Security In Wireless Sensor Networks Based On Lightweight Algorithms : An Effective Survey

At the level of both individuals and companies, Wireless Sensor Networks (WSNs) get a wide range of applications and uses. Sensors are used in a wide range of industries, including agriculture, transportation, health, and many more. Many technologies, such as wireless communication protocols, the Internet of Things, cloud computing, mobile computing, and other emerging technologies, are connected to the usage of sensors. In many circumstances, this contact necessitates the transmission of crucial data, necessitating the need to protect that data from potential threats. However, as the WSN components often have constrained computation and power capabilities, protecting the communication in WSNs comes at a significant performance penalty. Due to the massive calculations required by conventional public-key and secret encryption methods, information security in this limited context calls for light encryption techniques. In many applications involving sensor networks, security is a crucial concern. On the basis of traditional cryptography, a number of security procedures are created for wireless sensor networks. Some symmetric-key encryption techniques used in sensor network setups include AES, RC5, SkipJack, and XXTEA. These algorithms do, however, have several flaws of their own, including being susceptible to chosen-plaintext assault, brute force attack, and computational complexity

Cryptarray A Scalable And Reconfigurable Architecture For Cryptographic Applications

Cryptography is increasingly viewed as a critical technology to fulfill the requirements of security and authentication for information exchange between Internet applications. However, software implementations of cryptographic applications are unable to support the quality of service from a bandwidth perspective required by most Internet applications. As a result, various hardware implementations, from Application-Specific Integrated Circuits (ASICs), Field-Programmable Gate Arrays (FPGAs), to programmable processors, were proposed to improve this inadequate quality of service. Although these implementations provide performances that are considered better than those produced by software implementations, they still fall short of addressing the bandwidth requirements of most cryptographic applications in the context of the Internet for two major reasons: (i) The majority of these architectures sacrifice flexibility for performance in order to reach the performance level needed for cryptographic applications. This lack of flexibility can be detrimental considering that cryptographic standards and algorithms are still evolving. (ii) These architectures do not consider the consequences of technology scaling in general, and particularly interconnect related problems. As a result, this thesis proposes an architecture that attempts to address the requirements of cryptographic applications by overcoming the obstacles described in (i) and (ii). To this end, we propose a new reconfigurable, two-dimensional, scalable architecture, called CRYPTARRAY, in which bus-based communication is replaced by distributed shared memory communication. At the physical level, the length of the wires will be kept to a minimum. CRYPTARRAY is organized as a chessboard in which the dark and light squares represent Processing Elements (PE) and memory blocks respectively. The granularity and resource composition of the PEs is specifically designed to support the computing operations encountered in cryptographic algorithms in general, and symmetric algorithms in particular. Communication can occur only between neighboring PEs through locally shared memory blocks. Because of the chessboard layout, the architecture can be reconfigured to allow computation to proceed as a pipelined wave in any direction. This organization offers a high computational density in terms of datapath resources and a large number of distributed storage resources that easily support a high degree of parallelism and pipelining. Experimental prototyping a small array on FPGA chips shows that this architecture can run at 80.9 MHz producing 26,968,716 outputs every second in static reconfiguration mode and 20,226,537 outputs every second in dynamic reconfiguration mode

Cryptoraptor : high throughput reconfigurable cryptographic processor for symmetric key encryption and cryptographic hash functions

textIn cryptographic processor design, the selection of functional primitives and connection structures between these primitives are extremely crucial to maximize throughput and flexibility. Hence, detailed analysis on the specifications and requirements of existing crypto-systems plays a crucial role in cryptographic processor design. This thesis provides the most comprehensive literature review that we are aware of on the widest range of existing cryptographic algorithms, their specifications, requirements, and hardware structures. In the light of this analysis, it also describes a high performance, low power, and highly flexible cryptographic processor, Cryptoraptor, that is designed to support both today's and tomorrow's encryption standards. To the best of our knowledge, the proposed cryptographic processor supports the widest range of cryptographic algorithms compared to other solutions in the literature and is the only crypto-specific processor targeting the future standards as well. Unlike previous work, we aim for maximum throughput for all known encryption standards, and to support future standards as well. Our 1GHz design achieves a peak throughput of 128Gbps for AES-128 which is competitive with ASIC designs and has 25X and 160X higher throughput per area than CPU and GPU solutions, respectively.Electrical and Computer Engineerin

Criptografía en bases de datos en cloud computing.

The IT managers of companies who are considering migrating their systems to the cloud computing have their reservationsabout the security and reliability of cloud-based services, these are not yet fully convinced that deliver sensitive data companies or theirclients is a good idea, in this context the use of encryption systems, in particular homomorphic encryption schemes are useful, since theoperations in the cloud provider are made with the encrypted information, providing a level of reliability and safety databases fromattacks as well as internal and external in cloud computing. This paper proposes a scheme to protect the different attributes ofinformation (confidentiality, integrity and authentication), stored in a BD in the Cloud.Los responsables de informática de las empresas que están pensando migrar sus sistemas de cómputo a la nube tienensus reservas con respecto a la seguridad y la confiabilidad de los servicios basados en la nube, éstos aún no están plenamenteconvencidos de que entregar datos sensibles de las empresas o de sus clientes sea buena idea, en este contexto el uso de los sistemas decifrado, y en especial los esquemas de cifrado homomórficos son de gran utilidad, ya que las operaciones realizadas en el proveedorcloud se realizan con la información cifrada, brindando así un nivel de confiabilidad y seguridad a las bases de datos frente a posiblesataques tanto internos como externos en el cloud computing. En el presente trabajo se propone un esquema para proteger los diferentesatributos de la información (confidencialidad, integridad y autenticación) almacenada en una BD en el Cloud

Інформаційна система захисту персональної інформації на основі комплексного підходу до шифрування та збереження даних

Магістерська дисертація: 104 с., 1 додаток, 26 рисунків, 29 таблиць, 23 джерела. Актуальність. У зв’язку з останніми крадіжками персональних даних у facebook, надання інформації спец службам про користувачів в системах VK, Viber, Telegram, користувачам не залишається можливостей захистити свої дані від зламу та крадіжки. На жаль, на даний момент, немає жодної системи обміну та зберігання персональних даних, яка 100% захистить ваші дані. Тому ринок на даному етапі потребує такої системи. Мета дослідження – підвищення ступеню захищеності персональних даних, та надання користувачу повного контролю над ними. Для досягнення мети необхідно виконати наступні завдання: - розробити функціональну можливість локального збереження особистих даних на кінцевих пристроях користувача; - розробити можливість передачі даних на інші пристрої, у зв’язку з обмеженими ресурсами пам’яті, або для зберігання резервних копій даних; - реалізувати можливість обміну персональними даними між користувачами у вигляді повідомлень файлів та медіа; - розробити комплексний асиметричний алгоритм для захисту каналу передачі даних; - розробити функціональну можливість контролю даних на всіх пристроях користувачем; - спроектувати та розробити програмне забезпечення клієнтів у вигляді мобільного застосунку. Об’єкт дослідження – процес збереження або обміну персональних даних користувача. Предмет дослідження – інформаційна система захисту персональної інформації на основі комплексного підходу до шифрування та збереження даних. Методи дослідження, застосовані у даній роботі, базуються на розробці власного комплексного алгоритму захисту даних. Використання асинхронних, синхронних алгоритмів захисту інформації. Розробка комплексного алгоритму на основі гібридного підходу до шифрування. Наукова новизна одержаних результатів полягає у впровадженні нового підходу до збереження даних; впровадженні нових способів передачі даних; розробці нових комплексних алгоритмів захисту даних в незахищеному каналі; Публікації: Тези: Комплексний асиметричний алгоритм шифрування з динамічним ключем. Автори: Скидан Д.О, Жданова О. Г. Конференція: Всеукраїнська науково- практична конференція молодих вчених та студентів «Інформаційні системи та технології управління» (ІСТУ-2018) – м. Київ.: НТУУ «КПІ ім. Ігоря Сікорського», 29-30 грудня 2018 р. Стаття: Аналіз симетричних алгоритмів шифрування для впровадження у гібридну криптосистему. Автор: Скидан Д. О. Науковий журнал: Актуальні наукові дослідження в сучасному світі – iSience – 2018.Master's dissertation: 104 p., 1 appendix, 26 figures, 29 tables, 23 sources. Topicality. Due to the latest theft of personal data in facebook, providing information to special services about users from VK, Viber, Telegram, users do not have the ability to protect their data from hack and theft. Unfortunately, at the moment, there is no system for exchanging and storing personal data that will protect your data on 100%. Therefore, the market at this stage needs such a system. Therefore, the market needs such a system, at this step. Aim of research - increasing the level of personal data protection and providing full data control to the user. To achieve the aim, should accomplish the following tasks: - develop a functional possibility of personal data local storage of on the user devices; - develop the transfer data ability to other devices, due to limited memory resources, or to back up data; - realize the possibility of exchanging personal data between users, such as message files and media; - develop a comprehensive asymmetric algorithm for protection the data channel; - develop a functional possibility of data control on all devices by the user; - design and develop client software in the form of a mobile application. Object of the research – the process of storing or exchanging user personal data. Subject of research - Personal information protection system based on complex approach of Data Encryption and Storage. The used Research Methods are based on the development of a self-contained complex data protection algorithm. Use of asynchronous, synchronous data protection algorithms. Development of complex algorithm based on hybrid encryption approach. The scientific novelty of the obtained results is the introduction of a new approach to data storage; introduction of new methods of data transferring; development new complex algorithms for data protection in an unprotected channel; Publications: Theses: The complex asymmetric encryption algorithm with a dynamic key. Authors: Skydan D., Zhdanova O. Conference: “Всеукраїнська науково-практична конференція молодих вчених та студентів «Інформаційні системи та технології управління» (ІСТУ-2018)” – Kyiv: The National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute" 29-30 Dec. 2018. Article: Analysis of symmetric encryption algorithms for implementation in the hybrid cryptosystem. Authors: Skydan D. Іcientific journal: “Актуальні наукові дослідження в сучасному світі” – iSience – 2018

Estudo e implementação eficiente de algoritmos criptográficos

[EN] Due to the great amount of devices being used in the daily life of people there has been studied increasingly ways to reduce the energetic consumption. This work aims to compare different forms of encryption in order to make it eligible to the one that has a low energy consumption with adequate security. It will also be the aim of this work to discuss emerging concepts such as the textit ICN networks and the textit IoT.Devido a grande quantidade de dispositivos sendo utilizados no dia a dia das pessoas formas de diminuir o consumo energético vêm sendo cada vez mais alvo de estudo e pesquisa. Este trabalho visa comparar diferentes formas de criptografia a fim de tornar elegível àquela que possua um baixo consumo energético com uma segurança adequada. Será também alvo deste trabalho discorrer sobre os conceitos emergentes como as redes ICN e sobre a Io

Robust and secure resource management for automotive cyber-physical systems

2022 Spring.Includes bibliographical references.Modern vehicles are examples of complex cyber-physical systems with tens to hundreds of interconnected Electronic Control Units (ECUs) that manage various vehicular subsystems. With the shift towards autonomous driving, emerging vehicles are being characterized by an increase in the number of hardware ECUs, greater complexity of applications (software), and more sophisticated in-vehicle networks. These advances have resulted in numerous challenges that impact the reliability, security, and real-time performance of these emerging automotive systems. Some of the challenges include coping with computation and communication uncertainties (e.g., jitter), developing robust control software, detecting cyber-attacks, ensuring data integrity, and enabling confidentiality during communication. However, solutions to overcome these challenges incur additional overhead, which can catastrophically delay the execution of real-time automotive tasks and message transfers. Hence, there is a need for a holistic approach to a system-level solution for resource management in automotive cyber-physical systems that enables robust and secure automotive system design while satisfying a diverse set of system-wide constraints. ECUs in vehicles today run a variety of automotive applications ranging from simple vehicle window control to highly complex Advanced Driver Assistance System (ADAS) applications. The aggressive attempts of automakers to make vehicles fully autonomous have increased the complexity and data rate requirements of applications and further led to the adoption of advanced artificial intelligence (AI) based techniques for improved perception and control. Additionally, modern vehicles are becoming increasingly connected with various external systems to realize more robust vehicle autonomy. These paradigm shifts have resulted in significant overheads in resource constrained ECUs and increased the complexity of the overall automotive system (including heterogeneous ECUs, network architectures, communication protocols, and applications), which has severe performance and safety implications on modern vehicles. The increased complexity of automotive systems introduces several computation and communication uncertainties in automotive subsystems that can cause delays in applications and messages, resulting in missed real-time deadlines. Missing deadlines for safety-critical automotive applications can be catastrophic, and this problem will be further aggravated in the case of future autonomous vehicles. Additionally, due to the harsh operating conditions (such as high temperatures, vibrations, and electromagnetic interference (EMI)) of automotive embedded systems, there is a significant risk to the integrity of the data that is exchanged between ECUs which can lead to faulty vehicle control. These challenges demand a more reliable design of automotive systems that is resilient to uncertainties and supports data integrity goals. Additionally, the increased connectivity of modern vehicles has made them highly vulnerable to various kinds of sophisticated security attacks. Hence, it is also vital to ensure the security of automotive systems, and it will become crucial as connected and autonomous vehicles become more ubiquitous. However, imposing security mechanisms on the resource constrained automotive systems can result in additional computation and communication overhead, potentially leading to further missed deadlines. Therefore, it is crucial to design techniques that incur very minimal overhead (lightweight) when trying to achieve the above-mentioned goals and ensure the real-time performance of the system. We address these issues by designing a holistic resource management framework called ROSETTA that enables robust and secure automotive cyber-physical system design while satisfying a diverse set of constraints related to reliability, security, real-time performance, and energy consumption. To achieve reliability goals, we have developed several techniques for reliability-aware scheduling and multi-level monitoring of signal integrity. To achieve security objectives, we have proposed a lightweight security framework that provides confidentiality and authenticity while meeting both security and real-time constraints. We have also introduced multiple deep learning based intrusion detection systems (IDS) to monitor and detect cyber-attacks in the in-vehicle network. Lastly, we have introduced novel techniques for jitter management and security management and deployed lightweight IDSs on resource constrained automotive ECUs while ensuring the real-time performance of the automotive systems

Architectural Support for Fast Symmetric-Key Cryptography

The emergence of the Internet as a trusted medium for commerce and communication has made cryptography an essential component of modern information systems. Cryptography provides the mechanisms necessary to implement accountability, accuracy, and confidentiality in communication. As demands for secure communication bandwidth grow, efficient cryptographic processing will become increasingly vital to good system performance. In this paper, we explore techniques to improve the performance of symmetric key cipher algorithms. Eight popular strong encryption algorithms are examined in detail. Analysis reveals the algorithms are computationally complex and contain little parallelism. Overall throughput on a high-end microprocessor is quite poor, a 600 Mhz processor is incapable of saturating a T3 communication line with 3DES (triple DES) encrypted data. We introduce new instructions that improve the efficiency of the analyzed algorithms. Our approach adds instruction set support for fast substitutions, general permutations, rotates, and modular arithmetic. Performance analysis of the optimized ciphers shows an overall speedup of 59 % over a baseline machine with rotate instructions and 74 % speedup over a baseline without rotates. Even higher speedups are demonstrated with optimized substitutions (SBOXes) and additional functional unit resources. Our analyses of the original and optimized algorithms suggest future directions for the design of high-performance programmable cryptographic processors.

Crypto-processeur architecture, programmation et évaluation de la sécurité

Les architectures des processeurs et coprocesseurs cryptographiques se montrent fréquemment vulnérables aux différents types d attaques ; en particulier, celles qui ciblent une révélation des clés chiffrées. Il est bien connu qu une manipulation des clés confidentielles comme des données standards par un processeur peut être considérée comme une menace. Ceci a lieu par exemple lors d un changement du code logiciel (malintentionné ou involontaire) qui peut provoquer que la clé confidentielle sorte en clair de la zone sécurisée. En conséquence, la sécurité de tout le système serait irréparablement menacée. L objectif que nous nous sommes fixé dans le travail présenté, était la recherche d architectures matérielles reconfigurables qui peuvent fournir une sécurité élevée des clés confidentielles pendant leur génération, leur enregistrement et leur échanges en implantant des modes cryptographiques de clés symétriques et des protocoles. La première partie de ce travail est destinée à introduire les connaissances de base de la cryptographie appliquée ainsi que de l électronique pour assurer une bonne compréhension des chapitres suivants. Deuxièmement, nous présentons un état de l art des menaces sur la confidentialité des clés secrètes dans le cas où ces dernières sont stockées et traitées dans un système embarqué. Pour lutter contre les menaces mentionnées, nous proposons alors de nouvelles règles au niveau du design de l architecture qui peuvent augmenter la résistance des processeurs et coprocesseurs cryptographiques contre les attaques logicielles. Ces règles prévoient une séparation des registres dédiés à l enregistrement de clés et ceux dédiés à l enregistrement de données : nous proposons de diviser le système en zones : de données, du chiffreur et des clés et à isoler ces zones les unes des autres au niveau du protocole, du système, de l architecture et au niveau physique. Ensuite, nous présentons un nouveau crypto-processeur intitulé HCrypt, qui intègre ces règles de séparation et qui assure ainsi une gestion sécurisée des clés. Mises à part les instructions relatives à la gestion sécurisée de clés, quelques instructions supplémentaires sont dédiées à une réalisation simple des modes de chiffrement et des protocoles cryptographiques. Dans les chapitres suivants, nous explicitons le fait que les règles de séparation suggérées, peuvent également être étendues à l architecture d un processeur généraliste et coprocesseur. Nous proposons ainsi un crypto-coprocesseur sécurisé qui est en mesure d être utilisé en relation avec d autres processeurs généralistes. Afin de démontrer sa flexibilité, le crypto-coprocesseur est interconnecté avec les processeurs soft-cores de NIOS II, de MicroBlaze et de Cortex M1. Par la suite, la résistance du crypto-processeur par rapport aux attaques DPA est testée. Sur la base de ces analyses, l architecture du processeur HCrypt est modifiée afin de simplifier sa protection contre les attaques par canaux cachés (SCA) et les attaques par injection de fautes (FIA). Nous expliquons aussi le fait qu une réorganisation des blocs au niveau macroarchitecture du processeur HCrypt, augmente la résistance du nouveau processeur HCrypt2 par rapport aux attaques de type DPA et FIA. Nous étudions ensuite les possibilités pour pouvoir reconfigurer dynamiquement les parties sélectionnées de l architecture du processeur crypto-coprocesseur. La reconfiguration dynamique peut être très utile lorsque l algorithme de chiffrement ou ses implantations doivent être changés en raison de l apparition d une vulnérabilité Finalement, la dernière partie de ces travaux de thèse, est destinée à l exécution des tests de fonctionnalité et des optimisations stricts des deux versions du cryptoprocesseur HCryptArchitectures of cryptographic processors and coprocessors are often vulnerable to different kinds of attacks, especially those targeting the disclosure of encryption keys. It is well known that manipulating confidential keys by the processor as ordinary data can represent a threat: a change in the program code (malicious or unintentional) can cause the unencrypted confidential key to leave the security area. This way, the security of the whole system would be irrecoverably compromised. The aim of our work was to search for flexible and reconfigurable hardware architectures, which can provide high security of confidential keys during their generation, storage and exchange while implementing common symmetric key cryptographic modes and protocols. In the first part of the manuscript, we introduce the bases of applied cryptography and of reconfigurable computing that are necessary for better understanding of the work. Second, we present threats to security of confidential keys when stored and processed within an embedded system. To counteract these threats, novel design rules increasing robustness of cryptographic processors and coprocessors against software attacks are presented. The rules suggest separating registers dedicated to key storage from those dedicated to data storage: we propose to partition the system into the data, cipher and key zone and to isolate the zones from each other at protocol, system, architectural and physical levels. Next, we present a novel HCrypt crypto-processor complying with the separation rules and thus ensuring secure key management. Besides instructions dedicated to secure key management, some additional instructions are dedicated to easy realization of block cipher modes and cryptographic protocols in general. In the next part of the manuscript, we show that the proposed separation principles can be extended also to a processor-coprocessor architecture. We propose a secure crypto-coprocessor, which can be used in conjunction with any general-purpose processor. To demonstrate its flexibility, the crypto-coprocessor is interconnected with the NIOS II, MicroBlaze and Cortex M1 soft-core processors. In the following part of the work, we examine the resistance of the HCrypt cryptoprocessor to differential power analysis (DPA) attacks. Following this analysis, we modify the architecture of the HCrypt processor in order to simplify its protection against side channel attacks (SCA) and fault injection attacks (FIA). We show that by rearranging blocks of the HCrypt processor at macroarchitecture level, the new HCrypt2 processor becomes natively more robust to DPA and FIA. Next, we study possibilities of dynamically reconfiguring selected parts of the processor - crypto-coprocessor architecture. The dynamic reconfiguration feature can be very useful when the cipher algorithm or its implementation must be changed in response to appearance of some vulnerability. Finally, the last part of the manuscript is dedicated to thorough testing and optimizations of both versions of the HCrypt crypto-processor. Architectures of crypto-processors and crypto-coprocessors are often vulnerable to software attacks targeting the disclosure of encryption keys. The thesis introduces separation rules enabling crypto-processor/coprocessors to support secure key management. Separation rules are implemented on novel HCrypt crypto-processor resistant to software attacks targetting the disclosure of encryption keysST ETIENNE-Bib. électronique (422189901) / SudocSudocFranceF