Biblio

In the security platform of Internet of Things (IoT), a licensed Low Power Wide Area Network (LPWAN) technology, named Narrowband Internet of Things (NB-IoT) is playing a vital role in transferring the information between objects. This technology is preferable for applications having a low data rate. As the number of subscribers increases, attack possibilities raise simultaneously. So securing the transmission between the objects becomes a big task. Bandwidth spoofing is one of the most sensitive attack that can be performed on the communication channel that lies between the access point and user equipment. This research proposal objective is to secure the system from the attack based on Unmanned Aerial vehicles (UAVs) enabled Small Cell Access (SCA) device which acts as an intruder between the user and valid SCA and investigating the scenario when any intruder device comes within the communication range of the NB-IoT enabled device. Here, this article also proposed a mathematical solution for the proposed scenario.

The test of security primitives is particularly strategic as any bias coming from the implementation or environment can wreck havoc on the security it is intended to provide. This paper presents how some security properties are tested on leading primitives: True Random Number Generation (TRNG), Physically Unclonable Function (PUF), cryptographic primitives and Digital Sensor (DS). The test of TRNG and PUF to ensure a high level of security is mainly about the entropy assessment, which requires specific statistical tests. The security against side-channel analysis (SCA) of cryptographic primitives, like the substitution box in symmetric cryptography, is generally ensured by masking. But the hardware implementation of masking can be damaged by glitches, which create leakages on sensitive variables. A test method is to search for nets of the cryptographic netlist, which are vulnerable to glitches. The DS is an efficient primitive to detect disturbances and rise alarms in case of fault injection attack (FIA). The dimensioning of this primitive requires a precise test to take into account the environment variations including the aging.

Modern communication systems rely heavily on cryptography to ensure authenticity, confidentiality and integrity of exchanged messages. Elliptic Curve Cryptography 1 (ECC) is one of the common used standard methods for encrypting and signing messages. In this paper we present our implementation of a design supporting four different NIST Elliptic Curves. The design supports two B-curves (B-233, B-283) and two P-curves (P-224, P-256). The implemented designs are sharing the following hardware components bus, multiplier, alu and registers. By implementing the 4 curves in a single design and reusing some resources we reduced the area 20 by 14% compared to a design without resource sharing. Compared to a pure software solution running on an Arm Cortex A9 operating at 1GHz, our design ported to a FPGA is 1.2 to 6 times faster.

This paper shows that stochastic heuristic approach for implicitly solving addition chain problem (ACP) in public-key cryptosystem (PKC) enhances the efficiency of the PKC and improves the security by blinding the multiplications/squaring operations involved against side-channel attack (SCA). We show that while the current practical heuristic approaches being deterministic expose the fixed pattern of the operations, using stochastic method blinds the pattern by being unpredictable and generating diffident pattern of operation for the same exponent at a different time. Thus, if the addition chain (AC) is generated implicitly every time the exponentiation operation is being made, needless for such approaches as padding by insertion of dummy operations and the operation is still totally secured against the SCA. Furthermore, we also show that the stochastic approaches, when carefully designed, further reduces the length of the operation than state-of-the-art practical methods for improving the efficiency. We demonstrated our investigation by implementing RSA cryptosystem using the stochastic approach and the results benchmarked with the existing current methods.

Side Channel Attacks (SCA) using power measurements are a known method of breaking cryptographic algorithms such as AES. Published research into attacks on AES frequently target only AES-128, and often target only the core Electronic Code-Book (ECB) algorithm, without discussing surrounding issues such as triggering, along with breaking the initialization vector. This paper demonstrates a complete attack on a secure bootloader, where the firmware files have been encrypted with AES-256-CBC. A classic Correlation Power Analysis (CPA) attack is performed on AES-256 to recover the complete 32-byte key, and a CPA attack is also used to attempt recovery of the initialization vector (IV).