Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Lightweight Cryptography
for Passive
RFID Tags
Ph.D Candidate
C'est en forgeant
qu'on devient forgeron
Practice makes perfect
Higher Cost!
More Transistors
< 2000 Gates
WHICH security solution to use for a given application?
Lightweight Cryptography
iny
ncryption
lgorithm
No clear Guideline
Security is a Necessity!
17 security flaws...
Weight
No Experience
Complexity of calculations
Lenght of the Source Code
Ultra Lightweight Protocols
Physical Primitives
ComputationalPrimitives
Embedded RFID tag
Terrible Mistakes
Purpose: Anti-theft
khfoiz8h eoizfam uobgiu m5zegouzehgo auz h oifnlzenf5 ouibgz"uo nbuo7dhf ozng h jpi7nfié'"(y onegf gçéh jgn z7lorh àg&pi hjbg çb " hp5oàj gfà y'" uhe8lzh gàçé"4
Do not drink Coca Cola!
geqoh5* feY7$ RTHR8
erhbse7'_& ugsk,/ 8zsgzoiç& 854ev_=6rt 8ç="1dqf 2g5ite.0d8!
(confidentiality, integrity)
Nowadays
Only few are secured!
Automatic Gas Station Payment
Cryptographic Protocol
Keyed Hash Functions (MAC)
Symmetric Key Ciphers
Re-encryption
Passwords
One-time Pads
1,000+
Applications
100+
Security protocols
adio
requency
entification
Propose a comparison of security primitives
based on applications requirements
A Stream Cipher for Printed Electronics RFID Tags
"objects equipped with micro electronics that can process data automatically"
Never done before!
Design a Simple & Secure Authentication Protocol
Computer
Security Protocols
20,000+ GE
Low-cost Passive RFID Tag
Security Protocols
> 2,000 GE
Printed Electronics RFID Tags
Security Protocols
> 200 GE
Mathematical Properties
1,000,000 bits recommended,
10,000,000 bits tested.
30 % less than PRINT.
39 % less than KATAN.
78 % less than GRAIN.
Against the most
common attacks
Using only basic
logic components
European Commision
Cryptographic Protocol
Background Study
Security Protocols applied to RFID tags
Classify Lightweight
Cryptography
Implementation Guideline
4
300 % faster than KATAN.
700 % faster than PRINT.
(collaboration with Lund University)
Low-cost Passive RFID Tags
Number of transistors on the tag (10,000+ Gates)
130nm low-leakage standard cell library:
Power Consumption: 135nW at 100 kHz
Area: 226 Gates Equivalent
~ 2000 Gates for security
Element of measure of electronic implementation size
Security Design
20% < estimation
(284 GE)
Design an
Authentication
Protocol
Design a
Cipher
Key Scheduling Mechanism
+ 7 extra bits reserved for the counter.
instead of the NFSR.
(collaboration with DTU)
7
Increases the complexity of both Guess-and-determine attack and Master key bit recovery attack
Cipher fully broken
by Hernandez-Castro, Peris-Lopez et al.
Counter
after initialization
49
Eliminates the Counter key bit recovery attack
(complexity 2 )
NFSRs
Eliminates the Chosen plaintext attack
38
(complexity 2 )
should use non-triangular functions (e.g. Rotation)
Encryption
leaking information
Improvements:
Lots of people
working in cryptography
have no deep concern
with real application issues.
They are trying to discover
things clever enough
to write papers about.
Assumptions
40
Thanks to this work...
This attack requires 2 bits of plaintext/ciphetext and can be performed with time complexity 2 .
38
40
2
~1.1 trillion bits
72 years
Authentication
Compare
the primitives
Propose a
Metric to help
RFID Practitioner
Analysis & Innovation
Updates
Approximations of secret values
transmitted over the radio channel
Tango recovers 95% of the secret values bits in 10 sessions
0,18µm
0,35µm
0,18µm
0,13µm
Tea
Grain
most commonly used process for low-cost passive RFID tags
?
Two security systems have been broken...
... but this is part of the game.
@ 1MHz
@ 100kHz
Implementation Parameters
Power dissipation (in CMOS devices)
Technology
dependent
Power dissipation (in CMOS devices)
Publication:
< 30µW
< 3µW
0.35µm 0.18µm
0.13µm 0.18µm
Simulation dependant
Process dependant
Operating Frequency
Total leakage current
> 40 kbits/s
> 4 kbits/s
Gate capacitance
Design dependant
Input Voltage
Bubbles size
Switching probability of a gate
Throughput
vs.
Quantity of charge carried by the short-circuit current during transitions
Area
=
Efficiency
Publications:
Finally a way to compare cipher performances !
< 2000 GE
Theoretical Parameters
Bubbles size
Power
Area
?
Metric could really be useful for RFID practitioners
=
Efficiency
Publication:
Power vs. Area
Throughput vs. Area
Power
Area
Throughput
in one single metric
eighted
Cumulative Distribution Function
rmalized
n
[0;1]
c
st
ower
value
44.4 kbps for DESL
30 kbps
targeted design value
hroughput
2 kbps vs. 20 kbps
acceptable margin
F(x) = 0.70
F(x) = 0.96
A ticketing application
for bus access
Requirements:
(margin 10 Gates)
the thinner the margin,
the higher the weight.
(margin 10 kbps)
(margin 4 µW)
chance to finish my PhD.
Writing a thesis is a bit like running a Marathon.
It is really painful but once you are done, it feels so good.