rfid authentication protocols based on elliptic curves
play

RFID Authentication Protocols based on Elliptic Curves A Top-Down - PowerPoint PPT Presentation

Jan 17, 2023 •255 likes •426 views

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security RFID Authentication Protocols based on Elliptic Curves A Top-Down Evaluation Survey Michael Hutter Institute for Applied Information Processing

  1. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security RFID Authentication Protocols based on Elliptic Curves A Top-Down Evaluation Survey Michael Hutter Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 1

  2. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Presentation Outline  Introduction  Cryptographic-Enabled RFID Tags  Public-Key Authentication Techniques  Authentication Protocols for RFID tags  Schnorr, Okamoto, and GPS  Performance Evaluation  Identification Schemes  Signature Schemes  X.509 Certificates  Conclusions http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 2

  3. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Introduction  Radio-Frequency Identification (RFID)  Wireless technology  Identification of objects/entities  Increases the performance of internal processes  Improves supply-chain management and inventory control  State-of-the-Art RFID Security  No security: low-cost tags answer with a fixed identifier  Reasonable security: tags use shared secrets/symmetric keys  Memory write/read protection (e.g. iCode, …)  Access control, ticketing (e.g. Mifare, CryptoRF, …)  Enhanced security: electronic payment, e-passports, … http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 3

  4. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Cryptographic-Enabled RFID Tags  ..would solve a lot of issues  RFID is an effective tool to tackle the problem of counterfeited products  International Chamber of Commerce estimates $650 billion a year (worldwide)  ..but  Cryptographic units need additional HW area = costs  Key-distribution problem: more than 2 billion RFID tags will be sold worldwide in 2009 (according to IDTechEx)  Symmetric vs. asymmetric cryptography Symmetric Crypto Asymmetric Crypto Keys 1 secret key 2 (1 private key, 1 public key) Key length 128-bit 300-2000-bit Key management Complicated (secure channel) Manageable (PKI) Computational complexity Reasonable High Power consumption Reasonable High http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 4

  5. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Our Objectives  Cryptographic service  Tag authentication (instead of identification)  Key Management  Asymmetric techniques (instead of symmetric)  Light-weight implementations  Low resources available (low power, area,…)  Low costs  Large deployment of tags (some billion tags)  Challenge: find light-weight public-key authentication protocols for low-cost RFID tags http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 5

  6. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 6

  7. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Questions for RFID Applications:  Which protocol/scheme/primitive to choose?  What is the performance of existing RFID authentication protocols?  Security, memory, computational complexity, communication  Complexity of signature schemes compared to identification schemes?  Entity vs. message authentication capabilities for RFID tags?  What are the costs for storing X.509 certificates on the tag?  … http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 7

  8. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Performance Evaluation  Simulation of different RFID scenarios using Java  Model of components (reader, tags, air-interface, TTP, …) 1) Performed certificate-size estimations for RFID tags 2) Evaluated different authentication protocols/schemes  Schnorr, Okamoto, GPS  Both identification and signature schemes  All schemes are based on the recommended NIST elliptic curve over GF(p192) http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 8

  9. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Schnorr’s Identification Scheme  Introduced by C.P.Schnorr in 1979  Interactive identification scheme  Three-way witness-challenge-response protocol  Provides a zero-knowledge proof-of-knowledge  Can be applied using ECC (ECSchnorr) http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 9

  10. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Okamoto’s Identification Scheme  Introduced by T.Okamoto in 1993  Provides additional security against active attacks  Two scalar multiplications needed (Shamir’s trick can be applied)  Provides a witness-indistinguishable proof-of-knowledge http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 10

  11. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security GPS Identification Scheme  Introduced by M.Girault, G.Poupard, J.Stern in 2001  Standardized in ISO/IEC 9798-5 in 2004  Eliminates modular reduction  Allows fast “on-the-fly” authentication http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 11

  12. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security X.509 Certificate-Evaluation Results  Evaluated 3 scenarios:  1. store entire X.509 certificate  2. store compressed certificate  3. store only variable part [bytes] Schnorr Okamoto GPS Scenario 1 268 292 268 Scenario 2 243 267 243 Scenario 3 76 100 76 http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 12

  13. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Identification-Schemes Performance Service, memory usage, and Communication bandwidth computational complexity http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 13

  14. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Signature-Schemes Performance Service, memory usage, and Communication bandwidth computational complexity http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 14

  15. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Conclusions  Analyzed different authentication protocols for low-cost RFID tags  Each protocol provides different tradeoffs  Schnorr provides best performance (100 bytes memory, ~1M cycles, ~130 bytes for communication)  Okamoto provides enhanced security features (148 bytes memory, ~2M cycles, ~180 bytes for communication)  GPS provides fast challenge-response computation (100 bytes memory, ~1.6M cycles, ~150 bytes for communication)  ECC-based identification and signature schemes have nearly the same complexity  Hash computation needs about 4000 additional clock cycles http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 15

  16. VLSI Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security Thanks for your attention! Questions? http://www.iaik.tugraz.at/ http://www.iaik.tugraz.at TU Graz/Computer Science/IAIK/VLSI Milan, 10.07.2009 SECRYPT 2009 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Rational Points on Modular Elliptic Curves I. Elliptic Curves Hedrick Lecture Series MAA

Rational Points on Modular Elliptic Curves I. Elliptic Curves Hedrick Lecture Series MAA

Rational Points on Modular Elliptic Curves I. Elliptic Curves Hedrick Lecture Series MAA MathFest Boulder, Colorado August 2003 http://www.math.mcgill.ca/darmon /slides/slides.html Elliptic Curves Definition : An elliptic curve over the

494 views • 26 slides
Weierstra Equations 2 d 4 16 ( 1 t 2 / 4 ) Singular points

Weierstra Equations 2 d 4 16 ( 1 t 2 / 4 ) Singular points

Elliptic curves over F q Introduction History length of ellipses why Elliptic curves? Fields Weierstra Equations Singular points The Discriminant E LLIPTIC CURVES OVER FINITE FIELDS Elliptic curves / F 2 Elliptic curves / F 3 The sum of

660 views • 32 slides
Forms of elliptic curves Wouter Castryck Forms of elliptic curves First definitions Well-known

Forms of elliptic curves Wouter Castryck Forms of elliptic curves First definitions Well-known

Well-known forms of elliptic curves Toric forms of elliptic curves Forms of elliptic curves Wouter Castryck Forms of elliptic curves First definitions Well-known forms of elliptic curves Projective coordinates Toric forms of elliptic curves

478 views • 46 slides
Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols Gildas Avoine 1 , Iwen

Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols Gildas Avoine 1 , Iwen

Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols Gildas Avoine 1 , Iwen Coisel 2 and Tania Martin 1 1: Information Security Group - Universit e Catholique de Louvain 2: Crypto Group - Universit e Catholique de

605 views • 24 slides
Hashing to Elliptic Curves and Cryptanalysis of RSA-Based Schemes Mehdi Tibouchi Ecole

Hashing to Elliptic Curves and Cryptanalysis of RSA-Based Schemes Mehdi Tibouchi Ecole

Introduction RSA Cryptanalysis Hashing to Elliptic Curves Conclusion Hashing to Elliptic Curves and Cryptanalysis of RSA-Based Schemes Mehdi Tibouchi Ecole normale sup erieure Ph.D. Defense 20110923 Introduction RSA

2.09k views • 162 slides
Elliptic Curves in Sage William Stein Sage Project Functionality William Stein Demo

Elliptic Curves in Sage William Stein Sage Project Functionality William Stein Demo

Elliptic Curves in Sage Elliptic Curves in Sage William Stein Sage Project Functionality William Stein Demo Questions? October 19 at ECC 2010 Lowest (known) conductor elliptic curves of ranks 0,1,2,3,4 Abstract Elliptic Curves in Sage

628 views • 14 slides
Lecture 11: Elliptic curves and their moduli May 26, 2020 1 / 9 Elliptic curves and complex

Lecture 11: Elliptic curves and their moduli May 26, 2020 1 / 9 Elliptic curves and complex

Lecture 11: Elliptic curves and their moduli May 26, 2020 1 / 9 Elliptic curves and complex tori E a , b : y 2 x 3 ` ax ` b , 4 a 3 ` 27 b 2 0 4 a 3 j p E a , b q 1728 4 a 3 ` 27 b 2 Theorem. The map z r p z q : 1 2 1 p

646 views • 9 slides
Isogenies and endomorphism rings of elliptic curves ECC Summer School Damien Robert Microsoft

Isogenies and endomorphism rings of elliptic curves ECC Summer School Damien Robert Microsoft

Isogenies and endomorphism rings of elliptic curves ECC Summer School Damien Robert Microsoft Research 15 / 09 / 2011 (Nancy) 2 / 66 Outline 1 Isogenies on elliptic curves 2 Endomorphisms 3 Supersingular elliptic curves 4 Abelian varieties

1.84k views • 79 slides
Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao Paulo da Silva , Ricardo Dahab, Julio L opez Institute of Computing University of Campinas Latin American Week on Coding and Information

558 views • 32 slides
An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M. Valls, C. Roig, F. Gin e and J.M. Miret Escola Polit` ecnica Superior. Universitat de Lleida. { santi,magda,roig,sisco,miret } @eps.udl.es

417 views • 12 slides
The Elliptic Curves Discrete Logarithm Problem and an implementation of parallelized Pollards

The Elliptic Curves Discrete Logarithm Problem and an implementation of parallelized Pollards

What is an elliptic curve? Elliptic Curves in Cryptography. ECDLP resolution. -Pollard and CUDA. Conclusions The Elliptic Curves Discrete Logarithm Problem and an implementation of parallelized Pollards algorithm for ECDLP Alberto

1.52k views • 103 slides
Deterministic Generation of Elliptic Curves (a.k.a. "NUMS" Curves) Motivation

Deterministic Generation of Elliptic Curves (a.k.a. "NUMS" Curves) Motivation

Deterministic Generation of Elliptic Curves (a.k.a. "NUMS" Curves) Motivation Reduced customer confidence in NIST-standardized curves (FIPS 186-3) Industry moving to Perfect Forward Secrecy (PFS) ciphersuites (e.g. ECDHE)

306 views • 11 slides
Faltings Heights of CM Elliptic Curves Tyler Genao Florida Atlantic University In collaboration

Faltings Heights of CM Elliptic Curves Tyler Genao Florida Atlantic University In collaboration

Faltings Heights of CM Elliptic Curves Tyler Genao Florida Atlantic University In collaboration with Adrian Barquero-Sanchez, Lindsay Cadwallader, Olivia Cannon, Riad Masri Tyler Genao Faltings Heights of CM Elliptic Curves Elliptic Curves

571 views • 41 slides
The The HKIA HKIAC Admini Administer ered ed Arbitr Arbitration ion Rules Rules The The Pre

The The HKIA HKIAC Admini Administer ered ed Arbitr Arbitration ion Rules Rules The The Pre

The The HKIA HKIAC Admini Administer ered ed Arbitr Arbitration ion Rules Rules The The Pre Present and and A Look Look to to the the Futur Future Chi Chiann nn Bao Bao, Asi Asia Pacific cific Counsel, Counsel, Sk Skadden adden Joe Joe

213 views • 10 slides
Inaugural new banks seminar New Bank Start-up Unit 22 March 2016 NBSU Seminar Welcome and

Inaugural new banks seminar New Bank Start-up Unit 22 March 2016 NBSU Seminar Welcome and

Inaugural new banks seminar New Bank Start-up Unit 22 March 2016 NBSU Seminar Welcome and agenda New Bank Seminar Agenda Introduction to the New Bank Start-up Unit How to become a bank Becoming a bank in the UK Closing remarks

1.73k views • 79 slides
From BBB to Urban Resilience Dr. Joe Leitmann Team Leader , Urban Resilience GFDRR/World Bank

From BBB to Urban Resilience Dr. Joe Leitmann Team Leader , Urban Resilience GFDRR/World Bank

From BBB to Urban Resilience Dr. Joe Leitmann Team Leader , Urban Resilience GFDRR/World Bank Comparing Reconstruction and Resilience Urban Reconstruction (BBB) Resilience Building Reactive Ex-ante as well as ex-post Often tends to

372 views • 6 slides
Organization Authority Database with classification principles Dagobert Soergel Department of

Organization Authority Database with classification principles Dagobert Soergel Department of

Design of an Organization Authority Database with classification principles Dagobert Soergel Department of Library and Information Studies Graduate School of Education, University at Buffalo Denisa Popescu World Bank Group, Washington, DC,

481 views • 28 slides
SECTION 45 CARBON SEQUESTRATION TAX CREDITS Shannon Angielski, Executive Director, CURC

SECTION 45 CARBON SEQUESTRATION TAX CREDITS Shannon Angielski, Executive Director, CURC

SECTION 45 CARBON SEQUESTRATION TAX CREDITS Shannon Angielski, Executive Director, CURC Southern States Energy Board Associates Meeting American Petroleum Institute, Washington, D.C. February 26, 2018 Carbon Utilization Research Council

485 views • 9 slides
Barclays Global Financial Services Conference Bruce Van Saun, Group Finance Director The Royal

Barclays Global Financial Services Conference Bruce Van Saun, Group Finance Director The Royal

Barclays Global Financial Services Conference Bruce Van Saun, Group Finance Director The Royal Bank of Scotland Group 10 September 2012 Important Information Certain sections in this document contain forward-looking statements as that

663 views • 29 slides
Big data analy+cs in the EUBrazil Cloud Connect project EGI

Big data analy+cs in the EUBrazil Cloud Connect project EGI

Big data analy+cs in the EUBrazil Cloud Connect project EGI CF 2014, Helsinki, May 19-23, 2014 S. Fiore 1 , D. Lezzi 2 , R. Badia 2 , I. Blanquer 3

1.16k views • 18 slides
How Do We Ensure Students with Disabilities Benefit as States Focus on Career Pathways for All

How Do We Ensure Students with Disabilities Benefit as States Focus on Career Pathways for All

How Do We Ensure Students with Disabilities Benefit as States Focus on Career Pathways for All Students: Part One May 2016 This resource was developed collaboratively by the College and Career Readiness and Success (CCRS) Center and the Center

309 views • 27 slides

More recommend