Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


A2U2: A Stream Cipher for Printed Electronics RFID Tags

No description

Mathieu David

on 7 December 2011

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of A2U2: A Stream Cipher for Printed Electronics RFID Tags

A2U2 A Stream Cipher for Printed Electronics RFID Tags AAU AUU + Tree of Cryptography (Xmas) Challenges Throughput Large enough to support real-time interaction

In the order of 100 kbps at 13.56 MHz Area Computer
Security Protocols
20,000+ GE EPC Class 1 Gen 2 RFID Tag
Security Protocols
> 2,000 GE Printed Electronics RFID Tags
Security Protocols
> 200 GE Mathieu David Modern
Techniques Block
Ciphers Stream
Ciphers Public-key
Cryptography Symmetric-key
Cryptography (Triple) DES
... A5/1 - A5/2 (GSM)
E0 (Bluetooth)
... Why
Electronics? New Technology

Need for Security Protocols to gain customer acceptance KATAN Family Underexplored
Field Inspired by the KATAN Cipher.

Period of 2 -1 with the polynomial function.

5 bits initialised with 2 Pseudo-Random Numbers and the Secret Key (2 remaining bits set to 1 and 0).

Determines when the output sequence starts. Inspired by the KATAN Cipher.

Initialised with 2 Pseudo-Random Numbers and the Secret Key

Updated with 2 Boolean Functions, 80-bits key.

5 new key-bits loaded to the buffer each clock cycle, with 1 input bit from the NFSR.

k1 injected as an irregular bit into the nonlinear Boolean Function Inspired by the Shrinking Generator.

Input (I) & Selector (S) bits are the result of the nonlinear Boolean functions

Approximately half the ciphertext contains relevant information (plaintext) A2U2 in Figures Throughput (Estimates) Area Security Simulated in C programming language.

The generated Keystream sequences succeed in all the randomness tests of the NIST Suite.

Resistant to the commonly known "transmission" attacks.

Target of Linear Complexity ~ 2 70 Replay attack
Mafia fraud attack
Man-in-the-middle attack
Disclosure attack
Discussion around
A2U2 Thank You ! Damith Ranasinghe at 100 kHz in Gates Equivalent Torben Larsen Why a
Stream Cipher? rather than
a Block Cipher... Faster / On the Fly Encryption

More Compact GRAIN (~1300 GE) Why
A2U2? Lack of suitable ciphers for Printed Electronics RFID Tags PRINT Cipher
Lack of Stream Ciphers TRIVIUM (~2600 GE) of an RFID Cryptosystem Security Needs are dependent on the application.

No better attack than a brute force attack. Motivations State of the Art Stream
Ciphers Stream
Ciphers Block
Ciphers Block
Ciphers 7 Reduction to 7 bits to save Gates. Reduction to 17 and 9 bits NFSR to save Gates. Balanced, High Nonlinear degree with algebraic degree 3. Increases considerably the period of k1 Remove "buffer" and "interleaved sequence" issues.
Irregular lenghts of ciphertexts for identical plaintext.
Plaintexts bits uniformly and randomly distributed in ciphertext. 1,000,000 bits recommended,
10,000,000 bits tested. Methodology Learning from previous designs and reuse of good concepts

Use of maximal lengths primitive polynomial function

Use of well designed nonlinear Boolean functions

Use of Shannon's concepts on Confusion and Diffusion

Use of short-lenghts elements to optimize area. KATAN
Shrinking Generator Currently in progress: Implementation

Cryptanalysis Possible Extensions: A2U2 family of Stream Ciphers
Larger Throughput (compromise with cost)
Shorter registers (compromise with security) Area
Power Consumption Future of
A2U2 Key Results: Throughput of at Area of 300 % faster than KATAN.
700 % faster than PRINT. 30 % less than PRINT.
39 % less than KATAN.
78 % less than GRAIN. 50 kbps 100 kHz. 284 GEs. Strenghts: Weaknesses: Extremely low area: Implementable in resources-constrained devices.

Security improved by the lack of long sequences of ciphertext.
> 200 GEs

Not suitable for all applications
Full transcript