-
[show abstract]
[hide abstract]
ABSTRACT: Implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and up-to-date table of physical attacks and countermeasures is of paramount importance to system designers. This paper summarizes known physical attacks and countermeasures on Elliptic Curve Cryptosystems. Instead of repeating the details of different attacks, we focus on a systematic way of organizing and understanding known attacks and countermeasures. Three principles of selecting countermeasures to thwart multiple attacks are given. This paper can be used as a road map for countermeasure selection in a first design iteration.
Hardware-Oriented Security and Trust (HOST), 2010 IEEE International Symposium on; 07/2010
-
[show abstract]
[hide abstract]
ABSTRACT: The Direct Anonymous Attestation scheme allows to map procedures with an imperative requirement for anonymity, such as voting, to the electronic world while offering provable security. However, the scheme is complex and requires demanding computations to be performed on a tamper-proof device. Such devices, e.g. secure smart cards, are typically resource constrained. We present the first implementation of the (simplified) Direct Anonymous Attestation protocols suitable for contemporary Java Card smart cards. We point out performance bottlenecks and provide efficient solutions which allow our implementation to terminate within acceptable time.
Information Forensics and Security, 2009. WIFS 2009. First IEEE International Workshop on; 01/2010
-
[show abstract]
[hide abstract]
ABSTRACT: There exist only two articles that present clear results of practical DPA attacks against an MDPL prototype chip and both are essentially in favour of its security. Unsuccessful attacks are however only weak evidence of security, and at present it is unclear to what extent some proposed theoretical concepts affect the security provided by MDPL in practice. We fill this gap and present results of an extensive case study of attacks against an MDPL prototype chip. In contrast with other practical works, we demonstrate successful DPA attacks and show that MDPL implementations, resistant to standard DPA attacks, can be broken in practice. Further, we show that the underlying concept of the folding attack, i.e. analysis of probability densities, indeed exposes MDPL's greatest weakness: the masking renders the circuit more vulnerable to attacks than a circuit with a fixed mask. In addition, our analysis leads to novel insights into the power consumption properties of MDPL in real silicon.
Information Forensics and Security, 2009. WIFS 2009. First IEEE International Workshop on; 01/2010
-
[show abstract]
[hide abstract]
ABSTRACT: Side channel analysis attacks exploit the information leakage of a cryptographic device to lay hands on the secret information that is processed. Several statistical means to extract this information have been proposed since the onset of the research area. In this paper we perform a fair empirical comparison of several side channel analysis distinguishers on a hardware implementation of the Data Encryption Standard.
Circuit Theory and Design, 2009. ECCTD 2009. European Conference on; 09/2009
-
[show abstract]
[hide abstract]
ABSTRACT: This paper reports on the design and implementation of a class E push-pull amplifier in order to increase the reading range of an ISO-14443A RFID system. With the aid of classical design formulas and some alterations due to parasitic and intrinsic capacitances, a working implementation was made that can provide the loop with an amplified modulated current wave.
Design and Diagnostics of Electronic Circuits & Systems, 2009. DDECS '09. 12th International Symposium on; 05/2009
-
[show abstract]
[hide abstract]
ABSTRACT: In this paper, the maximal spatial resolution of a circular loop sensor is investigated. This will result in a practical limit determined by the desired signal amplitude and working frequency band.
Antennas and Propagation, 2009. EuCAP 2009. 3rd European Conference on; 04/2009
-
[show abstract]
[hide abstract]
ABSTRACT: The design of a reader antenna is described for usage in radio frequency identification (RFID) systems at 13.56 MHz, as defined in the ISO-14443a standard. It presents the theory, with emphasis on the effect of the read out distance on the design, but also describes measurements on concrete designs to validate the formulas and statements. We also comment on practical problems that were encountered during the design process. The major contribution of this work is the generalization of the design theory for large read out distances where the conventional assumption of constant loop current no longer holds.
IEEE Transactions on Antennas and Propagation 01/2009; · 2.15 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: Buyer-seller watermarking protocols incorporate digital watermarking with cryptography, in order to protect digital copyrights and privacy rights for the seller and the buyer before, during, and after purchase activities in e-commerce. In this paper, we analyze the security of some previously proposed protocols, and propose a secure and anonymous buyer-seller watermarking protocol. In contrast to early work, our improvement on the protocol's security properties ensures that the design requirements are fulfilled. The proposed protocol is able to simultaneously solve the piracy tracing problem, the customer's rights problem, the unbinding problem, the anonymity problem, the conspiracy problem, and the dispute problem. In the proposed protocol, a buyer can purchase digital contents anonymously but his anonymity can be revoked as soon as he is adjudicated to be guilty by a legal institute, such as civil court.
Internet and Web Applications and Services, 2008. ICIW '08. Third International Conference on; 07/2008
-
[show abstract]
[hide abstract]
ABSTRACT: This paper presents a reconfigurable curve-based cryptoprocessor that accelerates scalar multiplication of Elliptic Curve Cryptography (ECC) and HyperElliptic Curve Cryptography (HECC) of genus 2 over GF(2<sup>n</sup>). By allocating a copies of processing cores that embed reconfigurable Modular Arithmetic Logic Units (MALUs) over GF(2<sup>n</sup>), the scalar multiplication of ECC/HECC can be accelerated by exploiting Instruction-Level Parallelism (ILP). The supported field size can be arbitrary up to a(n + 1) - 1. The superscaling feature is facilitated by defining a single instruction that can be used for all field operations and point/divisor operations. In addition, the cryptoprocessor is fully programmable and it can handle various curve parameters and arbitrary irreducible polynomials. The cost, performance, and security trade-offs are thoroughly discussed for different hardware configurations and software programs. The synthesis results with a 0.13-mum CMOS technology show that the proposed reconfigurable cryptoprocessor runs at 292 MHz, whereas the field sizes can be supported up to 587 bits. The compact and fastest configuration of our design is also synthesized with a fixed field size and irreducible polynomial. The results show that the scalar multiplication of ECC over GF(2163) and HECC over GF(283) can be performed in 29 and 63 mus, respectively.
IEEE Transactions on Computers 10/2007; 56(9):1269-1282. · 1.10 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: Key establishment is one of the major challenges in wireless personal area networks, as traditional security mechanisms often do not cope with the dynamic characteristics of wireless ad-hoc networks. In this paper, we present an efficient key establishment protocol, based on the basic Diffie-Hellman protocol. It enables mutual device authentication through presence and establishes a session key between personal mobile devices which do not yet share any authenticated cryptographic material. Distance bounding protocols, which have been introduced by Brands and Chaum at Eurocrypt'93 to preclude distance fraud and mafia fraud attacks, are employed to determine an upper- bound on the distance to another entity. Our solution only requires limited user-interaction: the user of a mobile device is expected to perform a visual verification within a small physical space.
Mobile and Ubiquitous Systems: Networking & Services, 2007. MobiQuitous 2007. Fourth Annual International Conference on; 09/2007
-
[show abstract]
[hide abstract]
ABSTRACT: This paper describes the design of a programmable coprocessor for public key cryptography (PKC) on an FPGA. The implementation provides a very broad range of functions together with countermeasures against side-channel analysis (SCA) attacks. The functions are implemented in a hierarchical manner, where all levels are accessible by the user. This makes the coprocessor very flexible and particularly suitable to be used in embedded environments where the border between hardware and software needs to be decided depending on the application. Especially for RSA, the resulting implementation on an XC3S5000 FPGA, from the low-cost Spartan series of Xilinx, shows comparable performance figures compared to the state-of- the-art in PKC coprocessors.
Embedded Computer Systems: Architectures, Modeling and Simulation, 2007. IC-SAMOS 2007. International Conference on; 08/2007
-
[show abstract]
[hide abstract]
ABSTRACT: This paper describes the first differential power and electromagnetic analysis attacks performed on a hardware implementation of an elliptic curve cryptosystem. In the same time we also compared the metrics used in differential power and electromagnetic radiation attacks. We describe the use of the Pearson correlation coefficient, the distance of mean test and the maximum likelihood test. For each metric the number of measurements needed to get a clear idea of the right guess of the key-bit is taken as indication of the strength of the metric.
Computers & Electrical Engineering. 01/2007;
-
[show abstract]
[hide abstract]
ABSTRACT: We propose a superscalar coprocessor for high-speed curve-based cryptography. It accelerates scalar multiplication by exploiting
instruction-level parallelism (ILP) dynamically and processing multiple instructions in parallel. The system-level architecture
is designed so that the coprocessor can fully utilize the superscalar feature. The implementation results show that scalar
multiplication of Elliptic Curve Cryptography (ECC) over GF(2163), Hyperelliptic Curve Cryptography (HECC) of genus 2 over GF(283) and ECC over a composite field, GF((283)2) can be improved by a factor of 1.8, 2.7 and 2.5 respectively compared to the case of a basic single-scalar architecture.
This speed-up is achieved by exploiting parallelism in curve-based cryptography. The coprocessor deals with a single instruction
that can be used for all field operations such as multiplications and additions. In addition, this instruction only allows
one to compute point/divisor operations. Furthermore, we provide also a fair comparison between the three curve-based cryptosystems.
KeywordsSuperscalar-instruction-level parallelism-coprocessor-curve-based cryptography-scalar multiplication-HECC-ECC
10/2006: pages 415-429;
-
[show abstract]
[hide abstract]
ABSTRACT: This paper describes a solution for the generation of true random numbers in a purely digital fashion; making it suitable for any FPGA type, because no FPGA vendor specific features (e.g., like phase-locked loop) or external analog components are required. Our solution is based on a framework for a provable secure true random number generator recently proposed by Sunar, Martin and Stinson. It uses a large amount of ring oscillators with identical ring lengths as a fast noise source - but with some deterministic bits - and eliminates the non-random samples by appropriate post-processing based on resilient functions. This results in a slower bit stream with high entropy. Our FPGA implementation achieves a random bit throughput of more than 2 Mbps, remains fairly compact (needing minimally 110 ring oscillators of 3 inverters) and is highly portable
Field Programmable Logic and Applications, 2006. FPL '06. International Conference on; 09/2006
-
[show abstract]
[hide abstract]
ABSTRACT: Implementing large word-length public key algorithms on small 8-bit mu-controllers is a challenge. This paper presents a hardware/software co-design solution of RSA and elliptic curve cryptography (ECC) over GF(p) on a 12 MHz 8-bit 8051 mu-controller. The hardware coprocessor has a modular arithmetic logic unit (MALU) of which the digit size (d) is variable. It can be adapted to the speed and bandwidth of the mu-controller to which it is connected. The HW/SW co-design space exploration is based on the GEZEL system-level design environment. It allows the designer to find the best performance-area combination for the digit size. A case study of an FPGA implementation for a 160-bit ECC over GF(p) (ECC-160p) shows that one point multiplication can be computed 40 times faster than an optimized SW implementation with the optimized digit size, d=4.
Automation Congress, 2006. WAC '06. World; 08/2006
-
[show abstract]
[hide abstract]
ABSTRACT: This paper describes a differential electromagnetic analysis attack performed on a hardware implementation of an elliptic curve cryptosystem. We describe the use of the distance of mean test. The number of measurements needed to get a clear idea of the right guess of the key-bit is taken as indication of the success of the attack. We can find the right key-bit by using only 2000 measurements. Also we give a electromagnetic model for the FPGA we use in our experiments. The amplitude, the direction and the position of the current on the FPGA's lines with respect to the position of the antenna have an influence on the measured electromagnetic radiation in the FPGA's surrounding area.
Automation Congress, 2006. WAC '06. World; 08/2006
-
[show abstract]
[hide abstract]
ABSTRACT: We propose a fast modular arithmetic logic unit (MALU) that is scalable in the digit size (d) and the field size (k). The datapath of MALU has chains of carry save adders (CSAs) to speed up the large integer arithmetic operations over GF(p) and GF(2<sup>m</sup>). It is well suited and very efficient for the modular multiplication and addition/subtraction which are the computational kernels of elliptic curve and hyperelliptic curve cryptography (H/ECC). While maintaining the scalability and multi-function, we obtain a throughput of 205 Mbps and 388 Mbps with a clock rate of 110 MHz for 256-bit GF(p) and GF(2<sup>239</sup>) respectively on FPGA prototyping
Circuits and Systems, 2006. ISCAS 2006. Proceedings. 2006 IEEE International Symposium on; 06/2006
-
[show abstract]
[hide abstract]
ABSTRACT: We propose a parallel processing crypto-processor for elliptic curve cryptography (ECC) to speed up EC point multiplication. The processor consists of a controller that dynamically checks instruction-level parallelism (ILP) and multiple sets of modular arithmetic logic units accelerating modular operations. A case study of HW design with the proposed architecture shows that EC point multiplication over GF(p) and GF(2<sup>m</sup>) can be improved by a factor of 1.6 compared to the case of using single processing element
Acoustics, Speech and Signal Processing, 2006. ICASSP 2006 Proceedings. 2006 IEEE International Conference on; 06/2006 · 4.63 Impact Factor
-
[show abstract]
[hide abstract]
ABSTRACT: Due to the nature of radio transmissions, communications in wireless networks are easy to capture and analyze. Next to this, privacy enhancing techniques (PETs) proposed for wired networks such as the Internet often cannot be applied to mobile ad hoc networks (MANETs). In this paper we present a novel anonymous on demand routing scheme for MANETs. We identify a number of problems of previously proposed works and propose an efficient solution that provides anonymity in a stronger adversary model.
Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on; 05/2006
-
[show abstract]
[hide abstract]
ABSTRACT: Carlet and Charpin classified the set of cubic (n-4)-resilient Boolean functions into four different types with respect to the Walsh spectrum and the dimension of the linear space. Based on the classification of RM(3,6)/RM(1,6), we have completed this classification of cubic (n-4)-resilient Boolean functions by deriving the corresponding algebraic normal form (ANF) and autocorrelation spectrum for each of the four types. At the same time, we have solved an open problem by proving that all plateaued cubic (n-4)-resilient Boolean functions have dimension of the linear space equal either to n-5 or n-6.
IEEE Transactions on Information Theory 05/2006; · 3.01 Impact Factor
