1 / 26

Cryptography in Heavily Constraint Environments

Cryptography in Heavily Constraint Environments. Christof Paar EUROBITS Center for IT Security CO mmunication S ecurit Y (COSY) Group University of Bochum, Germany www.crypto.rub.de. Contents . Pervasive computing and embedded systems Pervasive computing and security

kuri
Download Presentation

Cryptography in Heavily Constraint Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group University of Bochum, Germany www.crypto.rub.de

  2. Contents • Pervasive computing and embedded systems • Pervasive computing and security • Constrained environments and crypto • Research problems Workshop on Ad-Hoc Security 2002

  3. Characteristics of Traditional IT Applications • Mostly based on interactive (= traditional) computers • „One user – one computer“ paradigm • Static networks • Large number of users per network Q: How will the IT future look? Workshop on Ad-Hoc Security 2002

  4. Examples for Pervasive Computing • PDAs, 3G cell phones, ... • Living spaces will be stuffed with nodes • So will cars • Wearable computers (clothes, eye glasses, etc.) • Household appliances • Smart sensors in infrastructure (windows, roads, bridges, etc.) • Smart bar codes (autoID) • “Smart Dust” • ... Workshop on Ad-Hoc Security 2002

  5. Will that ever become reality?? We don’t know, but: CPUs sold in 2000 Workshop on Ad-Hoc Security 2002

  6. Security and Economics of Pervasive Networks • „One-user many-nodes“ paradigm (e.g. 102-103 processors per human) • Many new applications we don‘t know yet • Very high volume applications • Very cost sensitive • People won‘t be willing to pay for security per se • People won‘t buy products without security Workshop on Ad-Hoc Security 2002

  7. Where are the challenges for embedded security? • Designers worry about IT functionality, security is ignored or an afterthought • Attacker has easy access to nodes • Security infrastructure (PKI etc.) is missing: Protocols??? • Side-channel and tamper attacks • Computation/memory/power constrained Workshop on Ad-Hoc Security 2002

  8. Why do constraints matter? • Almost all ad-hoc protocols (even routing!) require crypto ops for every hop • At least symmtric alg. are needed • Asymmetric alg. allow fancier protocols Question: What type of crypto can we do? Workshop on Ad-Hoc Security 2002

  9. Classification by Processor Power Very rough classification of embedded processors Class speed : high-end Intel Class 0: few 1000 gates ? Class 1: 8 bit P,  10MHz  1: 103 Class 2: 16 bit P,  50MHz  1: 102 Class 3: 32 bit P,  200MHz  1: 10 Workshop on Ad-Hoc Security 2002

  10. Case Study Class 0: RFID Recall: Class 0 = no P, few 1000 gates • Goal: RFID as bar code replacement • Cost goal 5 cent (!) • allegedly 500 x 109 bar code scans worldwide per day (!!) • AutoID tag: security “with 1000 gates” [CHES 02] • Ell. curves (asymmetric alg.) need > 20,000 gates • DES (symmetric alg.) needs > 5,000 gates • Lightweight stream ciphers might work Workshop on Ad-Hoc Security 2002

  11. Status Quo: Crypto for Class 1 Recall: Class 1 = 8 bit P,  10MHz Symmetric alg: possible at low data rates Asymm.alg: very difficult without coprocessor Workshop on Ad-Hoc Security 2002

  12. Status Quo: Crypto for Class 2 Recall: Class 2 = 16 bit P,  50MHz Symmetric alg: possible Asymm.alg: possible if • carefully implemented, and • algorithms carefully selected (ECC feasible; RSA & DL still hard) Workshop on Ad-Hoc Security 2002

  13. Status Quo: Crypto for Class 3 Recall: Class 1 = 32 bit P,  200MHz Symmetric alg: possible Asymm.alg: full range (ECC, RSA, DL) possible, some care needed for implementation Workshop on Ad-Hoc Security 2002

  14. Open (Research) Questions • Symmetric algorithm for class 0 (e.g., 1000 gates) which are secure and well understood? • Alternative asymm. alg. for class 0 and class 1 (8 bit P) with 10x time-area improvement over ECC? • Are asymm. alg. which are “too short” (e.g., ECC with 100 bits) usable? • Ad-hoc protocols without long-term security needs? • Side-channel protection at very low costs? Workshop on Ad-Hoc Security 2002

  15. Related Events at theEUROBITS Center in Bochum www.crypto.rub.de • Workshop on Side-Channel Attacks on Smart CardsJanuary 30-31, 2003 Workshop on Ad-Hoc Security 2002

  16. Cryptographic Hardware and Embedded Systems September 7-10 chesworkshop.org

  17. Security Challenges: Many Security Assumptions Change • No access to backbone: PKI does not work • New threats: sleep deprivation attack • Old threats (e.g., confidentiality) not always a problem • Nodes have incentives to cheat in protocols • Security protocols ??? Workshop on Ad-Hoc Security 2002

  18. Our Research Crypto algorithms in highly constrained environments • Low-cost hardware for public-key algorithm • Ultra low-cost hardware for symmetric algorithms • Software for public-key, symmetric algorithms on low-end processors Protocols for ad-hoc networks • Secure communication in complex technical systems (airplanes, cars, etc.) • Establishing trust in networks Workshop on Ad-Hoc Security 2002

  19. Traditional Security Applications Very often: computer & communication networks! • (wireless) LAN / WLAN (Local Area Network) • WAN (Wide Area Network) • PKI (Public Key Infrastructure) Workshop on Ad-Hoc Security 2002

  20. Traditional Security Applications (wireless) LAN / WLAN (Local Area Network) Workshop on Ad-Hoc Security 2002

  21. Traditional Security Applications WAN (Wide Area Network) Workshop on Ad-Hoc Security 2002

  22. Traditional Security Applications PKI (Public Key Infrastructure) enables secure LAN, WAN Workshop on Ad-Hoc Security 2002

  23. Other Traditional Security Applications • Antivirus • Firewalls • Biometrics Workshop on Ad-Hoc Security 2002

  24. The IT Future • 2. Bridge sensors • 3. Cleaning robots • 6. Car with various IT services • 8. Networked robots • 9. Smart street lamps • 14. Pets with electronic sensors • 15. Smart windows Workshop on Ad-Hoc Security 2002

  25. Characteristics of Pervasive Computing Systems • Embedded nodes (no traditional computers) • Connected through wireless, close-range network (“Pervasive networks”)! • Ad-hoc networks: Dynamic addition and deletion of nodes • Power/computation/memory constrained! • Vulnerable Workshop on Ad-Hoc Security 2002

  26. Why Security in Pervasive Applications? • Pervasive nature and high-volume of nodes increase risk potential (e.g., hacking into a car) • Wireless channels are vulnerable (passive and active attacks) • Privacy issues (geo-location, medical sensors, monitoring of home activities, etc.) • Stealing of services (sensors etc.) Workshop on Ad-Hoc Security 2002

More Related