• PDF / 379,230 Bytes
• 19 Pages / 439.37 x 666.142 pts Page_size
• 6 Downloads / 222 Views

DOWNLOAD

REPORT

Abstract. Connectivity becomes increasingly important also for small embedded systems such as typically found in industrial control installations. More and more use-cases require secure remote user access increasingly incorporating handheld based human machine interfaces, using wireless links such as Bluetooth. Correspondingly secure operator authentication becomes of utmost importance. Unfortunately, often passwords with all their well-known pitfalls remain the only practical mechanism. We present an assessment of the security requirements for the industrial setting, illustrating that offline attacks on passwords-based authentication protocols should be considered a significant threat. Correspondingly use of a Password Authenticated Key Exchange protocol becomes desirable. We review the significant challenges faced for implementations on resource-constrained devices. We explore the design space and shown how we succeeded in tailoring a particular variant of the Password Authenticated Connection Establishment (PACE) protocol, such that acceptable user interface responsiveness was reached even for the constrained setting of an ARM Cortex-M0+ based Bluetooth low-energy transceiver running from a power budget of 1.5 mW without notable energy buffers for covering power peak transients. Keywords: PAKE
ARM Cortex-M0
Curve25519
ECDH
PACE
Curve25519
ECDH key-exchange
Elliptic-curve cryptography
Embedded devices
Elligator
Process industry
Bluetooth
Curve19119
X19119
Bluetooth low energy

1 Introduction and Motivation Connectivity becomes increasingly important also for small microcontroller-based embedded systems found in industrial control installations, such as so-called field devices. More and more use-cases require secure remote user access, e.g. for maintenance and configuration involving subsystems such as industrial control units and home automation electronics. Increasingly smart phones or tablet computers are used as handheld units providing the Human Machine Interface (HMI). The continuously growing Internet of Things will only add to this development. © International Association for Cryptologic Research 2017 W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 346–364, 2017. DOI: 10.1007/978-3-319-66787-4_17

Making Password Authenticated Key Exchange Suitable

347

It is of great interest to provide efficient cryptographic primitives and protocols suitable also for the resource-constrained embedded CPUs typically employed in these environments. In most applications, user authentication by use of iris scanners, fingerprint analysis or based on smart cards is unfortunately not practical. On the other hand, implanted identification chips are already in wide-spread use, but mainly in the context of production animals and for some specific reason rather not for human operators. In many circumstances, the old-fashioned password remains the only practical means for authentication of human operators. We presume that frequently the crucial weakness of the security solution is the password-based a

Recommend Documents

Fuzzy Asymmetric Password-Authenticated Key Exchange

174 39 24MB

An Efficient Password-Only Two-Server Authenticated Key Exchange System

175 23 486KB

Separating Symmetric and Asymmetric Password-Authenticated Key Exchange

228 52 16MB

Computationally-Efficient Password Authenticated Key Exchange Based on Quadratic Residues

159 56 451KB

A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps

166 59 430KB

Password-authenticated searchable encryption

195 69 1012KB

Password-Based Tripartite Key Exchange Protocol with Forward Secrecy

166 52 26MB

Beyond Secret Handshakes: Affiliation-Hiding Authenticated Key Exchange

160 85 9MB

Practical Threshold Password-Authenticated Secret Sharing Protocol

174 85 434KB

An improved lightweight anonymous user authenticated session key exchange scheme for Internet of Things

159 11 2MB

Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework

161 13 667KB

Two-Pass Authenticated Key Exchange with Explicit Authentication and Tight Security

158 80 24MB