Results 11  20
of
584
Public key cryptography for RFIDtags
 Printed handout of Workshop on RFID Security – RFIDSec 06
, 2006
"... RFIDtags are a new generation of barcodes with added functionality. An emerging application is the use of RFIDtags for anticounterfeiting by embedding them into a product. Publickey cryptography (PKC) offers an attractive solution to the counterfeiting problem but whether a publickey cryptos ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
(Show Context)
RFIDtags are a new generation of barcodes with added functionality. An emerging application is the use of RFIDtags for anticounterfeiting by embedding them into a product. Publickey cryptography (PKC) offers an attractive solution to the counterfeiting problem but whether a publickey cryptosystem can be implemented on an RFID tag or not remains unclear. In this paper, we investigate which PKCbased identification protocols are useful for these anticounterfeiting applications. We also discuss the feasibility of identification protocols based on Elliptic Curve Cryptography (ECC) and show that it is feasible on RFID tags. Finally, we compare different implementation options and explore the cost that sidechannel attack countermeasures would have on such implementations. 1
Breaking Ciphers with COPACOBANA  A CostOptimized Parallel Code Breaker
 IN WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS — CHES 2006,YOKOHAMA
, 2006
"... Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising ..."
Abstract

Cited by 41 (14 self)
 Add to MetaCart
(Show Context)
Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build specialpurpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved costperformance ratio so that breaking of commercial ciphers comes within reach. This contribution presents the design and realization of the COPACOBANA (CostOptimized Parallel Code Breaker) machine, which is optimized for running cryptanalytical algorithms and can be realized for less than US $ 10,000. It will be shown that, depending on the actual algorithm, the architecture can outperform conventional computers by several orders in magnitude. COPACOBANA hosts 120 lowcost FPGAs and is able to, e.g., perform an exhaustive key search of the Data Encryption Standard (DES) in less than nine days on average. As a realworld application, our architecture can be used to attack machine readable travel documents (ePass). COPACOBANA is intended, but not necessarily restricted to solving problems related to cryptanalysis. The hardware architecture is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. Even though breaking fullsize RSA (1024 bit or more) or elliptic curves (ECC with 160 bit or more) is out of reach with COPACOBANA, it can be used to analyze cryptosystems with a (deliberately chosen) small bitlength to provide reliable security estimates of RSA and ECC by extrapolation.
On broadcast authentication in wireless sensor networks
 In International Conference on Wireless Algorithms, Systems, and Applications (WASA 2006
, 2006
"... Abstract — Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows the mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Although symmetrickeybased solutions such as µTESLA and multilevel µTESLA have been proposed, ..."
Abstract

Cited by 41 (5 self)
 Add to MetaCart
(Show Context)
Abstract — Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows the mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Although symmetrickeybased solutions such as µTESLA and multilevel µTESLA have been proposed, they all suffer from severe energydepletion attacks resulting from the nature of delayed message authentication. This paper presents several efficient publickeybased schemes to achieve immediate broadcast authentication and thus avoid the security flaw inherent in the µTESLAlike schemes. Our schemes are built upon the unique integration of several cryptographic techniques, including the Bloom filter, the partial message recovery signature scheme and the Merkle hash tree. We prove the effectiveness and efficiency of the proposed schemes by a comprehensive quantitative analysis of their energy consumption in both computation and communication. I.
Reconfigurable computing: Architectures and design methods
 IEE Proceedings  Computers and Digital Techniques
, 2005
"... ..."
(Show Context)
An Overview of Elliptic Curve Cryptography
, 2000
"... Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact t ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
Elliptic curve cryptography (ECC) was introduced by Victor Miller and Neal Koblitz in 1985. ECC proposed as an alternative to established publickey systems such as DSA and RSA, have recently gained a lot attention in industry and academia. The main reason for the attractiveness of ECC is the fact that there is no subexponential algorithm known to solve the discrete logarithm problem on a properly chosen elliptic curve. This means that significantly smaller parameters can be used in ECC than in other competitive systems such RSA and DSA, but with equivalent levels of security. Some benefits of having smaller key sizes include faster computations, and reductions in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. The implementation of ECC, on the other hand, requires several choices such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic and so on. In this paper we give we presen an selective overview of the main methods.
Security for industrial communication systems
 Proceedings of the IEEE
, 2005
"... Modern industrial communication networks are increasingly based on open protocols and platforms that are also used in the office IT and Internet environment. This reuse facilitates development and deployment of highly connected systems, but also makes the communication system vulnerable to electroni ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
(Show Context)
Modern industrial communication networks are increasingly based on open protocols and platforms that are also used in the office IT and Internet environment. This reuse facilitates development and deployment of highly connected systems, but also makes the communication system vulnerable to electronic attacks. This paper gives an overview of IT security issues in industrial automation systems which are based on open communication systems. First, security objectives, electronic attack methods, and the available countermeasures for general IT systems are described. General security objectives and best practices are listed. Particularly for the TCP/IP protocol suite, a wide range of cryptographybased secure communication protocols is available. The paper describes their principles and scope of application. Next, we focus on industrial communication systems, which have a number of securityrelevant characteristics distinct from the office IT systems. Confidentiality of transmitted data may not be required; however, data and user authentication, as well as access control are crucial for the mission critical and safety critical operation of the automation system. As a result, modern industrial automation systems, if they include security measures at all, emphasize various forms of access control. The paper describes the status of relevant specifications and implementations for a number of standardized automation protocols. Finally, we illustrate the application of security concepts and tools by brief case studies describing security issues in the configuration and operation of substations, plants, or for remote access. Keywords—Cryptography, embedded systems, industrial automation, industrial communication systems, remote access, security objectives, security protocols, security standards.
Efficient Scalar Multiplication by Isogeny Decompositions
, 2005
"... On an elliptic curve, the degree of an isogeny corresponds essentially to the degrees of the polynomial expressions involved in its application. The multiplication by ℓ map [ℓ] has degree ℓ², therefore the complexity to directly evaluate [ℓ](P) is O(ℓ²). For a small prime ℓ ( = 2, 3) such that the a ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
(Show Context)
On an elliptic curve, the degree of an isogeny corresponds essentially to the degrees of the polynomial expressions involved in its application. The multiplication by ℓ map [ℓ] has degree ℓ², therefore the complexity to directly evaluate [ℓ](P) is O(ℓ²). For a small prime ℓ ( = 2, 3) such that the additive binary representation provides no better performance, this represents the true cost of application of scalar multiplication. If an elliptic curves admits an isogeny ϕ of degree ℓ then the costs of computing ϕ(P) should in contrast be O(ℓ) field operations. Since we then have a product expression [ℓ] = ˆϕϕ, the existence of an ℓisogeny ϕ on an elliptic curve yields a theoretical improvement from O(ℓ 2) to O(ℓ) operations for the evaluation of [ℓ](P) by naïve application of the defining polynomials. In this work we investigate actual improvements for small ℓ of this asymptotic complexity. For this purpose, we describe the general construction of families of curves with a suitable decomposition [ℓ] = ˆϕϕ, and provide explicit examples of such a family of curves with simple decomposition for [3]. Finally we derive a new tripling algorithm to find complexity improvements to triplication on a curve in certain projective coordinate systems, then combine this new operation to nonadjacent forms for ℓadic expansions in order to obtain an improved strategy for scalar multiplication on elliptic curves.
Extended doublebase number system with applications to elliptic curve cryptography
 In Indocrypt 2006 [1
, 2006
"... Abstract. We investigate the impact of larger digit sets on the length of DoubleBase Number system (DBNS) expansions. We present a new representation system called extended DBNS whose expansions can be extremely sparse. When compared with doublebase chains, the average length of extended DBNS expa ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate the impact of larger digit sets on the length of DoubleBase Number system (DBNS) expansions. We present a new representation system called extended DBNS whose expansions can be extremely sparse. When compared with doublebase chains, the average length of extended DBNS expansions of integers of size in the range 200– 500 bits is approximately reduced by 20 % using one precomputed point, 30 % using two, and 38 % using four. We also discuss a new approach to approximate an integer n by d2 a 3 b where d belongs to a given digit set. This method, which requires some precomputations as well, leads to realistic DBNS implementations. Finally, a lefttoright scalar multiplication relying on extended DBNS is given. On an elliptic curve where operations are performed in Jacobian coordinates, improvements of up to 13 % overall can be expected with this approach when compared to window NAF methods using the same number of precomputed points. In this context, it is therefore the fastest method known to date to compute a scalar multiplication on a generic elliptic curve. Keywords: Doublebase number system, Elliptic curve cryptography. 1
Cryptanalysis with COPACOBANA
 IEEE TRANSACTIONS ON COMPUTERS
, 2008
"... Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. Thus, in the absence of mathematical breakthroughs to a cryptanalytical problem, a promising way ..."
Abstract

Cited by 27 (8 self)
 Add to MetaCart
(Show Context)
Cryptanalysis of ciphers usually involves massive computations. The security parameters of cryptographic algorithms are commonly chosen so that attacks are infeasible with available computing resources. Thus, in the absence of mathematical breakthroughs to a cryptanalytical problem, a promising way for tackling the computations involved is to build specialpurpose hardware exhibiting a (much) better performancecost ratio than offtheshelf computers. This contribution presents a variety of cryptanalytical applications utilizing the CostOptimized Parallel Code Breaker (COPACOBANA) machine, which is a highperformance lowcost cluster consisting of 120 fieldprogrammable gate arrays (FPGAs). COPACOBANA appears to be the only such reconfigurable parallel FPGA machine optimized for code breaking tasks reported in the open literature. Depending on the actual algorithm, the parallel hardware architecture can outperform conventional computers by several orders of magnitude. In this work, we will focus on novel implementations of cryptanalytical algorithms, utilizing the impressive computational power of COPACOBANA. We describe various exhaustive key search attacks on symmetric ciphers and demonstrate an attack on a security mechanism employed in the electronic passport (epassport). Furthermore, we describe timememory tradeoff techniques that can, e.g., be used for attacking the popular A5/1 algorithm used in GSM voice encryption. In addition, we introduce efficient implementations of more complex cryptanalysis on asymmetric cryptosystems, e.g., Elliptic Curve Cryptosystems (ECCs) and number cofactorization for RSA. Even though breaking RSA or elliptic curves with parameter lengths used in most practical applications is out of reach with COPACOBANA, our attacks on algorithms with artificially short bit lengths allow us to extrapolate more reliable security estimates for realworld bit lengths. This is particularly useful for deriving estimates about the longevity of asymmetric key lengths.
Toward Acceleration of RSA Using 3D Graphics Hardware
"... Abstract. Demand in the consumer market for graphics hardware that accelerates rendering of 3D images has resulted in commodity devices capable of astonishing levels of performance. These results were achieved by specifically tailoring the hardware for the target domain. As graphics accelerators bec ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Demand in the consumer market for graphics hardware that accelerates rendering of 3D images has resulted in commodity devices capable of astonishing levels of performance. These results were achieved by specifically tailoring the hardware for the target domain. As graphics accelerators become increasingly programmable however, this performance has made them an attractive target for other domains. Specifically, they have motivated the transformation of costly algorithms from a general purpose computational model into a form that executes on said graphics hardware. We investigate the implementation and performance of modular exponentiation using a graphics accelerator, with the view of using it to execute operations required in the RSA public key cryptosystem. 1