Ph.D. Defence Jens Hermans - Lightweight Public Key Cryptography
Start date: 31/08/2012
Location: Auditorium Kasteel, 01.07, Kasteelpark Arenberg 1, 3001 Heverlee
To solve the above security and privacy issues, cryptographic algorithms and protocols can be used. However, given the constraints on chip area, time, power and energy conventional cryptographic solutions can usually not be applied. An additional problem is that these devices are out in the open, so they can be easily tampered with, revealing the internals of the device. Lightweight cryptography is put forward as a solution to still obtain sufficiently secure cryptography on these devices.
This thesis focuses on several aspects of lightweight public key cryptography. A first question that is put forward is the security of existing lightweight public key primitives. While the computational power for cryptographic attacks is growing, one tries to shrink cryptography to fit on lightweight devices. As a first contribution, we present fast parallel implementations of NTRU encryption and lattice enumeration on GPU. Our implementation of NTRU shows that an extremely high throughput can be achieved even with public key cryptography. This throughput can also be used for the cryptanalysis of NTRU. Our lattice enumeration implementation demonstrates that GPUs can be used for improving the performance of cryptanalysis.
The remainder of the thesis deals with the security and privacy of lightweight protocols for RFID tags. We present new attacks on the security and privacy of several existing protocols. These protocols came without a formal security or privacy proof and were just some of the many protocols that were broken in the literature.
For the development of our own protocols, we choose an approach using sound protocol design based on provable security. To this end, we analyze several existing RFID privacy models and show poor design choices in several models. Previous proposals also did not allow for strong privacy. We propose a new RFID privacy model that solves these issues and closely models the real world privacy properties a system requires.
Finally we propose new, provably secure and private RFID identification protocols and grouping proofs based on public key cryptography. These protocols achieve the strongest security and privacy properties at a minimal cost compared to other proposals with similar properties.