On the Exploitation of a High-throughput SHA-256 FPGA Design for HMAC

High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSec's performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMAC's performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing core that exceeds 11Gbps (after place and route in Xilinx Virtex 6 board)

Design and Implementation of Lightweight Certificateless Secure Communication Scheme on Industrial NFV-Based IPv6 Virtual Networks

With the fast growth of the Industrial Internet of Everything (IIoE), computing and telecommunication industries all over the world are moving rapidly towards the IPv6 address architecture, which supports virtualization architectures such as Network Function Virtualization (NFV). NFV provides networking services like routing, security, storage, etc., through software-based virtual machines. As a result, NFV reduces equipment costs. Due to the increase in applications on Industrial Internet of Things (IoT)-based networks, security threats have also increased. The communication links between people and people or from one machine to another machine are insecure. Usually, critical data are exchanged over the IoE, so authentication and confidentiality are significant concerns. Asymmetric key cryptosystems increase computation and communication overheads. This paper proposes a lightweight and certificateless end-to-end secure communication scheme to provide security services against replay attacks, man-in-the-middle (MITM) attacks, and impersonation attacks with low computation and communication overheads. The system is implemented on Linux-based Lubuntu 20.04 virtual machines using Java programming connected to NFV-based large-scale hybrid IPv4-IPv6 virtual networks. Finally, we compare the performance of our proposed security scheme with existing schemes based on the computation and communication costs. In addition, we measure and analyze the performance of our proposed secure communication scheme over NFV-based virtualized networks with regard to several parameters like end-to-end delay and packet loss. The results of our comparison with existing security schemes show that our proposed security scheme reduces the computation cost by 38.87% and the communication cost by 26.08%

Area-throughput trade-offs for SHA-1 and SHA-256 hash functions’ pipelined designs

High-throughput designs of hash functions are strongly demanded due to the need for security in every transmitted packet of worldwide e-transactions. Thus, optimized and non-optimized pipelined architectures have been proposed raising, however, important questions. Which is the optimum number of the pipeline stages? Is it worth to develop optimized designs or could the same results be achieved by increasing only the pipeline stages of the non-optimized designs? The paper answers the above questions studying extensively many pipelined architectures of SHA-1 and SHA-256 hashes, implemented in FPGAs, in terms of throughput/area (T/A) factor. Also, guides for developing efficient security schemes designs are provided. Read More: https://www.worldscientific.com/doi/abs/10.1142/S021812661650032

NSA Suite-B Cryptography algorithms

Tato bakalářská práce s názvem Skupina algoritmů NSA Suite B Cryptography se zabývá algoritmy, které obsahuje sada Suite B. Ty slouží k větší ochraně dat a bezpečnosti při jejich přenosu přes nezabezpečené prostředí internetu. Dále obsahuje rozbor těchto algoritmů, jejich šifrování, dešifrování, tvorbu hashe, výměnu klíčů, vytvoření podpisu a jeho ověřování. Algoritmy jsou porovnávány s ostatními, s již zastaralými nebo stále používanými. Následuje popis několika protokolů, které ke své činnosti využívají zmíněné algoritmy. Výstup z praktické části je webová prezentace, která může sloužit i jako výukový materiál.This thesis entitled Algorithms Group SuiteB NSA Cryptography deals with algorithms, which are included in the set SuiteB. They serve to increase data protection and security during their transmission over an unsecured Internet environment. It also contains analysis of these algorithms, the encryption, decryption, creating hashes, key exchange, creating a signature and its verification. The algorithms are compared with others, already obsolete, or still used. The following are protocols using these algorithms. Output from the practical part is a web presentation that can serve as a teaching material.

FPGA-Based Testbed for Fault Injection on SHA-256

In real world applications, cryptographic algorithms are implemented in hardware or software on specific devices. An active attacker may inject faults during the computation process and careful analysis of faulty results can potentially leak secret information. These kinds of attacks known as fault injection attacks may have devastating effects in the field of hardware and embedded cryptography. This research proposes a partial implementation of SHA-256 along with an onboard fault injection circuit implemented on an FPGA. The proposed fault injection circuit is used to generate glitches in the clock to induce a setup time violation in the circuit and thereby produce error(s) in the output. The main objective of this research is to study the viability of fault injection using the clock glitches on the SHA-256

Visually Managing IPsec

The United States Air Force relies heavily on computer networks to transmit vast amounts of information throughout its organizations and with agencies throughout the Department of Defense. The data take many forms, utilize different protocols, and originate from various platforms and applications. It is not practical to apply security measures specific to individual applications, platforms, and protocols. Internet Protocol Security (IPsec) is a set of protocols designed to secure data traveling over IP networks, including the Internet. By applying security at the network layer of communications, data packets can be secured regardless of what application generated the data or which protocol is used to transport it. However, the complexity of managing IPsec on a production network, particularly using the basic command-line tools available today, is the limiting factor to widespread deployment. This thesis explores several visualizations of IPsec data, evaluates the viability of using visualization to represent and manage IPsec, and proposes an interface for a visual IPsec management application to simplify IPsec management and make this powerful security option more accessible to the information warfighter

Scan-based Side-channel Attacks against Cryptographic and Hash Function Integrated Circuits

早大学位記番号:新8549早稲田大

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

A Security Framework for Routing Protocols

With the rise in internet traffic surveillance and monitoring activities, the routing infrastructure has become an obvious target of attack as compromised routers can be used to stage large scale attacks. Routing protocols are also subjected to various threats such as capture and replay of packets that disclose the network information, forged routing control messages that may compromise a connection by deception, disruption of an on-going connection causing DoS attacks and spreading of unauthentic routing information in the network. Presently, strong cryptographic suites and key management mechanisms (IPsec and IKE) are available to secure host-to-host data communication but none of them focus on securing routing protocols. Today's routing protocols use a shared secret to perform mutual authentication and authorization, and depend on manual keying methods. For message integrity, they either rely on some built-in or external security feature that uses the same shared secret. The KARP working group of the IETF identified that the work is required to tighten the security of the routing protocols and demonstrated that automated key management solutions are needed for increasing security. Towards this goal we propose the RPsec framework. RPsec provides a common baseline for development of KMPs for the routing protocols, supports both automated and manual key management, and overcomes the weakness of existing manual key methods