Gunnar Gaubatz

Public key cryptography in sensor networks—revisited

The common perception of public key cryptography is that it is complex, slow and power hungry, and as such not at all suitable for use in ultra-low power environments like wireless sensor networks. It is therefore common practice to emulate the asymmetry of traditional public key based cryptographic services through a set of protocols [1] using symmetric key based message authentication codes (MACs). Although the low computational complexity of MACs is advantageous, the protocol layer requires time synchronization between devices on the network and a significant amount of overhead for communication and temporary storage. The requirement for a general purpose CPU to implement these protocols as well as their complexity makes them prone to vulnerabilities and practically eliminates all the advantages of using symmetric key techniques in the first place. In this paper we challenge the basic assumptions about public key cryptography in sensor networks which are based on a traditional software based approach. We propose a custom hardware assisted approach for which we claim that it makes public key cryptography feasible in such environments, provided we use the right selection of algorithms and associated parameters, careful optimization, and low-power design techniques. In order to validate our claim we present proof of concept implementations of two different algorithms—Rabin’s Scheme and NtruEncrypt—and analyze their architecture and performance according to various established metrics like power consumption, area, delay, throughput, level of security and energy per bit. Our implementation of NtruEncrypt in ASIC standard cell logic uses no more than 3,000 gates with an average power consumption of less than 20 μW. We envision that our public key core would be embedded into a light-weight sensor node architecture.

Cryptography on a Speck of Dust

As tiny wireless sensors and RFID tags become ubiquitous, they impact privacy, trust, and control. Protecting data on these devices requires new algorithms suitable for ultralow-power implementations. This paper presents a survey of cryptographic algorithms. It also discusses the design recommendations for new algorithms

Non-linear residue codes for robust public-key arithmetic

We present a scheme for robust multi-precision arithmetic over the positive integers, protected by a novel family of non-linear arithmetic residue codes. These codes have a very high probability of detecting arbitrary errors of any weight. Our scheme lends itself well for straightforward implementation of standard modular multiplication techniques, i.e. Montgomery or Barrett Multiplication, secure against active fault injection attacks. Due to the non-linearity of the code the probability of detecting an error does not only depend on the error pattern, but also on the data. Since the latter is not usually known to the adversary a priori, a successful injection of an undetected error is highly unlikely. We give a proof of the robustness of these codes by providing an upper bound on the number of undetectable errors.

Robust finite field arithmetic for fault-tolerant public-key cryptography

We present a new approach to fault tolerant public key cryptography based on redundant arithmetic in finite rings. Redundancy is achieved by embedding non-redundant field or ring elements into larger rings via suitable homomorphisms obtained from modulus scaling. Our approach is closely related to, but not limited by the exact definition of cyclic binary and arithmetic codes. We present a framework for system-designers that allows flexible trade-offs between circuit area and desired level of fault tolerance. Our method applies to arithmetic in prime fields and extension fields of characteristic 2 where it serves two mutually beneficial purposes: The redundancy of the larger ring can be used for error detection, while its modulus has a special low Hamming-weight form, lending itself particularly well to efficient modular reduction.

Fast Modular Reduction

It is widely acknowledged that efficient modular multiplication is a key to high-performance implementation of public-key cryptography, be it classical RSA, Diffie-Hellman, or (hyper-) elliptic curve algorithms. In the recent decade, practitioners have relied mainly on two popular methods: Montgomery Multiplication and regular long-integer multiplication in combination with Barretts modular reduction technique. In this paper, we propose a modification to Barretts algorithm that leads to a significant reduction (25% to 75%) in multiplications and additions.

Tate Pairing with Strong Fault Resiliency

We present a novel non-linear error coding framework which incorporates strong adversarial fault detection capabilities into identity based encryption schemes built using Tate pairing computations. The presented algorithms provide quantifiable resilience in a well defined strong attacker model. Given the emergence of fault attacks as a serious threat to pairing based cryptography, the proposed technique solves a key problem when incorporated into software and hardware implementations.

Leveraging the Multiprocessing Capabilities of Modern Network Processors for Cryptographic Acceleration

The Kasumi block cipher provides integrity and confidentiality services for 3G wireless networks, but it also forms a bottleneck due to its computational overhead. Especially in infrastructure equipment with data streams from multiple connections entering and leaving the network processor the critical performance issue needs to be addressed. In this paper we present a highly scalable bit sliced implementation of the Kasumi block cipher for the Intel IXP 28xx family of network processors. It can achieve a maximum theoretical encryption rate of up to 2 Gb/s when run in parallel on all 16 on-chip microengines