A Case Against Currently Used Hash Functions in RFID Protocols
|
|
- Holly Rice
- 5 years ago
- Views:
Transcription
1 A Case Against Currently Used Hash Functions in RFID Protocols Martin Feldhofer and Christian Rechberger Graz University of Technology Institute for Applied Information Processing and Communications Inffeldgasse 16a, A 8010 Graz, Austria {Martin.Feldhofer,Christian.Rechberger}@iaik.tugraz.at Abstract. Designers of RFID security protocols can choose between a wide variety of cryptographic algorithms. However, when implementing these algorithms on RFID tags fierce constraints have to be considered. Looking at the common assumption in the literature that hash functions are implementable in a manner suitable for RFID tags and thus heavily used by RFID security protocol designers we claim the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the Advanced Encryption Standard (AES) instead of hash functions from the SHA family as building blocks for RFID security protocols. In turn, we present a low-power architecture for the widely recommended hash function SHA-256 which is the basis for the smallest and most energy-efficient ASIC implementation published so far. To back up our claim we compare the achieved results with the smallest available AES implementation. The AES module requires only a third of the chip area and half of the mean power. Our conclusions are even stronger since we can show that smaller hash functions like SHA-1, MD5 and MD4 are also less suitable for RFID tags than the AES. Our analysis of the reasons of this result gives some input for future hash function designs. 1 Introduction In the last few years, many research activities were conducted in the area of RFID security. Various attacks on the used algorithms, protocols and implementations showed that the protection of RFID systems requires more attention. Many security protocols were proposed to protect the violation of privacy and the authenticity of goods. Most of them use symmetric cryptography because of the fierce constraints for RFID tag implementations. From the implementation point of view, the difficulties in RFID tag design are the very tight requirement for the production of RFID tags. In addition to low die-size requirements the power consumption of the RFID tag is of utmost importance. In the HF frequency range at MHz the maximum mean current consumption without reducing the operation range of the tags is 15 µa. Due to the limited available chip area, the limited power consumption and the limited
2 2 M. Feldhofer, Ch. Rechberger time, an algorithm is allowed to execute, the selection of appropriate security algorithms and protocols is very important. Unfortunately, the use of public key cryptography is out of range with today s semiconductor process technologies. The required computational power cannot be included on RFID tags in terms of speed and power consumption. Therefore, primitives from symmetric cryptography are heavily used by protocol designers in this area. Hash functions are conceptually simpler than block ciphers, since they do not need a key. In the RFID security community, it is commonly assumed that hash functions are therefore also the better choice from the implementation point of view. As a consequence, most of the proposed protocols for protecting RFID tags base on hash function implementations [1, 3, 7, 9, 13, 16]. Only in the work of Feldhofer et al. [5] the use of block ciphers is discussed in more detail. Our Contribution. In big parts of the available literature on RFID security protocols the use of hash functions as basic building blocks is proposed with the reasoning that they are easier to implement on RFID tags than a block cipher like AES [10]. In this paper we give conclusive evidence that it is better to use a standardized block cipher like AES [10] on RFID tags than using one of the standardized hash functions from the SHA family [11]. On the basis of a survey on existing RFID security protocols we see that either symmetric encryption primitives or hash functions are always the underlying building blocks if authentication is needed. In Section 2 we derive the requirements for the basic building blocks. In Section 3 we present the smallest and most power-efficient SHA-256 ASIC implementation published so far. In Section 4 we map these results to other MD4 family hash functions like SHA-1, MD5 and MD4 and we compare the achieved results of hash implementations with the low-power AES implementation of Feldhofer et al. [6] which requires less chip area and has lower power consumption figures. Based on that we derive two simple criteria that firstly explain the reason between the gap we observe, and secondly give hints for the design of new hash functions which are more suitable for RFID tags. 2 Cryptographic Primitives in RFID Security Protocols The cryptographic literature offers a variety of cryptographic primitives which can be used as basic building blocks in the design of security protocols. Depending on assumptions about available keying material, difficulty and trust on underlying problems, or implementation constraints, a multitude of options is available. In the context of RFID systems, the choice is somewhat smaller because of fierce constraints from the implementation point of view. Thus, we subsequently focus on algorithms attributed to the area of symmetric cryptography.
3 A Case Against Currently Used Hash Functions in RFID Protocols 3 Here, the high level of security (112 to 256 bits) and meeting the implementation constraints is possible without requiring unreasonable amounts of keying material. Protocol designers can choose from primitives like block/stream ciphers, hash functions, message authentication codes (MACs), universal hash functions or pseudorandom number generators (PRNGs). Some of these primitives can be efficiently turned into others. A block cipher can be turned into a hash function. For universal hash functions to be used in the setting for RFID security protocols, a cryptographically secure PRNG is needed to generate new keying material. Standardized and trusted PRNGs are in turn again based on block ciphers or hash functions. This implies that for RFID security protocols using PRNGs on top of primitives like ciphers or hash functions, no substantial additional circuit is required. MACs are mainly based on hash functions, ciphers or universal hash functions. Summing up this short overview, we conclude that for RFID authentication protocols based on symmetric cryptography either hash functions or ciphers are the most suitable basic building blocks. Subsequently we will thus focus on these. 2.1 Survey of Symmetric Primitives in State-of-the-art Proposals for RFID Protocols As mentioned before, the reason to employ cryptographic primitives in RFID protocols is to provide some form of authentication and/or some form of anonymity. In protocols that use hash functions on the RFID tag, the following properties are generally needed. In order to provide some form of anonymity, the output of the hash function should not be distinguishable from a truly random bitstring. For authentication purposes, the designer of RFID protocols relies on the preimage resistance or 2nd-preimage resistance of the used hash function. Occasionally, also collision resistance is needed [13]. In protocols that use ciphers as a cryptographic primitive, anonymity is again provided by the difficulty of distinguishing its output from a truly random bitstring. Authenticity is guaranteed by the resistance against key-recovery attacks of the employed cipher. Subsequently we focus on proposals which offer the possibility to authenticate the tag and/or the reader and thus tackle the problem of tag cloning. Symmetric Encryption There are only a few protocol designers which base their RFID authentication protocols on symmetric-key encryption primitives. Feldhofer et al. [5] use simple challenge-response authentication for unilateral and mutual authentication of RFID tag and reader. The random values r t and r r are the challenges from the tag and the reader which are encrypted using
4 4 M. Feldhofer, Ch. Rechberger the function E K which is in their case AES. They mention the problem of key distribution and key management when using symmetric authentication methods but do not provide any detailed solution for it. Hashing Weis et al. [16] proposed the hash-lock scheme and the improved randomized hash-lock scheme. Thereby, the tag is authenticated by the tuple (r t,h(id,r t )) where r t is a random value generated by the tag for tracking prevention and the hash value is generated over ID and r t. In the protocol of Henrici et al. [7] the tag sends the hash value of its ID together with a transaction number to the reader and authenticates the tag to the reader. The reader responds with a random value which is used to refresh the tag identifier on every successful transaction. Lee and Verbauwhede [9] propose a protocol where a hash function h(k r s ) of a key K and a random value r s is used for mutual authentication of reader and tag. Additionally, r s is used for updating the key in the tag. Dimitriou [3] uses in his authentication protocol a message authentication code (MAC) h k which is based on hash functions. Random values generated by reader and tag are used for mutual authentication and refreshing the key in the tag. Rhee et al. [13] suggest a hash-based challenge-response protocol where the secret key in the protocol is the ID. The tag does not need to update the secret key which avoids attacks by interrupting the session. In the protocol of Choi et al. [1] tags have a common secret key K and a tag-specific secret S which are used for mutual authentication based on hash functions. A counter c is incremented in the tag on each access for prevention of replay attacks. 3 Hardware Implementation of SHA-256 One of the main contributions of this paper is the ASIC implementation of a SHA-256 module which fulfills the requirements for RFID tags. SHA-256 is a member of the SHA-2 family of hash functions which is in turn the latest official descendant of the MD4 family. SHA-256 was chosen because it is widely recommended and offers a security level equivalent to AES-128. For the design of hardware modules in RFID systems the differences between power consumption and energy consumption is important to notice. In contrast to battery-powered devices where energy consumption is the optimization goal, the mean current consumption is the critical concern for passively powered RFID tags. The duration of the operation is of reduced concern. It is important that the power consumption per clock cycle is limited although the total energy consumption of an operation might be larger. This comes due to the limited energy transmission from the RFID reader to the tag during one clock cycle. Here it is often necessary to serialize operations because the concurrent
5 A Case Against Currently Used Hash Functions in RFID Protocols 5 calculation would exceed the available power and the large voltage drop causes a reset in the circuit. Our implementation goal of the SHA-256 was to minimize the mean power consumption while using only small chip area. 3.1 Description of SHA-256 SHA-256 [11] is an iterated cryptographic hash function based on a compression function that operates on an internal state of 256 bits. This internal state is initialized using IVs as specified in [11]. SHA-256 updates the state of eight 32-bit variables A,..., H according to the values of bit words M 0,..., M 15 of the message. The compression function consists of 64 identical step transformations as presented in Fig. 1. The step transformations employ the bitwise Boolean functions Ma j and Ch, and two GF(2)-linear functions Σ 0 (x) = ROT R 2 (x) ROT R 13 (x) ROT R 22 (x) and Σ 1 (x) = ROT R 6 (x) ROT R 11 (x) ROT R 25 (x). The i-th step uses a fixed constant K i which is a distinct 32-bit word for each step and the i-th word W i of the expanded message. The message expansion works as follows. An input message is split into 512-bit message blocks (after padding). The message expansion takes as input a vector M with 16 words and outputs a vector W with N words. The words of W i, the expanded vector, are generated from the initial message M according to the following formula: W i = { M i for 0 i 15 σ 1 (W i 2 ) W i 7 σ 0 (W i 15 ) W i 16 for 16 i 63. The functions σ 0 (x) and σ 1 (x) are defined as follows: σ 0 (x) = ROT R 7 (x) ROT R 18 (x) SHR 3 (x) and σ 1 (x) = ROT R 17 (x) ROT R 19 (x) SHR 10 (x). After 64 steps, the feed-forward operation is applied. It is done by word by word modular addition of the previous chaining values (the IVs in the case of the first block) to the current state variables. 3.2 Related SHA-256 Implementations Although many hash hardware architectures have been proposed in the last years, none of the published work focus on low die-size and low power-consumption requirements as needed for contactlessly powered devices like RFID tags. Nearly all of these architectures focus on GBit throughput rates and do not mind high power consumption at all. Especially the implementations using FP- GAs as target technology make extensive use of pipelining and unrolling techniques. Some representatives of this category are Pramstaller and Aigner [12]
6 6 M. Feldhofer, Ch. Rechberger A N B N C N D N E N F N G N H N Σ 0 Σ 1 M A J C H KN WN A N1 N B N1 N C N1 N D N1 N E N1 N F N1 N G N1 N H N1 N Fig. 1. One step of the state update transformation of SHA-256 and Sklavos and Koufopavlou [15]. Only a few publications of ASIC hash implementations are available so far. The implementations of Satho and Tadanobu [14], Dominikus [4] and Dadda et al. [2] are directly comparable with our design as they have shown results of SHA-256 implementations. 3.3 Architecture of SHA-256 Module Implementing the SHA-256 (and also other MD4 family hash functions like SHA-1, MD5 and MD4) algorithm as a 32-bit architecture is the only useful data bit width because of the design of the algorithm. High-level simulations with a data word size of 8 bits showed that the performance is unacceptably bad which was not astonishing as the algorithms were designed for 32-bit platforms. The architecture of the SHA-256 module consists of a datapath and a controller circuit. The datapath of the proposed 32-bit SHA-256 module is depicted in Fig. 2. It is to the best of our knowledge the smallest hardware implementation of the SHA-256 algorithm published so far. The main parts of the module are the RAM circuits, the dedicated logic functions for the SHA-256 transformations, temporary storage registers and one 32-bit adder. The controller module which is not shown in the figure is implemented as a finite state machine that generates the control and address signals for the datapath. All RAM parts have a register-based implementation which allows the use of clock gating to minimize power consumption. The major design principle is that only 32 flip-flops are clocked within the same clock cycle. This averages the power consumption of the circuit which is crucial for wirelessly powered devices like RFID tags. This represents the most important design difference to existing SHA-256 im-
7 A Case Against Currently Used Hash Functions in RFID Protocols 7 W-RAM 16x32-bit A, B, C E, F, G A E State- RAM 8x32-bit H-RAM 8x32-bit data out T2 0 1 Ch Maj 1 0 SHA2 Const T1 data in 32-bit Adder Fig. 2. Architecture of low-power SHA-256 datapath plementations where in every clock cycle all registers of a RAM module need a clock pulse because of the pipelined structure. The RAM consists of the three different parts: message expansion RAM (W-RAM), state variables A-H (State- RAM) and the chaining variables (H-RAM). The W-RAM stores the sixteen 32-bit words W i necessary for the message schedule. This RAM module is single ported to ease silicon implementation and reduce controlling complexity. The State-RAM contains the eight state variables A-H which are used during the step transformation. Because of the internal structure of the algorithm it was necessary to implement this 8 32-bit RAM having a separated read and write port. The synthesis results show that the additional hardware for this dualport RAM is negligible but the throughput is augmented significantly. The third RAM part, the H-RAM, stores the 8 32-bit chaining variables. It is updated only at the beginning and at the end of each step transformation. The output of the datapath comes directly from the H-RAM. The dedicated hardware modules in the datapath perform the SHA-256 functions σ 0, σ 1, Ch, Ma j, Σ 0 and Σ 1. The inputs of these functions come either from the output of the RAM or they are directly routed from the state variables A-H to the corresponding module. The sequence of 64 constant 32-bit words are stored in a look-up table which was generated by the synthesizer. The two 32-bit registers T 1 and T 2 are used during step transformation to store intermediate results. Again clock gating is used to reduce the power consumption while the registers are not required. All RAM circuits, the dedicated hardware modules, the look-up table and the registers have the mechanism to disable the output of the module which sets the 32-bit output of the module to zero. This method, called
8 8 M. Feldhofer, Ch. Rechberger sleep-mode logic, reduces the switching activity of the combinational logic behind this gates to a minimum. Additionally, the two large multiplexers degrade to merely an OR tree. A further big difference to existing hash architectures is the use of a single 32-bit adder. The critical path of the circuit is heavily reduced to produce less signal activity and hence has lower power consumption. A calculation of a hash value works as follows. Before the step transformation starts the initial hash value has to be loaded into the H-RAM module. Then the data input including padding is stored in the W-RAM. After transferring data from the H-RAM to the state variables the step transformation starts. According to the SHA-256 algorithm the state variables are updated using the dedicated functions, the intermediate storage registers and the appropriate SHA-256 constant from the look-up table. The message schedule is also executed in each step which allows to generate the required message expansion in place without any additional memory. At the end of the 64 rounds the hash value is calculated using the state variables and the old chaining variables. Now the hash value can be read at the data output or the next message block has to be processed with the same procedure except the initialization of the H-RAM which holds its value. 3.4 Achieved Results The implementation of our SHA-256 architecture requires a current consumption of µa at a frequency of 100 khz on a 0.35 µm CMOS process technology with a supply voltage of 3.3 V. All presented results in Table 1 come from simulations on transistor level using Nanosim from Synopsys. Performing a hash calculation on a 512-bit block of data requires 1,128 clock cycles which is suitable for RFID communication protocols using interleaved protocols according to [5]. Although not designed for high speed, the circuit has a maximum clock frequency of 50 MHz and achieves a data throughput of up to 22.5 Mbps. The required hardware complexity is 597,740 µm 2 which corresponds to 10,868 gate equivalents (GEs). The complexity of each component is also listed in Table 1. Table 2 presents a comparison of our approach with the work of Dadda [2], Dominikus [4] and Satoh [14]. While Dominikus [4] does not provide information about the implementation of the RAM circuit Dadda [2] and Satoh [14] use shift registers for implementation of the RAM. The state variables, the chaining variables and the expanded message words are in each case structured as a 32- bit pipelined register file where in each clock cycle all registers are updated and cause therefore high power consumption. Hence, power saving techniques like clock gating are not applicable. It can be seen that the use of very recent process technologies brings advantages in the maximum clock frequency. As RFID tags are low-end devices,
9 A Case Against Currently Used Hash Functions in RFID Protocols 9 Table 1. Synthesis results of all components of the low-power SHA-256 module Module/Component I mean Chip area [GE] State-RAM ,984 W-RAM ,881 H-RAM ,427 SHA-256 Constants bit Registers 2x0.80 2x197 σ 0 & σ 1 & Σ 0 & Σ 1 & Ch & Maj bit Adder Multiplexer & others Controller Total ,868 Table 2. SHA-256 comparison with related work based on power consumption and gate count SHA-256 CMOS Tech. I mean Chip area f max Clock ASIC µm GE MHz cycles This work 3.3V , ,128 Dadda [2] 1.8V a 14, Dominikus [4] 3.3V a 10,900 RAM Satoh [14] 1.5V a 11, a No figures given. Because of the hardware architecture the current consumption is expected to be a multiple of ours. today most manufacturer use the cheaper 0.35 µm and 0.25 µm CMOS process technologies. Unfortunately, all other related work does not include power consumption figures to their results. Because of the pipelined design in the data memory it can be seen that they are not optimized for low power consumption. In addition to being the smallest published ASIC implementation of SHA-256 our low-power approach allows application of SHA-256 in RFID system with minimal reduction of the operation range. 4 Discussion of Implications Table 3 presents a comparison of four hash function implementations with the AES implementation of Feldhofer [6]. The figures of the SHA-256 and SHA-1 implementations are synthesis results while for MD5 and MD4 only estimations are available. Note that the algorithms have different block lengths and security level which was not normalized in the table. The chip area includes all necessary
10 10 M. Feldhofer, Ch. Rechberger components to operate the module stand alone while the cycle count is the number of clock cycles for one block of data. Choosing the older and smaller hash functions might be an option if collision resistance is not needed. Kaps et al. [8] state that a SHA-1 implementation with only 4,276 gate equivalents which is more energy efficient than their AES implementation is possible. In our setting this analysis does not apply since they do not take the message expansion RAM into account (which compares to 2,400 GEs). They state that an external memory holds these sixteen 32-bit words which is not possible on an RFID tag. The major outcome is that there are two dominating factors that decide on the suitability of symmetric primitives for RFID tags. Firstly, the required number of registers which store state variables, chaining variables and message words. Secondly, the underlying word size of the used primitive. All popular hash functions operate on input blocks of at least 512 bits. Including the size of the state which is at least as big as the output of the hash functions, the resulting lower bound on the gate count is already higher than the smallest known AES implementation. Note that also hash functions which we did not consider in this paper so far (like Tiger or Whirlpool) have the same structural disadvantage compared to block ciphers like the AES. Since AES operates on elements in GF(2 8 ), the minimal number of registers (8) that have to be clocked is much lower compared to any member of the MD4 family of hash functions which have a word size of at least 32 bits. Architectures for the MD4 family which operate on less than 32 bits at a time face heavy penalties when taking runtime into consideration. This results in a big difference in the achievable mean power consumption of resulting RFID tags, which is the most critical factor for application of passive RFID tags. Looking at other hash functions, the situation is more diverse. Tiger operates on 64-bit words and thus is likely to have an ever higher mean power consumption. On the other hand, Whirlpool operates like AES on elements in GF(2 8 ), which means that the mean power consumption would not be the limiting factor for usage in Table 3. Synthesis results (for SHA-256, AES, SHA-1) and estimations (MD5, MD4) of hash functions and AES algorithm implementations for low die-size and low power consumption Algorithm Chip area I mean Clock GE cycles SHA , ,128 SHA-1 8, ,274 MD5 8, MD4 7, AES [6] 3, ,032
11 A Case Against Currently Used Hash Functions in RFID Protocols 11 RFID security protocols. Overall, future hash functions designs which aim for efficient implementations on RFID tags need to take both points into account. Consequently, the use of block ciphers like the AES as a basic building block for the design of RFID security protocols is the most sensible choice as of today. Stream ciphers for resource-constraint environments which are currently evaluated by the project estream of the European Union sponsored Network of Excellence ECRYPT might be useful as well. 5 Conclusions and Future Work Contrasting some commonly made assumption in the literature on RFID protocols, we showed the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the AES instead of hash functions as the cryptographic building blocks for secure RFID protocols. To investigate this issue, we proposed a low-power architecture for the MD4 family of hash functions and gave a detailed analysis of this smallest SHA-256 ASIC implementation known so far. Our result has about 10,000 gates and a mean power consumption of 15 µa at 100 khz using a cheap 0.35 µm process technology which is indeed within the constraints of EPC class 2 tags. Even though it is interesting to know that also SHA-256 might be small enough for some RFID tags, we have to compare it with implementations of other primitives. Comparing it with the smallest known AES implementation we conclude that no known hash function can achieve similar results given fierce implementation constraints (like mean power consumption) as it is the case for RFID systems. Reducing the gate count by switching to smaller hash functions like SHA-1, MD5 or even MD4 does not affect these conclusions. The reason is two-fold: Firstly, the underlying word size. The minimal number of registers that have to be clocked in the case of AES (8) is much lower compared to any member of the MD4 family of hash functions which have a word size of 32 bits. This results in a big difference in the achievable mean power consumption of resulting RFID tags, which is an important measure. Secondly, the necessary number of registers. It turns out that all hash functions used today have a structural disadvantage compared to the AES. That is why choosing AES results in comparatively cost-efficient RFID security protocols while keeping a high level of security. Thus it remains to be seen which of the many hash-based protocols can be converted into protocols using a cipher to allow for production of small and cheap tags. Alternatively, AES-based hash functions need to be evaluated from the RFID perspective.
12 12 M. Feldhofer, Ch. Rechberger References 1. E. Y. Choi, S.-M. Lee, and D. H. Lee. Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In Embedded and Ubiquitous Computing - EUC 2005 Workshops, volume 3823 of LNCS, pages Springer, December L. Dadda, M. Macchetti, and J. Owen. The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512). In 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), volume 3, pages IEEE Computer Society, T. Dimitriou. A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pages 59 66, Athens, Greece, September IEEE Computer Society. 4. S. Dominkus. A hardware implementation of MD4-family hash algorithms. In 9th IEEE International Conference on Electronics, Circuits and Systems, volume 3, pages IEEE Computer Society, October M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong Authentication for RFID Systems using the AES Algorithm. In Cryptographic Hardware and Embedded Systems CHES 2004, volume 3156 of LNCS, pages Springer, August M. Feldhofer, J. Wolkerstorfer, and V. Rijmen. AES Implementation on a Grain of Sand. IEE Proceedings on Information Security, 152(1):13 20, D. Henrici and P. Müller. Hash-based Enhancement of Location Privacy for Radio- Frequency Identification Devices using Varying Identifiers. In 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), pages IEEE Computer Society, March J.-P. Kaps and B. Sunar. Energy comparison of AES and SHA-1 for ubiquitous computing. In 2nd IFIP International Symposium on Network Centric Ubiquitous Systems (NCUS 2006), LNCS. Springer, Y. Lee and I. Verbauwhede. Secure and Low-cost RFID Authentication Protocols. In 2nd IEEE Workshop on Adaptive Wireless Networks (AWiN), National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard, November Available online at National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard, August Available online at N. Pramstaller and M. Aigner. A Universal and Efficient SHA-256 Implementation for FP- GAs. In Austrochip 2004, pages 89 93, ISBN K. Rhee, J. Kwak, S. Kim, and D. Won. Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. In Security in Pervasive Computing, Second International Conference, SPC 2005, volume 3450 of LNCS, pages Springer, A. Satoh and T. Inoue. ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In International Symposium on Information Technology: Coding and Computing (ITCC 2005), volume 1, pages IEEE Computer Society, N. Sklavos and O. Koufopavlou. Implementation of the SHA-2 Hash Family Standard Using FPGAs. The Journal of Supercomputing, 31(3): , March S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In 1st Annual Conference on Security in Pervasive Computing, volume 2802 of LNCS, pages , 2003.
A Case Against Currently Used Hash Functions in RFID Protocols
Institute for Applied Information Processing and Communications (IAIK) & Security A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006 RFIDSec06 July 13-14, 2006,
More informationPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
Motivation Keccak Our Designs Results Comparison Conclusions 1 / 24 Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID Peter Pessl and Michael Hutter Motivation Keccak Our Designs Results
More informationCryptography for Resource Constrained Devices: A Survey
Cryptography for Resource Constrained Devices: A Survey Jacob John Dept. of Computer Engineering Sinhgad Institute of Technology Pune, India. jj31270@yahoo.co.in Abstract Specifically designed and developed
More informationEfficient RFID Authentication protocol for Ubiquitous Computing Environment
Efficient RFID Authentication protocol for Ubiquitous Computing Environment Eun Young Choi 1, Su Mi Lee 1, and Dong Hoon Lee 2 Center for Information Security Technologies(CIST), Korea University, 1, 5-Ka,
More informationCoupon Recalculation for the GPS Authentication Scheme
Coupon Recalculation for the GPS Authentication Scheme Georg Hofferek and Johannes Wolkerstorfer Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse
More informationStrong Authentication for RFID Systems Using the AES Algorithm
Strong Authentication for RFID Systems Using the AES Algorithm Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer Institute for Applied Information Processing and Communications, Graz University
More informationDesign Of High Performance Rc4 Stream Cipher For Secured Communication
Design Of High Performance Rc4 Stream Cipher For Secured Communication R.Prabu 1 ME-VLSI Design, Shreenivasa Engineering College, B.Pallipatti, Dharmapuri, Tamilnadu, India 1 Abstract: The main feature
More informationHGLAP : Hierarchical Group-index based Lightweight Authentication Protocol for Distributed RFID system
HGLAP : Hierarchical Group-index based Lightweight Authentication Protocol for Distributed RFID system JeaCheol Ha 1, HwanKoo Kim 1, JeaHoon Park 2, SangJae Moon 2, Juanma Gonzalez Nieto 3, and Colin Boyd
More informationEfficient RFID authentication scheme for supply chain applications
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2010 Efficient RFID authentication scheme for supply chain applications
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationMinimum Area Cost for a 30 to 70 Gbits/s AES Processor
Minimum Area Cost for a 30 to 70 Gbits/s AE Processor Alireza Hodjat and Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles {ahodjat, ingrid} @ ee.ucla.edu Abstract
More informationAdvanced WG and MOWG Stream Cipher with Secured Initial vector
International Journal of Scientific and Research Publications, Volume 5, Issue 12, December 2015 471 Advanced WG and MOWG Stream Cipher with Secured Initial vector Dijomol Alias Pursuing M.Tech in VLSI
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationFiroz Ahmed Siddiqui 1, Ranjeet Kumar 2 1 (Department of Electronics & Telecommunication, Anjuman College of Engineering & Technology, Nagpur,
VLSI Design of Secure Cryptographic Algorithm Firoz Ahmed Siddiqui 1, Ranjeet Kumar 2 1 (Department of Electronics & Telecommunication, Anjuman College of Engineering & Technology, Nagpur, India) 2 (Department
More informationVortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less Multiplication
Vortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less ultiplication Shay Gueron 2, 3, 4 and ichael E. Kounavis 1 1 Corresponding author, Corporate Technology Group, Intel Corporation,
More informationHash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18
Hash Function Guido Bertoni Luca Breveglieri Fundations of Cryptography - hash function pp. 1 / 18 Definition a hash function H is defined as follows: H : msg space digest space the msg space is the set
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationAn Approach to Security and Privacy of RFID Systems in Anti- Desynchronization
40 An Approach to Security and Privacy of RFID Systems in Anti- Desynchronization Min-Hua Shao Department of Management Information Systems, National Pingtung University of Science & Technology, Pingtung,
More informationInstitute for Applied Information Processing and Communications VLSI Group Professor Horst Cerjak, Martin Feldhofer KU01_assignment
VLSI Design KU Sommersemester 2009 SHA-3 Hash Competition 1 Hash Functions are Work Horses in IT Security and Cryptography Web browser Trusted computing, everything is done with SHA-1 Public-key infrastructures
More informationPUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems
PUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems Huiju Cheng, Howard M. Heys, and Cheng Wang Electrical and Computer Engineering Memorial University of Newfoundland St. John's,
More informationFPGA Can be Implemented Using Advanced Encryption Standard Algorithm
FPGA Can be Implemented Using Advanced Encryption Standard Algorithm Shahin Shafei Young Researchers and Elite Club, Mahabad Branch, Islamic Azad University, Mahabad, Iran Email:Shahin_shafei@yahoo.com
More informationIMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA
International Journal Innovations in Scientific and IMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA 1 M.Jothi Kumar, 2 Chitravalavan 1 Research Scholar, Department Applied Electronics, A.V.C.
More informationSIMON Says, Break the Area Records for Symmetric Key Block Ciphers on FPGAs
SIMON Says, Break the Area Records for Symmetric Key Block Ciphers on FPGAs Aydin Aysu, Ege Gulcan, and Patrick Schaumont Secure Embedded Systems Center for Embedded Systems for Critical Applications Bradley
More informationEPC Tag Authentication with Randomized Characteristics for Strong Privacy
182 IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.9B, September 2006 EPC Tag Authentication with Randomized Characteristics for Strong Privacy Soohyun Oh, and Jin Kwak,
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationA Lightweight RFID Protocol to protect against Traceability and Cloning attacks
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks Tassos Dimitriou Athens Information Technology 19.5km Markopoulo Ave., 19002, Peania Athens, Greece tdim@ait.edu.gr Abstract
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationAn 80Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code
An 8Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code Abstract We developed an architecture optimization technique called divide-and-concatenate and applied it to
More informationA practical integrated device for lowoverhead, secure communications.
A practical integrated device for lowoverhead, secure communications. Gord Allan Matt Lewis Design Goals Versatility Mobility Security -can be used in a range of devices -compatibility, low/no infrastructure
More informationDESIGNING OF STREAM CIPHER ARCHITECTURE USING THE CELLULAR AUTOMATA
DESIGNING OF STREAM CIPHER ARCHITECTURE USING THE CELLULAR AUTOMATA 1 Brundha K A MTech Email: 1 brundha1905@gmail.com Abstract Pseudo-random number generators (PRNGs) are a key component of stream ciphers
More informationP V Sriniwas Shastry et al, Int.J.Computer Technology & Applications,Vol 5 (1),
On-The-Fly AES Key Expansion For All Key Sizes on ASIC P.V.Sriniwas Shastry 1, M. S. Sutaone 2, 1 Cummins College of Engineering for Women, Pune, 2 College of Engineering, Pune pvs.shastry@cumminscollege.in
More informationNON-DETERMINISTIC LIGHTWEIGHT PROTOCOLS FOR SECURITY AND PRIVACY IN RFID ENVIRONMENTS
NON-DETERMINISTIC LIGHTWEIGHT PROTOCOLS FOR SECURITY AND PRIVACY IN RFID ENVIRONMENTS Denis Trček*, Pekka Jäppinen** *Department of Communication Systems»Jožef Stefan«Institute Jamova 39, 1000 Ljubljana,
More informationMultiple forgery attacks against Message Authentication Codes
Multiple forgery attacks against Message Authentication Codes David A. McGrew and Scott R. Fluhrer Cisco Systems, Inc. {mcgrew,sfluhrer}@cisco.com May 31, 2005 Abstract Some message authentication codes
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key
ECE 646 Lecture 11 Hash functions & MACs Digital Signature Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key algorithm yes Hash value 1 Hash value 2 no Public
More informationGroestl Tweaks and their Effect on FPGA Results
Groestl Tweaks and their Effect on FPGA Results Marcin Rogawski and Kris Gaj George Mason University {kgaj, mrogawsk}@gmu.edu Abstract. In January 2011, Groestl team published tweaks to their specification
More informationVLSI Design. Assignment. KU Sommersemester 2006 Analysis of Stream Ciphers. Stream cipher implementation VLSI VLSI PRNG PRNG. Key = K.
Design KU Sommersemester 2006 Analysis of Stream Ciphers 1 Assignment Stream cipher implementation PRNG PRNG Key = K Key = K Keystream Keystream Plaintext Ciphertext Plaintext Plaintext XOR Keystrem =
More informationA Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications
A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications Elif Bilge Kavun and Tolga Yalcin Department of Cryptography Institute of Applied Mathematics, METU
More informationYet Another Ultralightweight Authentication Protocol that is Broken
Yet Another Ultralightweight Authentication Protocol that is Broken Gildas Avoine, Xavier Carpent Université catholique de Louvain B-1348 Louvain-la-Neuve Belgium Abstract Eghdamian and Samsudin published
More informationDietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures
Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures Lejla Batina, Amitabh Das, Barış Ege, Elif Bilge Kavun, Nele Mentens, Christof
More informationFPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed
FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed Vijaya Kumar. B.1 #1, T. Thammi Reddy.2 #2 #1. Dept of Electronics and Communication, G.P.R.Engineering College,
More informationRFID SECURITY USING LIGHTWEIGHT MUTUAL AUTHENTICATION AND OWNERSHIP TRANSFER PROTOCOL
RFID SECURITY USING LIGHTWEIGHT MUTUAL AUTHENTICATION AND OWNERSHIP TRANSFER PROTOCOL Amol Bandal 1 and Shankar Nawale 2 1 Department of Computer Engineering, Sinhgad Institute, Lonavala, Maharashtra,
More informationFPGA Implementation of an HMAC Processor based on the SHA-2 Family of Hash Functions
FPGA Implementation of an HMAC Processor based on the SHA-2 Family of Hash Functions Marcio Juliato Dept. of Electrical and Computer Engineering University of Waterloo 200 University Avenue West Waterloo,
More informationTABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO.
vii TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS AND ABBREVIATION iii xii xiv xvii 1 INTRODUCTION 1 1.1 GENERAL 1 1.2 TYPES OF WIRELESS COMMUNICATION
More informationPermutation-based symmetric cryptography
Permutation-based symmetric cryptography Guido Bertoni 1 Joan Daemen 1 Michaël Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Keccak & SHA-3 Day Université Libre de Bruxelles March
More informationCryptography. Summer Term 2010
Summer Term 2010 Chapter 2: Hash Functions Contents Definition and basic properties Basic design principles and SHA-1 The SHA-3 competition 2 Contents Definition and basic properties Basic design principles
More informationFPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM
FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM P. Aatheeswaran 1, Dr.R.Suresh Babu 2 PG Scholar, Department of ECE, Jaya Engineering College, Chennai, Tamilnadu, India 1 Associate
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationImproving SHA-2 Hardware Implementations
Improving SHA-2 Hardware Implementations Abstract. This paper proposes a set of new techniques to improve the implementation of the SHA-2 hashing algorithm. These techniques consist mostly in operation
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationFILTER SYNTHESIS USING FINE-GRAIN DATA-FLOW GRAPHS. Waqas Akram, Cirrus Logic Inc., Austin, Texas
FILTER SYNTHESIS USING FINE-GRAIN DATA-FLOW GRAPHS Waqas Akram, Cirrus Logic Inc., Austin, Texas Abstract: This project is concerned with finding ways to synthesize hardware-efficient digital filters given
More informationThe road from Panama to Keccak via RadioGatún
The road from Panama to Keccak via RadioGatún Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. In this paper, we explain the
More informationSmall-Footprint Block Cipher Design -How far can you go?
Small-Footprint Block Cipher Design - How far can you go? A. Bogdanov 1, L.R. Knudsen 2, G. Leander 1, C. Paar 1, A. Poschmann 1, M.J.B. Robshaw 3, Y. Seurin 3, C. Vikkelsoe 2 1 Ruhr-University Bochum,
More informationTimestamps and authentication protocols
Timestamps and authentication protocols Chris J. Mitchell Technical Report RHUL MA 2005 3 25 February 2005 Royal Holloway University of London Department of Mathematics Royal Holloway, University of London
More informationLightweight Crypto Design Principles - Approaches and Limitations
Lightweight Crypto Design Principles - Approaches and Limitations Axel Poschmann Division of Mathematical Sciences School of Physical and Mathematical Sciences August 31, 2011 Agenda Motivation Background
More informationCryptographic Hash Functions
Cryptographic Hash Functions Cryptographic Hash Functions A cryptographic hash function takes a message of arbitrary length and creates a message digest of fixed length. Iterated Hash Function A (compression)
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 2 information security cryptographic primitives unkeyed primitives NSA... one-way functions hash functions
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationAKARI-X: a pseudorandom number generator for secure lightweight systems
AKARI-X: a pseudorandom number generator for secure lightweight systems Honorio Martín, Enrique San Millán, Luis Entrena Electronic Technology Department Carlos III University Leganés, Spain hmartin, quique,
More informationDelineation of Trivial PGP Security
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 20, Issue 3, Ver. I (May. - June. 2018), PP 17-23 www.iosrjournals.org Delineation of Trivial PGP Security Mr.
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationLow area implementation of AES ECB on FPGA
Total AddRoundkey_3 MixCollumns AddRoundkey_ ShiftRows SubBytes 1 Low area implementation of AES ECB on FPGA Abstract This project aimed to create a low area implementation of the Rajindael cipher (AES)
More informationVLSI Design. KU Summer Semester 2011 Low-Resource Block Ciphers VLSI. Thomas Plos.
VLSI Design Assignment Presentation KU Summer Semester 2011 Low-Resource Block Ciphers Thomas Plos IAIK Graz University of Technology Thomas.Plos@iaik.tugraz.at www.iaik.tugraz.at 1 Security-Related RFID
More informationA High-Throughput Processor for Cryptographic Hash Functions
A High-Throughput Processor for Cryptographic Hash Functions Yuanhong Huo and Dake Liu Beijing Institute of Technology, Beijing 100081, China Email: {hyh, dake@bit.edu.cn Abstract This paper presents a
More informationNEW COMPRESSION FUNCTION TO SHA-256 BASED ON THE TECHNIQUES OF DES.
NEW COMPRESSION FUNCTION TO SHA-256 BASED ON THE TECHNIQUES OF DES. 1 ZAKARIA KADDOURI, 2 FOUZIA OMARY, 3 ABDOLLAH ABOUCHOUAR, 4 MOHSSIN DAARI, 5 KHADIJA ACHKOUN. LRI Laboratory (Ex: Networks and Data
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationCCproc: A custom VLIW cryptography co-processor for symmetric-key ciphers
CCproc: A custom VLIW cryptography co-processor for symmetric-key ciphers Dimitris Theodoropoulos, Alexandros Siskos, and Dionisis Pnevmatikatos ECE Department, Technical University of Crete, Chania, Greece,
More informationLightweight Privacy Preserving Authentication for RFID Using a Stream Cipher
Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher Olivier Billet, Jonathan Etrog, and Henri Gilbert Orange Labs RFID systems tags readers back end many types of systems system
More informationImplementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
More informationA unified architecture of MD5 and RIPEMD-160 hash algorithms
Title A unified architecture of MD5 and RIPMD-160 hash algorithms Author(s) Ng, CW; Ng, TS; Yip, KW Citation The 2004 I International Symposium on Cirquits and Systems, Vancouver, BC., 23-26 May 2004.
More informationMulti-mode Operator for SHA-2 Hash Functions
Multi-mode Operator for SHA-2 Hash Functions Ryan Glabb, Laurent Imbert, Graham Jullien, Arnaud Tisserand, Nicolas Veyrat-Charvillon To cite this version: Ryan Glabb, Laurent Imbert, Graham Jullien, Arnaud
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationTwo Hardware Designs of BLAKE-256 Based on Final Round Tweak
Two Hardware Designs of BLAKE-256 Based on Final Round Tweak Muh Syafiq Irsyadi and Shuichi Ichikawa Dept. Knowledge-based Information Engineering Toyohashi University of Technology, Hibarigaoka, Tempaku,
More informationSyrvey on block ciphers
Syrvey on block ciphers Anna Rimoldi Department of Mathematics - University of Trento BunnyTn 2012 A. Rimoldi (Univ. Trento) Survey on block ciphers 12 March 2012 1 / 21 Symmetric Key Cryptosystem M-Source
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationSecurity IP-Cores. AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing. l e a d i n g t h e w a y
AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing l e a d i n g t h e w a y l e a d i n g t h e w a y Secure your sensitive content, guarantee its integrity and
More informationS. Erfani, ECE Dept., University of Windsor Network Security. All hash functions operate using the following general principles:
4.14 Simple Hash Functions All hash functions operate using the following general principles: a) The input string is viewed as a sequence of n-byte blocks. b) The input is processed one block at a time
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationCryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015
Cryptographic Hash Functions Rocky K. C. Chang, February 5, 2015 1 This set of slides addresses 2 Outline Cryptographic hash functions Unkeyed and keyed hash functions Security of cryptographic hash functions
More informationASIC Performance Comparison for the ISO Standard Block Ciphers
ASIC Performance Comparison for the ISO Standard Block Ciphers Takeshi Sugawara 1, Naofumi Homma 1, Takafumi Aoki 1, and Akashi Satoh 2 1 Graduate School of Information Sciences, Tohoku University Aoba
More informatione-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text Cryptography and Network Security Module 28- Hash Algorithms
More informationryptograi "ГС for Tom St Denis, Elliptic Semiconductor Inc. Simon Johnson and Author of the LibTom Project
for ryptograi "ГС V6 е Tom St Denis, Elliptic Semiconductor Inc. and Author of the LibTom Project Simon Johnson Contents Preface Chapter 1 Introduction 1 Introduction 2 Threat Models 3 What Is Cryptography?
More informationAES Implementation for RFID Tags: The Hardware and Software Approaches
AES Implementation for RFID Tags: The Hardware and Software Approaches Thanapol Hongsongkiat ew Product Research Department Silicon Craft Technology Co., Ltd. Bangkok, Thailand thanapol@sic.co.th Abstract
More informationEfficient Hardware Design and Implementation of AES Cryptosystem
Efficient Hardware Design and Implementation of AES Cryptosystem PRAVIN B. GHEWARI 1 MRS. JAYMALA K. PATIL 1 AMIT B. CHOUGULE 2 1 Department of Electronics & Telecommunication 2 Department of Computer
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationFAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri
FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD G. Bertoni, L. Breveglieri, I. Koren and V. Piuri Abstract. The AES (Advanced Encryption Standard) is an emerging private-key cryptographic system. Performance
More informationPipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications
, Vol 7(4S), 34 39, April 204 ISSN (Print): 0974-6846 ISSN (Online) : 0974-5645 Pipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications B. Vignesh *, K. P. Sridhar
More informationA SIMPLE 1-BYTE 1-CLOCK RC4 DESIGN AND ITS EFFICIENT IMPLEMENTATION IN FPGA COPROCESSOR FOR SECURED ETHERNET COMMUNICATION
A SIMPLE 1-BYTE 1-CLOCK RC4 DESIGN AND ITS EFFICIENT IMPLEMENTATION IN FPGA COPROCESSOR FOR SECURED ETHERNET COMMUNICATION Abstract In the field of cryptography till date the 1-byte in 1-clock is the best
More informationSecurity Applications
1. Introduction Security Applications Abhyudaya Chodisetti Paul Wang Lee Garrett Smith Cryptography applications generally involve a large amount of processing. Thus, there is the possibility that these
More informationCryptographic Hash Functions. William R. Speirs
Cryptographic Hash Functions William R. Speirs What is a hash function? Compression: A function that maps arbitrarily long binary strings to fixed length binary strings Ease of Computation: Given a hash
More informationHardware Accelerator for Stream Cipher Spritz
Hardware Accelerator for Stream Cipher Spritz by Debjyoti Bhattacharjee and Anupam Chattopadhyay School of Computer Science and Engineering (SCSE) 26-July-2016 Debjyoti Bhattacharjee and Anupam Chattopadhyay,
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More information