Demystifying elliptic curve cryptography: Curve selection, implementation and countermeasures to attacks

Dhanda, Sumit Singh; Singh, Brahmjit; Jindal, Poonam

doi:10.1080/09720502.2020.1731959

Cited by 12 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several other proposed solutions to address threats to confidentiality in 5G networks. One approach is to use lightweight encryption methods, such as elliptic curve cryptography [137] or post-quantum cryptographic solutions [16]. Another option is to implement end-to-end (E2E) security using IP security (IPSec) or transport layer security (TLS) encryption [119].…”

Section: A: Confidentiality Threatsmentioning

confidence: 99%

Security Threats to 5G Networks for Social Robots in Public Spaces: A Survey

Oruma¹,

Petrović

2023

IEEE Access

View full text Add to dashboard Cite

This paper surveys security threats to 5G-enabled wireless access networks for social robots in public spaces (SRPS). The use of social robots (SR) in public areas requires specific Quality of Service (QoS) planning to meet its unique requirements. Its 5G threat landscape entails more than cybersecurity threats that most previous studies focus on. This study examines the 5G wireless RAN for SRPS from three perspectives: SR and wireless access points, the ad hoc network link between SR and user devices, and threats to SR and users' communication equipment. The paper analyses the security threats to confidentiality, integrity, availability, authentication, authorisation, and privacy from the SRPS security objectives perspective. We begin with an overview of SRPS use cases and access network requirements, followed by 5G security standards, requirements, and the need for a more representative threat landscape for SRPS. The findings confirm that the RAN of SRPS is most vulnerable to physical, side-channel, intrusion, injection, manipulation, and natural and malicious threats. The paper presents existing mitigation to the identified attacks and recommends including physical level security (PLS) and post-quantum cryptography in the early design of SRPS. The insights from this survey will provide valuable risk assessment and management input to researchers, industrial practitioners, policymakers, and other stakeholders of SRPS.INDEX TERMS Social robots, 5G, threat landscape, security, privacy, centralised ledger databases, multiaccess edge computing (MEC).

show abstract

Section: A: Confidentiality Threatsmentioning

confidence: 99%

Security Threats to 5G Networks for Social Robots in Public Spaces: A Survey

Oruma¹,

Petrović

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…It is important to point out that this paper concentrates on private-key ciphers, yet there are numerous studies that have concentrated on the implementation of public-key algorithms and their ability to withstand attacks from third parties. As evidence of this, there have been studies on effective executions of public-key algorithms such as the elliptic curve and RSA [ 9 , 10 , 11 , 12 ], as well as theoretical attacks [ 13 , 14 , 15 ]. Consequently, this study concentrates on the implementation of a security system on private-key encryption systems, while public-key encryption systems are not included.…”

Section: Introductionmentioning

confidence: 99%

Protecting FPGA-Based Cryptohardware Implementations from Fault Attacks Using ADCs

Potestad-Ordóñez,

Casado-Galán,

Tena-Sánchez

2024

Sensors

View full text Add to dashboard Cite

The majority of data exchanged between connected devices are confidential and must be protected against unauthorized access. To ensure data protection, so-called cryptographic algorithms are used. These algorithms have proven to be mathematically secure against brute force due to the key length, but their physical implementations are vulnerable against physical attacks. The physical implementation of these algorithms can result in the disclosure of information that can be used to access confidential data. Some of the most powerful hardware attacks presented in the literature are called fault injection attacks. These attacks involve introducing a malfunction into the normal operation of the device and then analyzing the data obtained by comparing them with the expected behavior. Some of the most common methods for injecting faults are the variation of the supply voltage and temperature or the injection of electromagnetic pulses. In this paper, a hardware design methodology using analog-to-digital converters (ADCs) is presented to detect attacks on cryptocircuits and prevent information leakage during fault injection attacks. To assess the effectiveness of the proposed design approach, FPGA-based ADC modules were designed that detect changes in temperature and supply voltage. Two setups were implemented to test the scheme against voltage and temperature variations and injections of electromagnetic pulses. The results obtained demonstrate that, in 100% of the cases, when the correct operating voltage and temperature range were established, the detectors could activate an alarm signal when the cryptographic module was attacked, thus avoiding confidential information leakage and protecting data from being exploited.

show abstract

“…It should be noted that there are many works that study public key encryption implementations and analyze their robustness against different attacks. As a brief example for the reader, efficient implementations of public key algorithms (ECC and RSA) are presented in [14][15][16][17], and theoretical attacks are described in [18][19][20]. Due to the great number of encryption systems that exist, as mentioned above, at this point we focus on the analysis of private key ciphers because public key ciphers are out of our scope.…”

Section: Introductionmentioning

confidence: 99%

Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Potestad-Ordonez

Barrero

Oliva

et al. 2020

Sensors

View full text Add to dashboard Cite

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

show abstract

Demystifying elliptic curve cryptography: Curve selection, implementation and countermeasures to attacks

Cited by 12 publications

References 4 publications

Security Threats to 5G Networks for Social Robots in Public Spaces: A Survey

Security Threats to 5G Networks for Social Robots in Public Spaces: A Survey

Protecting FPGA-Based Cryptohardware Implementations from Fault Attacks Using ADCs

Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Contact Info

Product

Resources

About