atsuko miyaji jaist
play

Atsuko Miyaji JAIST Thank you very much for giving an opportunity - PowerPoint PPT Presentation

Aug 17, 2023 •208 likes •448 views

Cryptographic Approach to Enhance the Security Against Recent Threats Atsuko Miyaji JAIST Thank you very much for giving an opportunity to talk. Hope this opportunity becomes the first step of good collaboration between Taiwan and Japan

  1. Cryptographic Approach to Enhance the Security Against Recent Threats Atsuko Miyaji JAIST Thank you very much for giving an opportunity to talk. Hope this opportunity becomes the first step of good collaboration between Taiwan and Japan researchers.

  2. Outline This talk Cryptographic Approach to Enhance the Security Against Recent Real Threats. 1. Information Security for Cloud Computing 2. Public key cryptosystems 1. Elliptic Curve Cryptosystems (ECC) 2.Dominant factor of ECC, security & efficiency 3. Scalar Multiplication 4. Side Channel Attack, real recent threats 5. Approach to Achieve a Secure and Efficient cryptosystems (our new results) 6. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 2/22

  3. Information Security for Cloud Computing Customers are both excited and nervous at the prospects of Cloud Computing. Why?: Customers are also very concerned about the risks of Cloud Computing if not properly secured. Cloud Security Alliance, Top Threats to Cloud Computing V1.0 How to reduce the risk? Confidentiality: Protect a data from an outsider. Integrity: Guarantee a data consistency. Access control: Control data for users without right. Information security Encryption, Signature (Authentication) Public Key Cryptosystems In this talk, we focus on public key cryptosystems. @atsuko miyaji NSC-JST workshop / 2012.11 28 3/22

  4. Outline 2 1. Information Security for Cloud Computing 1. Information Security for Cloud Computing 1. Information Security for Cloud Computing 2. Public key cryptosystems 1. Elliptic Curve Cryptosystems (ECC) 2.Dominant factor of ECC, security & efficiency 3. Scalar Multiplication 4. Side Channel Attack, real recent threats 5. Approach to Achieve a Secure and Efficient cryptosystems (our new results) 6. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 4/22

  5. Principle of Public Key Cryptosystems Main Features ・ Encryption key ≠ Decryption key ⇒ Encryption/Decryption key is published/ kept secretly ( public key/secret key) ⇒ encryption (confidentiality) + signature (integrity/access control) + are achieved. Server Alice Integrity Access signature control verification decrypt Confidentiality encrypt secret public Solve key key difficult Security Bases Integer Factorization Problem (IF, ‘78) Discrete Logarithm Problem (DLP, ‘85) Elliptic Curve Discrete Logarithm Problem (ECDLP, ’86) @atsuko miyaji NSC-JST workshop / 2012.11 28 5/22

  6. Security Comparison between IF, DLP, and ECDLP •DLP&IF: a sub-exponential time faster than exhaustive search O(exp{(loglogp) 2/3 (log p) 1/3 }) •ECDLP: a square-root time (exhaustive search), O(p 1/2 ) (more and more) ECDLP is more efficient than DLP/IF.  Key size for IF, DLP, ECDLP to achieve a security level. [key length(bits)] 3,500 3072 2010- 3,000 2048 2,500 1536 2,000 IF 1024 1,500 DLP 1/6 1/9 1,000 256 192 224 ECDLP 160 500 0 10^12 10^16 10^20 10^24 [MIPS・year] Security level 10 2 MIPS PC × 10 10 year @atsuko miyaji NSC-JST workshop / 2012.11 28 6/22

  7. What is Elliptic Curve Cryptosystems -Elliptic Curve Discrete Logarithm Problem- A non-degenerate cubic curve E: y 2 = x 3 + ax + b (a, b ∈ F p (p>3) , 4a 3 +27b 2 ≠ 0) y Easily-executed addition is defined. E is a group. ∞ =( ∞ , ∞ ) is a zero.  A + B = (x 3 , y 3 ) (A ≠ B) x 3 = ((y 2 -y 1 )/(x 2 -x 1 )) 2 - x 1 -x 2 y 3 = (y 2 -y 1 )(x 2 -x 1 )(x 1 -x 3 )-y 1 Finite abelian group. E(F p ), F p -rational points, G ={(x,y) ∈ F p × F p | y 2 = x 3 + ax + b } ∪ { ∞ } x-times For given G, Y ∈ E(F p ), find x such Secret key ECDLP that Y = G + ・・・ +G = xG Y=xG ECC (Elliptic Curve Cryptosystems) is Public key based on ECDLP. @atsuko miyaji NSC-JST workshop / 2012.11 28 7/22

  8. Dominant Computation of ECC ・ Dominant security/computation of ECC is a scalar multiplication of kP for a secret k and given P. Y encryption kP signature x public secret key key x Y=xP @atsuko miyaji NSC-JST workshop / 2012.11 28 8/22

  9. Outline 3 1. Information Security for Cloud 1. Information Security for Cloud 1. Information Security for Cloud Computing Computing Computing 2. Public key cryptosystems 2. Public key cryptosystems 2. Public key cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 4. Scalar Multiplication 5. Side Channel Attack 6. Approach to Achieve a Secure and Efficient cryptosystems 7. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 9/22

  10. Scalar Multiplications –how to efficient & secure- kP = P + ・・・ + P ECC consists of scalar multiplication kP. k times Performance of ECC: depends on (memory, comp) of kP  efficient scalar multiplication is needed! Security of ECC: also depends on a secrecy of k in kP <Theoretically> Solve k from kP means “solve ECDLP”. <Practically> (side channel attack) Solve k during execution of kP by side channel information.  secure scalar multiplication is needed! @atsuko miyaji NSC-JST workshop / 2012.11 28 10/22

  11. General Approach to compute kP kP = 1 0 1 1 0 0 ・・・ 1 P (in binary) Scalar Multiplication Left-to-Right binary Alg Right-to-Left binary Alg L R L R Addition k = 27 = 1 1 0 1 1 k = 27 = 1 1 0 1 1 chains ((P + 2P) + 2 3 P) + 2 4 P 2(2(2(2P + P) )+P) +P Repeat:2 ・ 2 j P, Y=Y+2 j P Repeat: Y=2Y+P Addition Addition (Add), Doubling (Dbl) formulae Field Multiplication (M), Inversion (S) Arithmetic @atsuko miyaji NSC-JST workshop / 2012.11 28 11/22

  12. Layered Model for Scalar Multiplication Addition-chains Binary, Signed binary, window method # Dbl + # Add is different Addition formulae Dbl Add Coordinates Affine (A) Jacobian (J) #M+#I+#I is different. Field arithmetic Square (S) Computation cost Multiplication (M) Inversion (I) I ≫ M > S All layers have different methods with different computational cost. We investigate secure and efficient scalar multiplication.  @atsuko miyaji NSC-JST workshop / 2012.11 28 12/22

  13. Outline 4 1. Information Security for Cloud 1. Information Security for Cloud 1. Information Security for Cloud Computing Computing Computing 2. Public key cryptosystems 2. Public key cryptosystems 2. Public key cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 4. Scalar Multiplication 4. Scalar Multiplication 4. Scalar Multiplication 5. Side Channel Attack 6. Approach to Achieve a Secure and Efficient cryptosystems 7. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 13/22

  14. Scalar Multiplication Left-to-Right binary algorithm Input P, k=(k n-1 , ・・・ , k 0 ), Output kP R 0 = P, R 2 = P For i = n-2 to 0 R 0 = 2R 0 if k i = 1 then R 0 = R 0 + R 2 Add only if k i =1 Output R 0 Binary algorithm has branch instruction depends on secret-key bit k. It is subject to side-channel attacks. @atsuko miyaji NSC-JST workshop / 2012.11 28 14/22

  15. Side Channel Attack Side channel attack Obtain the secret of k by observing side channel info: Computing time, power consumption traces, etc. SPA (Single Power Analysis) : Obtain the secret of k by observing the single power analysis. regular execution without branch for a condition of k.  Safe error attack : Obtain the secret by inducing a fault during the execution of kP and checking whether the targeted instruction is fake. execution without dummy operation  @atsuko miyaji NSC-JST workshop / 2012.11 28 15/22

  16. Simple Power Analysis (SPA) Use an instruction dependent of a secret k during kP Eliminate any branch instruction of kP.  Binary algorithm double-and-add-always algorithm E, E(F p ) ∋ P x, k: secret key R 0 = P, R 2 = P R 0 = P, R 2 = P For i = n-2 to 0 For i = n-2 to 0 R 0 = 2R 0 R 0 = 2R 0 R = kP =(R x , R y ) m if k i = 1 then R 0 = R 0 + R 2 b = c k i ; R b = R b + R 2 s = (m + x R x )/k Output R 0 Output R 0 Signature generation If power consumption is measured, then branch instruction reveals the corresponding secret-key bit. Branch instruction dependent on each secret-key bit. D D D D A D A k = 1 0 0 0 1 0 1 @atsuko miyaji NSC-JST workshop / 2012.11 28 16/22

  17. Safe Error Attach (SEA) ・ One of fault attacks. Give just 1 fault. ・ Distinguish the target bit = 0 or 1 by checking the output is correct or not . double-and-add-always algorithm Addition in k i =0 is dummy. secure against SPA. k i =0 R 0 = P, R 2 = P R 0 = 2R 0 For i = n-2 to 0 Safe R 1 = R 1 + R 2 R 0 = 2R 0 Insert error Output R 0 b = c k i ; R b = R b + R 2 1 error Output R 0 k i =1 Dummy instruction R 0 = 2R 0 becomes safe error Real R 0 = R 0 + R 2 for 1 fault. error Output R 0 @atsuko miyaji NSC-JST workshop / 2012.11 28 17/22

  18. Outline 5 1. Information Security for Cloud 1. Information Security for Cloud 1. Information Security for Cloud Computing Computing Computing 2. Public key cryptosystems 2. Public key cryptosystems 2. Public key cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 4. Scalar Multiplication 4. Scalar Multiplication 4. Scalar Multiplication 5. Side Channel Attack 5. Side Channel Attack 5. Side Channel Attack 6. Approach to Achieve a Secure and Efficient cryptosystems 7. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 18/22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Precomputed Panel Solver for Aerodynamics Simulation Haoran Xie The University of Tokyo / JAIST

Precomputed Panel Solver for Aerodynamics Simulation Haoran Xie The University of Tokyo / JAIST

Precomputed Panel Solver for Aerodynamics Simulation Haoran Xie The University of Tokyo / JAIST H.XIE@JAIST 0 Aerodynamics Simulation for Graphics and Fabrication T . Martin, et al., SIGGRAPH15 J. Wejchert. SIGGRAPH91 E. Ju, et al.,

957 views • 57 slides
FROM ABENOMICS TO WOMENOMICS: WORKING WOMEN AND JAPANS ECONOMIC REVIVAL Atsuko Muraki, Vice

FROM ABENOMICS TO WOMENOMICS: WORKING WOMEN AND JAPANS ECONOMIC REVIVAL Atsuko Muraki, Vice

FROM ABENOMICS TO WOMENOMICS: WORKING WOMEN AND JAPANS ECONOMIC REVIVAL Atsuko Muraki, Vice Minister Ministry of Health, Labour and Welfare, Japan Washington D.C., September 2013 Key indices of international gender equality (2012) HDI GII

370 views • 6 slides
Dr. Tatjana Jevremovic Dr. Kazuhiko Suzuki Atsuko Nakai Ryan C. Schow Director Professor

Dr. Tatjana Jevremovic Dr. Kazuhiko Suzuki Atsuko Nakai Ryan C. Schow Director Professor

Dr. Tatjana Jevremovic Dr. Kazuhiko Suzuki Atsuko Nakai Ryan C. Schow Director Professor Project Manager Reactor Supervisor Center for Safe and Disaster-Resistant Society, Okayama University University of Utah Nuclear Engineering Program

312 views • 17 slides
ASIA PACIFIC INFORMATION SUPERHIGHWAY (AP-IS) Atsuko Okuda Chief, ICT and Development Section

ASIA PACIFIC INFORMATION SUPERHIGHWAY (AP-IS) Atsuko Okuda Chief, ICT and Development Section

ASIA PACIFIC INFORMATION SUPERHIGHWAY (AP-IS) Atsuko Okuda Chief, ICT and Development Section ICT and Disaster Risk Reduction Division ESCAP 2 Part 1: Digital Divide in Asia and the Pacific 3 52% of broadband subscribers in Asia and the

797 views • 15 slides
Search for neutrinoless double beta decay with high pressure Xenon gas TPC Atsuko K. Ichikawa

Search for neutrinoless double beta decay with high pressure Xenon gas TPC Atsuko K. Ichikawa

Search for neutrinoless double beta decay with high pressure Xenon gas TPC Atsuko K. Ichikawa Kyoto University I appreciate materials from L. Arazi, Status of the NEXT project VCI2019 S. Wang, PandaXIII high pressure xenon

257 views • 24 slides
A Study of Deadline Scheduling for Client-Server Systems on the Computational Grid Atsuko

A Study of Deadline Scheduling for Client-Server Systems on the Computational Grid Atsuko

A Study of Deadline Scheduling for Client-Server Systems on the Computational Grid Atsuko Takefusa, JSPS/TITECH Henri Casanova, UCSD/SDSC Satoshi Matsuoka, TITECH/JST Francine Berman, UCSD/SDSC http://ninf.is.titech.ac.jp/bricks/ 1 The

696 views • 28 slides
On involutive FL e - Algebras S. Jenei, H. Ono Univ. of Pcs, JKU JAIST 1

On involutive FL e - Algebras S. Jenei, H. Ono Univ. of Pcs, JKU JAIST 1

On involutive FL e - Algebras S. Jenei, H. Ono Univ. of Pcs, JKU JAIST 1 Terminology Commutative partially ordered monoids will be referred to as uninorms. Uninorms which are integral (resp. dually integral) will be

867 views • 62 slides
Neural network approach for hi histopathological diagnosis of h l i l di i f breast

Neural network approach for hi histopathological diagnosis of h l i l di i f breast

Neural network approach for hi histopathological diagnosis of h l i l di i f breast diseases with images breast diseases with images Yuichi Ishibashi (Okayama University) Atsuko Hara (Kitasato University) Atsuko Hara (Kitasato

222 views • 20 slides
Miyata Lab@JAIST Visual Computing (Procedural Modeling) Immersed Rigid Body Dynamics

Miyata Lab@JAIST Visual Computing (Procedural Modeling) Immersed Rigid Body Dynamics

Miyata Lab@JAIST Visual Computing (Procedural Modeling) Immersed Rigid Body Dynamics Realistic coupling motion among turbulence and bodies Haoran Xie Japan Advanced Institute of Science and Technology In Kent State University 12/19/2013

191 views • 16 slides
CoLL-Saigawa Nao Hirokawa (JAIST) Kiraku Shintani (JAIST) CoLL-Saigawa 1/2 CoLL-Saigawa

CoLL-Saigawa Nao Hirokawa (JAIST) Kiraku Shintani (JAIST) CoLL-Saigawa 1/2 CoLL-Saigawa

CoLL-Saigawa Nao Hirokawa (JAIST) Kiraku Shintani (JAIST) CoLL-Saigawa 1/2 CoLL-Saigawa CoLL-Saigawa CoLL (5000 LoC) LL YES/NO TRS CoLL-Saigawa CoLL (5000 LoC) LL YES/NO TRS non-LL Saigawa (3000 LoC) CoLL-Saigawa 2/2 CoLL-Saigawa

966 views • 8 slides
Distributing T EX and Friends Norbert Preining Jaist T EX Live Team Debian T EX Team Tug

Distributing T EX and Friends Norbert Preining Jaist T EX Live Team Debian T EX Team Tug

Distributing T EX and Friends Norbert Preining Jaist T EX Live Team Debian T EX Team Tug 2013, Tokyo, October 2013 Overview EX Live 2 introduction to T important configuration files infrastructure and package hierarchy

649 views • 52 slides
Comparison of server selection algorithms Toshiyuki MIYACHI toshi-m@jaist.ac.jp. Japan Advanced

Comparison of server selection algorithms Toshiyuki MIYACHI toshi-m@jaist.ac.jp. Japan Advanced

Comparison of server selection algorithms Toshiyuki MIYACHI toshi-m@jaist.ac.jp. Japan Advanced Institute of Science and Technology and WIDE Project CAIDA-WIDE Workshop, California, USA, 12 Mar 2005 p.1 Background There are many

285 views • 17 slides
Reductions in computability theory from JAIST. from a constructive point of view Andrej Bauer

Reductions in computability theory from JAIST. from a constructive point of view Andrej Bauer

1. Thanks to organizers for the invitation. 2. The first part of the work is joint with Kazuto Yoshimura Reductions in computability theory from JAIST. from a constructive point of view Andrej Bauer Kazuto Yoshimura University of Ljubljana

408 views • 30 slides
Sliding tokens on block graphs Duc A. Hoang 1 Eli Fox-Epstein 2 Ryuhei Uehara 1 1 JAIST, Japan 2

Sliding tokens on block graphs Duc A. Hoang 1 Eli Fox-Epstein 2 Ryuhei Uehara 1 1 JAIST, Japan 2

WALCOM 2017 (March 29-31, 2017, Hsinchu, Taiwan) Sliding tokens on block graphs Duc A. Hoang 1 Eli Fox-Epstein 2 Ryuhei Uehara 1 1 JAIST, Japan 2 Brown University, USA Outline Reconfiguration problems and moving tokens on graphs 1 Sliding

657 views • 32 slides
Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST

Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST

Protecting Internet Threat Monitors: A Statistical Filtering Approach Yoichi Shinoda JAIST Mapping Internet Monitors Two papers were presented/published at the 14th USENIX Security Symposium (Aug. 2005). Mapping Internet Sensors with

353 views • 9 slides
The Bellows Theorem (Proof) Giovanni Viglietta JAIST July 5, 2018 The Bellows Theorem

The Bellows Theorem (Proof) Giovanni Viglietta JAIST July 5, 2018 The Bellows Theorem

The Bellows Theorem (Proof) Giovanni Viglietta JAIST July 5, 2018 The Bellows Theorem (Proof) Bellows theorem: statement Theorem (Sabitov, 1996) The volume V of a polyhedron (of any genus) with edge lengths 1 , , e

1.22k views • 93 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
June 12, 2020 Start of Transcript David Kerr: Tena Koutou Katoa. Good morning, everyone and

June 12, 2020 Start of Transcript David Kerr: Tena Koutou Katoa. Good morning, everyone and

June 12, 2020 Start of Transcript David Kerr: Tena Koutou Katoa. Good morning, everyone and welcome to Ryman Healthcares full year results presentation for the year to 31 March 2020. My names David Kerr. I am currently the Chairman of

716 views • 27 slides
How can you get more economic growth out of your ICT? Take care of your digital divide Alain

How can you get more economic growth out of your ICT? Take care of your digital divide Alain

How can you get more economic growth out of your ICT? Take care of your digital divide Alain BOURDEAU de FONTENAY Columbia Institute for Tele-Information (CITI) Fernando BELTRAN University of Auckland ACORN/REDECOM Conference2009, Mexico

568 views • 32 slides
Bank of Cyprus Group Group Financial Results For the quarter ended 31 March 2020 Group Financial

Bank of Cyprus Group Group Financial Results For the quarter ended 31 March 2020 Group Financial

Group Financial Results for the quarter ended 31 March 2020 Bank of Cyprus Group Group Financial Results For the quarter ended 31 March 2020 Group Financial Results for the quarter ended 31 March 2020 DISCLAIMER This presentation has not been

1.17k views • 77 slides
Algorithmique arithmtique, N1MA9W11 Jean-Marc Couveignes 5 septembre 2011 Jean-Marc Couveignes

Algorithmique arithmtique, N1MA9W11 Jean-Marc Couveignes 5 septembre 2011 Jean-Marc Couveignes

Algorithmique arithmtique, N1MA9W11 Jean-Marc Couveignes 5 septembre 2011 Jean-Marc Couveignes Algorithmique arithmtique Motivation I Effective methods and issues play an important role in number theory : Diophantine equations, Agorithmic

284 views • 7 slides
The Blockchain Propagation Process Aapeli Vuorinen May 31, 2019 1 In this talk What is

The Blockchain Propagation Process Aapeli Vuorinen May 31, 2019 1 In this talk What is

The Blockchain Propagation Process Aapeli Vuorinen May 31, 2019 1 In this talk What is Bitcoin? What are blockchains and how do they work? What is the blockchain propagation process? Why does the propagation delay matter? 2

703 views • 53 slides
Team 8 - Crayowulf Philip Holmes, Peter Oostema, Noah Pirrotta 1/14 Who Are We? Peter Oostema

Team 8 - Crayowulf Philip Holmes, Peter Oostema, Noah Pirrotta 1/14 Who Are We? Peter Oostema

Team 8 - Crayowulf Philip Holmes, Peter Oostema, Noah Pirrotta 1/14 Who Are We? Peter Oostema Philip Holmes Noah Pirrotta Ben Kastner EE and CS ME ME CS 2/14 PC: Josh Tempelman Problem Design a computer cluster with mechanical

276 views • 14 slides
Verification of TweetNaCls Curve25519 Peter Schwabe, Beno t Viguier , Timmy Weerwag, Freek

Verification of TweetNaCls Curve25519 Peter Schwabe, Beno t Viguier , Timmy Weerwag, Freek

Verification of TweetNaCls Curve25519 Peter Schwabe, Beno t Viguier , Timmy Weerwag, Freek Wiedijk Journ ee GT M ethodes Formelles pour la S ecurit e March 18 th , 2019 Institute for Computing and Information Sciences

621 views • 47 slides

More recommend