Modern Symmetric Cryptography methodologies and its applications

Modern Symmetr ic Cryptography meth odologies and its app lications Amin Daneshman d Malay eri Department of Computer Engineering Young Researchers Cl ub, Malayer Azad Universit y Malayer, Iran amin.daneshmand@ gmail.com Jalal Abdollahi Department of Computer Engineering Hamedan University of Techno logy Hamedan , Iran jalal.abdollahi66@gmail.co m Abstract —Nowadays, using cryptographic systems play an effective role in security and safety technologies. One of the most applied kind of cryptography is Symmetric Cryptography and its applications. New aspects of symmetric Cryptography methodologies and applications has been presented by this paper. Security-based networks and some complex technolo- gies such as RFID and parallel security settings has been intro- duced by using Symmetric Cryptography is the main base of discussion in this paper. Desi gning an unique protocol for Symmetric Cryptography in security networks elements is our focus. Reviewing benef its of using these methodologies has been pre- sented and discussed in this paper. Keywords- Cryptography; Symmetric Cryptography; RFID; parallel security; Complex designing I. I NTRODUCTION I t is widely recognized that securit y issues play a crucial rol e in the majorit y of computer and communic ation sys- tems. A central to ol for achieving software prot ection is Cryptography. Cryptographi c algorithms are most efficient- ly imp lemented in custom hardware than in software run- ning on general purpose process ors. Hardware implement a- tions are of extreme importance in case of high perfor- mance, securit y against system intruders and bus y systems, where a cryptographic task consumes too much time. Tradi- tion al ASIC solutions have the well-known drawback of reduced flexibility compare d to software solutions. Since modern sec urity prot ocols are increasin gly becomi ng algo- rithm ind ependent, a high degree of fle xibility wit h respect to the cryptographic algorithms is desirable. The security degrees of all the techniques are based on the har dness of mathematical problems. Among them, Elliptic curve cr y pto- graphy shows a promise to be an alternative of RSA. A promising solution which combines high flexibility with the speed and physical security of traditional hardw are is the implementation of cryptographi c algorithms on reconfigura- ble devi ces such as FPGAs. FPGAs are hardware devices whose function is not fixed and which can be program med in-s y stem [1]. It is essential for providin g some requirements in Hardware and Software systems security. By usin g Symmetric Cryp- tography and its aspects, we can design some complex secu- rit y systems with encr y ption algorithms. When we use a complex system li ke RFID tags, its security must be covered all o f its elements. II. S YMMETRI C C RYPTOGRAPHY Symmetri c key systems require both the sender and the re- cipient to have the same key. This key is used by the sender to encrypt the data, and again by the recipient to decrypt the data. Key exchange is clearly a prob lem. How do y ou se- curel y send a ke y that will enable you to send other data securel y ? If a pri vate key is intercepted or stolen, the adver- sar y can act as either party and view all data and communi- cations. You can think of the symmetric crypto sy st em as akin to the Chubb type of door locks. You must be in pos- session of a key to both open and lock the door. Symmetri c cryptograph y uses a singl e private key to both encrypt and decr y pt data. Any part y that h as the key can use it to encr y pt and decr y pt data. They are also referred to as block ciphers. Symmetri c cryptograph y algo rithms are typicall y fast and are suit able for processing large streams of dat a. The disadvantage of symmetric cryptograph y is that it pre- sumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communica- tion. This is a significant challenge. Symmetric algorithms are usu ally mixed wit h public ke y algorit hms to obtain a blend of security and speed. III. S YMMETRIC C RYPTOGRA PHY AND ENCRYPTI ON MODUL ES AL GORITHMS IN RFID- BASED SYSTEMS Radio Frequenc y Identi fication (RFID) is an emerging tech- nology. The main idea behind it is to attach a so called RFID tag to every obj ect in a particular environm ent and give a digital id entity to all these objects. An RFID tag is a small microchip, with an antenna, holdi ng a unique ID and other information which can be sent over radio frequenc y . The information can be automatically read and registered b y RFID readers. The data recei ved by the RFID reader can be subsequently proces sed by a back-end datab ase. Figure 1 gives a graphi cal overview of an RFID system. Figure 1: Overview of an RFID system The range of possible applications varies with the capability of the tag and is separated by di fferent class es. Class 0 and Class 1 RFID tags are used as barcode replacem ent and are read-onl y or can be programmed only once in the field, re- spectivel y . Invento ry mai ntenance which is used in the supply chain management can be automated using su ch tags. The y are cheap (appro ximately 5 Cents) and can be used on item-level on nearly ever y pro duct. This paper is focusing on mor e advanced tags (Class 2) whi ch also have a rewrita- ble memory and additional hardware resources but do not have an active power supply on th e tag. The energy for op- eration is pulled from the electromagnetic field provided by the reader. In addition, the reader also provides the digital clock freq uency for operat ion. Certain mo dulation methods are used for communic ation from the reader to the tag and vice versa. Such tags cost about 50 Cents and th e available silicon area is about 10,000 gates. value product s like pharmaceutical and branded goods can be protected against securit y vulnerabilities. In this paper, we dem onstrate how the project ART (Aut hentication for long-range RFID systems ) propos es to impro ve curr ent RFID systems by providing secure authenticati on. The project is performed by four independent partners, two from indust ry and two academic partners. A major goal of the project is to enhance th e functionalit y of current RFID tags with passive power supply. The basic fun ctionality of RFID systems is to provide identification of individual objects by the replies the attached RFID tag sends to a request per- formed by a reader. The reader uses an attached database to link the received ID number t o a specific object described in the datab ase. The major drawback of those s y st ems is that the communic ation scheme does not provide a method to prove t he claimed identity. Since a t y pical tag answers its ID to any reader (without a possibility to check whether a read- er is authorized to receive the inf ormation), and the replied ID is always the same, an attacker can easil y forge the sys- tem by readin g out th e data of a tag and duplicating it to bogus tags. Closed RFID systems with common access of all readers to a central database, can check for ille gal dupli- cates (b ogus t ags) within the database but t his is not practic- al for many appl ications. Furthermor e, it is impo ssible to distinguish the original tag from its illegal duplicates. Strong auth entication mechanisms can solve uprisi ng securi- ty problems in RFID sy stem s and therefo re give prot ected tags an added val ue. The three main securit y threats i n RFID systems are forger y of tags, unwanted trac king of customers, and the unauthorized access to the tag’s memory. In this paper, we propose authentication protocols for RFID sys- tems based on the ISO/IEC 9798-2 standard [2]. These pro- tocols allow protecting hi gh-value goods against adversary attackers. Additionall y , we show that these protocols are feasible for nowada y s restri ction concerni ng data rat es and complian ce to existing standards as well as the requirements concerning chip area and power consumption. With authen- tication we mean a method to provide a proof for a claimed identit y . This proof is based on a secret stored within the authenticating part of the system. As lon g as the secret in- formation stays secr et and the used protocol does not leak sensitive information, an attacker cannot for ge a tag. A communication system providing authentication can reject access (to information, entry, etc.) to non authorized parties. To keep th e authentication secure, it is necessar y that an attacker does not gain information ab out the secret by list en- ing passively to successful authentications. To fulfill this requirement for strong authentication, it is necessar y to use cryptographicall y str ong computations. A)Symmetric Authentication Authentication is the mechani sm that one entity proves its identit y to another entity. Stro ng aut hentication protocols, such as challenge-response protocols (standardized in ISO/IEC 979 8) are widely used in pra ctice tod ay . In chal- lenge-response protocols , one or several messages are ex- changed between the part y who wants to prove its identit y (th e claimant) and the party who wants to verify the identity (th e verifier). This is called the prot ocol. In a t y pical scena- rio, th e verifier challenges the claimant with an unpredicta- ble value that is used no more than once (the nonce). The claimant is required to return a response that is depending on the nonce and on the stored secret. Using stro ng authen- tication for RFID systems leads to significant security en- hancements. If readers are required to authenticate them- sel ves to tags, attacks such as unw anted tracking and unau- thorized memo ry access are rendered infeasible. If tags are required to authenticat e themsel ves against readers forgery of tags is prevented. It is advantageous to use st andardized protocols and algorithms because the y have been rigorously cryptanalyzed and are widely used. systems based on stan - dardized protocols and algorithms are more likel y to be se- cure and interoperable with other well established infra- structures. Standardized challenge-resp onse protocols are defined upon symmetric-key and asymmetric-key cr ypto- graphic primitives. Using symmetric-key cryptograp hy has the disadvantage th at there is one secret key shared through all parties. If one key is compromised for any reason the whol e sy stem s gets insecure. However, stro ng asymmetric - key cryptography requi res extremely costly arithmetic oper- ations and is therefore out of questi on for RFID systems today. Strong symmetric -key cryptographic primitives in- clude encr y pt ion primitives such as AES [3] which allow compact implementations [1]. In the followin g, a few au- thentication protocols based on chall enge-response methods are explained. 1. Protocol Extension. The most important command is th e anti-collision sequence which is a command every tag has to implement. Thereb y , the reader sends an initi al in - ventory command . All tags in the envi ronment make a re- sponse which is the tag’s unique ID. If onl y one tag an- swers to the request the ID can be retri eved by the read er and all subsequent commands can be addressed usin g the ID whi ch addresses one singl e tag. If two or more tags make an answer to a request a collisio n occurs. This can be detected at the reader. The reader then uses a modified in ventory reques t where it adds a p art of the tag’s ID to the request. Only tags which have this part of the ID are al- lo wed to answer. Once the ID of one tag is id entified, the reader sends a “stay qui et” command to the tag with the id entified ID. This method is used as long as there are no more collisions and all tags withi n the environment are id entified. Adding an authenticati on command to the ISO 18000 standard works by using a cust om command which can be defined. The challenge-response prot ocol fits ideal- l y to th e overall request-respons e protocol. When authen- ticating a tag, the reader sends a challenge within the re- quest and the tag answers according to the presented au- th entication protocol. 2. Interleaved Authentication Protocol. The authentication protocol mentioned above only works when the result of the cryptographi c primitive is available within the time defined for the tag’s response. As this time is very s hort a modifica- tion of this authenticati on scheme was proposed where the calculation time for the algorithm is of minor imp ortance. For this purpose, authentication is split into two parts. The first part is the Authentication Request (AR), which t ells the tag to encrypt the challenge and does not expect any re- sponse. The second part is the Response Request (RR), which collects the authentication response, when the result is available. For one tag, the timing overhead is large, but with more than one tag, the read er can use the idle time (during the tag is busy calculating) to send authentication requests (or other requests) to other tags [4] . 3.Cryptographic Hardware Modul e. Computation of the cryptographi c algorithm AES (Advanced Encryption Stan- dard) is computationally very compl ex compared to other tas ks of tags. The implementation of the AES that fulf ils the requirements concerning low pow er consumption and low die size is far away from being trivial . The current consump- tion of additional hardware component s on an RFID tag must not exceed 10µA to avoid reduction of the operating range [5] . By usi ng these algorith ms, we can design a complex encryp- tion systems that can be influenced on software and hard- ware modules in RFID-based systems. Our main strat egy in defining a security base for complex s y stem s i s with follow- ing steps:  Software-based Securit y (SbS)  Hardware-based Secu rity(HbS)  Complexit y -based Secu rity(CbS) This methodology is our main focus on “Parallel Cry pt ogra- ph y ” whi ch has been designed in three separate steps and fin ally added to an unique cycle that its planning is in Sym- metric Cryptographic algorithms as showed in figure 2. Figure 2 : Comple x Sy mmetric Crypto graphy diagram IV. BENEFI TS OF PARALLEL CRYPTOGRA PHY USING When a complex system uses Parallel Securit y System (PSS), probabilit y of mistakes in description has been de- creased, because of designing a complex system with th ree main security base that can support securit y of software, hardware and a combination security by Symmetri c Crypto- graphy and parallel security. Figure 3 sho ws that how a P a- rallel Securit y System can cover all of cryptographic securi- ty base in a complex design. SbS HbS CbS Figure 3. Parallel Security System in a complex design V. C ONCLUSION At this paper, we sho w that the most application Symme- tric-based security systems in complex designing is Parallel Securit y System (PSS). When we use a Parallel Securit y System, we can support all of soft ware and hardware la y ers in a complex design and by usin g this algorithm coverage of all subs y stems can be provided. Our main strategy dis cus- sion in a sample compl ex system such as RFID tags can make a secure and safe space for using thes e kinds of sys- tems. Three steps PSS in complex desi gning can make a cover layer between pr ocessing all of procedures . REFERENCES [1] N. A. Saqibetal, “A Parallel Architecture for Fast Com- putation of Elliptic Curve Scalar Multipl ication over GF(2m)”, Elsevier Journal of Microprocessors and Microsystems, 2004 [2] International Organization for Standardization (ISO). ISO/IEC 9798-2 : Information Techn olog y – Security Techniques – Entity authentication mechanisms – Part 2: Mechanisms using symmetric encipherment algorithms. 1993 [3] National Institute of St andards and Technology (NIST). FIPS- 197: Advanced Encryption Standard (AES). November 2001. Available online at http://www.itl.nist.gov/fipspubs/ . [4] M. Feldhofer. An Authentication Protocol i n a Securi- ty Layer for RF ID Smart Tags. I n the 12th IEEE Mediterranean Electrotechnical Conference – MELECON 2004. IEEE Proceed- ings. Pages 759-762, May 2004 [5] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong Authentication for RFID Systems using the AES Algo- rithm, Conference of Cryptographic Hardware and Embedd ed Systems, 2004. Proceedings. Pages 357-370. Springer 2004. Complex Security and Cr yptography system Software Security- Layer 1 Hardwa re Security- Layer 2 Combinat ion Security- Layer 3