1 / 29

Secure storage of cryptographic keys within random volumetric materials

Secure storage of cryptographic keys within random volumetric materials. Roarke Horstmeyer 1 , Benjamin Judkewitz 1 , Ivo Vellekoop 2 and Changhuei Yang 1. 1 California Institute of Technology, Pasadena, CA 2 University of Twente , Enschede , The Netherlands.

vin
Télécharger la présentation

Secure storage of cryptographic keys within random volumetric materials

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure storage of cryptographic keys within random volumetric materials Roarke Horstmeyer1, Benjamin Judkewitz1, Ivo Vellekoop2 and Changhuei Yang1 1 California Institute of Technology, Pasadena, CA 2 University of Twente, Enschede, The Netherlands

  2. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage

  3. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security “information-theoretic” security1 [1] Shannon, C.  Bell System Technical Journal 28,656–715 (1949).

  4. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … 0 1 0 0 1 1 … Random key: [1] Shannon, C.  Bell System Technical Journal 28,656–715 (1949).

  5. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … XOR operation 0 1 0 0 1 1 … Random key: = Ciphertext: 0 1 0 1 0 0 … [1] Shannon, C.  Bell System Technical Journal 28,656–715 (1949).

  6. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … = 0 1 0 0 1 1 … Random key: XOR operation Ciphertext: 0 1 0 1 0 0 … [1] Shannon, C.  Bell System Technical Journal 28,656–715 (1949).

  7. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage • Ideal security • Well-established solution: the one-time pad “information-theoretic” security1 Message: 0 0 0 1 1 1 … = 0 1 0 0 1 1 … Random key: XOR operation Ciphertext: 0 1 0 1 0 0 … Limitations: “Really long” key is hard to generate and store [1] Shannon, C.  Bell System Technical Journal 28,656–715 (1949).

  8. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses…

  9. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses…

  10. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses… Solution: volumetric optical scattering unique speckle coherent light

  11. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses… Solution: volumetric optical scattering a Δθ ~ λ/2πa Uncorrelated speckle

  12. Goal: Create an ideally secure link between two communicators without relying upon the security of digital electronic storage Digital electronic memory: insecure Tools: Imaging, freezing, probing, overwriting… Goals: Key copying, alteration, viruses Solution: volumetric optical scattering • Benefits • Sensitive 3D structure • High density (1 Tb/mm3) • “Cheap” entropy “key database”

  13. Previous Work Our Goal Limitations Optical encryption methods - Fiber-based protocols - Quantum key distribution - Optical random number generation Information-theoretic security Requires digital key storage Secure storage - Digital electronic security - IC, FPGA, RFID - Random variations in fab. process Keys cannot be copied, cloned Not for communication Challenging to use a stolen device - Optical storage for ID, authentication Pappu et al., Science 297 (2001) Skoric et al., Applied Crypto. & Network Sec. 3531 (2005)

  14. Our setup

  15. Our setup “key database”

  16. Our setup “key database” Input: n random SLM patterns Output: n speckle images

  17. Mathematical model ri pi ri 2 = Display Image T = scattering transmission matrix

  18. Mathematical model ri pi Speckle Image ri Speckle Intensity Histogram ri 2 Probability = Pixel value T = scattering transmission matrix

  19. Mathematical model ri pi Digital “whitening” (public) ri 2 = T = scattering transmission matrix

  20. Mathematical model ri pi Digital “whitening” (public) Key Image ri 2 = W = sparse binary matrix (digital, public) T = scattering transmission matrix

  21. Verification of speckle key randomness • Statistical randomness test suites: Diehard1 and NIST2 • 12 different 10 Gb keys k tested • Stats comparable to state-of-the-art random number generators Table 1| Example NIST statistical randomness test performance. NIST statistical randomness test package performance of a typical 10-gigabit sequence of random CPUF data, split into 10,000 unique 1 megabit sequences following a common procedure11,12. For ‘success’ using 10,000 samples of 106 bit sequences and significance level α =0.01, the p-value (uniformity of p-values) should be larger than 0.0001 and the minimum pass rate is 0.987015. • [1] Marsaglia, G. http://stat.fsu.edu/pub/diehard(1996). • [2] Rukhin, A. et. al, National Institute of Standards and Technology Special Publication 800-22 (2001).

  22. Securely linking two devices for communication Each device is unique – how to implement the one-time pad between two parties?

  23. Securely linking two devices for communication Each device is unique – how to implement the one-time pad between two parties? Scat. Scat.

  24. Securely linking two devices for communication Each device is unique – how to implement the one-time pad between two parties? Scat. Scat. Communication achieved through an information-theoretically secure key-pair

  25. Securely linking two devices for communication Dictionary Setup Alice’s device Bob’s device 1. Alice and Bob securely connect devices 2. Display p1..n 3. Publically save XOR of keys k1..n(A) k1..n (B)

  26. Securely linking two devices for communication Dictionary Setup Alice’s device Bob’s device OTP ciphertext: ideally secure 1. Alice and Bob securely connect devices 2. Display p1..n 3. Publically save XOR of keys k1..n(A) k1..n (B)

  27. Securely linking two devices for communication Alice sends Bob a message Bob’s device Alice’s device 1. Alice randomly selects p,creates k(A) and computes ( k(A) m ) 2. Alice sends (k(A) m)and p 3. Bob creates k(B), looks up ( k(A) k(B) ) 4. Bob computes: k(B)  ( k(A) k(B) ) (k(A) m)= m

  28. Experimental demonstration Key size: 10 Gb (100 Gb unverified) Duration: 24 hours Attack time: ~50 hours Noise: ~20% bits flipped* *after error correction

  29. Conclusion and future work • - Non-electronic storage of 10 Gb over 24 hours • - New protocol for “physical memory” • Information-theoretic security • Linking physical disorder • Future work • Public key variant • Detailed security analysis R. Horstmeyer, “Physical key-protected one-time pad,” arxiv:1305:3886 (2013) Thank You!

More Related