Does Lightweight Cryptography Imply Slightsecurity?

Total Page:16

File Type:pdf, Size:1020Kb

Does Lightweight Cryptography Imply Slightsecurity? Intro Security Examples Conclusions Does Lightweight Cryptography Imply Slightsecurity? Orr Dunkelman Computer Science Department University of Haifa 7th March, 2014 ? Orr Dunkelman Lightweight ⇒ Slightsecurity 1/ 35 Intro Security Examples Conclusions Outline 1 Introduction Lightweight Cryptography Lightweight Cryptography Primitives 2 The Path to Security 3 A Few Examples The MISTY1 to KASUMI Transition The AES to LED Transition The KTANTAN Block Cipher ZORRO 4 Conclusions/Discussions ? Orr Dunkelman Lightweight ⇒ Slightsecurity 2/ 35 Intro Security Examples Conclusions LWC Primitives Lightweight Cryptography ◮ Targets constrained environments. ◮ Tries to reduce the computational efforts needed to obtain security. ◮ Optimization targets: size, power, energy, time, code size, RAM/ROM consumption, etc. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 3/ 35 Intro Security Examples Conclusions LWC Primitives Lightweight Cryptography ◮ Targets constrained environments. ◮ Tries to reduce the computational efforts needed to obtain security. ◮ Optimization targets: size, power, energy, time, code size, RAM/ROM consumption, etc. Why now? ? Orr Dunkelman Lightweight ⇒ Slightsecurity 3/ 35 Intro Security Examples Conclusions LWC Primitives Lightweight Cryptography is All Around Us ◮ Constrained environments today are different than constrained environments 10 years ago. ◮ Ubiquitous computing – RFID tags, sensor networks. ◮ Low-end devices (8-bit platforms). ◮ Stream ciphers do not enjoy the same “foundations” as block ciphers. ◮ Failure of previous solutions (KeeLoq, Mifare) to meet required security targets. ◮ Good research direction. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 4/ 35 Intro Security Examples Conclusions LWC Primitives Some Lightweight Primitives Block Ciphers Stream Ciphers Hash Functions MACs HIGHT Grain H-PRESENT SQUASH mCrypton Trivium PHOTON DESL Mickey QUARK PRESENT F-FCSR-H Armadillo KATAN WG-7 SpongeNT KTANTAN CAZAD GLOUN PRINTcipher Keccak-f∗ SEA Klein LBlock GOST ZORRO TWINE LED PRINCE Simon Speck ? Orr Dunkelman Lightweight ⇒ Slightsecurity 5/ 35 Intro Security Examples Conclusions LWC Primitives Some Lightweight Primitives Block Ciphers Stream Ciphers Hash Functions MACs HIGHT Grain H-PRESENT SQUASH mCrypton Trivium PHOTON DESL Mickey QUARK PRESENT F-FCSR-H Armadillo KATAN WG-7 SpongeNT KTANTAN CAZAD GLOUN PRINTcipher Keccak-f∗ SEA Klein LBlock GOST ZORRO TWINE LED PRINCE Simon Speck ? Orr Dunkelman Lightweight ⇒ Slightsecurity 5/ 35 Intro Security Examples Conclusions Security Challenges ◮ Lightweight ⇒ pick the point on the security/performance curve with as little security margins as possible. ◮ Use best-of-the-art approaches: ◮ Count the number of active S-boxes (wide trail), ◮ Scale-down “known” ciphers (Misty1 → KASUMI, AES→ LED, Zorro, DES→ DESL, . ) ◮ Use “secure structures” (GFNs/AES-like/etc.) ? Orr Dunkelman Lightweight ⇒ Slightsecurity 6/ 35 Intro Security Examples Conclusions Security Challenges ◮ Lightweight ⇒ pick the point on the security/performance curve with as little security margins as possible. ◮ Use best-of-the-art approaches: ◮ Count the number of active S-boxes (wide trail), ◮ Scale-down “known” ciphers (Misty1 → KASUMI, AES→ LED, Zorro, DES→ DESL, . ) ◮ Use “secure structures” (GFNs/AES-like/etc.) ◮ Ignore related-key attacks. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 6/ 35 Intro Security Examples Conclusions Security Challenges ◮ Lightweight ⇒ pick the point on the security/performance curve with as little security margins as possible. ◮ Use best-of-the-art approaches: ◮ Count the number of active S-boxes (wide trail), ◮ Scale-down “known” ciphers (Misty1 → KASUMI, AES→ LED, Zorro, DES→ DESL, . ) ◮ Use “secure structures” (GFNs/AES-like/etc.) ◮ Ignore related-key attacks. ◮ Use provable approaches: ◮ Even-Mansour (1-Key/Multiple Key) ? Orr Dunkelman Lightweight ⇒ Slightsecurity 6/ 35 Intro Security Examples Conclusions Security Challenges ◮ Lightweight ⇒ pick the point on the security/performance curve with as little security margins as possible. ◮ Use best-of-the-art approaches: ◮ Count the number of active S-boxes (wide trail), ◮ Scale-down “known” ciphers (Misty1 → KASUMI, AES→ LED, Zorro, DES→ DESL, . ) ◮ Use “secure structures” (GFNs/AES-like/etc.) ◮ Ignore related-key attacks. ◮ Use provable approaches: ◮ Even-Mansour (1-Key/Multiple Key) ◮ As usual . pray. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 6/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO MISTY1 ◮ Introduced by Matsui in 1997. ◮ 64-bit block, 128-bit key. ◮ Recursive structure — 8 Feistel rounds, each round function is a 3-round Feistel function. ◮ Each of these semi-round functions is a 3-round Feistel on its own. ◮ Uses 7-bit and 9-bit S-boxes for maximal nonlinearity. ◮ Every two rounds there is an FL-layer. ◮ Cryptrec-approved, NESSIE-portfolio, RFC, ISO. ◮ Predecessor of KASUMI. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 7/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO MISTY1 KO KI KO FL KL1 1, 1 KL2 FL i,1 1 2 L S9 FO1 FIi,1 KIi,1 L L KO , KI 2 2 L FO2 L S7 KOi,2 KL KO KI KL L FL3 3 3, 3 4 FL4 FIi,2 KIi,2 L KIi,j,2 FO3 KIi,j,1 L L L L KO4, KI4 FO4 S9 L KOi,3 L KL KO KI KL FI KI FL5 5 5, 5 6 FL6 i,3 i,3 L FO5 L L KO KI 6, 6 FI function FO6 KOi,4 L L KL KO , KI KL FL7 7 7 7 8 FL8 FO function FO7 L KO8, KI8 FO8 KL L i,1 bitwiseT AND T L S KL KL bitwise OR FL9 9 10 FL10 KLi,2 L S MISTY1 FL function ? Orr Dunkelman Lightweight ⇒ Slightsecurity 8/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO KASUMI KL1 KO1, KI1 KOi,1 L S9 FL1 FO1 L FIi,1 KIi,1 L KO2, KI2 KL2 L FO2 FL2 L S7 KOi,2 L KL3 KO3, KI3 FIi,2 KIi,2 L KIi,j,2 FL3 FO3 KIi,j,1 L L L L KO4, KI4 KL4 S9 FO4 FL4 KOi,3 L L FIi,3 KIi,3 L KL5 KO5, KI5 FL5 FO5 L L S7 KO6, KI6 KL6 L FO6 FL6 FO function L FI function KL7 KO7, KI7 FL7 FO7 L KLi,1 KO8, KI8 KL8 ≪ bitwiseT AND FO8 FL8 T L S L KL , bitwise OR ≪ i 2 ≪ L S rotate left by one bit KASUMI FL function ? Orr Dunkelman Lightweight ⇒ Slightsecurity 9/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO KASUMI — Changes from MISTY1 ◮ Done by ETSI’s SAGE group to fit mobile handsets. ◮ FL functions to be moved from datapath to round-path. ◮ One key addition reduced from the FO function. ◮ Extra S7 in FI (⇒ FO can no longer be divided into 4 parallel functions, but only 2). ? Orr Dunkelman Lightweight ⇒ Slightsecurity 10/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO KASUMI — Changes from MISTY1 ◮ Done by ETSI’s SAGE group to fit mobile handsets. ◮ FL functions to be moved from datapath to round-path. ◮ One key addition reduced from the FO function. ◮ Extra S7 in FI (⇒ FO can no longer be divided into 4 parallel functions, but only 2). ◮ Key schedule changed significantly. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 10/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO KASUMI vs. MISTY1 ◮ In the single-key model: KASUMI ≈ MISTY1: ◮ 6-Round Misty1 [JL12]: 252.5 CPs, 2112.4 time. ◮ 6-Round KASUMI [K12]: 255 CPs, 2100 time. ◮ In the related-key model: MISTY1 ≫ KASUMI. ◮ Practical key recovery attack against the full KASUMI ([DKS10]). ◮ MISTY1: not even close (without FL, [DK13]). ? Orr Dunkelman Lightweight ⇒ Slightsecurity 11/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO The LED Block Cipher ◮ Introduced by [G+11]. ◮ 64-bit block with 64-bit key (LED-64) or 128-bit key (LED-128). ◮ LED-64: 8-Step 1-Key Even-Mansour. ◮ LED-128: 12-Step 2-Key Even-Mansour. ◮ The “public permutation”: 4-round unkeyed AES-like construction. m P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12 c L L L L L L L L L L L L L K1 K2 K1 K2 K1 K2 K1 K2 K1 K2 K1 K2 K1 AC SC SR MC ×4 ? Orr Dunkelman Lightweight ⇒ Slightsecurity 12/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO The LED Block Cipher (cont.) ◮ 48-round (12-step LED-128) offer security against differential, linear, meet-in-the-middle, . ? Orr Dunkelman Lightweight ⇒ Slightsecurity 13/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO The LED Block Cipher (cont.) ◮ 48-round (12-step LED-128) offer security against differential, linear, meet-in-the-middle, . ◮ No related-key issues/weakness in key schedule. ? Orr Dunkelman Lightweight ⇒ Slightsecurity 13/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO The LED Block Cipher (cont.) ◮ 48-round (12-step LED-128) offer security against differential, linear, meet-in-the-middle, . ◮ No related-key issues/weakness in key schedule. ◮ As long as the 8-Step 1-Key Even-Mansour secure (LED-64) or 5-Step 1-Key Even-Mansour secure (LED-128). ? Orr Dunkelman Lightweight ⇒ Slightsecurity 13/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO Results on LED (Single-Key) Source Cipher Steps Time Data Memory [IS12] LED-64 2 256 28 CP 28 [D+14] LED-64 2 248 216 CP 217 [D+14] LED-64 2 248 248 KP 248 [D+13] LED-64 3 260.2 249 KP 260 [IS12] LED-128 4 2112 216 CP 219 [M+12] LED-128 4 296 264 KP 264 [NWW13] LED-128 4 296 232 KP 232 [NWW13] LED-128 6 2124.4 259 KP 259 [D+13] LED-128 6 2124.5 245 KP 260 [D+13] LED-128 8 2123.8 249 KP 260 ? Orr Dunkelman Lightweight ⇒ Slightsecurity 14/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO Related-Key Attacks on LED-64 [M+12] ◮ Find iterative characteristic ∆ → ∆ through Pi . ◮ Set key difference to ∆, plaintext difference to 0 . ? Orr Dunkelman Lightweight ⇒ Slightsecurity 15/ 35 Intro Security Examples Conclusions KASUMI LED KTANTAN ZORRO Related-Key Attacks on LED-64 [M+12] ◮ Find iterative characteristic ∆ → ∆ through Pi . ◮ Set key difference to ∆, plaintext difference to 0 . ◮ 3-Step immediate related-key attack on LED-64, can be extended to 4-Step.
Recommended publications
  • On the NIST Lightweight Cryptography Standardization
    On the NIST Lightweight Cryptography Standardization Meltem S¨onmez Turan NIST Lightweight Cryptography Team ECC 2019: 23rd Workshop on Elliptic Curve Cryptography December 2, 2019 Outline • NIST's Cryptography Standards • Overview - Lightweight Cryptography • NIST Lightweight Cryptography Standardization Process • Announcements 1 NIST's Cryptography Standards National Institute of Standards and Technology • Non-regulatory federal agency within U.S. Department of Commerce. • Founded in 1901, known as the National Bureau of Standards (NBS) prior to 1988. • Headquarters in Gaithersburg, Maryland, and laboratories in Boulder, Colorado. • Employs around 6,000 employees and associates. NIST's Mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. 2 NIST Organization Chart Laboratory Programs Computer Security Division • Center for Nanoscale Science and • Cryptographic Technology Technology • Secure Systems and Applications • Communications Technology Lab. • Security Outreach and Integration • Engineering Lab. • Security Components and Mechanisms • Information Technology Lab. • Security Test, Validation and • Material Measurement Lab. Measurements • NIST Center for Neutron Research • Physical Measurement Lab. Information Technology Lab. • Advanced Network Technologies • Applied and Computational Mathematics • Applied Cybersecurity • Computer Security • Information Access • Software and Systems • Statistical
    [Show full text]
  • Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications
    Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications Dušan Božilov1,2, Miroslav Knežević1 and Ventzislav Nikov1 1 NXP Semiconductors, Leuven, Belgium 2 COSIC, KU Leuven and imec, Belgium [email protected] Abstract. Threshold implementations have emerged as one of the most popular masking countermeasures for hardware implementations of cryptographic primitives. In the original version of TI, the number of input shares was dependent on both security order d and algebraic degree of a function t, namely td + 1. At CRYPTO 2015, a new method was presented yielding to a d-th order secure implementation using d + 1 input shares. In this work, we first provide a construction for d + 1 TI sharing which achieves the minimal number of output shares for any n-input Boolean function of degree t = n − 1. Furthermore, we present a heuristic for minimizing the number of output shares for higher order td + 1 TI. Finally, we demonstrate the applicability of our results on d + 1 and td + 1 TI versions, for first- and second-order secure, low-latency and low-energy implementations of the PRINCE block cipher. Keywords: Threshold Implementations · PRINCE · SCA · Masking 1 Introduction Historically, the field of lightweight cryptography has been focused on designing algorithms that leave as small footprint as possible when manufactured in silicon. Small area implicitly results in low power consumption, which is another, equally important, optimization target. Hitting these two targets comes at a price since the performance and energy consumption of lightweight cryptographic primitives are far from being competitive and, for most online applications, they are often not meeting the requirements.
    [Show full text]
  • A Tutorial on the Implementation of Block Ciphers: Software and Hardware Applications
    A Tutorial on the Implementation of Block Ciphers: Software and Hardware Applications Howard M. Heys Memorial University of Newfoundland, St. John's, Canada email: [email protected] Dec. 10, 2020 2 Abstract In this article, we discuss basic strategies that can be used to implement block ciphers in both software and hardware environments. As models for discussion, we use substitution- permutation networks which form the basis for many practical block cipher structures. For software implementation, we discuss approaches such as table lookups and bit-slicing, while for hardware implementation, we examine a broad range of architectures from high speed structures like pipelining, to compact structures based on serialization. To illustrate different implementation concepts, we present example data associated with specific methods and discuss sample designs that can be employed to realize different implementation strategies. We expect that the article will be of particular interest to researchers, scientists, and engineers that are new to the field of cryptographic implementation. 3 4 Terminology and Notation Abbreviation Definition SPN substitution-permutation network IoT Internet of Things AES Advanced Encryption Standard ECB electronic codebook mode CBC cipher block chaining mode CTR counter mode CMOS complementary metal-oxide semiconductor ASIC application-specific integrated circuit FPGA field-programmable gate array Table 1: Abbreviations Used in Article 5 6 Variable Definition B plaintext/ciphertext block size (also, size of cipher state) κ number
    [Show full text]
  • State of the Art in Lightweight Symmetric Cryptography
    State of the Art in Lightweight Symmetric Cryptography Alex Biryukov1 and Léo Perrin2 1 SnT, CSC, University of Luxembourg, [email protected] 2 SnT, University of Luxembourg, [email protected] Abstract. Lightweight cryptography has been one of the “hot topics” in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a “lightweight” algorithm is usually designed to satisfy. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (nist...) and international (iso/iec...) standards are listed. We then discuss some trends we identified in the design of lightweight algorithms, namely the designers’ preference for arx-based and bitsliced-S-Box-based designs and simple key schedules. Finally, we argue that lightweight cryptography is too large a field and that it should be split into two related but distinct areas: ultra-lightweight and IoT cryptography. The former deals only with the smallest of devices for which a lower security level may be justified by the very harsh design constraints. The latter corresponds to low-power embedded processors for which the Aes and modern hash function are costly but which have to provide a high level security due to their greater connectivity. Keywords: Lightweight cryptography · Ultra-Lightweight · IoT · Internet of Things · SoK · Survey · Standards · Industry 1 Introduction The Internet of Things (IoT) is one of the foremost buzzwords in computer science and information technology at the time of writing.
    [Show full text]
  • Triathlon of Lightweight Block Ciphers for the Internet of Things
    Triathlon of Lightweight Block Ciphers for the Internet of Things Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Léo Perrin, Johann Großschädl, and Alex Biryukov SnT and CSC, University of Luxembourg Maison du Nombre, 6, Avenue de la Fonte, L–4364 Esch-sur-Alzette, Luxembourg {dumitru-daniel.dinu,yann.lecorre,dmitry.khovratovich,leo.perrin}@uni.lu {johann.groszschaedl,alex.biryukov}@uni.lu Abstract. In this paper we introduce a framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms. Our framework is able to evaluate the execution time, RAM footprint, as well as binary code size, and allows one to define a custom “figure of merit” according to which all evaluated candidates can be ranked. We used the framework to benchmark implementations of 19 lightweight ciphers, namely AES, Chaskey, Fantomas, HIGHT, LBlock, LEA, LED, Piccolo, PRE- SENT, PRIDE, PRINCE, RC5, RECTANGLE, RoadRunneR, Robin, Simon, SPARX, Speck, and TWINE, on three microcontroller platforms: 8-bit AVR, 16-bit MSP430, and 32-bit ARM. Our results bring some new insights to the question of how well these lightweight ciphers are suited to secure the Internet of Things (IoT). The benchmarking framework provides cipher designers with an easy-to-use tool to compare new algorithms with the state-of-the-art and allows standardization organizations to conduct a fair and consistent evaluation of a large number of candidates. Keywords: IoT, lightweight cryptography, block ciphers, evaluation framework, benchmarking. 1 Introduction The Internet of Things (IoT) is a frequently-used term to describe the currently ongoing evolution of the Internet into a network of smart objects (“things”) with the ability to communicate with each other and to access centralized resources via the IPv6 (resp.
    [Show full text]
  • BRISK: Dynamic Encryption Based Cipher for Long Term Security
    sensors Article BRISK: Dynamic Encryption Based Cipher for Long Term Security Ashutosh Dhar Dwivedi Cyber Security Section, Department of Applied Mathematics and Computer Science, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark; [email protected] or [email protected] Abstract: Several emerging areas like the Internet of Things, sensor networks, healthcare and dis- tributed networks feature resource-constrained devices that share secure and privacy-preserving data to accomplish some goal. The majority of standard cryptographic algorithms do not fit with these constrained devices due to heavy cryptographic components. In this paper, a new block cipher, BRISK, is proposed with a block size of 32-bit. The cipher design is straightforward due to simple round operations, and these operations can be efficiently run in hardware and suitable for software. Another major concept used with this cipher is dynamism during encryption for each session; that is, instead of using the same encryption algorithm, participants use different ciphers for each session. Professor Lars R. Knudsen initially proposed dynamic encryption in 2015, where the sender picks a cipher from a large pool of ciphers to encrypt the data and send it along with the encrypted message. The receiver does not know about the encryption technique used before receiving the cipher along with the message. However, in the proposed algorithm, instead of choosing a new cipher, the process uses the same cipher for each session, but varies the cipher specifications from a given small pool, e.g., the number of rounds, cipher components, etc. Therefore, the dynamism concept is used here in a different way.
    [Show full text]
  • Iraq Literary Review
    ILR Iraq Literary Review Issue 2 2012 Editor Sadek M. Mohammed (PhD) Managing Editor Soheil Najm www.iraqliteraryreview.com 2 ILR Iraq Literary Review Contents Editorial Criticism 3 Structuring the Artistic Sentence in the Theatre of Muheyil Deen Zen Ge Neh 7 Yaseen Al-Naseer The Broom of Heaven/ Five Rabbits in the Basket of Murtatha Gzar 11 Dhia Al- Jubaili Ishtar's Songs … Ishtar's Agonies 17 Ramadhan M. Sadkhan Fatima Al Muhsin: On the Representations of Iraqi Culture in the Renaissance 24 Alexander Habash, Lebanon Poetry The Dragon ..By Abd al-Wahhab al-Bayati 32 I am Middle Eastern Studies..Shahad Atiya 44 Wine-Beam..By the Classical Kurdish Poet Mahwi 46 The Jackal of the Group..Salman Dawood Mohammad 47 Statues..Karim Al-Najar 49 The Heaven of Joyous Creatures..Ali Abdulameer 51 Mohammed Al-Nassar 54 Kings’ Tatters..Poems by : Jean Demmu 57 In this Mud there is a Desire..Sadek R. Mohamed 59 Fiction Master Socrates:One more Valium pill, a single one is not enough today.. 62 Khudayer Al-Zaidi The Anonymous..Hadiya Hussein 64 World Portfolio Nighttime in Baghdad..Nikesh Murali 71 A Lonely Road to Baghdad.. Musa Idris Okpanachi 73 Night vision..Stephanie M. Glazier 81 Arab Portfolio Creation..Dhabia Khamees 85 3 ILR Iraq Literary Review 4 ILR Iraq Literary Review Editorial New Ends, Fresh Beginnings If one has to chart out the last nine years in the history of Iraq (2003- 2011), one can easily see that this period was always marked by the dawn of new ends and the prospect of new beginnings.
    [Show full text]
  • A Lightweight Encryption Algorithm for Secure Internet of Things
    Pre-Print Version, Original article is available at (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 1, 2017 SIT: A Lightweight Encryption Algorithm for Secure Internet of Things Muhammad Usman∗, Irfan Ahmedy, M. Imran Aslamy, Shujaat Khan∗ and Usman Ali Shahy ∗Faculty of Engineering Science and Technology (FEST), Iqra University, Defence View, Karachi-75500, Pakistan. Email: fmusman, [email protected] yDepartment of Electronic Engineering, NED University of Engineering and Technology, University Road, Karachi 75270, Pakistan. Email: firfans, [email protected], [email protected] Abstract—The Internet of Things (IoT) being a promising and apply analytics to share the most valuable data with the technology of the future is expected to connect billions of devices. applications. The IoT is taking the conventional internet, sensor The increased number of communication is expected to generate network and mobile network to another level as every thing mountains of data and the security of data can be a threat. The will be connected to the internet. A matter of concern that must devices in the architecture are essentially smaller in size and be kept under consideration is to ensure the issues related to low powered. Conventional encryption algorithms are generally confidentiality, data integrity and authenticity that will emerge computationally expensive due to their complexity and requires many rounds to encrypt, essentially wasting the constrained on account of security and privacy [4]. energy of the gadgets. Less complex algorithm, however, may compromise the desired integrity. In this paper we propose a A. Applications of IoT: lightweight encryption algorithm named as Secure IoT (SIT).
    [Show full text]
  • High Throughput in Slices: the Case of PRESENT, PRINCE and KATAN64 Ciphers
    High throughput in slices: the case of PRESENT, PRINCE and KATAN64 ciphers Kostas Papapagiannopoulos Radboud University Nijmegen, Department of Digital Security [email protected] Abstract. This paper presents high-throughput assembly implementations of PRESENT, PRINCE and KATAN64 ciphers for the ATtiny family of AVR microcontrollers. We report new throughput records, achieving the speed of 2967 clock cycles per block encryption for PRESENT, 1803 cycles for PRINCE and 23671 cycles for KATAN64. In addition, we of- fer insight into the `slicing' techniques used for high throughput and their application to lightweight cryptographic implementations. We also demonstrate the speed-memory trade- off by constructing high-throughput implementations with large memory requirements. Keywords. PRESENT, PRINCE, KATAN64, AVR, ATtiny, high-speed assembly im- plementation 1 Introduction During the recent years, our society experienced big changes in the IT landscape. Starting from the development of wireless connectivity and embedded systems, we have observed an extensive deployment of tiny computing devices in our environment. Everyday objects transform into sophisticated appliances, enhanced with communication and computation capabilities. Ubiquitous computing is gradually becoming a reality and researchers have already identified a wide range of security and privacy risks stemming from it. In this new fully-interconnected, always-online environment, we rely heavily on a huge num- ber of daily transactions that are carried over a large distributed infrastructure and can be security-critical or privacy-related. RFID tags on commercial products, cardiac pacemak- ers, fire-detecting sensor nodes, traffic jam detectors and vehicular ad-hoc communication systems have one thing in common: they need to establish a secure and privacy-friendly modus operandi, under a particularly restricted environment, e.g.
    [Show full text]
  • Prince Valves Stack.Pdf
    Directional Control Valves SECTIONAL BODY VALVES Series “20” STANDARD FEATURES • 1 -10 Work Sections • Extra Fine Spool Metering • Power Beyond Capability • Reversible Handle • Load Checks on Each Work Port • Hard Chrome Plated Spools • A Float Section can be Installed in any Location in Valve Assembly • Interchangeable Mounting With Other Popular “0” gpm Stack Valves • Optional Work Section with Pilot Operated Checks SPECIFICATIONS Parallel or Tandem Circuit Foot Mounting Pressure Rating Weight Maximum Operating Pressure ......3500 psi Inlet Cover ........................... Approx 6 lbs Maximum Tank Pressure .................500 psi Outlet Cover ..................... Approx 3.5 lbs Work Section ....................... Approx 9 lbs Nominal Flow Rating ......................20 gpm Maximum Operating Temp ..........180°F Please Refer to Pressure Drop Charts. Allowable Pressure Loss thru Valve Filtration: For general purpose valves, Determines the Maximum flow. fluid cleanliness should meet the ISO 4406 19/17/14 level . For extended life or for pilot operated valves, the 18/16/13 fluid cleanliness level is recommended. CATV -07-1-01 V3 ORDERING INFORMATION: The following is a listing of valve sections available from stock on a standard basis. STANDARD SECTIONS AVAILABLE: STANDARD INLET SECTIONS ALL SECTIONS HAVE BOTH TOP AND SIDE INLET AND TANk PORTS PART NO. RELIEF TYPE AND SETTING PORT SIZE 0IA NO RELIEF #1 SAE ORB 0IC SHIM ADJUSTABLE 11-170 PSI, SET AT 170 PSI @ 10 GPM #1 SAE ORB 0ID SHIM ADJUSTABLE 171-00 PSI, SET AT 00 PSI @ 10 GPM #1 SAE ORB 0IE SHIM ADJUSTABLE 01-000 PSI, SET AT 00 PSI @ 10 GPM #1 SAE ORB 0IG ADJUSTABLE 11-170 PSI, SET AT 170 PSI @ 10 GPM #1 SAE ORB 0IH ADJUSTABLE 170-00 PSI, SET AT 00 PSI @ 10 GPM #1 SAE ORB 0IJ ADJUSTABLE 01-000 PSI, SET AT 00 PSI @ 10 GPM #1 SAE ORB STANDARD PARALLEL CIRCUIT WORk SECTIONS ALL WORk SECTIONS HAVE #10 SAE ORB PORTS, LOAD CHECKS, AND STANDARD LEVER HANDLES.
    [Show full text]
  • 486A62408f7ad47bcf13a47c860
    FPGA Optimal Implementation of PRINCE against Power Analysis Attacks PoS(ISCC 2017)039 Yi Zou 1 College of Computer Science and Technology, Hengyang Normal University Hunan Provincial Key Laboratory of Intelligent Information Processing and Application Hengyang, 421002, China E-mail: [email protected] Lang Li2 College of Computer Science and Technology, Hengyang Normal University Hengyang, 421002, China E-mail: [email protected] The algorithm PRINCE proposed in ASIACRYPT 2012 is a lightweight cipher, currently suitable for the implementation on RFID Smart Card of the IoT. It's studied to achieve the optimal implementation of PRINCE encryption algorithm, and to add a fixed random mask to enhance the anti power attacking ability of PRINCE. In this paper, we constructed the same operations into a module called PrinceRound, and used counter to control the PrinceRound module, while the same round operation runs repeatedly. As a result, it can save registers and effectively reduce the amount of computation. Furthermore, we used a special method by adding the random mask to S-box. The experimental results show that the optimized PRINCE occupies area 9.8% fewer than original PRINCE on FPGA and the encryption with a fixed random mask can run correctly. Last but not least, our research is the first one about the implementation of PRINCE algorithm on FPGA, and can serve as a reference for further application of IOT encryption. ISCC 2017 16-17 December 2017 Guangzhou, China 1Yi Zou(1983-),M.S.,Lecturer, Her research interests include embedded system and information security. 2This research is supported by the Scientific Research Fund of Hunan Provincial Education Department with Grant(15C0203), Industry university research project of Hengyang Normal University (No.
    [Show full text]
  • Blockcipher-Based Authenticated Encryption: How Small Can We Go? ‹
    Blockcipher-based Authenticated Encryption: How Small Can We Go? ‹ Avik Chakraborti1, Tetsu Iwata2, Kazuhiko Minematsu3, and Mridul Nandi4 1 NTT Secure Platform Laboratories, Japan, [email protected] 2 Nagoya University, Japan, [email protected] 3 NEC Corporation, Japan, [email protected] 4 Applied Statistics Unit, Indian Statistical Institute, Kolkata, [email protected] Abstract. This paper presents a lightweight blockcipher based authen- ticated encryption mode mainly focusing on minimizing the implementa- tion size, i.e., hardware gates or working memory on software. The mode is called COFB, for COmbined FeedBack. COFB uses an n-bit blockci- pher as the underlying primitive, and relies on the use of a nonce for security. In addition to the state required for executing the underlying blockcipher, COFB needs only n{2 bits state as a mask. Till date, for all existing constructions in which masks have been applied, at least n bit masks have been used. Thus, we have shown the possibility of reducing the size of a mask without degrading the security level much. Moreover, it requires one blockcipher call to process one input block. We show COFB is provably secure up to Op2n{2{nq queries which is almost up to the standard birthday bound. We first present an idealized mode iCOFB along with the details of its provable security analysis. Next, we extend the construction to the practical mode COFB. We instantiate COFB with two 128-bit blockciphers, AES-128 and GIFT-128, and present their im- plementation results on FPGAs. We present two implementations, with and without CAESAR hardware API.
    [Show full text]