Sensor-Based Seeds for a Chaotic Stream Cipher

In this paper we have used a surface micromachined capacitive accelerometer in order to generate seeds that are suitable for secure communications between wireless smart sensors for IoT networks. These seeds have then been used in a chaotic stream cipher based on a Modified Logistic Map and a Linear Feedback Shift Register. The sequences generated by the chaotic stream cipher have been subjected to the randomness NIST tests. All the tests have been passed, proving that the proposed approach could be used for secure communications

Application of a MEMS-based TRNG in a chaotic stream cipher

In this work, we used a sensor-based True Random Number Generator in order to generate keys for a stream cipher based on a recently published hybrid algorithm mixing Skew Tent Map and a Linear Feedback Shift Register. The stream cipher was implemented and tested in a Field Programmable Gate Array (FPGA) and was able to generate 8-bit width data streams at a clock frequency of 134 MHz, which is fast enough for Gigabit Ethernet applications. An exhaustive cryptanalysis was completed, allowing us to conclude that the system is secure. The stream cipher was compared with other chaotic stream ciphers implemented on similar platforms in terms of area, power consumption, and throughput

Self-synchronized Encryption for Physical Layer in 10Gbps Optical Links

In this work a new self-synchronized encryption method for 10 Gigabit optical links is proposed and developed. Necessary modifications to introduce this kind of encryption in physical layers based on 64b/66b encoding, such as 10GBase-R, have been considered. The proposed scheme encrypts directly the 64b/66b blocks by using a symmetric stream cipher based on an FPE (Format Preserving Encryption) block cipher operating in PSCFB (Pipelined Statistical Cipher Feedback) mode. One of the main novelties in this paper is the security analysis done for this mode. For the first time, an expression for the IND-CPA (Indistinguishability under Chosen-Plaintext Attack) advantage of any adversary over this scheme has been derived. Moreover, it has been concluded that this mode can be considered secure in the same way of traditional modes are. In addition, the overall system has been simulated and implemented in an FPGA (Field Programmable Gate Array). An encrypted optical link has been tested with Ethernet data frames, concluding that it is possible to cipher traffic at this level, getting maximum throughput and hiding traffic pattern from passive eavesdroppers

A new simple technique for improving the random properties of chaos-based cryptosystems

A new technique for improving the security of chaos-based stream ciphers has been proposed and tested experimentally. This technique manages to improve the randomness properties of the generated keystream by preventing the system to fall into short period cycles due to digitation. In order to test this technique, a stream cipher based on a Skew Tent Map algorithm has been implemented on a Virtex 7 FPGA. The randomness of the keystream generated by this system has been compared to the randomness of the keystream generated by the same system with the proposed randomness-enhancement technique. By subjecting both keystreams to the National Institute of Standards and Technology (NIST) tests, we have proved that our method can considerably improve the randomness of the generated keystreams. In order to incorporate our randomness-enhancement technique, only 41 extra slices have been needed, proving that, apart from effective, this method is also efficient in terms of area and hardware resources

Introduction to Physically Unclonable Fuctions: Properties and Applications

During the last years, Physically Unclonable Functions (PUFs) have become a very important research area in the field of hardware security due to their capability of generating volatile secret keys as well as providing a low-cost authentication. In this paper, an introduction to Physically Unclonable Functions is given, including their definition, properties and applications. Finally, as an example of how to design a PUF, the general structure of a ring oscillator PUF is presented

Physical Layer Encryption for Industrial Ethernet in Gigabit Optical Links

Industrial Ethernet is a technology widely spread in factory floors and critical infrastructures where a high amount of data need to be collected and transported. Fiber optic networks at gigabit rates fit well with that type of environment, where speed, system performance, and reliability are critical. In this paper, a new encryption method for high-speed optical communications suitable for such kinds of networks is proposed. This new encryption method consists of a symmetric streaming encryption of the 8b/10b data flow at physical coding sublayer level. It is carried out thanks to a format preserving encryption block cipher working in CTR (counter) mode. The overall system has been simulated and implemented in a field programmable gate array. Thanks to experimental results, it can be concluded that it is possible to cipher traffic at this physical level in a secure way. In addition, no overhead is introduced during encryption, getting minimum latency and maximum throughput

A New Approach to Analysis the Security of Compensated Measuring PUFs

In this paper we perform an entropy analysis and probability distribution analysis over simulated PUFs operating under a compensated measuring digitization scheme. The behavior of the PUFs have been simulated by generating a set of pseudorandom numbers uniformly distributed, which simulate the measured parameters, using the definition of the so called "topology of the PUF", i.e. the way in which different parameter measurements are compared to obtain a digital binary output. At this respect, we prove the existence of a shortcoming in the most commonly used PUF topologies. as well as provide some guidelines to overcome it

Chaotic Encryption Applied to Optical Ethernet in Industrial Control Systems

In the past decades, Ethernet has become an alternative technology for the field buses traditionally used in industrial control systems and distributed measurement systems. Among different transmission media in Ethernet standards, optical fiber provides the best bandwidth, excellent immunity to electromagnetic interference, and less signal loses than other wired media. Due to the absence of a standard that provides security at the physical layer of optical Ethernet links, the main motivation of this paper is to propose and implement the necessary modifications to introduce encryption in Ethernet 1000Base-X standard. This has consisted of symmetric streaming encryption of the 8b10b symbols flow at physical coding sublayer level, thanks to a keystream generator based on chaotic algorithm. The overall system has been implemented and tested in an field programmable gate array and Ethernet traffic has been encrypted and transmitted over an optical link. The experimental results show that it is possible to cipher traffic at this level and hide the complete Ethernet traffic pattern from passive eavesdroppers. In addition, no space overhead is introduced in data frames during encryption, achieving the maximum throughput

A new method for format preserving encryption in high-data rate communications

In some encryption systems it is necessary to preserve the format and length of the encrypted data. This kind of encryption is called FPE (Format Preserving Encryption). Currently, only two AES (Advanced Encryption Standard) modes of operation recommended by the NIST (National Institute of Standards and Technology) are able to implement FPE algorithms, FF1 and FF3. These modes work in an electronic codebook fashion and can be configured to encrypt databases with an arbitrary format and length. However, there are no stream cipher proposals able to implement FPE encryption for high data rate information flows. The main novelty of this work is a new block cipher operation mode proposal to implement an FPE algorithm in a stream cipher fashion. It has been called CTR-MOD and it is based on a standard block cipher working in CTR (Counter) mode and a modulo operation. The confidentiality of this mode is analyzed in terms of its IND- CPA (Indistinguishability under Chosen Plaintext Attack) advantage of any adversary attacking it. Moreover, the encryption scheme has been implemented on an FPGA (Field Programmable Gate Array) and has been integrated in a Gigabit Ethernet interface to test an encrypted optical link with a real high data rate traffic flow

Chaotic Encryption for 10-Gb Ethernet Optical Links

In this paper, a new physical layer encryption method for optical 10-Gb Ethernet links is proposed. Necessary modifications to introduce encryption in Ethernet 10GBase-R standard have been considered. This security enhancement has consisted of a symmetric streaming encryption of the 64b/66b data flow at physical coding sublayer level thanks to two keystream generators based on a chaotic algorithm. The overall system has been implemented and tested in a field programmable gate array. Ethernet traffic has been encrypted, transmitted, and decrypted over a multimode optical link. Experimental results are analyzed concluding that it is possible to cipher traffic at this level and hide the complete Ethernet traffic pattern from any passive eavesdropper. In addition, no overhead is introduced during encryption, getting no losses in the total throughput