Digital Design of New Chaotic Ciphers for Ethernet Traffic

Durante los últimos años, ha habido un gran desarrollo en el campo de la criptografía, y muchos algoritmos de encriptado así como otras funciones criptográficas han sido propuestos.Sin embargo, a pesar de este desarrollo, hoy en día todavía existe un gran interés en crear nuevas primitivas criptográficas o mejorar las ya existentes. Algunas de las razones son las siguientes:• Primero, debido el desarrollo de las tecnologías de la comunicación, la cantidad de información que se transmite está constantemente incrementándose. En este contexto, existen numerosas aplicaciones que requieren encriptar una gran cantidad de datos en tiempo real o en un intervalo de tiempo muy reducido. Un ejemplo de ello puede ser el encriptado de videos de alta resolución en tiempo real. Desafortunadamente, la mayoría de los algoritmos de encriptado usados hoy en día no son capaces de encriptar una gran cantidad de datos a alta velocidad mientras mantienen altos estándares de seguridad.• Debido al gran aumento de la potencia de cálculo de los ordenadores, muchos algoritmos que tradicionalmente se consideraban seguros, actualmente pueden ser atacados por métodos de “fuerza bruta” en una cantidad de tiempo razonable. Por ejemplo, cuando el algoritmo de encriptado DES (Data Encryption Standard) fue lanzado por primera vez, el tamaño de la clave era sólo de 56 bits mientras que, hoy en día, el NIST (National Institute of Standards and Technology) recomienda que los algoritmos de encriptado simétricos tengan una clave de, al menos, 112 bits. Por otro lado, actualmente se está investigando y logrando avances significativos en el campo de la computación cuántica y se espera que, en el futuro, se desarrollen ordenadores cuánticos a gran escala. De ser así, se ha demostrado que algunos algoritmos que se usan actualmente como el RSA (Rivest Shamir Adleman) podrían ser atacados con éxito.• Junto al desarrollo en el campo de la criptografía, también ha habido un gran desarrollo en el campo del criptoanálisis. Por tanto, se están encontrando nuevas vulnerabilidades y proponiendo nuevos ataques constantemente. Por consiguiente, es necesario buscar nuevos algoritmos que sean robustos frente a todos los ataques conocidos para sustituir a los algoritmos en los que se han encontrado vulnerabilidades. En este aspecto, cabe destacar que algunos algoritmos como el RSA y ElGamal están basados en la suposición de que algunos problemas como la factorización del producto de dos números primos o el cálculo de logaritmos discretos son difíciles de resolver. Sin embargo, no se ha descartado que, en el futuro, se puedan desarrollar algoritmos que resuelvan estos problemas de manera rápida (en tiempo polinomial).• Idealmente, las claves usadas para encriptar los datos deberían ser generadas de manera aleatoria para ser completamente impredecibles. Dado que las secuencias generadas por generadores pseudoaleatorios, PRNGs (Pseudo Random Number Generators) son predecibles, son potencialmente vulnerables al criptoanálisis. Por tanto, las claves suelen ser generadas usando generadores de números aleatorios verdaderos, TRNGs (True Random Number Generators). Desafortunadamente, los TRNGs normalmente generan los bits a menor velocidad que los PRNGs y, además, las secuencias generadas suelen tener peores propiedades estadísticas, lo que hace necesario que pasen por una etapa de post-procesado. El usar un TRNG de baja calidad para generar claves, puede comprometer la seguridad de todo el sistema de encriptado, como ya ha ocurrido en algunas ocasiones. Por tanto, el diseño de nuevos TRNGs con buenas propiedades estadísticas es un tema de gran interés.En resumen, es claro que existen numerosas líneas de investigación en el ámbito de la criptografía de gran importancia. Dado que el campo de la criptografía es muy amplio, esta tesis se ha centra en tres líneas de investigación: el diseño de nuevos TRNGs, el diseño de nuevos cifradores de flujo caóticos rápidos y seguros y, finalmente, la implementación de nuevos criptosistemas para comunicaciones ópticas Gigabit Ethernet a velocidades de 1 Gbps y 10 Gbps. Dichos criptosistemas han estado basados en los algoritmos caóticos propuestos, pero se han adaptado para poder realizar el encriptado en la capa física, manteniendo el formato de la codificación. De esta forma, se ha logrado que estos sistemas sean capaces no sólo de encriptar los datos sino que, además, un atacante no pueda saber si se está produciendo una comunicación o no. Los principales aspectos cubiertos en esta tesis son los siguientes:• Estudio del estado del arte, incluyendo los algoritmos de encriptado que se usan actualmente. En esta parte se analizan los principales problemas que presentan los algoritmos de encriptado standard actuales y qué soluciones han sido propuestas. Este estudio es necesario para poder diseñar nuevos algoritmos que resuelvan estos problemas.• Propuesta de nuevos TRNGs adecuados para la generación de claves. Se exploran dos diferentes posibilidades: el uso del ruido generado por un acelerómetro MEMS (Microelectromechanical Systems) y el ruido generado por DNOs (Digital Nonlinear Oscillators). Ambos casos se analizan en detalle realizando varios análisis estadísticos a secuencias obtenidas a distintas frecuencias de muestreo. También se propone y se implementa un algoritmo de post-procesado simple para mejorar la aleatoriedad de las secuencias generadas. Finalmente, se discute la posibilidad de usar estos TRNGs como generadores de claves. • Se proponen nuevos algoritmos de encriptado que son rápidos, seguros y que pueden implementarse usando una cantidad reducida de recursos. De entre todas las posibilidades, esta tesis se centra en los sistemas caóticos ya que, gracias a sus propiedades intrínsecas como la ergodicidad o su comportamiento similar al comportamiento aleatorio, pueden ser una buena alternativa a los sistemas de encriptado clásicos. Para superar los problemas que surgen cuando estos sistemas son digitalizados, se proponen y estudian diversas estrategias: usar un sistema de multi-encriptado, cambiar los parámetros de control de los sistemas caóticos y perturbar las órbitas caóticas.• Se implementan los algoritmos propuestos. Para ello, se usa una FPGA Virtex 7. Las distintas implementaciones son analizadas y comparadas, teniendo en cuenta diversos aspectos tales como el consumo de potencia, uso de área, velocidad de encriptado y nivel de seguridad obtenido. Uno de estos diseños, se elige para ser implementado en un ASIC (Application Specific Integrate Circuit) usando una tecnología de 0,18 um. En cualquier caso, las soluciones propuestas pueden ser también implementadas en otras plataformas y otras tecnologías.• Finalmente, los algoritmos propuestos se adaptan y aplican a comunicaciones ópticas Gigabit Ethernet. En particular, se implementan criptosistemas que realizan el encriptado al nivel de la capa física para velocidades de 1 Gbps y 10 Gbps. Para realizar el encriptado en la capa física, los algoritmos propuestos en las secciones anteriores se adaptan para que preserven el formato de la codificación, 8b/10b en el caso de 1 Gb Ethernet y 64b/10b en el caso de 10 Gb Ethernet. En ambos casos, los criptosistemas se implementan en una FPGA Virtex 7 y se diseña un set experimental, que incluye dos módulos SFP (Small Form-factor Pluggable) capaces de transmitir a una velocidad de hasta 10.3125 Gbps sobre una fibra multimodo de 850 nm. Con este set experimental, se comprueba que los sistemas de encriptado funcionan correctamente y de manera síncrona. Además, se comprueba que el encriptado es bueno (pasa todos los test de seguridad) y que el patrón del tráfico de datos está oculto.<br /

A new simple technique for improving the random properties of chaos-based cryptosystems

A new technique for improving the security of chaos-based stream ciphers has been proposed and tested experimentally. This technique manages to improve the randomness properties of the generated keystream by preventing the system to fall into short period cycles due to digitation. In order to test this technique, a stream cipher based on a Skew Tent Map algorithm has been implemented on a Virtex 7 FPGA. The randomness of the keystream generated by this system has been compared to the randomness of the keystream generated by the same system with the proposed randomness-enhancement technique. By subjecting both keystreams to the National Institute of Standards and Technology (NIST) tests, we have proved that our method can considerably improve the randomness of the generated keystreams. In order to incorporate our randomness-enhancement technique, only 41 extra slices have been needed, proving that, apart from effective, this method is also efficient in terms of area and hardware resources

Digital Implementation of an Improved LTE Stream Cipher Snow-3G Based on Hyperchaotic PRNG

SNOW-3G is a stream cipher used by the 3GPP standards as the core part of the confidentiality and integrity algorithms for UMTS and LTE networks. This paper proposes an enhancement of the regular SNOW-3G ciphering algorithm based on HC-PRNG. The proposed cipher scheme is based on hyperchaotic generator which is used as an additional layer to the SNOW-3G architecture to improve the randomness of its output keystream. The objective of this work is to achieve a high security strength of the regular SNOW-3G algorithm while maintaining its standardized properties. The originality of this new scheme is that it provides a good trade-off between good randomness properties, performance, and hardware resources. Numerical simulations, hardware digital implementation, and experimental results using Xilinx FPGA Virtex technology have demonstrated the feasibility and the efficiency of our secure solution while promising technique can be applied to secure the new generation mobile standards. Thorough analysis of statistical randomness is carried out demonstrating the improved statistical randomness properties of the new scheme compared to the standard SNOW-3G, while preserving its resistance against cryptanalytic attacks

Analysis and Design Security Primitives Based on Chaotic Systems for eCommerce

Security is considered the most important requirement for the success of electronic commerce, which is built based on the security of hash functions, encryption algorithms and pseudorandom number generators. Chaotic systems and security algorithms have similar properties including sensitivity to any change or changes in the initial parameters, unpredictability, deterministic nature and random-like behaviour. Several security algorithms based on chaotic systems have been proposed; unfortunately some of them were found to be insecure and/or slow. In view of this, designing new secure and fast security algorithms based on chaotic systems which guarantee integrity, authentication and confidentiality is essential for electronic commerce development. In this thesis, we comprehensively explore the analysis and design of security primitives based on chaotic systems for electronic commerce: hash functions, encryption algorithms and pseudorandom number generators. Novel hash functions, encryption algorithms and pseudorandom number generators based on chaotic systems for electronic commerce are proposed. The securities of the proposed algorithms are analyzed based on some well-know statistical tests in this filed. In addition, a new one-dimensional triangle-chaotic map (TCM) with perfect chaotic behaviour is presented. We have compared the proposed chaos-based hash functions, block cipher and pseudorandom number generator with well-know algorithms. The comparison results show that the proposed algorithms are better than some other existing algorithms. Several analyses and computer simulations are performed on the proposed algorithms to verify their characteristics, confirming that these proposed algorithms satisfy the characteristics and conditions of security algorithms. The proposed algorithms in this thesis are high-potential for adoption in e-commerce applications and protocols

Chaotic Encryption for 10-Gb Ethernet Optical Links

In this paper, a new physical layer encryption method for optical 10-Gb Ethernet links is proposed. Necessary modifications to introduce encryption in Ethernet 10GBase-R standard have been considered. This security enhancement has consisted of a symmetric streaming encryption of the 64b/66b data flow at physical coding sublayer level thanks to two keystream generators based on a chaotic algorithm. The overall system has been implemented and tested in a field programmable gate array. Ethernet traffic has been encrypted, transmitted, and decrypted over a multimode optical link. Experimental results are analyzed concluding that it is possible to cipher traffic at this level and hide the complete Ethernet traffic pattern from any passive eavesdropper. In addition, no overhead is introduced during encryption, getting no losses in the total throughput

Digital Communication System with High Security and High Immunity

Today, security issues are increased due to huge data transmissions over communication media such as mobile phones, TV cables, online games, Wi-Fi and satellite transmission etc. for uses such as medical, military or entertainment. This creates a challenge for government and commercial companies to keep these data transmissions secure. Traditional secure ciphers, either block ciphers such as Advanced Encryption Standard (AES) or stream ciphers, are not fast or completely secure. However, the unique properties of a chaotic system, such as structure complexity, deterministic dynamics, random output response and extreme sensitivity to the initial condition, make it motivating for researchers in the field of communication system security. These properties establish an increased relationship between chaos and cryptography that create strong and fast cipher compared to conventional algorithms, which are weak and slow ciphers. Additionally, chaotic synchronisation has sparked many studies on the application of chaos in communication security, for example, the chaotic synchronisation between two different systems in which the transmitter (master system) is driving the receiver (slave system) by its output signal. For this reason, it is essential to design a secure communication system for data transmission in noisy environments that robust to different types of attacks (such as a brute force attack). In this thesis, a digital communication system with high immunity and security, based on a Lorenz stream cipher chaotic signal, has been perfectly applied. A new cryptosystem approach based on Lorenz chaotic systems was designed for secure data transmission. The system uses a stream cipher, in which the encryption key varies continuously in a chaotic manner. Furthermore, one or more of the parameters of the Lorenz generator is controlled by an auxiliary chaotic generator for increased security. In this thesis, the two Lorenz chaotic systems are called the Main Lorenz Generator and the Auxiliary Lorenz Generator. The system was designed using the SIMULINK tool. The system performance in the presence of noise was tested, and the simulation results are provided. Then, the clock-recovery technique is presented, with real-time results of the clock recovery. The receiver demonstrated its ability to recover and lock the clock successfully. Furthermore, the technique for synchronisation between two separate FPGA boards (transmitter and receiver) is detailed, in which the master system transmits specific data to trigger a slave system in order to run synchronously. The real-time results are provided, which show the achieved synchronisation. The receiver was able to recover user data without error, and the real-time results are listed. The randomness test (NIST) results of the Lorenz chaotic signals are also given. Finally, the security analysis determined the system to have a high degree of security compared to other communication systems

Enhanced Hardware Security Using Charge-Based Emerging Device Technology

The emergence of hardware Trojans has largely reshaped the traditional view that the hardware layer can be blindly trusted. Hardware Trojans, which are often in the form of maliciously inserted circuitry, may impact the original design by data leakage or circuit malfunction. Hardware counterfeiting and IP piracy are another two serious issues costing the US economy more than $200 billion annually. A large amount of research and experimentation has been carried out on the design of these primitives based on the currently prevailing CMOS technology. However, the security provided by these primitives comes at the cost of large overheads mostly in terms of area and power consumption. The development of emerging technologies provides hardware security researchers with opportunities to utilize some of the otherwise unusable properties of emerging technologies in security applications. In this dissertation, we will include the security consideration in the overall performance measurements to fully compare the emerging devices with CMOS technology. The first approach is to leverage two emerging devices (Silicon NanoWire and Graphene SymFET) for hardware security applications. Experimental results indicate that emerging device based solutions can provide high level circuit protection with relatively lower performance overhead compared to conventional CMOS counterpart. The second topic is to construct an energy-efficient DPA-resilient block cipher with ultra low-power Tunnel FET. Current-mode logic is adopted as a circuit-level solution to countermeasure differential power analysis attack, which is mostly used in the cryptographic system. The third investigation targets on potential security vulnerability of foundry insider\u27s attack. Split manufacturing is adopted for the protection on radio-frequency (RF) circuit design

Digital Communication System with High Security and High Immunity

Today, security issues are increased due to huge data transmissions over communication media such as mobile phones, TV cables, online games, Wi-Fi and satellite transmission etc. for uses such as medical, military or entertainment. This creates a challenge for government and commercial companies to keep these data transmissions secure. Traditional secure ciphers, either block ciphers such as Advanced Encryption Standard (AES) or stream ciphers, are not fast or completely secure. However, the unique properties of a chaotic system, such as structure complexity, deterministic dynamics, random output response and extreme sensitivity to the initial condition, make it motivating for researchers in the field of communication system security. These properties establish an increased relationship between chaos and cryptography that create strong and fast cipher compared to conventional algorithms, which are weak and slow ciphers. Additionally, chaotic synchronisation has sparked many studies on the application of chaos in communication security, for example, the chaotic synchronisation between two different systems in which the transmitter (master system) is driving the receiver (slave system) by its output signal. For this reason, it is essential to design a secure communication system for data transmission in noisy environments that robust to different types of attacks (such as a brute force attack). In this thesis, a digital communication system with high immunity and security, based on a Lorenz stream cipher chaotic signal, has been perfectly applied. A new cryptosystem approach based on Lorenz chaotic systems was designed for secure data transmission. The system uses a stream cipher, in which the encryption key varies continuously in a chaotic manner. Furthermore, one or more of the parameters of the Lorenz generator is controlled by an auxiliary chaotic generator for increased security. In this thesis, the two Lorenz chaotic systems are called the Main Lorenz Generator and the Auxiliary Lorenz Generator. The system was designed using the SIMULINK tool. The system performance in the presence of noise was tested, and the simulation results are provided. Then, the clock-recovery technique is presented, with real-time results of the clock recovery. The receiver demonstrated its ability to recover and lock the clock successfully. Furthermore, the technique for synchronisation between two separate FPGA boards (transmitter and receiver) is detailed, in which the master system transmits specific data to trigger a slave system in order to run synchronously. The real-time results are provided, which show the achieved synchronisation. The receiver was able to recover user data without error, and the real-time results are listed. The randomness test (NIST) results of the Lorenz chaotic signals are also given. Finally, the security analysis determined the system to have a high degree of security compared to other communication systems