- Research Article
- Open Access
Supporting Symmetric 128-bit AES in Networked Embedded Systems: An Elliptic Curve Key Establishment Protocol-on-Chip
EURASIP Journal on Embedded Systemsvolume 2007, Article number: 065751 (2007)
The secure establishment of cryptographic keys for symmetric encryption via key agreement protocols enables nodes in a network of embedded systems and remote agents to communicate securely in an insecure environment. In this paper, we propose a pure hardware implementation of a key agreement protocol, which uses the elliptic curve Diffie-Hellmann and digital signature algorithms and enables two parties, a remote agent and a networked embedded system, to establish a 128-bit symmetric key for encryption of all transmitted data via the advanced encryption scheme (AES). The resulting implementation is a protocol-on-chip that supports full 128-bit equivalent security (PoC-128). The PoC-128 has been implemented in an FPGA, but it can also be used as an IP within different embedded applications. As 128-bit security is conjectured valid for the foreseeable future, the PoC-128 goes well beyond the state of art in securing networked embedded devices.
J. Krasner, “Using Elliptic Curve Cryptography (ECC) for Enhanced Embedded Security: Financial Advantages of ECC over RSA or Diffie-Hellmann (DH),” Embedded Market Forecasters, American Technology, 2004.
Panjwani P, Poeluev Y: Additional ECC Groups For IKE. IPSec Working Group, INTERNET-DRAFT, 1999
Aydos M, Yanik T, Koç ÇK: High-speed implementation of an ECC-based wireless authentication protocol on an ARM microprocessor. IEE Proceedings: Communications 2001,148(5):273-279. 10.1049/ip-com:20010511
Diffie W, Hellman ME: New directions in cryptography. IEEE Transactions on Information Theory 1976,22(6):644-654. 10.1109/TIT.1976.1055638
ANSI X9.63 : Public Key Cryptography for the Financial Services: Key Agreement and Key Transport using Elliptic Curve Cryptogrphy. American National Standards Institute, 2001
IEEE-P1363-2000 : Standard Specifications for Public Key Cryptography. Institute of Electrical and Electronics Engineers, 2000
ISO/IEC-15946-3 : Information Technology-Security Techniques—Cryptographic Techniques based on Elliptic Curves-Part 3: Key Establishment. International Standards Organization, 2002
ANSI-X9.62-1998 : Public Key Cryptography for the Financial Services: The Elliptic Curve Digital Signature Algorithm. American National Standards Institute, 1999
Strangio MA: Efficient Diffie-Hellmann two-party key agreement protocols based on elliptic curves. Proceedings of the 20th Annual ACM Symposium on Applied Computing (SAC '05), March 2005, Santa Fe, NM, USA 1: 324-331.
Daemen J, Rijmen V: AES Proposal: Rijndael. National Institute of Standards and Technology, 1999
Kumar S, Girimondo M, Weimerskirch A, Paar C, Patel A, Wander AS: Embedded end-to-end wireless security with ECDH key exchange. Proceedings of the 46th IEEE International Midwest Symposium on Circuits and Systems (MWSCAS '03), December 2003, Cairo, Egypt 2: 786-789.
Huang Q, Cukier J, Kobayashi H, Liu B, Zhang J: Fast authenticated key establishment protocols for self-organizing sensor networks. Proceedings of the 2nd ACM International Workshop on Wireless Sensor Networks and Applications (WSNA '03), September 2003, San Diego, Calif, USA 141-150.
Watro R, Kong D, Cuti S-F, Gardiner C, Lynn C, Kruus P: TinyPK: securing sensor networks with public key technology. Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04), October 2004, Washington, DC, USA 59-64.
Duraisamy R, Salcic Z, Morales-Sandoval M, Feregrino-Uribe C: A fast elliptic curve based key agreement protocol-on-chip (PoC) for securing networked embedded systems. Proceedings of the 12th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA '06), August 2006, Sydney, Australia 154-161.
Hankerson D, Menezes A, Vanstone S: Guide to Elliptic Curve Cryptography, Springer Professional Computing. Springer, New York, NY, USA; 2004.
Stratix II Device Handbook, Volume 1 Altera, 2006