Nicolas Sklavos

Key management systems for sensor networks in the context of the Internet of Things

If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.

Architectures and VLSI implementations of the AES-Proposal Rijndael

Two architectures and VLSI implementations of the AES Proposal, Rijndael, are presented in this paper. These alternative architectures are operated both for encryption and decryption process. They reduce the required hardware resources and achieve high-speed performance. Their design philosophy is completely different. The first uses feedback logic and reaches a throughput value equal to 259 Mbit/sec. It performs efficiently in applications with low covered area resources. The second architecture is optimized for high-speed performance using pipelined technique. Its throughput can reach 3.65 Gbit/sec.

Wireless Security and Cryptography: Specifications and Implementations

As the use of wireless devices becomes widespread, so does the need for strong and secure transport protocols. Even with this intensified need for securing systems, using cryptography does not seem to be a viable solution due to difficulties in implementation. The security layers of many wireless protocols use outdated encryption algorithms, which have proven unsuitable for hardware usage, particularly with handheld devices. Summarizing key issues involved in achieving desirable performance in security implementations, Wireless Security and Cryptography: Specifications and Implementations focuses on alternative integration approaches for wireless communication security. It gives an overview of the current security layer of wireless protocols and presents the performance characteristics of implementations in both software and hardware. This resource also presents efficient and novel methods to execute security schemes in wireless protocols with high performance. It provides the state-of-the-art research trends in implementations of wireless protocol security for current and future wireless communications. Unique in its coverage of specification and implementation concerns that include hardware design techniques, Wireless Security and Cryptography: Specifications and Implementations provides thorough coverage of wireless network security and recent research directions in the field.

Implementation of the SHA-2 Hash Family Standard Using FPGAs

The continued growth of both wired and wireless communications has triggered the revolution for the generation of new cryptographic algorithms. SHA-2 hash family is a new standard in the widely used hash functions category. An architecture and the VLSI implementation of this standard are proposed in this work. The proposed architecture supports a multi-mode operation in the sense that it performs all the three hash functions (256, 384 and 512) of the SHA-2 standard. The proposed system is compared with the implementation of each hash function in a separate FPGA device. Comparing with previous designs, the introduced system can work in higher operation frequency and needs less silicon area resources. The achieved performance in the term of throughput of the proposed system/architecture is much higher (in a range from 277 to 417%) than the other hardware implementations. The introduced architecture also performs much better than the implementations of the existing standard SHA-1, and also offers a higher security level strength. The proposed system could be used for the implementation of integrity units, and in many other sensitive cryptographic applications, such as, digital signatures, message authentication codes and random number generators.

Hardware implementation of the RC4 stream cipher

In this paper, an efficient hardware implementation of the RC4 stream-cipher is proposed. In contrary to previous designs, which support only fixed length key, the proposed implementation integrates in the same hardware module an 8-bit up to 128-bit key length capability. Independently of the key length, the proposed VLSI implementation achieves a data throughput up to 22 Mbytes/sec in a maximum frequency of 64 MHz. The whole design was captured by using VHDL language and a FPGA device was used for the hardware implementation of the architecture. A detailed analysis, in terms of performance, and covered area is shown.

On the hardware implementations of the SHA-2 (256, 384, 512) hash functions

Couple to the communications wired and unwired networks growth, is the increasing demand for strong secure data transmission. New cryptographic standards are developed, and new encryption algorithms are designed, in order to satisfy the special needs for security. SHA-2 is the newest powerful standard in the hash functions families. In this paper, a VLSI architecture for the SHA-2 family is proposed. For every hash function SHA-2 (256, 384, and 512) of this standard, a hardware implementation is presented. All the implementations are examined and compared in the supported security level and in the performance by using hardware terms. This work can substitute efficiently the previous SHA-1 standard implementations, in every integrity security scheme, with higher offered security level, and better performance. In addition, the proposed implementations could be applied alternatively in the integrations of digital signature algorithms, keyed-hash message authentication codes and in random numbers generators architectures.

LTE/SAE Security Issues on 4G Wireless Networks

The authors give an overview on the state of the art of potential security issues that occur in the deployment of the LTE/SAE (Long-Term Evolution/System Architecture Evolution) protocol in emerging 4G wireless technologies. Although security concerns and challenges in wireless networks will remain a hot topic in the future, the LTE/SAE standard could adapt to these rising challenges, becoming more robust and secure. By looking at the authentication and ciphering algorithms, such as EAP-AKA (Extensible Authentication Protocol for Authentication and Key Agreement), currently operating within the LTE protocol, the authors analyze several vulnerabilities in LTE/SAE security architecture—specifically, insecure AKA key derivation procedures and the lack of fast reauthentications during handovers.

High speed networking security: design and implementation of two new DDP-based ciphers

Using Data-Dependent (DD) Permutations (DDP) as main cryptographic primitive two new ciphers are presented: ten-round Cobra-H64, and twelve-round Cobra-H128. The designed ciphers operate efficiently with different plaintext lengths, 64 and 128-bit, for Cobra-H64 and Cobra-H128, respectively. Both of them use very simple key scheduling that defines high performance, especially in the case of frequent key refreshing. A novel feature of Cobra-H64 and Cobra-H128 is the use of the Switchable Operations which prevent the weak keys. The offered high-level security strength does not sacrifice the implementation performance, of both ciphers. Architecture, design and hardware implementation of the two ciphers are presented. The synthesis results for both FPGA and ASIC implementations prove that Cobra-H64 and Cobra-H128 are very flexible and powerful new ciphers, especially for high-speed networks. The achieved hardware performance and the implementation area cost of Cobra-H64 and Cobra-H128 are compared with other ciphers, used in security layers of wireless protocols (Bluetooth, WAP, OMA, UMTS and IEEE 802.11). From these comparisons it is proven that the two proposed are flexible new ciphers with better performance in most of the cases, suitable for wireless communications networks of present and future.

Comparison of the hardware architectures and FPGA implementations of stream ciphers

In this paper, the hardware implementations of five representative stream ciphers are compared in terms of performance and consumed area. The ciphers used for the comparison are the A5/1, W7, E0, RC4 and Helix. The first three ones have been used for the security part of well-known standards. The Helix cipher is a recently introduced fast, word oriented, stream cipher. The W7 algorithm has been recently proposed as a more trustworthy solution for GSM, due to the security problems that occurred concerning the A5/1 strength. The designs were coded using the VHDL language. For the hardware implementation of the designs, an FPGA device was used. The implementation results illustrate the hardware performance of each cipher in terms of throughput-to-area ratio. This ratio equals: 5.88 for the A5/1, 1.26 for the W7, 0.21 for the E0, 2.45 for the Helix and 0.86 for the RC4.

VLSI implementation of the keyed-hash message authentication code for the wireless application protocol

Security has become a highly critical issue in the provision of mobile services. The Wireless Application Protocol (WAP) has specified a powerful security layer, the WTLS. The Keyed-Hash Authentication Code (HMAC) has been adopted by the WTLS in order to support the special demands for authentication with security of high-level strength. A VLSI architecture and the FPGA implementation of HMAC for the WTLS are proposed in this work. The introduced design is based on the SHA-1 hash function. The implementation results for both the HMAC and the SHA-1 proposed architectures are compared with other related works. From these comparisons, it is proven that the proposed system performs better in all of the cases. It is also superior to the conventional hardware implementations by using the area-delay product. In addition to the WAP protocol, the proposed architecture can be implemented for any authentication system of computer networks and wireless protocols, with high-performance demands and hard secure authentication needs at the same time.