High-performance FPGA implementation of DES using a novel method for implementing the key schedule

A generic, parameterisable key scheduling core is presented, which can be utilised in pipelinable private-key encryption algorithms. The data encryption standard (DES) algorithm, which lends itself readily to pipelining, is utilised to exemplify this novel key scheduling method and the broader applicability of the method to other encryption algorithms is illustrated. The DES design is implemented on Xilinx Virtex FPGA technology. Utilising the novel method, a 16-stage pipelined DES design is achieved, which can run at an encryption rate of 3.87 Gbit/s. This result is among the fastest hardware implementations and is a factor 28 times faster than software implementations.

Design and analysis of dual-rail circuits for security applications

Dual-rail encoding, return-to-spacer protocol, and hazard-free logic can be used to resist power analysis attacks by making energy consumed per clock cycle independent of processed data. Standard dual-rail logic uses a protocol with a single spacer, e.g., all-zeros, which gives rise to energy balancing problems. We address these problems by incorporating two spacers; the spacers alternate between adjacent clock cycles. This guarantees that all gates switch in every clock cycle regardless of the transmitted data values. To generate these dual-rail circuits, an automated tool has been developed. It is capable of converting synchronous netlists into dual-rail circuits and it is interfaced to industry CAD tools. Dual-rail and single-rail benchmarks based upon the advanced encryption standard (AES) have been simulated and compared in order to evaluate the method and the tool.

Unique Challenges in WiFi Intrusion Detection

The Intrusion Detection System (IDS) is a common means of protecting networked systems from attack or malicious misuse. The deployment of an IDS can take many different forms dependent on protocols, usage and cost. This is particularly true of Wireless Intrusion Detection Systems (WIDS) which have many detection challenges associated with data transmission through an open, shared medium, facilitated by fundamental changes at the Physical and MAC layers. WIDS need to be considered in more detail at these lower layers than their wired counterparts as they face unique challenges. The remainder of this chapter will investigate three of these challenges where WiFi deviates significantly from that of wired counterparts:

• Attacks Specific to WiFi Networks: Outlining the additional threats which WIDS must account for: Denial of Service, Encryption Bypass and AP Masquerading attacks.

• The Effect of Deployment Architecture on WIDS Performance: Demonstrating that the deployment environment of a network protected by a WIDS can influence the prioritisation of attacks.

• The Importance of Live Data in WiFi Research: Investigating the different choices for research data sources with an emphasis on encouraging live network data collection for future WiFi research.

Developments in retrodirective array technology

There has been significant interest in retrodirective antennas, especially considering the wealth of applications that could be significantly enhanced, or created, by the use of such technology. There is enormous potential for retrodirective antennas where complicated automatic tracking systems would benefit from being replaced by much simpler systems. Retrodirective array technology offers one solution pathway since it can offer extremely fast tracking with relatively simple circuitry. Retrodirective or self-steering arrays are suited for low radio frequency (RF) power mobile terminal use particularly on or between un-stabilised vehicles. In this type of operational scenario, high degrees of relative movement are expected, and power consumption and weight of the antenna must be kept to a minimum. In this study, the authors give a brief historical review of basic retrodirective technology and elaborate on some recent developments at Queens University of Belfast associated with retrodirective antenna technology in relation to, two-way communications, ultrafast RADAR, microwave imaging, spatial power transmission, mitigation of multipath effects and spatial encryption.

Hardware Comparison of the ISO/IEC 29192-2 Block Ciphers

As ubiquitous computing becomes a reality, sensitive information is increasingly processed and transmitted by smart cards, mobile devices and various types of embedded systems. This has led to the requirement of a new class of lightweight cryptographic algorithm to ensure security in these resource constrained environments. The International Organization for Standardization (ISO) has recently standardised two low-cost block ciphers for this purpose, Clefia and Present. In this paper we provide the first comprehensive hardware architecture comparison between these ciphers, as well as a comparison with the current National Institute of Standards and Technology (NIST) standard, the Advanced Encryption Standard.

Reconfigurable Architectures for Network Processing

An overview of research on reconfigurable architectures for network processing applications within the Institute of Electronics, Communications and Information Technology (ECIT) is presented. Three key network processing topics, namely node throughput, Quality of Service (QoS) and security are examined where custom reconfigurability allows network nodes to adapt to fluctuating network traffic and customer demands. Various architectural possibilities have been investigated in order to explore the options and tradeoffs available when using reconfigurability for packet/frame processing, packet-scheduling and data encryption/decryption. This research has shown there is no common approach that can be applied. Rather the methodologies used and the cost-benefits for incorporation of reconfigurability depend on each of the functions considered, for example being well suited to encryption/decryption but not packet/frame processing. © 2005 IEEE.

Creating secure wireless regions using configurable beamforming

We present a novel approach to network security against passive eavesdroppers by employing a configurable beam-forming technique to create tightly defined regions of coverage for targeted users. In contrast to conventional encryption methods, our security scheme is developed at the physical layer by configuring antenna array beam patterns to transmit the data to specific regions. It is shown that this technique can effectively reduce vulnerability of the physical regions to eavesdropping by adapting the antenna configuration according to the intended user's channel state information. In this paper we present the application of our concept to 802.11n networks where an antenna array is employed at the access point, and consider the issue of minimizing the coverage area of the region surrounding the targeted user. A metric termed the exposure region is formally defined and used to evaluate the level of security offered by this technique. A range of antenna array configurations are examined through analysis and simulation, and these are subsequently used to obtain the optimum array configuration for a user traversing a coverage area.

Improved Physical Layer Secure Wireless Communications using a Directional Modulation Enhanced Retrodirective Array

Unlike the mathematical encryption and decryption adopted in the classical cryptographic technology at the higher protocol layers, it is shown that characteristics intrinsic to the physical layer, such as wireless channel propagation, can be exploited to lock useful information. This information then can be automatically unlocked using real time analog RF means. In this paper retrodirective array, RDA, technology for spatial encryption in the multipath environment is for the first time combined with the directional modulation, DM, method normally associated with free space secure physical layer communications. We show that the RDA can be made to operate more securely by borrowing DM concepts and that the DM enhanced RDA arrangement is suitable for use in a multipath environment.

Privacy Region Protection for H.264/AVC with Enhanced Scrambling Effect and a Low Bitrate Overhead

While video surveillance systems have become ubiquitous in our daily lives, they have introduced concerns over privacy invasion. Recent research to address these privacy issues includes a focus on privacy region protection, whereby existing video scrambling techniques are applied to specific regions of interest (ROI) in a video while the background is left unchanged. Most previous work in this area has only focussed on encrypting the sign bits of nonzero coefficients in the privacy region, which produces a relatively weak scrambling effect. In this paper, to enhance the scrambling effect for privacy protection, it is proposed to encrypt the intra prediction modes (IPM) in addition to the sign bits of nonzero coefficients (SNC) within the privacy region. A major issue with utilising encryption of IPM is that drift error is introduced outside the region of interest. Therefore, a re-encoding method, which is integrated with the encryption of IPM, is also proposed to remove drift error. Compared with a previous technique that uses encryption of IPM, the proposed re-encoding method offers savings in the bitrate overhead while completely removing the drift error. Experimental results and analysis based on H.264/AVC were carried out to verify the effectiveness of the proposed methods. In addition, a spiral binary mask mechanism is proposed that can reduce the bitrate overhead incurred by flagging the position of the privacy region. A definition of the syntax structure for the spiral binary mask is given. As a result of the proposed techniques, the privacy regions in a video sequence can be effectively protected by the enhanced scrambling effect with no drift error and a lower bitrate overhead.

Frequency Diverse Array OFDM Transmitter for Secure Wireless Communication

In this reported work, the frequency diverse array concept is employed to construct an orthogonal frequency-division multiplexing (OFDM) transmitter that has the capability of securing wireless communication in free space directly in the physical-layer without the need for mathematical encryption. The characteristics of the proposed scheme in terms of its secrecy performance are validated via bit error rate simulation under both high and low signal to noise ratio scenarios using the IEEE 802.11 OFDM physical-layer specification.

WHIRLBOB, the Whirlpool Based Variant of STRIBOB: Lighter, Faster, and Constant Time

WHIRLBOB, also known as STRIBOBr2, is an AEAD (Authenticated Encryption with Associated Data) algorithm derived from STRIBOBr1 and the Whirlpool hash algorithm. WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm. The new design utilizes only the LPS or ρ component of Whirlpool in flexibly domain-separated BLNK Sponge mode. The number of rounds is increased from 10 to 12 as a countermeasure against Rebound Distinguishing attacks. The 8 ×8 - bit S-Box used by Whirlpool and WHIRLBOB is constructed from 4 ×4 - bit “MiniBoxes”. We report on fast constant-time Intel SSSE3 and ARM NEON SIMD WHIRLBOB implementations that keep full miniboxes in registers and access them via SIMD shuffles. This is an efficient countermeasure against AES-style cache timing side-channel attacks. Another main advantage of WHIRLBOB over STRIBOBr1 (and most other AEADs) is its greatly reduced implementation footprint on lightweight platforms. On many lower-end microcontrollers the total software footprint of π+BLNK = WHIRLBOB AEAD is less than half a kilobyte. We also report an FPGA implementation that requires 4,946 logic units for a single round of WHIRLBOB, which compares favorably to 7,972 required for Keccak / Keyak on the same target platform. The relatively small S-Box gate count also enables efficient 64-bit bitsliced straight-line implementations. We finally present some discussion and analysis on the relationships between WHIRLBOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik.

An effective key generation system using improved channel reciprocity

In physical layer security systems there is a clear need to exploit the radio link characteristics to automatically generate an encryption key between two end points. The success of the key generation depends on the channel reciprocity, which is impacted by the non-simultaneous measurements and the white nature of the noise. In this paper, an OFDM subcarriers' channel responses based key generation system with enhanced channel reciprocity is proposed. By theoretically modelling the OFDM subcarriers' channel responses, the channel reciprocity is modelled and analyzed. A low pass filter is accordingly designed to improve the channel reciprocity by suppressing the noise. This feature is essential in low SNR environments in order to reduce the risk of the failure of the information reconciliation phase during key generation. The simulation results show that the low pass filter improves the channel reciprocity, decreases the key disagreement, and effectively increases the success of the key generation.

Pre-Processing Power Traces with a Phase-Sensitive Detector

As cryptographic implementations are increasingly subsumed as functional blocks within larger systems on chip, it becomes more difficult to identify the power consumption signatures of cryptographic operations amongst other unrelated processing activities. In addition, at higher clock frequencies, the current decay between successive processing rounds is only partial, making it more difficult to apply existing pattern matching techniques in side-channel analysis. We show however, through the use of a phase-sensitive detector, that power traces can be pre-processed to generate a filtered output which exhibits an enhanced round pattern, enabling the identification of locations on a device where encryption operations are occurring and also assisting with the re-alignment of power traces for side-channel attacks.

Targeting FPGA DSP Slices for a Large Integer Multiplier for Integer Based FHE

Homomorphic encryption offers potential for secure cloud computing. However due to the complexity of homomorphic encryption schemes, performance of implemented schemes to date have been unpractical. This work investigates the use of hardware, specifically Field Programmable Gate Array (FPGA) technology, for implementing the building blocks involved in somewhat and fully homomorphic encryption schemes in order to assess the practicality of such schemes. We concentrate on the selection of a suitable multiplication algorithm and hardware architecture for large integer multiplication, one of the main bottlenecks in many homomorphic encryption schemes. We focus on the encryption step of an integer-based fully homomorphic encryption (FHE) scheme. We target the DSP48E1 slices available on Xilinx Virtex 7 FPGAs to ascertain whether the large integer multiplier within the encryption step of a FHE scheme could fit on a single FPGA device. We find that, for toy size parameters for the FHE encryption step, the large integer multiplier fits comfortably within the DSP48E1 slices, greatly improving the practicality of the encryption step compared to a software implementation. As multiplication is an important operation in other FHE schemes, a hardware implementation using this multiplier could also be used to improve performance of these schemes.

Face Recognition in the Scrambled Domain via Salience-Aware Ensembles of Many Kernels

With the rapid development of internet-of-things (IoT), face scrambling has been proposed for privacy protection during IoT-targeted image/video distribution. Consequently in these IoT applications, biometric verification needs to be carried out in the scrambled domain, presenting significant challenges in face recognition. Since face models become chaotic signals after scrambling/encryption, a typical solution is to utilize traditional data-driven face recognition algorithms. While chaotic pattern recognition is still a challenging task, in this paper we propose a new ensemble approach – Many-Kernel Random Discriminant Analysis (MK-RDA) to discover discriminative patterns from chaotic signals. We also incorporate a salience-aware strategy into the proposed ensemble method to handle chaotic facial patterns in the scrambled domain, where random selections of features are made on semantic components via salience modelling. In our experiments, the proposed MK-RDA was tested rigorously on three human face datasets: the ORL face dataset, the PIE face dataset and the PUBFIG wild face dataset. The experimental results successfully demonstrate that the proposed scheme can effectively handle chaotic signals and significantly improve the recognition accuracy, making our method a promising candidate for secure biometric verification in emerging IoT applications.