lightweight cryptography for the connected car/its security
DESCRIPTION
ITU Workshop on “ ICT Security Standardization for Developing Countries ” (Geneva, Switzerland, 15-16 September 2014). Lightweight Cryptography for the Connected Car/ITS Security. Shiho Moriai Director, Security Fundamentals Laboratory, Network Security Research Institute NICT. - PowerPoint PPT PresentationTRANSCRIPT
Geneva, Switzerland, 15-16 September 2014
Lightweight Cryptography for the Connected Car/ITS Security
Shiho MoriaiDirector, Security Fundamentals Laboratory,
Network Security Research InstituteNICT
ITU Workshop on “ICT Security Standardizationfor Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
Geneva, Switzerland, 15-16 September 2014 2
The Connected Car
http://johndayautomotivelectronics.com/top-five-technologies-enabling-the-connected-car/
Geneva, Switzerland, 15-16 September 2014 3
More Attack Surfaces!
http://gigaom.com/2013/08/06/ciscos-remedy-for-connected-car-security-treat-the-car-like-an-enterprise/
Geneva, Switzerland, 15-16 September 2014 4
Much data to be protectedController Area Network
(CAN) Data
http://www.aa1car.com/library/can_systems.htm
Geneva, Switzerland, 15-16 September 2014 5
Much data to be protected
http://telematicswire.net/connected-cars-and-smart-homes-coherence-of-a-convergence-platform/
V2X Communication Data
Geneva, Switzerland, 15-16 September 2014 6
Lightweight Cryptography
“Cryptography tailored for implementation in constrained environments” [ISO/IEC 29192-1]
Constraints: chip area, energy consumption, power, memory, communication bandwidth, execution time, etc.
Applications: RFID tags, sensors, health-care/medical devices, low-energy applications, low-latency applications, …
Suitable for Internet of Things!
Geneva, Switzerland, 15-16 September 2014 7
Lightweight Cryptography
R&DEU ECRYPT-I (2004-2007), ECRYPT-II (2008-2013)
European Network of Excellence for Cryptology funded within ICT Programme of the European Commission's FP6, FP7
Japan CRYPTREC (2013-)
StandardizationISO/IEC 29192
Lightweight Cryptography, in ISO/IEC JTC SC27 WG2 since 2009
Geneva, Switzerland, 15-16 September 2014 8
Why Lightweight Cryptography for Vehicles?
A modern vehicle contains 50 to 100 or more electronic control units (ECUs).
collection of embedded constrained devices
CAN bus data field is (only) 32 bits.
http://www.digikey.jp/ja/articles/techzone/2014/jul/what-engineers-need-to-know-when-selecting-an-automotive-qualified-mcu-for-vehicle-applications
Geneva, Switzerland, 15-16 September 2014 9
Why Lightweight Cryptography for Vehicles?
AESLightweight block
ciphers
Properties
Block Size 128 bits 64 bits
Key Size 128/192/256 bits 80-128 bits
Key Schedule Light (Simple)
S-box 8 x 8 4 x 4
Hardware Implementation
Gate Size (ASIC) 3-10 Kgate < 3 Kgate
latency < 20ns within 10Kgates
Software Implementation (on microcontrollers)
ROM (Enc+Dec) 1KB < 200B
10
0
2
4
6
8
10
12
14
16
I/F [Kgate]
Enc [Kgate]
Why Lightweight Cryptography for Vehicles?
Geneva, Switzerland, 15-16 September 2014
Chip Area (Gate Size)[Kgate]
Lightweight block ciphers
Suzuki, Sugawara, Saeki, “On Hardware Implementation of Lightweight /Low-Latency Cryptography”, SCIS2014
Small(=low power)
11
Low Latency
Real-time response is crucial in Advanced Driver Assistance Systems (ADAS).AES can’t achieve encryption in dozens of nano-seconds within dozens of kgates.
020406080
100120
0
50
100
150
200
Chip Area [Kgate] Latency [ns]Latency [ns]
Small FastFast
Geneva, Switzerland, 15-16 September 2014
Geneva, Switzerland, 15-16 September 2014 12
Conclusions and Recommendations
Introduced lightweight cryptographySuitable for constrained devices, the connected cars and ITS security.Some lightweight algorithms are mature and standardized in ISO/IEC.It’s time to standardize practical standards for connected cars and ITS security in ITU-T.Collaboration with automotive industry is necessary.