RFID Key Establishment Against Active Adversaries

We present a method to strengthen a very low cost solution for key agreement with a RFID device. Starting from a work which exploits the inherent noise on the communication link to establish a key by public discussion, we show how to protect this agreement against active adversaries. For that purpose, we unravel integrity $(I)$-codes suggested by Cagalj et al. No preliminary key distribution is required.Comment: This work was presented at the First IEEE Workshop on Information Forensics and Security (WIFS'09) (update including minor remarks and references to match the presented version

Evaluation of Some Algorithms for Hardware-Oriented Message Authentication

In this technical report, we consider ultra light-weight constructions of message authentication in hardware applications. We examine several known constructions and evaluate details around their hardware implementations. These constructions are all based on the framework of universal hash functions

Transparent code authentication at the processor level

The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes

A Uniform Class of Weak Keys for Universal Hash Functions

In this paper we investigate weak keys of universal hash functions (UHFs) from their combinatorial properties. We find that any UHF has a general class of keys, which makes the combinatorial properties totally disappear, and even compromises the security of the UHF-based schemes, such as the Wegman-Carter scheme, the UHF-then-PRF scheme, etc. By this class of keys, we actually get a general method to search weak-key classes of UHFs, which is able to derive all previous weak-key classes of UHFs found by intuition or experience. Moreover we give a weak-key class of the BRW polynomial function which was once believed to have no weak-key issue, and exploit such weak keys to implement a distinguish attack and a forgery attack against DTC - a BRW-based authentication encryption scheme. Furthermore in Grain-128a, with the linear structure revealed by weak-key classes of its UHF, we can recover any first $(32+b)$ bits of the UHF key, spending no more than $1$ encryption and $(2^{32} + b)$ decryption queries

A New Multi-Linear Universal Hash Family

A new universal hash family is described. Messages are sequences over a finite field \rF_q while keys are sequences over an extension field \rF_{q^n}. A linear map $\psi$ from \rF_{q^n} to itself is used to compute the output digest. Of special interest is the case $q=2$. For this case, we show that there is an efficient way to implement $\psi$ using a tower field representation of \rF_{q^n}. From a practical point of view, the focus of our constructions is small hardware and other resource constrained applications. For such platforms, our constructions compare favourably to previous work