Your search keyword '"Key storage"' showing total 69 results

1. Authentication Framework for an IoT Ecosystem

Author

Ram, Chilla Jagadeesh, Sathyadevan, S., Das, Swagatam, Series Editor, Bansal, Jagdish Chand, Series Editor, Tavares, João Manuel R. S., editor, Rodrigues, Joel J. P. C., editor, Misra, Debajyoti, editor, and Bhattacherjee, Debasmriti, editor

Published

2024

2. Combinatorial Design Based Key Pre-distribution Scheme with High Scalability and Minimal Storage for Wireless Sensor Networks.

Author

Kittur, Lakshmi Jayant and Pais, Alwyn Roshan

Subjects

WIRELESS sensor networks, SCALABILITY, WIRELESS sensor network security, SENSOR networks

Abstract

Given the sensitivity of applications and the sensor node's resource constraints, key management is an important security concern in Wireless Sensor Networks (WSNs). Combinatorial Design based schemes are used to propose key pre-distribution in WSNs as they have patterns that can be mapped to the WSNs. We employ Combinatorial Designs to pre-distribute the keys to the sensor nodes. The deployment area is divided into equal-sized regions called cells. The network comprises two types of sensor nodes: ordinary sensor nodes and cell masters. The ordinary sensor nodes within a cell can communicate with each other directly. The inter-cell communication is through the cell masters, which have higher resource capabilities than the ordinary sensor nodes. To take into account the Radio Frequency range of cell masters, we use Lee sphere region around each cell (Ruj in ACM Transactions on Sensor Networks (TOSN) 6:4, 2009, Rui Key predistribution using partially balanced designs in wireless sensor networks, 2007). The proposed key pre-distribution scheme for cell masters provides high network scalability with low key storage overhead compared to other schemes. The model's performance is measured in terms of key storage overhead and the number of sensor nodes supported. A detailed analysis of resiliency in terms of fractions of links disrupted is also presented. Also, the proposed scheme achieved better resiliency and requires much less number of keys to be stored in sensor nodes than the existing schemes. [ABSTRACT FROM AUTHOR]

Published

2023

3. Hardware-Based Authentication Applications

Author

Arafin, Md Tanvir, Qu, Gang, and Halak, Basel, editor

Published

2021

4. An efficient secure key establishment method in cluster-based sensor network.

Author

Singh, Akansha and Jain, Khushboo

Subjects

WIRELESS sensor networks, WIRELESS sensor network security, SENSOR networks, ENERGY consumption

Abstract

The main issue for the security of wireless sensor networks (WSNs) is how to allow sensor nodes (SNs) to establish and share cryptographic keys in an energy-efficient, storage-efficient, and authentic manner for their secure data transmission. Furthermost recent studies carried out in this direction is concerned with homogeneous networks in which all sensor has identical characteristics and fundamental administration mechanisms. However, Cluster-based sensor networks have demonstrated better achievements and performance than homogeneous networks because of the several benefits of clustering. This inspired us to propose a secure key-establishment method for cluster-based sensor networks based on symmetric-key cryptography. Since symmetric key cryptography has small energy consumption, they are a great choice to prefer for securing the networks. Even though symmetric key cryptography has high storage needs, this deficiency can be reduced by using suitable methods—evaluating the proposed work that the storage needs are reduced along with reduced energy consumption. The work offers a favorable level of security against various intruders and possible security threats and is additionally scalable than the state-of-the-art techniques. [ABSTRACT FROM AUTHOR]

Published

2022

5. Design and Evaluation of a Tunable PUF Architecture for FPGAs

Author

TeichJürgen, StreitFranz-Josef, BecherAndreas, KrügerPaul, and WildermannStefan

Subjects

Key storage, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, General Computer Science, Manufacturing process, Computer science, business.industry, Embedded system, Architecture, Chip, business, Field-programmable gate array

Abstract

FPGA-based Physical Unclonable Functions (PUF) have emerged as a viable alternative to permanent key storage by turning effects of inaccuracies during the manufacturing process of a chip into a unique, FPGA-intrinsic secret. However, many fixed PUF designs may suffer from unsatisfactory statistical properties in terms of uniqueness, uniformity, and robustness. Moreover, a PUF signature may alter over time due to aging or changing operating conditions, rendering a PUF insecure in the worst case. As a remedy, we propose CHOICE , a novel class of FPGA-based PUF designs with tunable uniqueness and reliability characteristics. By the use of addressable shift registers available on an FPGA, we show that a wide configuration space for adjusting a device-specific PUF response is obtained without any sacrifice of randomness. In particular, we demonstrate the concept of address-tunable propagation delays, whereby we are able to increase or decrease the probability of obtaining “ 1 ”s in the PUF response. Experimental evaluations on a group of six 28 nm Xilinx Artix-7 FPGAs show that CHOICE PUFs provide a large range of configurations to allow a fine-tuning to an average uniqueness between 49% and 51%, while simultaneously achieving bit error rates below 1.5%, thus outperforming state-of-the-art PUF designs. Moreover, with only a single FPGA slice per PUF bit, CHOICE is one of the smallest PUF designs currently available for FPGAs. It is well-known that signal propagation delays are affected by temperature, as the operating temperature impacts the internal currents of transistors that ultimately make up the circuit. We therefore comprehensively investigate how temperature variations affect the PUF response and demonstrate how the tunability of CHOICE enables us to determine configurations that show a high robustness to such variations. As a case study, we present a cryptographic key generation scheme based on CHOICE PUF responses as device-intrinsic secret and investigate the design objectives resource costs, performance, and temperature robustness to show the practicability of our approach.

Published

2021

6. RSA Moduli with a Predetermined Portion: Techniques and Applications

Author

Joye, Marc, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Chen, Liqun, editor, Mu, Yi, editor, and Susilo, Willy, editor

Published

2008

7. The Secure Storages of Keys

Author

Kirill Alexandrovich Biryukov

Subjects

key information, information storage, key storage, token, secure information systems, safe key storage, Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The article is devoted to the actual problem, especially for multi-user secure information systems, of safe key information storing. The creation of a key storage, devoid of weaknesses of existing storages, is proposed and substantiated.

Published

2013

8. Secure Key Storage and Access Delegation Through Cloud Storage

Author

S. Sankar, Bharati Mishra, Ramasubbareddy Somula, and Debasish Jena

Subjects

Key storage, Organizational Behavior and Human Resource Management, Information Systems and Management, Delegation, Computer science, Strategy and Management, media_common.quotation_subject, Computer security, computer.software_genre, Artificial Intelligence, Management of Technology and Innovation, Cloud storage, computer, Information Systems, media_common

Abstract

Cloud storage is gaining popularity to store and share files. To secure the files, cloud storage providers supply client interfaces with the facility to encrypt the files and upload them into the cloud. When client-side encryption is done, the onus of key management lies with the cloud user. Public key proxy re-encryption mechanisms can be used to distribute the key among stakeholders of the file. However, clients use low powered devices like mobile phones to share their files. Lightweight cryptography operations are needed to carry out the encryption operations. Ring-LWE-based encryption scheme meets this criterion. In this work, a proxy re-encryption scheme is proposed to distribute the file key. The scheme is proved CCA secure under Ring-LWE assumption in the random oracle model. The performance of the scheme is compared with the existing proxy re-encryption schemes which are observed to show better performance for re-encryption and re-key generation.

Published

2020

9. Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs.

Author

Vliegen, Jo, Mentens, Nele, Koch, Dirk, Schellekens, Dries, and Verbauwhede, Ingrid

Abstract

In earlier published work, Maes et al. present a pay-per-use licensing scheme for hardware Intellectual Property (IP) cores. This scheme focuses on the use of IP cores on static random access memory-based field programmable gate arrays (FPGAs) and is mainly based on the partial reconfigurability property of this type of FPGA. Our work evaluates the practical feasibility of the scheme and the accompanying architecture. As already (partly) indicated by Maes et al., their solution introduces some security and usability issues. Therefore, we present improvements to the scheme and the architecture together with an additional method for decreasing the area overhead. The overall result is the first practical implementation of the pay-per-use licensing scheme occupying 841 slices on a Xilinx XC6S-LX45 FPGA. The small area overhead is mainly achieved by moving the storage of keys from slice flip-flops to configuration memory. Moreover, the implementation would not have been feasible with commercially available tools. We use an academic tool that allows nested partial reconfiguration and flexible IP core placement. [ABSTRACT FROM AUTHOR]

Published

2015

10. Hardware-Based Authentication Applications

Author

Gang Qu and Tanvir Arafin

Subjects

Key storage, Key generation, Authentication, business.industry, Computer science, Resource constraints, Cryptographic protocol, Internet of Things, business, Protocol (object-oriented programming), Secret sharing, Computer hardware

Abstract

Authentication is one of the most fundamental problems in computer security. Implementation of any authentication and authorization protocol requires the solution of several sub-problems, such as secret sharing, key generation, key storage, and secret verification. With the widespread employment of the Internet of Things (IoT), authentication becomes a central concern in the security of resource constraint internet-connected systems. Interconnected elements of IoT devices typically contain sensors, actuators, relays, and processing and control equipment that are designed with a limited budget on power, cost, and area. As a result, incorporating security protocols in these IoT components can be rather challenging. To address this issue, in this chapter, we discuss hardware-oriented security applications for the authentication of users, devices, and data. These applications illustrate the use of physical properties of computing hardware such as main memory, computing units, and clocks for authentication applications in low power on the IoT devices and systems.

Published

2021

11. A Survey of Security Attacks on Silicon Based Weak PUF Architectures

Author

Chintala Yehoshuva, R. Raja Adhithan, and N. Nalla Anandakumar

Subjects

Key storage, 021110 strategic, defence & security studies, business.industry, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Chip, 020202 computer hardware & architecture, Silicon based, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, business

Abstract

Physically Unclonable Functions (PUFs) are popular hardware-based security primitives that can derive chip signatures from the inherent characteristics of ICs. Due to their assumed security and cost advantages, one important category of PUFs, so-called weak PUFs which is used in numerous security applications such as device ID generation, IP protection and secure key storage. Nevertheless, a number of recent works have been reported several attacks on weak PUFs architectures. This paper presents a brief survey of existing attacks on silicon-based weak PUF architectures with their detailed comparison and associated countermeasures.

Published

2021

12. Hybrid multimedia broadcast encryption schemes.

Author

Li, Tao, Guo, Huaqun, and Ma, Maode

Abstract

Broadcast encryption in a pay television system is actually a key management issue, where smaller key storage and shorter header length are required to assure the quality of service. The existing solutions come up with two typical structures. One is the matrix-based structure without revocation capability and the other is the tree-based structure in Advanced Access Content System. In this paper, we propose two promising schemes that exploit the combination of the two structures to solve the revocation problem in the matrix-based structure to meet the requirements of the small key storage and short header. Mathematical derivations and calculations are performed to prove the feasibility of the proposed schemes. [ABSTRACT FROM PUBLISHER]

Published

2012

13. Matrix-tree based hybrid broadcast encryption.

Author

Li, Tao, Guo, Huaqun, and Ma, Maode

Abstract

Broadcast encryption in a pay television system is actually a key management issue, where smaller key storage and shorter header length are required to assure the quality of service. The existing solutions come up with two typical structures. One is the matrix-based structure without revocation capability and the other is the tree-based structure in Advanced Access Content System. In this paper, we propose two promising schemes that exploit the combination of the two structures to solve the revocation problem in the matrix-based structure to meet the requirements of the small key storage and short header. Mathematical derivations and calculations are performed to prove the feasibility of the proposed schemes. [ABSTRACT FROM PUBLISHER]

Published

2011

14. Cause Analysis Method of Entropy Loss in Physically Unclonable Functions

Author

Tatsuya Oyama, Mitsuru Shiozaki, Takeshi Fujino, Yohei Hori, and Masayoshi Shirahata

Subjects

Entropy estimation, Independent and identically distributed random variables, Key storage, Key generation, Computer engineering, Computer science, business.industry, Cause analysis, Cryptography, business, Upper and lower bounds, Electronic mail

Abstract

The use of physically unclonable functions (PUFs) as a new cryptographic technique is gaining attention. Challenge-response authentication and key generation (key storage) are well known as major applications using PUFs. When PUFs are applied to these applications, min-entropy estimation is essential. The min-entropy is a measure of the lower bound of the unpredictability of PUF responses. Many studies have estimated the min-entropy of PUFs, and several of these studies dealt with PUFs with independent and identically distributed (IID) PUF responses. Few studies have focused on non-IID PUFs. One reason is that some causes of entropy loss are complicatedly intertwined, and the entropy estimation of non-IID PUFs is hard. Thus, it is first necessary to break down the intertwined causes to estimate min-entropy. In this paper, we present typical causes of entropy loss during PUF implementation and propose a cause analysis method using the Inter-Hamming distance (HD), which is one of major performance metrics of PUFs. And the proposed method was applied to prototyped PUFs designed with a 180-nm CMOS process. We demonstrate that the causes of entropy loss on each PUF can be broken down according to the analysis results.

Published

2020

15. On the Confidence in Bit-Alias Measurement of Physical Unclonable Functions

Author

Florian Wilde and Michael Pehl

Subjects

Signal Processing (eess.SP), Key storage, 021110 strategic, defence & security studies, Alias, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Confidence interval, Reliability engineering, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, FOS: Electrical engineering, electronic engineering, information engineering, 0202 electrical engineering, electronic engineering, information engineering, Entropy (information theory), 020201 artificial intelligence & image processing, Electrical Engineering and Systems Science - Signal Processing, Security level, Statistical hypothesis testing

Abstract

Physical Unclonable Functions (PUFs) are modern solutions for cheap and secure key storage. The security level strongly depends on a PUF's unpredictability, which is impaired if certain bits of the PUF response tend towards the same value on all devices. The expectation for the probability of 1 at some position in the response, the Bit-Alias, is a state-of-the-art metric in this regard. However, the confidence interval of the Bit-Alias is never considered, which can lead to an overestimation of a PUF's unpredictability. Moreover, no tool is available to verify if the Bit-Alias is within given limits. This work adapts a method for the calculation of confidence intervals to Bit-Alias. It further proposes a statistical hypothesis test to verify if a PUF design meets given specifications on Bit-Alias or bit-wise entropy. Application to several published PUF designs demonstrates the methods' capabilities. The results prove the need for a high number of samples when the unpredictability of PUFs is tested. The proposed methods are publicly available and should improve the design and evaluation of PUFs in the future., Original publication at 2019 17th IEEE International New Circuits and Systems Conference (NEWCAS)

Published

2020

16. Subtropical fruits: Avocados

Author

Allan B. Woolf, Mary Lu Arpaia, John P. Bower, and Bruno G. Defilippi

Subjects

Key storage, Tree (data structure), Horticulture, Flesh, Subtropics, Biology

Abstract

Avocados are unique in the amount of oil they contain and that they will not ripen on the tree. The key storage limitations after >≈4 weeks is flesh graying (or diffuse flesh discoloration), and stem end and body rots. Optimum storage temperature is ≈ 5–6°C where irregular skin blackening is a chilling response at low temperature (

Published

2020

17. Towards a scalable secure element cluster : a recommendation on hardware configuration

Author

Hinterleitner, Timo

Subjects

PKCS #11, Schlüsselspeicherung, key storage, Secure Element, ESPRESSO, Hardware Security Module, skalierbar, longevity, Cluster, scalable, durability, HSM, Langlebigkeit, FPGA

Abstract

In vielen Rechenzentren und IoT-Anwendungen sind die sichere Speicherung von Schlüsselmaterial und deren hardwarebeschleunigte Verarbeitung eine Grundanforderung. Derzeit werden dafür meist Smartcards oder Secure Elements für kleine Anwendungen, oder Hardware Security Modules für Enterpriseapplikationen verwendet. Für Einsatzzwecke mit Anforderungen zwischen diesen beiden Extremen ist die verfügbare Hardware daher zu unter- oder überdimensioniert und damit unwirtschaftlich. Diese Diplomarbeit stellt einen neuen, skalierbaren Ansatz zur sicheren Speicherung und Verarbeitung von Schlüsselmaterial vor. Dafür wird ein Gerät auf Basis von geclusterten Secure Elements entwickelt, das je nach Anforderungen an Performance, Langlebigkeit, Lastverteilung, Partitionierung des Schlüsselmaterial und Kosten dimensioniert werden kann. Damit ist für jede Art von Anwendungen ein optimales Kosten-Nutzen-Verhältnis gegeben. Nachdem die Architektur und Funktionsweise des Secure Element Clusters vorgestellt wurde, werden zwei verschiedene Prototypen mitsamt deren Software- und Hardwarekonfiguration beschrieben. Eine neu entwickelte PKCS #11 Library kapselt die Cluster-Funktionalität und bietet damit optimale Kompatibilität mit bestehenden Softwarelösungen. Im Gegensatz zu bereits existierenden Secure Element Grids müssen die Anwendungen keine Verwaltungsaufgaben des Clusters übernehmen. Die Eigenschaften der Cluster-Prototypen werden genau analysiert, um die Clusterarchitektur in weiteren Entwicklungsphasen zu verbessern. Basierend auf Geschwindigkeitsund Langlebigkeitsmessungen, die während dieser Analysephase durchgeführt werden, wird eine mathematische Formel zur optimalen Dimensionierung eines Secure Element Clusters entwickelt., Hardware protected storage of key material and secure processing of cryptographicoperations are required in data centers as well as IoT applications in the field. Currently,the available hardware satisfies this demand only poorly. Small-scale applications use asmart card or secure element to satisfy their needs. Large-scale enterprise deploymentsmake use of specially designed Hardware Security Modules. These two options provideonly a minimal choice and offer no solution for demands between those configurations.The possibilities are either too weak or too large-scaled. Therefore, the existing solutionsare unsuitable for medium-sized use cases.This paper describes a new, scalable approach for storing key material securely andperforming cryptographic operations during changing demands. The solution introduces adevice based on clustered secure elements to provide configuration options for performance,longevity, load distribution, partitioning, and costs. After describing the overall clusterarchitecture, the thesis presents two prototype builds with their complete hardware andsoftware stack. All cluster functionality of the prototypes is encapsulated in a newlydeveloped PKCS #11 library, providing far better compatibility with software solutionsthan existing secure element grids. The properties of the prototypes are studied in detailto improve the final cluster design. Based on performance and durability analyses of theprototype, the thesis introduces a scaling scheme for determining the optimal clusterconfiguration for given load requirements.

Published

2020

18. On the Suitability of Using SGX for Secure Key Storage in the Cloud

Author

Pegah Nikbakht Bideh, Joakim Brorsson, Martin Hell, and Alexander Nilsson

Subjects

Security properties, Key storage, Guard (information security), Enclaves, Computer science, business.industry, Communication Systems, Cloud computing, 02 engineering and technology, Trusted Computing, computer.software_genre, Communications system, Virtual hardware, Software, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Operating system, 020201 artificial intelligence & image processing, business, computer, Other Computer and Information Science, FIPS, HSM, SGX

Abstract

This paper addresses the need for secure storage in virtualized services in the cloud. To this purpose, we evaluate the security properties of Intel's Software Guard Extensions (SGX) technology, which provides hardware protection for general applications, for securing virtual Hardware Security Modules (vHSM). In order for the analysis to be comparable with analyses of physical HSMs, the evaluation proceeds from the FIPS 140--3 standard, the successor to FIPS 140--2, which is commonly used to assess security properties of HSMs.Our contribution is twofold. First, we provide a detailed security evaluation of vHSMs using the FIPS 140–3 standard. Second, after concluding that the standard is designed for stand-alone rather than virtual systems, we propose a supplementary threat model, which considers threats from different actors separately. This model allows for different levels of trust in actors with different capabilities and can thus be used to assess which parts of FIPS 140--3 that should be considered for a specific attacker.Using FIPS 140--3 in combination with the threat model, we find that SGX enclaves provide sufficient protection against a large part of the potential actors in the cloud. Thus, depending on the threat model, SGX can be a helpful tool for providing secure storage for virtualized services.

Published

2020

19. Electronic signature key storage

Author

Vera Andrianova

Subjects

Key storage, Database, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Electronic signature, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, computer, General Environmental Science

Abstract

This article describes the existing ways to store the private key of an electronic signature. The article describes in detail the types of removable media, as well as their comparison.

Published

2018

20. Picea asperata pioneer and fibrous roots have different physiological mechanisms in response to soil freeze-thaw in spring

Author

Xueyong Pang, Qing Huo Liu, Yongge Sun, Qunying Xiao, and Chunying Yin

Subjects

0106 biological sciences, Key storage, biology, Fibrous root system, Picea asperata, 04 agricultural and veterinary sciences, Plant Science, Horticulture, Land area, biology.organism_classification, 01 natural sciences, humanities, Physiological responses, Osmolyte, Botany, 040103 agronomy & agriculture, 0401 agriculture, forestry, and fisheries, Proline, 010606 plant biology & botany, Woody plant

Abstract

About 70 % of the total land area in the world are affected by soil freeze and thaw (FT) cycles. Root is the first organ of plant to sense soil environment and it is unclear how it copes with the soil FT. Based on the different functions of firstorder pioneer and fibrous roots in woody plants, we hypothesize that pioneer and fibrous roots respond differently. The experiment was conducted in a growth chamber using Picea asperata seedlings. We designed the FT based on field observation data. The physiological responses in fibrous and pioneer roots were examined. Fibrous roots had higher root vitality and N content, whereas pioneer roots exhibited higher total nonstructural saccharide content. The accumulation of O2 - under FT treatment was similar in the two types of roots. Pioneer roots showed higher osmolyte (especially proline) content, whereas fibrous roots had higher peroxidase activity. The present study confirmed that fibrous roots have stronger metabolism ability, whereas pioneer roots are the key storage organs. FT in the temperature range from -5 to 5 °C are mild and do not cause serious injury to roots. Pioneer roots have higher tolerance to soil FT in spring than fibrous roots. The roots have different strategies to FT: fibrous roots increase the antioxidant system, whereas pioneer roots accumulate more osmolytes. Such knowledge can help us to understand how roots of woody plants cope with soil FT.

Published

2017

21. SENSORLock: a lightweight key management scheme for wireless sensor networks.

Author

Kazienko, Juliano F., Ribeiro, Igor G., Moraes, Igor M., and Albuquerque, Célio Vinicius N.

Subjects

WIRELESS sensor networks, COMPUTER security, DATA encryption, WIRELESS communications, COMPUTER science

Abstract

ABSTRACT Security in wireless sensor networks demands an efficient key management scheme. As sensors typically operate unattended, it becomes quite important to ensure security to cryptographic keys stored in their memories. In this scenario, the development of lightweight encryption mechanisms is a challenge because of sensor-constrained resources. In this work, we present a mechanism tailored to sensor networks called SENSORLock applying it to a specific case. Our main contribution is to propose, analyze, and demonstrate the feasibility of SENSORLock for secure symmetric key distribution solving the stored key exposure problem. Analytical results demonstrate that this approach increases the system's security against the tampering of sensor nodes. Additionally, the mechanism is evaluated using simulation and practical experiments, using the TinyOS platform. Simulation results reveal that this scheme introduces very low processing overhead, in the order of nanoseconds, and an estimated power consumption quite similar to existing approaches. Besides, practical experiments indicate that the scheme can be deployed by off-the-shelf sensors, such as MicaZ and TelosB. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2013

22. Comparison of blockchain e-wallet implementations

Author

Eliasi, Behnam, Javdan, Arian, Eliasi, Behnam, and Javdan, Arian

Abstract

With the rise of blockchain technology and cryptocurrency, secure e-wallets also become more important. But what makes an e-wallet secure? In this report, we compare different aspects of ewallets to see which alternatives are secure and convenient enough to be used.This report contains comparative analyses of different implementation for e-wallets. The problem area is divided into three smaller areas: Key storage, authentication, and recovery. These problem areas have defined criteria for what is considered good qualities in each respective area.The results show that for key storage, the best options are, Android’s keystore/IOS’ secure enclave, offline storage or a hybrid hot/cold storage. For authentication, the best alternatives proved to be BankID and local authentication through the phone’s OS. Good Recovery alternatives include recovery seeds that recover the whole e-wallet or using multiple keys for both signing and recovery.The proof of concept made for this project uses three different storage methods with the authentication methods for each one and with the possibility of recovery in case a key should be lost. The storage methods used are offline storage thought QR-codes, online storage with firebase and local storage with Android keystore or Secure enclave. Authentication is done with Facebook/Google sign in or local authentication., Med blockkedja och kryptovalutornas ökande popularitet blir säkra e-plånböcker allt mer viktiga. Men vad gör en e-plånbok säker? I detta arbete ska olika implementationer för e-plånböcker undersökas för att se vilka alternativ som är tillräckligt säkra samt användarvänliga.Problemområdena delas upp i följande delar: nyckellagring, autentisering och återhämtning av stulen/förlorade nycklar. Arbetet innefattar jämförelser mellan olika lösningar till dessa områden med definierade jämförelsekriterier.Resultatet visar att för nyckellagring är de bästa alternativen Androids keystore system/IOS secure enclave som båda är en form av säker lagringsplats på telefonen, offline lagring och hybridlagring som enkelt förklarat är en tjänst som bevarar data offline och gör den online när användaren väl vill ha tillgång till datan. För autentisering är de bästa alternativen BankID och lokal autentisering genom telefonens operativsystem. För återhämtning av nycklar är de bästa alternativen recovery seed eller att använda multipla nycklar för både signering och återhämtning.En proof of concept gjordes där lagringsmetoderna papper (exempelvis QR-kod), online-lagring med Firebase och lokal lagring med Android keystore eller Secure enclave implementerats. Autentiseringen sker med hjälp av Facebook/Google login och lokal autentisering. Återhämtning görs med två utav tre nycklarna som används för både signering och återhämtning.

Published

2019

23. Everything You Wanted to Know About PUFs

Author

Shital Joshi, Elias Kougianos, and Saraju P. Mohanty

Subjects

Key storage, 0209 industrial biotechnology, Engineering, Hardware_MEMORYSTRUCTURES, business.industry, Strategy and Management, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, 020202 computer hardware & architecture, Education, Non-volatile memory, 020901 industrial engineering & automation, 0202 electrical engineering, electronic engineering, information engineering, Physical access, Electrical and Electronic Engineering, business, computer, Volatile memory

Abstract

In typical cryptographic applications, the secret keys are stored in volatile or nonvolatile memory (NVM). In the latter case, they remain in memory and can be retrieved even when the power is turned off. Even volatile memory is vulnerable to attacks if one has physical access to it. Thus the traditional approaches to key storage are not favored, especially in high-security applications.

Published

2017

24. A Timeline for Flash Memory History [The Art of Storage]

Author

Tom Coughlin

Subjects

010302 applied physics, Key storage, business.industry, Computer science, Timeline, 02 engineering and technology, 021001 nanoscience & nanotechnology, computer.software_genre, 01 natural sciences, Flash memory, Computer Science Applications, Human-Computer Interaction, Non-volatile memory, Software, Hardware and Architecture, 0103 physical sciences, Operating system, Electrical and Electronic Engineering, EPROM, 0210 nano-technology, business, computer

Abstract

At the annual Flash Memory Summits, we have shown an everexpanding timeline for the history of flash memory, starting in 1967 with the invention of the floating gate memory device by Kahng and Sze of Bell Labs (Figure 1). The timeline now goes out to midyear 2016. We include this timeline with this article to illustrate the development of this key storage technology for many consumer devices. Jim Handy, Brian Berg, and Tom Coughlin put together this ever-growing timeline of advances in solid-state memory and its applications.

Published

2017

25. Dynamic Physically Unclonable Functions

Author

Stefan Katzenbeisser, André Schaller, Jakub Szefer, and Wenjie Xiong

Subjects

Key storage, 021110 strategic, defence & security studies, Authentication, Computer science, business.industry, Software execution, 0211 other engineering and technologies, 02 engineering and technology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Control flow, Software, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Electronics, business, Realization (systems), Dram

Abstract

Physical variations in the manufacturing processes of electronic devices have been widely leveraged to design Physically Unclonable Functions (PUFs), which can be used for authentication and key storage. Existing PUFs are static, as their PUF responses remain the same regardless when the PUF is queried. Meanwhile, this paper presents the new concept of Dynamic PUFs, where the responses depend not only on the physical properties of the device but also on the timing of the PUF queries. One application of Dynamic PUFs is in dynamic software-hardware binding, where the control flow of the software can be tied to both the timing of the software and the physical properties of the hardware, in order to protect software execution. This paper presents a realization of Dynamic PUFs using DRAM modules. The evaluation is based on the decay-based DRAM PUFs, which can be realized today and were implemented on commodity devices for testing.

Published

2019

26. Attack Algorithm for a Keystore-Based Secret Key Generation Method

Author

Jong-Seon No, Seungjae Chae, Young-Han Kim, and Young-Sik Kim

Subjects

Computer science, General Physics and Astronomy, Keystore, lcsh:Astrophysics, 02 engineering and technology, one-key-for-one-file, 01 natural sciences, Article, 010305 fluids & plasmas, lcsh:QB460-466, 0103 physical sciences, information-theoretically secure, 0202 electrical engineering, electronic engineering, information engineering, key management, lcsh:Science, Key management, Computer Science::Cryptography and Security, Key storage, Key generation, Cloud systems, keystore seed, lcsh:QC1-999, lcsh:Q, 020201 artificial intelligence & image processing, Algorithm, lcsh:Physics, key generation

Abstract

A new attack algorithm is proposed for a secure key generation and management method introduced by Yang and Wu. It was previously claimed that the key generation method of Yang and Wu using a keystore seed was information-theoretically secure and could solve the long-term key storage problem in cloud systems, thanks to the huge number of secure keys that the keystone seed can generate. Their key generation method, however, is considered to be broken if an attacker can recover the keystore seed. The proposed attack algorithm in this paper reconstructs the keystore seed of the Yang&ndash, Wu key generation method from a small number of collected keys. For example, when t = 5 and l = 2 7 , it was previously claimed that more than 2 53 secure keys could be generated, but the proposed attack algorithm can reconstruct the keystone seed based on only 84 collected keys. Hence, the Yang&ndash, Wu key generation method is not information-theoretically secure when the attacker can gather multiple keys and a critical amount of information about the keystone seed is leaked.

Published

2019

27. Blockchain based En-Route Filtering of False Data in Wireless Sensor Networks

Author

Alwyn R. Pais and Alok Kumar

Subjects

Key storage, business.industry, Computer science, Probabilistic logic, 020206 networking & telecommunications, 02 engineering and technology, Route filtering, Information security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Wireless sensor network, Key exchange, Computer network

Abstract

Wireless sensor networks are an easy target for report fabrication attacks, where compromised sensor nodes can be used by an adversary to flood the network with bogus/false reports. En-route filtering is a mechanism where intermediate forwarding nodes identify and drop false reports while they are being forwarded towards the sink. Existing en-route filtering schemes either have high storage overhead or low filtering efficiency. In this article, we propose a blockchain based deterministic en-route filtering scheme, capable of dropping false reports efficiently. Further, the proposed scheme does not require any key exchange between sensor nodes for data endorsement/authentication, thus reducing the associated key storage overhead and communication overhead. Finally, the proposed scheme can also adapt to dynamic networks and mobile sinks making it suitable for modern wireless sensor networks.

Published

2019

28. Key Storage and Azure Key Vault

Author

Stephen Haunts

Subjects

Key storage, Public-key cryptography, Symmetric-key algorithm, business.industry, Computer science, Data_MISCELLANEOUS, Key (lock), business, Encryption, Computer security, computer.software_genre, computer

Abstract

In previous chapters, we built a sophisticated encryption example that had the ability to use symmetric encryption to encrypt our data while protecting the symmetric encryption keys utilizing an RSA public and private key pair. While symmetric encryption is fast and efficient, moving the keys between multiple parties is very hard to achieve safely; this is why we use RSA to encrypt the symmetric key. The key is encrypted using the recipient’s public key (which can be known by anyone) and is then decrypted using the recipients private key (which only they know).

Published

2019

29. Constructions for key distribution patterns

Author

Shangdi Chen and Huihui Wei

Subjects

Key storage, Property (philosophy), business.industry, Distributed computing, Key distribution, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Construct (python library), 01 natural sciences, Mathematics (miscellaneous), Secure communication, Incidence structure, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, business, Incidence (geometry), Mathematics

Abstract

Key distribution patterns (KDPs) are finite incidence structures satisfying a certain property which makes them widely used in minimizing the key storage and ensuring the security of communication between users in a large network. We construct a new KDP using t-design and combine two ω-KDPs to give new (ω-1)-KDPs, which provide secure communication in a large network and minimize the amount of key storage.

Published

2016

30. Open-Source Software-Based SRAM-PUF for Secure Data and Key Storage Using Off-The-Shelf SRAM

Author

Setyawan Sajim, Ade (author) and Setyawan Sajim, Ade (author)

Abstract

SRAM PUF has a potential to become the main player in hardware security. Unfor- tunately, currently available solutions are usually locked to specific entities, such as companies or universities. Here, we introduce the first open source project to de- velop software-based SRAM PUF technology using off-the-shelf SRAM. We also present testing results on two off-the-shelf SRAMs quality to be a PUF compon- ent; Microchip 23LC1024 and Cypress CY62256NLL. Testing on two bit-selection algorithms (data remanence analysis and neighbor analysis) are also performed. Based on the testing results, we introduce a PUF enrollment scheme using data remanence analysis as the bit selection algorithm which will locate the location of the stable bits and SRAM Cypress CY62256NLL as the off-the-shelf SRAM. Moreover, we also propose a procedure to develop SRAM PUF-based applications using any off-the-shelf SRAM. The procedure consists of three main steps; test the off-the-shelf SRAM quality to be a PUF component, create a PUF-generated key using enrollment-reconstruction mechanism, and develop any PUF-based ap- plication utilizing the PUF-generated key. In addition, an idea to create numerous CRPs using SRAM PUF is also proposed here. Using a collection of stable bits as a challenge, the stable bits are permutated among themselves to create a challenge which has a numerous number of possibilities. Furthermore, we also present a secure data and key storage scheme using SRAM PUF. The proposed scheme is in- fluenced by multi-factor authentication. Using a combination of a PUF-generated key and user’s password, a derived key is produced and utilized as the final key to protect user’s data or/and user’s key. As the grand concluding experiment of this thesis, we present a demo of storing a private key of Bitcoin. We shows that the Bitcoin key will not be reconstructed successfully if user’s password is incorrect or the SRAM is not similar with the one that use to encrypt the Bitcoin key., Computer Engineering | Distributed Systems

Published

2018

31. A New Combinatorial Design Based Data En-Route Filtering Scheme for Wireless Sensor Networks

Author

Alok Kumar and Alwyn R. Pais

Subjects

Key storage, Computer science, business.industry, Probabilistic logic, 020206 networking & telecommunications, 02 engineering and technology, Route filtering, Direct communication, 020202 computer hardware & architecture, Combinatorial design, Overhead (business), 0202 electrical engineering, electronic engineering, information engineering, business, Wireless sensor network, Computer network

Abstract

Wireless sensor networks are susceptible to report fabrication attacks, where adversary can use compromised nodes to flood the network with false reports. En-route filtering is a mechanism of dropping bogus/false reports while they are being forwarded towards the sink. Majority of the proposed en-route filtering schemes are probabilistic, where the originality of forwarded reports is checked with fixed probability by intermediate nodes. Thus, false reports can travel multiple hops before being dropped in probabilistic en-route filtering schemes. Few deterministic based en-route filtering schemes have also been proposed, but all such schemes need to send the reports through fixed paths. To overcome the above mentioned limitations of existing en-route filtering schemes, we propose a novel deterministic enroute filtering scheme. In the proposed scheme, secret keys are allocated to sensor nodes based on combinatorial design. Such design ensures direct communication between any two nodes without adding more key storage overhead. We provide in-depth analysis for the proposed scheme. The proposed scheme significantly outperforms existing schemes in terms of expected filtering position of false reports and is more buoyant to selective forwarding and report disruption attacks. Our scheme also performs neck-to-neck with existing schemes in terms of protocol overheads.

Published

2018

32. Efficient and energy-aware key management framework for dynamic sensor networks

Author

Imene Belalouache, Mawloud Omar, Bournane Abbache, Samia Amrane, OMAR, Mawloud, and Université Abderrahmane Mira [Béjaïa]

Subjects

Key storage, Mobility, Key establishment, General Computer Science, Revocation, Computer science, Distributed computing, 020206 networking & telecommunications, 02 engineering and technology, [INFO] Computer Science [cs], Key management, Environmental data, Energy consumption, Control and Systems Engineering, Robustness (computer science), Sensor node, 0202 electrical engineering, electronic engineering, information engineering, Security, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], Electrical and Electronic Engineering, Wireless sensor network

Abstract

International audience; Wireless sensor networks consist of a set of connected devices deployed to report sensitive environmental data. Key management in wireless sensor networks remains a challenging issue due to the limited resource capacity of devices. Most existing solutions focus only on the key storage and updating optimization giving less attention to the mobility, which is more needed in the nowadays applications. In this paper, we propose a secure and efficient key management system with mobility support. The proposed scheme is based on hybrid key establishment to meet both the robustness and efficiency requirements. The sensor nodes can be mobile, where they could leave, rejoin their cluster, or join other ones. We incorporate lightweight techniques for sensor node integration, departure, revocation and key updating. Its efficiency is evaluated by comparison with other concurrent schemes, where it demonstrates the best results.

Published

2018

33. Using Energy Storage to Manage High Net Load Variability at Sub-Hourly Time-Scales

Author

Ciara O'Dwyer and Damian Flynn

Subjects

Flexibility (engineering), Key storage, Engineering, Energy storage, Wind power, business.industry, Reliability (computer networking), Economic dispatch, Energy Engineering and Power Technology, Reliability engineering, Unit (housing), Battery storage plants, Power system simulation, Electrical and Electronic Engineering, Pumped storage power generation, business, Wind energy, Simulation

Abstract

High net load variability, driven by high penetrations of wind and solar generation, will create challenges for system operators in the future, as installed wind generation capacities increase to unprecedented levels globally. Maintaining system reliability, particularly at shorter time-scales, leads to increased levels of conventional plant starts and ramping, and higher levels of wind curtailment, with sub-hourly unit commitment and economic dispatch required to capture the increased cycling burden. The role of energy storage in reducing operating costs and enhancing system flexibility is explored, with key storage plant characteristics for balancing at this time-scale identified and discussed in relation to existing and emerging grid-scale storage technologies. Unit dispatches for the additional storage plant with varying characteristics highlight the unsuitability of energy only markets in incen-tivizing suitable levels of flexibility for future systems with high net load variability. Science Foundation Ireland

Published

2015

34. Big Data Storage and Data Models

Author

Dongyao Wu, Sherif Sakr, and Liming Zhu

Subjects

Key storage, Data processing, business.industry, Computer science, Big data, 02 engineering and technology, Data science, Storage model, Data modeling, Data model, 020204 information systems, Computer data storage, Data_FILES, 0202 electrical engineering, electronic engineering, information engineering, Network File System, 020201 artificial intelligence & image processing, business

Abstract

Data and storage models are the basis for big data ecosystem stacks. While storage model captures the physical aspects and features for data storage, data model captures the logical representation and structures for data processing and management. Understanding storage and data model together is essential for understanding the built-on big data ecosystems. In this chapter we are going to investigate and compare the key storage and data models in the spectrum of big data frameworks.

Published

2017

35. Unified Coprocessor Architecture for Secure Key Storage and Challenge-Response Authentication

Author

Koichi Shimizu, Takeshi Sugawara, Takeshi Fujino, Toyohiro Tsurumaru, Mitsuru Shiozaki, and Daisuke Suzuki

Subjects

Key storage, Coprocessor, business.industry, Computer science, Applied Mathematics, Embedded system, Signal Processing, Physical unclonable function, Electrical and Electronic Engineering, Challenge–response authentication, Architecture, business, Computer Graphics and Computer-Aided Design

Published

2014

36. An improved key management scheme in cloud storage

Author

Abdul Quadir Muhammed, Kiran Mary Matthew, and Vijayakumar Varadarajan

Subjects

Key storage, Scheme (programming language), Cloud computing security, General Computer Science, business.industry, Computer science, Applied Mathematics, Data_MISCELLANEOUS, General Engineering, Cloud computing, Computer security, computer.software_genre, Field (computer science), ComputingMilieux_GENERAL, Attribute-based encryption, business, Key management, Cloud storage, computer, computer.programming_language

Abstract

Nowadays, cloud services are used by numerous people all around the globe. One of its major applications is in the field of cloud storage. Users can store data in cloud without the need to have har...

Published

2019

37. Analysis on the Key Storage Mechanism of the CNG Library

Author

Yeunsu Lee, Kangbin Yim, Hyeji Lee, and Kyungroul Lee

Subjects

Key storage, 010308 nuclear & particles physics, Computer science, business.industry, Process (engineering), Mechanism (biology), media_common.quotation_subject, Cryptography, RC4, computer.software_genre, Encryption, 01 natural sciences, 030218 nuclear medicine & medical imaging, 03 medical and health sciences, 0302 clinical medicine, Debugging, 0103 physical sciences, Operating system, Software engineering, business, computer, TRACE (psycholinguistics), media_common

Abstract

Cryptographic libraries usually do not ensure the situation that the execution environment is rapidly and diversely changed because it has structural incompleteness by design. Microsoft announced the CNG library to solve this problem. Nevertheless, the CNG library does not have the verification tools regarding the execution results for developers, users or experts to assess the crypto system implemented using the library. It is essential for those tools to provide a method to verify the encryption and decryption functions with the related keys and it is difficult on CNG to trace the key storage mechanism in realtime, because almost all cryptographic functions are processed by handles. Thus, in this paper, we analyze how to trace the information for the key in the implemented products or when debugging in the development process. Namely, we analyze the key storage mechanism of the CNG library and verify the analyzed results. This study is expected to provide more convenient ways for identifying the key-related information for debugging and evaluation.

Published

2016

38. Data Node Encrypted File System

Author

Joel Reardon

Subjects

Key storage, File system, business.industry, Computer science, Data node, computer.software_genre, Encryption, Encrypted file system, Access token, Flash memory, Data_FILES, Erasure, business, computer, Computer network

Abstract

This chapter presents DNEFS, a file system change that provides fine-grained secure data deletion and is particularly suited to flash memory. DNEFS encrypts each individual data item and colocates all the encryption keys in a densely packed key storage area. DNEFS is efficient in flash memory erasures because the expensive erasure operation is only needed for the key storage area.

Published

2016

39. Design and Implementation of KSP on the Next Generation Cryptography API

Author

Zhang Li-na

Subjects

Key storage, Windows Vista, Computer science, business.industry, media_common.quotation_subject, Cryptography, Smart Card, Physics and Astronomy(all), computer.software_genre, CSP, CNG, Operating system, Smart card, KSP, Architecture, Cryptographic Service Provider, business, Function (engineering), computer, media_common

Abstract

With good seamless connectivity and higher safety, KSP (Key Storage Providers) is the inexorable trend of security requirements and development to take the place of CSP (Cryptographic Service Provider). But the study on KSP has just started in our country, and almost no reports of its implementation can be found. Based on the analysis of function modules and the architecture of Cryptography API (Next Generation (CNG)), this paper discusses the design and implementation of KSP (key storage providers) based on smart card in detail, and an example is also presented to illustrate how to use KSP in Windows Vista.

Published

2012

40. A Hybrid Key Management Scheme Based on Clustered Wireless Sensor Networks

Author

Yong Xu, Min Nan, and Pengcheng Zhao

Subjects

Key storage, Key distribution in wireless sensor networks, Network security, business.industry, Computer science, Distributed computing, Session key, Energy consumption, Network topology, business, Key management, Wireless sensor network, Computer network

Abstract

According to the weakness of session key construction based on node’s own location, we propose a hybrid key management scheme which based on clustered wireless sensor networks. The use of hierarchical thinking, reducing the amount of key storage and computing, while supporting network topology, dynamic key management for which aims to prevent leakage. Through analyzing, it shows that the scheme have certain advantages in key connectivity, security, communication and energy consumption.

Published

2012

41. Minimizing Key Storage in MANETs

Author

Huagang Xiong and Dahai Du

Subjects

Key storage, Computer Networks and Communications, business.industry, Computer science, business, Software, Computer network

Published

2011

42. Foundations of Reconfigurable PUFs

Author

Jonas Schneider and Dominique Schröder

Subjects

Key storage, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Cryptographic primitive, Computer science, business.industry, Embedded system, Physical unclonable function, Cryptography, business, Randomness, Tamper resistance

Abstract

A Physically Unclonable Function (PUF) can be seen as a source of randomness that can be challenged with a stimulus and responds in a way that is to some extent unpredictable. PUFs can be used to provide efficient solutions for common cryptographic primitives such as identification/authentication schemes, key storage, and hardware-entangled cryptography. Moreover, Brzuska et al. have recently shown, that PUFs can be used to construct UC secure protocols (CRYPTO 2011). Most PUF instantiations, however, only provide a static challenge/response space which limits their usefulness for practical instantiations. To overcome this limitation, Katzenbeisser et al. (CHES 2011) introduced Logically Reconfigurable PUFs (LR-PUFs), with the idea to introduce an “update” mechanism that changes the challenge/response behaviour without physically replacing or modifying the hardware.

Published

2015

43. Analysis of Secure Key Storage Solutions on Android

Author

Cooijmans, T.J.P.M., Ruiter, J.E.J. de, Poll, E., Wang, C., and Wang, C.

Subjects

Key storage, Password, Computer science, business.industry, Cryptography, Trusted Computing, Computer security, computer.software_genre, Documentation, Phone, Mobile payment, Operating system, Android (operating system), Digital Security, business, computer

Abstract

Mobile phones are increasingly used for security sensitive activities such as online banking or mobile payments. This usually involves some cryptographic operations, and therefore introduces the problem of securely storing the corresponding keys on the phone. In this paper we evaluate the security provided by various options for secure storage of key material on Android, using either Android's service for key storage or the key storage solution in the Bouncy Castle library. The security provided by the key storage service of the Android OS depends on the actual phone, as it may or may not make use of ARM TrustZone features. Therefore we investigate this for different models of phones.We find that the hardware-backed version of the Android OS service does offer device binding -- i.e. keys cannot be exported from the device -- though they could be used by any attacker with root access. This last limitation is not surprising, as it is a fundamental limitation of any secure storage service offered from the TrustZone's secure world to the insecure world. Still, some of Android's documentation is a bit misleading here.Somewhat to our surprise, we find that in some respects the software-only solution of Bouncy Castle is stronger than the Android OS service using TrustZone's capabilities, in that it can incorporate a user-supplied password to secure access to keys and thus guarantee user consent.

Published

2014

44. Efficient and secure storage of private keys for pseudonymous vehicular communication

Author

Michael Feiri, Jonathan Petit, and Frank Kargl

Subjects

KDF, VANET, Engineering, IR-88722, Standardization, 02 engineering and technology, Computer security, computer.software_genre, METIS-302601, 0202 electrical engineering, electronic engineering, information engineering, PUF, HSM, Intelligent transportation system, Key storage, EWI-24228, Vehicular ad hoc network, business.industry, SCS-Cybersecurity, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Privacy protection, 020206 networking & telecommunications, Provisioning, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, ITS, Secure Storage, business, computer

Abstract

Current standardization efforts for cooperative Intelligent Transportation Systems both in the U.S. and Europe foresee vehicles to use a large number of changeable pseudonyms for privacy protection. Provisioning and storage of these pseu- donyms require efficient and secure mechanisms to prevent malicious use of pseudonyms. In this paper we investigate several techniques to improve secure and efficient storage of pseudonyms. Specifically, we propose schemes based on Physical Unclonable Functions (PUFs) that allow to replace expensive secure key storage by regular unsecured memory and still provide fully secure pseudonyms storage.

Published

2013

45. Feasibly clonable functions

Author

Dmitry Nedospasov, Christian Boit, and Clemens Helfmeier

Subjects

Key storage, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, business.industry, Computer science, Embedded system, Physical unclonable function, Static random-access memory, Security community, business, Implementation

Abstract

Physically Unclonable Functions (PUF) are continuously being integrated into next generation security products. Nevertheless, their implementations and algorithms are the subject of much debate amongst the security community. One proposed use application for PUFs is replacing secure key storage. Yet the full unique PUF response of the most common type of PUFs can be recovered by using standard failure analysis equipment. SRAM PUFs used as key storage can only be considered to marginally improve security over conventional non-volatile key storage.

Published

2013

46. Buskeeper PUFs, a promising alternative to D Flip-Flop PUFs

Author

Vincent van der Leest, Peter Simons, and Erik van der Sluis

Subjects

Key storage, Engineering, Hardware security module, Cryptographic primitive, business.industry, Reliability (computer networking), Physical unclonable function, Cryptography, Integrated circuit, Computer security, computer.software_genre, law.invention, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, law, Embedded system, business, computer, Flip-flop

Abstract

Cloning, theft of service and tampering have become serious threats on the revenue and reputation of hardware vendors. To protect their products against these attacks hardware security, based on cryptographic primitives using keys, can be used. These keys are usually stored somewhere in the hardware, so the strength of the security depends on the effort required from attackers to compromise them. Tools for attacking hardware have become very advanced, which has decreased the protection provided by storing a key in memory to a minimum. To protect devices against attacks on their keys, Physically Unclonable Functions (PUFs) can be used. PUFs are primitives that extract secrets from physical characteristics of integrated circuits (ICs) and can be used, amongst others, for secure key storage. This paper introduces a new type of PUF, the Buskeeper. In our study this new type of PUF is evaluated on the properties of reliability and uniqueness. For this purpose several tests have been performed in order to compare the results of Buskeeper PUFs to those of D Flip-Flop (DFF) PUFs from [4] and [14]. This comparison shows that the Buskeeper PUF performs as well as, if not better than, this (already known and generally accepted) PUF type. Since Buskeepers are much more efficient than DFFs in regard to the amount of hardware resources required, we conclude that the Buskeeper PUF is a viable (and probably preferable) alternative to DFF PUFs.

Published

2012

47. Practical Security Analysis of PUF-Based Two-Player Protocols

Author

Ulrich Rührmair and Marten van Dijk

Subjects

Key storage, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Security analysis, Identification (information), Oblivious transfer, Computer science, Round complexity, Models of communication, Hash function, Cryptographic protocol, Computer security, computer.software_genre, computer

Abstract

In recent years, PUF-based schemes have not only been suggested for the basic tasks of tamper sensitive key storage or the identification of hardware systems, but also for more complex protocols like oblivious transfer (OT) or bit commitment (BC), both of which possess broad and diverse applications. In this paper, we continue this line of research. We first present an attack on two recent OT- and BC-protocols which have been introduced at CRYPTO 2011 by Brzuska et al. [1,2]. The attack quadratically reduces the number of CRPs which malicious players must read out in order to cheat, and fully operates within the original communication model of [1,2]. In practice, this leads to insecure protocols when electrical PUFs with a medium challenge-length are used (e.g., 64 bits), or whenever optical PUFs are employed. These two PUF types are currently among the most popular designs. Secondly, we discuss countermeasures against the attack, and show that interactive hashing is suited to enhance the security of PUF-based OT and BC, albeit at the price of an increased round complexity.

Published

2012

48. A microcontroller SRAM-PUF

Author

Maximilian Hofer, Wolfgang Pribyl, and Christoph Böhm

Subjects

Key storage, Repetition (rhetorical device), business.industry, Computer science, Repetition code, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Microcontroller, Error analysis, Factor (programming language), Embedded system, Static random-access memory, Error detection and correction, business, computer, Computer hardware, computer.programming_language

Abstract

Key storage is a well-known security issue. Usually, keys are generated and then stored in an non-volatile memory (NVM). A promising alternative are the so-called physical unclonable functions (PUFs). These functions extract key material directly from manufacturing variabilities of a device. One example of such a PUF is the SRAM-PUF. It uses the power-up states of SRAM cells to generate an ID/key. In this paper we present an SRAM PUF which we implemented on a microcontroller using the internal SRAM blocks. Combined with a simple error correction code, namely the repetition code, we could reduce the error rates to small values. Using a repetition factor of 31 we reached a probability for one or more errors within a 2048bit key of lower than 7e-7 within a temperature range from 0C to 80C. The low costs and the simplicity of implementation makes the SRAM-PUF on a microcontroller an attractive alternative to common approaches.

Published

2011

49. Physically unclonable functions

Author

Roel Maes and Ingrid Verbauwhede

Subjects

Identifier, Key storage, Identification (information), Engineering, business.industry, Embedded system, Physical unclonable function, Hardware_INTEGRATEDCIRCUITS, Embedding, business, Cmos process, Manufacturing variability

Abstract

CMOS process variations are considered a burden to IC developers since they introduce undesirable random variability between equally designed ICs. However, it was demonstrated that measuring this variability can also be profitable as a physically unclonable method of silicon device identification. This can moreover be applied to generate strong cryptographic keys which are intrinsically bound to the embedding IC instance. This holds a number of very interesting advantages in comparison to traditional forms of secure identification and key storage. In this work, we summarize and compare the different proposed constructions and are able to identify some generalizing properties for PUFs on silicon devices.

Published

2011

50. Security fusion based on state machine compositions

Author

Suku Nair and Omar Al Ibrahim

Subjects

Key storage, Fusion, Finite-state machine, Theoretical computer science, Computer science, Distributed computing, Entropy (information theory), Computer security model, High coverage

Abstract

Security fusion is a new paradigm in security for resource-constrained environments [20]. Following this paradigm, strong system-level security is achieved by combining weak primitives from multiple nodes. In this paper, we describe a fusion methodology based on state machine compositions. From the properties of compositions, we devise a challenge-response system that composes low-entropy state machines at individual nodes into one with higher entropy. We use built-in digital logic such as Physical Unclonable Functions (PUFs) to efficiently mass generate and distribute keys. In addition, we draw on the properties of compositions to reduce the key storage complexity at the infrastructure-level, with high coverage and early detectability at the system-level.

Published

2011