Raj S. Katti

On the Security of Randomized Arithmetic Codes Against Ciphertext-Only Attacks

Modifications of arithmetic coding (AC) have been proposed to improve the security of traditional AC. Two main modifications to AC are randomized AC (RAC) and AC with key-based interval splitting (KSAC). Chosen-plaintext attacks have been proposed for these two methods when the same key is used to encrypt different messages. We first give a definition for security of encryption using AC that is based on the inability of the adversary to distinguish between the encryption of one plaintext from the encryption of another. Using this definition, we prove that RAC is insecure even if a new random key is used to compress every message. Our proof assumes that the adversary can only eavesdrop on the ciphertext and cannot request encryptions of chosen-plaintexts. We then prove that the method of first-compress-then-encrypt, where the encryption is performed by a bitwise xor of the compressed output with a pseudorandom bit sequence, is provably secure with respect to chosen-plaintext attacks. If the pseudorandom bit sequence is derived in advance using Advanced Encryption Standard (AES) in the counter mode, then the first-compress-then-encrypt method results in a performance penalty of only a few two input xor-gate delays.

Efficient hardware implementation of a new pseudo-random bit sequence generator

In this paper we propose a new linear congruential generator (LCG) based pseudo random bit-sequence generator (PRBG) and its hardware implementation. Linear congruential generators (LCGs) of the form xi+1 = axi + b(mod m), have been used to generate pseudorandom numbers. However these generators have been known to be insecure. The proposed PRBG couples four such LCGs and is secure. A preliminary proof of security is outlined in this paper. The PRBG generates bit-sequences that pass all NIST pseudo randomness tests. Our PRBG has a very efficient hardware implementation because the modulo operation is with respect to 2n as opposed to p × q in the Blum-Blum-Shub (BBS) generator, where p and q are large prime numbers. We also show that the hardware implementation can be easily pipelined, thereby increasing the throughput in spite of the hardware having large word-length inputs (n ≥ 128). A 4-stage pipelined hardware was implemented in VHDL for n = 128 and the synthesized hardware was simulated. Simulation results showed a 2.81 fold increase in throughput (number of pseudo-random bits output per unit time) compared to the non-pipelined version.

A variable length fast Message Authentication Code for secure communication in smart grids

We propose a variable length Message Authentication Code (MAC) scheme for secure communication between Automated Metering Interface (AMI) devices and collector nodes in the smart grid. We prove the security of this scheme and analyze its performance with respect to three attributes namely: (i) communication overhead, (ii) verification delay and (iii) memory usage. The proposed scheme reduces the time for verification by at least two orders compared to existing hash based authentication protocols. The scheme thus provides an efficient solution to support high frequency exchange of large volume messages.

Pseudorandom Bit Generation Using Coupled Congruential Generators

In this brief, we propose the generation of a pseudorandom bit sequence (PRBS) using a comparative linear congruential generator (CLCG) as follows. A bit ¿1¿ is output if the first linear congruential generator (LCG) produces an output that is greater than the output of the second LCG, and a bit ¿0¿ is output otherwise. Breaking this scheme would require one to obtain the seeds of the two independent generators given the bits of the output bit sequence. We prove that the problem of uniquely determining the seeds for the CLCG requires the following: 1) knowledge of at least log2 m 2 ( m being the LCG modulus) bits of the output sequence and 2) the solution of at least log2 m 2 inequalities, where each inequality (dictated by the output bit observed) is applied over positive integers. Computationally, we show that this task is exponential in n (where n = log2 m is the number of bits in m) with complexity O(22 n). The quality of the PRBS so obtained is assessed by performing a suite of statistical tests (National Institute of Standards and Technology (NIST) 800-22) recommended by NIST. We observe that a variant of our generator that uses two CLCGs (called dual CLCG) pass all the NIST pseudorandomness tests with a high degree of consistency.

Novel asynchronous registers for sequential circuits with quantum-dot cellular automata

Quantum-dot cellular automata (QCA) are nano-scale devices for implementing logic circuits. The disadvantage of QCA circuits is that its layout determines the timing of the circuit. This is the “layout = timing” problem in QCA circuits. Null convention logic (NCL) has been proposed as a solution to this problem. However the asynchronous registers used in NCL are bulky and require a large number of QCA cells. We propose a new architecture for these asynchronous registers that results in a 75% decrease in the number of QCA cells used in them. At the heart of the new register is a newly designed threshold gate. We have used the proposed register to implement an NCL-based serial adder. This new adder is fully asynchronous and therefore solves the “layout = timing” problem to a large extent. Our new adder also requires fewer QCA cells than previously proposed serial adders.

An array based technique for routing messages in distributed double loop networks

In Chalamaiah and Ramamurthy (1998), the shortest path between two processors in a distributed double-loop network, G(n;+h,+1), was found by computing the shortest path in the 4 networks, G(n;+h,+1), G(n;-h,1), G(n;h,-1), and G(n;-h,-1), and then finding the best amongst these paths. In this paper we present an algorithm that is faster as it generates the path directly. Our algorithm is based on an array, and can be used for routing a message between processors in a distributed loop network via the shortest path. This algorithm fills in an array of size n (n is the number of nodes in the network) with an integer which is the shortest distance to node 0, in d time steps (where d is the diameter of the network). This is based on breadth-first search techniques (West 2001). Knowledge of the diameter is not required. The shortest path between two nodes can then be obtained using this array.

Multicast authentication in the smart grid with one-time signatures from sigma-protocols

Security for multicast communication by mutual (sender and receiver) authentication is a challenging problem in the smart grid given the unique constraints in communication bandwidth, computation time, and computational resources of field devices. Traditional public-key infrastructure based digital signature schemes (such as RSA) cannot be naively adapted for secure communication in the smart-grid because of: (i) increased communication burden (large key sizes which increase communication bandwidth), (ii) increased time for decryption/verification (which increase latency) and (iii) the limited computational capabilities of smart-meters and other field devices. These unique constraints limit the direct application of generic solutions with one-time signature schemes, (OTS), or the Bins and Balls (BiBa) scheme for broadcast authentication, or improvements via HORS (Hash to Obtain Random Subset). While the signature size and verification time are small, the public-key size is large with moderate overhead for signature generation with BiBa. A significant reduction in signing overhead is achieved with HORS which makes it useful for several multicast authentication applications. However, even HORS is not well suited for smart grid applications mainly because it requires large public key sizes. For power-grid communications, the most recent multicast authentication protocol called Tunable Signing and Verification (TSV) [1] reduces the signature size (over HORS) at the expense of increased computations at sender or receiver. Hence the need for better one-time signature schemes that will require fewer resources at the receiver, with modest signature sizes and low sender computations is both urgent and important in the smart-grid environment.

WiP abstract: Multicast authentication in the smart grid with one-time signatures from sigma-protocols

Security for multicast communication by mutual (sender and receiver) authentication is a challenging problem in the smart grid given the unique constraints in communication bandwidth, computation time, and computational resources of field devices. Traditional public-key infrastructure based digital signature schemes (such as RSA) cannot be naively adapted for secure communication in the smart-grid because of: (i) increased communication burden (large key sizes which increase communication bandwidth), (ii) increased time for decryption/verification (which increase latency) and (iii) the limited computational capabilities of smart-meters and other field devices. These unique constraints limit the direct application of generic solutions with one-time signature schemes, (OTS), or the Bins and Balls (BiBa) scheme for broadcast authentication, or improvements via HORS (Hash to Obtain Random Subset). While the signature size and verification time are small, the public-key size is large with moderate overhead for signature generation with BiBa. A significant reduction in signing overhead is achieved with HORS which makes it useful for several multicast authentication applications. However, even HORS is not well suited for smart grid applications mainly because it requires large public key sizes. For power-grid communications, the most recent multicast authentication protocol called Tunable Signing and Verification (TSV) [1] reduces the signature size (over HORS) at the expense of increased computations at sender or receiver. Hence the need for better one-time signature schemes that will require fewer resources at the receiver, with modest signature sizes and low sender computations is both urgent and important in the smart-grid environment.

Verification of desynchronized circuits

Desynchronization is a method used to synthesize circuits with a high degree of asynchronicity from synchronous parents. It is well known that asynchronous circuits are hard to design and verify. We propose a refinement-based formal method to check that desynchronized pipelines correctly implement their high-level non-pipelined specifications. The method is based on an algorithm to construct functions that relate desynchronized states with specification states. The method is used successfully to check partial safety of a desynchronized implementation of the DLX architecture.