290 likes | 405 Views
Secure storage of cryptographic keys within random volumetric materials. Roarke Horstmeyer 1 , Benjamin Judkewitz 1 , Ivo Vellekoop 2 and Changhuei Yang 1. 1 California Institute of Technology, Pasadena, CA 2 University of Twente , Enschede , The Netherlands.
E N D
Secure storage of cryptographic keys within random volumetric materials Roarke Horstmeyer1, Benjamin Judkewitz1, Ivo Vellekoop2 and Changhuei Yang1 1 California Institute of Technology, Pasadena, CA 2 University of Twente, Enschede, The Netherlands
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security “information-theoretic” security1 [1] Shannon, C. Bell System Technical Journal 28,656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … 0 1 0 0 1 1 … Random key: [1] Shannon, C. Bell System Technical Journal 28,656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … XOR operation 0 1 0 0 1 1 … Random key: = Ciphertext: 0 1 0 1 0 0 … [1] Shannon, C. Bell System Technical Journal 28,656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … = 0 1 0 0 1 1 … Random key: XOR operation Ciphertext: 0 1 0 1 0 0 … [1] Shannon, C. Bell System Technical Journal 28,656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … = 0 1 0 0 1 1 … Random key: XOR operation Ciphertext: 0 1 0 1 0 0 … Limitations: “Really long” key is hard to generate and store [1] Shannon, C. Bell System Technical Journal 28,656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses…
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses…
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses… Solution: volumetric optical scattering unique speckle coherent light
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses… Solution: volumetric optical scattering a Δθ ~ λ/2πa Uncorrelated speckle
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses Solution: volumetric optical scattering • Benefits • Sensitive 3D structure • High density (1 Tb/mm3) • “Cheap” entropy “key database”
Previous Work Our Goal Limitations Optical encryption methods - Fiber-based protocols - Quantum key distribution - Optical random number generation Information-theoretic security Requires digital key storage Secure storage - Digital electronic security - IC, FPGA, RFID - Random variations in fab. process Keys cannot be copied, cloned Not for communication Challenging to use a stolen device - Optical storage for ID, authentication Pappu et al., Science 297 (2001) Skoric et al., Applied Crypto. & Network Sec. 3531 (2005)
Our setup “key database”
Our setup “key database” Input: n random SLM patterns Output: n speckle images
Mathematical model ri pi ri 2 = Display Image T = scattering transmission matrix
Mathematical model ri pi Speckle Image ri Speckle Intensity Histogram ri 2 Probability = Pixel value T = scattering transmission matrix
Mathematical model ri pi Digital “whitening” (public) ri 2 = T = scattering transmission matrix
Mathematical model ri pi Digital “whitening” (public) Key Image ri 2 = W = sparse binary matrix (digital, public) T = scattering transmission matrix
Verification of speckle key randomness • Statistical randomness test suites: Diehard1 and NIST2 • 12 different 10 Gb keys k tested • Stats comparable to state-of-the-art random number generators Table 1| Example NIST statistical randomness test performance. NIST statistical randomness test package performance of a typical 10-gigabit sequence of random CPUF data, split into 10,000 unique 1 megabit sequences following a common procedure11,12. For ‘success’ using 10,000 samples of 106 bit sequences and significance level α =0.01, the p-value (uniformity of p-values) should be larger than 0.0001 and the minimum pass rate is 0.987015. • [1] Marsaglia, G. http://stat.fsu.edu/pub/diehard(1996). • [2] Rukhin, A. et. al, National Institute of Standards and Technology Special Publication 800-22 (2001).
Securely linking two devices for communication Each device is unique – how to implement the one-time pad between two parties?
Securely linking two devices for communication Each device is unique – how to implement the one-time pad between two parties? Scat. Scat.
Securely linking two devices for communication Each device is unique – how to implement the one-time pad between two parties? Scat. Scat. Communication achieved through an information-theoretically secure key-pair
Securely linking two devices for communication Dictionary Setup Alice’s device Bob’s device 1. Alice and Bob securely connect devices 2. Display p1..n 3. Publically save XOR of keys k1..n(A) k1..n (B)
Securely linking two devices for communication Dictionary Setup Alice’s device Bob’s device OTP ciphertext: ideally secure 1. Alice and Bob securely connect devices 2. Display p1..n 3. Publically save XOR of keys k1..n(A) k1..n (B)
Securely linking two devices for communication Alice sends Bob a message Bob’s device Alice’s device 1. Alice randomly selects p,creates k(A) and computes ( k(A) m ) 2. Alice sends (k(A) m)and p 3. Bob creates k(B), looks up ( k(A) k(B) ) 4. Bob computes: k(B) ( k(A) k(B) ) (k(A) m)= m
Experimental demonstration Key size: 10 Gb (100 Gb unverified) Duration: 24 hours Attack time: ~50 hours Noise: ~20% bits flipped* *after error correction
Conclusion and future work • - Non-electronic storage of 10 Gb over 24 hours • - New protocol for “physical memory” • Information-theoretic security • Linking physical disorder • Future work • Public key variant • Detailed security analysis R. Horstmeyer, “Physical key-protected one-time pad,” arxiv:1305:3886 (2013) Thank You!