Download presentation
Presentation is loading. Please wait.
1
Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291
2
Wireless Sensor Networks - Operations DWSN HWSN Base Station Monitoring Monitoring: continuously check the status of the environment Alerting Alerting: a problematic situation is happening / going to happen Querying Querying: provide information “On-Demand” Reporting Reporting: transmit short report of the environment Others Others: autonomous, self-configurable, distributed computing, decentralized, easily deployable, inexpensive, … 1. WSN …
3
Shooter localization… And by far the most important threat needing secure communications channel….
4
Wireless Sensor Network – Drawacks Hardware/Software Constrained : Typical node specs (i.e MIZAz): 8 Mhz, 4KB RAM and 128KB ROM Low patter capacity Low power transceiver (e.g IEEE 802.15.4) And the most important Specific context of WSN Increases likelihood of of attacks!! Physical: Easy access to the network environment (nodes) Logical: Wireless communication: Confidentiality, Authenticity, Integrity
5
How to protect them? Symmetric Key Cryptography (SKC) Low computation cost Smaller key sizes Public Key Cryptography It provides more security than SKC…but it requires a nontrivial amount of processing power and memory Past 20042007 Future Imposible to use PKC Possible to use PKC Doubt in using PKC
6
Background on ECC Public key (asymmetric) cryptosystem Based upon a hard number theoretic problem: Elliptic Curve Elliptic Curve Discrete Logarithms (ECDLP) Given an elliptic curve and points P and Q the curve, find K such that Q = k*P The hardness of ECDL defines the security level of all ECC protocols: No sub-exponential algorithm known which can solve the ECDLP ECC131p => $2 million ECC163p => $1 trillion (> 20 years) At the base of ECC operations is finite field (Galois Field) algebra with focus on prime Galois Fields (GF(p)) and binary extension Galois Fields (GF(2 m )) ECC Performance, Security, Size is a function of: finite field selection, elliptic curve type, point representation type, algorithms used, protocol, key size, hardware/software breakdown, memory available, code and area
7
Elliptic Curves Elliptic curve over prime field F p is defined by a cubic equation y 2 = x 3 +a*x+b, where a,b are an element of F p such that 4* a 3 + 27*b 3 ≠ 0 To encrypt data, a point Q on the chosen curve over the finite field. The fundamental encryption operation is a point scalar multiplication i.e a point P1 added to itself k times. Q = k*P = P + P + …P In order to compute Q, a double and add method is used and k is represented in binary form and scanned right to left from LSB to MSB, performing a Point double each step and an addition if k i is 1. Will require (m-1) Point doublings and an averae of (m-1)/2 Point additions, where m is the bit length of the field prime, p
8
Elliptic curve over Finite Fields Fields that contain finite number of elements Number of elements of a finite prime field is p n, p is prime number and n is a positive integer
9
Finite Fields
10
Point Addition/ Point Doubling Point Addition: 2 multiplications, 1 division and 6 addition/subtractions Point Doubling 3 multiplications, 1 division, 7 addition/ subtractions Division is the critical operation (implemented via inversion followed by multiplication)
11
ECC Operations Hierarchy First Level: Basic Prime Field Operations GF addition: a + b mod p GF multiplication: a * d mob p GF inversion: 1/b mod p GF division: a/b mod p GF subtraction: a - b mod p Second level: Elliptic Curve point operations Point Add: P + Q Point Double: 2 * P Third Level: Elliptic Curve point operation Point (scalar) Multiplication: k*P = P + P + … P (k summands) fundamental and most time consuming operation in ECC Requires multiple Point additions and Point double operations Various optimization algorithms available which are field type and coordinate representation dependent. Fourth Level: ECC protocol ECDSA, ECDH, ECIES,
12
TinyECC Design Objectives Security: Provide security based on known PKC primitives (ECSDA, ECDH, ECIES) Defined in Standards for Efficient Cryptography Implements Curve Parameters recommended by SECG a, b, G (base point), p… Portability Runs on TinyOS on the following platforms: MicaZ, TelosB, Tmote Sky, and Imote2 Some modules (for MICAz, TelosB) implement Assembly for faster execution (causes TOSSIM to break) Resource Awareness and Configurability: Optimizations are user configurable via compiler supplied parameters Efficiency Adapt almost all existing optimizations for ECC operations Use prime F p fields or binary extension fields F 2 m Binary field operations are better suited when application specific hardware is available
13
ECC Algorithms Digital Signatures ECDSA: Elliptic Curve Digital Signature Algorithm Scheme for demonstrating the authenticity of a digital message Provides a sign and verfiy operation analogous to DSA Key Agreement ECDH: Elliptic Curve Diffie-Hellman Allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. Shared secret maybe directly used as a key, or to derive another key which will be used to encrypt subsequent communication using a symmetric key cipher Diffie-Hellman; p(qG) = q(pG); qG,pG are public values; p and q are private Encryption ECIES: Elliptic Curve Integrated Encryption Standard Uses ECDH to derive a shared key which is then used to derive a symmetric key and a message authentication code used for encryption/ signing
14
Optimizations for Large Integer Operations Barret Reduction: Faster than modular division when reducing various numbers modulo the same number (the prime value p) many times Useful large numbers Can only reduce numbers that, at most twice as long (in words ) as the modulus) Store off u = floor( b^k/p)= floor(2^(w*k)/p) p is a prime k words long w is bit with of the word (i.e 8 for an 8 bit processor) Assumes that b^k is of the form 2^w Divisions and modular reductions can be replaced by Right Shifts and AND operations if b is a power of 2 Algorithm: http://www.cosic.esat.kuleuven.be/publications/article-1115.pdfhttp://www.cosic.esat.kuleuven.be/publications/article-1115.pdf Hybrid Multiplication Maximizes the utilization of registers and reduces the number of memory load operations (intended for assembly code) since a set size register bank is needed. Algorithm: http://research.sun.com/people/eberle/CHES_2004.pdf Hybrid Squaring: Takes advantage of the fact that partial products of a number where the ith word position not equal the jth word position occur twice.
15
ECC Operations Projective Coordinate Systems (1) Point doubling and (2)Point addition, scalar multiplication (uses 1,2) are on critical path Point addition/ doubling require additions, multiplications and inversion in a standard setup. Inversions are more computationally difficult can be removed with the compensation of Solution, mixed coordinate system (x,y,z) vice just (x,y) get rid of the need for inversions. Sliding Window for Scalar Multiplications To compute k*P, k is scanned from MSB to LSB. Each bit requires 1 Point doubling regardless and if the bit position is a 1, it requires a Point Addition Instead of evaluating individual bits, blocks of bits w bits width are evaluated and a look up table is created which reduces computation Shamir’s Trick a*P+b*Q: requires two scalar multiplication and a Point addition. By using a pre-computed value of P+Q, we can reduce two scalar multiplications to be a bit more expensive than one such operation Curve Specific Optimization Another modular reduction trick based on the prime value p chosen that eliminates divisions
16
Evaluation Objectives: Measure performance and resource consumption of TinyECC on a spectrum of sensors High end: Imote2 Low End: MICAz, TelosB and Tmote Sky Provide detailed performance and resource results for commonly desirable configurations Fastest execution time Least memory consumption Two cases were studied: Case A: for each optimization, disabled all other optimizations and obtained metrics when optimization under test was enabled/disabled Case B: for each optimization, enabled all other optimizations and obtained metrics when optimization was enabled/ disabled Metrics Measured: RAM size, ROM size, Execution Time and Energy (Voltage * Current Draw * Execution Time)
17
Eye Candy: Execution Time Execution Time: zero optimizations Execution Time: all optimizations
18
The Jist: Results Execution Time went down as optimizations were used RAM & ROM size increased when optimizations were enabled Energy went down as optimizations were turned on 25.4 => 6 (largest difference)
19
QA
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.