CERG Seminars are held in the Engineering Building on the GMU Fairfax campus unless noted otherwise. Parking is available in the Sandy Creek parking deck near the Engineering Building. Directions to the campus can be found here. The seminar talks are usually 45 to 60 minutes long and are open to the public. If you wish to be notified about future seminars, please send an e-mail to Jens-Peter Kaps.
Evaluation of the Hardware Performance Space of SHA-3 Candidates Blue Midnight Wish and Cubehash Using FPGAs
Robert Lorentz, MS CpE Master's Thesis Defense
Date: Wednesday, December 7th, 4:30 PM, Location: Engineering Building, Room 2901
In 2007, the National Institute of Standards and Technology (NIST) announced a public competition to develop a new cryptographic hash algorithm to become the SHA-3 standard. This algorithm should allow flexibility in the design tradeoff decisions between performance and circuit area. This study evaluated two SHA-3 Round 2 Candidate Algorithms, Blue Midnight Wish and CubeHash, to define their performance space in FPGA hardware. High throughput designs were created using multi-message techniques, and single-message Basic Iterative and Folded techniques were applied to find designs of relatively low area. The results show a large performance range for both algorithms, but the fine granularity achieved with parallel cores of CubeHash is superior to the inflexible pipelined architecture of Blue Midnight Wish.
Compact Implementations and Benchmarking of Two SHA-3 Finalists BLAKE and JH on FPGAs
Security and message authentication play a crucial role in communications. The current hashing standards for message authentication are SHA-1 and SHA-2. Attacks on SHA-1 which show potential vulnerabilities of this algorithm were published in 2005. As SHA-2 is based on SHA-1 it might be vulnerable to the same attacks. National Institute of Standards and Technology (NIST) initiated a contest to determine a new American hash standard called SHA-3. After evaluating the initial 64 algorithms that were submitted, five algorithms were selected for the final round. The five finalists are: BLAKE, Grøestl, JH, Keccak and Skein. Security and performance in hardware as well as software were the key factors in choosing the five finalists. Evaluating the performance of these algorithms in resource constrained environments, like PDAs and smart phones is of major interest for mobile ubiquitous computing. New low-power Field Programmable Gate Arrays (FPGA), which are suitable for battery powered devices, have low non-recurring engineering cost and faster time to market than Application Specific Integrated Circuits (ASIC). We designed compact architectures for BLAKE and JH, targeting Xilinx low-cost Spartan-3 FPGAs. To achieve a good throughput to area ratio we developed different architectures, maintaining the design criteria of 800 slices, or 400-600 slices with one Block RAM, respectively, on Xilinx Spartan-3 devices. We compared the performance of our implementations by synthesizing them on several devices from Xilinx and Altera. Our compact implementations of BLAKE and JH outperform other published results in terms of throughput to area ratio. Considering the lightweight implementations of all the five finalists, BLAKE has the best performance and JH has an average performance.
Lightweight implementations and Power Measurements of SHA-3 candidates on FPGAs
The National Institute of Standards and Technology (NIST) has opened a public competition for a new Secure Hash Standard, SHA-3 on Nov 2, 2007. Out of the 64 submissions, 51 were selected for the first round in Dec 2008. Among them, 14 algorithms advanced to the second round in July 2009 and 5 to the third and final round in Dec 2010. The final result is expected to be announced in 2012. The selection criteria is primarilly security followed by software, and hardware performance. The hardware performance is evaluated both in FPGAs as well as in ASICs. In FPGAs, most of the research on the SHA-3 candidates is primarily targeted at high throughput. It is very interesting to see how the SHA-3 candidates perform when area is a constraint. In this work, 4 of the 14 round two candidates (Grøestl, Luffa, SHAvite-3 and BMW) have been implemented. Furthermore, the scalability of the finalist Grøestl has been analyzed in detail. Also, a methodology for measuring power consumption of hash functions on FPGA has been developed and performed the power measurements of all the finalists. Our study shows that Grøestl performs well in resource constraint environment because of its scalability.
Number Field Sieve: Pseudocodes and Software Implementations
The RSA cryptosystem has been the mainstay of modern cryptography since it was first introduced in 1978. RSA serves as the basis for securing modern e-commerce-it functions as the primary key exchange mechanism for the Secure Sockets Layer (SSL) protocol. It is used by US Government Personal Identity Verification (PIV) smart cards and the Department of Defense Common Access Card (CAC) for authenticating users, digitally signing and encrypting email.
Due to the importance of this algorithm, cryptanalysts have been working for decades to identify weaknesses in the algorithm. Because the security of the RSA algorithm rests on the computational infeasibility of factoring large numbers, a good deal of research has been in the field of factorization. Of note was the introduction of the Number Field Sieve in 1993, which remains the fastest known algorithm for factoring large numbers. One of the most difficult aspects of the Number Field Sieve is the complexity of the algorithm, requiring a great deal of number theory simply to understand how the individual steps of the algorithm function. To this end, there are very few implementations of the algorithm that are coupled with concise and detailed descriptions of the algorithm. This thesis describes an implementation of the Number Field Sieve implemented using C++ in a straightforward manner-leaving efforts to improve this particular implementation as future work. Based on the implementation, the author was able to derive a set of psuedocodes that can be provided to students to gain a full understanding of the number field sieve algorithm.
Finally, this thesis performs a number of experiments on this implementation-as well as other open source implementations that have been developed in the past few years. This thesis aims to identify the trade-offs within the algorithm that can be made based on the wide variety of parameters that can be applied. While some of these trade-offs are to be expected (e.g., the performance impact of using a lattice sieve over a line sieve), a more detailed understanding of the various options will aid both implementers and students in improving software implementations and-where possible-identifying methods for breaking the number field sieve algorithm into components and identifying which components are best implemented in hardware and which components are best implemented in software.
Implementation and Benchmarking of Padding Units & HMAC for SHA-3 Candidates in FPGAs and ASICs
Ambarish Vyas, MS CpE Master's Thesis Defense
Date: Tuesday, December 6th, 11:00 AM, Location: Engineering Building, Room 4801
In 2005, a major security flaw was discovered in Secure Hash Algorithm-1 (SHA-1), an NSA-designed cryptographic hash function, standardized by National Institute of Science and Technology (NIST) since 1995. Basic components in the more recent NIST standard SHA-2, introduced in 2002, are quite similar to SHA-1. As both functions are quite similar, it is prudent to expect that the equivalent attacks can be found against SHA-2 in the future. In retort to this possibility, NIST established a contest in search of a new cryptographic hash function family called SHA-3. Presently, the competition is in Round 3 evaluations, with 5 finalists shortlisted out of the 14 from Round 2. Various research groups from the cryptographic community are evaluating the performance of the finalists in hardware while trying their best to be fair in their design decisions. One of the topic of debate in the cryptographic community is whether padding should be included in hardware design or should it be done externally in software and not taken in consideration while evaluating the designs. We propose that padding should be included in the designs for fair evaluations, but should be designed intelligently so that the overall Throughput/Area ratio is not affected by an undesirable amount.
In this thesis, we design and implement padding units for 5 Round 3 SHA 3 finalists for two hardware platforms, FPGAs and ASICs. We show that the worst effect of padding unit on the performance of the candidates does not exceed 18% in FPGAs and the overall ranking of the finalists does not change from the ranking derived from the architectures which do not support padding. Universal padding unit supporting all finalists and SHA-2 was designed for ASICs and the maximum area overhead due to the inclusion of a padding unit is around 9% with no effect on maximum clock frequency. This thesis also focuses on designing a Hash-based Message Authentication Code (HMAC) wrapper for all the SHA-3 finalists and SHA-2.
Wireless Identification and Sensing Platform (WISP)
Christopher Long, MS CpE Scholarly Paper Presentation
Date: Thursday, November 17th, 2:00 PM, Location: Engineering Building, Room 3202
This presentation discusses the architecture and software of WISP, Wireless Identification and Sensing Platform, a battery-free Radio-Frequency IDentification (RFID) system. WISP follows the Electronic Product Code (EPC) Class 1 Generation 1 protocol and transmits data by changing its identification (ID) to transmit the in-coming data from its attached sensors. Additionally, this paper present uses for WISP and advantages of WISP over traditional integrated circuit RFID tags.
Modes of Operation in Light-weight Symmetric Crypto
Dr. Souradyuti Paul, visiting researcher at the Computer Security Division of the National Institute of Standards and Technology
Date: Friday, October 28th, 2:00 PM, Location: Engineering Building, Room 4801
Light-weight and low-power cryptography has lately received unprecedented attention from both the academia and the industry because of its usage in highly resource-constrained environments – such as RFID tags and wireless sensor (adhoc) networks. Light-weight cryptography is a fairly diversified subject that addresses a broad range of engineering and theoretical issues. In this presentation, I shall restrict myself to a very specialized aspect of this line of research, namely, the security and the performance of the modes of operation of several symmetric crypto-systems (e.g. hash function, block cipher). Mode of operation (MOO) is a mathematical rule that determines how a basic buildingblock (BB) of a crypto-system, with finite input and output lengths, can be iterated to allow inputs (e.g. message, plaintext) of arbitrary lengths. A very well-known example of MOO/BB pair is OFB/AES-128 (where the crypto-system is a block cipher). Another example is Sponge/Keccak (where the crypto-system is a hash-function). However, note that none of the above pairs are suitable for highly constrained devices such as RFID tags because of their large memory requirements.
The last couple of years have seen a wave of symmetric primitives being proposed for implementation in constrained devices: PHOTON, SPONGENT, PRESENT, QUARK, KECCAK, ARMADILLO, MAME, SQUASH, HIGHT, KATAN, KTANTAN, SEA, LED, GRAIN are some of them. In this talk I shall focus on the modes of operation of light-weight symmetric primitives, with a special emphasis on hash functions. The purpose of the talk is to initiate the discussion on the usefulness and the limitation of these modes of operation, mainly from the point of view of implementation, and on the possible ways to improve upon them. A new proposal for a hash mode of operation will be given, along with its advantages and disadvantages, to determine how the new mode compares with the existing ones.
Cryptography for Reconfigurable Low-Power Devices
Until recently low-power cryptography was targeted towards Application Specific Integrated Circuits (ASICs). However, Field Programmable Gate Arrays (FPGAs) have been gaining popularity due to their much lower non-recurring cost. Furthermore, the recent advent of low-power FPGAs for battery powered devices has spurred this trend. In order to provide cryptography for these reconfigurable low-power devices my research has been a three pronged approach. First, we introduced the concept of lightweight cryptography for FPGAs and developed several optimization techniques. As a result we developed the smallest block cipher implementations and the first comprehensive set of lightweight implementations of the SHA-3 candidates on FPGAs. The National Institute for Standards and Technology (NIST) is evaluating these candidates to determine the next American hash standard SHA-3. In order to tackle the challenge of a fair comparison of hardware implementations of multiple functions, we started the project ATHENa - Automated Tool for Hardware EvaluatioN, which is currently funded by an ARRA grant from NIST. The second line of my research is concerned with protecting these FPGA implementations from Side-Channel Attacks (SCAs). Differential Power Analysis (DPA) is the most powerful of these attacks and countermeasures against it have only been successfully applied to ASICs. Therefore, we developed new countermeasures for FPGAs that have minimal area overhead and hence minimal power overhead while providing adequate protection. This year we published a countermeasure called ISDDL which increases the security against DPA by a factor of 27 while consuming less than 3 times the area. Finally, I research how to apply these secure cryptographic implementations to wireless sensor nodes. As an initial research result we have discovered that performing even simple cryptographic algorithms on an FPGA saves energy compared to executing this algorithm in software on the microcontroller of the sensor node. Optimizing the FPGA -- microcontroller interface and implementing more complex functions is part of my future research
Secure Memory Management for Embedded Devices
Security is a focus nowadays for designers of embedded applications and devices. Sensitive data is constantly being exchanged as mobile devices become more and more pervasive in society, and users would like to see their sensitive information protected. Devices that exchange sensitive data are in need of new methods of anti-tampering, security, and ensuring data integrity.
Most embedded hardware applications consist of a processor, custom peripherals for the processor, a cache interface, and external memory for storage of the data and program code. A system such as this can be realized using Field Programmable Gate Array (FPGA) technology. FPGAs are configurable hardware that provides a fast and inexpensive means of prototyping new systems. Both hard and soft core embedded processors are available from manufacturers such as Xilinx and Altera. In addition there are numerous processors, co-processors, and other types of IP cores available on the market, as well as, in an open-source format.
Technology is available for Field Programmable Gate Arrays (FPGA) to prevent tampering of the chip itself; however there is no technology to prevent physical attacks on the bus interfaces between the chip and its external peripherals. It has been proven that it is possible to design a hardware core that fits between an on-board soft core processor's cache-interface located on the FPGA and the external memory that can provide some of the security needed to thwart such attacks. The basic requirements for such are core are to provide a means of securing the data (i.e. encryption) and a means of validating the data's integrity.
In this project, a hardware core was developed, based on previous work, to provide the encryption/decryption aspects of this schema. A discussion of the principles, design, results on a Xilinx FPGA, and suggested future work is presented.
A Hardware Implementation of the SOM for a Network Intrusion Detection System
Brent Roeder, MS CpE Master's Thesis Presentation
Date: Thursday, July 28th, 11:00 AM, Location: Engineering Building, Room 3507
This thesis describes the research and development of a hardware implementation of the self organizing map (SOM) for a network intrusion detection system. As part of the thesis research, Kohonen’s SOM algorithm was examined and different hardware implementations for the SOM were surveyed. This survey resulted in the design and implementation of a conventional SOM, which was then modified for use as a detector of anomalous network traffic as part of a network intrusion detection system. The resulting implementation known as the port agent SOM is both smaller in area and supports higher data throughput than the conventional SOM, as was quantified through post place and route analysis. This thesis can serve as a tool for developing hardware implementations of the SOM, especially if their intended application is anomaly detection.
Side-Channel Analysis of Block Ciphers using CERG-GMU Interface on SASEBO-GII
Field Programmable Gate Array(FPGAs) are used as a common platform for almost any type of design due to an increase in their logic capacity and various features such as DSP blocks, embedded processors, etc. A cryptographic algorithm implemented on FPGAs leaks data sensitive information through side channels such as power consumption, time taken for computations, temperature, etc. Many side-channel cryptanalysis methods exist to attack the physical implementation of cryptographic algorithms, thus rendering the algorithms insecure. One branch of side-channel attack is Differential Power Analysis (DPA); where the attack is based on information gained from the power consumption of the cryptosystem. Recently, the Research Center for Information (RCIS) of AIST and Tohoku University developed the Side Channel Attack Standard Evaluation Board (SASEBO) as a common platform for evaluating side channel attacks. There are two FPGAs on a SASEBO board, a cryptographic FPGA - where the algorithm is implemented and a control FPGA - which communicates the data between the software (SASEBO Waveform Acquisition) and the cryptographic FPGA in an effcient manner. Sasebo Waveform Acquisition interacts with the hardware for processing data and collecting power traces for a DPA attack.
The current interface between the control and cryptographic FPGA on the SASEBO-GII board is used to implement a block cipher and a hash algorithm. However, as the standard hardware interface proposed by the Cryptographic Engineering Research Group (CERG) of George Mason University has a different protocol for block ciphers and hash functions, the algorithms could not be directly integrated with the SASEBO-GII interface. This thesis focuses on designing a new interface, with modifications made to the original SASEBO waveform acquisition software and the hardware on the control FPGA to interact with the protocol of CERG-GMU. The data communication between the software and hardware with implementations of lightweight block cipher was tested successfully on the modified 8-bit interface. Also, results from the DPA attack on AES on both the original SASEBO-GII interface and the modified interface are discussed.
IPsec Implementation in Embedded systems for Partial Reconfigurable Platforms
Internet Protocol Security (IPsec) provides essential security against attacks on data transmitted over the Internet through different security services provided by cryptographic algorithms like encryption modules and hash functions. Due to the importance of IPsec, it has been implemented in hardware and software with different designs and parameters to suit different platforms and provide better solutions. Among the popular implementations of IPsec in hardware are those that target FPGA platforms because of the flexibility they offer the designer, ease of programming and high speeds that cannot be achieved through software. Due to the fact that FPGAs are resource limited devices, even effcient implementations of IPsec with all the services it provides might not fit on low cost devices or low area devices that are meant for light weight implementations. A solution to this problem can be Partial Reconfiguration which allows some IPsec services to be available in the system and the remaining services can be recalled when needed by an application. Partial Reconfiguration is a configuration method for FPGAs that allows certain portions of the device to be reconfigured during run-time without affecting other portions in the system or their functionality. In this thesis we will investigate the effect of implementing IPsec services using Partial Reconfiguration in terms of speed, area and reconfiguration time.
For that, we built an embedded system controlled through an embedded processor to provide self reconfiguration of the system through a software application. We also implemented different versions of the embedded system using Microblaze and PowerPC embedded processors targeting two different platforms (Virtex-4 and Virtex-II-Pro) to perform thorough testing on the proposed design and analyze the results.
ECE 746 Advanced Cryptography, Project Presentations
Date: Tuesday, May 10th, 7:20 PM - 11:00 PM, Location: Engineering Building, Room 3507
Join us for a night of exciting presentations by ECE 746 students. The exact schedule is posted here (PDF). Bilal Habib, Ekawat Homsirikamol, Kishore Kumar Surapathi, Smriti Gurung, Rabia Shahid, Malik Umar Sharif, John Pham, and Ahmad Salman of our research group will be presenting. Please come over to cheer them on!