Cryptographic transfer of sensor data from the Amulet to a smartphone

The authenticity, confidentiality, and integrity of data streams from wearable healthcare devices are critical to patients, researchers, physicians, and others who depend on this data to measure the effectiveness of treatment plans and clinical trials. Many forms of mHealth data are highly sensitive; in the hands of unintended parties such data may reveal indicators of a patient\u27s disorder, disability, or identity. Furthermore, if a malicious party tampers with the data, it can affect the diagnosis or treatment of patients, or the results of a research study. Although existing network protocols leverage encryption for confidentiality and integrity, network-level encryption does not provide end-to-end security from the device, through the smartphone and database, to downstream data consumers. In this thesis we provide a new open protocol that provides end-to-end authentication, confidentiality, and integrity for healthcare data in such a pipeline. We present and evaluate a prototype implementation to demonstrate this protocol\u27s feasibility on low-power wearable devices, and present a case for the system\u27s ability to meet critical security properties under a specific adversary model and trust assumptions

Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment

Side-channel attacks exploit the unintentional emissions from cryptographic devices to determine the secret encryption key. This research identifies methods to make attacks demonstrated in an academic environment more operationally relevant. Algebraic cryptanalysis is used to reconcile redundant information extracted from side-channel attacks on the AES key schedule. A novel thresholding technique is used to select key byte guesses for a satisfiability solver resulting in a 97.5% success rate despite failing for 100% of attacks using standard methods. Two techniques are developed to compensate for differences in emissions from training and test devices dramatically improving the effectiveness of cross device template attacks. Mean and variance normalization improves same part number attack success rates from 65.1% to 100%, and increases the number of locations an attack can be performed by 226%. When normalization is combined with a novel technique to identify and filter signals in collected traces not related to the encryption operation, the number of traces required to perform a successful attack is reduced by 85.8% on average. Finally, software-defined radios are shown to be an effective low-cost method for collecting side-channel emissions in real-time, eliminating the need to modify or profile the target encryption device to gain precise timing information

Energy Efficient Hardware Design for Securing the Internet-of-Things

The Internet of Things (IoT) is a rapidly growing field that holds potential to transform our everyday lives by placing tiny devices and sensors everywhere. The ubiquity and scale of IoT devices require them to be extremely energy efficient. Given the physical exposure to malicious agents, security is a critical challenge within the constrained resources. This dissertation presents energy-efficient hardware designs for IoT security. First, this dissertation presents a lightweight Advanced Encryption Standard (AES) accelerator design. By analyzing the algorithm, a novel method to manipulate two internal steps to eliminate storage registers and replace flip-flops with latches to save area is discovered. The proposed AES accelerator achieves state-of-art area and energy efficiency. Second, the inflexibility and high Non-Recurring Engineering (NRE) costs of Application-Specific-Integrated-Circuits (ASICs) motivate a more flexible solution. This dissertation presents a reconfigurable cryptographic processor, called Recryptor, which achieves performance and energy improvements for a wide range of security algorithms across public key/secret key cryptography and hash functions. The proposed design employs circuit techniques in-memory and near-memory computing and is more resilient to power analysis attack. In addition, a simulator for in-memory computation is proposed. It is of high cost to design and evaluate new-architecture like in-memory computing in Register-transfer level (RTL). A C-based simulator is designed to enable fast design space exploration and large workload simulations. Elliptic curve arithmetic and Galois counter mode are evaluated in this work. Lastly, an error resilient register circuit, called iRazor, is designed to tolerate unpredictable variations in manufacturing process operating temperature and voltage of VLSI systems. When integrated into an ARM processor, this adaptive approach outperforms competing industrial techniques such as frequency binning and canary circuits in performance and energy.PHDElectrical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/147546/1/zhyiqun_1.pd

Wireless Sensor Networks in Support of E-Health Applications

Nowadays, with the smart device developing and life quality improving, people’s requirement of real-time, fast, accurate and smart health service has been increased. As the technology advances, E-Health Care concept has been emerging in the last decades and received extensive attention. With the help of Internet and computing technologies, a lot of E-Health Systems have been proposed that change traditional medical treatment mode to remote or online medical treatment. Furthermore, due to the rapidly development of Internet and wireless network in recent years, many enhanced E-Health Systems based on Wireless Sensor Network have been proposed that open a new research field. This research work has reviewed the E-Health Care System development and limitations in recent years and proposes a novel E-Health System based on Wireless Sensor Network by taking the advantage of the latest technologies. The proposed E-Health System is a wireless and portable system, which consists of the Wireless E-Health Gateway and Wireless E-Health Sensor Nodes. The system has been further enhanced by Smart Technology that combined the advantages of the smart phone. The proposed system has change the mechanisms of traditional medical care and provide real-time, portable, accurate and flexible medical care services to users. With the E-Health System wieldy deployed, it requires powerful computing center to deal with the mass health record data. Cloud technology as an emerging technology has applied in the proposed system. This research has used Amazon Web Services (AWS) – Cloud Computing Services to develop a powerful, scalable and fast connection web service for proposed E-Health Management System. The security issue is a common problem in the wireless network, and it is more important for E-Health System as the personal health data is private and should be safely transferred and storage. Hence, this research work also focused on the cryptographic algorithm to reinforce the security of E-Health System. Due to the limitations of embedded system resources, such as: lower computing, smaller battery, and less memory, which cannot support modem advance encryption standard. In this research, Rivest Cipher Version 5 (RC5) as the simple, security and software or hardware deployable encryption algorithm has been in-depth studied. As the Logistic map has good cryptographic algorithm properties, like unpredictable, random, and sensitive to the initial parameters it has been investigated. In this thesis, an enhanced RC5 cryptographic algorithm has been proposed that uses 1-D Logistic mapping in the random sub-key generation during each encryption round, which increases the unpredictability significantly. In addition, an effective cipher feedback model has been combined to further increase the cipher security. After in-depth research of the 1-D Logistic map, a 2-D Logistic map has been proposed that provides more complex chaotic behaviors than the 1-D Logistic map and further improves the security. Another novel RC5 cryptographic algorithm with 2-D Logistic map has been proposed in this thesis. The proposed algorithm uses a 2-D Logistic map to generate the sub-key and modified RC5 operations to encrypt data. Appropriate experiments have been carried out to evaluate the performance. The results show the proposed algorithms are better than standard RC5 or other modified RC5. The contributions and innovation of this research project are summarized: • Build up a Wireless E-Health Care System based on Wireless Sensor Network. • Create the Cloud Management System for E-Health Care System. • Proposed RC5 cryptographic algorithms based on Logistic Map to increase the randomness and security of cipher data

Low-complexity, low-area computer architectures for cryptographic application in resource constrained environments

RCE (Resource Constrained Environment) is known for its stringent hardware design requirements. With the rise of Internet of Things (IoT), low-complexity and low-area designs are becoming prominent in the face of complex security threats. Two low-complexity, low-area cryptographic processors based on the ultimate reduced instruction set computer (URISC) are created to provide security features for wireless visual sensor networks (WVSN) by using field-programmable gate array (FPGA) based visual processors typically used in RCEs. The first processor is the Two Instruction Set Computer (TISC) running the Skipjack cipher. To improve security, a Compact Instruction Set Architecture (CISA) processor running the full AES with modified S-Box was created. The modified S-Box achieved a gate count reduction of 23% with no functional compromise compared to Boyar’s. Using the Spartan-3L XC3S1500L-4-FG320 FPGA, the implementation of the TISC occupies 71 slices and 1 block RAM. The TISC achieved a throughput of 46.38 kbps at a stable 24MHz clock. The CISA which occupies 157 slices and 1 block RAM, achieved a throughput of 119.3 kbps at a stable 24MHz clock. The CISA processor is demonstrated in two main applications, the first in a multilevel, multi cipher architecture (MMA) with two modes of operation, (1) by selecting cipher programs (primitives) and sharing crypto-blocks, (2) by using simple authentication, key renewal schemes, and showing perceptual improvements over direct AES on images. The second application demonstrates the use of the CISA processor as part of a selective encryption architecture (SEA) in combination with the millions instructions per second set partitioning in hierarchical trees (MIPS SPIHT) visual processor. The SEA is implemented on a Celoxica RC203 Vertex XC2V3000 FPGA occupying 6251 slices and a visual sensor is used to capture real world images. Four images frames were captured from a camera sensor, compressed, selectively encrypted, and sent over to a PC environment for decryption. The final design emulates a working visual sensor, from on node processing and encryption to back-end data processing on a server computer

An Extended Survey on Vehicle Security

The advanced electronic units with wireless capabilities inside modern vehicles have, enhanced the driving experience, but also introduced a myriad of security problems due to the inherent limitations of the internal communication protocol. In the last two decades, a number of security threats have been identified and accordingly, security measures have been proposed. In this paper, we provide a comprehensive review of security threats and countermeasures for the ubiquitous CAN bus communication protocol. Our review of the existing literature leads us to a observation of an overlooked simple, cost-effective, and incrementally deployable solution. Essentially, a reverse firewall, referred to in this paper as an icewall, can be an effective defense against a major class of packet-injection attacks and many denial of service attacks. We cover the fundamentals of the icewall in this paper. Further, by introducing the notion of human-in-the-loop, we discuss the subtle implications to its security when a human driver is accounted for

Analyzing and Creating Playing Card Cryptosystems

Before computers, military tacticians and government agents had to rely on pencil-and-paper methods to encrypt information. For agents that want to use low-tech options in order to minimize their digital footprint, non-computerized ciphers are an essential component of their toolbox. Still, the presence of computers limits the pool of effective hand ciphers. If a cipher is not unpredictable enough, then a computer will easily be able to break it. There are 52! ≈ 2^225.58 ways to mix a deck of cards. If each deck order is a key, this means that there are 52! ≈ 2^225.58 different ways to encrypt a given message. To create some perspective, most computer ciphers feature either 2^128 or 2^256 different ways of encrypting the same message. Hence, a cipher created from a deck of cards has the potential to emulate the security of many computer ciphers. Dr. Landquist and I spent the summer of 2019 examining existing playing card ciphers. This led to the main focus of this paper: the creation of a unique, secure playing card cipher. Because of the inspiration provided by the cipher VIC, I am calling our original cipher VICCard. VICCard has gone through multiple versions, each better than the last. Its security is rooted in its combination of numerous cryptographic principles, including a substitution checkerboard, columnar transpositions, lagged Fibonacci generators, and junk letters. As evidenced by certain randomness tests, VICCard has the potential to extensively randomize an English plaintext

Advanced cryptographic system : design, architecture and FPGA implementation

PhD ThesisThe field programmable gate array (FPGA) is a powerful technology, and since its introduction broad prospects have opened up for engineers to creatively design and implement complete systems in various fields. One such area that has a long history in information and network security is cryptography, which is considered in this thesis. The challenge for engineers is to design secure cryptographic systems, which should work efficiently on different platforms with the levels of security required. In addition, cryptographic functionalities have to be implemented with acceptable degrees of complexity while demanding lower power consumption. The present work is devoted to the design of an efficient block cipher that meets contemporary security requirements, and to implement the proposed design in a configurable hardware platform. The cipher has been designed according to Shannon’s principles and modern cryptographic theorems. It is an iterated symmetric-key block cipher based on the substitution permutation network and number theoretic transform with variable key length, block size and word length. These parameters can be undisclosed when determined by the system, making cryptanalysis almost impossible. The aim is to design a more secure, reliable and flexible system that can run as a ratified standard, with reasonable computational complexity for a sufficient service time. Analyses are carried out on the transforms concerned, which belong to the number theoretic transforms family, to evaluate their diffusion power, and the results confirm good performance in this respect mostly of a minimum of 50%. The new Mersenne number transform and Fermat number transform were included in the design because their characteristics meet the basic requirements of modern cryptographic systems. A new 7×7 substitution box (S-box) is designed and its non-linear properties are evaluated, resulting in values of 2-6 for maximum difference propagation probability and 2-2.678 for maximum input-output correlation. In addition, these parameters are calculated for all S-boxes belonging to the previous and current standard algorithms. Moreover, three extra S-boxes are derived from the new S-box and another three from the current standard, preserving the same non-linear properties by reordering the output elements. The robustness of the proposed cipher in terms of differential and linear cryptanalysis is then considered, and it is proven that the algorithm is secure against such well-known attacks from round three onwards regardless of block or key length. A number of test vectors are run to verify the correctness of the algorithm’s implementation in terms of any possible error, and all results were promising. Tests included the known answer test, the multi-block message test, and the Monte Carlo test. Finally, efficient hardware architectures for the proposed cipher have been designed and implemented using the FPGA system generator platform. The implementations are run on the target device, Xilinx Virtex 6 (XC6VLX130T-2FF484). Using parallel loop-unrolling architecture, a high throughput of 44.9 Gbits/sec is achieved with a power consumption of 1.83W and 8030 slices for implementing the encryption module with key and block lengths of 16×7 bits. There are a variety of outcomes when the cipher is implemented on different FPGA devices as well as for different block and key lengths.Ministry of Higher Education and Scientific Research in Ira

Low-complexity, low-area computer architectures for cryptographic application in resource constrained environments

RCE (Resource Constrained Environment) is known for its stringent hardware design requirements. With the rise of Internet of Things (IoT), low-complexity and low-area designs are becoming prominent in the face of complex security threats. Two low-complexity, low-area cryptographic processors based on the ultimate reduced instruction set computer (URISC) are created to provide security features for wireless visual sensor networks (WVSN) by using field-programmable gate array (FPGA) based visual processors typically used in RCEs. The first processor is the Two Instruction Set Computer (TISC) running the Skipjack cipher. To improve security, a Compact Instruction Set Architecture (CISA) processor running the full AES with modified S-Box was created. The modified S-Box achieved a gate count reduction of 23% with no functional compromise compared to Boyar’s. Using the Spartan-3L XC3S1500L-4-FG320 FPGA, the implementation of the TISC occupies 71 slices and 1 block RAM. The TISC achieved a throughput of 46.38 kbps at a stable 24MHz clock. The CISA which occupies 157 slices and 1 block RAM, achieved a throughput of 119.3 kbps at a stable 24MHz clock. The CISA processor is demonstrated in two main applications, the first in a multilevel, multi cipher architecture (MMA) with two modes of operation, (1) by selecting cipher programs (primitives) and sharing crypto-blocks, (2) by using simple authentication, key renewal schemes, and showing perceptual improvements over direct AES on images. The second application demonstrates the use of the CISA processor as part of a selective encryption architecture (SEA) in combination with the millions instructions per second set partitioning in hierarchical trees (MIPS SPIHT) visual processor. The SEA is implemented on a Celoxica RC203 Vertex XC2V3000 FPGA occupying 6251 slices and a visual sensor is used to capture real world images. Four images frames were captured from a camera sensor, compressed, selectively encrypted, and sent over to a PC environment for decryption. The final design emulates a working visual sensor, from on node processing and encryption to back-end data processing on a server computer