Presentation is loading. Please wait.

Presentation is loading. Please wait.

Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291."— Presentation transcript:

1 Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291

2 Wireless Sensor Networks - Operations DWSN HWSN Base Station Monitoring Monitoring: continuously check the status of the environment Alerting Alerting: a problematic situation is happening / going to happen Querying Querying: provide information “On-Demand” Reporting Reporting: transmit short report of the environment Others Others: autonomous, self-configurable, distributed computing, decentralized, easily deployable, inexpensive, … 1. WSN …

3 Shooter localization… And by far the most important threat needing secure communications channel….

4 Wireless Sensor Network – Drawacks Hardware/Software Constrained :  Typical node specs (i.e MIZAz): 8 Mhz, 4KB RAM and 128KB ROM Low patter capacity Low power transceiver (e.g IEEE 802.15.4)  And the most important Specific context of WSN  Increases likelihood of of attacks!!  Physical:  Easy access to the network environment (nodes)  Logical:  Wireless communication: Confidentiality, Authenticity, Integrity

5 How to protect them? Symmetric Key Cryptography (SKC)  Low computation cost  Smaller key sizes Public Key Cryptography  It provides more security than SKC…but it requires a nontrivial amount of processing power and memory Past 20042007 Future Imposible to use PKC Possible to use PKC Doubt in using PKC

6 Background on ECC Public key (asymmetric) cryptosystem Based upon a hard number theoretic problem: Elliptic Curve Elliptic Curve Discrete Logarithms (ECDLP)  Given an elliptic curve and points P and Q the curve, find K such that Q = k*P  The hardness of ECDL defines the security level of all ECC protocols: No sub-exponential algorithm known which can solve the ECDLP ECC131p => $2 million ECC163p => $1 trillion (> 20 years) At the base of ECC operations is finite field (Galois Field) algebra with focus on prime Galois Fields (GF(p)) and binary extension Galois Fields (GF(2 m )) ECC Performance, Security, Size is a function of: finite field selection, elliptic curve type, point representation type, algorithms used, protocol, key size, hardware/software breakdown, memory available, code and area

7 Elliptic Curves Elliptic curve over prime field F p is defined by a cubic equation y 2 = x 3 +a*x+b, where a,b are an element of F p such that 4* a 3 + 27*b 3 ≠ 0 To encrypt data, a point Q on the chosen curve over the finite field. The fundamental encryption operation is a point scalar multiplication i.e a point P1 added to itself k times.  Q = k*P = P + P + …P In order to compute Q, a double and add method is used and k is represented in binary form and scanned right to left from LSB to MSB, performing a Point double each step and an addition if k i is 1.  Will require (m-1) Point doublings and an averae of (m-1)/2 Point additions, where m is the bit length of the field prime, p

8 Elliptic curve over Finite Fields Fields that contain finite number of elements Number of elements of a finite prime field is p n, p is prime number and n is a positive integer

9 Finite Fields

10 Point Addition/ Point Doubling Point Addition:  2 multiplications, 1 division and 6 addition/subtractions Point Doubling  3 multiplications, 1 division, 7 addition/ subtractions Division is the critical operation (implemented via inversion followed by multiplication)

11 ECC Operations Hierarchy First Level: Basic Prime Field Operations  GF addition: a + b mod p  GF multiplication: a * d mob p  GF inversion: 1/b mod p  GF division: a/b mod p  GF subtraction: a - b mod p Second level: Elliptic Curve point operations  Point Add: P + Q  Point Double: 2 * P Third Level: Elliptic Curve point operation  Point (scalar) Multiplication: k*P = P + P + … P (k summands) fundamental and most time consuming operation in ECC Requires multiple Point additions and Point double operations Various optimization algorithms available which are field type and coordinate representation dependent. Fourth Level: ECC protocol  ECDSA, ECDH, ECIES,

12 TinyECC Design Objectives Security: Provide security based on known PKC primitives (ECSDA, ECDH, ECIES)  Defined in Standards for Efficient Cryptography  Implements Curve Parameters recommended by SECG a, b, G (base point), p… Portability  Runs on TinyOS on the following platforms: MicaZ, TelosB, Tmote Sky, and Imote2  Some modules (for MICAz, TelosB) implement Assembly for faster execution (causes TOSSIM to break) Resource Awareness and Configurability:  Optimizations are user configurable via compiler supplied parameters Efficiency  Adapt almost all existing optimizations for ECC operations  Use prime F p fields or binary extension fields F 2 m Binary field operations are better suited when application specific hardware is available

13 ECC Algorithms Digital Signatures  ECDSA: Elliptic Curve Digital Signature Algorithm Scheme for demonstrating the authenticity of a digital message Provides a sign and verfiy operation analogous to DSA Key Agreement  ECDH: Elliptic Curve Diffie-Hellman Allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. Shared secret maybe directly used as a key, or to derive another key which will be used to encrypt subsequent communication using a symmetric key cipher Diffie-Hellman; p(qG) = q(pG); qG,pG are public values; p and q are private Encryption  ECIES: Elliptic Curve Integrated Encryption Standard Uses ECDH to derive a shared key which is then used to derive a symmetric key and a message authentication code used for encryption/ signing

14 Optimizations for Large Integer Operations Barret Reduction:  Faster than modular division when reducing various numbers modulo the same number (the prime value p) many times  Useful large numbers  Can only reduce numbers that, at most twice as long (in words ) as the modulus)  Store off u = floor( b^k/p)= floor(2^(w*k)/p) p is a prime k words long w is bit with of the word (i.e 8 for an 8 bit processor) Assumes that b^k is of the form 2^w  Divisions and modular reductions can be replaced by Right Shifts and AND operations if b is a power of 2  Algorithm: http://www.cosic.esat.kuleuven.be/publications/article-1115.pdfhttp://www.cosic.esat.kuleuven.be/publications/article-1115.pdf Hybrid Multiplication  Maximizes the utilization of registers and reduces the number of memory load operations (intended for assembly code) since a set size register bank is needed.  Algorithm: http://research.sun.com/people/eberle/CHES_2004.pdf Hybrid Squaring:  Takes advantage of the fact that partial products of a number where the ith word position not equal the jth word position occur twice.

15 ECC Operations Projective Coordinate Systems  (1) Point doubling and (2)Point addition, scalar multiplication (uses 1,2) are on critical path Point addition/ doubling require additions, multiplications and inversion in a standard setup. Inversions are more computationally difficult can be removed with the compensation of Solution, mixed coordinate system (x,y,z) vice just (x,y) get rid of the need for inversions. Sliding Window for Scalar Multiplications  To compute k*P, k is scanned from MSB to LSB. Each bit requires 1 Point doubling regardless and if the bit position is a 1, it requires a Point Addition Instead of evaluating individual bits, blocks of bits w bits width are evaluated and a look up table is created which reduces computation Shamir’s Trick  a*P+b*Q: requires two scalar multiplication and a Point addition.  By using a pre-computed value of P+Q, we can reduce two scalar multiplications to be a bit more expensive than one such operation Curve Specific Optimization  Another modular reduction trick based on the prime value p chosen that eliminates divisions

16 Evaluation Objectives:  Measure performance and resource consumption of TinyECC on a spectrum of sensors High end: Imote2 Low End: MICAz, TelosB and Tmote Sky  Provide detailed performance and resource results for commonly desirable configurations Fastest execution time Least memory consumption  Two cases were studied: Case A: for each optimization, disabled all other optimizations and obtained metrics when optimization under test was enabled/disabled Case B: for each optimization, enabled all other optimizations and obtained metrics when optimization was enabled/ disabled  Metrics Measured: RAM size, ROM size, Execution Time and Energy (Voltage * Current Draw * Execution Time)

17 Eye Candy: Execution Time Execution Time: zero optimizations Execution Time: all optimizations

18 The Jist: Results Execution Time went down as optimizations were used RAM & ROM size increased when optimizations were enabled Energy went down as optimizations were turned on  25.4 => 6 (largest difference)

19 QA

Download ppt "Summary of – “TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks” Presented by: Maulin Patel Nov/17/09 CSE291."

Similar presentations

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Cryptography and Network Security Chapter 13

Cryptography and Network Security Chapter 13
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Bob can sign a message using a digital signature generation algorithm

Bob can sign a message using a digital signature generation algorithm
By Abhijith Chandrashekar and Dushyant Maheshwary.

By Abhijith Chandrashekar and Dushyant Maheshwary.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Similar presentations

Ads by Google