Upload
vin
View
44
Download
0
Embed Size (px)
DESCRIPTION
Secure storage of cryptographic keys within random volumetric materials. Roarke Horstmeyer 1 , Benjamin Judkewitz 1 , Ivo Vellekoop 2 and Changhuei Yang 1. 1 California Institute of Technology, Pasadena, CA 2 University of Twente , Enschede , The Netherlands. - PowerPoint PPT Presentation
Citation preview
Secure storage of cryptographic keys within random volumetric materials
Roarke Horstmeyer1, Benjamin Judkewitz1, Ivo Vellekoop2 and Changhuei Yang1
1 California Institute of Technology, Pasadena, CA2 University of Twente, Enschede, The Netherlands
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
- Ideal security “information-theoretic” security1
[1] Shannon, C. Bell System Technical Journal 28, 656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
- Ideal security
- Well-established solution: the one-time pad
“information-theoretic” security1
Message:
Random key:
0 0 0 1 11 …
0 1 0 01 1 …
[1] Shannon, C. Bell System Technical Journal 28, 656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
- Ideal security
- Well-established solution: the one-time pad
“information-theoretic” security1
Message:
Random key:
0 0 0 1 11 …
0 1 0 01 1 …
Ciphertext: 0 1 0 10 0 …
=
XOR operation
[1] Shannon, C. Bell System Technical Journal 28, 656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
- Ideal security
- Well-established solution: the one-time pad
“information-theoretic” security1
Message:
Random key:
0 0 0 1 11 …
0 1 0 01 1 …
Ciphertext: 0 1 0 10 0 …
=
XOR operation
[1] Shannon, C. Bell System Technical Journal 28, 656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
- Ideal security
- Well-established solution: the one-time pad
“information-theoretic” security1
Message:
Random key:
0 0 0 1 11 …
0 1 0 01 1 …
Ciphertext:
Limitations: “Really long” key is hard to generate and store
0 1 0 10 0 …
=
XOR operation
[1] Shannon, C. Bell System Technical Journal 28, 656–715 (1949).
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Digital electronic memory: insecure
Tools: Imaging, freezing, probing, overwriting…Goals: Key copying, alteration, viruses…
Digital electronic memory: insecure
Tools: Imaging, freezing, probing, overwriting…Goals: Key copying, alteration, viruses…
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Digital electronic memory: insecure
Solution: volumetric optical scattering
Tools: Imaging, freezing, probing, overwriting…Goals: Key copying, alteration, viruses…
coherent light unique speckle
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Digital electronic memory: insecure
Tools: Imaging, freezing, probing, overwriting…Goals: Key copying, alteration, viruses…
Δθ ~ λ/2π a
a
Uncorrelated speckle
Solution: volumetric optical scattering
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Digital electronic memory: insecure
Tools: Imaging, freezing, probing, overwriting…
Benefits
- Sensitive 3D structure
- High density (1 Tb/mm3)
- “Cheap” entropy
Goals: Key copying, alteration, viruses
Solution: volumetric optical scattering
“key database”
Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage
Previous Work
Optical encryption methods
Secure storage
Our Goal
Information-theoretic security
Keys cannot be copied, cloned
Challenging to use a stolen device
Requires digital key storage
Pappu et al., Science 297 (2001)
Skoric et al., Applied Crypto. & Network Sec. 3531 (2005)
Not for communication
- Digital electronic security- IC, FPGA, RFID- Random variations in fab.
process
- Fiber-based protocols- Quantum key distribution - Optical random number generation
Limitations
- Optical storage for ID, authentication
Our setup
Our setup “key database”
Our setup “key database”
Input: n random SLM patterns
Output: n speckle images
Mathematical model
pi ri
T = scattering transmission matrix
2 ri
=
Display Image
Mathematical model
pi ri
Pixel value
Speckle Intensity Histogram
Prob
abili
ty
Speckle Image ri
T = scattering transmission matrix
2 ri
=
Mathematical model
Digital “whitening”(public)
pi ri
T = scattering transmission matrix
2 ri
=
Mathematical model
Digital “whitening”(public)
pi ri
T = scattering transmission matrix
2 ri
=
W = sparse binary matrix (digital, public)
ImageKey
Verification of speckle key randomness
- Statistical randomness test suites: Diehard1 and NIST2
- 12 different 10 Gb keys k tested- Stats comparable to state-of-the-art random number generators
Table 1 | Example NIST statistical randomness test performance. NIST statistical randomness test package performance of a typical 10-gigabit sequence of random CPUF data, split into 10,000 unique 1 megabit sequences following a common procedure11,12. For ‘success’ using 10,000 samples of 106 bit sequences and significance level α =0.01, the p-value (uniformity of p-values) should be larger than 0.0001 and the minimum pass rate is 0.987015.
[1] Marsaglia, G. http://stat.fsu.edu/pub/diehard (1996).[2] Rukhin, A. et. al, National Institute of Standards and Technology Special Publication 800-22 (2001).
Securely linking two devices for communication
Each device is unique – how to implement the one-time pad between two parties?
Securely linking two devices for communication
Each device is unique – how to implement the one-time pad between two parties?
Scat. Scat.
Securely linking two devices for communication
Each device is unique – how to implement the one-time pad between two parties?
Communication achieved through an information-theoretically secure key-pair
Scat. Scat.
Securely linking two devices for communication
Dictionary Setup
1. Alice and Bob securely connect devices
2. Display p1..n
3. Publically save XOR of keys k1..n(A) k1..n (B)
Alice’s device
Bob’s device
Securely linking two devices for communication
Dictionary Setup
1. Alice and Bob securely connect devices
2. Display p1..n
3. Publically save XOR of keys k1..n(A) k1..n (B)
Alice’s device
Bob’s device
OTP ciphertext: ideally secure
Securely linking two devices for communication
Alice sends Bob a message
1. Alice randomly selects p, creates k(A) and computes ( k(A) m )
2. Alice sends (k(A) m) and p
3. Bob creates k(B), looks up ( k(A) k(B) )
4. Bob computes: k(B) ( k(A) k(B) ) (k(A) m) = m
Alice’s device Bob’s device
Experimental demonstration
Key size: 10 Gb (100 Gb unverified)
Duration: 24 hours
Attack time: ~50 hours
Noise: ~20% bits flipped*
*after error correction
Conclusion and future work
Future work- Public key variant- Detailed security analysis
R. Horstmeyer, “Physical key-protected one-time pad,” arxiv:1305:3886 (2013)
- Non-electronic storage of 10 Gb over 24 hours - New protocol for “physical memory”
- Information-theoretic security- Linking physical disorder
Thank You!