Upload
positive-hack-days
View
1.402
Download
5
Embed Size (px)
DESCRIPTION
Citation preview
Легковесная
криптография
Конференция РусКрипто 2012
Развитие средств коммуникации
Internet of Things
— An action plan for Europe
Communication from the Commission to the
European Parliament, the Council, the
European economic and Social Committee and the Committee of the Regions
От
Интернента РС
к
Интернету вещей
(IoT)
В 2008 г. число устройств,
подключенных к Интернету
превысило число жителей
Земли.
К 2020 г. таких устройств
будет 50 миллиардов.
“... by 2012 your fridge,
your heart monitor, your
bathroom scales and your
shoes might work together
to monitor (and nag you
about) your cardiovascular
health“
F. Stajano
«Security for Ubiquitous Computing»
Wiley, 1st ed., 2002
Конференция РусКрипто 2012
Развитие технологий
В ближайшие 5 лет 20 типичных
европейских домохозяйств будут
генерировать больше интернет-
трафика, чем весь Интернет в
2008 г.
Благодаря протоколу IPv6 у нас
появятся 340282366920938463463
374607431768211456 ( > 3·1038)
интернет-адресов.
Развитие технологий
•A world where physical objects are
seamlessly integrated into the information
network, and where the physical
objects can become active participants in
information processes. Services are
available to interact with these 'smart
objects' over the Internet, query and
change their state and any information
associated with them, taking into
account security and privacy issues.
"SAP IoT Definition".
SAP Research. Retrieved 2011-03-18.
"SAP IoT Definition". SAP Research.
Retrieved 2011-03-18.
•A world where physical objects are
seamlessly integrated into the information
network, and where the physical
objects can become active participants in
information processes. Services are
available to interact with these 'smart
objects' over the Internet, query and
change their state and any information
associated with them, taking into
account security and privacy issues
"SAP IoT Definition".
SAP Research. Retrieved 2011-03-18.
"SAP IoT Definition". SAP Research.
Retrieved 2011-03-18.
Lightweight
Cryptography
for
the Internet of
Things
Легковесная криптография
Легковесная криптография
Л е г к о в е с н а я
к р и п т о г р а ф и я
Л е г к о в е с н а я
к р и п т о г р а ф и я
(н и з к о р е с у р с н а я к р и п т о г р а ф и я)
Легковесная криптография
ECRYPT Workshop on Lightweight Cryptography
(Belgium) – November 28-29, 2011.
Workshop on Cryptographic Hardware and
Embedded Systems – CHES
Легковесная криптография
Efficient Hardware Implementations of Finite
Field Arithmetic
International Workshop on the Arithmetic of
Finite Fields (WAIFI)
IEEE International Symposium on Circuits and
Systems (ISCAS )
IEEE International Conference on Application-
specific Systems, Architectures and
Processors SECSI – Secure Component and
Systems Identification
RFIDSec
escar – Embedded Security in Cars
Легковесная криптография
CRYPTO
EUROCRYPT
FSE
SAC
ASIACRYPT
AFRICACRYPT
Легковесная криптография
Конференция РусКрипто 2012
Легковесная криптография
В соответствии с
[ISO/IEC 18000-1:2004, Information Technology
– Radio Frequency Identification for Item
Management. Part 3: Parameters for Air
Interface Communications at 13,56 MHz.]
пассивные радиочастотные метки должны
иметь уровень энергопотребления не более
15 μW для того, чтобы гарантировать работу
устройства в радиусе до 1 м.
Легковесная криптография
Легковесная криптография
Легковесная криптография
Lightweight Cryptography –
A Battle for a Single Gate
low: less than 1 EUR (e.g. passive RFID label)
medium: 1 - 10 EUR (e.g. smart card)
high: more than 10 EUR (e.g. high-end smart
card)
Легковесная криптография
Side channel attacks and their
countermeasures
National Institute of Standards and
Technology. FIPS 140-2: Security
Requirements for Cryptographic
Modules.
Легковесная криптография
ISO/IEC FDIS 29192-1 -- 29192-4.
-- Information technology
-- Security techniques
-- Lightweight cryptography
o Part 1: General.
Стадия: 50.60 (2012-03-18)
o Part 3: Stream ciphers.
Стадия: 50.20 (2012-02-16)
o Part 4: Mechanisms using asymmetric
techniques. Стадия: 40.20 (2011-12-22)
Международные стандарты
Реализация AES.
Блочные шифры
Аппаратная. Скорость до 70 Гбит/сек (2004)
[A. Hodjat and I. Verbauwhede. Minimum Area
Cost for a 30 to 70 Gbits/s AES Processor. In
IEEE Computer Society Annual Symposium on
VLSI (ISVLSI 2004), pp 498–502. IEEE, 2004].
Такая реализация использует конвейерную
архитектуру процессора и требует более
250,000 GE.
Аппаратная. В то же время наиболее
компактная – 3100-3400 GE [P. Hamalainen,
T. Alho, M. Hannikainen, and T. D.Hamalainen.
Design and Implementation of Low-Area and
Low-Power AES Encryption Hardware Core. In
Euromicro Conference on Digital System
Design, pages 577–583. IEEE Computer
Society, 2006.].
Реализация AES.
Блочные шифры
Программно-аппаратная. Intel: new AES
instruction in Westmere processors
– 0.75 cycles/byte [2009-2010].
Программная. 7.6 cycles/byte on Core 2 or
110 Mbyte/s bitsliced [2009].
Реализация AES.
Блочные шифры
Конференция РусКрипто 2005
64-bit block 96-bit block 128-bit block
3-DES (112-168)
IDEA (128)
MISTY1 (128)
KASUMI (64-128)
HIGHT (128)
PRESENT (80-128)
TEA (128)
mCRYPTON (96)
GOST (256)
KATAN64 (80)
KTANTAN64 (80)
KLEIN (64-96-128)
DESXL (184)
SEA (96)
PRINTcipher-96
(160)
AES (128-192-256)
CAMELLIA
RC6
CLEFIA
Блочные шифры
Конференция РусКрипто 2012
Блочные шифры
Конференция РусКрипто 2012
Блочные шифры
Piccolo: An Ultra-Lightweight
Blockcipher (CHES 2011)
Kyoji Shibutani, Takanori Isobe, Harunaga
Hiwatari, Atsushi Mitsuda, Toru Akishita, and
Taizo Shirai
64-bit blockcipher supporting 80 and 128-
bit keys. The hardware requirements for
the 80 and the 128-bit key mode are only
683 and 758 gate equivalents, respectively.
Блочные шифры
Hummingbird: Ultra-Lightweight
Cryptography for Resource-
Constrained Devices
Daniel Engels, Xinxin Fan, Guang Gong,
Honggang Hu and Eric M. Smith (CANADA, USA)
Hummingbird is a combination of block
cipher and stream cipher structures with
16-bit block size, 256-bit key size, and 80-
bit internal state.
Блочные шифры
Hummingbird
Блочные шифры
Конференция РусКрипто 2012
Блочные шифры
Конференция РусКрипто 2012
Faculty of Electrical Engineering and Information Technology
Ruhr-University Bochum, Germany
Division of Mathematical Sciences
School of Physical and Mathematical Sciences
Nanyang Technological University, Singapore
Axel Poschmann, San Ling, and
Huaxiong Wang:
256 Bit Standardized Crypto for 650
GE GOST Revisited, In CHES 2010,
LNCS 6225, pp. 219-233, 2010.
ГОСТ 28147-89
Конференция РусКрипто 2012
ГОСТ 28147-89
Конференция РусКрипто 2012
ГОСТ 28147-89
FSE’2011 Takanori Isobe
A Single-Key Attack on the Full GOST Block Cipher
IACR 2011/211 Nicolas T. Courtois
Security Evaluation of GOST 28147-89 In View Of International Standardisation
IACR 2011/312 Nicolas T. Courtois and Michal Misztal
Differential Cryptanalysis of GOST
IACR 2011/489 A. N. Alekseychuk and L. V. Kovalchuk
Towards a Theory of Security Evaluation for GOST-like Ciphers against
Differential and Linear Cryptanalysis
IACR 2011/558 Itai Dinur and Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST
IACR 2011/619 Bo Zhu and Guang Gong
Multidimensional Meet-in-the-Middle Attack and Its Applications to GOST,
KTANTAN and Hummingbird-2
IACR 2011/626 Nicolas T. Courtois
Algebraic Complexity Reduction and Cryptanalysis of GOST
ГОСТ 28147-89
Reference Data
(KP)
Mem. Time Self-Sim.
Property
T. Isobe. A Single-Key Attack on the Full GOST Block Cipher.
FSE 2011 232 264 2224 Reflection
N. Courtois. Security Evaluation of GOST 28147-89 in View of
International Standardisation.
Cryptology ePrint Archive, Report 2011/211 (2011)
264
264
2248
N. Courtois and M. Misztal. Differential Cryptanalysis of GOST.
Cryptology ePrint Archive, Report 2011/312 (2011) 264 264 2226 Differential
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST Cryptology ePrint Archive, Report 2011/558 (2011)
264 236 2192 fixed point
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST Cryptology ePrint Archive, Report 2011/558 (2011)
264 219 2204 fixed point
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST Cryptology ePrint Archive, Report 2011/558 (2011)
232 236 2224 Reflection
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST
Cryptology ePrint Archive, Report 2011/558 (2011)
232 219 2236 Reflection
Single-key Attacks on the Full GOST
ГОСТ 28147-89
ГОСТ 28147-89
ГОСТ 28147-89
Markku-Juhani O. Saarinen (Revere Security, USA)
Cryptographic Analysis of All 4×4-Bit S-Boxes
SAC 2011
Nicolas T. Courtois, Daniel Hulme and Theodosis
Mourouzis Solving Circuit Optimisation Problems
in Cryptography and Cryptanalysis
Cryptology ePrint Archive, Report 2011/475 (2011)
Markus Ullrich, Christophe De Canniere, Sebastiaan
Indesteege, Ozgul Kucuk, Nicky Mouha, Bart Preneel Finding Optimal Bitsliced Implementations of
4×4-bit S-boxes
Свойства S-блоков размера 44
Конференция РусКрипто 2005
Lightweight stream ciphers
eSTREAM (2004-2008)
GE
Grain v.1 1,294
Trivium 2,599
Поточные шифры
Конференция РусКрипто 2012
Поточные шифры
Конференция РусКрипто 2012
Поточные шифры
Конференция РусКрипто 2012
Хэш-функции
Конференция РусКрипто 2012
Хэш-функции
Конференция РусКрипто 2012
Хэш-функции
Криптография с открытым ключом
Размер
поля
Arithmetic
(gates)
Memory
(gates)
Total
(gates)
Time
(ms)
113 1,625 6,686 10,112 47
131 2,071 7,747 11,969 61
163 2,572 9,632 15,094 108
193 2,776 11,400 17,723 139
Вычисления в конечном поле
Конференция РусКрипто 2012
Криптография с открытым ключом
Барт Пренель о развитии легковесной
криптографии
Отечественная легковесная криптография