Lightweight Authentication Protocols on Ultra-Constrained RFIDs - Myths and Facts

Armknecht, Frederik; Hamann, Matthias; Mikhalev, Vasily

doi:10.1007/978-3-319-13066-8_1

Cited by 27 publications

(16 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Applications. Take the application of passive RFID tags for example, Simeck should satisfy the following requirements in order to be used in practice: 1) The area of Simeck should be less than 2000 GEs [18,2].…”

Section: Introductionmentioning

confidence: 99%

The Simeck Family of Lightweight Block Ciphers

Yang

Zhu

Suder

et al. 2015

Lecture Notes in Computer Science

183

124

View full text Add to dashboard Cite

Two lightweight block cipher families, Simon and Speck, have been proposed by researchers from the NSA recently. In this paper, we introduce Simeck, a new family of lightweight block ciphers that combines the good design components from both Simon and Speck, in order to devise even more compact and efficient block ciphers. For Simeck32/64, we can achieve 505 GEs (before the Place and Route phase) and 549 GEs (after the Place and Route phase), with the power consumption of 0.417 µW in CMOS 130nm ASIC, and 454 GEs (before the Place and Route phase) and 488 GEs (after the Place and Route phase), with the power consumption of 1.292 µW in CMOS 65nm ASIC. Furthermore, all of the instances of Simeck are smaller than the ones of hardware-optimized cipher Simon in terms of area and power consumption in both CMOS 130nm and CMOS 65nm techniques. In addition, we also give the security evaluation of Simeck with respect to many traditional cryptanalysis methods, including differential attacks, linear attacks, impossible differential attacks, meet-in-the-middle attacks, and slide attacks. Overall, all of the instances of Simeck can satisfy the area, power, and throughput requirements in passive RFID tags.

show abstract

Section: Introductionmentioning

confidence: 99%

The Simeck Family of Lightweight Block Ciphers

Yang

Zhu

Suder

et al. 2015

Lecture Notes in Computer Science

183

124

View full text Add to dashboard Cite

show abstract

“…We note that there exist an implementation of Trivium [32] using dynamic logic which requires only 749 GEs. However the lower bound on the clock frequency of this implementation is 1 MHz, which is not achievable in restricted devices [4].…”

Section: Implementation Resultsmentioning

confidence: 96%

“…The reason is twofold here. First, storing a fixed value does not require any volatile memory such as flip-flops and can be simply realized by burning it into the device using for example fuses (see [4] for more discussions). Second, other lightweight stream ciphers would, if used on restricted devices such as RFID, likewise require to store the key in non-volatile memory so that when the device is restarted the cipher has to be initialized with the original key.…”

Section: Implementation Resultsmentioning

confidence: 99%

See 1 more Smart Citation

On Lightweight Stream Ciphers with Shorter Internal States

Armknecht

Mikhalev

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter. As memory gates are usually the most area and power consuming components, this implies a sever limitation with respect to possible lightweight implementations. In this work, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher Sprout which uses significantly less area than comparable existing lightweight stream ciphers.

show abstract

“…[14][15][16][17][18]. Multiple issues have been raised about the feasibility of implementing HB-based protocols for ultraconstrained devices [19]. In this work, we design a novel distance-bounding/authentication protocol based on HB + that is feasible in constrained environments (RFID tags).…”

Section: Introductionmentioning

confidence: 98%

HB+DB, mitigating man-in-the-middle attacks against HB+ with distance bounding

Pagnin

Yang

Hancke

et al. 2015

Proceedings of the 8th ACM Conference on Security &Amp; Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The HB + protocol performs device authentication based on the learning parity with noise (LPN) problem and simple computational steps, that renders it suitable for resource-constrained devices such as radio frequency identification (RFID) tags. However, it has been shown that the HB + protocol as well as many of its variants are vulnerable to a simple man-in-the-middle attack. We demonstrate that this attack could be mitigated using physical layer measures from distance-bounding and simple modifications to devices' radio receivers. Our hybrid solution (HB + DB) is shown to provide both effective distance-bounding using a lightweight HB + -based response function, and resistance against the man-in-the-middle attack to HB + . We provide experimental evaluation of our results as well as a brief discussion on practical requirements for secure implementation.

show abstract

Lightweight Authentication Protocols on Ultra-Constrained RFIDs - Myths and Facts

Cited by 27 publications

References 34 publications

The Simeck Family of Lightweight Block Ciphers

The Simeck Family of Lightweight Block Ciphers

On Lightweight Stream Ciphers with Shorter Internal States

HB+DB, mitigating man-in-the-middle attacks against HB+ with distance bounding

Contact Info

Product

Resources

About