Modular Sequences and Its Application to Light-weight Security

模數序列及其在輕量級安全設計中的應用

Student thesis: Doctoral Thesis

View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Awarding Institution
Supervisors/Advisors
Award date14 Sep 2017

Abstract

Labeled as the next industrial revolution, the emergence of Internet of Things (IoT) bursts the full power of millions of interconnected devices. However, these highly distributed devices, in which new vulnerabilities may lay on, also raise security issues of much concerns. Some of these devices, for instance, the RFID tags, power switches in household appliances, elevator controllers and access controllers, are generally equipped with simple 8/16-bit micro-controllers, for the purpose of low-cost and hence relatively weak and insecure. These features allow the attackers to launch attacks against the vulnerable devices and further impose threats to the whole system. Hence, designing light-weight crypto-system suitable for resource-constrained devices is becoming a very interesting and challenging issue.

This thesis tackles this problem and develops new schemes utilizing modular sequences. Modular arithmetic is the essential background for the mathematics of many topics in cryptography. Almost all extant cryptographic algorithms adopt this, from the Caesar Cipher to the Rivest–Shamir–Adleman (RSA) Cipher. This work is mostly concerned with the usage of the fairly simple operation and tries to render practical and light-weight public key cryptographic methods for constrained platforms. Regarding different finite mathematical structure, two approaches, multivariate cryptosystem based-on modular exponential multivariate sequences and scalable dynamic Elliptic Curve Cryptography (ECC) operated in prime field GF(p), are proposed.

The focal point of the first part of the thesis works on the dynamic behaviours of iterations of multivariate polynomials constructed from residual rings of matrices, which have been proven to admit good randomness and non-singularity. These properties are useful for constructing a practical public key Multivariate Cryptographic (MVC) system for constraint devices and post-quantum applications, which can also solve the equivalent keys and factorization problems found in Multivariate Quadratic asymmetric systems. We also map the proposed cryptosystem to an extended Clipped Hopfield Neural Network (CHNN) and implement it under the MVC-CHNN framework. The presented cryptosystem shows high sensitivity to the key and the plaintext and could mitigate several attacks including matrix decomposition, one-way function attack, cipher-only attack and known plaintext attacks. For a brute-force attack, the design preserves NP-hardness of MVC schemes and hence is secure against quantum-computers.

In the second part of this thesis, a dynamic scalable ECC scheme is presented. Traditional ECCs have the disadvantage of using a fixed curve, making it very easy to be intensively analyzed while hard to construct a united platform for devices with processors of different instruction lengths. To address the aforementioned problem, we proposed a dynamic scalable elliptic curve cryptosystem. By generating and pre-storing a curve list of different security levels, both parties are required to synchronize a curve to be used in the communication. Due to the randomness of choosing the curve and the prime number, extra security level could be obtained to bridge the drop caused by using smaller key sizes in ECC, which could also improve the computation efficiency and reduce the power consumption at the cost of more storage space. However, since the security of the proposed dynamic scalable elliptic curve cryptosystem relies on the use of the synchronized secret curve, out of synchronization can raise concern in communications in terms of mistakes and man-in-the-middle attack. A session parameter synchronization protocol and a parameter reset protocol is designed applying hash verification algorithm, which could effectively synchronize the curve as well as detect malicious attacks. This kind of scalable cryptosystem is more economic to be used in the environment of Internet of Things. Furthermore, since the curve list provides groups of curves, designs of encryption workflow could be easily obtained.