Information Security Lab. COMPETITIVE FUNDS SCOPE REGIONAL ICT PROMOTION 2016-2018

SCOPE REGIONAL ICT PROMOTION 2016-2018

Development of a security computing chip that securely performs device authentication in the IoT era

Principal Investigator

Yasuyuki Nogami (Okayama University Graduate School of Science and Technology)

Research team members

  • Hiroto Kagotani (Okayama University Graduate School of Science and Technology)
  • Iokibe Kengo (Okayama University Graduate School of Science and Technology)
  • Noriaki Kawanishi (Corporation Goferutekku Development Department)

Purpose of R&D (Objectives of the Proposal R&D)

Today, following the prosperity of the cloud computing era, it is about to enter the “Internet of Things (IoT) era”. Without a variety of devices is to be routed through the human hand, computers and robots are at work in the autonomous decision to the. More specifically, there are other power grids (smart grid), transport networks (ETC and GPS), building management (elevator maintenance), construction site robots, etc., such as automobiles driven by the Internet connection and remotely operated robotic surgery, It is imagined that everything is connected to the Internet under the name of IoT era, remotely controlled not only by remote monitoring but also autonomously driven according to the situation.

On the other hand, the problem nowadays is the hijacking of operations by malicious ones. Automobiles connected to the Internet will be able to autonomously continue automatic operation if their connection and control are smooth. However, if this is hijacked, the network connection is broken, mutual authentication and communication between the device and the sensor are also not maintained, and operation and control are controlled to malicious one, even if it is a topic in moving images as a topic He loses control and runs into a shoulder runaway. At the moment of losing legitimate control, everything will be entrusted with autonomous judgment on compact and computationally resource-constrained devices like IoT devices.

The main points of security technology for such an IoT device are mainly as follows.

  1. Password management
  2. Encryption of data flowing in the network and data authentication
  3. Mutual authentication between devices and devices such as sensors

1), 2), means to realize are becoming clearer. For example, 2), message authentication by pseudo-random MAC and data encryption by AES encryption are applied. On the other hand, for 3), more advanced cryptographic techniques are required and the discussion has not advanced. Specific problems are the efficiency of cryptographic computation and securing of safety against side channel attacks. Here, the side channel attack is a method of intercepting physical information such as electromagnetic noise generated during calculation processing such as encryption and decryption from an encryption calculation processing chip mounted on an IC card or the like in some form, It is an extremely powerful decryption attack trying to extract and analyze valuable secret information such as password from password.

Consider the requirement for achieving “Development of security calculation chip that safely realizes device authentication in the IoT era” which is the object of this research and development here. First, in the side channel attack, we try to eavesdrop on the password etc. by intercepting the electromagnetic noise generated during the encryption/decryption processing of the cryptographic calculation chip mounted on the sensor or control unit and analyzing it 1). In other words, fragments of such important information are included in the electromagnetic noise. Now, considering this again, for example, the decryption calculation processing of encrypted data performs a calculation based on password information. If some nonuniform calculation processing according to the password information induces a non-uniform physical phenomenon and can observe the nonuniformity from the electromagnetic noise resulting from it, it will reach the password information. In order to essentially solve this problem, It is necessary to conduct research and development that closely cooperates with precise analysis technology of physical phenomena such as cryptology theory · mathematics, electromagnetic noise, and technology to realize the analysis system and processing system in a realistic and precise manner. To the contrary, the applicants have researched and developed the following members of researchers and engineers of Okayama University and companies in Okayama Prefecture to solve the above problems, and have been promoting the following research and development to date. First, in the research and development conducted in 2012 ~ 2014 “LSI implementation of parallel algebra calculation algorithm highly realizing authentication technology in cloud computing era” (JST: ASTEP high risk), highly scalable elliptic curve encryption FPGA We are developing technologies to mount on. Applicants have found that the required key length (the data size for securing the strength of encryption) is larger than the widely used RSA cryptosystem for device authentication in IoT devices with limited computing resources as RSA cryptography We believe that elliptic curve cryptography that achieves equivalent strength at about 1/10 of that is optimal. In addition, in the research and development conducted in 2012 ~ 2013 “R & D on Safety Design against Side Channel Attack of Cryptographic Equipment” (Ministry of Internal Affairs and Communications: SCOPE ICT Promotion Type Research and Development), the security against cryptographic module side channel attack is high We developed a method to predict accuracy. At that time, we established a method for analyzing side channel information based on internal current waveform ahead of the world. This is a distinction from the conventional approach of performing side-channel attack directly using external observation data such as electromagnetic noise. In this research and development, we will organically link the results so far and develop a “security calculation chip that safely realizes device authentication in the IoT era”. Specifically, Nogami et al. (Okayama Univ.) Developed <a ” Evaluation of safety to side channel attack” based on the internal current source and internal current waveform developed by Banpaku (Okayama Univ.) (Okayama Univ.) Against i = 24> “Elliptic curve cryptographic calculation chip” ” . We will collaborate advanced H / W design and development technology owned by Gofeltech company in Okayama prefecture to implement, experiment and evaluate this concretely and precisely. Based on the evaluation obtained by this, we develop an elliptic curve cryptographic algorithm (countermeasure in software) and a circuit implementation method (countermeasure in hardware) to avoid side channel attack. The approach of its development, the main factors that secret information such as a password as a side-channel information is leaked is, non-uniformity of the calculation processing that occurs in the cryptographic computations developing attention is paid to the fact is, this from both sides of the calculation algorithm and circuit implementation It is to solve it. Along with this, pay attention to the technologies that can be returned to society while confirming the ripple effect of this research and development on society and the spread effect on packaging technology and devices such as FPGA. Also, I would like to actively promote participation in graduate school students in the form of programming assistance, experiment assistance, etc. and contribute to the development of young researchers and engineers with knowledge of information security technology. I = 29>. Based on the evaluation obtained by this, we develop an elliptic curve cryptographic algorithm (countermeasure in software) and a circuit implementation method (countermeasure in hardware) to avoid side channel attack. The approach of its development, the main factors that secret information such as a password as a side-channel information is leaked is, non-uniformity of the calculation processing that occurs in the cryptographic computations developing attention is paid to the fact is, this from both sides of the calculation algorithm and circuit implementation It is to solve it. Along with this, pay attention to the technologies that can be returned to society while confirming the ripple effect of this research and development on society and the spread effect on packaging technology and devices such as FPGA. Also, I would like to actively promote participation in graduate school students in the form of programming assistance, experiment assistance, etc. and contribute to the development of young researchers and engineers with knowledge of information security technology. I = 29>. Based on the evaluation obtained by this, we develop an elliptic curve cryptographic algorithm (countermeasure in software) and a circuit implementation method (countermeasure in hardware) to avoid side channel attack. Approach of its development, the main factors that secret information such as a password as a side-channel information is leaked is, non-uniformity of the calculation processing that occurs in the cryptographic computations developing attention is paid to the fact is, this from both sides of the calculation algorithm and circuit implementation It is to solve it. Along with this, pay attention to the technologies that can be returned to society while confirming the ripple effect of this research and development on society and the spread effect on packaging technology and devices such as FPGA . Also, I would like to actively promote participation in graduate school students in the form of programming assistance, experiment assistance, etc. and contribute to the development of young researchers and engineers with knowledge of information security technology . While confirming i = 35>, pay attention so that it can be returned to society. Also, I would like to actively promote participation in graduate school students in the form of programming assistance, experiment assistance, etc. and contribute to the development of young researchers and engineers with knowledge of information security technology . While confirming i = 35>, pay attention so that it can be returned to society. Also, I would like to actively promote participation in graduate school students in the form of programming assistance, experiment assistance, etc. and contribute to the development of young researchers and engineers with knowledge of information security technology.


Figure 1: Importance of mutual authentication and data connection between devices

Goals of R & D Outcome (R & D Outcome)

The goal of this research and development is to develop a cryptographic calculation chip that realizes device authentication mutually between IoT devices safely and efficiently like the images in Fig. 1 and Fig. For that purpose, first, we adopt elliptic curve cryptography which can realize high security with a short bit length (compared with RSA cryptosystem). We develop an encryption/decryption algorithm that takes safety into side channel attacks into consideration (countermeasures in terms of software). Implement this on the FPGA and analyze and evaluate the safety against side channel attacks. Based on the evaluation, develop countermeasure techniques to eliminate physical risk factors (measures in terms of hardware).

Figure 2: Development of a secure cryptographic computing chip against side channel attack