Research On Cryptographic Algorithm And Implementation Technology In Embedded System Security

In recent years,with the rapid development of mobile computing,distributed computing and pervasive computing,embedded systems are increasingly permeating our lives. Security for embedded computing compared with for conventional desktop computing and enterprise interconnecting,is a more exoteric and complicated problem,which also needs our continuing attention.In reality,security is an entirely new metric that designers should take into account design process,along with other metrics such as cost,performance,and power,comprehensively.In addition,physical security should be pay attention to since embedded systems usually run in large scale and open environment.In this thesis,we attempt to research security requirements,physical security and implementations for embedded system from algorithm and architecture levels respectively from an end-user.First of all,we describe the relationship between embedded system security and cryptography and find suitable cryptographic primitives,i.e.AES-128,ECC-GF(2¹⁶³),SHA-1.Thus,the research object has been established.Then,the importance of implementation security is discussed.Furthermore,we study how to apply cryptographic primitives to embedded security engineer.Second,we deal with the hardware implementations of AES-128,ECC-GF(2¹⁶³),SHA-1 at the micro-architecture level.The results show that,the most suited design of AES in WSN(Wireless Sensor Network) nodes seems to be the 8-bit architecture with 2 S-boxes. A low-cost and low-energy elliptic curves cryptography processor over GF(2¹⁶³) are implemented using digital modular multiplication and Montgomery scalar multiplication. By folding the data path of SHA-1 algorithm and using CSKA(Carry Skip Adder) to optimize the critical path,the proposal implementation obtains higher performance and lower area cost.Next,any implementation of embedded systems might cause side-channel leakages thereby reveal more information about the processed secret.We have built the DPA (Differential Power Analysis) platform based on simulation power and real power measurements.An improved DPA approach is proposed to differentiate power traces to the maximal probability with fewer computations.Contemporarily,the proposed byte substitution step with inhomogeneous S-boxes can effectively enhance the AES secure characteristics at a reasonable cost.A timing attack against a DA(Double-Add) implementation of ECC and a random masking countermeasure are discussed.Moreover, we conduct that Montgomery ladder implementation of ECC is immune to timing analysis and simple power analysis(SPA) attacks,but still vulnerable to DPA attacks.Finally,we carry out three examples for embedded system security from different fields, such as WSN,IP(Intellectual Property) protection and static data storage.A CCM-AES co-processor can perform IEEE802.15.4 security suits with full hardware implementations in order to minimize the processor load.A SHA-1 security chip is implemented in SMIC 0.35-μm three-metal two-poly mixed signal CMOS technology with embedded EEPROM. For the security of data storage in SSD(Solid State Disk),we realize key managements using RFID(Radio Frequency Identification) and implement CTR-AES-128 encryption with a high-throughput up to 1.8Gbps.