Hardware Implementation of the GPS authentication

In this paper, we explore new area/throughput trade- offs for the Girault, Poupard and Stern authentication protocol (GPS). This authentication protocol was selected in the NESSIE competition and is even part of the standard ISO/IEC 9798. The originality of our work comes from the fact that we exploit a fixed key to increase the throughput. It leads us to implement GPS using the Chapman constant multiplier. This parallel implementation is 40 times faster but 10 times bigger than the reference serial one. We propose to serialize this multiplier to reduce its area at the cost of lower throughput. Our hybrid Chapman's multiplier is 8 times faster but only twice bigger than the reference. Results presented here allow designers to adapt the performance of GPS authentication to their hardware resources. The complete GPS prover side is also integrated in the network stack of the PowWow sensor which contains an Actel IGLOO AGL250 FPGA as a proof of concept.Comment: ReConFig - International Conference on ReConFigurable Computing and FPGAs (2012

Cryptographic Protocols, Sensor Network Key Management, and RFID Authentication

This thesis includes my research on efficient cryptographic protocols, sensor network key management, and radio frequency identification (RFID) authentication protocols. Key exchange, identification, and public key encryption are among the fundamental protocols studied in cryptography. There are two important requirements for these protocols: efficiency and security. Efficiency is evaluated using the computational overhead to execute a protocol. In modern cryptography, one way to ensure the security of a protocol is by means of provable security. Provable security consists of a security model that specifies the capabilities and the goals of an adversary against the protocol, one or more cryptographic assumptions, and a reduction showing that breaking the protocol within the security model leads to breaking the assumptions. Often, efficiency and provable security are not easy to achieve simultaneously. The design of efficient protocols in a strict security model with a tight reduction is challenging. Security requirements raised by emerging applications bring up new research challenges in cryptography. One such application is pervasive communication and computation systems, including sensor networks and radio frequency identification (RFID) systems. Specifically, sensor network key management and RFID authentication protocols have drawn much attention in recent years. In the cryptographic protocol part, we study identification protocols, key exchange protocols, and ElGamal encryption and its variant. A formal security model for challenge-response identification protocols is proposed, and a simple identification protocol is proposed and proved secure in this model. Two authenticated key exchange (AKE) protocols are proposed and proved secure in the extended Canetti-Krawczyk (eCK) model. The proposed AKE protocols achieve tight security reduction and efficient computation. We also study the security of ElGamal encryption and its variant, Damgard’s ElGamal encryption (DEG). Key management is the cornerstone of the security of sensor networks. A commonly recommended key establishment mechanism is based on key predistribution schemes (KPS). Several KPSs have been proposed in the literature. A KPS installs pre-assigned keys to sensor nodes so that two nodes can communicate securely if they share a key. Multi-path key establishment (MPKE) is one component of KPS which enables two nodes without a shared key to establish a key via multiple node-disjoint paths in the network. In this thesis, methods to compute the k-connectivity property of several representative key predistribution schemes are developed. A security model for MPKE and efficient and secure MPKE schemes are proposed. Scalable, privacy-preserving, and efficient authentication protocols are essential for the success of RFID systems. Two such protocols are proposed in this thesis. One protocol uses finite field polynomial operations to solve the scalability challenge. Its security is based on the hardness of the polynomial reconstruction problem. The other protocol improves a randomized Rabin encryption based RFID authentication protocol. It reduces the hardware cost of an RFID tag by using a residue number system in the computation, and it provides provable security by using secure padding schemes

Nuevo marco de autenticación para tarjetas inteligentes en red. Aplicación al pago electrónico en entornos inalámbricos

En la actualidad, la importancia de la seguridad de la Información y de las Comunicaciones resulta incuestionable. En este contexto, la relevancia de la autenticación fiable entre entidades queda también patente en una diversidad de aspectos cotidianos. Por sus cualidades y ventajas como módulo criptográfico, la tarjeta inteligente ha desarrollado un papel fundamental en la autenticación de usuarios. Esta tesis doctoral estudia el proceso de transformación que está atravesando actualmente y que la convierte en un equipo con conectividad a la red, dentro de la Nueva Generación de Tarjetas Inteligentes. De esta evolución, resultan una variedad de implicaciones, que se expanden transversalmente desde el momento que dicha tarjeta se integra en la red. En el presente trabajo se trata dicha integración exclusivamente desde la perspectiva de los mecanismos de autenticación involucrados. Pero, ¿hacia dónde evoluciona esa red?. Una diversidad de redes de acceso, entre las que destacan las tecnologías inalámbricas y los dispositivos multimodo, van a conformar un panorama global del que las tarjetas inteligentes, actuales y futuras, deberán participar. ¿Se pueden hacer más robustos y seguros los esquemas actuales de autenticación remota para éstas?. ¿En qué medida han sido diseñados para ser adaptados a estas nuevas circunstancias?. Esta tesis aborda la problemática de una forma conjunta, atendiendo al esquema de autenticación extremo-a-extremo y plantea un nuevo Marco de Autenticación para Tarjetas Inteligentes en Red bajo cuyo paraguas podemos modelar, analizar e incluso proponer una arquitectura de protocolos de autenticación remota para las tarjetas inteligentes actuales y venideras. Tras el diseño y la implementación acorde con dicha arquitectura y una evaluación de las funcionalidades previstas, se realiza una aplicación sobre un escenario realista de pago electrónico en entornos inalámbricos; por un lado demostrando la viabilidad de la propuesta y, por otro, incidiendo en su versatilidad, que le permite ser robusta ante la transformación que les conduce hacia esa nueva generación