Triathlon of Lightweight Block Ciphers for the Internet of Things

Similar documents

Thanks, But No Thanks

AES1. Ultra-Compact Advanced Encryption Standard Core. General Description. Base Core Features. Symbol. Applications

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Lightweight Cryptography From an Engineers Perspective

Introduction of Information Security Research Division

The new 32-bit MSP432 MCU platform from Texas

Lightweight Encryption Protocol for Passive RFID System using SIMON

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

An Introduction to Cryptography as Applied to the Smart Grid

IoT Security Platform

SPINS: Security Protocols for Sensor Networks

Performance Investigations. Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL

The Misuse of RC4 in Microsoft Word and Excel

ETSI TS V1.2.1 ( )

Table of Contents. Bibliografische Informationen digitalisiert durch

Vulnerabilities in WEP Christopher Hoffman Cryptography

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Pervasive Computing und. Informationssicherheit

SEMICONDUCTOR WIRELESS SENSOR NETWORK MARKET EXECUTIVE SUMMARY. Wireless Sensor Network Energy Harvesting And Storage Applications

Secure, Efficient, and Open Standard Internet of Things

The Encryption Technology of Automatic Teller Machine Networks

RAIN RFID and the Internet of Things: Industry Snapshot and Security Needs. Matt Robshaw and Tyler Williamson Impinj Seattle, USA

EXAM questions for the course TTM Information Security May Part 1

Practical applications of Lightweight Block Ciphers to Secure EtherNet/IP Networks

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

NXP & Security Innovation Encryption for ARM MCUs

Summary of Results. NGINX SSL Performance

2014 IBM Corporation

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

Side Channel Analysis and Embedded Systems Impact and Countermeasures

The Internet of Things: Opportunities & Challenges

ECC is Ready for RFID A Proof in Silicon

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Current and Future Trends in Medical Electronics

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

IoT Security Concerns and Renesas Synergy Solutions

AES-GCM for Efficient Authenticated Encryption Ending the Reign of HMAC-SHA-1?

Evaluating The Performance of Symmetric Encryption Algorithms

Caught in the Maze of Security Standards

Making Sense of Internet of Things Protocols and Implementations

Problems of Security in Ad Hoc Sensor Network

Secure Internet of Things Project

Strengthen RFID Tags Security Using New Data Structure

IT Networks & Security CERT Luncheon Series: Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Internet of Things 2015/2016

Fast Software AES Encryption

Computer Security: Principles and Practice

Secure Internet of Things Project (SITP)

CS 758: Cryptography / Network Security

How To Understand The Concept Of Internet Of Things (Iot)

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols/Standards

RIOT CONTROL The Art of Managing Risk for Internet of Things

Message Authentication Codes

Cryptographic Hash Functions Message Authentication Digital Signatures

Authentication requirement Authentication function MAC Hash function Security of

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

NanopowerCommunications: Enabling the Internet of Things OBJECTS TALK

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Cryptography and Network Security

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

The Internet of Things (IoT)

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

Securing IP Networks with Implementation of IPv6

A Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

Selecting the Right MCU Can Squeeze Nanoamps out of Your Next Internet of Things Application

Password-based encryption in ZIP files

BlackBerry Enterprise Solution

Usable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014

Secure Network Communications FIPS Non Proprietary Security Policy

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

In the pursuit of becoming smart

Network Security - ISA 656 Introduction to Cryptography

EDA385 Embedded Systems Design. Advanced Course

Microsemi Security Center of Excellence

National Security Agency Perspective on Key Management

A Road Map on Security Deliverables for Mobile Cloud Application

ETHERNET ENCRYPTION MODES TECHNICAL-PAPER

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Fast Implementations of AES on Various Platforms

H MICRO CASE STUDY. Device API + IPC mechanism. Electrical and Functional characterization of HMicro s ECG patch

The Impact of IoT on Semiconductor Companies

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

NVM memory: A Critical Design Consideration for IoT Applications

Single Sign-On Secure Authentication Password Mechanism

Transcription:

NIST Lightweight Cryptography Workshop 2015 Triathlon of Lightweight Block Ciphers for the Internet of Things Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Leo Perrin, Johann Großschädl, Alex Biryukov Laboratory of Algorithmics, Cryptology and Security (LACS) University of Luxembourg http://lacs.uni.lu/members/johann_groszschaedl

Outline Lightweight Crypto for the IoT Benchmarking of Lightweight Ciphers Two application scenarios Implementation aspects Results Execution time, RAM footprint, code size 8-bit AVR, 16-bit MSP430, 32-bit ARM CortexM Figure of Merit (FOM) Conclusions 2 / 16

What are Things? Vehicle, asset, person & pet controlling and monitoring Agriculture automation Energy consumption Security & surveillance Building management Embedded mobile M2M & wireless sensor network Source: nkonnect.com Everyday things Smart homes Telemedicine & healthcare Processors embedded into everyday objects ( things ) Wireless communication (WiFi, Bluetooth, ZigBee) 3 / 16

IoT Forecast by Cisco Source: Cisco 4 / 16

Lightweight Cryptography Not meant to be Weak Cryptography Cryptographic primitives, schemes and protocols tailored to extremely constrained environments such as sensor nodes or RFID tags (Gligor 2005) Requirements for IoT Efficient in HW (performance, area, power) Efficient in SW (performance, RAM, code size) on many 8, 16, and 32-bit platforms Efficient protection against physical attacks Support of different functionality (encryption, hashing) 5 / 16

Benchmarking of Lightweight Ciphers Fair and consistent evaluation How well are existing LW suited for the IoT? What are the promising directions for new designs? 3 Core Metrics Execution time, RAM footprint, code size Other metrics can be derived or estimated thereof (e.g. energy consumption) 3 Platforms 8-bit AVR, 16-bit MSP430, 32-bit ARM CortexM Further platforms may be supported in the future 6 / 16

13 Considered Ciphers 7 / 16

Application Scenarios Scenario 1: Bulk Encryption Example: data transfer between two sensor nodes 128 bytes of data, CBC mode, 80-bit key We measure encryption + decryption + key schedule Representative for performance matters Scenario 2: Challenge-Response Authen. Example: access control, device authentication 128 bits of data, CTR mode, 80-bit key We measure encryption time (round keys pre-comp.) Representative for code size and RAM matter 8 / 16

Implementations Several Implementations for each cipher Between 2 and 24 implementations for each cipher (more than 100 in total) Different trade-offs, at least one speed-oriented and one size-oriented implementation Written in ANSI C Portability is very important in the IoT (many HW platforms and operating systems), Useful to assess new ciphers in early stages of the design phase Assembly implementations for AES and PRESENT 9 / 16

AES LED RC5 Scenario 1: Execution Time 3000000 AVR MSP ARM 2500000 2000000 Execution time (cycles) 1500000 1000000 500000 0 HIGHT Fantomas LBlock Piccolo PRINCE PRESENT Robin Simon Speck TWINE 10 / 16

AES LED RC5 Scenario 1: RAM footprint 700 650 AVR MSP ARM 600 550 500 RAM (bytes) 450 400 350 300 250 200 Fantomas HIGHT LBlock Piccolo PRESENT PRINCE Robin Simon Speck TWINE 11 / 16

AES LED RC5 Scenario 1: Code Size 10000 9000 AVR MSP ARM 8000 7000 Code size (bytes) 6000 5000 4000 3000 2000 1000 0 HIGHT Fantomas LBlock Piccolo PRESENT PRINCE Robin Simon Speck TWINE 12 / 16

AES LED RC5 Scenario 2: Execution Time 160000 140000 AVR MSP ARM 120000 Execution time (cycles) 100000 80000 60000 40000 20000 0 HIGHT Fantomas LBlock Piccolo PRINCE PRESENT Robin Simon Speck TWINE 13 / 16

AES LED RC5 Scenarion 2: RAM Footprint 400 AVR MSP ARM 350 300 RAM (bytes) 250 200 150 100 50 Fantomas HIGHT LBlock Piccolo PRESENT PRINCE Robin Simon Speck TWINE 14 / 16

AES LED RC5 Scenario 2: Code Size 4500 4000 AVR MSP ARM 3500 3000 Code size (bytes) 2500 2000 1500 1000 500 HIGHT Fantomas LBlock Piccolo PRESENT PRINCE Robin Simon Speck TWINE 15 / 16

Figure of Merit (FOM) 16 / 16

AES RC5 LED Scenario 1: FOM 45 40 35 30 25 20 15 10 5 0 Speck Simon Robin Fantomas LBlock HIGHT Piccolo PRESENT PRINCE TWINE 17 / 16

AES RC5 LED Scenario 2: FOM 55 50 45 40 35 30 25 20 15 10 5 0 Speck Simon Fantomas Robin LBlock HIGHT Piccolo PRESENT TWINE PRINCE 18 / 16

Conclusions Simon Wins Big! Consistently fast and small on all three platforms Best FOM score in both scenarios Speck on 2 nd place Other advantages (small silicon area, SCA protection) Runner Up: LS Designs Also fairly good on all three platforms FOM score twice as high as Simon Interesting from SCA perspective More security analysis needed 19 / 16

Triathlon Competition Submit implementations (assembly/c) of existing lightweight block ciphers (published at well-known conferences) for the 3 target devices (AVR, MSP, ARM). Based on the implementation performance figures on the 3 target devices (AVR, MSP, ARM) in the 2 evaluation scenarios, you get a number of points. Collect as many points as possible to win the Triathlon The first 3 players/teams by the number of points will be rewarded with special prizes First deadline: September 6, 2015 (before CHES) More info: https://cryptolux.org 20 / 16