkerheten och dataskyddet för dessa system att vara en betydande utmaning att ta hänsyn till för den framtida utvecklingen av IoT-enheter. Kryptografiska algoritmer kan användas för att ge sekretess och integritet för data som överförs mellan de inbäddade enheterna. Det är viktigt att veta vilken typ av algoritm som är bäst lämpad för den angivna uppgiften och den valda inbäddade enheten.  I denna avhandling utvärderas flera vanliga kryptografiska algoritmer och en EPS32-baserad IoT-enhet väljs som utvärderingsplattform. ESP32 är en serie av låga och lågeffektiva system-on-chip-mikrokontroller med integrerat Wi-Fi och dual-mode Bluetooth. Dessutom har ESP32 hårdvaruaccelereringsfunktionen för vanliga kryptografiska algoritmer. Målet med denna avhandling är att utvärdera prestanda för olika kryptografiska algoritmer på ESP32 med och utan att använda hårdvaruaccelereringsfunktionen. Exekveringstiderna för olika kryptografiska algoritmer som behandlar data med olika storlekar samlas in och prestanda för varje kryptografisk algoritm utvärderas sedan.  Ett dataloggningsscenario utvärderas som en fallstudie där ESP32 regelbundet skickar data till en fjärrdatabas. Under olika konfigurationer av ESP32 jämförs överföringstiden för krypterad och icke-krypterad kommunikation via Hypertext Transfer Protocol Secure (HTTPS) och Hypertext Transfer Protocol (HTTP).  Resultaten kan användas för att förenkla beräkningen av prestanda / skydda avvägningar för specifika algoritmer. Det visar också att den inbyggda hårdvaruaccelerationen har en betydande inverkan på att öka dessa algoritmers prestanda. För Advanced Encryption Standard (AES) ökade genomströmningen för kryptering med 257,8% och för dekryptering 222,7%. För Secure Hash Algorithm (SHA-2) ökade kapaciteten med 165,2%. För Rivest-Shamir-Adleman (RSA) har krypteringsflödet minskat med 40,7% och dekryptering har ökat med 184%. Dessutom kan resultaten också hjälpa till att utforma och utveckla ett säkert IoT-system som innehåller enheter byggda med ESP32.

Computer and Information Sciences

Data- och informationsvetenskap

Securing Wireless Communication via Information-Theoretic Approaches: Innovative Schemes and Code Design Techniques

Shoushtari, Morteza

21 June 2023

Historically, wireless communication security solutions have heavily relied on computational methods, such as cryptographic algorithms implemented in the upper layers of the network stack. Although these methods have been effective, they may not always be sufficient to address all security threats. An alternative approach for achieving secure communication is the physical layer security approach, which utilizes the physical properties of the communication channel through appropriate coding and signal processing. The goal of this Ph.D. dissertation is to leverage the foundations of information-theoretic security to develop innovative and secure schemes, as well as code design techniques, that can enhance security and reliability in wireless communication networks. This dissertation includes three main phases of investigation. The first investigation analyzes the finite blocklength coding problem for the wiretap channel model which is equipped with the cache. The objective was to develop and analyze a new wiretap coding scheme that can be used for secure communication of sensitive data. Secondly, an investigation was conducted into information-theoretic security solutions for aeronautical mobile telemetry (AMT) systems. This included developing a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system, as well as examining the potential of post-quantum cryptography approaches as future secrecy solutions for AMT systems. The investigation focused on exploring code-based techniques and evaluating their feasibility for implementation. Finally, the properties of nested linear codes in the wiretap channel model have been explored. Investigation in this phase began by exploring the duality relationship between equivocation matrices of nested linear codes and their corresponding dual codes. Then a new coding algorithm to construct the optimum nested linear secrecy codes has been invented. This coding algorithm leverages the aforementioned duality relationship by starting with the worst nested linear secrecy codes from the dual space. This approach enables us to derive the optimal nested linear secrecy code more efficiently and effectively than through a brute-force search for the best nested linear secrecy codes directly.

Wireless communication security

information-theoretic security

wiretap channel

wiretap caching channel

secrecy coding

error-correction coding

coset coding

aeronautical mobile telemetry security

post-quantum cryptosystems

cryptographic algorithms

nested linear codes

duality relationship in coding theory

dual codes

optimum nested linear secrecy codes

Engineering