19 research outputs found
KLEIN: A New Family of Lightweight Block Ciphers
Resource-efficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a new family of lightweight block ciphers named KLEIN, which is designed for resource-constrained devices such as wireless sensors and RFID tags. Compared to the related proposals, KLEIN has advantage in the software performance on legacy sensor platforms, while in the same time its hardware implementation can also be compact
Barrel Shifter Physical Unclonable Function Based Encryption
Physical Unclonable Functions (PUFs) are circuits designed to extract
physical randomness from the underlying circuit. This randomness depends on the
manufacturing process. It differs for each device enabling chip-level
authentication and key generation applications. We present a protocol utilizing
a PUF for secure data transmission. Parties each have a PUF used for encryption
and decryption; this is facilitated by constraining the PUF to be commutative.
This framework is evaluated with a primitive permutation network - a barrel
shifter. Physical randomness is derived from the delay of different shift
paths. Barrel shifter (BS) PUF captures the delay of different shift paths.
This delay is entangled with message bits before they are sent across an
insecure channel. BS-PUF is implemented using transmission gates; their
characteristics ensure same-chip reproducibility, a necessary property of PUFs.
Post-layout simulations of a common centroid layout 8-level barrel shifter in
0.13 {\mu}m technology assess uniqueness, stability and randomness properties.
BS-PUFs pass all selected NIST statistical randomness tests. Stability similar
to Ring Oscillator (RO) PUFs under environment variation is shown. Logistic
regression of 100,000 plaintext-ciphertext pairs (PCPs) failed to successfully
model BS- PUF behavior
Recommended from our members
Memory-Based High-Level Synthesis Optimizations Security Exploration on the Power Side-Channel
High-level synthesis (HLS) allows hardware designers to think algorithmically and not worry about low-level, cycle-by-cycle details. This provides the ability to quickly explore the architectural design space and tradeoffs between resource utilization and performance. Unfortunately, security evaluation is not a standard part of the HLS design flow. In this article, we aim to understand the effects of memory-based HLS optimizations on power side-channel leakage. We use Xilinx Vivado HLS to develop different cryptographic cores, implement them on a Spartan-6 FPGA, and collect power traces. We evaluate the designs with respect to resource utilization, performance, and information leakage through power consumption. We have two important observations and contributions. First, the choice of resource optimization directive results in different levels of side-channel vulnerabilities. Second, the partitioning optimization directive can greatly compromise the hardware cryptographic system through power side-channel leakage due to the deployment of memory control logic. We describe an evaluation procedure for power side-channel leakage and use it to make best-effort recommendations about how to design more secure architectures in the cryptographic domain
A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 m CMOS Technology
In this work, a novel chaos-based stream cipher based on a skew tent map is proposed and implemented in a 0.18 µm CMOS (Complementary Metal-Oxide-Semiconductor) technology. The proposed ciphering algorithm uses a linear feedback shift register that perturbs the orbits generated by the skew tent map after each iteration. This way, the randomness of the generated sequences is considerably improved. The implemented stream cipher was capable of achieving encryption speeds of 1 Gbps by using an approximate area of ~20,000 2-NAND equivalent gates, with a power consumption of 24.1 mW. To test the security of the proposed cipher, the generated keystreams were subjected to National Institute of Standards and Technology (NIST) randomness tests, proving that they were undistinguishable from truly random sequences. Finally, other security aspects such as the key sensitivity, key space size, and security against reconstruction attacks were studied, proving that the stream cipher is secure
An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things Applications
This paper presents the first hardware implementation of the Datagram
Transport Layer Security (DTLS) protocol to enable end-to-end security for the
Internet of Things (IoT). A key component of this design is a reconfigurable
prime field elliptic curve cryptography (ECC) accelerator, which is 238x and 9x
more energy-efficient compared to software and state-of-the-art hardware
respectively. Our full hardware implementation of the DTLS 1.3 protocol
provides 438x improvement in energy-efficiency over software, along with code
size and data memory usage as low as 8 KB and 3 KB respectively. The
cryptographic accelerators are coupled with an on-chip low-power RISC-V
processor to benchmark applications beyond DTLS with up to two orders of
magnitude energy savings. The test chip, fabricated in 65 nm CMOS, demonstrates
hardware-accelerated DTLS sessions while consuming 44.08 uJ per handshake, and
0.89 nJ per byte of encrypted data at 16 MHz and 0.8 V.Comment: Published in IEEE Journal of Solid-State Circuits (JSSC
GossiCrypt: Wireless Sensor Network Data Confidentiality Against Parasitic Adversaries
Resource and cost constraints remain a challenge for wireless sensor network
security. In this paper, we propose a new approach to protect confidentiality
against a parasitic adversary, which seeks to exploit sensor networks by
obtaining measurements in an unauthorized way. Our low-complexity solution,
GossiCrypt, leverages on the large scale of sensor networks to protect
confidentiality efficiently and effectively. GossiCrypt protects data by
symmetric key encryption at their source nodes and re-encryption at a randomly
chosen subset of nodes en route to the sink. Furthermore, it employs key
refreshing to mitigate the physical compromise of cryptographic keys. We
validate GossiCrypt analytically and with simulations, showing it protects data
confidentiality with probability almost one. Moreover, compared with a system
that uses public-key data encryption, the energy consumption of GossiCrypt is
one to three orders of magnitude lower
Compact Circuits for Combined AES Encryption/Decryption
The implementation of the AES encryption core by Moradi et al. at Eurocrypt 2011 is one of the smallest in terms of gate area. The circuit takes around 2400 gates and operates on an 8 bit datapath. However this is an encryption only core and unable to cater to block cipher modes like CBC and ELmD that require access to both the AES encryption and decryption modules. In this paper we look to investigate whether the basic circuit of Moradi et al. can be tweaked to provide dual functionality of encryption and decryption (ENC/DEC) while keeping the hardware overhead as low as possible. We report two constructions of the AES circuit. The first is an 8-bit serialized implementation that provides the functionality of both encryption and decryption and occupies around 2605 GE with a latency of 226 cycles. This is a substantial improvement over the next smallest AES ENC/DEC circuit (Grain of Sand) by Feldhofer et al. which takes around 3400 gates but has a latency of over 1000 cycles for both the encryption and decryption cycles. In the second part, we optimize the above architecture to provide the dual encryption/decryption functionality in only 2227 GE and latency of 246/326 cycles for the encryption and decryption operations respectively. We take advantage of clock gating techniques to achieve Shiftrow and Inverse Shiftrow operations in 3 cycles instead of 1. This helps us replace many of the scan flip-flops in the design with ordinary flip-flops.Furthermore we take advantage of the fact that the Inverse Mixcolumn matrix in AES is the cube of the Forward Mixcolumn matrix. Thus by executing the Forward Mixcolumn operation three times over the state, one can achieve the functionality of Inverse Mixcolumn. This saves some more gate area as one is no longer required to have a combined implementation of the Forward and Inverse Mixcolumn circuit