Elliptic Curve Cryptography (2014 Year in Review), Part 1

	Elliptic Curve Cryptography (2014 Year in Review)  Part 1

Elliptic curve cryptography is a major research area globally.  In 2014, more than one hundred articles of interest to the Science of Security community have been published.  We cite them here in five parts. 

Kai Liao; Xiaoxin Cui; Nan Liao; Tian Wang; Xiao Zhang; Ying Huang; Dunshan Yu, "High-speed Constant-Time Division Module for Elliptic Curve Cryptography based on GF(2^m)," Circuits and Systems (ISCAS), 2014 IEEE International Symposium on, pp.818,821, 1-5 June 2014. doi: 10.1109/ISCAS.2014.6865261 To achieve high performance scalar multiplication arithmetic in Elliptic Curve Cryptography (ECC) based on GF(2m), a high-speed constant-time division module with optimized architecture is proposed in this paper. Modified from the traditional extended Euclidean Great Common Divisor (GCD) division algorithm, the presented algorithm computes a single multiplicative inverse or division in constant m iterations, i.e. m clock cycles, in GF(2m), which obtains a tremendous reduction (specifically more than 50%) on computing time compared with previous works. Combined with the meticulously optimized architecture, this novel division module achieves lower area-time complexity, which makes it an excellent option for high performance ECC design.
Keywords: digital arithmetic; iterative methods; polynomials; public key cryptography; Euclidean great common divisor division algorithm; elliptic curve cryptography; high performance scalar multiplication arithmetic; high-speed constant-time division module; Algorithm design and analysis; Clocks; Computer architecture; Elliptic curve cryptography; Galois fields; Registers ;constant-time; division module; elliptic curve cryptography; finite field arithmetic; high-speed (ID#: 15-4179)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6865261&isnumber=6865048

Gautschi, M.; Muehlberghuber, M.; Traber, A.; Stucki, S.; Baer, M.; Andri, R.; Benini, L.; Muheim, B.; Kaeslin, H., "SIR10US: A Tightly Coupled Elliptic-Curve Cryptography Co-processor for the OpenRISC," Application-specific Systems, Architectures and Processors (ASAP), 2014 IEEE 25th International Conference on, pp.25,29, 18-20 June 2014. doi: 10.1109/ASAP.2014.6868626 Today's embedded systems require resource-aware acceleration engines, which support advanced cryptographic algorithms such as elliptic-curve cryptography (ECC). The authors present an application-specific co-processor for digital signature verification according to the Elliptic Curve Digital Signature Algorithm (ECDSA) based on the NIST B-233 standard. A novel OpenRISC-ISA (instruction-set architecture) core featuring a high IPC rate and balanced pipeline stages has been developed to act as the main controlling unit of the accelerator. The redesigned OpenRISC core processes 67% more instructions per second than the reference architecture and ties with a micro-controllable ECC datapath through a highly optimized interface. An ECDSA signature is verified in 11 ms, which is equal to a speedup of 15× and 3.3× with respect to a portable C implementation on the OpenRISC and an assembler-optimized implementation on an ARM7, respectively. Moreover, thanks to a tightly coupled data memory, the proposed co-processor does not block the OpenRISC during its ECC-specific operations, thereby enabling it to also support concurrent execution of other workloads and/or software-based cryptographic extension functions.
Keywords: coprocessors; embedded systems; public key cryptography; reduced instruction set computing; ECDSA; OpenRISC core;OpenRISC-ISA;SIR10US;advanced cryptographic algorithms; cryptographic extension functions; digital signature verification; elliptic curve digital signature algorithm; embedded systems; instruction set architecture; microcontrollable ECC datapath; pipeline stages; reference architecture; resource aware acceleration engines; tightly coupled elliptic curve cryptography coprocessor; Computer architecture; Cryptography; Elliptic curves; Pipelines; Program processors; Random access memory; Registers; ECC;  OpenRISC; co-processor; elliptic-curve cryptography; finitefield arithmetic; instruction-set extension (ID#: 15-4180)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868626&isnumber=6868606

Kurt, M.; Duru, N., "Steganography over Video Files Using Menezes Vanstone Elliptic Curve Cryptography Algorithm," Signal Processing and Communications Applications Conference (SIU), 2014 22nd, pp.1195,1198, 23-25 April 2014. doi: 10.1109/SIU.2014.6830449 In recent years information security and information privacy have been more important with an increment of technology. Different techniques of stenography and cryptography are used for sending information to recipient due to safety communication channel. Lots of algorithms have been developed as a result of these techniques. In this work the message to be sent is divided into consecutive two main parts are called coordinate data and stego data. Data represent coordinate points are encrypted with Modified Menezes Vanstone Elliptic Curve Cryptography (MMV - ECC) Algorithm and coordinate points are achieved. These coordinate points are found on related frame of video file in AVI format, and then these coordinate points' pixel value replace with decimal value of stego data.
Keywords: data privacy; public key cryptography; security of data; steganography; telecommunication channels; video coding; AVI format; MMV-ECC algorithm; coordinate data; coordinate point pixel value; decimal value; information privacy; information security; modified Menezes-Vanstone elliptic curve cryptography; safety communication channel; steganography; stego data; video files; Conferences; Elliptic curve cryptography; PSNR; Reactive power; Signal processing algorithms; İmage Processing; Cryptology; Steganography; Video Processing (ID#: 15-4181)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830449&isnumber=6830164

Sakharkar, S.M.; Mangrulkar, R.S.; Atique, M., "A Survey: A Secure Routing Method For Detecting False Reports And Gray-Hole Attacks Along With Elliptic Curve Cryptography In Wireless Sensor Networks," Electrical, Electronics and Computer Science (SCEECS), 2014 IEEE Students' Conference on, pp.1,5, 1-2 March 2014. doi: 10.1109/SCEECS.2014.6804514 Wireless Sensor Networks (WSNs) are used in many applications in military, environmental, and health-related areas. These applications often include the monitoring of sensitive information such as enemy movement on the battlefield or the location of personnel in a building. Security is important in WSNs. However, WSNs suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the use of insecure wireless communication channels. These constraints make security in WSNs a challenge. In this paper, we try to explore security issue in WSN. First, the constraints, security requirements and attacks with their corresponding countermeasures in WSNs are explained. Individual sensor nodes are subject to compromised security. An adversary can inject false reports into the networks via compromised nodes. Furthermore, an adversary can create a Gray hole by compromised nodes. If these two kinds of attacks occur simultaneously in a network, some of the existing methods fail to defend against those attacks. The Ad-hoc On Demand Distance (AODV) Vector scheme for detecting Gray-Hole attack and Statistical En-Route Filtering is used for detecting false report. For increasing security level, the Elliptic Curve Cryptography (ECC) algorithm is used. Simulations results obtain so far reduces energy consumption and also provide greater network security to some extent.
Keywords: public key cryptography; routing protocols; wireless sensor networks; AODV protocol; Gray hole attack; ad hoc on demand distance vector protocol; elliptic curve cryptography; false report detection; individual sensor nodes; secure routing method; statistical en-route filtering; wireless sensor networks; Base stations; Elliptic curve cryptography; Protocols; Routing; Wireless sensor networks; AODV; ECC; Secure Routing; Security; Statistical En-Route; Wireless Sensor Network (ID#: 15-4182)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6804514&isnumber=6804412

Leca, C.-L.; Rincu, C.-I., "Combining Point Operations for Efficient Elliptic Curve Cryptography Scalar Multiplication," Communications (COMM), 2014 10th International Conference on, pp. 1, 4, 29-31 May 2014. doi: 10.1109/ICComm.2014.6866676 Elliptic curve cryptosystems have gained increase attention and have become an intense area of research, mainly because of their shorter key length when compared to other public key cryptosystems such as RSA. Shorter key length brings advantages such as reduced computation effort, power consumption and storage requirements, making it possible to increase the available security for portable devices, smartcards and other power strained devices. ECC manages to cover all the significant cryptographic operations such as key exchange and agreement or digital signature with greater efficiency than previous systems. These operations rely heavily on point multiplication which is also the most time-consuming operation. This paper evaluates point operations (doubling, tripling, quadrupling, and addition) and proposes an algorithm for combining the operations in order to achieve faster scalar multiplication when compared to the standard algorithm for scalar multiplication of double and add.
Keywords: {public key cryptography; smart cards; cryptographic operation; efficient ECC scalar multiplication; elliptic curve cryptography; point multiplication; point operation; portable device; power strained device; public key cryptosystem; security; smartcards; Algorithm design and analysis; Elliptic curve cryptography; Elliptic curves; Equations; Galois fields; cryptography; elliptic curve cryptography; point operations; scalar multiplication (ID#: 15-4183)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866676&isnumber=6866648

Subashri, T.; Arjun, A.; Ashok, S., "Real time implementation Of Elliptic Curve Cryptography over a open aource VoIP server," Computing, Communication and Networking Technologies (ICCCNT), 2014 International Conference on, pp.1,6, 11-13 July 2014. doi: 10.1109/ICCCNT.2014.6963029 This paper presents the design and the implementation of Elliptic Curve Cryptography in an Asterisk VoIP server which serves as an exchange for placing voice calls over the internet. Voice over internet protocol refers to the transmission of speech encoded into data packets transmitted across networks. VoIP networks are prone to confidentiality threats due to the weak keys used by the AES algorithm for encryption of the VoIP packets. So, in order to strengthen the key for encryption/decryption, Elliptic Curve Diffie-Hellman (ECDH) Algorithm key agreement scheme is employed with smaller key sizes resulting in faster computations. The elliptic curve used in this paper is a modified NIST P-256 curve and key generation algorithm using split exponents for fast exponentiation has been implemented to speed up and increase the randomness of key generation. The implementation of split exponents also help in increasing the security of the keys generated. The key generated by ECDH is highly secure because the discrete logarithmic problem is very difficult in this scheme. This Method is successfully carrying out voice calls on VoIP clients connected to the internet. This ECDH key exchanging mechanism for voice calls in real time is implemented on an Asterisk PBX (Private Branch eXchange), using AGI(Asterisk Gateway Interface) server.
Keywords: Asterisk PBX; Dynamic ECDH; IAX; Key exchange; SIP; Softphone; Split Exponents; VoIP (ID#: 15-4184)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963029&isnumber=6962988

Holler, A.; Druml, N.; Kreiner, C.; Steger, C.; Felicijan, T., "Hardware/Software Co-Design Of Elliptic-Curve Cryptography For Resource-Constrained Applications," Design Automation Conference (DAC), 2014 51st ACM/EDAC/IEEE, pp.1, 6, 1-5 June 2014. doi: 10.1145/2593069.2593148 ECC is an asymmetric encryption providing a comparably high cryptographic strength in relation to the key sizes employed. This makes ECC attractive for resource-constrained systems. While pure hardware solutions usually offer a good performance and a low power consumption, they are inflexible and typically lead to a high area. Here, we show a flexible design approach using a 163-bit GF(2m) elliptic curve and an 8-bit processor. We propose improvements to state-of-the-art software algorithms and present innovative hardware/software codesign variants. The proposed implementation offers highly competitive performance in terms of performance and area.
Keywords: hardware-software codesign; public key cryptography;163-bit GF2m elliptic curve;8-bit processor; ECC; asymmetric encryption; cryptographic strength; elliptic-curve cryptography; flexible design approach; hardware-software code sign variants; key sizes; pure hardware solutions; resource-constrained applications; state-of-the-art software algorithms; Coprocessors; Error correction codes; Hardware; Radiofrequency identification; Random access memory; Software; Elliptic Curve Cryptography; Embedded Devices; RFID (ID#: 15-4185)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6881534&isnumber=6881325

He, D.; Zeadally, S., "An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography," Internet of Things Journal, IEEE, vol. PP, no. 99, pp.1, 1, 23 September 2014. doi: 10.1109/JIOT.2014.2360121 Advances in information and communication technologies have led to the emergence of Internet of Things (IoT). In the healthcare environment, the use of IoT technologies brings convenience to physicians and patients since they can be applied to various medical areas (such as constant real-time monitoring, patient information management, medical emergency management, blood information management, and health management). The Radio Frequency IDentification (RFID) technology is one of the core technologies of IoT deployments in the healthcare environment. To satisfy the various security requirements of RFID technology in IoT, many RFID authentication schemes have been proposed in the past decade. Recently, Elliptic Curve Cryptography (ECC)-based RFID authentication schemes have attracted a lot of attention and have been used in the healthcare environment. In this paper, we discuss the security requirements of RFID authentication schemes and in particular we present a review of ECC-based RFID authentication schemes in terms of performance and security. Although most of them cannot satisfy all security requirements and have satisfactory performance, we found that there are three recently proposed ECC-based authentication schemes suitable for the healthcare environment in terms of their performance and security.
Keywords: Authentication; Databases; Internet of Things; Medical services; Radiofrequency identification; Servers; Authentication; Elliptic curve cryptography; Internet of Things; Performance; Radio Frequency identification; Security (ID#: 15-4186)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6907930&isnumber=6702522

Javeed, K.; Xiaojun Wang, "Efficient Montgomery Multiplier For Pairing And Elliptic Curve Based Cryptography," Communication Systems, Networks & Digital Signal Processing (CSNDSP), 2014 9th International Symposium on, pp.255,260, 23-25 July 2014. doi: 10.1109/CSNDSP.2014.6923835 In this paper, we propose an efficient 256×256 bit modular multiplier based on Montgomery reduction algorithm. The 256 × 256 bit modular multiplier is required in elliptic curve and pairing based cryptographic protocols to achieve 128 bit security level. The in-built features of modern FPGA are efficiently utilized. Two time consuming components (1) 512-bit addition (2) 256 × 256 bit multiplier are efficiently optimized. The 512-bit addition is optimized using 64-bit carry chains while the 64 × 64 bit multiplier soft cores provided by Xilinx FPGAs are utilized to design the 256 × 256 bit multiplier. Subsequently, both the adder and multiplier are used to design 256-bit modular multiplier using Montgomery reduction algorithm. The design is synthesized using Xilinx ISE 14.1 design suite targeting virtex 6 FPGA devices. The proposed design runs at 188 MHz and can be used to construct elliptic curve and pairing based cryptographic processors.
Keywords: cryptographic protocols; field programmable gate arrays; public key cryptography; FPGA devices; Montgomery reduction algorithm; Xilinx FPGA; Xilinx ISE 14.1 design; cryptographic processors; cryptographic protocols; efficient montgomery multiplier; elliptic curve based cryptography; modular multiplier; pairing curve based cryptography; Adders; Algorithm design and analysis; Clocks; Educational institutions; Field programmable gate arrays; Multiplexing; Pipelines; Elliptic curve cryptography; FPGA design; Montgomery Multiplier; Pairing (ID#: 15-4187)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6923835&isnumber=6923783

Azarderakhsh, R.; Reyhani-Masoleh, A., "Parallel and High-Speed Computations of Elliptic Curve Cryptography Using Hybrid-Double Multipliers," Parallel and Distributed Systems, IEEE Transactions on , vol.26, no.6, pp.1668,1677, June 1 2015  doi: 10.1109/TPDS.2014.2323062 High-performance and fast implementation of point multiplication is crucial for elliptic curve cryptographic systems. Recently, considerable research has investigated the implementation of point multiplication on different curves over binary extension fields. In this paper, we propose efficient and high speed architectures to implement point multiplication on binary Edwards and generalized Hessian curves. We perform a data-flow analysis and investigate maximum number of parallel multipliers to be employed to reduce the latency of point multiplication on these curves. Then, we modify the addition and doubling formulations and employ a newly proposed digit-level hybrid-double Gaussian normal basis multiplier to remove the data dependencies and hence reduce the latency of point multiplication. To the best of our knowledge, this is the first time that one employs hybrid-double multiplication technique to reduce the computation time of point multiplication. Moreover, we have implemented our proposed architectures for point multiplication on FPGA and obtained the results of timing and area. Our results indicate that the proposed scheme is one step forward to improve the performance of point multiplication on binary Edward and generalized Hessian curves.
Keywords: Gaussian processes;  Hessian matrices; field programmable gate arrays; multiplying circuits; public key cryptography; FPGA; addition formulations; binary Edwards curves; binary extension fields; data dependencies; data-flow analysis; digit-level hybrid-double Gaussian normal basis multiplier; doubling formulations; elliptic curve cryptographic systems; generalized Hessian curves; hybrid-double multiplication technique; parallel multipliers; point multiplication; Clocks; Computer architecture; Elliptic curve cryptography; Elliptic curves; Gaussian processes; Logic gates; Elliptic curve cryptography (ECC); Gaussian normal basis; binary Edwards curves; double-hybrid multiplier; generalized Hessian curves (ID#: 15-4188)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814322&isnumber=4359390

Ying Zhang; Ji Pengfei, "An Efficient and Hybrid Key Management for Heterogeneous Wireless Sensor Networks," Control and Decision Conference (2014 CCDC), The 26th Chinese, pp. 1881, 1885, May 31 2014-June 2 2014. doi: 10.1109/CCDC.2014.6852476 Key management is the core to ensure the communication security of wireless sensor network. How to establish efficient key management in wireless sensor networks (WSN) is a challenging problem for the constrained energy, memory, and computational capabilities of the sensor nodes. Previous research on sensor network security mainly considers homogeneous sensor networks with symmetric key cryptography. Recent researches have shown that using asymmetric key cryptography in heterogeneous sensor networks (HSN) can improve network performance, such as connectivity, resilience, etc. Considering the advantages and disadvantages of symmetric key cryptography and asymmetric key cryptography, the paper propose an efficient and hybrid key management method for heterogeneous wireless sensor network, cluster heads and base stations use public key encryption method based on elliptic curve cryptography (ECC), while using symmetric encryption method between adjacent nodes in the cluster. The analysis and simulation results show that the proposed key management method can provide better security, prefect scalability and connectivity with saving on storage space.
Keywords: cryptography; telecommunication network management; telecommunication security; wireless sensor networks; asymmetric key cryptography; base stations; cluster heads; communication security; elliptic curve cryptography; heterogeneous sensor networks; hybrid key management; public key encryption method; sensor network security; sensor nodes; symmetric encryption; wireless sensor networks; Elliptic curve cryptography; Encryption; Energy consumption; Wireless sensor networks; Elliptic Curve Cryptography; Heterogeneous Wireless Sensor Networks; Key Management; Symmetric Encryption (ID#: 15-4189)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6852476&isnumber=6852105

Xuanxia Yao; Xiaoguang Han; Xiaojiang Du, "A Light-Weight Certificate-Less Public Key Cryptography Scheme Based on ECC," Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, pp.1,8, 4-7 Aug. 2014. doi: 10.1109/ICCCN.2014.6911773 With the rapid development of mobile computing, more and more mobile devices, such as smart phones and tablets are able to access Internet. As these mobile devices are usually battery powered, energy efficiency is a very important issue. For most mobile applications, energy saving should be considered at the design stage. Of course, security application is no different. Public key cryptography plays an important role in network security, and it is still essential in mobile computing despite it needs high energy consumption. Considering Elliptic Curve Cryptography (ECC) is easy to perform in hardware and needs lower energy than other public key algorithms. We propose an ECC-based certificate-less public key cryptography scheme. The scheme is lightweight and can save energy for mobile devices. Firstly, it does not need certificate to prove the authenticity of a public key, which can save energy for certificate transmission. Secondly, it is constructed on the traditional ECC instead of bilinear pairing, which makes it lightweight and can save energy for computation. In addition, it avoids the key escrow issue, which makes it has higher security strength than traditional public key cryptography. These advantages make it very suitable for resources-constrained mobile devices.
Keywords: Internet; energy conservation; mobile computing; power consumption; public key cryptography; telecommunication power management; telecommunication security; ECC; Internet; battery power; bilinear pairing; certificate transmission; elliptic curve cryptography; energy consumption; energy efficiency; energy saving; light-weight certificate-less public key cryptography scheme; mobile computing; mobile devices; network security; public key algorithms; resources-constrained mobile devices; security application; security strength; smart phones; tablets; Elliptic curve cryptography; Elliptic curves; Encryption; certificate-less public key cryptosystem; certificate-less public key encryption; certificate-less public key signature; elliptic curve cryptography (ID#: 15-4190)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911773&isnumber=6911704

Rao, M.R.; Rao, B.P., "Adaptive Hybrid Multi-User Detector in CDMA Using ECC," Wireless and Optical Communications Networks (WOCN), 2014 Eleventh International Conference on, pp.1,9, 11-13 Sept. 2014. doi: 10.1109/WOCN.2014.6923051 Code division multiple access (CDMA) is one of the promising techniques in cellular mobile communications system used for radio accessing and personal communication systems. Besides several practical advantages, CDMA suffers with multiuser interference, limiting the spectral efficiency drastically. There are various optimal and suboptimal multi user detection techniques in CDMA to overcome this problem. These MUDs identify the desired users signal but the interference signal is high and there is a chance of loosing the signal. By considering these drawbacks, we propose a MUD technique using Elliptic Curve Cryptography (ECC). The main objective of this technique is to detect the desired user signal with less interference ratio. An elliptic curve based key is generated and encoded the user signals before transmission. A BPSK technique is used for modulating the signals. The decoder decodes the desired user information and neglects the undesired user information. The performance comparison shows that this technique has better performance than the existing methods.
Keywords: cellular radio; code division multiple access; decoding; personal communication networks; phase shift keying; public key cryptography; radio access networks; radiofrequency interference; signal processing; BPSK technique; CDMA; ECC; MUD technique; adaptive hybrid multiuser detector; cellular mobile communications system; code division multiple access; decoding; elliptic curve cryptography; multiuser interference signal; personal communication system; radio access network; signal modulation; suboptimal multiuser detection technique; user signal encoding; Binary phase shift keying; Detectors; Elliptic curve cryptography; Interference; Multiaccess communication; Multiuser detection; Noise; B PSK; CDMA; Decoding; Elliptic Curve Cryptography; Encoding; Key generation; Multi User Detection (ID#: 15-4191)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6923051&isnumber=6923038

Fournaris, A.P.; Zafeirakis, J.; Koufopavlou, O., "Designing and Evaluating High Speed Elliptic Curve Point Multipliers," Digital System Design (DSD), 2014 17th Euromicro Conference on, pp.169,174, 27-29 Aug. 2014. doi: 10.1109/DSD.2014.104 Point Multiplication (PM) is considered the most computationally complex and resource hungry Elliptic Curve Cryptography (ECC) related mathematic operation. The design of PM hardware accelerators follows approaches that have a trade off between utilized hardware resources and computation speed. In this paper, the above trade-off and its relation with the operations of the GF(2k) defining the Elliptic Curve (EC) is highlighted and investigated. Following this direction, a point operation design methodology based on the parallelization and scheduling of GF(2k) operations is proposed. This design approach is adapted to the PM employed GF(2k) multiplication algorithm and associated implementation in an effort to increase PM accelerator speed with an acceptable cost on chip covered area (hardware resources). Using the proposed methodology, two PM accelerator hardware architectures were proposed based on bit serial and bit parallel GF(2k) multipliers that, when implemented in FPGA technology, proved to be very fast in comparison to other similar works.
Keywords: digital arithmetic; public key cryptography; ECC; GF(2k) multiplication algorithm; PM; elliptic curve cryptography; point multiplication; Delay effects; Elliptic curve cryptography; Field programmable gate arrays; Hardware; Multiplexing; Polynomials; Table lookup; Elliptic Curve Cryptography; Finite Field computation; VLSI design (ID#: 15-4192)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6927241&isnumber=6927207

Lin-Shung Huang; Adhikarla, S.; Boneh, D.; Jackson, C., "An Experimental Study of TLS Forward Secrecy Deployments," Internet Computing, IEEE, vol. 18, no.6, pp.43, 51, Nov.-Dec. 2014. doi: 10.1109/MIC.2014.86 Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, the authors found that 82.9 percent of the DHE-enabled servers use weak DH parameters, resulting in a false sense of security. They compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Their results indicate that using forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.
Keywords: public key cryptography; DHE key exchange; DHE-enabled servers; ECC; TLS forward secrecy deployments; TLS servers; advertisement network; client-side latencies; elliptic curve cryptography; ephemeral Diffie-Hellman key exchange; server throughput; transport layer security servers; Browsers; Ciphers; Cryptography; DH-HEMTs; Elliptic curve cryptography; Internet; Network security; Servers; Throughput; Transport protocols; TLS; elliptic curve cryptography; forward secrecy (ID#: 15-4193)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6870379&isnumber=6938659

Pontie, S.; Maistri, P., "Design of a Secure Architecture For Scalar Multiplication On Elliptic Curves," Microelectronics and Electronics (PRIME), 2014 10th Conference on Ph.D. Research in, pp.1,4, June 30 2014-July 3 2014. doi: 10.1109/PRIME.2014.6872655 Embedded systems support more and more features. Authentication and confidentiality are part of them. These systems have limitations that put the public-key RSA algorithm at a disadvantage: Elliptic curve cryptography (ECC) becomes more attractive because it requires less energy and less area. A lot of attacks exploit physical access on cryptographic hardware device: power analysis attacks (SPA, DPA), or timing analysis attacks. The coprocessor presented here supports all critical operations of an ECC cryptosystem and has been secured against side channel attacks.
Keywords: coprocessors; embedded systems; public key cryptography; DPA; ECC cryptosystem; SPA; coprocessor; cryptographic hardware device; elliptic curve cryptography; embedded systems; power analysis attacks; public-key RSA algorithm; scalar multiplication; secure architecture design; side channel attacks; timing analysis attacks; Algorithm design and analysis; Coprocessors; Elliptic curve cryptography; Elliptic curves; Registers; Timing; Elliptic curve cryptography; scalar multiplication; side channel analysis (ID#: 15-4194)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6872655&isnumber=6872647

Doe, N.P.; Suganya, V., "Secure Service To Prevent Data Breaches In Cloud," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 6, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921755 Cloud Computing is a computing paradigm shift where computing is moved away from personal computers or an individual server to a cloud of computers. Its flexibility, cost-effectiveness, and dynamically re-allocation of resources as per demand make it desirable. At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges such as data breaches, data loss, account hijacking and denial of service. Paramount among these security threats is data breaches. The proposed work is to prevent data breaching threat by way of providing user authentication through one-time password system and challenge response, risk assessment to identify and prevent possible risks, encryption using enhanced elliptic curve cryptography where a cryptographically secure random number generation is used to make the number unpredictable, data integrity using MD5 technique, and key management. The platform for deployment of the application is Google App Engine.
Keywords: authorisation; cloud computing; public key cryptography; random number generation; risk management; Google App Engine;MD5 technique; account hijacking; cloud computing; cryptographically secure random number generation; data breach prevention; data loss; denial of service; dynamic resource reallocation; elliptic curve cryptography; one-time password system; personal computers; risk assessment; secure service; user authentication; Cloud computing; Computational modeling; Elliptic curve cryptography; Elliptic curves; Encryption; MD5;authentication;cloud computing; elliptic curve cryptography; risk assessment; security issues (ID#: 15-4195)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921755&isnumber=6921705

Daehee Kim; Sunshin An, "Efficient and Scalable Public Key Infrastructure For Wireless Sensor networks," Networks, Computers and Communications, The 2014 International Symposium on, pp.1,5, 17-19 June 2014. doi: 10.1109/SNCC.2014.6866514 Ensuring security is essential in wireless sensor networks (WSNs) since a variety of applications of WSNs, including military, medical and industrial sectors, require several kinds of security services such as confidentiality, authentication, and integrity. However, ensuring security is not trivial in WSNs because of the limited resources of the sensor nodes. This has led a lot of researchers to focus on a symmetric key cryptography which is computationally lightweight, but requires a shared key between the sensor nodes. Public key cryptography (PKC) not only solves this problem gracefully, but also provides enhanced security services such as non-repudiation and digital signatures. To take advantage of PKC, each node must have a public key of the corresponding node via an authenticated method. The most widely used way is to use digital signatures signed by a certificate authority which is a part of a public key infrastructure (PKI). Since traditional PKI requires a huge amount of computations and communications, it can be heavy burden to WSNs. In this paper, we propose our own energy efficient and scalable PKI for WSNs. This is accomplished by taking advantage of heterogeneous sensor networks and elliptic curve cryptography. Our proposed PKI is analyzed in terms of security, energy efficiency, and scalability. As you will see later, our PKI is secure, energy efficient, and scalable.
Keywords: digital signatures; energy conservation; public key cryptography; telecommunication power management; wireless sensor networks; PKC; PKI; WSN; authenticated method; certificate authority; digital signatures; elliptic curve cryptography; energy efficiency; heterogeneous sensor networks; industrial sectors; medical sectors; military sectors; public key cryptography; public key infrastructure; security services; sensor nodes; symmetric key cryptography; wireless sensor networks; Cryptography; IP networks; Servers; Wireless communication; Wireless sensor networks;(k, n) Threshold Scheme; Certificate Authority; Elliptic Curve Cryptography; Heterogeneous Sensor Networks; Public Key Infrastructure; Wireless Sensor Networks(ID#: 15-4196)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866514&isnumber=6866503

Druml, N.; Menghin, M.; Kuleta, A.; Steger, C.; Weiss, R.; Bock, H.; Haid, J., "A Flexible and Lightweight ECC-Based Authentication Solution for Resource Constrained Systems," Digital System Design (DSD), 2014 17th Euromicro Conference on , vol., no., pp.372,378, 27-29 Aug. 2014. doi: 10.1109/DSD.2014.77 RFID-based and NFC-based applications can be found, apart from others, in security critical application fields, such as payment or access control. For this purpose, Elliptic-Curve Cryptography (ECC) is commonly used hardware integrated in resource constrained applications in order to provide authenticity and data integrity. On the one hand, specialized crypto hardware approaches provide good performance and consume low power. On the other hand, they often lack flexibility, caused, for example, by hardware integrated protocols and cryptographic parameters. Here we present a flexible and lightweight ECC-based authentication solution that takes into account resource constrained systems. This technique permits to shift parts of the computational intense ECC calculations from the resource constrained device to the authentication terminal. By employing a security controller with a small multi-purpose hardware acceleration core, high computation speed is achieved and a maximum level of flexibility is maintained at the same time. We demonstrate the feasible implementation of the proposed technique by means of an Android-based reader / smart card system, which represent a prime example of contemporary power-constrained and performance-constrained embedded systems. An ECC-based authentication can be carried out on average within 25 ms and checked against a back-end server within 66 ms in a secured manner. Thus, a secured and flexible one-way authentication system is given that shows high performance. This solution can be utilized in a wide variety of application fields, such as anti-counterfeiting, where flexibility and low chip prices are essential.
Keywords: Android (operating system); data integrity; message authentication; public key cryptography; radiofrequency identification; resource allocation; smart cards; Android-based reader/smart card system; ECC-based authentication solution; NFC-based application; RFID-based application; access control; anticounterfeiting; authentication terminal; authenticity;back-end server; chip prices; computation speed; computational intense ECC calculation; crypto hardware approach; cryptographic parameter; data integrity; elliptic-curve cryptography; flexible one-way authentication system; hardware integrated protocol; multipurpose hardware core; payment; performance-constrained embedded system; power-constrained embedded system; resource constrained application; resource constrained device; resource constrained systems; security controller; security critical application field; Authentication; Cryptography; Embedded systems; Protocols; Smart cards;Timing;Authentication; Elliptic-Curve Cryptography; Resource Constrained System; Smart Card (ID#: 15-4197)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6927267&isnumber=6927207

Alrimeih, H.; Rakhmatov, D., "Fast and Flexible Hardware Support for ECC Over Multiple Standard Prime Fields," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol.22, no.12, pp.2661, 2674, Dec. 2014. doi: 10.1109/TVLSI.2013.2294649 Elliptic curve cryptography (ECC) is widely used as an efficient mechanism to secure private data using public-key protocols. We focus on ECC over five standard prime fields recommended by the National Institute of Standard and Technology (with the corresponding prime sizes of 192, 224, 256, 384, and 521 bits) and propose a novel hardware processor that enables flexible security–performance tradeoffs. To enhance performance, our processor exploits parallelism by pipelining modular arithmetic computations and associated input/output data transfers. To enhance security, modular arithmetic computations and associated data transfers are grouped into atomically executed computational blocks. The flexibility of our processor is achieved through the software-controlled hardware programmability, which allows for different scenarios of computing atomic block sequences. A Xilinx Virtex-6 FPGA implementation of the proposed hardware architecture takes between 0.30 ms (192-bit ECC) and 3.91 ms (521-bit ECC) to perform a typical scalar multiplication, which demonstrates both flexibility and efficiency of our processor.
Keywords: Algorithm design and analysis; Data transfer; Elliptic curve cryptography; Hardware; NIST; Elliptic curve cryptography (ECC); parallel atomic computation; prime fields; programmable hardware; security--performance tradeoffs.; security performance tradeoffs (ID#: 15-4198)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6704828&isnumber=6963544

Jen-Wei Lee; Szu-Chi Chung; Hsie-Chia Chang; Chen-Yi Lee, "Efficient Power-Analysis-Resistant Dual-Field Elliptic Curve Cryptographic Processor Using Heterogeneous Dual-Processing-Element Architecture," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol.22, no.1, pp.49,61, Jan. 2014. doi: 10.1109/TVLSI.2013.2237930 Elliptic curve cryptography (ECC) for portable applications is in high demand to ensure secure information exchange over wireless channels. Because of the high computational complexity of ECC functions, dedicated hardware architecture is essential to provide sufficient ECC performance. Besides, crypto-ICs are vulnerable to side-channel information leakage because the private key can be revealed via power-analysis attacks. In this paper, a new heterogeneous dual-processing-element (dual-PE) architecture and a priority-oriented scheduling of right-to-left double-and-add-always EC scalar multiplication (ECSM) with randomized processing technique are proposed to achieve a power-analysis-resistant dual-field ECC (DF-ECC) processor. For this dual-PE design, a memory hierarchy with local memory synchronization scheme is also exploited to improve data bandwidth. Fabricated in a 90-nm CMOS technology, a 0.4- mm2 160-b DF-ECC chip can achieve 0.34/0.29 ms 11.7/9.3 μJ for one GF(p)/GF(2m) ECSM. Compared to other related works, our approach is advantageous not only in hardware efficiency but also in protection against power-analysis attacks.
Keywords: CMOS digital integrated circuits; computational complexity; microprocessor chips; private key cryptography; public key cryptography; synchronisation; wireless channels; CMOS technology; DF-ECC chip; ECC functions; computational complexity; crypto-IC; data bandwidth; dedicated hardware architecture; dual-PE design; efficient power-analysis-resistant dual-field elliptic curve cryptographic processor; hardware efficiency; heterogeneous dual-PE architecture; heterogeneous dual-processing-element architecture; information exchange security ;local memory synchronization scheme; memory hierarchy; portable application; power-analysis attacks; power-analysis-resistant DF-ECC processor; priority-oriented scheduling; private key; randomized processing technique; right-to-left double-and-add-always EC scalar multiplication; side-channel information leakage; size 90 nm; wireless channels; Algorithm design and analysis; Computer architecture; Elliptic curve cryptography; Hardware; Instruction sets; Processor scheduling; Scheduling; Dual fields; elliptic curve cryptography (ECC);heterogeneous processing-element architecture; parallel computations ;power-analysis attacks (ID#: 15-4199)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6459050&isnumber=6690268

Kun Ma; Kaijie Wu, "Error Detection and Recovery for ECC: A New Approach Against Side-Channel Attacks," Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol.33, no.4, pp.627,637, April 2014. doi: 10.1109/TCAD.2013.2293058 Side channel attacks allow an attacker to retrieve secret keys with far less effort than other attacks. Countermeasures against these attacks should be considered during cryptosystem design. This paper presents a novel low-cost error detection and recovery scheme (LOEDAR) to counter fault attacks. The proposed architecture retains the efficiency of the Montgomery ladder algorithm and shows strong resistance to both environmental-induced faults as well as attacker-introduced faults. Moreover, the proposed LOEDAR scheme is compatible with most existing countermeasures against various power analysis attacks including differential power analysis and its variants, which makes it extendable to a comprehensive countermeasure against both fault attacks and power analysis attacks.
Keywords: error detection; public key cryptography; ECC; LOEDAR scheme; Montgomery ladder algorithm; differential power analysis; elliptic curve cryptography; fault attacks; novel low-cost error detection and recovery scheme; power analysis attacks; secret keys; side-channel attacks; Algorithm design and analysis; Circuit faults; Elliptic curve cryptography; Elliptic curves; Error correction codes; Registers; Elliptic curve cryptography (ECC);Montgomery ladder; error detection and recovery; fault attack; power analysis; side-channel attack (ID#: 15-4200)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6774527&isnumber=6774487

Shyam, V.; Sujatha, D., "FPGA Implementation Of An Efficient And Highly Secure Cryptoprocessor Over Barreto-Naehrig Curves," Green Computing Communication and Electrical Engineering (ICGCCEE), 2014 International Conference on, pp.1,5, 6-8 March 2014. doi: 10.1109/ICGCCEE.2014.6922282 Pairings such as Tate, Ate and Optimal-ate are used to perform operations over special form of elliptic curves known as Barreto-Naehrig (BN) curves. Computation of the pairings involve the floating point operations which is difficult to perform and for this purpose special hardware blocks are used. Existing techniques uses Montgomery multiplication algorithm which uses one hardware block corresponding to each operations. This results in increase in the area. Also these hardware blocks take more time to perform these computations. So this paper aims at 1) reducing the computation time of the cryptographic operations and 2) minimizing the hardware blocks required for performing the computations thereby reducing the area. A new dedicated Cryptoprocessor is proposed which consists of a single hardware unit to perform all the operations. The implementation results on a Virtex-4 FPGA device shows that it consumes 23k Slices and computes the tate pairing in 16.475ns.
Keywords: computational complexity; field programmable gate arrays; floating point arithmetic; group theory; microprocessor chips; public key cryptography; Barreto-Naehrig curves; Montgomery multiplication algorithm;Virtex-4 FPGA device; area reduction; ate pairing; computation time reduction; cryptographic operations; elliptic curve cryptography; field programmable gate array; floating point operations; hardware block minimization; optimal-ate pairing; secure cryptoprocessor; tate pairing; Adders ;Elliptic curve cryptography; Field programmable gate arrays; Hardware; Multiplexing; Registers; Cryptoprocessor; Elliptic Curve Cryptography; Field Programmable Gate Array; Pairing Computations (ID#: 15-4201)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6922282&isnumber=6920919

Realpe-Muñoz, P.; Trujillo-Olaya, V.; Velasco-Medina, J., "Design of Elliptic Curve Cryptoprocessors Over GF(2¹⁶³) On Koblitz Curves," Circuits and Systems (LASCAS), 2014 IEEE 5th Latin American Symposium on, pp.1,4, 25-28 Feb. 2014. doi: 10.1109/LASCAS.2014.6820253 This paper presents the design of cryptoprocessors using two multipliers over finite field GF(2¹⁶³) with digit-level processing. The arithmetic operations were implemented in hardware using Gaussian Normal Bases (GNB) representation and the scalar multiplication kP was performed on Koblitz curves using window-τNAF algorithm with w = 2, 4, 8 and 16. The cryptoprocessors were designed using VHDL description, synthesized on the Stratix-IV FPGA using Quartus II 12.0, and verified using SignalTAP II and Matlab. The simulation results show that the cryptoprocessors present a very good performance using low area. In this case, the computation times for calculating the scalar multiplication for w = 2, 4, 8 and 16 were 9.88, 7.37, 6.17 and 5.05 μs.
Keywords: Gaussian processes; digital arithmetic; field programmable gate arrays; hardware description languages; mathematics computing; public key cryptography ;GNB representation; Gaussian normal bases representation; Koblitz curves; Matlab; Quartus II 12.0;SignalTAP II; Stratix-IV FPGA; VHDL description ;arithmetic operations; digit-level processing; elliptic curve cryptoprocessors; finite field GF(2163);scalar multiplication; Algorithm design and analysis; Elliptic curve cryptography; Elliptic curves; Galois fields; Gaussian processes; Hardware; Elliptic curve cryptography; Gaussian normal basis; Koblitz curves; digit-level multiplier (ID#: 15-4202)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6820253&isnumber=6820243

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.