Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and.

Published byMadilyn Webb Modified over 10 years ago

Similar presentations

Presentation on theme: "Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and."— Presentation transcript:

1 Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and I. Verbauwhede Katholieke Universiteit Leuven ESAT-SCD/COSIC DATE 2007 Workshop on Secure Embedded Implementations Nice, France, April 20, 2007

2 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 2 Outline  Introduction and Motivation  Curve-based Cryptography (ECC/HECC)  Low-cost ECC/HECC processor  Results: area, power, performance  Conclusions  Future work

3 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 3 Introduction  RFID system and sensors Tags Readers Server

4 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 4 Motivation  Emerging new applications: wireless applications, sensor networks, RFIDs, car immobilizers, key chains etc. resource limited: area (< 1 mm 2 *), memory, bandwidth resource limited: area (< 1 mm 2 *), memory, bandwidth low-cost, low-power (< 500μW or I<10μA @ 1.5 V *), low-energy low-cost, low-power (< 500μW or I<10μA @ 1.5 V *), low-energy  Pure hardware solutions are energy and cost effective  Side-channel security  Privacy enhancement * Source: Wolkerstorfer, RFID workshop 2005.

5 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 5 Motivation: Why Public- Key Cryptography?  PKC reduces protocol overhead => less packet transmissions Example: Schnorr Example: Schnorr identification protocol identification protocol (3 rounds) (3 rounds)  PKC provides more security Key protection Key protection Authentication Authentication Key distribution Key distribution  PKC allows for strong authentication

6 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 6 ECC/HECC over binary fields A hyperelliptic curve of genus g over a finite field K : A hyperelliptic curve of genus g over a finite field K : f and h are polynomials, deg(h) ≤ g, deg(f)=2g+1 and f is monic some more conditions should be satisfied. An elliptic curve E over GF(2 n ) is defined by an equation of the form: where a, b  GF(2 n ), Points are (x, y) which satisfy the equation, where x, y  GF(2 n ). where a, b  GF(2 n ), Points are (x, y) which satisfy the equation, where x, y  GF(2 n ). A hyperelliptic curve of genus g=1 is called elliptic curve.

7 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 7 ECC operations: Hierarchy Point Multiplication Point Addition Point Doubling Finite Field Addition Finite Field Multiplication Finite Field Inversion Point Multiplication Point Addition Point Doubling Finite Field Operation E.g. AB or (B+C) mod P Finite Field Inversion (a)(b)  (H)ECC computes point multiplication, kP  (a) conventional hierarchy  (b) Compact datapath architecture Controller Datapath

8 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 8 Low-power design  Architectural decisions are important  Frequency as low as possible  Power consumption and energy efficiency are both crucial  ECC arithmetic should be revisited to optimize those parameters  The circuit size should be minimized  Flexibility can be sacrificed

9 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 9 (H)ECC processor HECC (83 bits) ECC-comp. (83 bits)

10 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 10 New compact MALU (Modular ALU)  Implements bit/digit serial modular multiplication and addition in a binary field  Fixed irreducible polynomial  Suitable for ECC over GF(2 p ), ECC over composite fields and HECC  Resource sharing of both modular operations required  No separate squaring unit or inverter => simple side-channel resistance

11 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 11  AB mod N (cmd = 1) & B +C mod N (cmd = 0) Schematics of the MALU d: digit size n: field size

12 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 12 Area of MALU for ECC/HECC  ECC: d = 1,…, 4; k = 131,…, 163  ECC comp. & HECC: d = 1,…, 8, k = 67,…, 83 ECC ECC-comp. / HECC

13 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 13 ECC results for area: MALU + controller d = 1 d = 2 d = 3 d = 4 k = 131 6612707975398005 k = 139 7256765078558348 k = 151 7662817383368860 k = 163 8021860191749738 Control is around 30% of the total # of gates

14 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 14 ECC-comp. and HECC results for area: MALU + controller d = 1 d = 2 d = 4 d = 6 d = 8 k = 67 ECC-comp.HECC4345589346006147508966355612716661037652 k = 83 ECC-comp.HECC5071662253756930597175136558811271938747

15 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 15 Results: Power consumption by MALU ECC (163 bits) ECC-comp (83 bits)  ECC: d = 1,…, 4; k = 163  ECC comp. : d = 1,…, 8; k = 83

16 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 16 Results for ECC: performance  Estimated performance for ECC over GF(2 p ), 1 point multiplication @ 500 kHz (digit size d = 4 ): (digit size d = 4 ): t = 190 ms in GF(2 163 ) t = 190 ms in GF(2 163 ) t = 115 ms in GF(2 131 ) t = 115 ms in GF(2 131 )

17 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 17 Complete results PKC – bits of sec. d # gates w/o RAM f [kHz] t [ms] P [μW] ECC - 131 48104200265 < 12 ECC - 163 47256200400 < 15 ECC-comp - 134 86103200210 < 13 HECC - 134 87652500546 < 17

18 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 18 Conclusions  The presented MALU is the smallest possible solution for curve-based cryptography  Our result is also the most compact ECC/HECC solution so far  Area and power are scalable in the digit size, d

19 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 19 Future work  Better power estimates regarding RAM and synthesis in 0.13 (0.18)  m CMOS library are required  Compact RNG for tag authentication protocol  Light-weight protocols: trade-off between security and efficiency  Low-cost countermeasures for side- channel attacks

20 KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 20 Further reading 1. L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede, "Public-Key Cryptography on the Top of a Needle", In Proc. of IEEE International Symposium on Circuits and Systems (ISCAS 2007), May 27-30, 2007, New Orleans, to appear. 2. L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede, "Low-cost Elliptic Curve Cryptography for wireless sensor networks", In Third European Workshop on Security and Privacy in Ad hoc and Sensor Networks, LNCS 4357, Springer-Verlag, pp. 6-17, Sep. 20-21, 2006, Hamburg, Germany. 3. K. Sakiyama, L. Batina, N. Mentens, B. Preneel, and I. Verbauwhede, "Small-footprint ALU for public-key processors for pervasive security," In Workshop on RFID Security 2006, July 12-14, 2006, Graz, Austria.

Download ppt "Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
LEUCEMIA MIELOIDE AGUDA TIPO 0

LEUCEMIA MIELOIDE AGUDA TIPO 0
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 38.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 38.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.

Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.
0 - 0.

0 - 0.
ALGEBRAIC EXPRESSIONS

ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.

MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.

Similar presentations

Ads by Google