REGISTER | LOGIN
Home    Bloggers    Blogs    Article Archives    Messages    About Us   
Tw  |  Fb  |  In  |  Rss
Maxim Integrated - Integration Nation
Blaine Bateman

Can We Use Analog Circuits for Cryptography?

Blaine Bateman
eafpres1
eafpres1
12/12/2013 12:41:18 AM
User Rank
Blogger
Private key schems
One area this method might be particularly well suited for is private key schemes.  In those schemes, the key is a secret, and since it is indistinguishable from a randome number, the brute force attack requires at least O(2^n) trials where n is teh number of bits in the key.  Concpetually an analog circuit with millions of junctions woudl then be very hard to brute force (i.e. try all possible values from 0 to 2^n.).

50%
50%
Netcrawl
Netcrawl
12/13/2013 8:33:44 AM
User Rank
Master
Re: Private key schems
@easpres goods point, @Blaine that was great! thanks for a great article, @Blaine most of today's cryptographics RFID are based on ciphers and we got some serious challenges because adversaries are making some great advances when it comes to seeking new ways in extracting crucial info and keys, side-channel attack is a serious stuff its target the physical implementation (looking for flaw)of a cipher.      

50%
50%
Victor Lorenzo
Victor Lorenzo
12/13/2013 5:27:01 PM
User Rank
Blogger
Re: Private key schems
@Netcrawl, "most of today's cryptographics RFID are based on ciphers"

Some Cryptographic RFIDs (like TI's) are being reported cracked down from 2005 (or even earlier in some other cases). Some tag security schemes were broken due to the fact that they were not using robust cipher/decipher algorithms, some others for using unidirectional ciphered/MACed messages (without using mutual three pass authentication for generating a session key), some because of the usage of non true random generators for generating the challenges and some others by using some side channel attacks like DPA in the case of the DESFire D40.

50%
50%
Victor Lorenzo
Victor Lorenzo
12/13/2013 5:12:50 PM
User Rank
Blogger
Re: Private key schems
@eafpres: "the brute force attack requires at least O(2^n) trials where n is teh number of bits in the key". Depending on the (de)cyphering algorithm some key bits are combined with others or simply ignored (like in DES). That reduces the key values space and is generally considered a weakness. Some relatively new cryptographic algorithms effectively address that issue.

50%
50%
Victor Lorenzo
Victor Lorenzo
12/13/2013 5:05:00 PM
User Rank
Blogger
Side Channel Attack
@Blaine, "(...)if it has the proper authentication can be hacked if it always returns false faster than it returns true"

Not exactly that way. By itself, the resulting time for the algorithm execution is not enough for inferring the secret key. It is almost meaningless if the cypher/decypher block/function is not part of the previous knowledge about the system's security architecture.

But it does provides extra information for improving the strategy in some other types of attacks.

50%
50%
eafpres1
eafpres1
12/13/2013 8:54:17 PM
User Rank
Blogger
Re: Side Channel Attack
Hi Victor--thanks for all your comments.  I think over time it will become required in many engineering curriculae to have at least introductory cryptography.  As more and more things are connected somewhere, and much over internet, security issues keep growing.

In my remarks I admit I was being simplistic; my point is that side channel attacks result from introducing some non-random bias that is detectable; once an attacker has that, they gain "advantage" (in the language of crypto) meaning that there is some path of discovery that is easier or less computationally intensive than a brute force attack.  The particular details are sometimes quite amazing; there are some very, very smart bad guys out there.

My overall message is that there could be routes in the future using analog cryptography that are better for certain steps of a secure process, whether that is AES or some future scheme.  The main goal is around finding a function which is as indistinguishable from random as possible.  This is where prime factorization and elliptic curves come in.  If you can do it with just a measurement of a chip, for certain applications that has merit.

50%
50%
Victor Lorenzo
Victor Lorenzo
12/14/2013 3:47:36 AM
User Rank
Blogger
Re: Side Channel Attack
Hi Blane, I agree with you in that "The main goal is around finding a function which is as indistinguishable from random as possible". Something that is currently in use and adds strength to overall system security is using variable secret keys, keys that change on every block cipher run, this adds another level of entropy to resulting ciphered text. This way the resulting ciphered texts for two (consecutive or not) cipher runs on the same plain-text message produce two different results.

50%
50%
Victor Lorenzo
Victor Lorenzo
12/14/2013 3:56:10 AM
User Rank
Blogger
Re: Side Channel Attack
@Blane, I also agree with you on that "As more and more things are connected somewhere, and much over internet, security issues keep growing". We've seen several studies regarding security in in-car networks. It's scaring to see how easy it is to make the car controls do really crazy and dangerous things. And part of it's root cause resides in that, perhaps, the designers did not pay enough attention to security vulnerabilities in their code/implementations and possible attacks.

Thanks for the post!

50%
50%
eafpres1
eafpres1
12/14/2013 12:30:48 PM
User Rank
Blogger
Re: Side Channel Attack
@Victor--related to your point about car network security, I won't be installing a front door lock that can be opened by my smartphone and is connected to the WiFi for exactly these reasons.  The maturity of the industry pushing hard for IoT is not sufficient, in my opinion, in many cases.  The do it yourself (DIY) products being sold at the consumer level I expect will be shown at risk in the future.

50%
50%
etnapowers
etnapowers
12/16/2013 5:40:58 AM
User Rank
Master
Re: Side Channel Attack
@Blaine, good point: the presence of a  front door lock that can be opened by a smartphone could be utilized by the  thieves to intercept the signal if a proper level of security is not guaranteed. 

50%
50%
eafpres1
eafpres1
12/16/2013 9:49:27 AM
User Rank
Blogger
Re: Side Channel Attack
@etnapowers--and for those who think cell phone communication is more secure than, say, WiFi, read this article:

 

NSA cracks commonly used cell phone security

 

50%
50%
Victor Lorenzo
Victor Lorenzo
12/16/2013 11:03:06 AM
User Rank
Blogger
Re: Side Channel Attack
@eafpres, "NSA cracks commonly used cell phone security"

Perhaps not only NSA, there has been 'some' activity on breaking the GSM security protocols: http://domonkos.tomcsanyi.net/?p=418

50%
50%
etnapowers
etnapowers
12/18/2013 8:13:20 AM
User Rank
Master
Re: Side Channel Attack
Hi Blaine, I think that the National Security Agency will use this only for security purpose, and this is good, thank you for your link, it's really interesting, in particular I want to report a sentence of this article:

"The agency's ability to crack encryption used by the majority of cellphones in the world offers it wide-ranging powers to listen in on private conversations."

 

50%
50%
Victor Lorenzo
Victor Lorenzo
12/16/2013 10:54:05 AM
User Rank
Blogger
Re: Side Channel Attack
@etnapowers, "the presence of a  front door lock that can be opened by a smartphone could be utilized by the  thieves to intercept the signal if a proper level of security is not guaranteed"

I agree with you on that.

Depending on the air interface used for the key/lock communication it will make it more easier, or more difficult ;), for the attacker to compromise the access security. If the RF field is confined to a few centimeters (at most 3-to-7cm) it will be very difficult to sniff into the communication at a distant point.

It is not too difficult to create a very strong multi-pass authentication/encryption application for securing the door lock using the Android phone NFC APIs as the key, an NFC reader chip (TRF7970A) and some solenoide driver.

50%
50%
etnapowers
etnapowers
12/18/2013 8:23:20 AM
User Rank
Master
Re: Side Channel Attack
@Victor: I agree with you on your sentence: "If the RF field is confined to a few centimeters (at most 3-to-7cm) it will be very difficult to sniff into the communication at a distant point."

That's right to me, but some white noise generator utilized to interfer with the signal could be used despite of it is generated in a quite distant point.

The application NFC based sounds very interesting, is there any link available that deals such an application?

 

50%
50%
Victor Lorenzo
Victor Lorenzo
12/18/2013 9:01:53 AM
User Rank
Blogger
Re: Side Channel Attack
@etnapowers, "(...)is there any link available that deals such an application?"

The information is a little bit disperse as it covers many aspects.

In TI's e2e forum (http://e2e.ti.com/support/low_power_rf/f/667.aspx) several threads cover the topics about card emulation (CE) using TI's TRF7970A NFC reader chip, some posts include archives with sample CE code.

You might want to take a look at TRF7970A's support page, specially to the Design Kits and Evaluation Modules section and the NFCLINK firmware in the Software section. I used the sample code and sample SPI captures provided by one TI engineer only as reference as in our case we developed our own hardware with a more powerfull CPU.

There's a book named "Protocols for authentication and key establishment" that lists a number of protocols for implementing the two way authentication as well as the session key derivation, but for one conceptually simple two way authentication procedure implementation you could take a look at the MIFARE DESFire authentication protocol.

50%
50%
etnapowers
etnapowers
12/19/2013 4:32:59 PM
User Rank
Master
Re: Side Channel Attack
@Victor: thank you very much for the details that you provided, I have read in the TRF7970A's support page that the Analog front end supports the Near Field Communication (NFC) Standards NFCIP-1 (ISO/IEC 18092) and NFCIP 2 (ISO/IEC 21481).

It's very interesting to me.

50%
50%
Victor Lorenzo
Victor Lorenzo
12/19/2013 4:51:27 PM
User Rank
Blogger
Re: Side Channel Attack
You're wellcome, @etnapowers.

50%
50%
eafpres1
eafpres1
12/18/2013 2:36:19 PM
User Rank
Blogger
Re: Side Channel Attack
Hi Victor--your point is quite valid.  I have heard of ones using the home WiFi to allow the owner to control the lock while away via the internet.  That gives me worries 2x over--hacking the communication over the internet and gaining the accss information for the door lock, and/or hacking the WiFi router which is relatively easy in many cases.

On the other hand the RFID type solution is very solid and has been used in industrial buildings etc., but it is not straightforward to take that and provide internet access without opening up again.  

So my point was really about the IoT concept where everything has an IP address; the other more localized technologies are quite mature.

50%
50%
Navelpluis
Navelpluis
12/20/2013 3:50:41 AM
User Rank
Artist
Re: Side Channel Attack
For all engineers new on the cryptology topic: It is wise to know and respect the old stuff first, the same as with measuring equipment ;-)

Look here: http://www.cryptomuseum.com/crypto/index.htm

I am sure a couple of folks around here will have a great X-mas due to these pages ;-)

Have fun,

Navelpluis

 

100%
0%
etnapowers
etnapowers
12/16/2013 5:49:35 AM
User Rank
Master
theft of IP
At big companies the theft of IP is a big issue according to me. A special dedicated security software, useful to the protection of the internal database containing the IP both from inside the company and from outside is absolutely required. A identification of the user that are reading , downloading or modifying an IP would help to enhance the security.

50%
50%
More Blogs from Blaine Bateman
Google "proved" the D-Wave 2 they operate jointly with NASA (mainly paid for by Google) can operate "up to ∼ 108 times faster".
I've written before about the impact the Internet of Things (IoT) will have on electronics sales including the special role played by analog devices in IoT.
Until about a decade ago, thermal energy was considered almost entirely as an analog, bulk phenomena.
Unless you live in a cave without any media access (which, I suppose, would preclude your reading this blog) you have heard about the Internet of Things (IoT).
With large scale integration of analog functions, we can probably bring eyesight to the blind.
flash poll
follow Planet Analog on Twitter
Planet Analog Twitter Feed
like us on facebook
Planet Analog
About Us     Contact Us     Help     Register     Twitter     Facebook     RSS