DOCSLIB.ORG

Security Schemes for the OLSR Protocol for Ad Hoc Networks Daniele Raffo

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Schemes for the OLSR Protocol for Ad Hoc Networks Daniele Raffo Security Schemes for the OLSR Protocol for Ad Hoc Networks Daniele Raffo To cite this version: Daniele Raffo. Security Schemes for the OLSR Protocol for Ad Hoc Networks. Networking and Internet Architecture [cs.NI]. Université Pierre et Marie Curie - Paris VI, 2005. English. tel-00010678 HAL Id: tel-00010678 https://tel.archives-ouvertes.fr/tel-00010678 Submitted on 18 Oct 2005 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITÉ PARIS 6 – PIERRE ET MARIE CURIE discussed by Daniele Raffo on September 15, 2005 to obtain the degree of Docteur de l’Université Paris 6 Discipline: Computer Science Host laboratory: INRIA Rocquencourt Security Schemes for the OLSR Protocol for Ad Hoc Networks Thesis Director: Dr. Paul Mühlethaler Jury Reviewers: Dr. Ana Cavalli Institut National des Télécommunications Dr. Ahmed Serhrouchni Ecole Nationale Supérieure des Télécommunications Examiners: Dr. François Baccelli Ecole Normale Supérieure Dr. François Morain Ecole Polytechnique Dr. Paul Mühlethaler INRIA Rocquencourt Dr. Guy Pujolle Université Paris 6 Guests: Dr. Daniel Augot INRIA Rocquencourt Dr. Philippe Jacquet INRIA Rocquencourt THÈSE DE DOCTORAT DE L’UNIVERSITÉ PARIS 6 – PIERRE ET MARIE CURIE présentée par Daniele Raffo le 15 Septembre 2005 pour obtenir le grade de Docteur de l’Université Paris 6 Spécialité: Informatique Laboratoire d’accueil: INRIA Rocquencourt Schémas de sécurité pour le protocole OLSR pour les réseaux ad hoc Directeur de Thèse: M. Paul Mühlethaler Jury Rapporteurs: Mme Ana Cavalli Institut National des Télécommunications M. Ahmed Serhrouchni Ecole Nationale Supérieure des Télécommunications Examinateurs: M. François Baccelli Ecole Normale Supérieure M. François Morain Ecole Polytechnique M. Paul Mühlethaler INRIA Rocquencourt M. Guy Pujolle Université Paris 6 Invités: M. Daniel Augot INRIA Rocquencourt M. Philippe Jacquet INRIA Rocquencourt Dedicated to the memory of my grandfather Vincenzo Abstract Within the domain of wireless computer networks, this thesis examines the security issues related to protection of packet routing in ad hoc networks (MANETs). This thesis classifies the different possible attacks and examines in detail the case of OLSR (Optimized Link State Routing protocol). We propose a security architec- ture based on adding a digital signature, as well as more advanced techniques such as: reuse of previous topology information to validate the actual link state, cross- check of advertised routing control data with the node’s geographical position, and intra-network misbehavior detection and elimination via flow coherence control or passive listening. Countermeasures in case of compromised routers are also pre- sented. This thesis also assesses the practical problems concerning the choice of a suitable symmetric or asymmetric cipher, the alternatives for the algorithm of cryptographic keys distribution, and the selection of a method for signature times- tamping. Keywords Ad hoc network, routing, link state, OLSR, security, digital signature Résumé Cette thèse examine les problématiques de sécurité liées à la protection du routage dans les réseaux ad hoc (MANETs). La thèse classifie les différentes attaques qui peuvent être portées et examine en détail le cas du protocole OLSR (Optimized Link State Routing). Une architecture de sécurisation basée sur l’ajout d’une sig- nature numérique est étudiée et proposée. D’autres contre-mesures plus élaborées sont également présentées. Ces dernières incluent: la réutilisation d’informations topologiques précédentes pour valider l’état de lien actuel, l’évaluation de la véridic- ité des messages par analyse croisée avec la position géographique d’un noeud, et la détection des comportements suspects à l’intérieur du réseau par le contrôle de cohérence des flux ou l’écoute passif. La thèse analyse aussi les problèmes pratiques liées à la choix de l’algorithme de signature et la distributions des clés cryptographiques, et propose aussi des parades même en présence de noeuds com- promis. Mots clés Réseau ad hoc, routage, état de lien, OLSR, sécurité, signature numérique Contents Contents 9 Foreword 13 1 Introduction to wireless networking 16 1.1 Standards . 16 1.1.1 IEEE 802.11 . 17 1.1.2 HiperLAN . 18 1.1.3 Bluetooth . 18 1.2 Architecture . 18 1.2.1 BSS mode . 19 1.2.2 IBSS mode . 19 1.2.3 Ad hoc network . 19 1.3 Advantages and disadvantages . 20 1.4 Routing protocols for ad hoc networks . 23 1.4.1 Reactive protocols . 23 1.4.2 Proactive protocols . 24 1.4.3 Hybrid protocols . 25 1.4.4 The Optimized Link State Routing protocol . 26 2 System security 32 2.1 Cryptography basics . 33 2.1.1 Symmetric cryptography . 34 2.1.2 Asymmetric cryptography . 36 2.1.3 Symmetric vs. asymmetric cryptography . 38 3 Attacks against ad hoc networks 40 3.1 Attacks against the routing layer in MANETs . 40 3.1.1 Incorrect traffic generation . 41 3.1.2 Incorrect traffic relaying . 42 3.2 Attacks against the OLSR protocol . 44 3.2.1 Incorrect traffic generation . 45 3.2.2 Incorrect traffic relaying . 47 3.3 Summary of routing attacks . 49 10 CONTENTS 4 Security in ad hoc networks: basic mechanisms 51 4.1 Protection of the routing protocol . 51 4.2 State of the art . 52 4.2.1 IPsec . 52 4.2.2 Routing protocols using digests or signatures . 53 4.2.3 Other solutions . 55 4.3 Secured versions of OLSR . 56 4.3.1 Packet protection . 57 4.3.2 Message protection . 57 4.3.3 Trust Metric Routing . 57 5 The OLSR signature message 59 5.1 Specifications . 59 5.1.1 Format of the signature message . 61 5.1.2 The timestamp . 63 5.1.3 The signature algorithms . 63 5.1.4 Applicability to control messages . 64 5.1.5 Optional features . 65 5.1.6 Interoperability with standard OLSR . 65 5.2 Modifications to the standard OLSR protocol . 65 5.2.1 Sending a signed control message . 66 5.2.2 Changes to the Duplicate Set . 66 5.2.3 Receiving and checking a signed control message . 66 5.3 Resilience . 68 5.4 Overhead . 68 5.4.1 Message sizes for the standard OLSR . 69 5.4.2 Message sizes for OLSR with signatures . 70 5.4.3 Flowrates . 70 5.4.4 Comparison with other solutions . 70 6 Cryptosystems for the ad hoc environment 73 6.1 Requirements . 73 6.2 Algorithm analysis . 74 6.2.1 Benchmarks . 74 6.3 Key management . 76 6.3.1 Threshold cryptography . 76 6.3.2 Self-organized PKI . 77 6.3.3 Identity-based cryptosystems . 77 6.3.4 Imprinting . 77 6.3.5 Probabilistic key distribution . 78 6.3.6 Diffie-Hellman key agreement . 78 6.3.7 A simple PKI for OLSR . 78 CONTENTS 11 7 Timestamps 83 7.1 No timestamps . 84 7.2 Real-time timestamps . 85 7.3 Non-volatile timestamps . 86 7.4 Clock synchronization . 87 7.4.1 Timestamp exchange protocol . 88 8 Security in ad hoc networks: advanced mechanisms 92 8.1 Compromised nodes . 92 9 Using multiple signatures in OLSR 94 9.1 Topology continuity . 94 9.2 Link Atomic Information . 95 9.3 Required proofs . 96 9.4 The Certiproof Table . 97 9.5 The ADVSIG message . 98 9.6 The protocol . 100 9.6.1 Implementation of the algorithm . 101 9.6.2 Outline of the algorithm . 101 9.6.3 Detailed algorithm . 102 9.7 Overhead . 104 9.8 Resilience and remaining vulnerabilities . 105 10 Using information about node location 107 10.1 State of the art . 107 10.2 GPS-OLSR . 108 10.2.1 Specifications . 108 10.2.2 Resilience . 110 10.2.3 The protocol . 111 10.3 Using a directional antenna to obtain extended accuracy . 112 10.4 Numerical evaluation . 113 10.5 Overhead . 114 11 Detecting bad behaviors 116 11.1 State of the art . 116 11.1.1 Watchdog/Pathrater . 117 11.1.2 CONFIDANT . 118 11.1.3 WATCHERS . 118 11.2 A trust system for OLSR . 118 11.2.1 Specifications . 119 11.2.2 Punishment and reward . 120 11.2.3 Detection of a misbehaving node: countermeasures . 121 11.2.4 Variations on the theme of trust evaluation . 121 11.2.5 Precise checks on flow conservation . 122 12 CONTENTS 11.3 A last word about enforcing security . 123 12 Conclusion 126 12.1 Foresights . 127 A Résumé détaillé de la thèse 128 A.1 Introduction aux réseaux sans fil . 128 A.1.1 Les protocoles de routage pour les réseaux ad hoc . 128 A.1.2 Le protocole OLSR . 129 A.2 Sécurité des systèmes . 129 A.3 Attaques contre les réseaux ad hoc . 130 A.3.1 Attaques contre les MANETs au niveau du routage . 130 A.3.2 Attaques contre le protocole OLSR . 132 A.4 Sécurité dans les réseaux ad hoc: mécanismes de base . 133 A.4.1 Protection du protocole de routage . 134 A.5 Le message de signature dans OLSR . 134 A.5.1 Spécifications du projet . 134 A.5.2 Modifications du protocole OLSR standard . 135 A.6 Systèmes cryptographiques pour les environnements ad hoc . 136 A.6.1 La gestion des clés . 136 A.7 Estampillage temporel . 137 A.8 Sécurité dans les.
Load more

Recommended publications
  • Efficient Implementation of Elliptic Curve Cryptography in Reconfigurable Hardware
    EFFICIENT IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY IN RECONFIGURABLE HARDWARE by E-JEN LIEN Submitted in partial fulfillment of the requirements for the degree of Master of Science Thesis Advisor: Dr. Swarup Bhunia Department of Electrical Engineering and Computer Science CASE WESTERN RESERVE UNIVERSITY May, 2012 CASE WESTERN RESERVE UNIVERSITY SCHOOL OF GRADUATE STUDIES We hereby approve the thesis/dissertation of _____________________________________________________E-Jen Lien candidate for the ______________________degreeMaster of Science *. Swarup Bhunia (signed)_______________________________________________ (chair of the committee) Christos Papachristou ________________________________________________ Frank Merat ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ (date) _______________________03/19/2012 *We also certify that written approval has been obtained for any proprietary material contained therein. To my family ⋯ Contents List of Tables iii List of Figures v Acknowledgements vi List of Abbreviations vii Abstract viii 1 Introduction 1 1.1 Research objectives . .1 1.2 Thesis Outline . .3 1.3 Contributions . .4 2 Background and Motivation 6 2.1 MBC Architecture . .6 2.2 Application Mapping to MBC . .7 2.3 FPGA . .9 2.4 Mathematical Preliminary . 10 2.5 Elliptic Curve Cryptography . 10 2.6 Motivation . 16 i 3 Design Principles and Methodology 18 3.1 Curves over Prime Field . 18 3.2 Curves over Binary Field . 25 3.3 Software Code for ECC . 31 3.4 RTL code for FPGA design . 31 3.5 Input Data Flow Graph (DFG) for MBC . 31 4 Implementation of ECC 32 4.1 Software Implementation . 32 4.1.1 Prime Field . 33 4.1.2 Binary Field . 34 4.2 Implementation in FPGA . 35 4.2.1 Prime Field . 36 4.2.2 Binary Field .
    [Show full text]
  • A High-Speed Constant-Time Hardware Implementation of Ntruencrypt SVES
    A High-Speed Constant-Time Hardware Implementation of NTRUEncrypt SVES Farnoud Farahmand, Malik Umar Sharif, Kevin Briggs, Kris Gaj Department of Electrical and Computer Engineering, George Mason University, Fairfax, VA, U.S.A. fffarahma, msharif2, kbriggs2, [email protected] process a year later. Among the candidates, there are new, Abstract—In this paper, we present a high-speed constant- substantially modified versions of NTRUEncrypt. However, in time hardware implementation of NTRUEncrypt Short Vector an attempt to characterize an already standardized algorithm, Encryption Scheme (SVES), fully compliant with the IEEE 1363.1 Standard Specification for Public Key Cryptographic Techniques in this paper, we focus on the still unbroken version of the Based on Hard Problems over Lattices. Our implementation algorithm published in 2008. We are not aware of any previous follows an earlier proposed Post-Quantum Cryptography (PQC) high-speed hardware implementation of the entire NTRUEn- Hardware Application Programming Interface (API), which crypt SVES scheme reported in the scientific literature or facilitates its fair comparison with implementations of other available commercially. Our implementation is also unique in PQC schemes. The paper contains the detailed flow and block diagrams, timing analysis, as well as results in terms of latency (in that it is the first implementation of any PQC scheme following clock cycles), maximum clock frequency, and resource utilization our newly proposed PQC Hardware API [3]. As such, it in modern high-performance Field Programmable Gate Arrays provides a valuable reference for any future implementers of (FPGAs). Our design takes full advantage of the ability to paral- PQC schemes, which is very important in the context of the lelize the major operation of NTRU, polynomial multiplication, in ongoing NIST standard candidate evaluation process.
    [Show full text]
  • Overlaymeter: Robust System-Wide Monitoring and Capacity-Based Search in Peer-To-Peer Networks
    OverlayMeter: Robust System-wide Monitoring and Capacity-based Search in Peer-to-Peer Networks Inaugural-Dissertation zur Erlangung des Doktorgrades der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf vorgelegt von Andreas Disterhöft aus Duschanbe in Tadschikistan Düsseldorf, März 2018 aus dem Institut für Informatik der Heinrich-Heine-Universität Düsseldorf Gedruckt mit der Genehmigung der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf Berichterstatter: 1. Jun.-Prof. Dr.-Ing. Kalman Graffi 2. Prof. Dr. Michael Schöttner Tag der mündlichen Prüfung: 24.09.2018 Abstract In the last decade many peer-to-peer research activities have taken place. Applications using the peer-to-peer paradigm are present and their traffic, depending on the region, accounts fora significant proportion of the total traffic on the Internet. The defined goal of the systemsisto deliver a certain quality of service, which is a challenge in decentralized systems. This is due to the fact that participants have to make decisions based on their locally available information. In order to make the best decisions, a solid and extensive data basis is indispensable. For this purpose the literature on the field of p2p networks proposes monitoring the system, an approach that we follow in this work. Monitoring refers to the gathering and dissemination of system- and peer-specific data. This dissertation deals with open research questions for the improvement and extension of monitoring approaches. Furthermore, issues to simplify procedures for putting such peer-to-peer systems into operation are addressed in this work. In the first part we deal with monitoring procedures in the system-specific context.
    [Show full text]
  • FIDO Technical Glossary
    Client to Authenticator Protocol (CTAP) Implementation Draft, February 27, 2018 This version: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id- 20180227.html Previous Versions: https://fidoalliance.org/specs/fido-v2.0-ps-20170927/ Issue Tracking: GitHub Editors: Christiaan Brand (Google) Alexei Czeskis (Google) Jakob Ehrensvärd (Yubico) Michael B. Jones (Microsoft) Akshay Kumar (Microsoft) Rolf Lindemann (Nok Nok Labs) Adam Powers (FIDO Alliance) Johan Verrept (VASCO Data Security) Former Editors: Matthieu Antoine (Gemalto) Vijay Bharadwaj (Microsoft) Mirko J. Ploch (SurePassID) Contributors: Jeff Hodges (PayPal) Copyright © 2018 FIDO Alliance. All Rights Reserved. Abstract This specification describes an application layer protocol for communication between a roaming authenticator and another client/platform, as well as bindings of this application protocol to a variety of transport protocols using different physical media. The application layer protocol defines requirements for such transport protocols. Each transport binding defines the details of how such transport layer connections should be set up, in a manner that meets the requirements of the application layer protocol. Table of Contents 1 Introduction 1.1 Relationship to Other Specifications 2 Conformance 3 Protocol Structure 4 Protocol Overview 5 Authenticator API 5.1 authenticatorMakeCredential (0x01) 5.2 authenticatorGetAssertion (0x02) 5.3 authenticatorGetNextAssertion (0x08) 5.3.1 Client Logic 5.4 authenticatorGetInfo (0x04)
    [Show full text]
  • White-Box Implementation of the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography
    IEICE TRANS. INF. & SYST., VOL.E103–D, NO.2 FEBRUARY 2020 188 INVITED PAPER Special Section on Security, Privacy, Anonymity and Trust in Cyberspace Computing and Communications White-Box Implementation of the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography Yudi ZHANG†,††, Debiao HE†,††a), Xinyi HUANG†††,††††, Ding WANG††,†††††, Kim-Kwang Raymond CHOO††††††, Nonmembers, and Jing WANG†,††, Student Member SUMMARY Unlike black-box cryptography, an adversary in a white- box security model has full access to the implementation of the crypto- graphic algorithm. Thus, white-box implementation of cryptographic algo- rithms is more practical. Nevertheless, in recent years, there is no white- box implementation for public key cryptography. In this paper, we propose Fig. 1 A typical DRM architecture the first white-box implementation of the identity-based signature scheme in the IEEE P1363 standard. Our main idea is to hide the private key to multiple lookup tables, so that the private key cannot be leaked during the algorithm executed in the untrusted environment. We prove its security in both black-box and white-box models. We also evaluate the performance gram. However, the adversary does not have the permis- of our white-box implementations, in order to demonstrate utility for real- sion to access the internal process of the program’s execu- world applications. tion. In practice, an adversary can also observe and mod- key words: white-box implementation, white-box security, IEEE P1363, ify the algorithm’s implementation to obtain the internal de- identity-based signature, key extraction tails, such as the secret key.
    [Show full text]
  • Adaptive Distributed Firewall Using Intrusion Detection Lars Strand
    UNIVERSITY OF OSLO Department of Informatics Adaptive distributed firewall using intrusion detection Lars Strand UniK University Graduate Center University of Oslo lars (at) unik no 1. November 2004 ABSTRACT Conventional firewalls rely on a strict outside/inside topology where the gateway(s) enforce some sort of traffic filtering. Some claims that with the evolving connectivity of the Internet, the tradi- tional firewall has been obsolete. High speed links, dynamic topology, end-to-end encryption, threat from internal users are all issues that must be addressed. Steven M. Bellovin was the first to propose a “distributed firewall” that addresses these shortcomings. In this master thesis, the design and implementation of a “distributed firewall” with an intrusion detection mechanism is presented using Python and a scriptable firewall (IPTables, IPFW, netsh). PREFACE This thesis is written as a part of my master degree in Computer Science at the University of Oslo, Department of Informatics. The thesis is written at the Norwegian Defence Research Establishment (FFI). Scripting has been one of my favourite activities since I first learned it. Combined with the art of Computer Security, which I find fascinating and non-exhaustive, it had to be an explosive combina- tion. My problem next was to find someone to supervise me. This is where Professor Hans Petter Langtangen at Simula Research Laboratory and Geir Hallingstad, researcher at FFI, stepped in. Hans Petter Langtangen is a masterful scripting guru and truly deserves the title “Hacker”. Geir Hallingstad is expert in the field of computer/network security and gave valuable input and support when designing this prototype.
    [Show full text]
  • IEEE P1363.3 Standard Specifications for Public Key Cryptography
    IEEE P1363.3 D1 IBKAS January 29, 2008 IEEE P1363.3 Standard Specifications for Public Key Cryptography: Identity Based Key Agreement Scheme (IBKAS) Abstract. This document specifies pairing based, identity based, and authenticated key agreement techniques. One of the advantages of Identity Based key agreement techniques is that there is no public key transmission and verification needed. Contents 1. DEFINITIONS ......................................................................................................................................... 2 2. TYPES OF CRYPTOGRAPHIC TECHNIQUES ................................................................................ 2 2.1 GENERAL MODEL .................................................................................................................................. 2 2.2 PRIMITIVES............................................................................................................................................ 2 2.3 SCHEMES ............................................................................................................................................... 3 2.4 ADDITIONAL METHODS ......................................................................................................................... 3 2.5 TABLE SUMMARY.................................................................................................................................. 3 3. PRIMITIVES FOR IDENTITY BASED KEY AGREEMENT PROBLEM...................................... 4 3.1 PRIMITIVES BORROWED FROM
    [Show full text]
  • IEEE P1363.2: Password-Based Cryptography
    IEEE P1363.2: Password-based Cryptography David Jablon CTO, Phoenix Technologies NIST PKI TWG - July 30, 2003 What is IEEE P1363.2? • “Standard Specification for Password-Based Public-Key Cryptographic Techniques” • Proposed standard • Companion to IEEE Std 1363-2000 • Product of P1363 Working Group • Open standards process PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 2 One of several IEEE 1363 standards • Std 1363-2000 • Sign, Encrypt, Key agreem’t, using IF, DL, & EC families • P1363a • Same goals & families as 1363-2000 • P1363.1: Lattice family • Same goals as 1363-2000, Different family • P1363.2: Password-based • Same families • More ambitious goals PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 3 Scope of P1363.2 • Modern “zero knowledge” password methods • Uses public key techniques • Uses two or more parties • Needs no other infrastructure • Authenticated key establishment • Resists attack on low-grade secrets • passwords, password-derived keys, PINs, ... PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 4 Rationale (1) • Why low-grade secrets? • People have trouble with high-grade keys • storage -- memorizing • input -- attention to detail • output -- typing • Passwords are ubiquitous • Easy for people to memorize, recognize, and type. • Reduce security/convenience tradeoffs. PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 5 Rationale (2) • Why use public-key techniques? • Symmetric methods can’t do it. • Why new methods? • Different than symmetric, hash, or other PK crypto. • AES, SHA-1, DH, and RSA can’t do it alone. PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 6 Chosen Password Quality Summarized from Distribution Morris & Thompson ‘79, Klein ‘90, Spafford ‘92 0 30 or so 60 or so Password Entropy (bits) History of protocols that fail to dictionary attack (or worse) • Clear text password π • Password as a key Eπ (verifiable text) • (e.g.
    [Show full text]
  • Addressing Contents
    IPv4 - Wikipedia, the free encyclopedia Página 1 de 12 IPv4 From Wikipedia, the free encyclopedia The five-layer TCP/IP model Internet Protocol version 4 is the fourth iteration of 5. Application layer the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. IPv4 is the dominant DHCP · DNS · FTP · Gopher · HTTP · network layer protocol on the Internet and apart from IMAP4 · IRC · NNTP · XMPP · POP3 · IPv6 it is the only standard internetwork-layer protocol SIP · SMTP · SNMP · SSH · TELNET · used on the Internet. RPC · RTCP · RTSP · TLS · SDP · It is described in IETF RFC 791 (September 1981) SOAP · GTP · STUN · NTP · (more) which made obsolete RFC 760 (January 1980). The 4. Transport layer United States Department of Defense also standardized TCP · UDP · DCCP · SCTP · RTP · it as MIL-STD-1777. RSVP · IGMP · (more) 3. Network/Internet layer IPv4 is a data-oriented protocol to be used on a packet IP (IPv4 · IPv6) · OSPF · IS-IS · BGP · switched internetwork (e.g., Ethernet). It is a best effort IPsec · ARP · RARP · RIP · ICMP · protocol in that it does not guarantee delivery. It does ICMPv6 · (more) not make any guarantees on the correctness of the data; 2. Data link layer It may result in duplicated packets and/or packets out- 802.11 · 802.16 · Wi-Fi · WiMAX · of-order. These aspects are addressed by an upper layer ATM · DTM · Token ring · Ethernet · protocol (e.g., TCP, and partly by UDP). FDDI · Frame Relay · GPRS · EVDO · HSPA · HDLC · PPP · PPTP · L2TP · Contents ISDN · (more) 1. Physical layer
    [Show full text]
  • The Martini Synch
    The Martini Synch Darko Kirovski, Michael Sinclair, and David Wilson Microsoft Research Contact: {darkok,sinclair,dbwilson}@microsoft.com Technical Report MSR-TR-2007-123 September 2007 Microsoft Research One Microsoft Way Redmond, WA 98052, USA http://research.microsoft.com The Martini Synch Darko Kirovski, Michael Sinclair, and David Wilson Microsoft Research Abstract. Device pairing is a significant problem for a large class of increasingly popular resource-constrained wireless protocols such as BlueTooth. The objective of pairing is to establish a secure wireless communication channel between two specific devices without a public-key infrastructure, a secure near-field communi- cation channel, or electrical contact. We use a surprising user-device interaction as a solution to this problem. By adding an accelerometer, a device can sense its motion in a Cartesian space relative to the inertial space. The idea is to have two devices in a fixed, relative position to each other. Then, the joint object is moved randomly in 3D for several seconds. The unique motion generates approximately the same distinct signal at the accelerometers. The difference between the signals in the two inertially conjoined sensors should be relatively small under normal motion induced manually. The objective is to derive a deterministic key at both sides with maximized entropy that will be used as a private key for symmetric encryption. Currently, our prototype produces between 10–15 bits of entropy per second of usual manual motion using off-the-shelf components. Keywords: device pairing, key exchange, fuzzy hashing, error correction. 1 INTRODUCTION Establishing a secure session is one of the least efficiently resolved problems with mod- ern low-cost wireless protocols such as BlueTooth [1].
    [Show full text]
  • A Low-Power Design for an Elliptic Curve Digital Signature Chip
    A Low-Power Design for an Elliptic Curve Digital Signature Chip Richard Schroeppel, Cheryl Beaver, Rita Gonzales, Russell Miller, and Timothy Draelos Sandia National Laboratories Albuquerque, NM 87185-0785 {rschroe, cbeaver, ragonza, rdmille, tjdrael}@sandia.gov Abstract. We present a VHDL design that incorporates optimizations intended to provide digital signature generation with as little power, space, and time as possible. These three primary objectives of power, size, and speed must be balanced along with other important goals, including flexibility of the hardware and ease of use. The highest-level function offered by our hardware design is Elliptic Curve Optimal El Gamal digital signature generation. Our parameters are defined over the finite field GF (2178), which gives security that is roughly equivalent to that provided by 1500-bit RSA signatures. Our optimizations include using the point-halving algorithm for elliptic curves, field towers to speed up the finite field arithmetic in general, and further enhancements of basic finite field arithmetic operations. The result is a synthesized VHDL digital signature design (using a CMOS 0.5µm,5V ,25◦C library) of 191,000 gates that generates a signature in 4.4 ms at 20 MHz. Keywords: Digital Signature, Elliptic Curve, ECDSA, Optimal El Gamal, Characteristic 2, Field Towers, Trinomial Basis, Quadratic Equa- tion, Qsolve, Almost-Inverse Algorithm, Point Halving, Signed Sliding Window, GF(289), GF(2178), Hardware, VHDL, Low Power 1 Introduction While the value of elliptic curve arithmetic in enabling public-key cryptography to serve in resource-constrained environments is well accepted, efforts in cre- ative implementations continue to bear fruit.
    [Show full text]
  • FPGA Implementation of Post-Quantum Cryptography Recommended by NIST
    University of Windsor Scholarship at UWindsor Electronic Theses and Dissertations Theses, Dissertations, and Major Papers 3-10-2021 FPGA Implementation of Post-Quantum Cryptography Recommended by NIST Xi Gao University of Windsor Follow this and additional works at: https://scholar.uwindsor.ca/etd Recommended Citation Gao, Xi, "FPGA Implementation of Post-Quantum Cryptography Recommended by NIST" (2021). Electronic Theses and Dissertations. 8556. https://scholar.uwindsor.ca/etd/8556 This online database contains the full-text of PhD dissertations and Masters’ theses of University of Windsor students from 1954 forward. These documents are made available for personal study and research purposes only, in accordance with the Canadian Copyright Act and the Creative Commons license—CC BY-NC-ND (Attribution, Non-Commercial, No Derivative Works). Under this license, works must always be attributed to the copyright holder (original author), cannot be used for any commercial purposes, and may not be altered. Any other use would require the permission of the copyright holder. Students may inquire about withdrawing their dissertation and/or thesis from this database. For additional inquiries, please contact the repository administrator via email ([email protected]) or by telephone at 519-253-3000ext. 3208. FPGA Implementation of Post-Quantum Cryptography Recommended by NIST by Xi Gao A Thesis Submitted to the Faculty of Graduate Studies through Electrical and Computer Engineering in Partial Fulfilment of the Requirements for the Degree of Master of Applied Science at the University of Windsor Windsor, Ontario, Canada 2021 © 2021, Xi Gao FPGA Implementation of Post-Quantum Cryptography Recommended by NIST by Xi Gao APPROVED BY: X.
    [Show full text]