Alexander Szekely

The energy cost of cryptographic key establishment in wireless sensor networks

Wireless sensor nodes generally face serious limitations in terms of computational power, energy supply, and network bandwidth. Therefore, the implementation of effective and secure techniques for setting up a shared secret key between sensor nodes is a challenging task. In this paper we analyze and compare the energy cost of two different protocols for authenticated key establishment. The first protocol employs a lightweight variant of the Kerberos key transport mechanism with 128-bit AES encryption. The second protocol is based on ECMQV, an authenticated version of the elliptic curve Diffie-Hellman key exchange, and uses a 256-bit prime field GF(p) as underlying algebraic structure. We evaluate the energy cost of both protocols on a Rockwell WINS node equipped with a 133 MHz Strong ARM processor and a 100 kbit/s radio module. The evaluation considers both the processors energy consumption for calculating cryptographic primitives and the energy cost of radio communication for different transmit power levels. Our simulation results show that the ECMQV key exchange consumes up to twice as much energy as Kerberos-like key transport.

Energy-Efficient Implementation of ECDH Key Exchange for Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are playing a vital role in an ever-growing number of applications ranging from environmental surveillance over medical monitoring to home automation. Since WSNs are often deployed in unattended or even hostile environments, they can be subject to various malicious attacks, including the manipulation and capture of nodes. The establishment of a shared secret key between two or more individual nodes is one of the most important security services needed to guarantee the proper functioning of a sensor network. Despite some recent advances in this field, the efficient implementation of cryptographic key establishment for WSNs remains a challenge due to the resource constraints of small sensor nodes such as the MICAz mote. In this paper we present a lightweight implementation of the elliptic curve Diffie-Hellman (ECDH) key exchange for ZigBee-compliant sensor nodes equipped with an ATmega128 processor running the TinyOS operating system. Our implementation uses a 192-bit prime field specified by the NIST as underlying algebraic structure and requires only 5.20 ·106 clock cycles to compute a scalar multiplication if the base point is fixed and known a priori. A scalar multiplication using a random base point takes about 12.33 ·106 cycles. Our results show that a full ECDH key exchange between two MICAz motes consumes an energy of 57.33 mJ (including radio communication), which is significantly better than most previously reported ECDH implementations on comparable platforms.

Hardware/software co-design of elliptic curve cryptography on an 8051 microcontroller

8-bit microcontrollers like the 8051 still hold a considerable share of the embedded systems market and dominate in the smart card industry. The performance of 8-bit microcontrollers is often too poor for the implementation of public-key cryptography in software. In this paper we present a minimalist hardware accelerator for enabling elliptic curve cryptography (ECC) on an 8051 microcontroller. We demonstrate the importance of removing system-level performance bottlenecks caused by the transfer of operands between hardware accelerator and external RAM. The integration of a small direct memory access (DMA) unit proves vital to exploit the full potential of the hardware accelerator. Our design allows to perform a scalar multiplication over the binary extension field GF(2191) in 118 msec at a clock frequency of 12 MHz. Considering performance and hardware cost, our system compares favorably with previous work on similar 8-bit platforms.

An instruction set extension for fast and memory-efficient AES implementation

As more and more security-critical computation is done in embedded systems it is also becoming increasingly important to facilitate cryptography in such systems. The Advanced Encryption Standard (AES) specifies one of the most important cryptographic algorithms today and has received a lot of attention from researchers. Most prior work has focused on efficient implementations with throughput as main criterion. However, AES implementations in small and constrained environments require additional factors to be accounted for, such as limited memory and energy supply. In this paper we present an inexpensive extension to a 32-bit general-purpose processor which allows compact and fast AES implementations. We have integrated this extension into the SPARC V8-compatible LEON-2 processor and measured a speedup by a factor of up to 1.43 for encryption and 1.3 for decryption. At the same time the code size has been reduced by 30–40%.

Smart Elliptic Curve Cryptography for Smart Dust

Wireless ad-hoc and sensor networks play a vital role in an ever-growing number of applications ranging from environmental monitoring over vehicular communication to home automation. Security and privacy issues pose a big challenge for the widespread adoption of these networks, especially in the automotive domain. The two most essential security services needed to maintain the proper functioning of a wireless network are authentication and key establishment; both can be realized with Elliptic Curve Cryptography (ECC). In this paper, we introduce an efficient ECC implementation for resource-restricted devices such as sensor nodes. Our implementation uses a 160-bit Optimal Prime Field (OPF) over which a Gallant-Lambert-Vanstone (GLV) curve with good cryptographic properties can be defined. The combination of optimized field arithmetic with fast group arithmetic (thanks to an efficiently computable endomorphism) allows us to perform a scalar multiplication in about 5.5 ·106 clock cycles on an 8-bit ATmega128 processor, which is significantly faster than all previously-reported ECC implementations based on a 160-bit prime field.

Embedded system management using WBEM

Web-based management solutions have become an increasingly important and promising approach especially for small and embedded environments. This article presents the design and implementation of an embedded system that leverages the Web-based Enterprise Management (WBEM) solution. WBEM has been designed to manage large heterogeneous environments but has not yet been deployed on small and embedded devices. First, we evaluate existing WBEM implementations due to its resource requirements. Second, we describe the design of an embedded network device that has been realized on a system-on-chip prototyping platform. A small-footprint WBEM server has been integrated that requires less than 900 kB of non-volatile memory. We provide performance measurements of our solution and compare the results with other Web-based management approaches. They show that WBEM is suitable to run on such resource-constraint devices and to be applicable in practice.

SCA-resistant embedded processors: the next generation

Resistance against side-channel analysis (SCA) attacks is an important requirement for many secure embedded systems. Microprocessors and microcontrollers which include suitable countermeasures can be a vital building block for such systems. In this paper, we present a detailed concept for building embedded processors with SCA countermeasures. Our concept is based on ideas for the secure implementation of cryptographic instruction set extensions. On the one hand, it draws from known SCA countermeasures like DPA-resistant logic styles. On the other hand, our protection scheme is geared towards use in modern embedded applications like PDAs and smart phones. It supports multitasking and a separation of secure system software and (potentially insecure) user applications. Furthermore, our concept affords support for a wide range of cryptographic algorithms. Based on this concept, embedded processor cores with support for a selected set of cryptographic algorithms can be built using a fully automated design flow.

Security processor with quantum key distribution

We present a fully operable security gateway prototype, integrating quantum key distribution and realised as a system-on-chip. It is implemented on a field-programmable gate array and provides a virtual private network with low latency and gigabit throughput. The seamless hard- and software integration of a quantum key distribution layer enables high key-update rates for the encryption modules. Hence, the amount of data encrypted with one session key can be significantly decreased. We realise a highly modular architecture and make extensive use of software/hardware partitioning. This work is the first approach towards application of a new key distribution technology in dedicated security processors. In particular, it elaborates requirements for the integration of quantum key distribution on a chip level.

Security Enhanced WISPs: Implementation Challenges

In this chapter we motivate the need for security in passive sensors. The powerful Wireless Identification and Sensing Platform (WISP) opens the field for new applications, which may raise the subject of privacy. We show that not only privacy requires security but new use cases are possible when sensors can protect their data. Our implementation of the Advanced Encryption Standard shows that state-of-the-art cryptography can be computed on the WISP without noticeable performance reduction. In addition, we show how encryption can be integrated into the WISP protocol without disturbing the communication of WISPs transmitting unencrypted data. Additionally, we illustrate the threat of side-channel analysis and provide evidence about the feasibility of these attacks on the WISP.