Servicios de seguridad en ambientes computacionales altamente restringidos - PowerPoint PPT Presentation

About This Presentation
Title:

Servicios de seguridad en ambientes computacionales altamente restringidos

Description:

Servicios de seguridad en ambientes computacionales altamente restringidos Francisco Rodr guez-Henr quez CINVESTAV-IPN Depto. de Ingenier a El ctrica – PowerPoint PPT presentation

Number of Views:164
Avg rating:3.0/5.0
Slides: 66
Provided by: anarodrig5
Category:

less

Transcript and Presenter's Notes

Title: Servicios de seguridad en ambientes computacionales altamente restringidos


1
Servicios de seguridad en ambientes
computacionales altamente restringidos
Francisco Rodríguez-Henríquez CINVESTAV-IPN Depto.
de Ingeniería Eléctrica Sección de Computación
2
Antecedents and Motivation
3
Security Systems by layers
Applications Secure e-mail, Digital Money, Smart
Cards, Firewalls, etc.
Communication Protocols SSL, TLS, WTLS, WAP,
etc.
Security Services Confidentiality, Data
Integrity, Data Authentication, Non-Repudiation
Crypto User Functions Encrypt/Decrypt,
Sign/verify
Public Key Crypto Algorithms RSA, ECC Symmetric
Crypto Algorithms AES, DES, RC4, etc.
Computer Arithmetic Addition, Squaring,
multiplication, inversion and exponentiation
4
Security Services
  • Confidentiality - protect info value
  • Authentication - protect info origin (sender)
  • Identification - ensure identity of users
  • Integrity - protect info accuracy
  • Non-repudiation - protect from deniability
  • Access control - access to info/resources
  • Availability - ensure info delivery

5
Some Practical Applications
  • "Any sufficiently advanced technology is
    indistinguishable from magic.
  • Arthur C. Clarke.
  • secure mail
  • secure communications
  • network authentication
  • electronic voting
  • electronic notary
  • digital money (digital wallet)
  • data distribution

6
Characteristics of Traditional IT Applications
  • Mostly based on interactive ( traditional)
    computers
  • One user one computer paradigm
  • Static networks
  • Large number of users per network
  • Q How will the IT future look?

7
The IT Future
  • Bridge sensors
  • Cleaning robots
  • Car with various IT services
  • Networked robots
  • Smart street lamps
  • Pets with electronic sensors
  • Smart windows

8
Characteristics of Ubiquitous Computing Systems
  • Embedded nodes (no traditional computers)
  • Connected through wireless, close-range network
    (Pervasive networks)!
  • Ad-hoc networks Dynamic addition and deletion of
    nodes
  • Power/computation/memory constrained!
  • Vulnerable

9
Examples for Ubiquitous Computing
  • PDAs, 3G cell phones, ...
  • Living spaces will be stuffed with nodes
  • So will cars
  • Wearable computers (clothes, eye glasses, etc.)
  • Household appliances
  • Smart sensors in infrastructure (windows, roads,
    bridges, etc.)
  • Smart bar codes (autoID)
  • Smart Dust
  • ...

10
Security and Economics of Ubiquitous Computing
  • One-user many-nodes paradigm (e.g. 102-103
    processors per human)
  • Many new applications we dont know yet
  • Very high volume applications
  • Very cost sensitive
  • People wont be willing to pay for security per
    se
  • People wont buy products without security

11
Where are the challenges for embedded security?
  • Designers worry about IT functionality, security
    is ignored or an afterthought
  • Attacker has easy access to nodes
  • Security infrastructure (PKI etc.) is missing
    Protocols???
  • Side-channel and tamper attacks
  • Computation/memory/power constrained

12
Will that ever become reality??
  • We dont know, but CPUs sold in 2000

13
Implementation Platforms
14
Platforms
  • Cryptographic algorithms can be implemented
    through
  • Software
  • ASIC
  • FPGAs
  • Choice of platform depends upon
  • Algorithm performance
  • Cost
  • Flexibility

15
Platform Implementation for Cryptographic
Algorithms
16
Platform Comparison
ASIC
Processor
Reconfigurable Hardware
Performance
Flexibility
Unit Cost
Development Cost
17
Platform Features
  • Software
  • Maximum flexibility ? Low Performance
  • Low cost
  • ASIC
  • High performance ? No flexibility at all
  • ? High cost
  • FPGAs
  • Reasonable flexibility
  • Low cost
  • High performance

18
Why Crypto-algorithms in Hardware
  • Two main reasons
  • Software implementations are too slow for some
    applications (symmetric alg encryption rates
    100 Mbit/sec public-key alg gt 10 msec)
  • Hardware implementations are intrinsically more
    physically secure Key access and algorithm
    modication is considerably harder.

19
But why reconfigurable hardware?
  • Potential advantages of crypto algorithms
    implemented on reconfigurable platforms
  • Algorithm Agility
  • Algorithm Upgrade
  • Architecture Efficiency
  • Resource Efficient
  • Algorithm Modification
  • (Throughput relative to software)
  • (Cost Efficiency relative to ASICs)

20
Crypto and FPGAs Algorithm Agility
  • Observation Modern security protocols are
    defined to
  • be algorithm independent
  • Encryption algorithm is negotiated on a
    per-session basis.
  • Wide variety of ciphers can be required. Ex
    IPsec-allowed algorithms DES, 3DES, Blow-Fish,
    CAST, IDEA, RC4 and RC6, future extensions!
  • Same holds for public-key algorithms, e.g.,
    Diffie-Hellman and ECDH.
  • Recall that ASIC solutions can provide
    algorithm agility
  • only at high costs.

21
Crypto and FPGAs Algorithm Upgrade
  • Applications may need upgrade to a new algorithm
    because
  • Current algorithms was broken (DES)
  • Standard expired (again DES)
  • New standard was created (AES)
  • Algorithm list of algorithm independent protocol
    was extended
  • Upgrade of ASIC-implemented algorithm is
    practically
  • infeasible if many devices are affected or in
    applications
  • such as satellite communications.

22
Crypto and FPGAs Architecture Efficiency
  • In certain cases a hardware architecture can be
    much more efficient if it is designed for a
    specific set of parameters. Parameters for
    cryptographic algorithms can be for example the
    key, the underlying finite field, the coefficient
    used (e.g., the specific curve of an ECC system),
    and so on. Generally speaking, the more specific
    an algorithm is implemented the more efficient it
    can become.

23
Crypto and FPGAs Resource Efficiency
  • Observation The majority of security protocols
    uses
  • private-key as well as public-key algorithms
    during one session, but not simultaneous.
  • Same FPGA device can be used for both through run
  • time reconguration.

24
Crypto and FPGAs Algorithm Modification
  • Some applications require Public algorithms (such
    as AES candidates) with proprietary modules,
    e.g., proprietary S-boxes or permutations.
  • Change of modes of operations (feedback modes,
  • counter mode, etc.)
  • Crypto-analytical implementation, such as
    key-search
  • machines, may use slightly altered version of the
  • algorithms.
  • With FPGAs, these changes can readily be
    implemented.

25
FPGA Field programmable Gate Arrays
26
Configurable Logic Block
4
Combinational Logic
16x1 RAM
4
1-bit reg
1-bit reg
1-bit reg
1-bit reg
4
Combinational Logic
16x1 RAM
4
Logic Mode
Memory Mode
27
Virtex-II Pro
Feature/Product XC2VP2 XC2VP4 XC2VP7 XC2VP20 XC2VP30 XC2VP40 XC2VP50 XC2VP70 XC2VP100 XC2VP125
EasyPath cost reduction - - - - XCE2VP30 XCE2VP40 XCE2VP50 XCE2VP70 XCE2VP100 XCE2VP125
Logic Cells 3,168 6,768 11,088 20,880 30,816 43,632 53,136 74,448 99,216 125,136
Slices 1,408 3,008 4,928 9,280 13,696 19,392 23,616 33,088 44,096 55,616
BRAM (Kbits) 216 504 792 1,584 2,448 3,456 4,176 5,904 7,992 10,008
18x18 Multipliers 12 28 44 88 136 192 232 328 444 556
Digital Clock Management Blocks 4 4 4 8 8 8 8 8 12 12
Config (Mbits) 1.31 3.01 4.49 8.21 11.36 15.56 19.02 25.6 33.65 42.78
PowerPC Processors 0 1 1 2 2 2 2 2 2 4
Max Available Multi-Gigabit Transceivers 4 4 8 8 8 12 16 20 20 24
Max Available User I/O 204 348 396 564 644 804 852 996 1164 1200
1 Logic Cell (1) 4-input LUT (1) FF (1)
Carry Logic 1 CLB (4) Slices
http//www.xilinx.com/products/tables/fpga.htmv2p
28
Wireless Ad-Hoc Network
29
Smart Cards
30
Smart Cards
31
Smart Cards
32
Smart Cards
33
Multi-hop cellular
  • Set of base stations connected to a backbone
    (like in cellular)
  • Potentially, multi-hop communication between the
    mobile station and the base station (unlike in
    cellular)

D
S
34
Multi-hop cellular
  • Advantages
  • Energy consumption of the mobile stations can be
    reduced
  • Immediate side effect Reduced interference
  • Number of base stations (fixed antennas) can be
    reduced
  • Coverage of the network can be increased
  • Closely located mobile stations can communicate
    independently from the infrastructure (ad hoc
    networking)
  • Disadvantages
  • Routing?
  • Synchronization?

35
A model
  • Multi-hop up-link
  • Single-hop down-link
  • Problem How to encourage the nodes to relay
    packets for the benefit of other nodes?

D
S
36
Where are the challenges for embedded security?
  • Designers worry about IT functionality, security
    is ignored or an afterthought
  • Attacker has easy access to nodes
  • Security infrastructure (PKI etc.) is missing
    Protocols???
  • Side-channel and tamper attacks
  • Computation/memory/power constrained

37
Why do constraints matter?
  • Almost all ad-hoc protocols (even routing!)
    require crypto ops for every hop
  • At least symmetric alg. are needed
  • Asymmetric alg. allow fancier protocols
  • Question What type of crypto can we do?

38
Security on Different Embedded Processors
39
Classification by Processor Power
  • Very rough classification of embedded processors
  • Class speed high-end Intel
  • Class 0 few 1000 gates ?
  • Class 1 8 bit ?P, ? 10MHz ? 1 103
  • Class 2 16 bit ?P, ? 50MHz ? 1 102
  • Class 3 32 bit ?P, ? 200MHz ? 1 10

40
Case Study Class 0 RFID
41
Case Study Class 0 RFID
  • Recall Class 0 no ?P, few 1000 gates
  • Goal RFID as bar code replacement
  • Cost goal 5 cent (!)
  • allegedly 500 x 109 bar code scans worldwide per
    day (!!)
  • AutoID tag security with 1000 gates CHES 02
  • Ell. curves (asymmetric alg.) need gt 20,000 gates
  • DES (symmetric alg.) needs gt 5,000 gates
  • Lightweight stream ciphers might work

42
RFIDs Applications
  • Expired Milk Reported
  • Within two decades, the minuscule transmitters
    are expected to replace the familiar product bar
    codes
  • Alerting consumers
  • help you manage your inventory a lot better
  • tell you that a prescription is in the waiting
    bin
  • provide details to marketers about a family's
    eating
  • the technology raises privacy concerns

43
Status Quo Crypto for Class 1
  • Recall Class 1 8 bit ?P, ? 10MHz
  • Symmetric alg possible at low data rates
  • Asymm.alg very difficult without coprocessor

44
Status Quo Crypto for Class 2
  • Recall Class 2 16 bit ?P, ? 50MHz
  • Symmetric alg possible
  • Asymm.alg possible if
  • carefully implemented, and
  • algorithms carefully selected (ECC feasible RSA
    DL still hard)

45
Status Quo Crypto for Class 3
  • Recall Class 3 32 bit ?P, ? 200MHz
  • Symmetric alg possible
  • Asymm.alg full range (ECC, RSA, DL) possible,
    some care needed for implementation

46
Our Research
47
Our Research
  • Crypto algorithms in highly constrained
    environments
  • Reconfigurable hardware implementation for
    public-key algorithms Symmetric Algorithms.
  • Crypto algorithms in mobile constrained
    environments
  • Software for public-key Cryptography Symmetric
    algorithms on mobile processors

48
Advanced Encryption Standard (AES)
49
AES Advanced Encryption Standard (Rijndael)
With Nazar A. Saqib
Plain Text
128
AES
Key
128
  • AES Processes
  • Key Scheduling
  • Encryption
  • Decryption

128
Cipher Text
50
AES Advanced Encryption Standard (Rijndael)
With Nazar A. Saqib
USER KEY
SUB KEY
SUB KEY
IN
OUT
ARK
BS
ARK
BS
SR
ARK
(ROUND-1)
SR
MC
BS Byte Substitution SR Shift Rows MC Mix
Column ARK Add Round Key
51
Data Path for Encryption/Decryption
Encryption MI AF SR MC ARK Decryption
ISR IAF MI ModM MC ARK
52
AES Performance Figures
Design Device CLB Slices Throughput (Mbits/sec)
Ichikawa et al4 VLSI ------- 1950
Weeks et al 5 VLSI ------- 5163
Lutz et a 7 VLSI ------- 2260
Elbirt et al 6 XCV1000 9004 1940
McLoone et al 3 XCV3200E 7576 3239
This design XCV2600E 5677 4121
53
Elliptic Curve Cryptography (ECC)
54
Elliptic Curve Cryptography With Nazar A. Saqib
Scalar Multiplication Q k P
Elliptic Curve Operation
Point doubling Q2P Point addition RPQ
Multiplication Squaring,Addition etc.
GF(2m) Arithmetic
55
Karatsuba Multiplier GF(2191)
56
Point Addition and Point Doubling
57
Scalar Point Multiplication
Reference Field Platform kP (in ?Sec)
Satoh et al GF(2160) 0.13 ? CMOS 190
Orlando Paar GF(2167) XCV400E 210
Gura et al GF(2163) XCV2000E 143
Bednara et al GF(2191) XCV1000BG 270
This Work GF(2191) XCV3200E 57
58
Wireless Authentication Protocols
59
Seguridad en WAPcon Laura Itzelt Reyes Montiel
En el caso de WAP, los servicios de seguridad son
proporcionados por la capa WTLS
60
Versión Robusta
AES TDES CAST IDEA Twofish
IDEA
Se busca en el anillo de claves públicas del
emisor
RSA
CCE
61
Versión compacta
RC4 RC5 A5 SEAL
IDEA
Se busca en el anillo de claves públicas del
emisor
CCE
RSA
62
Protocolo de Negociación Completo
Fase 1
Fase 2
Fase 3
Fase 4
63
Niveles de Seguridad en WTLS
El nivel de seguridad ofrecido con una llave RSA
de 1024 bits es comparable al nivel ofrecido por
CCE con las curvas 160P,163K,163R asimismo, las
curvas 224P,233K,233R exhiben un n nivel de
seguridad comparable con una clave RSA de 2048
bits.
64
Tiempos Obtenidos WTLS -Clase 1
65
Tiempos Obtenidos WTLS -Clase 2
Write a Comment
User Comments (0)
About PowerShow.com