Survey on Lightweight Primitives and Protocols for RFID in Wireless Sensor Networks

The use of radio frequency identification (RFID) technologies is becoming widespread in all kind of wireless network-based applications. As expected, applications based on sensor networks, ad-hoc or mobile ad hoc networks (MANETs) can be highly benefited from the adoption of RFID solutions. There is a strong need to employ lightweight cryptographic primitives for many security applications because of the tight cost and constrained resource requirement of sensor based networks. This paper mainly focuses on the security analysis of lightweight protocols and algorithms proposed for the security of RFID systems. A large number of research solutions have been proposed to implement lightweight cryptographic primitives and protocols in sensor and RFID integration based resource constraint networks. In this work, an overview of the currently discussed lightweight primitives and their attributes has been done. These primitives and protocols have been compared based on gate equivalents (GEs), power, technology, strengths, weaknesses and attacks. Further, an integration of primitives and protocols is compared with the possibilities of their applications in practical scenarios

Hardware Implementation of the GPS authentication

In this paper, we explore new area/throughput trade- offs for the Girault, Poupard and Stern authentication protocol (GPS). This authentication protocol was selected in the NESSIE competition and is even part of the standard ISO/IEC 9798. The originality of our work comes from the fact that we exploit a fixed key to increase the throughput. It leads us to implement GPS using the Chapman constant multiplier. This parallel implementation is 40 times faster but 10 times bigger than the reference serial one. We propose to serialize this multiplier to reduce its area at the cost of lower throughput. Our hybrid Chapman's multiplier is 8 times faster but only twice bigger than the reference. Results presented here allow designers to adapt the performance of GPS authentication to their hardware resources. The complete GPS prover side is also integrated in the network stack of the PowWow sensor which contains an Actel IGLOO AGL250 FPGA as a proof of concept.Comment: ReConFig - International Conference on ReConFigurable Computing and FPGAs (2012

Security and Privacy in Smart Grid

Smart grid utilizes different communication technologies to enhance the reliability and efficiency of the power grid; it allows bi-directional flow of electricity and information, about grid status and customers requirements, among different parties in the grid, i.e., connect generation, distribution, transmission, and consumption subsystems together. Thus, smart grid reduces the power losses and increases the efficiency of electricity generation and distribution. Although smart grid improves the quality of grid's services, it exposes the grid to the cyber security threats that communication networks suffer from in addition to other novel threats because of power grid's nature. For instance, the electricity consumption messages sent from consumers to the utility company via wireless network may be captured, modified, or replayed by adversaries. As a consequent, security and privacy concerns are significant challenges in smart grid. Smart grid upgrade creates three main communication architectures: The first one is the communication between electricity customers and utility companies via various networks; i.e., home area networks (HANs), building area networks (BANs), and neighbour area networks (NANs), we refer to these networks as customer-side networks in our thesis. The second architecture is the communication between EVs and grid to charge/discharge their batteries via vehicle-to-grid (V2G) connection. The last network is the grid's connection with measurements units that spread all over the grid to monitor its status and send periodic reports to the main control center (CC) for state estimation and bad data detection purposes. This thesis addresses the security concerns for the three communication architectures. For customer-side networks, the privacy of consumers is the central concern for these networks; also, the transmitted messages integrity and confidentiality should be guaranteed. While the main security concerns for V2G networks are the privacy of vehicle's owners besides the authenticity of participated parties. In the grid's connection with measurements units, integrity attacks, such as false data injection (FDI) attacks, target the measurements' integrity and consequently mislead the main CC to make the wrong decisions for the grid. The thesis presents two solutions for the security problems in the first architecture; i.e., the customer-side networks. The first proposed solution is security and privacy-preserving scheme in BAN, which is a cluster of HANs. The proposed scheme is based on forecasting the future electricity demand for the whole BAN cluster. Thus, BAN connects to the electricity provider only if the total demand of the cluster is changed. The proposed scheme employs the lattice-based public key NTRU crypto-system to guarantee the confidentiality and authenticity of the exchanged messages and to further reduce the computation and communication load. The security analysis shows that our proposed scheme can achieve the privacy and security requirements. In addition, it efficiently reduces the communication and computation overhead. According to the second solution, it is lightweight privacy-preserving aggregation scheme that permits the smart household appliances to aggregate their readings without involving the connected smart meter. The scheme deploys a lightweight lattice-based homomorphic crypto-system that depends on simple addition and multiplication operations. Therefore, the proposed scheme guarantees the customers' privacy and message integrity with lightweight overhead. In addition, the thesis proposes lightweight secure and privacy-preserving V2G connection scheme, in which the power grid assures the confidentiality and integrity of exchanged information during (dis)charging electricity sessions and overcomes EVs' authentication problem. The proposed scheme guarantees the financial profits of the grid and prevents EVs from acting maliciously. Meanwhile, EVs preserve their private information by generating their own pseudonym identities. In addition, the scheme keeps the accountability for the electricity-exchange trade. Furthermore, the proposed scheme provides these security requirements by lightweight overhead; as it diminishes the number of exchanged messages during (dis)charging sessions. Simulation results demonstrate that the proposed scheme significantly reduces the total communication and computation load for V2G connection especially for EVs. FDI attack, which is one of the severe attacks that threatens the smart grid's efficiency and reliability, inserts fake measurements among the correct ones to mislead CC to make wrong decisions and consequently impact on the grid's performance. In the thesis, we have proposed an FDI attack prevention technique that protects the integrity and availability of the measurements at measurement units and during their transmission to the CC, even with the existence of compromised units. The proposed scheme alleviates the negative impacts of FDI attack on grid's performance. Security analysis and performance evaluation show that our scheme guarantees the integrity and availability of the measurements with lightweight overhead, especially on the restricted-capabilities measurement units. The proposed schemes are promising solutions for the security and privacy problems of the three main communication networks in smart grid. The novelty of these proposed schemes does not only because they are robust and efficient security solutions, but also due to their lightweight communication and computation overhead, which qualify them to be applicable on limited-capability devices in the grid. So, this work is considered important progress toward more reliable and authentic smart grid

Security issues in Internet of Things

The main idea behind the concept of the Internet of Things (IoT) is to connect all kinds of everyday objects, thus enabling them to communicate to each other and enabling people to communicate to them. IoT is an extensive concept that encompasses a wide range of technologies and applications. This document gives an introduction to what the IoT is, its fundamental characteristics and the enabling technologies that are currently being used. However, the technologies for the IoT are still evolving and maturing, leading to major challenges that need to be solved for a successful deployment of the IoT. Security is one of the most significant ones. Security issues may represent the greatest obstacle to general acceptance of the IoT. This document presents an assessment of the IoT security goals, its threats and the security requirements to achieve the goals. A survey on a representative set of already deployed IoT technologies is done to assess the current state of the art with regards to security. For each solution, a description of its functionality, its security options and the issues found in the literature is given. Finally, the common issues are identified and a set of future solutions are given.La idea principal detrás del concepto de Internet de las cosas (IoT) es conectar todo tipo de objetos cotidianos, para permitir comunicarse entre sí y que personas se comuniquen con ellos. IoT es un amplio concepto que abarca una extensa gama de tecnologías y aplicaciones. Este documento da una introducción a lo que es el IoT, sus características fundamentales y las tecnologías que se están utilizando actualmente. Sin embargo, las tecnologías usadas en el IoT todavía están en evolución y madurando, dando lugar a grandes desafíos que deben resolverse para un despliegue exitoso del IoT. La seguridad es uno de las más significativos. Los problemas de seguridad pueden representar el mayor obstáculo para la aceptación general del IoT. Este documento presenta una evaluación de los objetivos de seguridad en el IoT, sus amenazas y los requisitos necesarios para alcanzar dichos objetivos. Se realiza un estudio sobre un conjunto representativo de tecnologías IoT en uso para evaluar su estado actual respecto a la seguridad. Para cada solución, se da una descripción de su funcionalidad, sus protecciones y los problemas encontrados. Finalmente, se identifican los problemas comunes y se dan un conjunto de soluciones futuras.La idea principal darrera del concepte d'Internet de les coses (IoT) és connectar tot tipus d'objectes quotidians, per permetre comunicar-se entre sí i que les persones es comuniquin amb ells. IoT és un ampli concepte que engloba una extensa gamma de tecnologies i aplicacions. Aquest document dona una introducció al que és el IoT, les seves característiques fonamentals i les tecnologies que s'estan utilitzant actualment. No obstant, les tecnologies utilitzades en el IoT encara estan evolucionant i madurant, donant lloc a grans reptes que s'han de resoldre per a un desplegament exitós del IoT. La seguretat és un dels reptes més significatius. Els problemes de seguretat poden representar el major obstacle per l'acceptació general de l'IoT. Aquest document presenta una avaluació dels objectius de seguretat en el Iot, les seves amenaces i els requisits necessaris per assolir aquests objectius. Es realitza un estudi sobre un conjunt representatiu de tecnologies IoT en ús per avaluar el seu estat actual respecte a la seguretat. Per cada solució, es dona una descripció de la seva funcionalitat, les seves proteccions i els problemes trobats. Finalment, s'identifiquen els problemes comuns i es donen un conjunt de solucions futures

Electromagnetic Side-Channel Resilience against Lightweight Cryptography

Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, observations of leakages through physical parameters, i.e., power and electromagnetic (EM) radiation, etc., of digital devices are essential to minimise vulnerabilities associated with cryptographic functions. Compared to costs in the past, performing side-channel attacks using inexpensive test equipment is becoming a reality. Internet-of-Things (IoT) devices are resource-constrained, and lightweight cryptography is a novel approach in progress towards IoT security. Thus, it would provide sufficient data and privacy protection in such a constrained ecosystem. Therefore, cryptanalysis of physical leakages regarding these emerging ciphers is crucial. EM side-channel attacks seem to cause a significant impact on digital forensics nowadays. Within existing literature, power analysis seems to have considerable attention in research whereas other phenomena, such as EM, should continue to be appropriately evaluated in playing a role in forensic analysis.The emphasis of this thesis is on lightweight cryptanalysis. The preliminary investigations showed no Correlation EManalysis (CEMA) of PRESENT lightweight algorithm. The PRESENT is a block cipher that promises to be adequate for IoT devices, and is expected to be used commercially in the future. In an effort to fill in this research gap, this work examines the capabilities of a correlation EM side-channel attack against the PRESENT. For that, Substitution box (S-box) of the PRESENT was targeted for its 1st round with the use of a minimum number of EM waveforms compared to other work in literature, which was 256. The attack indicates the possibility of retrieving 8 bytes of the secret key out of 10 bytes. The experimental process started from a Simple EMA (SEMA) and gradually enhanced up to a CEMA. The thesis presents the methodology of the attack modelling and the observations followed by a critical analysis. Also, a technical review of the IoT technology and a comprehensive literature review on lightweight cryptology are included

The BlueJay Ultra-Lightweight Hybrid Cryptosystem

Abstract—We report on the development of BlueJay, a hybrid Rabin-based public key encryption cryptosystem that is suitable for ultra-lightweight (total 2000-3000 GE) platforms such as microsensors and RFID authentication tags. The design is related to authors ’ Passerine and the Oren-Feldhofer WIPR proposals, but is suitable to a wider array of applications. The encryption mechanism is significantly faster and the implementation more lightweight than RSA (even with public exponent 3) and ECC with the same security level. Hardware implementations of the asymmetric encryption component of the hybrid cryptosystem require less than a thousand gate equivalents in addition to the memory storage required for the payload and public key data. An inexpensive, milliscale MCU SoC BlueJay implementation is reported and compared to RSA-AES on the same platform. The private key operation (not performed by the light-weight device but by the sensor network base station or a data acquisition reader) has roughly the same complexity as the RSA private key operation. I