Enhanced FPGA Implementation of the Hummingbird Cryptographic Algorithm

Hummingbird is a novel ultra-lightweight cryptographic algorithm aiming at resource-constrained devices. In this work, an enhanced hardware implementation of the Hummingbird cryptographic algorithm for low-cost Spartan-3 FPGA family is described. The enhancement is due to the introduction of the coprocessor approach. Note that all Virtex and Spartan FPGAs consist of many embedded memory blocks and this work explores the use of these functional blocks. The intrinsic serialism of the algorithm is exploited so that each step performs just one operation on the data. We compare our performance results with other reported FPGA implementations of the lightweight cryptographic algorithms. As far as author’s knowledge, this work presents the smallest and the most efficient FPGA implementation of the Hummingbird cryptographic algorithm

Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks

As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices. Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device. Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level. As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations. In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4×4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method

Security in 1-wire system : case study : Home automation /

La automatización de viviendas es un campo de la tecnología que siempre se encuentra en crecimiento, desarrollando sistemas que reducen los costos de los dispositivos. Por esto, se ha logrado que la domótica esté al alcance de todos. Desde la aparición de productos que permiten crear tu propio sistema domótico, y la reciente popularidad que ha tenido el Internet de las cosas (IoT), la industria de la automatización de viviendas ha cambiado mucho. Tener la habilidad de controlar dispositivos a través de Internet crea numerosas vulnerabilidades al sistema, permitiendo a un atacante controlar y ver todo lo que ocurre. En este trabajo se estudia un sistema domótico que usa 1-wire como protocolo de comunicación. Originalmente, el sistema carece de seguridad. Nuestro objetivo es implementar seguridad de la información a través de la encriptación de los comandos del sistema, para así poder proveer Confidencialidad, Integridad y Disponibilidad (CIA). Los resultados muestran no sólo la implementación exitosa del módulo criptográfico dentro del sistema domótico para proveer seguridad, sino que también se demuestra que añadir este proceso no afectaría el modo en que el usuario maneja sus dispositivos.Incluye referencias bibliográfica

Improved Lightweight Implementations of CAESAR Authenticated Ciphers

Authenticated ciphers offer potential benefits to resource-constrained devices in the Internet of Things (IoT). The CAESAR competition seeks optimal authenticated ciphers based on several criteria, including performance in resource-constrained (i.e., low-area, low-power, and low-energy) hardware. Although the competition specified a ”lightweight” use case for Round 3, most hardware submissions to Round 3 were not lightweight implementations, in that they employed architectures optimized for best throughput-to-area (TP/A) ratio, and used the Pre- and PostProcessor modules from the CAE-SAR Hardware (HW) Development Package designed for high-speed applications. In this research, we provide true lightweight implementations of selected ciphers (ACORN, NORX, CLOC-AES, SILC-AES, and SILC-LED). These implementations use an improved version of the CAESAR HW DevelopmentPackage designed for lightweight applications, and are fully compliant with the CAESAR HW Application programming interface for Authenticated Ciphers. Our lightweight implementations achieve an average of 55% reduction in area and40% reduction in power compared to their corresponding high-speed versions. Although the average energy per bit of lightweight ciphers increases by a factor of 3.6, the lightweight version of NORX actually uses 47% less energy per bit than its corresponding high-speed implementation

Secured authentication of radio-frequency identification system using PRESENT block cipher

The internet of things (IoT) is an emerging and robust technology to interconnect billions of objects or devices via the internet to communicate smartly. The radio frequency identification (RFID) system plays a significant role in IoT systems, providing most features like mutual establishment, key establishment, and data confidentiality. This manuscript designed secure authentication of IoT-based RFID systems using the light-weight PRESENT algorithm on the hardware platform. The PRESENT-256 block cipher is considered in this work, and it supports 64-bit data with a 256-key length. The PRESENT-80/128 cipher is also designed along with PRESENT-256 at electronic codebook (ECB) mode for Secured mutual authentication between RFID tag and reader for IoT applications. The secured authentication is established in two stages: Tag recognition from reader, mutual authentication between tag and reader using PRESENT-80/128/256 cipher modules. The complete secured authentication of IoT-based RFID system simulation results is verified using the chip-scope tool with field-programmable gate array (FPGA) results. The comparative results for PRESENT block cipher with existing PRESENT ciphers and other light-weight algorithms are analyzed with resource improvements. The proposed secured authentication work is compared with similar RFID-mutual authentication (MA) approaches with better chip area and frequency improvements

Implementation of Data encryption & decryption using DES Algorithm

Security is one of the most important fields to be considered for data secrecy & confidentiality many small scale applications like health-monitoring and biometric data-based recognition system need low or short-term security. Data encryption standard (DES) is one of the lightweight cryptographic algorithms to be considered for such applications. DES is itself simpler & effective algorithm for data encryption & decryption. A single architecture is used to perform encryption & decryption operation. As per the need same architecture performs both encryption & decryption operation. A multiplexer-based architecture is used known as substitution boxes (S-Box). The architecture used here is modelled Verilog HDL language and synthesized in the Xilinx device. To further enhance the security concept of dynamic key generation is implemented

An overview of memristive cryptography

Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras, and wearables. In this article, the current state of memristive cryptography is placed in the context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on "Memristor-based systems: Nonlinearity, dynamics and applicatio

A Lightweight Cryptographic System for Implantable Biosensors

This paper presents a lightweight cryptographic system integrated onto a multi-function implantable biosensor prototype. The resulting heterogeneous system provides a unique and fundamental capability by immediately encrypting and signing the sensor data upon its creation within the body. By providing these security services directly on the implantable sensor, a number of low-level attacks can be prevented. This design uses the recently standardized SHA-3 Keccak secure hash function implemented in an authenticated encryption mode. The security module consists of the DuplexSponge security core and the interface wrapper. The security core occupies only 1550 gate- equivalents, which is the smallest authenticated encryption core reported to date. The circuit is fabricated using 0.18 μm CMOS technology and uses a supply voltage of 1.8 V. The simulated power consumption of the complete cryptosystem with a 500 KHz clock is below 7 μW