34 research outputs found
State of the Art in Lightweight Symmetric Cryptography
Lightweight cryptography has been one of the hot topics in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products.
In this paper, we discuss the different implementation constraints that a lightweight algorithm is usually designed to satisfy in both the software and the hardware case. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (NIST...) and international (ISO/IEC...) standards are listed.
We identified several trends in the design of lightweight algorithms, such as the designers\u27 preference for ARX-based and bitsliced-S-Box-based designs or simpler key schedules. We also discuss more general trade-offs facing the authors of such algorithms and suggest a clearer distinction between two subsets of lightweight cryptography. The first, ultra-lightweight cryptography, deals with primitives fulfilling a unique purpose while satisfying specific and narrow constraints. The second is ubiquitous cryptography and it encompasses more versatile algorithms both in terms of functionality and in terms of implementation trade-offs
Security of Ubiquitous Computing Systems
The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license
IoT Security Evolution: Challenges and Countermeasures Review
Internet of Things (IoT) architecture, technologies, applications and security have been recently addressed by a number of researchers. Basically, IoT adds internet connectivity to a system of intelligent devices, machines, objects and/or people. Devices are allowed to automatically collect and transmit data over the Internet, which exposes them to serious attacks and threats. This paper provides an intensive review of IoT evolution with primary focusing on security issues together with the proposed countermeasures. Thus, it outlines the IoT security challenges as a future roadmap of research for new researchers in this domain
On the Efficiency of Software Implementations of Lightweight Block Ciphers from the Perspective of Programming Languages
Lightweight block ciphers are primarily designed for resource constrained devices. However, due to service requirements of large-scale IoT networks and systems, the need for efficient software implementations can not be ruled out. A number of studies have compared software implementations of different lightweight block ciphers on a specific platform but to the best of our knowledge, this is the first attempt to benchmark various software implementations of a single lightweight block cipher across different programming languages and platforms in the cloud architecture. In this paper, we defined six lookup-table based software implementations for lightweight block ciphers with their characteristics ranging from memory to throughput optimized variants. We carried out a thorough analysis of the two costs associated with each implementation (memory and operations) and discussed possible trade-offs in detail. We coded all six types of implementations for three key settings (64, 80, 128 bits) of LED (a lightweight block cipher) in four programming languages (Java, C#, C++, Python). We highlighted the impact of choice relating to implementation type, programming language, and platform by benchmarking the seventy-two implementations for throughput and software efficiency on 32 & 64-bit platforms for two major operating systems (Windows & Linux) on Amazon Web Services Cloud. The results showed that these choices can affect the efficiency of a cryptographic primitive by a factor as high as 400
Efficient and Secure Implementations of Lightweight Symmetric Cryptographic Primitives
This thesis is devoted to efficient and secure implementations of lightweight symmetric cryptographic primitives for resource-constrained devices such as wireless sensors and actuators that are typically deployed in remote locations. In this setting, cryptographic algorithms must consume few computational resources and withstand a large variety of attacks, including side-channel attacks.
The first part of this thesis is concerned with efficient software implementations of lightweight symmetric algorithms on 8, 16, and 32-bit microcontrollers. A first contribution of this part is the development of FELICS, an open-source benchmarking framework that facilitates the extraction of comparative performance figures from implementations of lightweight ciphers. Using FELICS, we conducted a fair evaluation of the implementation properties of 19 lightweight block ciphers in the context of two different usage scenarios, which are representatives for common security services in the Internet of Things (IoT). This study gives new insights into the link between the structure of a cryptographic algorithm and the performance it can achieve on embedded microcontrollers. Then, we present the SPARX family of lightweight ciphers and describe the impact of software efficiency in the process of shaping three instances of the family. Finally, we evaluate the cost of the main building blocks of symmetric algorithms to determine which are the most efficient ones. The contributions of this part are particularly valuable for designers of lightweight ciphers, software and security engineers, as well as standardization organizations.
In the second part of this work, we focus on side-channel attacks that exploit the power consumption or the electromagnetic emanations of embedded devices executing unprotected implementations of lightweight algorithms. First, we evaluate different selection functions in the context of Correlation Power Analysis (CPA) to infer which operations are easy to attack. Second, we show that most implementations of the AES present in popular open-source cryptographic libraries are vulnerable to side-channel attacks such as CPA, even in a network protocol scenario where the attacker has limited control of the input. Moreover, we describe an optimal algorithm for recovery of the master key using CPA attacks. Third, we perform the first electromagnetic vulnerability analysis of Thread, a networking stack designed to facilitate secure communication between IoT devices.
The third part of this thesis lies in the area of side-channel countermeasures against power and electromagnetic analysis attacks. We study efficient and secure expressions that compute simple bitwise functions on Boolean shares. To this end, we describe an algorithm for efficient search of expressions that have an optimal cost in number of elementary operations. Then, we introduce optimal expressions for first-order Boolean masking of bitwise AND and OR operations. Finally, we analyze the performance of three lightweight block ciphers protected using the optimal expressions
Técnicas de segurança para a internet das coisas
Mestrado em Engenharia de Computadores e TelemáticaIoT assume que dispositivos limitados, tanto em capacidades computacionais
como em energia disponÃvel, façam parte da sua infraestrutura. Dispositivos
esses que apresentam menos capacidades e mecanismos de defesa do que
as máquinas de uso geral. É imperativo aplicar segurança nesses dispositivos
e nas suas comunicações de maneira a prepará-los para as ameaças da
Internet e alcançar uma verdadeira e segura Internet das Coisas, em concordância
com as visões atuais para o futuro. Esta dissertação pretende ser um
pequeno passo nesse sentido, apresentando alternativas para proteger as comunicações
de dispositivos restritos numa perspetiva de performance assim
como avaliar o desempenho e a ocupação de recursos por parte de primitivas
criptográficas quando são aplicadas em dispositivos reais. Dado que a
segurança em diversas ocasiões tem de se sujeitar aos recursos deixados
após a implementação de funcionalidades, foi colocada uma implementação
de exposição de funcionalidades, recorrendo ao uso de CoAP, num dispositivo
fabricado com intenção de ser usado em IoT e avaliada de acordo com a
sua ocupação de recursos.IoT comprehends devices constrained in both computational capabilities and
available energy to be a part of its infrastructure. Devices which also present
less defense capabilities and mechanisms than general purpose machines.
It’s imperative to secure such devices and their communications in order to
prepare them for the Internet menaces and achieve a true and secure Internet
of Things compliant with today’s future visions. This dissertation intends
to be a small step towards such future by presenting alternatives to protect
constrained device’s communications in a performance related perspective as
well as benchmarks and evaluation of resources used by cryptographic primitives
when implemented on real devices. Due to security being on multiple
occasions subjected to the resources available only after functionalities implementation,
a minimalist implementation of functionalities exposure through
the use of CoAP was also deployed in an IoT intended device and assessed
according to resource overhead
Performance-efficient cryptographic primitives in constrained devices
PhD ThesisResource-constrained devices are small, low-cost, usually fixed function and very limitedresource devices. They are constrained in terms of memory, computational capabilities,
communication bandwidth and power. In the last decade, we have seen widespread use of
these devices in health care, smart homes and cities, sensor networks, wearables, automotive
systems, and other fields. Consequently, there has been an increase in the research activities
in the security of these devices, especially in how to design and implement cryptography that
meets the devices’ extreme resource constraints.
Cryptographic primitives are low-level cryptographic algorithms used to construct security protocols that provide security, authenticity, and integrity of the messages. The building
blocks of the primitives, which are built heavily on mathematical theories, are computationally complex and demands considerable computing resources. As a result, most of these
primitives are either too large to fit on resource-constrained devices or highly inefficient
when implemented on them.
There have been many attempts to address this problem in the literature where cryptography engineers modify conventional primitives into lightweight versions or build new
lightweight primitives from scratch. Unfortunately, both solutions suffer from either reduced
security, low performance, or high implementation cost.
This thesis investigates the performance of the conventional cryptographic primitives and
explores the effect of their different building blocks and design choices on their performance.
It also studies the impact of the various implementations approaches and optimisation
techniques on their performance. Moreover, it investigates the limitations imposed by the
tight processing and storage capabilities in constrained devices in implementing cryptography.
Furthermore, it evaluates the performance of many newly designed lightweight cryptographic
primitives and investigates the resources required to run them with acceptable performance.
The thesis aims to provide an insight into the performance of the cryptographic primitives and
the resource needed to run them with acceptable performance. This will help in providing
solutions that balance performance, security, and resource requirements for these devices.The Institute of
Public Administration in Riyadh, and the Saudi Arabian Cultural Bureau in
Londo
Electromagnetic Side-Channel Resilience against Lightweight Cryptography
Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, observations of leakages through physical parameters, i.e., power and electromagnetic (EM) radiation, etc., of digital devices are essential to minimise vulnerabilities associated with cryptographic functions. Compared to costs in the past, performing side-channel attacks using inexpensive test equipment is becoming a reality. Internet-of-Things (IoT) devices are resource-constrained, and lightweight cryptography is a novel approach in progress towards IoT security. Thus, it would provide sufficient data and privacy protection in such a constrained ecosystem. Therefore, cryptanalysis of physical leakages regarding these emerging ciphers is crucial. EM side-channel attacks seem to cause a significant impact on digital forensics nowadays. Within existing literature, power analysis seems to have considerable attention in research whereas other phenomena, such as EM, should continue to be appropriately evaluated in playing a role in forensic analysis.The emphasis of this thesis is on lightweight cryptanalysis. The preliminary investigations showed no Correlation EManalysis (CEMA) of PRESENT lightweight algorithm. The PRESENT is a block cipher that promises to be adequate for IoT devices, and is expected to be used commercially in the future. In an effort to fill in this research gap, this work examines the capabilities of a correlation EM side-channel attack against the PRESENT. For that, Substitution box (S-box) of the PRESENT was targeted for its 1st round with the use of a minimum number of EM waveforms compared to other work in literature, which was 256. The attack indicates the possibility of retrieving 8 bytes of the secret key out of 10 bytes. The experimental process started from a Simple EMA (SEMA) and gradually enhanced up to a CEMA. The thesis presents the methodology of the attack modelling and the observations followed by a critical analysis. Also, a technical review of the IoT technology and a comprehensive literature review on lightweight cryptology are included