20 research outputs found
Efficient and Secure Group Key Management in IoT using Multistage Interconnected PUF
Secure group-oriented communication is crucial to a wide range of
applications in Internet of Things (IoT). Security problems related to
group-oriented communications in IoT-based applications placed in a
privacy-sensitive environment have become a major concern along with the
development of the technology. Unfortunately, many IoT devices are designed to
be portable and light-weight; thus, their functionalities, including security
modules, are heavily constrained by the limited energy resources (e.g., battery
capacity). To address these problems, we propose a group key management scheme
based on a novel physically unclonable function (PUF) design: multistage
interconnected PUF (MIPUF) to secure group communications in an
energy-constrained environment. Our design is capable of performing key
management tasks such as key distribution, key storage and rekeying securely
and efficiently. We show that our design is secure against multiple attack
methods and our experimental results show that our design saves 47.33% of
energy globally comparing to state-of-the-art Elliptic-curve cryptography
(ECC)-based key management scheme on average.Comment: 6 pages, 4 figures, International Symposium on Low Power Electronics
and Desig
IPsec-Protected Transport of HDTV over IP
Bandwidth-intensive applications compete directly with the operating system's network stack for CPU cycles. This is particularly true when the stack performs security protocols such as IPsec; the additional load of complex cryptographic transforms overwhelms modern CPUs when data rates exceed 100 Mbps. This paper describes a network-processing accelerator which overcomes these bottlenecks by offloading packet processing and cryptographic transforms to an intelligent interface card. The system achieves sustained 1 Gbps host-to-host bandwidth of encrypted IPsec traffic on commodity CPUs and networks. It appears to the application developer as a normal network interface, because the hardware acceleration is transparent to the user. The system is highly programmable and can support a variety of offload functions. A sample application is described, wherein production-quality HDTV is transported over IP at nearly 900 Mbps, fully secured using IPsec with AES encryption
Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES
Abstract. In this paper, we propose a new mathematical DES description that allows us to achieve optimized implementations in term of ratio T hroughput/Area. First, we get an unrolled DES implementation that works at data rates of 21.3 Gbps (333 MHz), using Virtex-II technology. In this design, the plaintext, the key and the mode (encryption/decrytion) can be changed on a cycle-by-cycle basis with no dead cycles. In addition, we also propose sequential DES and triple-DES designs that are currently the most efficient ones in term of resources used as well as in term of throughput. Based on our DES and triple-DES results, we also set up conclusions for optimized FPGA design choices and possible improvement of cipher implementations with a modified structure description
AES on FPGA from the Fastest to the Smallest
Abstract. Two new FPGA designs for the Advanced Encryption Standard (AES) are presented. The first is believed to be the fastest, achieving 25 Gbps throughput using a Xilinx Spartan-III (XC3S2000) device. The second is believed to be the smallest and fits into a Xilinx Spartan-II (XC2S15) device, only requiring two block memories and 124 slices to achieve a throughput of 2.2 Mbps. These designs show the extremes of what is possible and have radically different applications from high performance e-commerce IPsec servers to low power mobile and home applications. The high speed design presented here includes support for continued throughput during key changes for both encryption and decryption which previous pipelined designs have omitted