Low-cost fault detection method for ECC using Montgomery powering ladder

Karaklajic, Dusko; Fan, Junfeng; Schmidt, Jörn-Marc; Verbauwhede, Ingrid

doi:10.1109/date.2011.5763165

Cited by 15 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the protocol, the tag's identity information adopts 96-bit electronic product coding of EPC Global RFID standard, and the output of the hash function is 160 bits in order to reduce the risk of birthday attack. According to the montgomery algorithm [16] on standard projective coordinates, the input of the algorithm is only its affine x-coordinate, which can decrease the size of the messages.…”

Section: Security Analysis and Performance Comparisonmentioning

confidence: 99%

ECC-based RFID/NFC Mutual Authentication Protocol

Wei-Guang¹,

Dong²,

Yuan³

2015

Proceedings of the 2015 2nd International Workshop on Materials Engineering and Computer Sciences

View full text Add to dashboard Cite

RFID (Radio Frequency IDentification) is a generic term for technologies that use radio signals to automatically identify objects in the IoT (Internet of Things). NFC (Near Field Communication) originating from RFID is a wireless peer-to-peer communication technology, which is widely applied to mobile phones for contactless payment. The open link between the RFID tag and reader is vulnerable to various attacks, such as eavesdropping, tampering and impersonating, etc. PKC (Public Key Cryptography) based authentication is able to solve the above problem. Compared with authentication methods based on symmetric key, PKC is more secure, flexible and suitable for large-scale RFID/NFC applications due to its flexible key management and high security. However, the traditional PKC technologies are not able to be directly applied to low-cost RFID tags because of the limited computing and storage capacity of tags. To alleviate this issue, we propose a low-cost RFID authentication protocol based on ECC (Elliptic Curve Cryptography) that has high security level and small size parameters. The protocol combines the cryptoGPS identification protocol and the precomputing based Diffie-Hellman key exchange method which is proposed in this paper. The security of the protocol is analyzed and proved under the random oracle model.

show abstract

Section: Security Analysis and Performance Comparisonmentioning

confidence: 99%

ECC-based RFID/NFC Mutual Authentication Protocol

Wei-Guang¹,

Dong²,

Yuan³

2015

Proceedings of the 2015 2nd International Workshop on Materials Engineering and Computer Sciences

View full text Add to dashboard Cite

show abstract

“…Another widely exploited protection of the MPL [84] based exponentiation is checking a coherency between the intermediate variables in the algorithm. Checking if the difference between two intermediate points is exactly one base point is an efficient fault detection for ECC [85], [86]. Similarly, the coherence between the two intermediates can be used to detect faults in RSA implementations.…”

Section: B Fault Detection Mechanismsmentioning

confidence: 99%

“…For instance, if the protection requires redundant memory locations, its area overhead can be up to 30% [78]. On the other hand, if the existing memory and datapath can be re-used, the area overhead can be as low as 1% [94]. The introduced time overhead mainly depends on the frequency of the countermeasure's activation.…”

Section: Effectiveness and Cost Of The Countermeasuresmentioning

confidence: 99%

“…The introduced time overhead mainly depends on the frequency of the countermeasure's activation. For example, if an error detection is activated only at the end of the algorithm, the time overhead could be less then 1% [95], [78], [94]. On the other hand, if a concurrent error detection is required, which implies the fault detection after each round of the algorithm, the time overhead is significantly increased [78].…”

Section: Effectiveness and Cost Of The Countermeasuresmentioning

confidence: 99%

See 1 more Smart Citation

Hardware Designer's Guide to Fault Attacks

Karaklajic

Schmidt

Verbauwhede

2013

IEEE Trans. VLSI Syst.

158

View full text Add to dashboard Cite

Hardware designers invest a significant design effort when implementing computationally intensive cryptographic algorithms onto constrained embedded devices to match the computational demands of the algorithms with the stringent area, power and energy budgets of the platforms. When it comes to designs that are employed in potential hostile environments, another challenge arises: the design has to be resistant against attacks based on the physical properties of the implementation, the so-called implementation attacks. This creates an extra design concern for a hardware designer. This paper gives an insight into the field of fault attacks and countermeasures to help the designer to protect the design against this type of implementation attacks. We analyze fault attacks from different aspects and expose the mechanisms they employ to reveal a secret parameter of a device. In addition, we classify the existing countermeasures and discuss their effectiveness and efficiency. The result of this work is a guide for selecting a set of countermeasures which provides a sufficient security level to meet the constraints of the embedded devices.

show abstract

“…Algorithmic protections have been proposed by Giraud [22] (and many others [16,32,29]) for CRT-RSA, which naturally transpose to ECC, as shown in [28]. These protections are implementation specific (e.g., depend on the chosen exponentiation algorithm) and are thus difficult to automate, requiring specialized engineering skills.…”

mentioning

confidence: 99%

Using modular extension to provably protect Edwards curves against fault attacks

Dugardin

Guilley

Moreau³

et al. 2017

J Cryptogr Eng

View full text Add to dashboard Cite

Abstract. Fault injection attacks are a real-world threat to cryptosystems, in particular asymmetric cryptography. In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future fault attacks. Namely, we study the modular extension protection scheme in previously existing and newly contributed variants of the countermeasure on elliptic curve scalar multiplication (ECSM) algorithms. We find that an existing countermeasure is incorrect and we propose new "test-free" variant of the modular extension scheme that fixes it. We then formally prove the correctness and security of modular extension: specifically, the fault non-detection probability is inversely proportional to the security parameter. Finally, we implement an ECSM protected with test-free modular extension during the elliptic curve operation to evaluate the efficient of this method on Edwards and twisted Edwards curves.

show abstract

Low-cost fault detection method for ECC using Montgomery powering ladder

Cited by 15 publications

References 13 publications

ECC-based RFID/NFC Mutual Authentication Protocol

ECC-based RFID/NFC Mutual Authentication Protocol

Hardware Designer's Guide to Fault Attacks

Using modular extension to provably protect Edwards curves against fault attacks

Contact Info

Product

Resources

About