CRYPTOGRAPHY AND CRYPTANALYSIS FOR EMBEDDED SYSTEMS

Size: px
Start display at page:

Download "CRYPTOGRAPHY AND CRYPTANALYSIS FOR EMBEDDED SYSTEMS"

Transcription

1 CRYPTOGRAPHY AND CRYPTANALYSIS FOR EMBEDDED SYSTEMS DISSERTATION for the degree of Doktor-Ingenieur Faculty of Electrical Engineering and Information Technology Ruhr University Bochum, Germany Thomas Eisenbarth Bochum, July 2009

2 Cover art by Jennifer Strauß and Domen Colja / DeVice.

3 Author s contact information: Thesis Advisor: Prof. Dr.-Ing. Christof Paar Ruhr-University Bochum, Germany Secondary Referee: Pr. François-Xavier Standaert Université Catholique de Louvain Thesis submitted: July 24, 2009 Thesis defense: August 27, 2009.

4

5 Abstract A growing number of devices of daily use are equipped with computing capabilities. Today, already more than 98 % of all manufactured microprocessors are employed in embedded applications, leaving less than 2 % to traditional computers. Many of these embedded devices are enabled to communicate amongst each other and form networks. A side effect of the rising interconnectedness is a possible vulnerability of these embedded systems. Attacks that have formerly been restricted to PCs can suddenly be launched against cars, tickets, ID cards or even pacemakers. At the same time the security awareness of users and manufacturers of such systems is much lower than in classical PC environments. This renders security one key aspect of embedded systems design and for most pervasive computing applications. As embedded systems are usually deployed in large numbers, costs are a main concern of system developers. Hence embedded security solutions have to be cheap and efficient. Many security services such as digital signatures can only be realized by public key cryptography. Yet, public key schemes are in terms of computation orders of magnitude more expensive than private key cryptosystems. At the same time the prevailing schemes rely on very similar security assumptions. If one scheme gets broken, almost all cryptosystems employing asymmetric cryptography become useless. The first part of this work explores alternatives to the prevailing public key cryptosystems. Two alternative signature schemes and one public key encryption scheme from the family of post quantum cryptosystems are explored. Their security relies on different assumptions so that a break of one of the prevailing schemes does not affect the security of the studied alternatives. The main focus lies on the implementational aspects of these schemes for embedded systems. One actual outcome is that, contrary to common belief, the presented schemes provide similar and in some cases even better performance than the prevailing schemes. The presented solutions include a highly scalable software implementation of the Merkle signature scheme aimed at low-cost microprocessors. For signatures in hardware an FPGA framework for implementing a family of signature schemes based on multivariate quadratic equations is presented. Depending on the chosen scheme, multivariate quadratic signatures show better performance than elliptic curves in terms of area consumption and performance. The McEliece cryptosystem is an alternative public key encryption scheme which was believed to be infeasible on embedded platforms due to its large key size. This work shows that by applying certain implementational tricks, both hardware and software implementation become feasible and show comparable performance to the prevailing schemes.

6 Another security threat to embedded systems are physical attacks. Embedded systems are often employed in hostile environments where possible attackers have physical access to the device, making side channel analysis possible. The second part of this work explores how to efficiently analyze the side channel resistance of embedded implementations. By applying simulation methods the possibility of evaluating logic styles and circuit designs is presented. By these methods a yet undiscovered weakness in MDPL/iMDPL, a logic style that was, up to now, believed to effectively counteract side channel attacks, is uncovered. Furthermore, a newly developed attack on the KeeLoq cipher is presented. By applying this attack to KeeLoq-based remote keyless entry systems the possible hazards of side channel analysis for embedded systems are demonstrated. Hereby, problems of a practical application of side channel analysis in a black-box scenario and their solutions are highlighted. Finally, advanced techniques of side channel analysis are applied to reconstruct the executed code of a microprocessor by soleley analyzing its power consumption. The presented generic methods can be applied to microcontroller platforms to build a disassembler by means of passively monitoring a single side channel only. Keywords Cryptography, Public Key, Post Quantum, Software, Hardware, Embedded, Security, Side Channel Analysis, Power Analysis, Disassembler. vi

7 Kurzfassung Schon jetzt ist ein Großteil der Geräte des täglichen Bedarfs mit Rechenkapazität ausgestattet, so dass bereits heute mehr als 98 % aller hergestellten Prozessoren in eingebetteten Anwendungen verwendet werden. Ein neuer sich abzeichnender Trend ist die Vernetzung dieser eingebetteten Systeme. Aus der immer stärkeren Vernetzung resultiert die mögliche Verwundbarkeit dieser eingebetteten Systeme. Angriffe, die bisher nur gegen PCs ausgeführt wurden, können plötzlich gegen verschiedenste Systeme wie Autos, Fahrkarten oder sogar Herzschrittmacher ausgeführt werden. Gleichzeitig ist das Sicherheitsbewusstsein sowohl bei den Nutzern als auch bei den Herstellern dieser Systeme deutlich geringer als im PC-Bereich. Hierdurch werden Daten- und Kommunikationssicherheit zu Schlüsseleigenschaften eingebetteter Systeme und der meisten pervasiven Anwendungen. Da eingebettete Systeme normalerweise in großen Stückzahlen vertrieben werden, sind Kosten für Entwickler solcher Systeme von großer Bedeutung. Deshalb müssen Sicherheitslösungen für eingebettete Systeme günstig und effizient sein. Viele Sicherheitsdienste wie beispielweise digitale Signaturen können nur mit Hilfe asymmetrischer Kryptografie realisiert werden. Asymmetrische Kryptosysteme sind jedoch nach wie vor um Größenordnungen rechenintensiver als symmetrische Kryptosysteme. Hinzu kommt, dass die klassischen Verfahren auf sehr ähnlichen Sicherheitsannahmen aufbauen. Würde eines der asymmetrischen Verfahren gebrochen, würde die meisten auf asymmetrischer Kryptografie basierender Systeme mit einem mal unsicher. Der erste Teil dieser Arbeit untersucht Alternativen zu den vorherrschenden asymmetrischen Kryptosystemen. Hierzu werden zwei alternative Signaturverfahren und ein asymmetrisches Verschlüsselungsverfahren aus der Familie der Post-Quantum Kryptosysteme untersucht. Die Sicherheit dieser Systeme beruht auf unterschiedlichen Annahmen, so dass eine Sicherheitslücke in einem der vorherrschenden Verfahren die übrigen nicht betrifft. Der Hauptaugenmerk der Arbeit liegt auf den Implementierungsaspekten dieser Verfahren. Eines der Ergebnisse ist, dass die vorgestellten Systeme im Gegensatz zur vorherrschenden Meinung ähnliche oder sogar bessere Leistungsmerkmale aufweisen als die gängigen Verfahren. Zu den vorgestellten Lösungen gehört eine skalierbare Softwareimplementierung des Merkle- Signaturverfahrens, die auf kostengünstige Mikrocontroller abzielt. Des weiteren wird für Signaturen in Hardware ein Framework zur Implementierung einer Gruppe von Signaturverfahren, die auf multivariaten quadratischen Gleichungen beruhen, vorgestellt. Abhängig vom gewählten Verfahren dieser Gruppe zeigen multivariate Signaturen im Hinblick auf den Flächenverbrauch und den Durchsatz bessere Eigenschaften als elliptische Kurven. Das McEliece Verschlüsselungssystem ist ein alternatives Verfahren, von dem lange geglaubt wurde dass es auf eingebetteten Plattformen nicht implementerbar sei aufgrund der enormen Schlüsselgrößen. In dieser Arbeit

8 wird gezeigt dass durch die vorgestellten Methoden nicht nur die Implementierung ermöglicht wird, sie sogar vergleichbare Leistungsmerkmale wie die gängigen Verfahren erreichen. Eine weitere Bedrohung für eingebettete Systeme sind physikalische Angriffe. Eingebettete Systeme werden oft in Umgebungen eingesetzt, in denen mögliche Angreifer physischen Zugang haben, wodurch Seitenkanalangriffe möglich werden. Der zweite Teil dieser Arbeit untersucht Methoden zur effizienten Analyse der Seitenkanalresistenz von eingebetteten Implementierungen. Durch die Anwendung von Simulationsmethoden wird die Möglichkeit zur Evaluation von Logistilen und Schaltungskonzepten gezeigt. Durch diese Methoden wird eine bisher unentdeckte Schwachstelle in MDPL und imdpl, also Logikstilen, die bis jetzt als seitenkanalresistent galten, aufgedeckt. Des weiteren wird ein neuentwickelter Angriff auf die KeeLoq-Chiffre vorgestellt. Durch das Anwenden dieses Angriffs auf Keeloq-basierte Funktüröffnersysteme werden die möglichen Gefahren der Seitenkanalangriffe für eingebettete Systeme demonstriert. Hierdurch werden die Schwierigkeiten der praktischen Anwendung der Seitenkanalanalyse in einem black-box Szenario hervorgehoben und Lösungen aufgezeigt. Abschließend werden hochfortschrittliche Techniken der Seitenkanalanalyse angewendet um nur durch die Messung seines Stromverbrauchs den Programmablauf eines Mikrocontrollers zu rekonstruieren. Die vorgestellten generischen Methoden können auf Mikrocontrollerplatformen angewendet werden um einen Disassembler mit einer annähernd optimalen Codeerkennungsrate zu bauen. Schlagworte Kryptographie, Assymetrische Kryptografie, Software, Hardware, Eingebettet, Sicherheit, Seitenkanalanalyse, Stromprofilanalyse, Disassembler. viii

9 Acknowledgements This thesis is the result of three years of research in cryptography which I performed as a member of the Embedded Security Group headed by Professor Christof Paar. Being part of this lively group enabled fruitful interaction with many different people, not only resulting in several joint projects, but also to new friendships. Special thanks to Christof Paar for accepting me as a PhD student and for providing excellent working conditions for me and his whole group. He is exceptional at motivating people and extremely supportive. I also want to thank my colleagues who supported this work in discussions and joint projects, namely Andrey Bogdanov, who defended his thesis back to back with me, Tim Güneysu, the COPACOBANA-tamer, Stefan Heyse who teaches FPGAs and microcontrollers higher math, Markus Kasper, whom I should not have reduced to his beloved hardware Trojan, Timo Kasper, the only remaining long-haired guy in the group, Sandeep Kumar, the easy rider, Kerstin Lemke- Rust, the quiet side channel authority, Amir Moradi whose competence has seriously scared the German immigration authority, Martin Novotny, the real inventor of skype, Axel Poschmann the traveler between worlds, Francesco Regazzoni, the only true European I know, Andy Rupp who definitely beat Dario in the barbecue contest, Kai Schramm who introduced me into the magic world of side channel analysis, Daehyun Strobel, the new Mr. side channel disassembler, Christopher Wolf, a.k.a. Mr. HGI, and Marko Wolf, our car expert. Special thanks to Irmgard, the inofficial boss of the group, who helped me a lot in getting my thesis submitted remotely and in time, to Horst and his unrecognized support in the early phase of the Keeloq project and to Karsten, who have all been an integral part of the group for many years. I also want to thank the students in whose theses I participated as supervisor, of which many contributed to my research efforts and some also led to successful publications, especially Michael Dubs, Martin Goldack, Olli Grieb, Olli Mischke, Sören Rinne, Sebastian Rohde, Björn Weghenkel, and Malte Wienecke. Finally I want to thank Andreas Gornik who supported the writing of this thesis by proof reading and suggesting changes and Jennifer Strauß for creating the wonderful cover picture. Of course special thanks to my parents for their love and support, and to my brother, who often had to do last minute checks of material which he certainly never enjoyed reading. And of course to my wife Ricarda who, besides proof reading and organizing, also provided support, love, and a lot of patience.

10

11 Table of Contents 1 Introduction Motivation Summary of Research Contributions Post Quantum Cryptography Side Channel Analysis I Post Quantum Cryptography 7 2 Introduction to Post Quantum Cryptography Motivation Quantum Computers and Cryptography Post-Quantum Algorithms Implementation of PQC Algorithms Fast Hash-Based Signatures on Constrained Devices Motivation Hash-Based Signature Scheme Key Generation Signature Generation Signature Verification Security Time and Memory Requirements Hash Functions on Embedded Microcontrollers Choosing F Choosing a Hash Function G for Digest Generation Comparison to Dedicated Hash Functions Implementation Details and Target Platform Target Platform AES Implementations Memory Management Key Generation Side Channel Resistance

12 Table of Contents 3.6 Choice of Parameters and Implementation Results Ultra-Lightweight Hash-Based Signatures using DES Hardware Acceleration Conclusion High Performance Multivariate Quadratic Signatures Motivation Foundations of MQ Signature Schemes General Structure Signature Generation Description of Selected Schemes Unbalanced Oil and Vinegar Rainbow Enhanced TTS Amended TTS Solving Systems of Linear Equations in Hardware Two-Dimensional SLE Solver Architectures over F 2 k One-Dimensional SLE Solver Architectures for F 2 k Building Blocks for MQ-Signature Cores Matrix-Vector Multiplier and Polynomial Evaluator Equation Register Word Rotator Signature Engines for Small-Field MQ Schemes UOV Rainbow entts and amtts Results and Conclusion High-Throughput Asymmetric Encryption: The McEliece Cryptosystem Motivation Previous Work Background on the McEliece Cryptosystem Classical Goppa Codes Security Parameters Design Criteria for Embedded Systems Requirements and Assumptions Side Channel Vulnerability of McEliece Reducing Memory Requirements Implementation on AVR Microprocessors Generation and Storage of Matrices System and Compiler Limitations Implementation on Xilinx FPGAs xii

13 Table of Contents 5.7 Results Conclusion II Side Channel Analysis 79 6 Introduction to Side Channel Analysis Overview Power Analysis Simple Power Analysis Differential Power Analysis Performing a DPA Countermeasures Against Power Analysis Simulation of Power Leakage in Hardware Motivation Examination of Logic Styles Development of Logic Styles General Examination Methods for Logic Styles Evaluating the Power Leakage of MCML MOS Current Mode Logic (MCML) Design and Simulation Flow Power Analysis of CMOS and MCML Attacking Logic Styles Employing Single Rail Masked Flip Flops Information Leakage of Flip-Flops Attacking Single Mask Bit Registers Simulation Results The Impact of Fault Countermeasures to Side Channel Vulnerability Fault Attacks and Countermeasures Error Detection Circuits for the AES Results of power attacks using simulated data Conclusion Breaking a real System: DPA on KeeLoq Motivation Background Code Hopping Protocol Key Derivation Schemes Related Work DPA on KeeLoq Building a Powerful DPA for KeeLoq xiii

14 Table of Contents Details of the Hardware Attack Details of the Software Attack Attacks and Implications Cloning a Transmitter Recovering a Manufacturer Key Cloning any Transmitter without Physical Access Denial of Service Conclusion Power Disassembler: A Disassembler Based on Side Channel Analysis Motivation Extracting Information from Side Channel Leakage How to Include Code Properties Optimal Instruction Reconstruction Reconstructing a Program from Side Channel Leakage Template Construction Source Code Analysis Analyzing Programs Applications and Implications Conclusion III Appendix 153 Bibliography 155 List of Figures 174 List of Tables 176 About the Author 179 Publications 181 xiv

15 Chapter 1 Introduction This chapter outlines the work presented in this thesis. The two main aspects of this work, namely cryptographic implementation and side channel analysis, are set into the context of the ongoing research in applied cryptography and embedded security. The Motivation is followed by a summary of the research contributions presented in this thesis. Contents of this Chapter 1.1 Motivation Summary of Research Contributions Motivation Increasingly, many devices of everyday life are equipped with computing power. Not only luxury products such as cars and mobile phones are provided with computing capabilities that twenty years ago could be achieved by super computers only. Even much simpler devices including many home appliances or even throw-away products like printer cartridges feature computing capabilities in form of small and cheap microcontrollers. Today, already more than 98% of all manufactured microprocessors are employed in embedded applications rather than in traditional personal computers. An increasing number of these embedded devices are enabled to communicate amongst each other and form networks. This upcoming trend is usually referred to as pervasive computing. Examples of pervasive applications include RFID tags, admission tickets, ID cards, payment via mobile phone or even public transportation passes. Many new and useful services for end users as well as industry are enabled by the capability of these devices to communicate and interact. Accordingly, pervasive systems proliferate at an increasing speed. A side effect of the increasing interconnectedness is a possible vulnerability of these embedded systems. Attacks that have formerly been restricted to PCs can suddenly be launched against cars, tickets, ID cards or even pacemakers. At the same time the security awareness of users and manufacturers of such systems is much lower than in classical PC environments. This renders security one key aspect of embedded systems, and certainly of most pervasive computing applications.

16 Chapter 1. Introduction Cryptography provides many of the security services required by pervasive applications. Yet, due to tight constraints in cost and computing power efficient hardware and software implementations of cryptographic algorithms are of utmost importance to enable the vision of pervasive computing. The computational complexity inherent in ciphers poses a major challenge on system designers and implementers. One of the biggest challenges is the implementation of public key cryptography on embedded devices. Even optimized implementations of asymmetric algorithms, e.g., elliptic curve cryptography (ECC), are orders of magnitude more expensive than established symmetric primitives like the AES. Yet, asymmetric primitives are required for many security services, such as key establishment between parties and digital signatures. Many applications like car-to-car communication, ecash or the prevention of product counterfeiting can only be realized with asymmetric cryptography, making efficient asymmetric schemes a technology enabler. In practice, almost all security implementations in use nowadays employ RSA, ElGamal, or ECC as asymmetric scheme. However, these cryptosystems rely on two related security primitives, namely the factoring problem (FP) and the discrete logarithm problem (DLP), which are also known to be closely related. With a significant breakthrough in cryptanalysis or a major improvement of the best known attacks on these problems a large number of currently employed cryptosystems may turn out to be insecure overnight. While the design of efficient symmetric ciphers is well understood and a possibly broken cipher can usually be replaced quite easily for symmetric systems, the situation for asymmetric cryptography is different. Only few alternative algorithms that depend on other security assumptions have been proposed as alternative or even replacement for the abovementioned prevailing primitives. Yet, as the establishment of RSA and later ECC have shown, asymmetric primitives need a thorough study of implementational aspects until they reveal their full potential. One factor that has been out of scope of scientific research on many of these alternative primitives is the efficiency with regard to implementation on embedded systems. Not only is it desirable to have alternatives ready for the case RSA and ECC might get broken. Some of the alternative schemes can also turn out to be more efficient than current schemes, possibly possessing better implementation properties than prevailing ones. Accordingly, the study of implementational aspects of alternative public key cryptosystems can influence the cost, performance, and security of future embedded security applications. But efficient implementation of cryptography is only one aspect of embedded security. Other security aspects need to be considered when building secure embedded crypto systems. In classical scenarios malicious attacks targeted wired or wireless communication interfaces. Of course these classical attack scenarios like viruses, trojan horses, spoofing, phishing or denial of service attacks also exist for pervasive systems. But there are also new attacks that can typically not be executed on classical PC systems. Since an attacker usually has physical access to an embedded device, a whole new class of attacks, so called physical attacks, become highly relevant. Having access to the device enables the attacker to monitor the device or even tamper with it while the device is performing security critical operations, i.e., cryptographic algorithms. By measuring so-called side channels such as the power consumption or the electromagnetic emanation of a device the attacker gains additional information finally enabling her to break the cryptographic scheme. This class of attacks is usually referred to as side channel analysis. Specifically power 2

17 1.2 Summary of Research Contributions analysis and EM analysis are some of the strongest attacks targeting cryptographic implementations. At the same time they are most difficult to prevent. These relatively new attacks easily break implementations of mathematically highly secure standards, such as AES and RSA. Though many countermeasures have been discussed, they are usually quite costly in terms of execution time, power consumption, and code size or area in software or hardware, respectively. This collides with tough cost constraints in embedded systems design, putting great challenges on designers and implementers of embedded security solutions. Affordable methods for preventing physical attacks are of high importance for implementers. At the same time better methods for analysis lead to a more thorough understanding of side channel leakage and, consequently, smarter countermeasure designs. Only well understood methods can then also be integrated into standardized design flows, for which a reliable prediction of side channel leakage is required. This thesis focuses on two of the most pressing problems in current embedded cryptology research: Implementational aspects of alternative public key cryptosystems are discussed in the first part of this thesis. The second part of this thesis explores how to efficiently analyze the side channel resistance of embedded systems and presents new applications for side channel methods. 1.2 Summary of Research Contributions One important aspect of the design of cryptography for embedded systems are the tough cost constraints. This is why usually specialized implementations are realized. The designs are implemented either in hardware, namely as ASIC or FPGA, or on constrained software platforms, usually on microcontrollers. A key issue of this thesis is the design and implementation of applied cryptography for embedded systems, including software implementations for embedded processors and hardware implementations for FPGAs. We 1 focus on the efficient implementation of asymmetric cryptosystems, because in contrast to the identified need for alternatives, almost no prior work has been performed with regard to embedded systems. For hardware applications, FPGAs are the ideal platform for prototyping and low-quantity product lines. Our hardware implementations are based on the low-cost Xilinx Spartan 3 series, as it provides good performance at a low cost. At the same time FPGA implementations also give an approximation for the complexity of an ASIC implementation. Embedded systems featuring software implementations are still predominated by 8-bit microcontrollers, due to their low cost and low power consumption. For this case efficient implementation is even more critical, as 8-bit platforms are usually very constrained in computing power and memory resources. For all implementations we used the Atmel AVR family of microcontrollers. AVR microcontrollers are available from very simple and hence cheap devices up to devices featuring orders of magnitude more memory and lots of integrated peripherals. Yet, all can be programmed using the same instruction set, making the presented implementations available to a wide range of products. 1 Though this thesis represents my own work, some parts result from joint research projects with other contributors. Therefore, I prefer to use we rather than I throughout this thesis. 3

18 Chapter 1. Introduction Another topic focused in this thesis is the analysis of side channel attacks, their implications, and countermeasures. Side channel analysis is a major concern for embedded security design. Methods for analyzing security properties are inevitable for finding efficient and effective security solutions. For exploring the vulnerability of embedded systems to side channel attacks, ASIC designs and FPGA designs do not compare very well. Due to the structure of FPGAs, their leakage is different to the leakage of ASICs. Furthermore, studying the leakage of FPGA implementation is more comparable to that of software implementations. Once a side channel measurement environment is set up, modifications can be reloaded quickly to the system to study the effects on the leakage. In the ASIC case, new measurements are always delayed by the ASIC s long and expensive production cycles. This is also the reason for the availability of complex and accurate simulation tools for ASIC designs. Contrary to microcontroller designs, these tools need to be utilized for predicting side channel leakages as well. This thesis shows how side channel methods are applied in practice and how to analyze side channel properties based on simulation only. Possible implications and benefits for other areas of research, especially for reverse engineering and forensics, have not been studied extensively, yet. We also explore some application scenarios of side channel analysis outside of cryptanalysis and present feasible methods for these applications Post Quantum Cryptography Theoretic research and cryptanalysis of a cryptosystem increases the credibility of the schemes while researching the implementational aspects increases the usability of a cryptosystem. This part focuses on the latter point, namely on the implementational aspects of a family of public key cryptosystems, so-called post quantum cryptosystems. Post quantum cryptosystems rely on different security assumptions than the prevalent asymmetric schemes, i.e., RSA and ECC. As the name implies the discussed schemes are also believed to resist cryptanalysis based on quantum computers, if parameters are chosen correctly. Our focus is to identify public key cryptosystems that achieve comparable performance to the prevalent ones while relying on different security assumptions, to foster variety of adopted public key schemes. An overview to post quantum cryptography is given in Chapter 2. Merkle Signature Scheme The Merkle Signature Scheme is a signature scheme based on the repeated use of a secure oneway function, typically a hash function. The security of Merkle signatures can be proved based on the security of the underlying one-way function. Several of the scheme s parameters influence properties like signature performance, signature size and key sizes, and security level. The performance also relies strongly on the performance of the employed one-way function, making the study of hash functions for embedded systems an important issue. One-way functions are mostly optimized for software implementation. Due to the flexibility of the scheme and the strong reliance on the performance of the one-way function, we implemented Merkle signatures in software. In this context we also explored whether an existing symmetric crypto engine of a 4

19 1.2 Summary of Research Contributions system can also be used to strongly increase the performance of the signature engine. Details of the implemented scheme are presented in Chapter 3. Parts of the presented work have been published by the author as [RED + 08a] and [RED + 08b]. Multivariate Quadratic Signatures Another class of signature schemes is based on the problem of solving multivariate quadratic equations, which is known to be NP-complete. The core operations for generating multivariate signatures are matrix-vector multiplication and solving systems of linear equations. Both tasks can be efficiently performed on modern hardware platforms such as FPGAs. Another advantage of modern FPGAs are large integrated block RAMs that can be used to store the rather large keys of multivariate quadratic schemes. Parts of this work presented in Chapter 4 have been published as [BERW08]. McEliece Encryption For completing the portfolio of alternative crypto schemes, we still miss an asymmetric encryption scheme. The McEliece encryption scheme has already been proposed in the seventies and has withstood all major cryptanalysis since. It has received only little attention by implementers due to its large key size. The constantly increasing memory sizes in embedded systems, true for microcontrollers as well as FPGAs, make McEliece more realistic. At the same time new methods for decreasing the key size or even generating the key on-the fly have shifted the attention back to this scheme. Software and hardware implementation of this scheme are presented in Chapter 5. This work is to appear in [EGHP09] Side Channel Analysis Side Channel Analysis has received substantial improvement in the last decade. One area of high activity is power and electromagnetic analysis where many improved analysis methods and especially countermeasures have been developed. This work outlines the potential of side channel methods in embedded crypto design, for analysis of cryptographic implementations, and also the yet mostly undiscussed perspective of applications outside of cryptography. We want to show ways to effectively perform power analysis in practice as well as methods enabling to predict power leakage based on simulation. Finally we show that the developed methods can also be applied to other problems in embedded systems analysis outside of cryptography. An overview of side channel analysis with a focus on differential power analysis is given in Chapter 6. Simulation of Power Analysis Attacks Simulation of the power consumption of ASICs has many advantages compared to real measurements. Simulations feature perfect reproducibility, are almost noise free, make advanced 5

20 Chapter 1. Introduction measurement setup superfluous, but most of all they can be performed before a final chip has been manufactured. Hence, simulations are very interesting for exploring the behavior of cryptographic hardware designs. This is especially true for investigating the leakage of hardware countermeasures and other special hardware constructions. The advantages of course come at the price of just working on models, so the outcome in some cases slightly differs from real circuits. Simulating large circuits at high accuracy can furthermore become very time consuming because of the increasing computational complexity of the simulation. A thorough discussion with several example applications is presented in Chapter 7. Some of the results have been published in [RBE + 07, REG + 07, REB + 08, MEP + 08, REP + 09]. A Practical Side Channel Attack: Breaking KeeLoq Side channel attacks have often been considered as a very theoretical attacking method. They are mostly performed by security evaluation labs and universities, usually on known implementations. Performing an attack in a black-box scenario reveals many pitfalls that are often left unconsidered when performing attacks in a white-box scenario and in fully controlled lab environments. It also shows the possible implications that the failure of a cryptographic component can jeopardize the security of the whole system. A description of the attack and its implications is given in Chapter 8. The attack has been published as [EKM + 08]. Side Channel Analysis for Recovering Programs Side channel analysis is a strong method to break cryptographic implementations by recovering the key. The methods have been improved for more than ten years by a large research community. The methods allow for extracting much information about inner behavior of the target device. Besides information about the processed data, the power and EM side channels contain additional information about the inner behavior of the target device. Side channel methods have even been proposed to detect trojans in ASIC architectures [ABK + 07]. For embedded microprocessors, reliably recovering information such as the executed instructions turns out to be feasible. Side channel methods, especially so-called template attacks, turn out to be a very handy tool for these applications. A methodology to recover executed instructions from side channel information only is presented in Chapter 9. This work is to be published in conjunction with Christof Paar and Björn Weghenkel. 6

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert

More information

3. Constructing Nonresidues in Finite Fields and the Extended Riemann Hypothesis. 4. Algorithms for linear algebra problems over principal ideal rings

3. Constructing Nonresidues in Finite Fields and the Extended Riemann Hypothesis. 4. Algorithms for linear algebra problems over principal ideal rings 1. Faktorisierung großer Zahlen 2. On smooth ideals in number fields 3. Constructing Nonresidues in Finite Fields and the Extended Riemann Hypothesis 4. Algorithms for linear algebra problems over principal

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

CRYPTOGRAPHIC LONG-TERM SECURITY PERSPECTIVES FOR

CRYPTOGRAPHIC LONG-TERM SECURITY PERSPECTIVES FOR By JOHANNES BUCHMANN, ALEXANDER MAY, and ULRICH VOLLMER PERSPECTIVES FOR CRYPTOGRAPHIC LONG-TERM SECURITY Cryptographic long-term security is needed, but difficult to achieve. Use flexible cryptographic

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Side Channel Analysis and Embedded Systems Impact and Countermeasures Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side

More information

PUF Physical Unclonable Functions

PUF Physical Unclonable Functions Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 ID Quantique Photon Counters Services Quantum Random Number Generators Technology

More information

Post-Quantum Cryptography #2

Post-Quantum Cryptography #2 Post-Quantum Cryptography #2 Prof. Claude Crépeau McGill University 49 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate

More information

Real-World Post-Quantum Digital Signatures

Real-World Post-Quantum Digital Signatures Real-World Post-Quantum Digital Signatures Denis Butin 1, Stefan-Lukas Gazdag 2, and Johannes Buchmann 1 1 TU Darmstadt 2 genua mbh CSP Forum 2015, Brussels 1 / 14 Post-Quantum Digital Signatures 2 / 14

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

A Novel Approach for Signing Multiple Messages: Hash- Based Signature

A Novel Approach for Signing Multiple Messages: Hash- Based Signature International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 15 (2014), pp. International Research Publications House http://www. irphouse.com A Novel Approach for Signing

More information

Pervasive Computing und. Informationssicherheit

Pervasive Computing und. Informationssicherheit Pervasive Computing und 11. Symposium on Privacy and Security Rüschlikon, 13. September 2006 Prof. Christof Paar European Competence Center for IT Security www.crypto.rub.de Contents 1. Pervasive Computing

More information

Lightweight Cryptography From an Engineers Perspective

Lightweight Cryptography From an Engineers Perspective Lightweight Cryptography From an Engineers Perspective ECC 2007 Acknowledgement Christof Paar A. Bogdanov, L. Knudsen, G. Leander, M. Robshaw, Y. Seurin, C. Vikkelsoe S. Kumar 2 Outline Motivation Hardware

More information

A Question of Key Length

A Question of Key Length A Question of Key Length Does Size Really Matter When It Comes To Cryptography? White Paper December 7, 2015 By Alessio Di Mauro A Question of Key Length 2015 Yubico. All rights reserved. Page 1 of 10

More information

MEng, BSc Applied Computer Science

MEng, BSc Applied Computer Science School of Computing FACULTY OF ENGINEERING MEng, BSc Applied Computer Science Year 1 COMP1212 Computer Processor Effective programming depends on understanding not only how to give a machine instructions

More information

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

More information

Fighting product clones through digital signatures

Fighting product clones through digital signatures Paul Curtis, Katrin Berkenkopf Embedded Experts Team, SEGGER Microcontroller Fighting product clones through digital signatures Product piracy and forgery are growing problems that not only decrease turnover

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice THIRD EDITION William Stallings Prentice Hall Pearson Education International CONTENTS CHAPTER 1 OVERVIEW 1 1.1 1.2 1.3 1.4 1.5 1.6 PART ONE CHAPTER

More information

Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.

Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC. A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various

More information

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/ Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP

More information

Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst. Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR William Stallings Copyright 20010 H.1 THE ORIGINS OF AES...2 H.2 AES EVALUATION...3 Supplement to Cryptography and Network Security, Fifth Edition

More information

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

More information

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN 0-321-24744-2.

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN 0-321-24744-2. CSET 4850 Computer Network Security (4 semester credit hours) CSET Elective IT Elective Current Catalog Description: Theory and practice of network security. Topics include firewalls, Windows, UNIX and

More information

Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography. Performance Comparison and Benchmarking Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

More information

Cryptographic mechanisms

Cryptographic mechanisms General Secretariat for National Defence Central Directorate for Information Systems Security PRIME MINISTER Paris, 2007 september 14 No. 1904/SGDN/DCSSI/SDS/LCR Cryptographic mechanisms Rules and recommendations

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

More information

SECURITY IN LOW RESOURCE ENVIRONMENTS

SECURITY IN LOW RESOURCE ENVIRONMENTS SECURITY IN LOW RESOURCE ENVIRONMENTS SECURERF WHITE PAPER The discovery of a decades old technology is now promoted by many as the Next Big Thing. This discovery, Radio Frequency Identification (RFID),

More information

A SOFTWARE COMPARISON OF RSA AND ECC

A SOFTWARE COMPARISON OF RSA AND ECC International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

More information

MEng, BSc Computer Science with Artificial Intelligence

MEng, BSc Computer Science with Artificial Intelligence School of Computing FACULTY OF ENGINEERING MEng, BSc Computer Science with Artificial Intelligence Year 1 COMP1212 Computer Processor Effective programming depends on understanding not only how to give

More information

1.Context... 3. What is the problem with current cryptographic techniques?... 3. 2.Current Quantum Key Distribution (QKD)... 4

1.Context... 3. What is the problem with current cryptographic techniques?... 3. 2.Current Quantum Key Distribution (QKD)... 4 Page 2 Table of contents 1.Context... 3 What is the problem with current cryptographic techniques?... 3 2.Current Quantum Key Distribution (QKD)... 4 What is Quantum Cryptography?... 4 How does QKD improve

More information

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 15 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart OV-Chipkaart Security Issues Tutorial for Non-Expert Readers The current debate concerning the OV-Chipkaart security was

More information

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in

More information

Horst Görtz Institute for IT-Security

Horst Görtz Institute for IT-Security Horst Görtz Institute for IT-Security On the Vulnerability of FPGA Bitstream Encryption against Power Analysis Attacks Extracting Keys from Xilinx Virtex-II FPGAs Amir Moradi, Alessandro Barenghi, Timo

More information

A hard problem: Disclosing how to break public key cryptosystems

A hard problem: Disclosing how to break public key cryptosystems A hard problem: Disclosing how to break public key cryptosystems Audun Jøsang Abstract. New results in cryptanalysis are constantly being presented in the academic community, and this process poses no

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

More information

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

INFORMATION SECURITY PRINCIPLES AND PRACTICE

INFORMATION SECURITY PRINCIPLES AND PRACTICE INFORMATION SECURITY PRINCIPLES AND PRACTICE Mark Stamp San Jose State University 'INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION Preface About The Author Acknowledgments xv xix xxi 1 INTRODUCTION

More information

Cryptography and Network Security: Summary

Cryptography and Network Security: Summary Cryptography and Network Security: Summary Timo Karvi 12.2013 Timo Karvi () Cryptography and Network Security: Summary 12.2013 1 / 17 Summary of the Requirements for the exam The advices are valid for

More information

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras Cryptography & Network Security Introduction Chester Rebeiro IIT Madras The Connected World 2 Information Storage 3 Increased Security Breaches 81% more in 2015 http://www.pwc.co.uk/assets/pdf/2015-isbs-executive-summary-02.pdf

More information

CRYPTOGRAPHY AND NETWORK SECURITY

CRYPTOGRAPHY AND NETWORK SECURITY CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE SIXTH EDITION William Stallings International Edition contributions by Mohit P Tahiliani NITK Surathkal PEARSON Boston Columbus Indianapolis New

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

More information

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT Merlin Shirly T 1, Margret Johnson 2 1 PG

More information

Cryptanalysis with a cost-optimized FPGA cluster

Cryptanalysis with a cost-optimized FPGA cluster Cryptanalysis with a cost-optimized FPGA cluster Jan Pelzl, Horst Görtz Institute for IT-Security, Germany UCLA IPAM Workshop IV Special Purpose Hardware for Cryptography: Attacks and Applications December

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Physical Security: Status and Outlook

Physical Security: Status and Outlook Physical Security: Status and Outlook ECRYPT II: Crypto for 2020 January 22-24, Tenerife, Spain Stefan Tillich Ideal World P C 2 Real World P C, C,errC 3 Implementation Attacks First publication ~ 16 years

More information

Implementation of Full -Parallelism AES Encryption and Decryption

Implementation of Full -Parallelism AES Encryption and Decryption Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption

More information

CoProcessor Design for Crypto- Applications using Hyperelliptic Curve Cryptography

CoProcessor Design for Crypto- Applications using Hyperelliptic Curve Cryptography CoProcessor Design for Crypto- Applications using Hyperelliptic Curve Cryptography 28. Februar 2008 Alexander Klimm, Oliver Sander, Jürgen Becker Institut für Technik der Informationsverarbeitung Sylvain

More information

CRYPTOG NETWORK SECURITY

CRYPTOG NETWORK SECURITY CRYPTOG NETWORK SECURITY PRINCIPLES AND PRACTICES FOURTH EDITION William Stallings Prentice Hall Upper Saddle River, NJ 07458 'jkfetmhki^^rij^jibwfcmf «MMr""'-^.;

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

HASH CODE BASED SECURITY IN CLOUD COMPUTING

HASH CODE BASED SECURITY IN CLOUD COMPUTING ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security

More information

Introduction to post-quantum cryptography

Introduction to post-quantum cryptography Introduction to post-quantum cryptography Daniel J. Bernstein Department of Computer Science, University of Illinois at Chicago. 1 Is cryptography dead? Imagine that it s fifteen years from now and someone

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS) A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS) Ashraf Odeh 1, Shadi R.Masadeh 2, Ahmad Azzazi 3 1 Computer Information Systems Department, Isra University,

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

A New Efficient Digital Signature Scheme Algorithm based on Block cipher IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Fast Hash-Based Signatures on Constrained Devices

Fast Hash-Based Signatures on Constrained Devices Fast Hash-Based Signatures on Constrained Devices Sebastian Rohde 1, Thomas Eisenbarth 1, Erik Dahmen 2, Johannes Buchmann 2, and Christof Paar 1 1 Horst Görtz Institute for IT Security Ruhr University

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE

More information

MAR. 2013 NEWS. No. 426. MORIAI Shiho. AONO Yoshinori

MAR. 2013 NEWS. No. 426. MORIAI Shiho. AONO Yoshinori MAR. 2013 NEWS No. 426 3 01 MORIAI Shiho 03 AONO Yoshinori 06 07 09 10 MORIAI Shiho Director of Security Fundamentals Laboratory, Network Security Research Institute Graduated in 1993. Joined NICT in 2012

More information

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION Prof. Dr. Alaa Hussain Al- Hamami, Amman Arab University for Graduate Studies Alaa_hamami@yahoo.com Dr. Mohammad Alaa Al-

More information

Evaluation of Digital Signature Process

Evaluation of Digital Signature Process Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Cryptography & Digital Signatures

Cryptography & Digital Signatures Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.

More information

A New Generic Digital Signature Algorithm

A New Generic Digital Signature Algorithm Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

More information

Quantum Computing. Robert Sizemore

Quantum Computing. Robert Sizemore Quantum Computing Robert Sizemore Outline Introduction: What is quantum computing? What use is quantum computing? Overview of Quantum Systems Dirac notation & wave functions Two level systems Classical

More information

Lightweight code-based identification and signature

Lightweight code-based identification and signature Lightweight code-based identification and signature Philippe Gaborit XLIM-DMI, Université de Limoges, 123 av Albert Thomas, 87000, Limoges, France Email: gaborit@unilimfr Marc Girault France Télécom Division

More information

Lightweight Cryptography. Lappeenranta University of Technology

Lightweight Cryptography. Lappeenranta University of Technology Lightweight Cryptography Dr Pekka Jäppinen Lappeenranta University of Technology Outline Background What is lightweight Metrics Chip area Performance Implementation tradeoffs Current situation Conclusions

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Wireless Mobile Internet Security. 2nd Edition

Wireless Mobile Internet Security. 2nd Edition Brochure More information from http://www.researchandmarkets.com/reports/2330593/ Wireless Mobile Internet Security. 2nd Edition Description: The mobile industry for wireless cellular services has grown

More information

Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

More information

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

More information

AES Power Attack Based on Induced Cache Miss and Countermeasure

AES Power Attack Based on Induced Cache Miss and Countermeasure AES Power Attack Based on Induced Cache Miss and Countermeasure Guido Bertoni, Vittorio Zaccaria STMicroelectronics, Advanced System Technology Agrate Brianza - Milano, Italy, {guido.bertoni, vittorio.zaccaria}@st.com

More information