Permutation-based cryptography for the Internet of Things
|
|
- Lisa Haynes
- 5 years ago
- Views:
Transcription
1 Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 Joint work with Guido Bertoni, Joan Daemen 1,2, Seth Hoffert, Michaël Peeters 1 and Ronny Van Keer 1 1 STMicroelectronics 2 Radboud University RIOT Summit 2017 Berlin, September 25-26, / 56
2 Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 2 / 56
3 Parameters for the IoT Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 3 / 56
4 Parameters for the IoT On the cost of cryptography for the IoT code size memory usage execution time efficiency on the high-end server? protections against side-channel attacks? 4 / 56
5 Parameters for the IoT On the cost of cryptography for the IoT code size memory usage execution time efficiency on the high-end server? protections against side-channel attacks? 4 / 56
6 Parameters for the IoT On the cost of cryptography for the IoT code size memory usage execution time efficiency on the high-end server? protections against side-channel attacks? 4 / 56
7 Parameters for the IoT What are side-channel attacks? Leakage from the device Time, electrical consumption, EM radiation simple power analysis (SPA) vs differential power analysis (DPA) Picture by oskay on Flickr 5 / 56
8 Parameters for the IoT What are side-channel attacks? Inducing faults in the device Glitch, laser pulse Picture by ViaMoi on Flickr 6 / 56
9 Parameters for the IoT Usage and ownership Actors: Key owner Device owner Actual user Usually, these are the same person, but 7 / 56
10 Parameters for the IoT Usage and ownership When key owner = device owner Banking card DRM But hopefully the same person in open-source contexts! 8 / 56
11 Parameters for the IoT Usage and ownership When key/device owner = actual user Not always controlling the device E.g., devices spread over a large area E.g., on-site personnel E.g., lost device Distant eavesdropping Protections against SCA can be needed. 9 / 56
12 Permutations! Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 10 / 56
13 Permutations! Symmetric crypto: what textbooks and intro s say Symmetric cryptographic primitives: Block ciphers Stream ciphers Hash functions And their modes-of-use Picture by GlasgowAmateur 11 / 56
14 Permutations! Examples of permutations In Salsa, Chacha, Grindhal In SHA-3 candidates: CubeHash, Grøstl, JH, MD6, In CAESAR candidates: Ascon, Icepole, Norx, π-cipher, Primates, Stribob, And of course in Keccak 12 / 56
15 Permutations! The sponge construction input output r c 0 0 outer inner f f f f f f absorbing squeezing Calls a permutation f The capacity c determines the generic security: Hashing: 2 c/2 Authentication, encryption: 2 c ϵ 13 / 56
16 Permutations! Keccak-f The seven permutation army: 25, 50, 100, 200, 400, 800, 1600 bits toy, lightweight, fastest standardized in [FIPS 202] Repetition of a simple round function that operates on a 3D state (5 5) lanes up to 64-bit each 14 / 56
17 Permutations! Keccak-f in pseudo-code KECCAK-F[b](A) { forall i in 0 nr-1 A = Round[b](A, RC[i]) return A } Round[b](A,RC) { θ step C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], forall x in 0 4 D[x] = C[x-1] xor rot(c[x+1],1), forall x in 0 4 A[x,y] = A[x,y] xor D[x], forall (x,y) in (0 4,0 4) ρ and π steps B[y,2*x+3*y] = rot(a[x,y], r[x,y]), χ step A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), forall (x,y) in (0 4,0 4) forall (x,y) in (0 4,0 4) ι step A[0,0] = A[0,0] xor RC return A } 15 / 56
18 Permutations! Bit interleaving = + ROT 64 2 ROT / 56
19 Permutations! The unbearable lightness of permutations Example: hashing with target security strength 2 c/2 Davies-Meyer block cipher based hash chaining value (block size): n c input block size ( key length): typically k n feedforward (block size): n total state 3c Sponge permutation width: c + r r can be made arbitrarily small, e.g., 1 byte total state c / 56
20 Permutations! Cost of primitives and modes together [Yalla, Homsirikamol, Kaps, DIAC 2014] 18 / 56
21 Permutations! Symmetric crypto: a more correct picture Symmetric cryptographic primitives: Block ciphers Key stream generators Permutations And their modes-of-use Picture by Sébastien Wiertz 19 / 56
22 Keyed applications Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 20 / 56
23 Keyed applications Use Sponge for MACing Key Padded message MAC 0 f f f f f 21 / 56
24 Keyed applications Use Sponge for (stream) encryption Key IV 0 f f f Key stream 22 / 56
25 Keyed applications Single pass authenticated encryption Key IV Padded message MAC 0 f f f f f Key stream But this is no longer the sponge 23 / 56
26 Keyed applications The duplex construction Generic security provably equivalent to that of sponge Applications: authenticated encryption, reseedable pseudorandom generator 24 / 56
27 Strobe Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 25 / 56
28 Strobe What is Strobe? Layer above the duplex construction Safe and easy syntax, to achieve, e.g., secure channels signatures over a complete session Very compact implementation Mechanism to prevent side-channel attacks [Mike Hamburg 26 / 56
29 Strobe Operations and data flow in Strobe figure courtesy of Mike Hamburg 27 / 56
30 Example: key derivation Strobe KEY(master shared key K) RATCHET derived key 1 PRF(16 bytes) RATCHET derived key 2 PRF(16 bytes) 28 / 56
31 Strobe Example: protocol KEY(shared key K) AD[nonce](sequence number i) AD[auth-data](client IP address server IP address) send_enc( GET file ) send_mac(128 bits) recv_enc(buffer) recv_mac(128 bits) 29 / 56
32 Ketje and Keyak Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 30 / 56
33 Ketje and Keyak Ketje goals Nonce-based AE function 96-bit or 128-bit security (incl. multi-target) Sessions of header-body pairs keeping the state during the session Small footprint Target niche: secure channel protocol on secure chips banking card, ID, (U)SIM, secure element, FIDO, etc. secure chip has strictly incrementing counter Using reduced-round Keccak-f[400] or Keccak-f[200], to allow implementation re-use cryptanalysis re-use reasonable side-channel protections 31 / 56
34 Ketje and Keyak Ketje instances and lightweight features feature Ketje Jr Ketje Sr state size 25 bytes 50 bytes block size 2 bytes 4 bytes processing computational cost initialization per session 12 rounds 12 rounds wrapping per block 1 round 1 round 8-byte tag comp. per message 9 rounds 7 rounds 32 / 56
35 Ketje and Keyak Keyak goals Nonce-based AE function 128-bit security (incl. multi-target) Session of header-body pairs keeping the state during the session Optionally parallelizable Conservative safety margin Using reduced-round Keccak-f[1600] or Keccak-f[800], to allow implementation re-use cryptanalysis re-use reasonable side-channel protections 33 / 56
36 Keyak in a nutshell Ketje and Keyak 0 SUV 1 T (0) SUV = Secret and Unique Value 34 / 56
37 Keyak in a nutshell Ketje and Keyak 0 SUV 1 P(1) A (1) T (0) C (1) T (1) SUV = Secret and Unique Value 34 / 56
38 Keyak in a nutshell Ketje and Keyak 0 SUV 1 P(1) A (1) P (2) T (0) C (1) T (1) C (2) T (2) SUV = Secret and Unique Value 34 / 56
39 Keyak in a nutshell Ketje and Keyak 0 SUV 1 P(1) A (1) P (2) A (3) T (0) C (1) T (1) C (2) T (2) T (3) SUV = Secret and Unique Value 34 / 56
40 Leakage robustness Ketje and Keyak 0 SUV 1 P(1) A (1) P (2) A (3) T (0) C (1) T (1) C (2) T (2) T (3) SUV = Secret and Unique Value Provided that uniqueness is enforced then the secret state is a moving target [Taha, Schaumont, HOST 2014] 35 / 56
41 Kravatte and the Farfalle construction Outline 1 Parameters for the IoT 2 Permutations! 3 Keyed applications 4 Strobe 5 Ketje and Keyak 6 Kravatte and the Farfalle construction 36 / 56
42 Kravatte and the Farfalle construction The new Farfalle construction K 10 p b c k i+2 c k f m 0 p c e p e z 0 c k k f m 1 p c p d e p e z 1 i c k k j f m i p c j e p e z j [IACR eprint 2016/1188] 37 / 56
43 Kravatte and the Farfalle construction Kravatte for many purposes Kravatte = Farfalle + Keccak-p[1600] Kravatte-PRF Kravatte-SAE Kravatte-SIV Kravatte-WBC Authentication Session authenticated encryption Synthetic-IV authenticated encryption Wide block cipher, authenticated encryption with minimal expansion 38 / 56
44 Conclusions Conclusions Permutations are well suited for IoT devices, especially for code size memory usage Farfalle brings efficiency also on the high-end server Bear in mind protections against side-channel attacks 39 / 56
45 Conclusions Thanks for your attention! Any questions? Q? 40 / 56
46 Backup slides A very classical example RSA: c d mod n = m Implemented using the square & multiply algorithm: 41 / 56
47 Backup slides How to protect against side-channel attacks? Electrical-level countermeasures E.g., balacing the processing of 0 and 1 System-level countermeasures E.g., limit the use of a key Algorithmic countermeasures Randomization E.g., instead of processing x, process y and z s.t. x = y z 42 / 56
48 Backup slides What block cipher are used for? Hashing: Davies-Meyer, Block encryption: ECB, CBC, Stream encryption: synchronous: counter mode, OFB, self-synchronizing: CFB MAC computation: CBC-MAC, C-MAC, Authenticated encryption: OCB, GCM, CCM 43 / 56
49 Backup slides Block cipher operation 44 / 56
50 Backup slides Block cipher operation: the inverse 45 / 56
51 Backup slides When do you need the inverse? Hashing and its modes HMAC, MGF1, Block encryption: ECB, CBC, Stream encryption: synchronous: counter mode, OFB, self-synchronizing: CFB MAC computation: CBC-MAC, C-MAC, Authenticated encryption: OCB, GCM, CCM 46 / 56
52 Block cipher internals Backup slides 47 / 56
53 Backup slides Hashing using Davies-Meyer 48 / 56
54 Backup slides Removing diffusion restrictions 49 / 56
55 Backup slides Simplifying the view: iterated permutation 50 / 56
56 Backup slides Pseudo-random function (PRF) input 51 / 56
57 Backup slides Message authentication code (MAC) plaintext plaintext 52 / 56
58 Backup slides Stream cipher nonce plaintext = ciphertext 53 / 56
59 Backup slides Authenticated encryption nonce plaintext plaintext = ciphertext 54 / 56
60 Backup slides Incrementality packet #1 packet #1 55 / 56
61 Backup slides Incrementality packet #1 packet #2 packet #1 packet #2 55 / 56
62 Backup slides Incrementality packet #1 packet #2 packet #3 packet #1 packet #2 packet #3 55 / 56
63 In-place processing Backup slides Store A[x, y] at round i in (x, y ) with ( ) x = y ( ) i ( ) x. y Interacts with π: the output of χ can overwrite its input Matrix of order 4 no performance loss if 4 rounds unrolled [Bertoni et al., Keccak implementation overview] 56 / 56
64 In-place processing Backup slides Store A[x, y] at round i in (x, y ) with ( ) x = y ( ) i ( ) x. y Interacts with π: the output of χ can overwrite its input Matrix of order 4 no performance loss if 4 rounds unrolled [Bertoni et al., Keccak implementation overview] 56 / 56
65 In-place processing Backup slides Store A[x, y] at round i in (x, y ) with ( ) x = y ( ) i ( ) x. y Interacts with π: the output of χ can overwrite its input Matrix of order 4 no performance loss if 4 rounds unrolled [Bertoni et al., Keccak implementation overview] 56 / 56
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 2 Stream Ciphers ver.
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 2 Stream Ciphers ver. October 29, 2009 These slides were prepared by
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 2 Stream Ciphers ver.
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 2 Stream Ciphers ver. October 29, 2009 These slides were prepared by
More informationStream Cipher. Block cipher as stream cipher LFSR stream cipher RC4 General remarks. Stream cipher
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2015. Slide: 90 Stream Cipher Suppose you want to encrypt a stream of data, such as: the data from a keyboard the data from a sensor Block ciphers
More informationCRYPTOGRAPHY. Sharafat Ibn Mollah Mosharraf TOUCH-N-PASS EXAM CRAM GUIDE SERIES. Special Edition for CSEDU. Students CSE, DU )
Special Edition for CSEDU Students TOUCH-N-PASS EXAM CRAM GUIDE SERIES CRYPTOGRAPHY Prepared By Sharafat Ibn Mollah Mosharraf CSE, DU 12 th Batch (2005 2005-2006 2006) Table of Contents CHAPTER 1: INTRODUCTION
More informationLFSR stream cipher RC4. Stream cipher. Stream Cipher
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 89 Stream Cipher Suppose you want to encrypt a stream of data, such as: the data from a keyboard the data from a sensor Block ciphers
More informationCryptography CS 555. Topic 5: Pseudorandomness and Stream Ciphers. CS555 Spring 2012/Topic 5 1
Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers CS555 Spring 2012/Topic 5 1 Outline and Readings Outline Stream ciphers LFSR RC4 Pseudorandomness Readings: Katz and Lindell: 3.3, 3.4.1
More informationSequences and Cryptography
Sequences and Cryptography Workshop on Shift Register Sequences Honoring Dr. Solomon W. Golomb Recipient of the 2016 Benjamin Franklin Medal in Electrical Engineering Guang Gong Department of Electrical
More informationCSc 466/566. Computer Security. 4 : Cryptography Introduction
1/51 CSc 466/566 Computer Security 4 : Cryptography Introduction Version: 2012/02/06 16:06:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationImplementation of a new DES chip 1
Security Considerations in the Design and Implementation of a new DES chip 1 Ingrid Verbauwhede't2 Frank Hoornaert3 Joos Vandewalle2 Hugo De IMEC v.z.w.' ESAT, K.U.Leuven2 CRYPTECH n.~.~ Kapeldreef 75
More informationSecurity Assessment of TUAK Algorithm Set
Security Assessment of TUAK Algorithm Set PROJECT REPORT by Guang Gong, Kalikinkar Mandal, Yin Tan, Teng Wu { ggong, kmandal, yin.tan, teng.wu }@uwaterloo.ca Communications Security Lab Department of Electrical
More informationV.Sorge/E.Ritter, Handout 5
06-20008 Cryptography The University of Birmingham Autumn Semester 2015 School of Computer Science V.Sorge/E.Ritter, 2015 Handout 5 Summary of this handout: Stream Ciphers RC4 Linear Feedback Shift Registers
More informationCryptography. The Codebreakers: The Story of Secret Writing. by David Kahn A Bit of History. Seminal Text on Cryptography
Cryptography A Bit of History 1 Seminal Text on Cryptography The Codebreakers: The Story of Secret Writing by David Kahn 1967 2 Early Cryptology - India Secret writing was well known and practiced in India
More informationNew Address Shift Linear Feedback Shift Register Generator
New Address Shift Linear Feedback Shift Register Generator Kholood J. Moulood Department of Mathematical, Tikrit University, College of Education for Women, Salahdin. E-mail: khmsc2006@yahoo.com. Abstract
More informationStream Ciphers. Debdeep Mukhopadhyay
Stream Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -7232 Classifications Objectives Feedback Based Stream
More informationAn Introduction to Cryptography
An Introduction to http://www.southernct.edu/~fields/ Terminology is the study of secret writing. This is the only branch of mathematics to be designated by the U.S. government as export-controlled. Cryptographic
More informationFrom Theory to Practice: Private Circuit and Its Ambush
Indian Institute of Technology Kharagpur Telecom ParisTech From Theory to Practice: Private Circuit and Its Ambush Debapriya Basu Roy, Shivam Bhasin, Sylvain Guilley, Jean-Luc Danger and Debdeep Mukhopadhyay
More information6.115 KryptoPhone Final Project Report
6.115 KryptoPhone Final Project Report Your voice for secure telecommunications(tm) Ben Adida, Kevin Fu, Rodrigo Leroux {ben,fubob,rodrigo}@mit.edu December 18, 1997 1 Introduction In this age of information,
More informationBeepBeep: Embedded Real-Time Encryption
BeepBeep: Embedded Real-Time Encryption Kevin Driscoll Honeywell Laboratories, 3660 Technology Drive, Minneapolis, MN 55418, USA kevin.driscoll@honeywell.com Abstract. The BeepBeep algorithm is designed
More informationOn the Construction of Lightweight Circulant Involutory MDS Matrices
On the Construction of Lightweight Circulant Involutory MDS Matrices Yongqiang Li a,b, Mingsheng Wang a a. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy
More information21.1. Unit 21. Hardware Acceleration
21.1 Unit 21 Hardware Acceleration 21.2 Motivation When designing hardware we have nearly unlimited control and parallelism at our disposal We can create structures that may dramatically improve performance
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 4: Rotor Machines Enigma Reza Curtmola Department of Computer Science / NJIT How to move from pencil and paper to more automatic ways of encrypting and decrypting?
More informationHow to Predict the Output of a Hardware Random Number Generator
How to Predict the Output of a Hardware Random Number Generator Markus Dichtl Siemens AG, Corporate Technology Markus.Dichtl@siemens.com Abstract. A hardware random number generator was described at CHES
More informationDesigning Integrated Accelerator for Stream Ciphers with Structural Similarities
Designing Integrated Accelerator for Stream Ciphers with Structural Similarities Sourav Sen Gupta 1, Anupam Chattopadhyay 2,andAyeshaKhalid 2 1 Centre of Excellence in Cryptology, Indian Statistical Institute,
More informationInstitute of Southern Punjab, Multan
Institute of Southern Punjab, Multan Network Security Substitution Techniques Lecture#4 Mazhar Hussain E-mail: mazhar.hussain@isp.edu.pk Lecture 4: Substitution Techniques Polybius Cipher Playfair Cipher
More informationDESIGN and IMPLETATION of KEYSTREAM GENERATOR with IMPROVED SECURITY
DESIGN and IMPLETATION of KEYSTREAM GENERATOR with IMPROVED SECURITY Vijay Shankar Pendluri, Pankaj Gupta Wipro Technologies India vijay_shankarece@yahoo.com, pankaj_gupta96@yahoo.com Abstract - This paper
More informationWG Stream Cipher based Encryption Algorithm
International Journal of Emerging Engineering Research and Technology Volume 3, Issue 11, November 2015, PP 63-70 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) WG Stream Cipher based Encryption Algorithm
More informationTesting of Cryptographic Hardware
Testing of Cryptographic Hardware Presented by: Debdeep Mukhopadhyay Dept of Computer Science and Engineering, Indian Institute of Technology Madras Motivation Behind the Work VLSI of Cryptosystems have
More informationPhysical Layer Built-in Security Enhancement of DS-CDMA Systems Using Secure Block Interleaving
transmitted signal. CDMA signals can easily be hidden within the noise floor, and it is impossible to recover the desired user s signal without knowing both the user s spreading code and scrambling sequence.
More informationFault Analysis of Stream Ciphers
Fault Analysis of Stream Ciphers Jonathan J. Hoch and Adi Shamir Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, Israel Abstract. A fault attack is a powerful
More informationA Pseudorandom Binary Generator Based on Chaotic Linear Feedback Shift Register
A Pseudorandom Binary Generator Based on Chaotic Linear Feedback Shift Register Saad Muhi Falih Department of Computer Technical Engineering Islamic University College Al Najaf al Ashraf, Iraq saadmuheyfalh@gmail.com
More informationPhysical Layer Built-in Security Enhancement of DS-CDMA Systems Using Secure Block Interleaving
Physical Layer Built-in Security Enhancement of DS-CDMA Systems Using Secure Block Qi Ling, Tongtong Li and Jian Ren Department of Electrical & Computer Engineering Michigan State University, East Lansing,
More informationMATHEMATICAL APPROACH FOR RECOVERING ENCRYPTION KEY OF STREAM CIPHER SYSTEM
MATHEMATICAL APPROACH FOR RECOVERING ENCRYPTION KEY OF STREAM CIPHER SYSTEM Abdul Kareem Murhij Radhi College of Information Engineering, University of Nahrian,Baghdad- Iraq. Abstract Stream cipher system
More informationScrambling and Descrambling SMT-LIB Benchmarks
Scrambling and Descrambling SMT-LIB Benchmarks Tjark Weber Uppsala University, Sweden SMT 2016 Coimbra, Portugal Tjark Weber Scrambling and Descrambling... 1 / 16 Motivation The benchmarks used in the
More informationA Very Compact FPGA Implementation of LED and PHOTON
A Very Compact FPGA Implementation of LED and PHOTON N. Nalla Anandakumar 1,2, Thomas Peyrin 1 and Axel Poschmann 1,3 1 Division of Mathematical Sciences, School of Physical and Mathematical Science, Nanyang
More information(12) United States Patent (10) Patent No.: US 6,409,089 B1. Eskicioglu (45) Date of Patent: Jun. 25, 2002
USOO64O9089B1 (12) United States Patent (10) Patent No.: Eskicioglu (45) Date of Patent: Jun. 25, 2002 (54) METHOD FOR PROTECTING THE (58) Field of Search... 235/382, 492; AUDIO/VISUAL DATA ACROSS THE
More informationA New Proposed Design of a Stream Cipher Algorithm: Modified Grain - 128
International Journal of Computer and Information Technology (ISSN: 2279 764) Volume 3 Issue 5, September 214 A New Proposed Design of a Stream Cipher Algorithm: Modified Grain - 128 Norul Hidayah Lot
More informationMultiple Image Secret Sharing based on Linear System
Indian Journal of Science and Technology, Vol 10(33), 10.17485/ijst/2017/v10i33/113085, September 2017 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 Multiple Image Secret Sharing based on Linear System
More informationISSN (Print) Original Research Article. Coimbatore, Tamil Nadu, India
Scholars Journal of Engineering and Technology (SJET) Sch. J. Eng. Tech., 016; 4(1):1-5 Scholars Academic and Scientific Publisher (An International Publisher for Academic and Scientific Resources) www.saspublisher.com
More informationFault Analysis of Stream Ciphers
Fault Analysis of Stream Ciphers M.Sc. Thesis Ya akov Hoch yaakov.hoch@weizmann.ac.il Advisor: Adi Shamir Weizmann Institute of Science Rehovot 76100, Israel Abstract A fault attack is a powerful cryptanalytic
More informationAn introduction to MPEG transport streams. all you should know before using TSDuck
An introduction to MPEG transport streams all you should know before using TSDuck Agenda Transport streams packets, sections, tables, PES, demux DVB SimulCrypt architecture, synchronization, ECM, EMM,
More informationPerformance Evaluation of Stream Ciphers on Large Databases
IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.9, September 28 285 Performance Evaluation of Stream Ciphers on Large Databases Dr.M.Sikandar Hayat Khiyal Aihab Khan Saria
More informationCryptanalysis of LILI-128
Cryptanalysis of LILI-128 Steve Babbage Vodafone Ltd, Newbury, UK 22 nd January 2001 Abstract: LILI-128 is a stream cipher that was submitted to NESSIE. Strangely, the designers do not really seem to have
More informationHigh-bandwidth Digital Conte nt Protection System. Revision 1.0
High-bandwidth Digital Conte nt Protection System Revision 1.0 17 February 2000 Notice THIS DOCUMENT IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT,
More informationDesign of Fault Coverage Test Pattern Generator Using LFSR
Design of Fault Coverage Test Pattern Generator Using LFSR B.Saritha M.Tech Student, Department of ECE, Dhruva Institue of Engineering & Technology. Abstract: A new fault coverage test pattern generator
More informationModified Version of Playfair Cipher Using Linear Feedback Shift Register and Transpose Matrix Concept
Modified Version of Playfair Cipher Using Linear Feedback Shift Register and Transpose Matrix Concept Vinod Kumar,Santosh kr Upadhyay,Satyam Kishore Mishra,Devesh Singh Abstract In this paper we are presenting
More informationHCCA: A Cryptogram Analysis Algorithm Based on Hill Climbing
International Conference on Logistics Engineering, Management and Computer Science (LEMCS 2015) HCCA: A Cryptogram Analysis Algorithm Based on Hill Climbing Zhang Tongbo ztb5129@live.com Li Guangli calculatinggod@foxmail.com
More informationPseudorandom bit Generators for Secure Broadcasting Systems
+00? IE.Nfejb~lV 4 Pseudorandom bit Generators for Secure Broadcasting Systems Chung-Huang Yang m Computer & Communication Research Laboratories Industrial Technology Research Institute Chutung, Hsinchu
More informationISELED - A Bright Future for Automotive Interior Lighting
ISELED - A Bright Future for Automotive Interior Lighting Rev 1.1, October 2017 White Paper Authors: Roland Neumann (Inova), Robert Isele (BMW), Manuel Alves (NXP) Contents More than interior lighting...
More informationF5 Network Security for IoT
OVERVIEW F5 Network Security for IoT Introduction As networked communications continue to expand and grow in complexity, the network has increasingly moved to include more forms of communication. This
More informationKey-based scrambling for secure image communication
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2012 Key-based scrambling for secure image communication
More informationFully Pipelined High Speed SB and MC of AES Based on FPGA
Fully Pipelined High Speed SB and MC of AES Based on FPGA S.Sankar Ganesh #1, J.Jean Jenifer Nesam 2 1 Assistant.Professor,VIT University Tamil Nadu,India. 1 s.sankarganesh@vit.ac.in 2 jeanjenifer@rediffmail.com
More informationEFFICIENT IMPLEMENTATION OF RECENT STREAM CIPHERS ON RECONFIGURABLE HARDWARE DEVICES
EFFICIENT IMPLEMENTATION OF RECENT STREAM CIPHERS ON RECONFIGURABLE HARDWARE DEVICES Philippe Léglise, François-Xavier Standaert, Gaël Rouvroy, Jean-Jacques Quisquater UCL Crypto Group, Microelectronics
More informationFurther Details Contact: A. Vinay , , #301, 303 & 304,3rdFloor, AVR Buildings, Opp to SV Music College, Balaji
S.NO 2018-2019 B.TECH VLSI IEEE TITLES TITLES FRONTEND 1. Approximate Quaternary Addition with the Fast Carry Chains of FPGAs 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. A Low-Power
More informationDigital Subthreshold CMOS. Master thesis. Håvard Pedersen Alstad. Sequencing and Logic Elements for Power Analysis Resistance
UNIVERSITY OF OSLO Department of Informatics Digital Subthreshold CMOS Sequencing and Logic Elements for Power Analysis Resistance Master thesis Håvard Pedersen Alstad 2nd May 2008 Abstract This thesis
More informationTrue Random Number Generation with Logic Gates Only
True Random Number Generation with Logic Gates Only Jovan Golić Security Innovation, Telecom Italia Winter School on Information Security, Finse 2008, Norway Jovan Golic, Copyright 2008 1 Digital Random
More informationPresentation to CPTWG January 27, 2016
Presentation to CPTWG January 27, 2016 Robust content protection system developed for Enhanced Image as well as current audiovisual formats Stronger cryptographic elements Hardware root of trust DTCP2
More informationETSI TS V1.1.1 ( )
TS 102 367 V1.1.1 (2005-01) Technical Specification Digital Audio Broadcasting (DAB); Conditional access European Broadcasting Union Union Européenne de Radio-Télévision EBU UER 2 TS 102 367 V1.1.1 (2005-01)
More informationPA Substitution Cipher
Anuj Kumar 1 PA Substitution Cipher Ankur Kumar Varshney 2 Pankaj Kumar 3 1 M.Tech*, Computer Science & Engineering IEC CET, Greater Noida, (U.P.) India 2 M.Tech*, Computer Science & Engineering B.S.A
More informationEric Roberts and Jerry Cain Handout #36 CS 106J May 15, The Enigma Machine
Eric Roberts and Jerry Cain Handout #36 CS 106J May 15, 2017 The Enigma Machine In World War II, a team of British mathematicians working at a secret facility called Bletchley Park was able to break the
More informationAttacking of Stream Cipher Systems Using a Genetic Algorithm
Attacking of Stream Cipher Systems Using a Genetic Algorithm Hameed A. Younis (1) Wasan S. Awad (2) Ali A. Abd (3) (1) Department of Computer Science/ College of Science/ University of Basrah (2) Department
More informationCold Boot Attacks are Still Hot: Security Analysis of Memory Scramblers in Modern Processors
2017 IEEE International Symposium on High Performance Computer Architecture Cold Boot Attacks are Still Hot: Security Analysis of Memory Scramblers in Modern Processors Salessawi Ferede Yitbarek Misiker
More informationUltra-lightweight 8-bit Multiplicative Inverse Based S-box Using LFSR
Ultra-lightweight -bit Multiplicative Inverse Based S-box Using LFSR Sourav Das Alcatel-Lucent India Ltd Email:sourav10101976@gmail.com Abstract. Most of the lightweight block ciphers are nibble-oriented
More informationSHA-256 Module Specification
SHA-256 Module Specification 1 Disclaimer Systemyde International Corporation reserves the right to make changes at any time, without notice, to improve design or performance and provide the best product
More informationHYBRID CONCATENATED CONVOLUTIONAL CODES FOR DEEP SPACE MISSION
HYBRID CONCATENATED CONVOLUTIONAL CODES FOR DEEP SPACE MISSION Presented by Dr.DEEPAK MISHRA OSPD/ODCG/SNPA Objective :To find out suitable channel codec for future deep space mission. Outline: Interleaver
More informationRedwall. Technologies LLC
Redwall Technologies LLC Redwall Mobile : Secure Mobile Technology Quick Brief 2015 Redwall Technologies LLC This material is for information purposes only and does not constitute and offer to sell any
More informationAIR FORCE INSTITUTE OF TECHNOLOGY
UTILIZING THE DIGITAL FINGERPRINT METHODOLOGY FOR SECURE KEY GENERATION THESIS Jennifer C. Anilao 2nd Lieutenant, USAF AFIT/GE/ENG/10-02 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF
More informationThe Swiss cipher machine NeMa
Faculty of Science, Technology and Communication The Swiss cipher machine NeMa Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master in Information and Computer Sciences
More informationSTA4000 Report Decrypting Classical Cipher Text Using Markov Chain Monte Carlo
STA4000 Report Decrypting Classical Cipher Text Using Markov Chain Monte Carlo Jian Chen Supervisor: Professor Jeffrey S. Rosenthal May 12, 2010 Abstract In this paper, we present the use of Markov Chain
More informationDetailed Design Report
Detailed Design Report Chapter 4 MAX IV Injector 4.6. Acceleration MAX IV Facility CHAPTER 4.6. ACCELERATION 1(10) 4.6. Acceleration 4.6. Acceleration...2 4.6.1. RF Units... 2 4.6.2. Accelerator Units...
More informationT : Internet Technologies for Mobile Computing
T-110.7111: Internet Technologies for Mobile Computing Overview of IoT Platforms Julien Mineraud Post-doctoral researcher University of Helsinki, Finland Wednesday, the 9th of March 2016 Julien Mineraud
More informationBLOCK CIPHER AND NON-LINEAR SHIFT REGISTER BASED RANDOM NUMBER GENERATOR QUALITY ANALYSIS
Vilnius University INSTITUTE OF MATHEMATICS AND INFORMATICS INFORMATICS ENGINEERING (07 T) BLOCK CIPHER AND NON-LINEAR SHIFT REGISTER BASED RANDOM NUMBER GENERATOR QUALITY ANALYSIS Robertas Smaliukas October
More informationA LOW COST TRANSPORT STREAM (TS) GENERATOR USED IN DIGITAL VIDEO BROADCASTING EQUIPMENT MEASUREMENTS
A LOW COST TRANSPORT STREAM (TS) GENERATOR USED IN DIGITAL VIDEO BROADCASTING EQUIPMENT MEASUREMENTS Radu Arsinte Technical University Cluj-Napoca, Faculty of Electronics and Telecommunication, Communication
More informationSolution of Linear Systems
Solution of Linear Systems Parallel and Distributed Computing Department of Computer Science and Engineering (DEI) Instituto Superior Técnico November 30, 2011 CPD (DEI / IST) Parallel and Distributed
More informationTel: Fax: Website: ACOSJ-P Java Card PBOC 3.0 A Product Presentation
Tel: +852-2796-7873 Fax: +852-2796-1286 E-mail: info@acs.com.hk Website: www.acs.com.hk ACOSJ-P Java Card PBOC 3.0 A Product Presentation Rundown 1. Product Overview 2. What is PBOC 3.0? 3. What is DC?
More informationCryptanalysis of the Bluetooth E 0 Cipher using OBDD s
Cryptanalysis of the Bluetooth E 0 Cipher using OBDD s Yaniv Shaked and Avishai Wool School of Electrical Engineering Systems, Tel Aviv University, Ramat Aviv 69978, ISRAEL shakedy@eng.tau.ac.il, yash@acm.org
More informationRandomness analysis of A5/1 Stream Cipher for secure mobile communication
Randomness analysis of A5/1 Stream Cipher for secure mobile communication Prof. Darshana Upadhyay 1, Dr. Priyanka Sharma 2, Prof.Sharada Valiveti 3 Department of Computer Science and Engineering Institute
More informationComparative Analysis of Stein s. and Euclid s Algorithm with BIST for GCD Computations. 1. Introduction
IJCSN International Journal of Computer Science and Network, Vol 2, Issue 1, 2013 97 Comparative Analysis of Stein s and Euclid s Algorithm with BIST for GCD Computations 1 Sachin D.Kohale, 2 Ratnaprabha
More informationVIDEO intypedia001en LESSON 1: HISTORY OF CRYPTOGRAPHY AND ITS EARLY STAGES IN EUROPE. AUTHOR: Arturo Ribagorda Garnacho
VIDEO intypedia001en LESSON 1: HISTORY OF CRYPTOGRAPHY AND ITS EARLY STAGES IN EUROPE AUTHOR: Arturo Ribagorda Garnacho Carlos III University of Madrid, Spain Hello and welcome to Intypedia. Today we are
More informationDavid Chaum s Voter Verification using Encrypted Paper Receipts
David Chaum s Voter Verification using Encrypted Paper Receipts Poorvi L. Vora Dept. of Computer Science George Washington University Washington DC 20052 poorvi@gwu.edu February 20, 2005 This document
More informationAn Introduction to PHP. Slide 1 of :31:37 PM]
An Introduction to PHP Slide 1 of 48 http://www.nyphp.org/content/presentations/gnubies/sld001.php[9/12/2009 6:31:37 PM] Outline Slide 2 of 48 http://www.nyphp.org/content/presentations/gnubies/sld002.php[9/12/2009
More informationDepartment of Information Technology and Electrical Engineering. VLSI III: Test and Fabrication of VLSI Circuits L.
Institut für Integrierte Systeme Integrated Systems Laboratory Department of Information Technology and Electrical Engineering VLSI III: Test and Fabrication of VLSI Circuits 227-0148-00L Exercise 7 Speed
More informationJoint Optimization of Source-Channel Video Coding Using the H.264/AVC encoder and FEC Codes. Digital Signal and Image Processing Lab
Joint Optimization of Source-Channel Video Coding Using the H.264/AVC encoder and FEC Codes Digital Signal and Image Processing Lab Simone Milani Ph.D. student simone.milani@dei.unipd.it, Summer School
More informationDigital terrestrial television broadcasting - Security Issues. Conditional access system specifications for digital broadcasting
Digital terrestrial television broadcasting - Security Issues Televisão digital terrestre Tópicos de segurança Parte 1: Controle de cópias Televisión digital terrestre Topicos de seguranca Parte 1: Controle
More informationWATERMARKING USING DECIMAL SEQUENCES. Navneet Mandhani and Subhash Kak
Cryptologia, volume 29, January 2005 WATERMARKING USING DECIMAL SEQUENCES Navneet Mandhani and Subhash Kak ADDRESS: Department of Electrical and Computer Engineering, Louisiana State University, Baton
More informationDVB-S2 and DVB-RCS for VSAT and Direct Satellite TV Broadcasting
Hands-On DVB-S2 and DVB-RCS for VSAT and Direct Satellite TV Broadcasting Course Description This course will examine DVB-S2 and DVB-RCS for Digital Video Broadcast and the rather specialised application
More informationITU-T Y.4552/Y.2078 (02/2016) Application support models of the Internet of things
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Y.4552/Y.2078 (02/2016) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET
More informationEnigma. Developed and patented (in 1918) by Arthur Scherbius Many variations on basic design Eventually adopted by Germany
Enigma Enigma 1 Enigma Developed and patented (in 1918) by Arthur Scherbius Many variations on basic design Eventually adopted by Germany o For both military and diplomatic use o Many variations used Broken
More informationOptimum Composite Field S-Boxes Aimed at AES
Optimum Composite Field S-Boxes Aimed at AES R.THILLAIKKARASI Assistant professor, Department Of ECE, Salem college of Engineering and technology. Salem, India. K.VAISHNAVI Post Graduate Student M.E Applied
More informationImproved Coercion-Resistant Electronic Elections through Deniable Re-Voting
Improved Coercion-Resistant Electronic Elections through Deniable Re-Voting Jörn Müller-Quade 1, Dirk Achenbach 1, Carmen Kempka 2, Bernhard Löwe 1 KARLSRUHE INSTITUTE OF TECHNOLOGY, NTT SECURE PLATFORM
More informationThe A to Z GUIDE to the ZK-Crypt
The A to Z GUIDE to the ZK-Crypt AN ANNOTATED GLOSSARY & SUPPORT REFERENCE ZK-CRYPT THE 8K GATE SYMMETRIC PERIPHERAL FOR BEST OF BREED SINGLE STEP DUAL TRACK FEEDBACK 32 BIT STREAM CIPHERING WITH PAGE
More informationAVTP Pro Video Formats. Oct 22, 2012 Rob Silfvast, Avid
AVTP Pro Video Formats Oct 22, 2012 Rob Silfvast, Avid Collaboration effort among notable players is actively underway Rob Silfvast, Avid (Audio System architect, AVB instigator) Damian Denault, Avid (Director
More informationA Layered Approach for Watermarking In Images Based On Huffman Coding
A Layered Approach for Watermarking In Images Based On Huffman Coding D. Lalitha Bhaskari 1 P. S. Avadhani 1 M. Viswanath 2 1 Department of Computer Science & Systems Engineering, Andhra University, 2
More informationPhysical Layer Built-in Security Analysis and Enhancement of CDMA Systems
Physical Layer Built-in Security Analysis and Enhancement of CDMA Systems Tongtong Li Jian Ren Qi Ling Weiguo Liang Department of Electrical & Computer Engineering, Michigan State University, East Lansing,
More informationWelch Gong (Wg) 128 Bit Stream Cipher For Encryption and Decryption Algorithm
International Journal of Emerging Engineering Research and Technology Volume 3, Issue 8, August 2015, PP 137-144 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) Welch Gong (Wg) 128 Bit Stream Cipher For
More informationVLSI Design: 3) Explain the various MOSFET Capacitances & their significance. 4) Draw a CMOS Inverter. Explain its transfer characteristics
1) Explain why & how a MOSFET works VLSI Design: 2) Draw Vds-Ids curve for a MOSFET. Now, show how this curve changes (a) with increasing Vgs (b) with increasing transistor width (c) considering Channel
More informationKeywords- Cryptography, Frame, Least Significant Bit, Pseudo Random Equations, Text, Video Image, Video Steganography.
International Journal of Scientific & Engineering Research, Volume 5, Issue 7, July-2014 164 High Security Video Steganography Putti DeepthiChandan, Dr. M. Narayana Abstract- Video Steganography is a technique
More informationKey- The key k for my cipher is a single number from 1-26 which is shared between the sender and the reciever.
Cryptography Assign. 1A Key- The key k for my cipher is a single number from 1-26 which is shared between the sender and the reciever. How to Encipher- Each letter is assigned a number beginning from k
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
Tarannum Pathan,, 2013; Volume 1(8):655-662 INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK VLSI IMPLEMENTATION OF 8, 16 AND 32
More informationAPPLICATION NOTE 4312 Getting Started with DeepCover Secure Microcontroller (MAXQ1850) EV KIT and the CrossWorks Compiler for the MAXQ30
Maxim > Design Support > Technical Documents > Application Notes > Microcontrollers > APP 4312 Keywords: MAXQ1850, MAXQ1103, DS5250, DS5002, microcontroller, secure microcontroller, uc, DES, 3DES, RSA,
More informationTHE TIMING COUNTER OF THE MEG EXPERIMENT: DESIGN AND COMMISSIONING (OR HOW TO BUILD YOUR OWN HIGH TIMING RESOLUTION DETECTOR )
THE TIMING COUNTER OF THE MEG EXPERIMENT: DESIGN AND COMMISSIONING (OR HOW TO BUILD YOUR OWN HIGH TIMING RESOLUTION DETECTOR ) S. DUSSONI FRONTIER DETECTOR FOR FRONTIER PHYSICS - LA BIODOLA 2009 Fastest
More information