Efficient Implementation on Low-Cost SoC-FPGAs of TLSv1.2 Protocol with ECC_AES Support for Secure IoT Coordinators

Security management for IoT applications is a critical research field, especially when taking into account the performance variation over the very different IoT devices. In this paper, we present high-performance client/server coordinators on low-cost SoC-FPGA devices for secure IoT data collection. Security is ensured by using the Transport Layer Security (TLS) protocol based on the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite. The hardware architecture of the proposed coordinators is based on SW/HW co-design, implementing within the hardware accelerator core Elliptic Curve Scalar Multiplication (ECSM), which is the core operation of Elliptic Curve Cryptosystems (ECC). Meanwhile, the control of the overall TLS scheme is performed in software by an ARM Cortex-A9 microprocessor. In fact, the implementation of the ECC accelerator core around an ARM microprocessor allows not only the improvement of ECSM execution but also the performance enhancement of the overall cryptosystem. The integration of the ARM processor enables to exploit the possibility of embedded Linux features for high system flexibility. As a result, the proposed ECC accelerator requires limited area, with only 3395 LUTs on the Zynq device used to perform high-speed, 233-bit ECSMs in 413 µs, with a 50 MHz clock. Moreover, the generation of a 384-bit TLS handshake secret key between client and server coordinators requires 67.5 ms on a low cost Zynq 7Z007S device

Virtualized Reconfigurable Resources and Their Secured Provision in an Untrusted Cloud Environment

The cloud computing business grows year after year. To keep up with increasing demand and to offer more services, data center providers are always searching for novel architectures. One of them are FPGAs, reconfigurable hardware with high compute power and energy efficiency. But some clients cannot make use of the remote processing capabilities. Not every involved party is trustworthy and the complex management software has potential security flaws. Hence, clients’ sensitive data or algorithms cannot be sufficiently protected. In this thesis state-of-the-art hardware, cloud and security concepts are analyzed and com- bined. On one side are reconfigurable virtual FPGAs. They are a flexible resource and fulfill the cloud characteristics at the price of security. But on the other side is a strong requirement for said security. To provide it, an immutable controller is embedded enabling a direct, confidential and secure transfer of clients’ configurations. This establishes a trustworthy compute space inside an untrusted cloud environment. Clients can securely transfer their sensitive data and algorithms without involving vulnerable software or a data center provider. This concept is implemented as a prototype. Based on it, necessary changes to current FPGAs are analyzed. To fully enable reconfigurable yet secure hardware in the cloud, a new hybrid architecture is required.Das Geschäft mit dem Cloud Computing wächst Jahr für Jahr. Um mit der steigenden Nachfrage mitzuhalten und neue Angebote zu bieten, sind Betreiber von Rechenzentren immer auf der Suche nach neuen Architekturen. Eine davon sind FPGAs, rekonfigurierbare Hardware mit hoher Rechenleistung und Energieeffizienz. Aber manche Kunden können die ausgelagerten Rechenkapazitäten nicht nutzen. Nicht alle Beteiligten sind vertrauenswürdig und die komplexe Verwaltungssoftware ist anfällig für Sicherheitslücken. Daher können die sensiblen Daten dieser Kunden nicht ausreichend geschützt werden. In dieser Arbeit werden modernste Hardware, Cloud und Sicherheitskonzept analysiert und kombiniert. Auf der einen Seite sind virtuelle FPGAs. Sie sind eine flexible Ressource und haben Cloud Charakteristiken zum Preis der Sicherheit. Aber auf der anderen Seite steht ein hohes Sicherheitsbedürfnis. Um dieses zu bieten ist ein unveränderlicher Controller eingebettet und ermöglicht eine direkte, vertrauliche und sichere Übertragung der Konfigurationen der Kunden. Das etabliert eine vertrauenswürdige Rechenumgebung in einer nicht vertrauenswürdigen Cloud Umgebung. Kunden können sicher ihre sensiblen Daten und Algorithmen übertragen ohne verwundbare Software zu nutzen oder den Betreiber des Rechenzentrums einzubeziehen. Dieses Konzept ist als Prototyp implementiert. Darauf basierend werden nötige Änderungen von modernen FPGAs analysiert. Um in vollem Umfang eine rekonfigurierbare aber dennoch sichere Hardware in der Cloud zu ermöglichen, wird eine neue hybride Architektur benötigt

Efficient hardware prototype of ECDSA modules for blockchain applications

This paper concentrates on the hardware implementation of efficient and re- configurable elliptic curve digital signature algorithm (ECDSA) that is suitable for verifying transactions in Blockchain related applications. Despite ECDSA architecture being computationally expensive, the usage of a dedicated stand-alone circuit enables speedy execution of arithmetic operations. The prototype put forth supports N-bit elliptic curve cryptography (ECC) group operations, signature generation and verification over a prime field for any elliptic curve. The research proposes new hardware framework for modular multiplication and modular multiplicative inverse which is adopted for group operations involved in ECDSA. Every hardware design offered are simulated using modelsim register transfer logic (RTL) simulator. Field programmable gate array (FPGA) implementation of var- ious modules within ECDSA circuit is compared with equivalent existing techniques that is both hardware and software based to highlight the superiority of the suggested work. The results showcased prove that the designs implemented are both area and speed efficient with faster execution and less resource utilization while maintaining the same level of security. The suggested ECDSA structure could replace the software equivalent of digital signatures in hardware blockchain to thwart software attacks and to provide better data protection

Prime Field ECDSA Signature Processing for Reconfigurable Embedded Systems

Growing ubiquity and safety relevance of embedded systems strengthen the need to protect their functionality against malicious attacks. Communication and system authentication by digital signature schemes is a major issue in securing such systems. This contribution presents a complete ECDSA signature processing system over prime fields for bit lengths of up to 256 on reconfigurable hardware. By using dedicated hardware implementation, the performance can be improved by up to two orders of magnitude compared to microcontroller implementations. The flexible system is tailored to serve as an autonomous subsystem providing authentication transparent for any application. Integration into a vehicle-to-vehicle communication system is shown as an application example

Elliptical Curve Digital Signatures Algorithm

Elliptical digital signatures algorithm provides security services for resource constrained embedded devices. The ECDSA level security can be enhanced by several parameters as parameter key size and the security level of ECDSA elementary modules such as hash function, elliptic curve point multiplication on koblitz curve which is used to compute public key and a pseudo-random generator which generates key pair generation. This paper describes novel security approach on authentication schemes as a modification of ECDSA scheme. This paper provides a comprehensive survey of recent developments on elliptic curve digital signatures approaches. The survey of ECDSA involves major issues like security of cryptosystem, RFID-tag authentication, Montgomery multiplication over binary fields, Scaling techniques, Signature generation ,signature verification, point addition and point doubling of the different coordinate system and classification. DOI: 10.17762/ijritcc2321-8169.150318

FPGA IMPLEMENTATION OF MODIFIED ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM

With rapid deployment of Internet-of-Things (IoT) devices, security issues related to data transmitted between the devices increases. Thus the integrity of perceptual layer devices is of utmost importance to secure the information being transmitted between the devices. In a secured information system, digital signature generation and verification processes are entirely different from data encryption and decryption processes. Digital signatures are rapidly emerging due to the problems related to data integrity thus playing a crucial role in the authentication process by enabling the sender to attach a signature to the encrypted message. Based on the devices it is beneficial to select an  algorithm showing favorable behavior, therefore Keccak-f [1600] algorithm is best suited for devices having area and cost constraints. In this paper, implementation of the original Elliptic Curve Digital Signature Algorithm and its variants are considered and evaluated in terms of the security level and computational cost. Here the modified ECDSA scheme concepts related to signature generation and verification are similar to the original ECDSA scheme. The computational cost of the Modified ECDSA is reduced by removing inverse operation in key generation and signing phase, also problems related to signature being forged are resolved using hidden generator point concept. Hence the Modified ECDSA is more secure with less computational cost when implemented on FPGA using Verilog HDL. Therefore, this algorithm can be applied for the devices being connected in perceptual layer of the IoT

A Secure and Flexible FPGA–based Blockchain System for IIoTs

Blockchain is a promising solution for Industry 4.0 due to its traceability and immutability. However, blockchain itself does not guarantee the input data integrity. The tampered data from an endpoint device can be a significant problem because it may result in a cascaded negative effect on the whole smart factory operations. In this paper, we propose an FPGA-based private blockchain system for IIoTs, where the transaction generation is performed inside the FPGA in an isolated and enclaved manner. For the key confidentiality and transaction integrity, the proposed system utilizes a PUF, soft processor, and tightly coupled sensor connections inside the FPGA fabric. Since all the critical operations are hidden under the hood, adversaries even with the root privilege cannot intervene in the transaction generation process. The implemented IIoT device provides 33 transactions per minute and consumes a 191 mW of power

A Bio-Crypto Protocol for Password Protection Using ECC

In  information  security the  following security parameters like, integrity , non repudiation and confidentiality , authentication   must be satisfied.  To avoid thievery of organization resources  it needs be secured in more efficient way  and there is always demand  for different levels of security attacks include virus , brute force and Eveadroper  in business that  organizations make use of voice biometrics an attractive low-cost. Voice biometrics is the  cheapest  among the  other biometrics and used all levels for management to buy readily available metric and it is the way of  identifying individuals remotely  with high level of accuracy . In this work, we have been designed a  new  password- authentication approach  that provides security  using voice biometrics for authentication and uses the device  itself into an authenticator which uses  voice itself as its passwords and we are primarily interested in keys that can be temporally reproduced on the same device from the same user’s voice. Public and private keys are generated  randomly from the user's voice  and stored in the voice file(.wav).This Method uses voice recognition , include the operation of  register( recording feature ) or voice prints  and  storing of one or more voice passwords into the  database. It uses ECDSA to perform the authentication process that matching the  voice sample  with the database. The recognition, entity makes the database  to decide that  the sample is matched to perform an operation or not. Our proposed approach  generates cryptographic keys from voice input itself and this algorithm developed an adhoc basis. It can effectively defend  attacks specially brute force attack in system networks