3,892 research outputs found
Set It and Forget It! Turnkey ECC for Instant Integration
Historically, Elliptic Curve Cryptography (ECC) is an active field of applied
cryptography where recent focus is on high speed, constant time, and formally
verified implementations. While there are a handful of outliers where all these
concepts join and land in real-world deployments, these are generally on a
case-by-case basis: e.g.\ a library may feature such X25519 or P-256 code, but
not for all curves. In this work, we propose and implement a methodology that
fully automates the implementation, testing, and integration of ECC stacks with
the above properties. We demonstrate the flexibility and applicability of our
methodology by seamlessly integrating into three real-world projects: OpenSSL,
Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x,
13.3x, and 3.7x speedup on any given curve for key generation, key agreement,
signing, and verifying, respectively. Furthermore, we showcase the efficacy of
our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and
a specification-level vulnerability in a Russian standard. Our work bridges the
gap between significant applied cryptography research results and deployed
software, fully automating the process
Efficient Implementation on Low-Cost SoC-FPGAs of TLSv1.2 Protocol with ECC_AES Support for Secure IoT Coordinators
Security management for IoT applications is a critical research field, especially when taking into account the performance variation over the very different IoT devices. In this paper, we present high-performance client/server coordinators on low-cost SoC-FPGA devices for secure IoT data collection. Security is ensured by using the Transport Layer Security (TLS) protocol based on the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite. The hardware architecture of the proposed coordinators is based on SW/HW co-design, implementing within the hardware accelerator core Elliptic Curve Scalar Multiplication (ECSM), which is the core operation of Elliptic Curve Cryptosystems (ECC). Meanwhile, the control of the overall TLS scheme is performed in software by an ARM Cortex-A9 microprocessor. In fact, the implementation of the ECC accelerator core around an ARM microprocessor allows not only the improvement of ECSM execution but also the performance enhancement of the overall cryptosystem. The integration of the ARM processor enables to exploit the possibility of embedded Linux features for high system flexibility. As a result, the proposed ECC accelerator requires limited area, with only 3395 LUTs on the Zynq device used to perform high-speed, 233-bit ECSMs in 413 µs, with a 50 MHz clock. Moreover, the generation of a 384-bit TLS handshake secret key between client and server coordinators requires 67.5 ms on a low cost Zynq 7Z007S device
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
An Implementation of Digital Signature and Key Agreement on IEEE802.15.4 WSN Embedded Device
A wireless sensor network (WSN) now becomes popular in context awareness development to distribute critical information and provide knowledge services to everyone at anytime and anywhere. However, the data transfer in a WSN potentially encounters many threats and attacks. Hence, particular security schemes are required to prevent them. A WSN usually uses low power, low performance, and limited resources devices. One of the most promising alternatives to public key cryptosystems is Elliptic Curve Cryptography
(ECC), due to it pledges smaller keys size. This implies the low cost consumption to calculate arithmetic operations in cryptographic schemes and protocols. Therefore, ECC would be strongly required to be implemented in WSN embedded devices with limited resources (i.e., processor speed, memory, and storage). In this paper, we present an implementation of security system on IEEE802.15.4 WSN device with the employment of Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol. Our experimental results on Intel Mote2
showed that the total time for signature generation is 110 ms, signature verification is 134 ms, and ECDH shared key generation is 69 ms on the setting of 160-bit security level
Efficient Unified Arithmetic for Hardware Cryptography
The basic arithmetic operations (i.e. addition, multiplication, and inversion) in finite fields, GF(q), where q = pk and p is a prime integer, have several applications in cryptography, such as RSA algorithm, Diffie-Hellman key exchange algorithm [1], the US federal Digital Signature Standard [2], elliptic curve cryptography [3, 4], and also recently identity based cryptography [5, 6]. Most popular finite fields that are heavily used in cryptographic applications due to elliptic curve based schemes are prime fields GF(p) and binary extension fields GF(2n). Recently, identity based cryptography based on pairing operations defined over elliptic curve points has stimulated a significant level of interest in the arithmetic of ternary extension fields, GF(3^n)
Refinements of Miller's Algorithm over Weierstrass Curves Revisited
In 1986 Victor Miller described an algorithm for computing the Weil pairing
in his unpublished manuscript. This algorithm has then become the core of all
pairing-based cryptosystems. Many improvements of the algorithm have been
presented. Most of them involve a choice of elliptic curves of a \emph{special}
forms to exploit a possible twist during Tate pairing computation. Other
improvements involve a reduction of the number of iterations in the Miller's
algorithm. For the generic case, Blake, Murty and Xu proposed three refinements
to Miller's algorithm over Weierstrass curves. Though their refinements which
only reduce the total number of vertical lines in Miller's algorithm, did not
give an efficient computation as other optimizations, but they can be applied
for computing \emph{both} of Weil and Tate pairings on \emph{all}
pairing-friendly elliptic curves. In this paper we extend the Blake-Murty-Xu's
method and show how to perform an elimination of all vertical lines in Miller's
algorithm during Weil/Tate pairings computation on \emph{general} elliptic
curves. Experimental results show that our algorithm is faster about 25% in
comparison with the original Miller's algorithm.Comment: 17 page
- …