Secure Data Aggregation in Wireless Sensor Networks. Homomorphism versus Watermarking Approach

International audienceWireless sensor networks are now in widespread use to monitor regions, detect events and acquire information. Since the deployed nodes are separated, they need to cooperatively communicate sensed data to the base station. Hence, transmissions are a very energy consuming operation. To reduce the amount of sending data, an aggregation approach can be applied along the path from sensors to the sink. However, usually the carried information contains confidential data. Therefore, an end-to-end secure aggregation approach is required to ensure a healthy data reception. End-to-end encryption schemes that support operations over cypher-text have been proved important for private party sensor network implementations. These schemes offer two main advantages: end-to-end concealment of data and ability to operate on cipher text, then no more decryption is required for aggregation. Unfortunately, nowadays these methods are very complex and not suitable for sensor nodes having limited resources. In this paper, we propose a secure end-to-end encrypted-data aggregation scheme. It is based on elliptic curve cryptography that exploits a smaller key size. Additionally, it allows the use of higher number of operations on cypher-texts and prevents the distinction between two identical texts from their cryptograms. These properties permit to our approach to achieve higher security levels than existing cryptosystems in sensor networks. Our experiments show that our proposed secure aggregation method significantly reduces computation and communication overhead and can be practically implemented in on-the-shelf sensor platforms. By using homomorphic encryption on elliptic curves, we thus have realized an efficient and secure data aggregation in sensor networks. Lastly, to enlarge the aggregation functions that can be used in a secure wireless sensor network, a watermarking-based authentication scheme is finally proposed

Side Channel Attacks against Pairing over Theta Functions

Abstract. In [17], Lubicz and Robert generalized the Tate pairing over any abelian variety and more precisely over Theta functions. The security of the new algorithms is an important issue for the use of practical cryptography. Side channel attacks are powerful attacks, using the leakage of information to reveal sensitive data. The pairings over elliptic curves were sensitive to side channel attacks. In this article, we study the weaknesses of the Tate pairing over Theta functions when submitted to side channel attacks. Key words: pairing based cryptography, Theta function, side channel attacks, differential power analysis, fault attacks.

Optimizing the Control Hierarchy of an ECC Coprocessor Design on an FPGA Based SoC Platform

Abstract. Most hardware/software codesigns of Elliptic Curve Cryp-tography only have one central control unit, typically a 32 bit or 8 bit processor core. With the ability of integrating several soft processor cores into one FPGA fabric, we can have a hierarchy of controllers in one SoC design. Compared to the previous codesigns trying to optimize the com-munication overhead between the central control unit and coprocessor over bus by using different bus protocols (e.g. OPB, PLB and FSL) or advanced techniques (e.g. DMA), our approach prevents overhead in bus transactions by introducing a local 8 bit microcontroller, PicoBlaze, in the coprocessor. As a result, the performance of the ECC coprocessor can be almost independent of the selection of bus protocols. To further accelerate the Uni-PicoBlaze based ECC SoC design, a Dual-PicoBlaze based architecture is proposed, which can achieve the maximum instruc-tion rate of 1 instruction/cycle to the ECC datapath. Using design space exploration of a large number of system configurations of different ar-chitectures discussed in this paper, our proposed Dual-PicoBlaze based design also shows best trade-off between area and speed.

Improving Modular Inversion in RNS using the Plus-Minus Method

International audienceThe paper describes a new RNS modular inversion algorithm based on the extended Euclidean algorithm and the plus-minus trick. In our algorithm, comparisons over large RNS values are replaced by cheap computations modulo 4. Comparisons to an RNS version based on Fermat's little theorem were carried out. The number of elementary modular operations is signi cantly reduced: a factor 12 to 26 for multiplications and 6 to 21 for additions. Virtex 5 FPGAs implementations show that for a similar area, our plus-minus RNS modular inversion is 6 to 10 times faster