Challenges in Certifying Small-Scale (IoT) Hardware Random Number Generators

This chapter focuses on the testing and certification of Random Number Generators (RNG). Statistical testing is required to identify whether sequences produced by RNG demonstrate non-random characteristics. These can include structures within their output, repetition of sequences, and any other form of predictability. Certification of computer security systems draws on such evaluations to determine whether a given RNG implementation contributes to a secure, robust security system. Recently, small-scale hardware RNGs have been targeted at IoT devices, especially those requiring security. This, however, introduces new technical challenges; low computational resources for post-processing and evaluation of on-board RNGs being just two examples. Can we rely on the current suite of statistical tests? What other challenges are encountered when evaluating RNG?

ePassport and eID Technologies

This chapter is devoted to the design and implementation of electronic ID (eID) such as ePassports and electronic personal identity documents. We present an overview of existing and emerging concepts, both concerning threats and possible countermeasures. Thereby we aim to shed light on the development of ubiquitous systems, where many artifacts will require strong electronic identification with similar properties to those in the case of eIDs issued for humans.

From Relay Attacks to Distance-Bounding Protocols

We present the concept of relay attacks, and discuss distance-bounding schemes as the main countermeasure. We give details on relaying mechanisms, we review canonical distance-bounding protocols, as well as their threat-model (i.e., covering attacks beyond relaying) stemming from the authentication dimension in distance bounding. Advanced aspects of distance-bounding security are also covered. We conclude by presenting what we consider to be the most important challenges in distance bounding.

Emerging Security Challenges for Ubiquitous Devices

In this chapter we focus on two important security challenges that naturally emerge for large scale systems composed of cheap devices implementing only symmetric cryptographic algorithms. First, we consider threats due to poor or malicious implementations of protocols, which enable data to be leaked from the devices to an adversary. We present solutions based on a watchdog concept—a man-in-the-middle device that does not know the secrets of the communicating parties, but aims to destroy covert channels leaking secret information. Second, we deal with the problem of tracing devices by means of information exchanged while establishing a communication session. As solutions such as Diffie-Hellman key exchange are unavailable for such devices, implicit identity information might be transmitted in clear and thereby provide a perfect means for privacy violations. We show how to reduce such risks without retreating to asymmetric algorithms.

It Started with Templates: The Future of Profiling in Side-Channel Analysis

Side-channel attacks (SCAs) are powerful attacks based on the information obtained from the implementation of cryptographic devices. Profiling side-channel attacks has received a lot of attention in recent years due to the fact that this type of attack defines the worst-case security assumptions. The SCA community realized that the same approach is actually used in other domains in the form of supervised machine learning. Consequently, some researchers started experimenting with different machine learning techniques and evaluating their effectiveness in the SCA context. More recently, we are witnessing an increase in the use of deep learning techniques in the SCA community with strong first results in side-channel analyses, even in the presence of countermeasures. In this chapter, we consider the evolution of profiling attacks, and subsequently we discuss the impacts they have made in the data preprocessing, feature engineering, and classification phases. We also speculate on the future directions and the best-case consequences for the security of small devices.

Finding Software Bugs in Embedded Devices

The goal of this chapter is to introduce the reader to the domain of bug discovery in embedded systems which are at the core of the Internet of Things. Embedded software has a number of particularities which makes it slightly different to general purpose software. In particular, embedded devices are more exposed to software attacks but have lower defense levels and are often left unattended. At the same time, analyzing their security is more difficult because they are very “opaque”, while the execution of custom and embedded software is often entangled with the hardware and peripherals. These differences have an impact on our ability to find software bugs in such systems. This chapter discusses how software vulnerabilities can be identified, at different stages of the software life-cycle, for example during development, during integration of the different components, during testing, during the deployment of the device, or in the field by third parties.

Catalog and Illustrative Examples of Lightweight Cryptographic Primitives

The main objective of this chapter is to offer to practitioners, researchers and all interested parties a brief categorized catalog of existing lightweight symmetric primitives with their main cryptographic features, ultimate hardware performance, and existing security analysis, so they can easily compare the ciphers or choose some of them according to their needs. Certain security evaluation issues have been addressed as well. In particular, the reason behind why modern lightweight block cipher designs have in the last decade overwhelmingly dominated stream cipher design is analyzed in terms of security against tradeoff attacks. It turns out that it is possible to design stream ciphers having much smaller internal states.

Ultra-lightweight Authentication

In this chapter we provide a critical look at the state of the art in ultra-lightweight authentication protocols. We start by outlining the features of the current ubiquitous and pervasive computing environment that have motivated the development of the ultra-lightweight paradigm which uses only basic arithmetic and logical operations. We emphasize its goals and its main challenges. Then, we focus our attention on the authentication problem. We use an abstract framework for modeling the protocols proposed over the years, in order to discuss their design strategies and the security and privacy properties they aim to achieve. After that, we survey the weaknesses and the common pitfalls in both the design and the analysis of ultra-lightweight authentication protocols. Finally, we conclude the chapter by discussing some fundamental ideas and research directions.

Side Channel Assessment Platforms and Tools for Ubiquitous Systems

Side Channel Attacks are nowadays considered a serious risk for many security products and ubiquitous devices. Strong security solution providers need to evaluate their implementations against such attacks before publishing them on the market, thus performing a thorough assessment. However, this procedure is not straightforward and even with the appropriate equipment, it may require considerable time to provide results due to the slow process of collecting measurements (traces) and the inflexible way of controlling the tested implementation. In this chapter, we explore and overview the trace collection landscape for generic devices under test (including ubiquitous systems) highlighting and overviewing the latest trace collection toolsets and their shortcomings, but also proposing a trace collection approach that can be applied on the most recent, open source toolsets. We showcase our proposed approach on the FlexLeco project architecture, which we have developed in our lab, and manage to practically describe how an evaluator using the proposed methodology can collect traces easily and quickly without the need to completely redesign a control mechanism for the implementation under test.

Selected Design and Analysis Techniques for Contemporary Symmetric Encryption

In this chapter we provide an overview of selected methods for the design and analysis of symmetric encryption algorithms that have recently been published. We start by discussing the practical advantages, limitations and security of the keystream generators with keyed update functions which were proposed for reducing the area cost of stream ciphers. Then we present an approach to enhancing the security of certain encryption schemes by employing a universal homophonic coding and randomized encryption paradigm.