Presentation Slides PPT - Chair for Embedded Security

fullgorgedcutΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

54 εμφανίσεις

Ruhr

University

Bochum

Cryptography in Heavily
Constraint Environments

Christof Paar

EUROBITS Center for IT Security

CO
mmunication
S
ecurit
Y
(COSY) Group

University of Bochum, Germany

www.crypto.rub.de




Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Contents



Pervasive computing and embedded
systems


Pervasive computing and security


Constrained environments and crypto


Research problems


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Characteristics of Traditional
IT Applications


Mostly based on interactive (= traditional)
computers


„One user


one computer“ paradigm


Static networks


Large number of users per network


Q: How will the IT future look?

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Examples for Pervasive
Computing


PDAs, 3G cell phones, ...


Living spaces will be stuffed with nodes


So will cars


Wearable computers (clothes, eye glasses, etc.)


Household appliances


Smart sensors in infrastructure (windows, roads,
bridges, etc.)


Smart bar codes (autoID)


“Smart Dust”


...

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Will that ever become
reality??

We don’t know, but: CPUs sold in 2000


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Security and Economics of
Pervasive Networks


„One
-
user many
-
nodes“ paradigm (e.g. 10
2
-
10
3

processors per human)


Many new applications we don‘t know yet


Very high volume applications


Very cost sensitive


People won‘t be willing to pay for security
per se


People won‘t buy products without security

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Where are the challenges for
embedded security?


Designers worry about IT functionality,
security is ignored or an afterthought


Attacker has easy access to nodes


Security infrastructure (PKI etc.) is missing:
Protocols???


Side
-
channel and tamper attacks


Computation/memory/power constrained


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Why do constraints matter?


Almost all ad
-
hoc protocols (even routing!)
require crypto ops
for every hop


At least symmtric alg. are needed


Asymmetric alg. allow fancier protocols


Question
: What type of crypto can we do?


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Classification by Processor Power

Very rough classification of embedded processors




Class





speed : high
-
end Intel

Class 0
: few 1000 gates




?

Class 1
: 8 bit

P,


10MHz




1: 10
3

Class 2
: 16 bit

P,


50MHz




1: 10
2

Class 3
: 32 bit

P,


200MHz




1: 10



Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Case Study Class 0: RFID

Recall: Class 0 = no

P, few 1000 gates


Goal: RFID as bar code replacement


Cost goal 5 cent (!)


allegedly 500 x 10
9

bar code scans worldwide
per
day

(!!)



AutoID tag: security “with 1000 gates” [
CHES 02
]


Ell. curves (asymmetric alg.) need > 20,000 gates


DES (symmetric alg.) needs > 5,000 gates


Lightweight stream ciphers might work

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Status Quo: Crypto for Class 1

Recall: Class 1 = 8 bit

P,


10MHz


Symmetric alg
: possible at low data rates

Asymm.alg
: very difficult without coprocessor

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Status Quo: Crypto for Class 2

Recall: Class 2 = 16 bit

P,


50MHz


Symmetric alg
: possible

Asymm.alg
: possible if


carefully implemented, and


algorithms carefully selected (ECC feasible; RSA &
DL still hard)


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Status Quo: Crypto for Class 3

Recall: Class 1 = 32 bit

P,


200MHz


Symmetric alg
: possible

Asymm.alg
: full range (ECC, RSA, DL) possible, some
care needed for implementation

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Open (Research) Questions

1.
Symmetric algorithm for class 0 (e.g., 1000 gates)
which are
secure and well understood
?

2.

Alternative asymm. alg
. for class 0 and class 1 (8
bit

P) with
10x

time
-
area improvement over ECC?

3.
Are asymm. alg. which are “
too short
” (e.g., ECC
with 100 bits) usable?

4.
Ad
-
hoc protocols
without long
-
term security

needs?

5.

Side
-
channel protection

at very low costs?

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Related Events at the

EUROBITS Center in Bochum





www.crypto.rub.de


1.
Workshop on Side
-
Channel Attacks on Smart
Cards

January 30
-
31, 2003

Cryptographic Hardware and Embedded Systems

September

7
-
10

chesworkshop.org

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Security Challenges: Many
Security Assumptions Change


No access to backbone: PKI does not work


New threats: sleep deprivation attack


Old threats (e.g., confidentiality) not always a
problem


Nodes have incentives to cheat in protocols


Security protocols ???


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Our Research

Crypto algorithms in highly constrained
environments


Low
-
cost hardware for public
-
key algorithm


Ultra low
-
cost hardware for symmetric algorithms


Software for public
-
key, symmetric algorithms on

low
-
end processors


Protocols for ad
-
hoc networks


Secure communication in complex technical systems
(airplanes, cars, etc.)


Establishing trust in networks



Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Traditional Security
Applications

Very often: computer & communication
networks!


(wireless) LAN / WLAN (Local Area
Network)


WAN (Wide Area Network)


PKI (Public Key Infrastructure)

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Traditional Security
Applications


(wireless) LAN / WLAN (Local
Area Network)


Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Traditional Security
Applications



WAN



(Wide Area Network)

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Traditional Security
Applications

PKI (Public Key Infrastructure)


enables secure LAN, WAN

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Other Traditional Security
Applications



Antivirus


Firewalls


Biometrics

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


The IT Future


2. Bridge sensors


3. Cleaning robots


6. Car with various IT services


8. Networked robots


9. Smart street lamps


14. Pets with electronic
sensors


15. Smart windows

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Characteristics of Pervasive
Computing Systems


Embedded
nodes (no traditional computers)


Connected through
wireless, close
-
range

network (“Pervasive networks”)!


Ad
-
hoc

networks: Dynamic addition and
deletion of nodes


Power/computation/memory
constrained
!


Vulnerable

Ruhr

University

Bochum

Communication Security
(COSY) Group

Workshop on Ad
-
Hoc Security 2002


Why Security in Pervasive
Applications?


Pervasive nature and high
-
volume of nodes
increase risk potential (e.g., hacking into a
car)


Wireless channels are vulnerable (passive
and active attacks)


Privacy issues (geo
-
location, medical
sensors, monitoring of home activities, etc.)


Stealing of services (sensors etc.)