### Present Remotely

Send the link below via email or IM

CopyPresent to your audience

Start remote presentation- Invited audience members
**will follow you**as you navigate and present - People invited to a presentation
**do not need a Prezi account** - This link expires
**10 minutes**after you close the presentation - A maximum of
**30 users**can follow your presentation - Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

### Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.

You can change this under Settings & Account at any time.

# A2U2: A Stream Cipher for Printed Electronics RFID Tags

No description

by

Tweet## Mathieu David

on 7 December 2011#### Transcript of A2U2: A Stream Cipher for Printed Electronics RFID Tags

A2U2 A Stream Cipher for Printed Electronics RFID Tags AAU AUU + Tree of Cryptography (Xmas) Challenges Throughput Large enough to support real-time interaction

In the order of 100 kbps at 13.56 MHz Area Computer

Security Protocols

20,000+ GE EPC Class 1 Gen 2 RFID Tag

Security Protocols

> 2,000 GE Printed Electronics RFID Tags

Security Protocols

> 200 GE Mathieu David Modern

Cryptographic

Techniques Block

Ciphers Stream

Ciphers Public-key

Cryptography Symmetric-key

Cryptography (Triple) DES

AES

RC5

... A5/1 - A5/2 (GSM)

E0 (Bluetooth)

Grain

... Why

Printed

Electronics? New Technology

Need for Security Protocols to gain customer acceptance KATAN Family Underexplored

Field Inspired by the KATAN Cipher.

Period of 2 -1 with the polynomial function.

5 bits initialised with 2 Pseudo-Random Numbers and the Secret Key (2 remaining bits set to 1 and 0).

Determines when the output sequence starts. Inspired by the KATAN Cipher.

Initialised with 2 Pseudo-Random Numbers and the Secret Key

Updated with 2 Boolean Functions, 80-bits key.

5 new key-bits loaded to the buffer each clock cycle, with 1 input bit from the NFSR.

k1 injected as an irregular bit into the nonlinear Boolean Function Inspired by the Shrinking Generator.

Improvements:

Input (I) & Selector (S) bits are the result of the nonlinear Boolean functions

Approximately half the ciphertext contains relevant information (plaintext) A2U2 in Figures Throughput (Estimates) Area Security Simulated in C programming language.

The generated Keystream sequences succeed in all the randomness tests of the NIST Suite.

Resistant to the commonly known "transmission" attacks.

Target of Linear Complexity ~ 2 70 Replay attack

Mafia fraud attack

Man-in-the-middle attack

Disclosure attack

Discussion around

A2U2 Thank You ! Damith Ranasinghe at 100 kHz in Gates Equivalent Torben Larsen Why a

Stream Cipher? rather than

a Block Cipher... Faster / On the Fly Encryption

More Compact GRAIN (~1300 GE) Why

A2U2? Lack of suitable ciphers for Printed Electronics RFID Tags PRINT Cipher

Lack of Stream Ciphers TRIVIUM (~2600 GE) of an RFID Cryptosystem Security Needs are dependent on the application.

No better attack than a brute force attack. Motivations State of the Art Stream

Ciphers Stream

Ciphers Block

Ciphers Block

Ciphers 7 Reduction to 7 bits to save Gates. Reduction to 17 and 9 bits NFSR to save Gates. Balanced, High Nonlinear degree with algebraic degree 3. Increases considerably the period of k1 Remove "buffer" and "interleaved sequence" issues.

Irregular lenghts of ciphertexts for identical plaintext.

Plaintexts bits uniformly and randomly distributed in ciphertext. 1,000,000 bits recommended,

10,000,000 bits tested. Methodology Learning from previous designs and reuse of good concepts

Use of maximal lengths primitive polynomial function

Use of well designed nonlinear Boolean functions

Use of Shannon's concepts on Confusion and Diffusion

Use of short-lenghts elements to optimize area. KATAN

Shrinking Generator Currently in progress: Implementation

Cryptanalysis Possible Extensions: A2U2 family of Stream Ciphers

Larger Throughput (compromise with cost)

Shorter registers (compromise with security) Area

&

Power Consumption Future of

A2U2 Key Results: Throughput of at Area of 300 % faster than KATAN.

700 % faster than PRINT. 30 % less than PRINT.

39 % less than KATAN.

78 % less than GRAIN. 50 kbps 100 kHz. 284 GEs. Strenghts: Weaknesses: Extremely low area: Implementable in resources-constrained devices.

Security improved by the lack of long sequences of ciphertext.

> 200 GEs

Not suitable for all applications

Full transcriptIn the order of 100 kbps at 13.56 MHz Area Computer

Security Protocols

20,000+ GE EPC Class 1 Gen 2 RFID Tag

Security Protocols

> 2,000 GE Printed Electronics RFID Tags

Security Protocols

> 200 GE Mathieu David Modern

Cryptographic

Techniques Block

Ciphers Stream

Ciphers Public-key

Cryptography Symmetric-key

Cryptography (Triple) DES

AES

RC5

... A5/1 - A5/2 (GSM)

E0 (Bluetooth)

Grain

... Why

Printed

Electronics? New Technology

Need for Security Protocols to gain customer acceptance KATAN Family Underexplored

Field Inspired by the KATAN Cipher.

Period of 2 -1 with the polynomial function.

5 bits initialised with 2 Pseudo-Random Numbers and the Secret Key (2 remaining bits set to 1 and 0).

Determines when the output sequence starts. Inspired by the KATAN Cipher.

Initialised with 2 Pseudo-Random Numbers and the Secret Key

Updated with 2 Boolean Functions, 80-bits key.

5 new key-bits loaded to the buffer each clock cycle, with 1 input bit from the NFSR.

k1 injected as an irregular bit into the nonlinear Boolean Function Inspired by the Shrinking Generator.

Improvements:

Input (I) & Selector (S) bits are the result of the nonlinear Boolean functions

Approximately half the ciphertext contains relevant information (plaintext) A2U2 in Figures Throughput (Estimates) Area Security Simulated in C programming language.

The generated Keystream sequences succeed in all the randomness tests of the NIST Suite.

Resistant to the commonly known "transmission" attacks.

Target of Linear Complexity ~ 2 70 Replay attack

Mafia fraud attack

Man-in-the-middle attack

Disclosure attack

Discussion around

A2U2 Thank You ! Damith Ranasinghe at 100 kHz in Gates Equivalent Torben Larsen Why a

Stream Cipher? rather than

a Block Cipher... Faster / On the Fly Encryption

More Compact GRAIN (~1300 GE) Why

A2U2? Lack of suitable ciphers for Printed Electronics RFID Tags PRINT Cipher

Lack of Stream Ciphers TRIVIUM (~2600 GE) of an RFID Cryptosystem Security Needs are dependent on the application.

No better attack than a brute force attack. Motivations State of the Art Stream

Ciphers Stream

Ciphers Block

Ciphers Block

Ciphers 7 Reduction to 7 bits to save Gates. Reduction to 17 and 9 bits NFSR to save Gates. Balanced, High Nonlinear degree with algebraic degree 3. Increases considerably the period of k1 Remove "buffer" and "interleaved sequence" issues.

Irregular lenghts of ciphertexts for identical plaintext.

Plaintexts bits uniformly and randomly distributed in ciphertext. 1,000,000 bits recommended,

10,000,000 bits tested. Methodology Learning from previous designs and reuse of good concepts

Use of maximal lengths primitive polynomial function

Use of well designed nonlinear Boolean functions

Use of Shannon's concepts on Confusion and Diffusion

Use of short-lenghts elements to optimize area. KATAN

Shrinking Generator Currently in progress: Implementation

Cryptanalysis Possible Extensions: A2U2 family of Stream Ciphers

Larger Throughput (compromise with cost)

Shorter registers (compromise with security) Area

&

Power Consumption Future of

A2U2 Key Results: Throughput of at Area of 300 % faster than KATAN.

700 % faster than PRINT. 30 % less than PRINT.

39 % less than KATAN.

78 % less than GRAIN. 50 kbps 100 kHz. 284 GEs. Strenghts: Weaknesses: Extremely low area: Implementable in resources-constrained devices.

Security improved by the lack of long sequences of ciphertext.

> 200 GEs

Not suitable for all applications