cryptography in heavily constraint environments n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cryptography in Heavily Constraint Environments PowerPoint Presentation
Download Presentation
Cryptography in Heavily Constraint Environments

Loading in 2 Seconds...

  share
play fullscreen
1 / 26
blaise

Cryptography in Heavily Constraint Environments - PowerPoint PPT Presentation

83 Views
Download Presentation
Cryptography in Heavily Constraint Environments
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group University of Bochum, Germany www.crypto.rub.de

  2. Contents • Pervasive computing and embedded systems • Pervasive computing and security • Constrained environments and crypto • Research problems Workshop on Ad-Hoc Security 2002

  3. Characteristics of Traditional IT Applications • Mostly based on interactive (= traditional) computers • „One user – one computer“ paradigm • Static networks • Large number of users per network Q: How will the IT future look? Workshop on Ad-Hoc Security 2002

  4. Examples for Pervasive Computing • PDAs, 3G cell phones, ... • Living spaces will be stuffed with nodes • So will cars • Wearable computers (clothes, eye glasses, etc.) • Household appliances • Smart sensors in infrastructure (windows, roads, bridges, etc.) • Smart bar codes (autoID) • “Smart Dust” • ... Workshop on Ad-Hoc Security 2002

  5. Will that ever become reality?? We don’t know, but: CPUs sold in 2000 Workshop on Ad-Hoc Security 2002

  6. Security and Economics of Pervasive Networks • „One-user many-nodes“ paradigm (e.g. 102-103 processors per human) • Many new applications we don‘t know yet • Very high volume applications • Very cost sensitive • People won‘t be willing to pay for security per se • People won‘t buy products without security Workshop on Ad-Hoc Security 2002

  7. Where are the challenges for embedded security? • Designers worry about IT functionality, security is ignored or an afterthought • Attacker has easy access to nodes • Security infrastructure (PKI etc.) is missing: Protocols??? • Side-channel and tamper attacks • Computation/memory/power constrained Workshop on Ad-Hoc Security 2002

  8. Why do constraints matter? • Almost all ad-hoc protocols (even routing!) require crypto ops for every hop • At least symmtric alg. are needed • Asymmetric alg. allow fancier protocols Question: What type of crypto can we do? Workshop on Ad-Hoc Security 2002

  9. Classification by Processor Power Very rough classification of embedded processors Class speed : high-end Intel Class 0: few 1000 gates ? Class 1: 8 bit P,  10MHz  1: 103 Class 2: 16 bit P,  50MHz  1: 102 Class 3: 32 bit P,  200MHz  1: 10 Workshop on Ad-Hoc Security 2002

  10. Case Study Class 0: RFID Recall: Class 0 = no P, few 1000 gates • Goal: RFID as bar code replacement • Cost goal 5 cent (!) • allegedly 500 x 109 bar code scans worldwide per day (!!) • AutoID tag: security “with 1000 gates” [CHES 02] • Ell. curves (asymmetric alg.) need > 20,000 gates • DES (symmetric alg.) needs > 5,000 gates • Lightweight stream ciphers might work Workshop on Ad-Hoc Security 2002

  11. Status Quo: Crypto for Class 1 Recall: Class 1 = 8 bit P,  10MHz Symmetric alg: possible at low data rates Asymm.alg: very difficult without coprocessor Workshop on Ad-Hoc Security 2002

  12. Status Quo: Crypto for Class 2 Recall: Class 2 = 16 bit P,  50MHz Symmetric alg: possible Asymm.alg: possible if • carefully implemented, and • algorithms carefully selected (ECC feasible; RSA & DL still hard) Workshop on Ad-Hoc Security 2002

  13. Status Quo: Crypto for Class 3 Recall: Class 1 = 32 bit P,  200MHz Symmetric alg: possible Asymm.alg: full range (ECC, RSA, DL) possible, some care needed for implementation Workshop on Ad-Hoc Security 2002

  14. Open (Research) Questions • Symmetric algorithm for class 0 (e.g., 1000 gates) which are secure and well understood? • Alternative asymm. alg. for class 0 and class 1 (8 bit P) with 10x time-area improvement over ECC? • Are asymm. alg. which are “too short” (e.g., ECC with 100 bits) usable? • Ad-hoc protocols without long-term security needs? • Side-channel protection at very low costs? Workshop on Ad-Hoc Security 2002

  15. Related Events at theEUROBITS Center in Bochum www.crypto.rub.de • Workshop on Side-Channel Attacks on Smart CardsJanuary 30-31, 2003 Workshop on Ad-Hoc Security 2002

  16. Cryptographic Hardware and Embedded Systems September 7-10 chesworkshop.org

  17. Security Challenges: Many Security Assumptions Change • No access to backbone: PKI does not work • New threats: sleep deprivation attack • Old threats (e.g., confidentiality) not always a problem • Nodes have incentives to cheat in protocols • Security protocols ??? Workshop on Ad-Hoc Security 2002

  18. Our Research Crypto algorithms in highly constrained environments • Low-cost hardware for public-key algorithm • Ultra low-cost hardware for symmetric algorithms • Software for public-key, symmetric algorithms on low-end processors Protocols for ad-hoc networks • Secure communication in complex technical systems (airplanes, cars, etc.) • Establishing trust in networks Workshop on Ad-Hoc Security 2002

  19. Traditional Security Applications Very often: computer & communication networks! • (wireless) LAN / WLAN (Local Area Network) • WAN (Wide Area Network) • PKI (Public Key Infrastructure) Workshop on Ad-Hoc Security 2002

  20. Traditional Security Applications (wireless) LAN / WLAN (Local Area Network) Workshop on Ad-Hoc Security 2002

  21. Traditional Security Applications WAN (Wide Area Network) Workshop on Ad-Hoc Security 2002

  22. Traditional Security Applications PKI (Public Key Infrastructure) enables secure LAN, WAN Workshop on Ad-Hoc Security 2002

  23. Other Traditional Security Applications • Antivirus • Firewalls • Biometrics Workshop on Ad-Hoc Security 2002

  24. The IT Future • 2. Bridge sensors • 3. Cleaning robots • 6. Car with various IT services • 8. Networked robots • 9. Smart street lamps • 14. Pets with electronic sensors • 15. Smart windows Workshop on Ad-Hoc Security 2002

  25. Characteristics of Pervasive Computing Systems • Embedded nodes (no traditional computers) • Connected through wireless, close-range network (“Pervasive networks”)! • Ad-hoc networks: Dynamic addition and deletion of nodes • Power/computation/memory constrained! • Vulnerable Workshop on Ad-Hoc Security 2002

  26. Why Security in Pervasive Applications? • Pervasive nature and high-volume of nodes increase risk potential (e.g., hacking into a car) • Wireless channels are vulnerable (passive and active attacks) • Privacy issues (geo-location, medical sensors, monitoring of home activities, etc.) • Stealing of services (sensors etc.) Workshop on Ad-Hoc Security 2002