Breaking ECC2K-130

Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard\u27s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack

Elicitation of Neutralizing Antibodies Directed against CD4-Induced Epitope(s) Using a CD4 Mimetic Cross-Linked to a HIV-1 Envelope Glycoprotein

The identification of HIV-1 envelope glycoprotein (Env) structures that can generate broadly neutralizing antibodies (BNAbs) is pivotal to the development of a successful vaccine against HIV-1 aimed at eliciting effective humoral immune responses. To that end, the production of novel Env structure(s) that might induce BNAbs by presentation of conserved epitopes, which are otherwise occluded, is critical. Here, we focus on a structure that stabilizes Env in a conformation representative of its primary (CD4) receptor-bound state, thereby exposing highly conserved “CD4 induced” (CD4i) epitope(s) known to be important for co-receptor binding and subsequent virus infection. A CD4-mimetic miniprotein, miniCD4 (M64U1-SH), was produced and covalently complexed to recombinant, trimeric gp140 envelope glycoprotein (gp140) using site-specific disulfide linkages. The resulting gp140-miniCD4 (gp140-S-S-M64U1) complex was recognized by CD4i antibodies and the HIV-1 co-receptor, CCR5. The gp140-miniCD4 complex elicited the highest titers of CD4i binding antibodies as well as enhanced neutralizing antibodies against Tier 1 viruses as compared to gp140 protein alone following immunization of rabbits. Neutralization against HIV-27312/V434M and additional serum mapping confirm the specific elicitation of antibodies directed to the CD4i epitope(s). These results demonstrate the utility of structure-based approach in improving immunogenic response against specific region, such as the CD4i epitope(s) here, and its potential role in vaccine application

Lightweight PUF-based Key and Random Number Generation

As embedded electronics continue to be integrated into our daily lives at such a pace that there are nowadays more cellphones than people on the planet, security is becoming ever more crucial. Unfortunately, this is all too often realized as an afterthought and thus the security implementations in many embedded devices offer little to no practical protection. Security does not require only cryptographic algorithms; two other critical modules in a secure system are a key generation module and a random number generator (RNG). The lack of well thought-out implementations of these modules has been the downfall of the security in many devices, many of them high-profile.In this thesis, we look into ways of constructing secure versions of both of these building blocks in embedded devices. Towards this end, we turn our attention to physically unclonable functions (PUFs). A PUF is a promising, relatively novel primitive that functions as a fingerprint for electronic devices. In our research, we have combined PUFs with custom hardware modules, such as a BCH error correcting code decoder, to create the first "black box" PUF-based key generation module. Our implementation requires very little real estate, proving that very efficient BCH error correcting codes, which are normally written off as being unwieldy and complex, are in fact feasible for use in PUF-based systems.We furthermore investigate the presence of PUFs in commercial off-the-shelf (COTS) microcontrollers. A thorough investigation of the usability of SRAM as PUFs and RNGs in a handful of the most prominent microcontroller families on the market is presented. We discuss the practical use of the measured microcontrollers in light of our findings, and show that there are large differences between the various families. Our study is the first of its kind, and clearly displays the need for continued work in this fashion on other microcontrollers.Finally, we develop a system for a secure RNG on COTS embedded devices, leveraging errors in available PUFs as a source of entropy. Building upon the findings of our microcontroller study, we successfully implement this system onto various ARM Cortex-M microcontrollers. Part of this result is an implementation of the Keccak algorithm, the smallest published to date.Preface Abstract Samenvatting Contents List of Figures List of Tables List of Code Listings List of Abbreviations List of Symbols 1 Introduction 1.1 Cryptographic primitives 1.2 Problem sketch 1.3 Thesis outline 1.4 Conclusion 2 PUF and RNG Background 2.1 Physically Unclonable Function 2.2 Applications 2.3 Design 2.4 Threat model 2.5 Mathematical notation 2.6 Quality metrics 2.7 Error correction 2.8 Random number generation 2.9 Summary 3 PUFKY: An Area-Efficient Key Generation Module 3.1 Introduction 3.2 Background 3.3 Design 3.4 BCH decoding microcontroller 3.5 Full generator implementation 3.6 Conclusion 4 Analysis of SRAM in COTS Microcontrollers 4.1 Introduction 4.2 Measurement setup 4.3 Measurements & evaluations 4.4 Discussion 4.5 Conclusion 5 Software-based Secure PRNG Design 5.1 Introduction 5.2 Design 5.3 Implementation 5.4 Conclusion 6 Conclusions A Microcontroller Firmware B Microcontroller Metrics Bibliography Curriculum Vitae List of Publicationsnrpages: 206status: publishe

Tiny application-specific programmable processor for BCH decoding

status: accepte

CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus

status: publishe

PUFKY: A Fully Functional PUF-based Cryptographic Key Generator

We present PUFKY: a practical and modular design for a cryptographic key generator based on a Physically Unclonable Function (PUF). A fully functional reference implementation is developed and successfully evaluated on a substantial set of FPGA devices. It uses a highly optimized ring oscillator PUF (ROPUF) design, producing responses with up to 99% entropy. A very high key reliability is guaranteed by a syndrome construction secure sketch using an efficient and extremely low-overhead BCH decoder. This first complete implementation of a PUF-based key generator, including a PUF, a BCH decoder and a cryptographic entropy accumulator, utilizes merely 17% (1162slices) of the available resources on a low-end FPGA, of which 82% are occupied by the ROPUF and only 18% by the key generation logic. PUFKY is able to produce a cryptographically secure 128-bit key with a failure rate < 10 - 9 in 5.62ms. The design's modularity allows for rapid and scalable adaptations for other PUF implementations or for alternative key requirements. The presented PUFKY core is immediately deployable in an embedded system, e.g. by connecting it to an embedded microcontroller through a convenient bus interface. © 2012 International Association for Cryptologic Research.status: publishe

LiBrA-CAN: a Lightweight Broadcast Authentication protocol for Controller Area Networks

© 2017 ACM. Despite realistic concerns, security is still absent from vehicular buses such as the widely used Controller Area Network (CAN). We design an efficient protocol based on efficient symmetric primitives, taking advantage of two innovative procedures: splitting keys between nodes and mixing authentication tags. This results in a higher security level when compromised nodes are in the minority, a realistic assumption for automotive networks. Experiments are performed on state-of-the-art Infineon TriCore controllers, contrasted with low-end Freescale S12X cores, while simulations are provided for the recently released CAN-FD standard. To gain compatibility with existent networks, we also discuss a solution based on CAN+.status: publishe

Ultra Low-Power implementation of ECC on the ARM Cortex-M0+

In this work, elliptic curve cryptography (ECC) is used to make an efficient implementation of a public-key cryptography algorithm on the ARM Cortex-M0+. The goal of this implementation is to make not only a fast, but also a very low-power software implementation. To aid in the elliptic curve parameter selection, the energy consumption of different instructions on the ARM Cortex-M0+ was measured and it was found that there is a variation of up to 22.5 % between different instructions. The instruction set architecture (ISA) and energy measurements were used to make a simulation of both a binary curve and a prime curve implementation, and the former was found to have a slightly faster execution time with a lower power consumption. Binary curve arithmetic use instructions which requires less energy than prime curve arithmetic on the target platform. A new field multiplication algorithm is proposed, called López-Dahab with fixed registers, which is an optimization of the López-Dahab (LD) algorithm. The proposed algorithm has a performance improvement of 15 % over the LD with rotating registers algorithm (which is the current fastest optimization of the LD algorithm). A software implementation that uses the proposed algorithm was made in C and assembly, and on average our implementation of a random point multiplication requires 34.16 µJ, whereas our fixed point multiplication requires 20.63 µJ. The energy consumption of our implementation beats all known software implementations on embedded platforms, of a point multiplication, on the same equivalent security level by a factor of 7.4. I