• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 6
  • 3
  • 2
  • 1
  • Tagged with
  • 17
  • 17
  • 6
  • 5
  • 4
  • 4
  • 4
  • 4
  • 4
  • 4
  • 4
  • 4
  • 3
  • 3
  • 3
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Lightweight Cryptography Meets Threshold Implementation: A Case Study for SIMON

Shahverdi, Aria 26 August 2015 (has links)
"Securing data transmission has always been a challenge. While many cryptographic algorithms are available to solve the problem, many applications have tough area constraints while requiring high-level security. Lightweight cryptography aims at achieving high-level security with the benefit of being low cost. Since the late nineties and with the discovery of side channel attacks the approach towards cryptography has changed quite significantly. An attacker who can get close to a device can extract sensitive data by monitoring side channels such as power consumption, sound, or electromagnetic emanation. This means that embedded implementations of cryptographic schemes require protection against such attacks to achieve the desired level of security. In this work we combine a low-cost embedded cipher, Simon, with a stateof-the-art side channel countermeasure called Threshold Implementation (TI). We show that TI is a great match for lightweight cryptographic ciphers, especially for hardware implementation. Our implementation is the smallest TI of a block-cipher on an FPGA. This implementation utilizes 96 slices of a low-cost Spartan-3 FPGA and 55 slices a modern Kintex-7 FPGA. Moreover, we present a higher order TI which is resistant against second order attacks. This implementation utilizes 163 slices of a Spartan-3 FPGA and 95 slices of a Kintex-7 FPGA. We also present a state of the art leakage analysis and, by applying it to the designs, show that the implementations achieve the expected security. The implementations even feature a significant robustness to higher order attacks, where several million observations are needed to detect leakage."
2

Design and Analysis of Security Schemes for Low-cost RFID Systems

Chai, Qi 01 1900 (has links)
With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems. Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing. Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems. The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with $2^{68}$ ($2^{60}$ resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by $2^{68}$. During the preparation phase, by investing $2^{81}$ effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability. As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop.
3

Design and Analysis of Security Schemes for Low-cost RFID Systems

Chai, Qi 01 1900 (has links)
With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems. Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing. Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems. The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with $2^{68}$ ($2^{60}$ resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by $2^{68}$. During the preparation phase, by investing $2^{81}$ effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability. As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop.
4

An investigation of lightweight cryptography and using the key derivation function for a hybrid scheme for security in IoT

Khomlyak, Olha January 2017 (has links)
Data security plays a central role in the design of Internet of Things (IoT). Since most of the "things" in IoT are embedded computing devices it is appropriate to talk about cryptography in embedded of systems. This kind of devices is based on microcontrollers, which have limited resources (processing power, memory, storage, and energy). Therefore, we can apply only lightweight cryptography. The goal of this work is to find the optimal cryptographic solution for IoT devices. It is expected that perception of this solution would be useful for implementation on “limited” devices. In this study, we investigate which lightweight algorithm is better to implement. Also, how we can combine two different algorithms in a hybrid scheme and modify this scheme due to data sending scenario. Compendex, Inspec, IEEE Xplore, ACM Digital Library, and Springer Link databases are used to conduct a comprehensive literature review. Experimental work adopted in this study involves implementations, measurements, and observations from the results. The experimental research covers implementations of different algorithms and experimental hybrid scheme, which includes additional function. Results show the performance of the considered algorithms and proposed hybrid scheme. According to our results, security solutions for IoT have to utilize algorithms, which have good performance. The combination of symmetric and asymmetric algorithms in the hybrid scheme can be a solution, which provides the main security requirements: confidentiality, integrity, and authenticity. Adaptation of this scheme to the possible IoT scenarios shows the results acceptable for implementation due to limited resources of hardware.
5

Resource-constrained and Resource-efficient Modern Cryptosystem Design

Aysu, Aydin 20 July 2016 (has links)
In the context of a system design, resource-constraints refer to severe restrictions on allowable resources, while resource-efficiency is the capability to achieve a desired performance and, at the same time, to reduce wasting resources. To design for low-cost platforms, these fundamental concepts are useful under different scenarios and they call for different approaches, yet they are often mixed. Resource-constrained systems require aggressive optimizations, even at the expense of performance, to meet the stringent resource limitations. On the other hand, resource-efficient systems need a careful trade-off between resources and performance, to achieve the best possible combination. Designing systems for resource-constraints with the optimizations for resource-efficiency, or vice versa, can result in a suboptimal solution. Using modern cryptographic applications as the driving domain, I first distinguish resource-constraints from resource-efficiency. Then, I introduce the recurring strategies to handle these cases and apply them on modern cryptosystem designs. I illustrate that by clarifying the application context, and then by using appropriate strategies, it is possible to push the envelope on what is perceived as achievable, by up to two orders-of-magnitude. In the first part of this dissertation, I focus on resource-constrained modern cryptosystems. The driving application is Physical Unclonable Function (PUF) based symmetric-key authentication. I first propose the smallest block cipher in 128-bit security level. Then, I show how to systematically extend this design into the smallest application-specific instruction set processor for PUF-based authentication protocols. I conclude this part by proposing a compact method to combine multiple PUF components within a system into a single device identifier. In the second part of this dissertation, I focus on resource-efficient modern cryptosystems. The driving application is post-quantum public-key schemes. I first demonstrate energy-efficient computing techniques for post-quantum digital signatures. Then, I propose an area-efficient partitioning and a Hardware/Software codesign for its implementation. The results of these implemented modern cryptosystems validate the advantage of my approach by quantifying the drastic improvements over the previous best. / Ph. D.
6

A Hardware Evaluation of a NIST Lightweight Cryptography Candidate

Coleman, Flora Anne 04 June 2020 (has links)
The continued expansion of the Internet of Things (IoT) in recent years has introduced a myriad of concerns about its security. There have been numerous examples of IoT devices being attacked, demonstrating the need for integrated security. The vulnerability of data transfers in the IoT can be addressed using cryptographic protocols. However, IoT devices are resource-constrained which makes it difficult for them to support existing standards. To address the need for new, standardized lightweight cryptographic algorithms, the National Institute of Standards and Technology (NIST) began a Lightweight Cryptography Standardization Process. This work analyzes the Sparkle (Schwaemm and Esch) submission to the process from a hardware based perspective. Two baseline implementations are created, along with one implementation designed to be resistant to side channel analysis and an incremental implementation included for analysis purposes. The implementations use the Hardware API for Lightweight Cryptography to facilitate an impartial evaluation. The results indicate that the side channel resistant implementation resists leaking data while consuming approximately three times the area of the unprotected, incremental implementation and experiencing a 27% decrease in throughput. This work examines how all of these implementations perform, and additionally provides analysis of how they compare to other works of a similar nature. / Master of Science / In today's society, interactions with connected, data-sharing devices have become common. For example, devices like "smart" watches, remote access home security systems, and even connected vending machines have been adopted into many people's day to day routines. The Internet of Things (IoT) is the term used to describe networks of these interconnected devices. As the number of these connected devices continues to grow, there is an increased focus on the security of the IoT. Depending on the type of IoT application, a variety of different types of data can be transmitted. One way in which these data transfers can be protected is through the use of cryptographic protocols. The use of cryptography can provide assurances during data transfers. For example, it can prevent an attacker from reading the contents of a sensitive message. There are several well studied cryptographic protocols in use today. However, many of these protocols were intended for use in more traditional computing platforms. IoT devices are typically much smaller in size than traditional computing platforms. This makes it difficult for them to support these well studied protocols. Therefore, there have been efforts to investigate and standardize new lightweight cryptographic protocols which are well suited for smaller IoT devices. This work analyzes several hardware implementations of an algorithm which was proposed as a submission to the National Institute of Standards and Technology (NIST) Lightweight Cryptography Standardization Process. The analysis focuses on metrics which can be used to evaluate its suitability for IoT devices.
7

Threshold Implementations of the Present Cipher

Farmani, Mohammad 06 September 2017 (has links)
"The process of securing data has always been a challenge since it is related to the safety of people and society. Nowadays, there are many cryptographic algorithms developed to solve security problems. However, some applications have constraints which make it difficult to achieve high levels of security. Light weight cryptography aims to address this issue while trying to maintain low costs. Side-channel attacks have changed the way of cryptography significantly. In this kind of attacks, the attacker has physical access to the crypto-system and can extract the sensitive data by monitoring and measuring the side-channels such as power consumption, electromagnetic emanation, timing information, sound, etc. These attacks are based on the relationship between side-channels and secret data. Therefore, there need to be countermeasures to eliminate or reduce side channel leaks or to break the relationship between side-channels and secret data to protect the crypto systems against side-channel attacks. In this work, we explore the practicality of Threshold Implementation (TI) with only two shares for a smaller design that needs less randomness but is still leakage resistant. We demonstrate the first two-share Threshold Implementations of light-weight block cipher Present. Based on implementation results, two-share TI has a lower area overhead and better throughput when compared with a first-order resistant three-share scheme. Leakage analysis of the developed implementations reveals that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. "
8

Kryptoanalytické útoky na lehkovážné šifry / Cryptanalytic attacks on lightweight ciphers

Rabas, Tomáš January 2021 (has links)
In 2016 the National Institute of Standards and Technology (NIST) started the stan- dardization process for lightweight cryptography (LWC). We provide a broad introduc- tion to lightweight cryptography together with a survey of current design trends and lightweight cryptography standards, with special attention to this competition. In the second part, we present a description and cryptoanalysis of three lightweight ciphers: SIV-Rijndael256, CLX, and Limdolen. 1
9

Fyzicky neklonovatelné funkce / Physical unclonable functions

Hegr, Vojtěch January 2017 (has links)
The theme of the thesis is Physical Unclonable Functions (PUF). The following objectives were assigned: to provide a literature research concerning PUFs, to perform a property analysis to select appropriate type of PUF for implementation and to realize an authentication cryptosystem based on the chosen PUF. Based on the research, the cryptosystem was designed based on ring oscillator PUF. The proposed cryptosystem is tested in several scenarios with the maximal rate of successful authentication of 81%. The cryptosystem also allows to be used for device identification. Furthermore, the results were discussed and suitable improvements of design was proposed. Besides the cryptosystem itself, the thesis also introduced a unique comparison of existing types of PUFs.
10

Flexible and Lightweight Cryptographic Engines for Constrained Systems

Gulcan, Ege 04 June 2015 (has links)
There is a significant effort in building lightweight cryptographic operations, yet the proposed solutions are typically single purpose modules that can only provide a fixed functionality. However, flexibility is an important aspect of cryptographic designs where a module can perform multiple operations with different configurations. In this work, we combine flexibility with lightweight designs and propose two cryptographic engines based on the SIMON block cipher. The first proposed engine is the Flexible SIMON, which can execute all configurations of SIMON thus enables an adaptive security with variable key sizes. Our second proposed implementation is BitCryptor, a bit-serialized Compact Crypto Engine that can perform symmetric key encryption, hash computation and pseudo-random-number-generation. The implementation results on a Spartan-3 s50 FPGA show that the proposed engines occupies 90 and 95 slices respectively, which are more compact than the majority of their single purpose counterparts. Therefore, these engines are suitable cryptographic blocks for resource-constrained systems. / Master of Science

Page generated in 0.0556 seconds