A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added

Customisable arithmetic hardware designs

Imperial Users onl

Reconfigurable elliptic curve cryptography

Elliptic Curve Cryptosystems (ECC) have been proposed as an alternative to other established public key cryptosystems such as RSA (Rivest Shamir Adleman). ECC provide more security per bit than other known public key schemes based on the discrete logarithm problem. Smaller key sizes result in faster computations, lower power consumption and memory and bandwidth savings, thus making ECC a fast, flexible and cost-effective solution for providing security in constrained environments. Implementing ECC on reconfigurable platform combines the speed, security and concurrency of hardware along with the flexibility of the software approach. This work proposes a generic architecture for elliptic curve cryptosystem on a Field Programmable Gate Array (FPGA) that performs an elliptic curve scalar multiplication in 1.16milliseconds for GF (2163), which is considerably faster than most other documented implementations. One of the benefits of the proposed processor architecture is that it is easily reprogrammable to use different algorithms and is adaptable to any field order. Also through reconfiguration the arithmetic unit can be optimized for different area/speed requirements. The mathematics involved uses binary extension field of the form GF (2n) as the underlying field and polynomial basis for the representation of the elements in the field. A significant gain in performance is obtained by using projective coordinates for the points on the curve during the computation process

Towards a Secure Smart Grid Storage Communications Gateway

This research in progress paper describes the role of cyber security measures undertaken in an ICT system for integrating electric storage technologies into the grid. To do so, it defines security requirements for a communications gateway and gives detailed information and hands-on configuration advice on node and communication line security, data storage, coping with backend M2M communications protocols and examines privacy issues. The presented research paves the road for developing secure smart energy communications devices that allow enhancing energy efficiency. The described measures are implemented in an actual gateway device within the HORIZON 2020 project STORY, which aims at developing new ways to use storage and demonstrating these on six different demonstration sites.Comment: 6 pages, 2 figure

Comparing AI Algorithms for Optimizing Elliptic Curve Cryptography Parameters in Third-Party E-Commerce Integrations: A Pre-Quantum Era Analysis

This paper presents a comparative analysis between the Genetic Algorithm (GA) and Particle Swarm Optimization (PSO), two vital artificial intelligence algorithms, focusing on optimizing Elliptic Curve Cryptography (ECC) parameters. These encompass the elliptic curve coefficients, prime number, generator point, group order, and cofactor. The study provides insights into which of the bio-inspired algorithms yields better optimization results for ECC configurations, examining performances under the same fitness function. This function incorporates methods to ensure robust ECC parameters, including assessing for singular or anomalous curves and applying Pollard's rho attack and Hasse's theorem for optimization precision. The optimized parameters generated by GA and PSO are tested in a simulated e-commerce environment, contrasting with well-known curves like secp256k1 during the transmission of order messages using Elliptic Curve-Diffie Hellman (ECDH) and Hash-based Message Authentication Code (HMAC). Focusing on traditional computing in the pre-quantum era, this research highlights the efficacy of GA and PSO in ECC optimization, with implications for enhancing cybersecurity in third-party e-commerce integrations. We recommend the immediate consideration of these findings before quantum computing's widespread adoption.Comment: 14 page

1. Kryptotag - Workshop über Kryptographie

Der Report enthält eine Sammlung aller Beiträge der Teilnehmer des 1. Kryptotages am 1. Dezember 2004 in Mannheim

Secure Integer Comparisons Using the Homomorphic Properties of Prime Power Subgroups

Secure multi party computation allows two or more parties to jointly compute a function under encryption without leaking information about their private inputs. These secure computations are vital in many fields including law enforcement, secure voting and bioinformatics because the privacy of the information is of paramount importance. One common reference problem for secure multi party computation is the Millionaires\u27 problem which was first introduced by Turing Award winner Yao in his paper Protocols for secure computation . The Millionaires\u27 problem considers two millionaires who want to know who is richer without disclosing their actual worth. There are public-key cryptosystems that currently solve this problem, however they use bitwise decomposition and Boolean algebra on encrypted bits. This type of solution is costly as it requires each bit requires its own encryption and decryption. Our solution to the Millionaires\u27 problem and secure integer comparison looks at a new approach which doesn\u27t use the decomposition method and instead encrypts the full length of the message in one encryption (within scope). This method also extends in a linear fashion, so larger integers remain efficient to compare. In this thesis, we present a new cryptosystem with a novel homomorphic property used for secure integer comparison, as well as a protocol implementing the cryptosystem and a simulation security proof for the protocol. Finally, we implemented the system and compared it to systems that are being used today

An Optimized Node Level Lightweight Security Algorithm for Cloud Assisted-IoT

The fastest-evolving technology, the Internet of Things (IoT), will advance the fields of agriculture, defense, and medical electronics. IoT is focused on giving every object a purpose. IoT with cloud assistance offers a potential remedy for the issue of data expansion for individual objects with restricted capabilities. With the increasing use of cloud technology, the Internet of Things (IoT) has encountered additional security hurdles when it comes to exchanging data between two parties. To address this issue, a thorough investigation was conducted into a secure cloud-assisted strategy for managing IoT data, which ensures the safety of data during its collection, storage, and retrieval via the cloud, while also considering the growing number of users. To achieve this, a lightweight security mechanism that is optimized at the node level is implemented in the proposed system. By utilizing our technology, a secure IoT infrastructure can be established to prevent the majority of data confidentiality threats posed by both insiders and outsiders. Using a heartbeat sensor and a node MCU, we create a heartbeat monitoring system. At the node MCU level, giving security to the patient's health data and preventing unauthorized users from attacking it. Smaller key sizes and lightweight security techniques for IoT devices with minimal power, lower power and memory consumption and Execution time, transmission capacity reserve is used to achieve security. In order to achieve this. The performance of the RSA and ECC algorithms in terms of execution time, power consumption, and memory use have been tabulated for this experimental arrangement. The ECC method occurs to produce the best results in tiny devices

Blockchain-based end-to-end encryption for Matrix instant messaging

Privacy and security in online communication is an important topic today, especially in the context of instant messaging. A lot of progress has been made in recent years to ensure that conversations are secure against attacks by third parties, but privacy from the service provider itself remains difficult. There are a number of solutions offering end-to-end encryption, but most of them rely on a centralized server, proprietary clients, or both. In order to have fully secure instant messaging conversations, a decentralized and end-to-end encrypted communication protocol is needed. This means there is no single point of control, and each message is encryped directly on the user's device such that only the recipient can decrypt it. This work proposes an end-to-end encryption system for the Matrix protocol based on blockchain technology. Matrix is a decentralized protocol and network for real-time communication that is currently mostly used for instant messaging. This protocol was selected because of its versatility and extensibility. Using the Secret Store feature in OpenEthereum, the proposed system encrypts data using keys stored on the Ethereum blockchain. Access control to the keys is also handled by the Secret Store via a smart contract. The proposed encryption system has multiple advantages over alternative schemes: The underlying blockchain technology reduces the risk of data loss because of its decentralized and distributed nature. Thanks to the use of smart contracts this system also allows for the creation of an advanced access control system to decryption keys. In order to test and analyze the proposed design, a reference implementation was created in the form of a library. This library can be used for future research, but also as a building block for different applications to easily implement end-to-end encryption based on blockchain technology