cryptography for embedded devices
play

Cryptography for Embedded Devices Tobias Oder Ruhr-University - PowerPoint PPT Presentation

Mar 11, 2024 •318 likes •601 views

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

  1. Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017

  2. Lattice-based Cryptography • Set of vectors in n -dimensional space define a basis Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 2

  3. Lattice-based Cryptography • Efficiency • Scalability • Versatility – Encryption – Digital signatures – Key exchange – Advanced constructions (IBE, FHE,…) Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 3

  4. Learning with Errors Given A and b = As Task: Find s ➢ Easy to solve Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 4

  5. Learning with Errors Given A and b = As Task: Find s ➢ Easy to solve Given A and b = As + e Task: Find s ➢ Hard problem Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 5

  6. Lattice Classes Standard or random lattices • Unstructured matrices • Main Operation: matrix-vector multiplication Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 6

  7. Lattice Classes Standard or random lattices • Unstructured matrices • Main Operation: matrix-vector multiplication Ring or ideal lattices • Smaller parameters • Faster implementations • Smaller implementations • Main Operation: polynomial multiplication But less trust in security due to structure! Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 7

  8. Module Lattices Idea: Find a trade-off between the advantages of both classes Efficiency Security Main operation: Matrix-vector multiplication • But matrix elements are polynomials! Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 8

  9. Schemes Non-exhaustive list Encryption Signature Key Exchange Standard LWE Encrypt TESLA Frodo Lattices Bai-Galbraith GPV Ideal Ring-LWE Encrypt BLISS „A new hope “ Lattices NTRU Encrypt GLP Ring-TESLA Module Kyber Dilithium CCA2-secure Lattices Dilithium-G Kyber Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 9

  10. Schemes Non-exhaustive list Encryption Signature Key Exchange Standard LWE Encrypt TESLA Frodo Lattices Bai-Galbraith GPV Ideal Ring-LWE Encrypt BLISS „A new hope “ Lattices NTRU Encrypt GLP Ring-TESLA Module Kyber Dilithium CCA2-secure Lattices Dilithium-G Kyber Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 10

  11. Schemes Non-exhaustive list Encryption Signature Key Exchange Standard LWE Encrypt TESLA Frodo Lattices Bai-Galbraith GPV Ideal Ring-LWE Encrypt BLISS „A new hope “ Lattices NTRU Encrypt GLP Ring-TESLA Module Kyber Dilithium CCA2-secure Lattices Dilithium-G Kyber Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 11

  12. Implementation on Embedded Devices • What are the goals? – Throughput/latency – Code size/area – Power/energy Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 12

  13. Implementation on Embedded Devices • What are the goals? – Throughput/latency – Code size/area – Power/energy • Cross-disciplinary work and interaction between engineers and cryptographers required – Parameter selection and design decisions can make schemes more efficient but also weaker Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 13

  14. Implementation on Embedded Devices • What are the goals? – Throughput/latency – Code size/area – Power/energy • Cross-disciplinary work and interaction between engineers and cryptographers required – Parameter selection and design decisions can make schemes more efficient but also weaker • Cover side-channels – Timing, Cache, Simple Power Analysis – Differential Power Analysis, EM Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 14

  15. NTT • Polynomial multiplication is a major building block for ideal and module lattice-based cryptography • NTT is a fast Fourier transform in integer rings – Polynomial multiplication in O(n log n) instead of O(n²) Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 15

  16. NTT • Polynomial multiplication is a major building block for ideal and module lattice-based cryptography • NTT is a fast Fourier transform in integer rings – Polynomial multiplication in O(n log n) instead of O(n²) • Powers of primitive root of unitiy ω („ twiddle factors “) required – Stored in tables – Computed on-the-fly Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 16

  17. NTT • Polynomial multiplication is a major building block for ideal and module lattice-based cryptography • NTT is a fast Fourier transform in integer rings – Polynomial multiplication in O(n log n) instead of O(n²) • Powers of primitive root of unitiy ω („ twiddle factors “) required – Stored in tables – Computed on-the-fly • Core operation is a so-called „ butterfly “ – Gentleman-Sande – Cooley-Tukey Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 17

  18. NTT Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 18

  19. NTT Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 19

  20. Gaussian Sampling Cumulative Distribution Table (CDT) Rejection Sampling Sampling Bernoulli Sampling Knuth-Yao Sampling Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 20

  21. CCA2-Security • Plain Ring-LWE encryption is only secure against chosen- plaintext attackers (CPA) • Many use cases require security against chosen-ciphertext attackers (CCA) – Attacker has access to a decryption oracle • Generic Fujisaki-Okamoto transform – Tweak by Targhi and Unruh for post-quantum security – Expensive re-encryption in decryption Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 21

  22. Masking Ring-LWE Components to be masked in CCA2-secure Ring-LWE • PRNG/Hash • NTT • Sampler • Encoding/Decoding See our implementation: ia.cr/2016/1109 together with Tobias Schneider, Thomas Pöppelmann, and Tim Güneysu Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 22

  23. Identity-based Encryption (IBE) • Demand for advanced security services (e.g., smart environments) • Concept : Extend asymmetric encryption scheme based on public identifier ID X (e.g., given name, MAC, e-mail address, etc.) PK M , SK M Trusted Third Master Authority Party (TTP) PK M , SK A PK M , SK B ID A ID B Alice Bob Enc(PK M , ID B , msg) Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 23

  24. IBE Implementation • Implementation of encryption and decryption of [DPL14] feasible on embedded devices • Key generation memory-wise and computationally expensive [DPL14] Efficient Identity-Based Encryption over NTRU Lattices, Léo Ducas, Thomas Prest, Vadim Lyubashevsky, ASIACRYPT 2014 Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 24

  25. IBE Implementation • Implementation of encryption and decryption of [DPL14] feasible on embedded devices • Key generation memory-wise and computationally expensive • Cortex-M4 microcontroller – Enc/Dec: 6/2 ms • Spartan6 FPGA – Enc/Dec: 80/54 µs [DPL14] Efficient Identity-Based Encryption over NTRU Lattices, Léo Ducas, Thomas Prest, and Vadim Lyubashevsky, ASIACRYPT 2014 Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 25

  26. Conclusion Lattice-based cryptography is practical on embedded devices! Future Work • Side-channel security • Efficient IBE key generation • More cryptanalysis Implementation of Lattice Crypto | Tobias Oder | Ruhr-University Bochum | 09.11.2017 26

  27. Thank You For Your Attention!

Recommend

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded

Smaller Keys for Code based Cryptography: QC MDPC McEliece Implementations on Embedded Devices 4 th Code based Cryptography Workshop 2013, Rocquencourt, France Stefan Heyse, Ingo von Maurich and Tim Gneysu Horst Grtz Institute for

500 views • 39 slides
Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system :

Embedded systems and the role of programmable logic devices in embedded systems Embedded system : a combination of computer hardware and software, and perhaps additional mechanical or other parts, designed to perform a dedicated function. In some

414 views • 20 slides
Effective Scripting in Embedded Devices Steve Bennett 1 What is Embedded? ELC 2010 2

Effective Scripting in Embedded Devices Steve Bennett 1 What is Embedded? ELC 2010 2

ELC 2010 Effective Scripting in Embedded Devices Steve Bennett 1 What is Embedded? ELC 2010 2 Creating an Embedded Product Time to market Linux kernel Quality uClibc Features Busybox Cost Other open source

494 views • 35 slides
Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If

Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If

Cryptography basics for embedded developers Embedded Linux Conference, San Diego, 2016 "If you think cryptography is the solution to your problem, then you don't understand your problem " - Roger Needham Cryptography basics are

417 views • 25 slides
Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping

Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping

Embedded Device Cryptography in the Field Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Alex Kropivny Local Attacks Trust Relationships Use Cases Factory Testing

699 views • 49 slides
Embedded Rust, by example of RIOT-OS applications Christian M. Ams uss <ca@etonomy.org>

Embedded Rust, by example of RIOT-OS applications Christian M. Ams uss <ca@etonomy.org>

Embedded Rust, by example of RIOT-OS applications Christian M. Ams uss <ca@etonomy.org> 2018-11-27 Embedded Devices 10kB 1MB ROM 1kB 100kB RAM Typical hardware: ARM Cortex-M3, eg. STM32 Embedded Devices

416 views • 28 slides
EMSEC: Embedded Security and Cryptography Responsables: Gildas Avoine, Pierre-Alain Fouque

EMSEC: Embedded Security and Cryptography Responsables: Gildas Avoine, Pierre-Alain Fouque

EMSEC: Embedded Security and Cryptography Responsables: Gildas Avoine, Pierre-Alain Fouque Prsentation: Stphanie Delaune (CNRS) EMSEC team Embedded Security & Cryptography 7 permanent researchers, 12 PhD students, and 2 post-docs

308 views • 11 slides
Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Tim Gneysu, Ingo von Maurich 1/12/2015 Horst Grtz Institute for IT-Security, Ruhr-Universitt Bochum, Germany Motivation

920 views • 70 slides
Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This

Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This

Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This talk Introduction Economic aspects Why make secure products? Trust in embedded devices Verifying trust Conclusion Aurlien

649 views • 37 slides
Filesystem considerations for embedded devices ELC2015 03/25/15 Tristan Lelong Senior embedded

Filesystem considerations for embedded devices ELC2015 03/25/15 Tristan Lelong Senior embedded

Filesystem considerations for embedded devices ELC2015 03/25/15 Tristan Lelong Senior embedded software engineer Filesystem considerations ABSTRACT The goal of this presentation is to answer a question asked by several customers: which

1.36k views • 110 slides
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan Stijohann 2 , 3 Frank Kargl 3 elien Francillon 1 Davide Balzarotti 1 Aur 1 EURECOM 2 Siemens AG 3 Ulm University Introduction Embedded

474 views • 29 slides
Agents for Handheld Agents for Handheld and Embedded Devices and Embedded Devices Tim Finin

Agents for Handheld Agents for Handheld and Embedded Devices and Embedded Devices Tim Finin

Agents for Handheld Agents for Handheld and Embedded Devices and Embedded Devices Tim Finin Tim Finin University of Maryland University of Maryland Baltimore County Baltimore County Presentation given at the Workshop on Cooperative tell

812 views • 67 slides
Continuing to secure the Internet of Things Connected embedded devices Everything in our

Continuing to secure the Internet of Things Connected embedded devices Everything in our

Safety & Security for the Connected World Continuing to secure the Internet of Things Connected embedded devices Everything in our embedded world is becoming connected to The Internet Other connected devices Personal devices

248 views • 11 slides
HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems Design, F. Vahid and T. Givargis) Embedded computing systems definition: Computing systems embedded within electronic devices. Hard to define

396 views • 26 slides
From off-the-shelf embedded devices to research platforms. Two case studies: a PLC and a SSD

From off-the-shelf embedded devices to research platforms. Two case studies: a PLC and a SSD

From off-the-shelf embedded devices to research platforms. Two case studies: a PLC and a SSD Lucian Cojocar Herbert Bos Vrije Universiteit of Amsterdam 10/02/2015 1 / 44 Who I am Find back-doors in firmwares: Wrote a translator from

886 views • 44 slides
Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip

Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip

Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip Hallam-Baker Principal Scientist VeriSign Inc. Small is not beautiful Not When you write the code PIC 16F88 368 bytes RAM 4K Word ROM 20MHz

390 views • 21 slides
Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos Stylianopoulos Simon Kindstrm Magnus Almgren Olaf Landsiedel Marina Papatriantafilou Distributed Computing and Systems Motivation IoT security

908 views • 31 slides
Towards Automated Classification of Firmware Images and Identification of Embedded Devices Andrei

Towards Automated Classification of Firmware Images and Identification of Embedded Devices Andrei

IFIP SEC '17 (Rome, Italy) Towards Automated Classification of Firmware Images and Identification of Embedded Devices Andrei Costin (University of Jyvaskyla) Apostolis Zarras (TUM) Aurelien Francillon (EURECOM) Agenda Introduction

577 views • 34 slides
USB for Embedded Devices Mohit Maheshwari 200601008 Prashant Garg 200601144 USB : An

USB for Embedded Devices Mohit Maheshwari 200601008 Prashant Garg 200601144 USB : An

USB for Embedded Devices Mohit Maheshwari 200601008 Prashant Garg 200601144 USB : An Introduction The Universal Serial Bus (USB) is a specification developed by Compaq, Intel, Microsoft and NEC, joined later by Hewlett-Packard, Lucent

607 views • 27 slides
Embedded Linux Devices Mehmet Fatih Karagz & Cevahir Turgut 1 Outline Introduction to

Embedded Linux Devices Mehmet Fatih Karagz & Cevahir Turgut 1 Outline Introduction to

Node.JS Appliances on Embedded Linux Devices Mehmet Fatih Karagz & Cevahir Turgut 1 Outline Introduction to Node.js Cross-compiling Node.js and Node Package Manager(NPM) Development environment Scripting samples in embedded

721 views • 45 slides
TO INDUSTRIES, MACHINES & DEVICES Deepu Talla, Ph.D. VP & GM Embedded & Edge

TO INDUSTRIES, MACHINES & DEVICES Deepu Talla, Ph.D. VP & GM Embedded & Edge

BRINGING AI FROM CLOUD TO INDUSTRIES, MACHINES & DEVICES Deepu Talla, Ph.D. VP & GM Embedded & Edge Computing Advantech Global Partner Conference Dec 6, 2019 NVIDIA A COMPUTING PLATFORM COMPANY 2 AT THE INTERSECTION OF

573 views • 19 slides
Do You Hear What I Hear? Fingerprintin Smart Devices Through Embedded Acoustic Components A.Das,

Do You Hear What I Hear? Fingerprintin Smart Devices Through Embedded Acoustic Components A.Das,

Do You Hear What I Hear? Fingerprintin Smart Devices Through Embedded Acoustic Components A.Das, N.Borisov, M.Caesar CCS 2014 Presented by Siddharth Murali Fingerprinting smartphones Being able to uniquely identify a smartphone Why is

416 views • 14 slides

More recommend