cryptography made to measure
play

Cryptography Made to Measure Workshop on Applied Cryptography Matt - PowerPoint PPT Presentation

Apr 15, 2023 •229 likes •601 views

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs A New Kind of Network Telecommunication companies like France Tlcom / Orange are

  1. Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs

  2. A New Kind of Network … � Telecommunication companies like France Télécom / Orange are used to managing networks; typically on a global scale � However we now see the emergence of new types of networks � Sensor networks … c apillary networks … personal area networks … supply chain logistics … m2m … Internet of Things … RFID tags … � The pervasive nature of future deployments will have profound societal impacts … Cryptograpy Made to Measure – Matt Robshaw (2) Orange Labs

  3. RFID Tags – The Issue(s) � We expect RFID tags to be deployed widely … and an RFID tag identifies itself to anyone who asks � But do we (personally) want this ? � What safeguards do we need to satisfy confidentiality and/or privacy goals ? � On the positive side, can we leverage the fact that RFID tags will soon be attached to every item ? � Would it cost much more to also authenticate the tag (and product) ? Cryptograpy Made to Measure – Matt Robshaw (3) Orange Labs

  4. UHF Tags � These are small, cheap, communicating devices � No internal power source � Operational range of 4-8 m � Multi-tag environments � Multi-reader environments � Close to 100% reliability � These are very different from HF devices � Public transport ticketing, NFC, … � Much shorter operational range and more power � ISO 14443-x, 15693 Cryptograpy Made to Measure – Matt Robshaw (4) Orange Labs

  5. RFID Year Zero ? � RFID solutions have been deployed for a long time � Livestock monitoring � Access control � Public transport ticketing � Academic "Year zero" for RFID tags is 1999 � Auto-ID Center was established at MIT • Goal: RFID tags that can be read at a distance and yet are cheap enough to allow the tracking of individual items � Commercialisation continues via EPCglobal (now within GS1) • research continues in dedicated Auto-ID Labs • … and the broader academic community Cryptograpy Made to Measure – Matt Robshaw (5) Orange Labs

  6. RFID Tags – The Challenge � When adding any functionality to an RFID tag, the challenge is to find the appropriate trade-off … cost benefit space speed bandwidth power consumption Cryptograpy Made to Measure – Matt Robshaw (6) Orange Labs

  7. The Academic Path privacy protocols authentication protocols new algorithms theoretical foundations xor cryptography substantiated proposals problem statement ad hoc proposals ◆ ◆ ◆ ◆ time Cryptograpy Made to Measure – Matt Robshaw (7) Orange Labs

  8. Cryptographic Techniques Authentication (Tag/Reader) Privacy Algorithm-based Algorithm-based Protocols Hard problem-based (symmetric) Hard problem-based (symmetric) Hard problem-based (asymmetric) Hard problem-based (asymmetric) Symmetric (secret key) Asymmetric (public key) Block ciphers Encryption Stream ciphers Digital signatures Algorithms Message authentication codes Hash functions Cryptograpy Made to Measure – Matt Robshaw (8) Orange Labs

  9. The Academic Path privacy protocols authentication protocols new algorithms theoretical foundations xor cryptography substantiated proposals problem statement ad hoc proposals ◆ ◆ ◆ ◆ time Cryptograpy Made to Measure – Matt Robshaw (9) Orange Labs

  10. Block Ciphers � Block ciphers provide a family of permutations under the action of a secret key � The important parameters are the key and the block size � These give fundamental space requirements key cipher plaintext ciphertext � With a block cipher we can build other components/protocols Cryptograpy Made to Measure – Matt Robshaw (10) Orange Labs

  11. GE Clefia 4000 XTEA SEA AES AES (encrypt only) HIGHT 3000 mCRYPTON NOEKEON-2010 TEA DES DESXL 2000 DESL CGEN PRESENT 1000 KATAN GOST-PS KTANTAN PRINTcipher 2002 2004 2006 2008 2010 Cryptograpy Made to Measure – Matt Robshaw (11) Orange Labs

  12. Sizes of Block Ciphers Block Size Key Size Area Speed Efficiency (bits) (bits) (GE) (bits/cycle) (Kbps/GE) AES 128 128 3400 0.13 3.3 HIGHT 64 128 3048 1.88 61.8 mCRYPTON 64 128 2500 4.92 203.4 TEA 64 128 2355 1.00 42.5 DES 64 56 2300 0.44 19.1 DESXL 64 184 2168 0.44 20.3 PRESENT 64 80 1570 2.00 127.4 PRESENT 64 80 1000 0.11 11.4 KATAN64 64 80 1054 0.25 23.8 KATAN32 32 80 802 0.13 16.2 KTANTAN64 64 80 688 0.25 36.4 KTANTAN32 32 80 462 0.13 28.1 PRINTcipher 48 80 402 0.06 15.5 Cryptograpy Made to Measure – Matt Robshaw (12) Orange Labs

  13. Academia ↔ Industry � The search for lightweight ciphers has helped focused attention on the role of the key schedule � Application-specific considerations can help � Do we need both encryption and decryption ? � Do we need to worry about related-key attacks ? � Do we need to change the key ? � A better understanding of security that's "fit for purpose" � Overall, some very promising proposals Cryptograpy Made to Measure – Matt Robshaw (13) Orange Labs

  14. Stream Ciphers � If you have a block cipher, you have a stream cipher, e.g. PRESENT in OFB or counter mode � But dedicated stream ciphers have the reputation of being smaller and faster than block ciphers � One of the goals of eSTREAM was to explore this issue … � A project within ECRYPT Framework 6 NoE to promote dedicated stream ciphers designs � A particular focus on compact HW implementation � Tim Good (University of Sheffield) implemented all HW finalists Cryptograpy Made to Measure – Matt Robshaw (14) Orange Labs

  15. eSTREAM Cryptograpy Made to Measure – Matt Robshaw (15) Orange Labs

  16. Academia ↔ Industry � Real progress in the design of HW-oriented stream ciphers � Before: Area (GE) RC4 ≈ 12000 Widely used ( e.g. TLS) SNOW 2.0 ISO Standardised 7000 Key Size Area Speed Efficiency � Now: (bits) (GE) (bits/cycle) (Kbps/GE) AES 128 3400 0.1 2.9 PRESENT 80 1570 2.0 127.4 Grain v1 80 1294 1.0 77.3 Grain v1 (x 8) 80 2191 8.0 365.1 Trivium 80 2580 1.0 38.8 Trivium (x 8) 80 2952 8.0 271.0 Cryptograpy Made to Measure – Matt Robshaw (16) Orange Labs

  17. MACs and Hash � A message authentication code is a cryptographic checksum � A short finger-print computed under the action of a secret key � Typically we would use a block cipher in an appropriate mode � There are dedicated solutions but they are often proprietary � One public solution was SQUASH � Hash functions compute a finger-print without a secret key and yet offer 1st/2nd pre-image resistance, collision-resistance, … � The security (should) depend on the output size � Hash functions today are PC-efficient but no use for tags � (This won't change with the NIST SHA-3 competition) Cryptograpy Made to Measure – Matt Robshaw (17) Orange Labs

  18. Typical Hash Functions in HW � The hardware performance of typical hash functions Output Length Area Speed Efficiency (bits) (GE) (bits/cycle) (Kbps/GE) MD4 128 7350 1.1 15.0 MD5 128 8400 0.8 9.5 SHA-1 160 5527 1.5 27.1 SHA-256 256 10868 0.5 4.6 Cryptograpy Made to Measure – Matt Robshaw (18) Orange Labs

  19. Hash Function Summary Output Size Area Speed Efficiency (bits) (GE) (bits/cycle) (Kbps/GE) PRESENT-based 64 1683 0.2 11.9 PRESENT-based 64 2355 4.0 169.9 PRESENT-based 128 2300 0.1 4.3 PRESENT-based 128 3962 4.0 101.0 AES-based 128 > 4400 < 0.2 < 4.5 MD4 128 7350 1.1 15.0 MD5 128 8400 0.8 9.5 SHA-1 160 5527 1.5 27.1 PRESENT-based 192 4600 0.04 0.9 PRESENT-based 192 6500 0.6 9.2 MAME 256 8100 2.7 33.3 AES-based 256 >9800 < 0.2 < 2.0 SHA-2 (256) 256 10868 0.5 4.6 Cryptograpy Made to Measure – Matt Robshaw (19) Orange Labs

  20. Academia ↔ Industry � Hash functions for constrained devices remain rather frustrating � Perhaps a better understanding of the requirements helps ? • Hash functions for reduced hash outputs ( e.g. 64/80 bits) might be useful in applications that don't need collision-resistance • Hash functions for reduced hash outputs ( e.g. 128 bits) can be useful in applications that need collision-resistance at low security levels • Quark (CHES 2010) … � For more on hash functions see Thomas' talk ! Cryptograpy Made to Measure – Matt Robshaw (20) Orange Labs

  21. Algorithms Summary � There are block ciphers and stream ciphers offering 80-bit security at around 1000-2000 GE � There are MACs, but no hash functions (yet) suitable for RFID tags � Many RFID-privacy protocols give solutions using a hash function but these are not easy to implement on RFID tags � There are no PK encryption or signature schemes suitable for cheap UHF passive tags � RSA is far too large and smallest EC engines require around 10000 GE � The only (published) NTRU encryption implementation has 3000 GE but offers low security and requires 30000 cycles Cryptograpy Made to Measure – Matt Robshaw (21) Orange Labs

  22. The Academic Path privacy protocols authentication protocols new algorithms theoretical foundations xor cryptography substantiated proposals problem statement ad hoc proposals ◆ ◆ ◆ ◆ time Cryptograpy Made to Measure – Matt Robshaw (22) Orange Labs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp; http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -&gt; C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography (&quot;secret writing&quot;): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Polynomial Julia sets with positive measure Why bother? Quasiconformal NILF Measure 0? Measure

Polynomial Julia sets with positive measure Why bother? Quasiconformal NILF Measure 0? Measure

Challenges Rebirth M Universality Polynomial Julia sets with positive measure Why bother? Quasiconformal NILF Measure 0? Measure 0 Dimension 2 Measure &gt; 0? The plan Xavier Buff &amp; Arnaud Ch eritat Universit e Paul

334 views • 29 slides
1 Introductions Measure H: Background Measure H: Bond Program Progress Measure H:

1 Introductions Measure H: Background Measure H: Bond Program Progress Measure H:

1 Introductions Measure H: Background Measure H: Bond Program Progress Measure H: The next 3 months 2 Total needs assessment of $320 million However, based on: Survey Tax impacts Needs evaluation Priorities

641 views • 24 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science &amp; Technology and Arab Academy for Science &amp; Technology and Maritime Transport Chapter 11 p Message

251 views • 23 slides
Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig - Maria Eichlseder Hash Functions A cryptographic hash function produces cryptographic checksums or fingerprints m Fast H Secure h Security

696 views • 42 slides
Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Understand the difference between symmetric and asymmetric cryptography

697 views • 28 slides
Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

CSS441 Introduction Functions Auth. with Encryption Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

673 views • 21 slides
Hash Functions Vincent Rijmen Challenges and Perspectives for Academia and Industry Antwerp, May

Hash Functions Vincent Rijmen Challenges and Perspectives for Academia and Industry Antwerp, May

Hash Functions Vincent Rijmen Challenges and Perspectives for Academia and Industry Antwerp, May 27 th , 2008 A cryptographic hash function produces cryptographic checksums or fingerprints cryptographic checksums or fingerprints Fast

716 views • 25 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
Pegasus : Introducing Integrity to Scientific Workflows Karan Vahi vahi@isi.edu

Pegasus : Introducing Integrity to Scientific Workflows Karan Vahi vahi@isi.edu

Pegasus : Introducing Integrity to Scientific Workflows Karan Vahi vahi@isi.edu https://pegasus.isi.edu HTCondor DAGMan Compute Compute Pipelines Pipelines DAGMan DAGMan is is a a reliable reliable and and a a scalable scalable

682 views • 19 slides
AWS Key Management Service (KMS) Handlin ing cry ryptographic ic bounds for use of AES-GCM

AWS Key Management Service (KMS) Handlin ing cry ryptographic ic bounds for use of AES-GCM

AWS Key Management Service (KMS) Handlin ing cry ryptographic ic bounds for use of AES-GCM Matthew Campagna Shay Gueron Amazon Web Services Amazon Web Services University of Haifa 1 Outline The AWS Key Management Service

2.63k views • 25 slides

More recommend