Results 1 - 10
of
11
Fault Propagate Pattern Based DFA on SPN Structure Block Ciphers using Bitwise Permutation, with Application to PRESENT and PRINTcipher”, ePrint, available at http://eprint.iacr.org/2011/086.pdf
"... Abstract—This paper proposes a novel fault-propagation pattern based differential fault analysis method- FPP-DFA, and proves its feasibility on SPN structure block ciphers using bitwise permutation, such as PRESENT and PRINTcipher. Simulated experiments demonstrate that, with the fault model of inje ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
(Show Context)
Abstract—This paper proposes a novel fault-propagation pattern based differential fault analysis method- FPP-DFA, and proves its feasibility on SPN structure block ciphers using bitwise permutation, such as PRESENT and PRINTcipher. Simulated experiments demonstrate that, with the fault model of injecting one nibble fault into the r-2 th round substitution layer, on average 8 and 16 faulty samples can reduce the master key search space of PRESENT-80/128 to 2 14.7 and 2 21.1 respectively, and 12 and 24 effective faulty samples can reduce the master key search space of PRINTcipher-48/96 to 2 13.7 and 2 22.8 respectively; with the fault model of injecting one nibble fault into the r-3 th round substitution layer, 8 samples can reduce the master key search space of PRINTCipher-96 to 2 18.7. Fault-propagation pattern; fault-propagation path; differential fault analysis; bitwise permutation; SPN block cipher; PRESENT; PRINTcipher (key words) I.
Lightweight Cryptography for FPGAs
"... Abstract—The advent of new low-power Field Programmable Gate Arrays (FPGA) for battery powered devices opens a host of new applications to FPGAs. In order to provide security on resource constrained devices lightweight cryptographic algorithms have been developed. However, there has not been much re ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Abstract—The advent of new low-power Field Programmable Gate Arrays (FPGA) for battery powered devices opens a host of new applications to FPGAs. In order to provide security on resource constrained devices lightweight cryptographic algorithms have been developed. However, there has not been much research on porting these algorithms to FPGAs. In this paper we propose lightweight cryptography for FPGAs by introducing block cipher independent optimization techniques for Xilinx Spartan3 FPGAs and applying them to the lightweight cryptographic algorithms HIGHT and Present. Our implementations are the first reported of these block ciphers on FPGAs. Furthermore, they are the smallest block cipher implementations on FPGAs using only 117 and 91 slices respectively, which makes them comparable in size to stream cipher implementations. Both are less than half the size of the AES implementation by Chodowiec and Gaj without using block RAMs. Present’s throughput over area ratio of 240 Kbps/slice is similar to that of AES, however, HIGHT outperforms them by far with 720 Kbps/slice. Keywords-lightweight cryptography; HIGHT; Present; FPGA;
Energy and Performance Evaluation of an FPGA-Based SoC Platform with
- AES and PRESENT Coprocessors”, Embedded Computer Systems: Architectures, Modeling, and Simulation - SAMOS’2008, LNCS 5114
, 2008
"... Abstract. Hardware implementations of block ciphers have been inten-sively evaluated for years. The hardware profile, including the perfor-mance, area and power of a block cipher, only considers the block cipher as a standalone component, and does not consider it as a coprocessor in a system design. ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Hardware implementations of block ciphers have been inten-sively evaluated for years. The hardware profile, including the perfor-mance, area and power of a block cipher, only considers the block cipher as a standalone component, and does not consider it as a coprocessor in a system design. In this paper we consider system integration of AES and PRESENT crypto coprocessors, and analyze the system profile in a co-simulation environment and then on an actual FPGA-based SoC plat-form. Energy, performance and implementation results for both the AES-and PRESENT-based systems are presented. Our research emphasizes the need to consider energy efficiency and performance at system-level when evaluating a block cipher for real embedded systems. Simulation re-sults reveal that the hardware/software interfaces, as the communication bottleneck, have major impact on the system performance. Experimental results further demonstrate that the PRESENT, a power-efficient light-weight block cipher with lower security level, becomes less energy-efficient than AES when system-integration overhead is included. 1
Algebraic Differential Fault Attacks on LED using a Single Fault Injection
, 2012
"... This paper proposes a new fault attack technique on the LED block cipher using a single fault injection by combining algebraic side-channel attack (ASCA) and differential fault attack (DFA). We name it as algebraic differential fault attack (ADFA). Firstly, a boolean equation set is constructed for ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
This paper proposes a new fault attack technique on the LED block cipher using a single fault injection by combining algebraic side-channel attack (ASCA) and differential fault attack (DFA). We name it as algebraic differential fault attack (ADFA). Firstly, a boolean equation set is constructed for LED using algebraic techniques. Then, the fault differences of the S-Box inputs in the last round of LED are deduced by DFA and represented using algebraic equations by the multiple deductions-based ASCA (MDASCA) technique proposed in COSADE 2012. Finally, the key is recovered by solving the equation set with the CryptoMiniSat solver. We show that, as to ADFA on LED under the single nibble-based fault model, the 64-bit key can be recovered within one minute on a common PC with a success rate of 79%, which is more efficient than previous work. We modify the CryptoMiniSat solver to count and output multiple solutions for the key, and conduct ADFA to calculate the reduced key search space for DFA. The key search space of LED is reduced to 2 6 ∼ 2 17, which is different from previous work. We also successfully extend ADFA on LED to other fault models using a single fault injection, such as byte based fault model and nibble based diagonal fault model, where traditional DFAs are difficult to work. The results show that ADFA is an efficient and generic fault analysis technique which significantly improves DFA.
Improved Side Channel Cube Attacks on PRESENT
"... Abstract: The paper presents several improved side channel cube attacks on PRESENT based on single bit leakage model. Compared with the previous study of Yang et al in CANS 2009 [30], based on the same model of single bit leakage in the 3 rd round, we show that: if the PRESENT cipher structure is un ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract: The paper presents several improved side channel cube attacks on PRESENT based on single bit leakage model. Compared with the previous study of Yang et al in CANS 2009 [30], based on the same model of single bit leakage in the 3 rd round, we show that: if the PRESENT cipher structure is unknown, for the leakage bit 0, 32-bit key can be recovered within 2 7.17 chosen plaintexts; if the cipher structure is known, for the leakage bit 4,8,12, 48-bit key can be extracted by 2 11.92 chosen plaintexts, which is less than 2 15 in [30]; then, we extend the single bit leakage model to the 4 th round, based on the two level “divide and conquer ” analysis strategy, we propose a sliding window side channel cube attack on PRESENT, for the leakage bit 0, about 2 15.14 chosen plaintexts can obtain 60-bit key; in order to obtain more key bits, we propose an iterated side channel cube attack on PRESENT, about 2 8.15 chosen plaintexts can obtain extra 12 equivalent key bits, so overall 2 15.154 chosen plaintexts can reduce the PRESENT-80 key searching space to 2 8; finally, we extend the attack to PRESENT-128, about 2 15.156 chosen plaintexts can extract 85 bits key, and reduce the PRESENT-128 key searching space to 2 43. Compared with the previous study of Abdul-Latip et al in ASIACCS 2011 [31] based on the Hamming weight leakage model, which can extract 64-bit key of PRESENT-80/128 by 2 13 chosen plaintexts, our attacks can extract more key bits, and have certain advantages over [31].
IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios
"... Abstract — Open authorization (OAuth) is an open protocol, which allows secure authorization in a simple and standardized way from third-party applications accessing online services, based on the representational state transfer (REST) web architecture. OAuth has been designed to provide an authoriza ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract — Open authorization (OAuth) is an open protocol, which allows secure authorization in a simple and standardized way from third-party applications accessing online services, based on the representational state transfer (REST) web architecture. OAuth has been designed to provide an authorization layer, typically on top of a secure transport layer such as HTTPS. The Internet of Things (IoTs) refers to the interconnection of billions of resource-constrained devices, denoted as smart objects, in an Internet-like structure. Smart objects have lim-ited processing/memory capabilities and operate in challenging environments, such as low-power and lossy networks. IP has been foreseen as the standard communication protocol for smart object interoperability. The Internet engineering task force constrained RESTful environments working group has defined the con-strained application protocol (CoAP) as a generic web protocol for RESTful-constrained environments, targeting machine-to-machine applications, which maps to HTTP for integration with the existing web. In this paper, we propose an architecture target-ing HTTP/CoAP services to provide an authorization framework, which can be integrated by invoking an external oauth-based authorization service (OAS). The overall architecture is denoted as IoT-OAS. We also present an overview of significant IoT appli-cation scenarios. The IoT-OAS architecture is meant to be flexible, highly configurable, and easy to integrate with existing services. Among the advantages achieved by delegating the authorization functionality, IoT scenarios benefit by: 1) lower processing load with respect to solutions, where access control is implemented on the smart object; 2) fine-grained (remote) customization of access policies; and 3) scalability, without the need to operate directly on the device. Index Terms — Internet of Things, security, authorization, communication protocols.
Ayin, A Collision-Free Function for Low-Cost RFID Systems
"... Abstract. In this work we propose Ayin, a new, simple and efficient function based in the Bellare-Micciancio construction that is also collision-free. All these characteristics make it suitable even in very constrained computational environments, such as low-cost RFID tags or sensor net-works. We pr ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. In this work we propose Ayin, a new, simple and efficient function based in the Bellare-Micciancio construction that is also collision-free. All these characteristics make it suitable even in very constrained computational environments, such as low-cost RFID tags or sensor net-works. We provide a detailed security analysis together with evidence (supported by a hardware implementation analysis) that shows that the use of Ayin is realistic for these extremely constrained devices due to its small footprint and good speed. 1
Research Article Fully Integrated Passive UHF RFID Tag for Hash-Based Mutual Authentication Protocol
"... Copyright © 2015 Shugo Mikami et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Passive radio-frequency identification (RFID) ta ..."
Abstract
- Add to MetaCart
(Show Context)
Copyright © 2015 Shugo Mikami et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Passive radio-frequency identification (RFID) tag has been used in many applications. While the RFIDmarket is expected to grow, concerns about security and privacy of the RFID tag should be overcome for the future use. To overcome these issues, privacy-preserving authentication protocols based on cryptographic algorithms have been designed. However, to the best of our knowledge, evaluation of the whole tag, which includes an antenna, an analog front end, and a digital processing block, that runs authentication protocols has not been studied. In this paper, we present an implementation and evaluation of a fully integrated passive UHF RFID tag that runs a privacy-preserving mutual authentication protocol based on a hash function. We design a single chip including the analog front end and the digital processing block. We select a lightweight hash function supporting 80-bit security strength and a standard hash function supporting 128-bit security strength. We show that when the lightweight hash function is used, the tag completes the protocol with a reader-tag distance of 10 cm. Similarly, when the standard hash function is used, the tag completes the protocol with the distance of 8.5 cm.We discuss the impact of the peak power consumption of the tag on the distance of the tag due to the hash function. 1.
Cryptography for Resource Constrained Devices: A Survey
"... Abstract — Specifically designed and developed cryptographic algorithms, which are suitable for implementation in resource constrained devices such as RFID systems, smart cards and wireless sensor networks are called light weight cryptographic algorithms. In this paper a survey is done on the select ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract — Specifically designed and developed cryptographic algorithms, which are suitable for implementation in resource constrained devices such as RFID systems, smart cards and wireless sensor networks are called light weight cryptographic algorithms. In this paper a survey is done on the selected light weight cryptographic algorithms. The light weight cryptographic algorithms are of two types, block ciphers and stream ciphers. Algorithms under both these categories are presented in this paper. Security features and performances of hardware implementations of these algorithms are also analyzed.
EVALUATING A NEW MAC FOR CURRENT AND NEXT GENERATION RFID
, 2010
"... for his invaluable advice and words of ..."
(Show Context)
