Design and Attack-Resistance Analysis of Lightweight Cryptographic Algorithms and Protocols (NIST, 2016-2019)

Motivation

Lightweight cryptography has been investigated in the literature for over a decade. Many symmetric key primitives such as block ciphers, stream ciphers, hash functions, and pseudorandom generators have been proposed. Recently, The National Institute of Standards and Technology (NIST) has put effort towards standardization for lightweight cryptographic algorithms. The goal of lightweight cryptography is to provide security and privacy in resource-constrained applications, embedded systems, and Internet-of-Things (IoT) including Radio Frequency Identification (RFID) systems, wireless sensor networks, and vehicle ad-hoc networks. RFID is one of the most promising technologies, which has applications in supply chain management, e-passport, contactless cards, and identification system. In the RFID systems, there is a tension between security, flexibility, and rigidity. For instance, in a passive RFID system, the tags harvest power from the reader. Using Advanced Encryption Standard (AES) in such system is resource heavy. One of the criteria for a cryptographic algorithm to be lightweight is that it should be implemented in hardware with relatively a small amount of logic gate budget (e.g., 2000 GE). Moreover, in many applications, one cryptographic primitive is not enough to secure the entire system. It is reasonable to assume that the available chip area dedicated for security purposes should be used to provide encryption, authentication, hash computation, and possibly pseudorandom bit generation, which are the basic functionalities required by a security protocol. An IoT system enables communication among a large number of devices and information systems, integrating web-based and mobile business applications, and enable intelligent interaction among people and automated devices to achieve unprecedented performance and power efficiency. The complexity, large volume and need for real-time access to data within IoT systems make it extremely challenging to implement security and privacy protection mechanisms.

Research topics

  • Investigate the design and attack-resistance analysis of lightweight cryptography
  • Ensuring the security and privacy in embedded systems
  • Fundamental methods for the trade-offs among security, areas and key sizes with optimal implementation in both hardware and software
  • Design and implement security and privacy protection mechanisms for Internet-of-Things