Thanks, But No Thanks



Similar documents
Triathlon of Lightweight Block Ciphers for the Internet of Things

Performance Investigations. Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015

RAIN RFID and the Internet of Things: Industry Snapshot and Security Needs. Matt Robshaw and Tyler Williamson Impinj Seattle, USA

Using BroadSAFE TM Technology 07/18/05

Industry First X86-based Single Board Computer JaguarBoard Released

The Encryption Technology of Automatic Teller Machine Networks

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Cyber Security Practical considerations for implementing IEC 62351

Securing the Internet of Things

An Introduction to Cryptography as Applied to the Smart Grid

2014 IBM Corporation

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

PC Business Banking. Technical Requirements

CCN. CCNx 1.0 Internet of Things Architectural Overview. Computer Science Laboratory Networking & Distributed Systems March 2014

Pulse Secure, LLC. January 9, 2015

Figure 1: Application scheme of public key mechanisms. (a) pure RSA approach; (b) pure EC approach; (c) RSA on the infrastructure

CRYPTOGRAPHY AS A SERVICE

White Paper. Enhancing Website Security with Algorithm Agility

Standardizing the Internet of Things; Boiling the Ocean

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

National Security Agency Perspective on Key Management

Strong Authentication for Future Web Applications

NetScaler 2048-bit SSL Performance

High-speed high-security cryptography on ARMs

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

FIPS Security Policy LogRhythm or Windows System Monitor Agent

AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

ZEN NETWORKS 3300 PERFORMANCE BENCHMARK SOFINTEL IT ENGINEERING, S.L.

Is Your SSL Website and Mobile App Really Secure?

CRYPTOGRAPHY IN NETWORK SECURITY

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

FIPS Security Policy LogRhythm Log Manager

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

Steve Apps Senior Manager Accenture South Africa

GreenPeak White Paper Wireless Communication Standards for the Internet of Things

Enova X-Wall LX Frequently Asked Questions

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Secure, Efficient, and Open Standard Internet of Things

Software and Hardware Requirements

High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

efolder White Paper: The Truth about Data Integrity: 5 Questions to ask your Online Backup Provider

Summary of Results. NGINX SSL Performance

Cormant-CS System Requirements

NXP & Security Innovation Encryption for ARM MCUs

Fast Implementations of AES on Various Platforms

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

Cryptography & Network-Security: Implementations in Hardware

Table of Contents. Bibliografische Informationen digitalisiert durch

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Evaluating The Performance of Symmetric Encryption Algorithms

RSA Authentication for Secure Flashing of Automotive ECUs

Hardware and Software

Analysis of Secure Key Storage Solutions on Android

Implementation Vulnerabilities in SSL/TLS

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Microsemi Security Center of Excellence

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Chapter 7 Transport-Level Security

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

The Future of IoT. Zach Shelby VP Marketing, IoT Feb 3 rd, 2015

Pervasive Computing und. Informationssicherheit

Overview. SSL Cryptography Overview CHAPTER 1

System-on-a-Chip with Security Modules for Network Home Electric Appliances

SSL BEST PRACTICES OVERVIEW

Dragon NaturallySpeaking and citrix. A White Paper from Nuance Communications March 2009

BroadSAFE Enhanced IP Phone Networks

Analyzing the Security Schemes of Various Cloud Storage Services

AES-GCM for Efficient Authenticated Encryption Ending the Reign of HMAC-SHA-1?

How To Test For Performance And Scalability On A Server With A Multi-Core Computer (For A Large Server)

ZVA64EE PERFORMANCE BENCHMARK SOFINTEL IT ENGINEERING, S.L.

IoT Security Platform

Convergence of Open Source Projects and Standards Development SES Webinar Series

ERserver. iseries. Securing applications with SSL

Cryptography and Key Management Basics

All Programmable Logic. Hans-Joachim Gelke Institute of Embedded Systems. Zürcher Fachhochschule

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

IT Networks & Security CERT Luncheon Series: Cryptography

INTRODUCTION TO WINDOWS 7

VMware VMmark V1.1.1 Results

Secure SCADA Communication Protocol Performance Test Results

I N F O R M A T I O N S E C U R I T Y

Implementation and Performance of AES-NI in CyaSSL. Embedded SSL

Security Protocols/Standards

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Transcription:

Thanks, But No Thanks Current Cryptographic Standards Are Sufficient for Software Dan Shumow MSR Security and Cryptography Group Microsoft Research

Introduction Disclaimer: I am a Software Developer, so this talk is from the software perspective. Goals Identify and discuss what lightweight cryptography means in the context of the software development community. Explain the conclusion that software does not require specialized lightweight cryptography standards. This is not an argument against a lightweight cryptography standard in general. By removing software scenario from consideration, the design requirements for the standard can be most effectively focused on hardware use cases.

Outline Identify the Internet of Things (IoT) as the primary lightweight cryptography scenario in software. Brief overview of the current state of IoT security protocols. Discuss some of the problems with adding new cryptographic primitives. Conclusion for software: IoT does not require new cryptographic primitives.

Goal: Identify Lightweight Cryptography Scenarios From the description of this workshop: NIST is currently investigating whether there is a need for NIST to standardize lightweight cryptography. What does lightweight mean? means different things in software and hardware. Potentially refers to: Mobile platforms Low powered RFID Cards Microcontrollers Dedicated hardware Internet of Things (IoT)

Computational Platforms by Power High Server/High Performance Processors ( 2GHz) Computational Power PC: Laptop/Desktop ( 1GHz) Tablet/Smartphone ( 1GHz) IoT Devices (From 10s MHz up to 1 GHz) Dedicated Hardware, ASIC, FPGA ( 100s MHz) Microcontrollers (10s of MHz) Low Power/Cost Circuits: RFID Upper Bound Lower Bound Low What counts as lightweight?

IoT Platforms Development Board Processor Memory Beaglebone Black 1 GHz ARM Cortex-A8 512 MB Raspberry Pi 2 900 MHz quad-core ARM Cortex-A7 1 GB Raspberry Pi 700 MHz ARM 256 MB Intel Galileo 400 MHz Intel Quark 256 MB Arduino Due 84 MHz Cortex-M3 96 KB Arduino Uno 16 MHz AVR (8 bit) 2 KB This is a list of sample platforms and not meant to be exhaustive.

Computational Platforms by Power High Server/High Performance Processors ( 2GHz) Computational Power PC: Laptop/Desktop ( 1GHz) Tablet/Smartphone ( 1GHz) IoT Devices (From 10s MHz up to 1 GHz) Dedicated Hardware, ASIC, FPGA ( 100s MHz) Microcontrollers (10s of MHz) Low Power/Cost Circuits: RFID Upper Bound Lower Bound Low What counts as lightweight?

IoT Protocols AllJoyn Open Source project run by AllSeen Alliance. Industry stakeholders include Qualcomm, Microsoft and AT&T. Iotivity Open source project that has recently announced an association with the AllSeen Alliance. Backed by the Open Interconnect Consortium Industry stakeholders include Intel, Samsung and Cisco. Thread Open protocol run by the Thread Group. Industry stakeholders include ARM, Samsung and Qualcomm.

IoT Security Protocol AllJoyn Protocol derived from TLS hand shake and message protocol. Only asymmetric algorithms are negotiable, not authenticated encrypt. Iotivity and Thread both rely on DTLS for security. Cryptographic Algorithms Used: Protocol Asymmetric Bulk Encryption Authentication AllJoyn RSA, ECDSA/ECDHE P256 AES-CCM AES-CCM Iotivity Thread RSA, DSA/DHE, ECDSA/ECDHE (NIST Curves) RSA, DSA/DHE, ECDSA/ECDHE (NIST Curves) AES, AES-CCM, AES- GCM, 3DES AES, AES-CCM, AES- GCM, 3DES HMAC-SHA1, HMAC-SHA2 HMAC-SHA1, HMAC-SHA2

IoT Does Not Need Its Own Crypto Standards Any NIST standardization of cryptography for IoT is late to the party. Current IoT protocols (AllJoyn, Thread, IoTivity) already use current cryptographic standards. The protocols have already been deployed with existing algorithms. For backwards compatibility and interoperability these will need to remain in deployment. Current cryptographic standards work for IoT Current standards are not a limit on IoT performance. Perspective: Common IoT platforms are approximately as powerful as PCs from 15 years ago when AES was standardized.

Lightweight Crypto Standards: Why Not? We already have a set of cryptographic primitives. Some may say too many cryptographic primitives. Paradox of choice: more options is not necessarily better. Adding new standards can be problematic: New standards, especially with lower key sizes could be used in scenarios where they aren t intended. Example: Standardizing ECC over 160bit prime for an RFID card and it ends up being used for https; block cipher with 80bit key space ends up being used to encrypt hard drives. Giving developers more choices can lead to security vulnerabilities. Example: MAC-then-Encrypt vs Encrypt-then-MAC

Computational Platforms by Flexibility High Server/High Performance Processors Computational Flexibility (Programmability) Low PC: Laptop/Desktop Tablet/Smartphone IoT Devices Microcontrollers FPGA Dedicated Hardware, ASIC Low Power/Cost Circuits: RFID Software Hardware Thanks, But No Thanks Possible Overlap Lightweight cryptography goes here What does this have to do with lightweight cryptography?

Conclusion For Lightweight Cryptography Standard The usage scenarios for lightweight cryptography are limited to nonexistent for software platforms. Developers already have too many choices for cryptography. Current standards are good enough. This is not to say No lightweight cryptography. No lightweight cryptography in software. (With a possible exception for Microcontrollers.) Any such standard should apply to hardware only. Focus on hardware implementation for performance, side channel security etc. Limit standards to apply only to low powered hardware platforms (RFID etc.)

Thank You

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information