Servicios de seguridad en ambientes computacionales...

Seguridad en Sistemas de Información

Verano 2004Francisco Rodríguez Henríquez

Servicios de seguridad en ambientes computacionales

altamente restringidos

Francisco Rodríguez-HenríquezCINVESTAV-IPN

Depto. de Ingeniería Eléctrica Sección de Computación



Antecedents and Motivation



Security Systems by layersApplications: Secure e-mail, Digital Money, Smart

Cards, Firewalls, etc.Applications: Secure e-mail, Digital Money, Smart

Cards, Firewalls, etc.

Communication Protocols : SSL, TLS, WTLS, WAP, etc.

Communication Protocols : SSL, TLS, WTLS, WAP, etc.

Security Services: Confidentiality, Data Integrity, Data Authentication, Non-Repudiation

Security Services: Confidentiality, Data Integrity, Data Authentication, Non-Repudiation

Crypto User Functions: Encrypt/Decrypt, Sign/verify

Crypto User Functions: Encrypt/Decrypt, Sign/verify

Public Key Crypto Algorithms: RSA, ECCSymmetric Crypto Algorithms: AES, DES, RC4, etc.

Public Key Crypto Algorithms: RSA, ECCSymmetric Crypto Algorithms: AES, DES, RC4, etc.

Computer Arithmetic : Addition, Squaring, multiplication, inversion and exponentiationComputer Arithmetic : Addition, Squaring, multiplication, inversion and exponentiation



Security Services

• Confidentiality - protect info value

• Authentication - protect info origin (sender)

• Identification - ensure identity of users

• Integrity - protect info accuracy

• Non-repudiation - protect from deniability

• Access control - access to info/resources

• Availability - ensure info delivery



Some Practical Applications

"Any sufficiently advanced technology is indistinguishable from magic.”

Arthur C. Clarke.• secure mail• secure communications• network authentication• electronic voting• electronic notary• digital money (digital wallet)• data distribution



Characteristics of Traditional IT Applications

• Mostly based on interactive (= traditional) computers

• „One user – one computer“ paradigm

• Static networks

• Large number of users per network

Q: How will the IT future look?

The IT Future



• Bridge sensors• Cleaning robots• Car with various IT services• Networked robots• Smart street lamps• Pets with electronic sensors• Smart windows



Characteristics of Ubiquitous Computing Systems

• Embedded nodes (no traditional computers)

• Connected through wireless, close-range network (“Pervasive networks”)!

• Ad-hoc networks: Dynamic addition and deletion of nodes

• Power/computation/memory constrained!

• Vulnerable

Examples for Ubiquitous Computing



• PDAs, 3G cell phones, ...• Living spaces will be stuffed with nodes• So will cars• Wearable computers (clothes, eye glasses,

etc.)• Household appliances• Smart sensors in infrastructure (windows,

roads, bridges, etc.)• Smart bar codes (autoID)• “Smart Dust”• ...



Security and Economics of Ubiquitous Computing

• „One-user many-nodes“ paradigm (e.g. 102-103

processors per human)

• Many new applications we don‘t know yet

• Very high volume applications

• Very cost sensitive

• People won‘t be willing to pay for security per se

• People won‘t buy products without security



Where are the challenges for embedded security?

• Designers worry about IT functionality, security is ignored or an afterthought

• Attacker has easy access to nodes

• Security infrastructure (PKI etc.) is missing: Protocols???

• Side-channel and tamper attacks

• Computation/memory/power constrained

Will that ever become reality??



We don’t know, but: CPUs sold in 2000



Implementation Platforms



PlatformsCryptographic algorithms can be implemented through

SoftwareASICFPGAs

Choice of platform depends upon

Algorithm performanceCostFlexibility



Platform Implementation for Cryptographic Algorithms

Software

General purpose µProcs, Embedded µProcs, etc.General purpose µProcs, Embedded µProcs, etc.

Cryptographic Algorithms

Classic Hardware Reconfigurable HW

•

FPGAsFPGAsVLSI ASIC chips VLSI ASIC chips



Platform Comparison

ASIC Reconfigurable Hardware

Processor

Performance

Flexibility

Unit Cost

Development Cost



Platform Features

SoftwareMaximum flexibility Low PerformanceLow cost

ASICHigh performance No flexibility at all

High costFPGAs

Reasonable flexibilityLow costHigh performance



Why Crypto-algorithms in Hardware

Two main reasons:

1. Software implementations are too slow for some applications (symmetric alg: encryption rates 100 Mbit/sec public-key alg: > 10 msec)

2. Hardware implementations are intrinsically more physically secure: Key access and algorithm modication is considerably harder.

But why reconfigurable hardware?



Potential advantages of crypto algorithms implemented on reconfigurable platforms:

1. Algorithm Agility2. Algorithm Upgrade3. Architecture Efficiency4. Resource Efficient5. Algorithm Modification6. (Throughput relative to software)7. (Cost Efficiency relative to ASICs)



Crypto and FPGAs: Algorithm Agility

Observation: Modern security protocols are defined tobe algorithm independent:• Encryption algorithm is negotiated on a per-session

basis.• Wide variety of ciphers can be required. Ex: IPsec-

allowed algorithms: DES, 3DES, Blow-Fish, CAST, IDEA, RC4 and RC6, & future extensions!

• Same holds for public-key algorithms, e.g., Diffie-Hellman and ECDH.

Recall that: ASIC solutions can provide algorithm agilityonly at high costs.



Crypto and FPGAs: Algorithm Upgrade

Applications may need upgrade to a new algorithm because:• Current algorithms was broken (DES)• Standard expired (again DES)• New standard was created (AES)• Algorithm list of algorithm independent protocol was

extended

Upgrade of ASIC-implemented algorithm is practicallyinfeasible if many devices are affected or in applicationssuch as satellite communications.



Crypto and FPGAs: Architecture Efficiency

In certain cases a hardware architecture can be much more efficient if it is designed for a specific set of parameters. Parameters for cryptographic algorithms can be for example the key, the underlying finite field, the coefficient used (e.g., the specific curve of an ECC system), and so on. Generally speaking, the more specific an algorithm is implemented the more efficient it can become.



Crypto and FPGAs: Resource Efficiency

Observation: The majority of security protocols usesprivate-key as well as public-key algorithms during

one session, but not simultaneous.

Same FPGA device can be used for both through runtime reconguration.



Crypto and FPGAs: Algorithm Modification

• Some applications require Public algorithms (such as AES candidates) with proprietary modules, e.g., proprietary S-boxes or permutations.

• Change of modes of operations (feedback modes,• counter mode, etc.)• Crypto-analytical implementation, such as key-search• machines, may use slightly altered version of the• algorithms.

With FPGAs, these changes can readily be implemented.



FPGA: Field programmable Gate Arrays



Configurable Logic Block

CombinationalLogic

CombinationalLogic

1-bitreg

1-bitreg

16x1RAM

4

16x1RAM

4

1-bitreg

1-bitreg4

4

Logic Mode Memory Mode



Virtex-II Pro

Feature/Product XC2VP2

XC2VP4

XC2VP7

XC2VP20

XC2VP30

XC2VP40

XC2VP50

XC2VP70

XC2VP100

XC2VP125

EasyPath cost reduction - - - - XCE2VP30

XCE2VP40

XCE2VP50

XCE2VP70

XCE2VP100

XCE2VP125

Logic Cells 3,168 6,768 11,088 20,880 30,816 43,632 53,136 74,448 99,216 125,136

Slices 1,408 3,008 4,928 9,280 13,696 19,392 23,616 33,088 44,096 55,616BRAM (Kbits) 216 504 792 1,584 2,448 3,456 4,176 5,904 7,992 10,00818x18 Multipliers 12 28 44 88 136 192 232 328 444 556Digital Clock Management Blocks 4 4 4 8 8 8 8 8 12 12

Config (Mbits) 1.31 3.01 4.49 8.21 11.36 15.56 19.02 25.6 33.65 42.78

PowerPC Processors 0 1 1 2 2 2 2 2 2 4

Max Available Multi-Gigabit Transceivers* 4 4 8 8 8 12* 16* 20 20* 24*

Max Available User I/O* 204 348 396 564 644 804 852 996 1164 1200

1 Logic Cell = (1) 4-input LUT + (1) FF + (1) Carry Logic1 CLB = (4) Slices

http://www.xilinx.com/products/tables/fpga.htm#v2p

Wireless Ad-Hoc Network





Smart Cards



Multi-hop cellular

S

D

• Set of base stations connected to a backbone (like in cellular)

• Potentially, multi-hop communication between the mobile station and the base station (unlike in cellular)



Multi-hop cellular• Advantages:

– Energy consumption of the mobile stations can be reduced– Immediate side effect: Reduced interference– Number of base stations (fixed antennas) can be reduced– Coverage of the network can be increased– Closely located mobile stations can communicate

independently from the infrastructure (ad hoc networking)

• Disadvantages:– Routing?– Synchronization?



A model

• Multi-hop up-link• Single-hop down-link S

D



Where are the challenges for embedded security?

• Designers worry about IT functionality, security is ignored or an afterthought

• Attacker has easy access to nodes • Security infrastructure (PKI etc.) is

missing: Protocols???• Side-channel and tamper attacks• Computation/memory/power

constrained



Why do constraints matter?

• Almost all ad-hoc protocols (even routing!) require crypto ops for every hop

• At least symmetric alg. are needed• Asymmetric alg. allow fancier protocols

Question: What type of crypto can we do?



Security on Different Embedded Processors



Classification by Processor PowerVery rough classification of embedded processors

Class speed : high-end Intel

Class 0: few 1000 gates ?Class 1: 8 bit µP, ≤ 10MHz ≈ 1: 103

Class 2: 16 bit µP, ≤ 50MHz ≈ 1: 102

Class 3: 32 bit µP, ≤ 200MHz ≈ 1: 10



Case Study Class 0: RFID



Case Study Class 0: RFID

Recall: Class 0 = no µP, few 1000 gates

• Goal: RFID as bar code replacement• Cost goal 5 cent (!)• allegedly 500 x 109 bar code scans worldwide per day

(!!)• AutoID tag: security “with 1000 gates” [CHES 02]

– Ell. curves (asymmetric alg.) need > 20,000 gates– DES (symmetric alg.) needs > 5,000 gates– Lightweight stream ciphers might work



RFIDs Applications• Expired Milk Reported

• Within two decades, the minuscule transmitters are expected to replace the familiar product bar codes

• Alerting consumers

• help you manage your inventory a lot better

• tell you that a prescription is in the waiting bin

• provide details to marketers about a family's eating

• the technology raises privacy concerns



Status Quo: Crypto for Class 1

Recall: Class 1 = 8 bit µP, ≤ 10MHz

Symmetric alg: possible at low data rates

Asymm.alg: very difficult without coprocessor





Symmetric alg: possible

Asymm.alg: possible if

• carefully implemented, and

• algorithms carefully selected (ECC feasible; RSA & DL still hard)





Symmetric alg: possible

Asymm.alg: full range (ECC, RSA, DL) possible, some care

needed for implementation

Servicios de seguridad en ambientes computacionales...

Documents

Transcript of Servicios de seguridad en ambientes computacionales...