Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group."— Presentation transcript:

1 Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group University of Bochum, Germany www.crypto.rub.de

2 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Contents Pervasive computing and embedded systems Pervasive computing and security Constrained environments and crypto Research problems

3 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Characteristics of Traditional IT Applications Mostly based on interactive (= traditional) computers „One user – one computer“ paradigm Static networks Large number of users per network Q: How will the IT future look?

4 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Examples for Pervasive Computing PDAs, 3G cell phones,... Living spaces will be stuffed with nodes So will cars Wearable computers (clothes, eye glasses, etc.) Household appliances Smart sensors in infrastructure (windows, roads, bridges, etc.) Smart bar codes (autoID) “Smart Dust”...

5 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Will that ever become reality?? We don’t know, but: CPUs sold in 2000

6 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Security and Economics of Pervasive Networks „One-user many-nodes“ paradigm (e.g. 10 2 - 10 3 processors per human) Many new applications we don‘t know yet Very high volume applications Very cost sensitive People won‘t be willing to pay for security per se People won‘t buy products without security

7 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Where are the challenges for embedded security? Designers worry about IT functionality, security is ignored or an afterthought Attacker has easy access to nodes Security infrastructure (PKI etc.) is missing: Protocols??? Side-channel and tamper attacks Computation/memory/power constrained

8 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Why do constraints matter? Almost all ad-hoc protocols (even routing!) require crypto ops for every hop At least symmtric alg. are needed Asymmetric alg. allow fancier protocols Question: What type of crypto can we do?

9 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Classification by Processor Power Very rough classification of embedded processors Class speed : high-end Intel Class 0: few 1000 gates ? Class 1: 8 bit  P,  10MHz  1: 10 3 Class 2: 16 bit  P,  50MHz  1: 10 2 Class 3: 32 bit  P,  200MHz  1: 10

10 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Case Study Class 0: RFID Recall: Class 0 = no  P, few 1000 gates Goal: RFID as bar code replacement Cost goal 5 cent (!) allegedly 500 x 10 9 bar code scans worldwide per day (!!) AutoID tag: security “with 1000 gates” [ CHES 02 ] –Ell. curves (asymmetric alg.) need > 20,000 gates –DES (symmetric alg.) needs > 5,000 gates –Lightweight stream ciphers might work

11 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Status Quo: Crypto for Class 1 Recall: Class 1 = 8 bit  P,  10MHz Symmetric alg: possible at low data rates Asymm.alg: very difficult without coprocessor

12 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Status Quo: Crypto for Class 2 Recall: Class 2 = 16 bit  P,  50MHz Symmetric alg: possible Asymm.alg: possible if carefully implemented, and algorithms carefully selected (ECC feasible; RSA & DL still hard)

13 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Status Quo: Crypto for Class 3 Recall: Class 1 = 32 bit  P,  200MHz Symmetric alg: possible Asymm.alg: full range (ECC, RSA, DL) possible, some care needed for implementation

14 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Open (Research) Questions 1.Symmetric algorithm for class 0 (e.g., 1000 gates) which are secure and well understood? 2. Alternative asymm. alg. for class 0 and class 1 (8 bit  P) with 10x time-area improvement over ECC? 3.Are asymm. alg. which are “too short” (e.g., ECC with 100 bits) usable? 4.Ad-hoc protocols without long-term security needs? 5. Side-channel protection at very low costs?

15 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Related Events at the EUROBITS Center in Bochum www.crypto.rub.de 1.Workshop on Side-Channel Attacks on Smart Cards January 30-31, 2003

16 Cryptographic Hardware and Embedded Systems September 7-10 chesworkshop.org

17 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Security Challenges: Many Security Assumptions Change No access to backbone: PKI does not work New threats: sleep deprivation attack Old threats (e.g., confidentiality) not always a problem Nodes have incentives to cheat in protocols Security protocols ???

18 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Our Research Crypto algorithms in highly constrained environments Low-cost hardware for public-key algorithm Ultra low-cost hardware for symmetric algorithms Software for public-key, symmetric algorithms on low-end processors Protocols for ad-hoc networks Secure communication in complex technical systems (airplanes, cars, etc.) Establishing trust in networks

19 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Traditional Security Applications Very often: computer & communication networks! (wireless) LAN / WLAN (Local Area Network) WAN (Wide Area Network) PKI (Public Key Infrastructure)

20 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Traditional Security Applications (wireless) LAN / WLAN (Local Area Network)

21 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Traditional Security Applications WAN (Wide Area Network)

22 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Traditional Security Applications PKI (Public Key Infrastructure) enables secure LAN, WAN

23 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Other Traditional Security Applications Antivirus Firewalls Biometrics

24 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 The IT Future 2. Bridge sensors 3. Cleaning robots 6. Car with various IT services 8. Networked robots 9. Smart street lamps 14. Pets with electronic sensors 15. Smart windows

25 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Characteristics of Pervasive Computing Systems Embedded nodes (no traditional computers) Connected through wireless, close-range network (“Pervasive networks”)! Ad-hoc networks: Dynamic addition and deletion of nodes Power/computation/memory constrained! Vulnerable

26 Ruhr University Bochum Communication Security (COSY) Group Workshop on Ad-Hoc Security 2002 Why Security in Pervasive Applications? Pervasive nature and high-volume of nodes increase risk potential (e.g., hacking into a car) Wireless channels are vulnerable (passive and active attacks) Privacy issues (geo-location, medical sensors, monitoring of home activities, etc.) Stealing of services (sensors etc.)

Download ppt "Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group."

Similar presentations

Mobile Computing and Commerce And Pervasive Computing

Mobile Computing and Commerce And Pervasive Computing
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
#1 The Conventional Wisdom About Sensor Network Security… David Wagner U.C. Berkeley.

#1 The Conventional Wisdom About Sensor Network Security… David Wagner U.C. Berkeley.
Embedded Networking and One to Many to One John Heidemann USC/ISI ICNP Panel—November 2, 1999.

Embedded Networking and One to Many to One John Heidemann USC/ISI ICNP Panel—November 2, 1999.
Unit 9 Network Fundamentals. Describe a network Explain the benefits of a network Identify risks in computing Describe the roles of clients & servers.

Unit 9 Network Fundamentals. Describe a network Explain the benefits of a network Identify risks in computing Describe the roles of clients & servers.
ECGR-6185 ZIGBEE Advanced Embedded Systems University of North Carolina –Charlotte Gajendra Singh Some figures borrowed from Zigbee Alliance web pages.

ECGR-6185 ZIGBEE Advanced Embedded Systems University of North Carolina –Charlotte Gajendra Singh Some figures borrowed from Zigbee Alliance web pages.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
9 Lecture The Wireless Revolution. Identify the principal wireless transmission media and devices, cellular network standards and generations, and standards.

9 Lecture The Wireless Revolution. Identify the principal wireless transmission media and devices, cellular network standards and generations, and standards.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
A Study on Mobile P2P Systems Hongyu Li. Outline  Introduction  Characteristics of P2P  Architecture  Mobile P2P Applications  Conclusion.

A Study on Mobile P2P Systems Hongyu Li. Outline  Introduction  Characteristics of P2P  Architecture  Mobile P2P Applications  Conclusion.
Home Health Care and Assisted Living John Stankovic, Sang Son, Kamin Whitehouse A.Wood, Z. He, Y. Wu, T. Hnat, S. Lin, V. Srinivasan AlarmNet is a wireless.

Home Health Care and Assisted Living John Stankovic, Sang Son, Kamin Whitehouse A.Wood, Z. He, Y. Wu, T. Hnat, S. Lin, V. Srinivasan AlarmNet is a wireless.

Similar presentations

Ads by Google