The rapid growth of portable electronic devices with limited power and area has opened a vast area of low-power and compact circuit design opportunities and challenges for VLSI circuit designers. Cellular phones, PDAs, and smart cards are examples of portable electronic products that are becoming an integral part of everyday life. The popularity of these devices necessitates special considerations for their security subsystems. Unlike computer network security systems that impose less stringent limitations on the area and power consumption but put more emphasis on high throughput (several Gigabit/s), portable applications demand security hardware with more restrictions on area and power and less on throughput (several hundred kilobit/s to a few Megabit/s). This difference in requirements dictates a different approach in the design and implementation of the security systems for these devices. Since next-generation, multipurpose smart cards will be used for a wide range of applications; their security system must implement both private (symmetric) and public (asymmetric) key algorithms, to accommodate various application requirements. Private key algorithms with high throughput are suitable for data communication, while public key algorithms with much lower throughput are suitable for private key exchange and authentication. Among all available algorithms, data encryption standard (DES), advanced encryption standard (AES), and elliptic curve cryptography (ECC), which are approved by standards organizations, are selected for this application.
Almost all information processing and telecommunication are in digital formats. Most data, for example photos, music and private information can be transmitted through copper, optical or wireless network to a recipient anywhere in the world. In order to protect the data and keep privacy, the information system should be equipped with cryptography and robustness techniques.
Cryptographic services are required across variety of platforms in a wide range of applications such as secure access to private networks, electronic commerce and health care. Cryptography means hidden writing, the practice of using encryption to conceal text. The security of conventional encryptions depends on several factors. First, the encryption algorithm must be powerful enough that is impractical to decrypt a message on the basis of cipher text alone. Beyond that, the security depends on the secrecy of the key, not the secrecy of the algorithm. That is, it is assumed that is also impractical to decrypt a message on the basis of the cipher text plus knowledge of the encryption or decryption algorithm. Generally, most of cryptography algorithms are implemented in software, but software implementation cannot offer the physical security for the key. Software is operating system (OS) dependent and also exposed to viruses and hackers attacks that may interrupt the OS running on the general computer. Execution on general-purpose processor (CPU) of the algorithm will use most CPU's resources to calculate and execute all processes in the algorithm because CPU lacks of instructions for modular arithmetic with operations on very large operands. Thus, word sizes mismatch, less parallel computations and algorithm/architecture are the main problems faced by software implementation of cryptosystem. Different applications of the data encryption algorithm may require different speed/area trade-offs. Some applications, such as smart card and cellular phone, require a small area. Other applications, such as World Wide Web (WWW) servers and Asynchronous Transfer Mode (ATM) networks are speed critical. Some other applications, such as digital video recorders, require an optimization of speed/area ratio.
What is Cryptography?
Cryptography is a Greek word that literally means the art of writing secrets which is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. In practice, cryptography is the task of transforming information into a form that is incomprehensible, but at the same time allows the intended recipient to retrieve the original information using the secret key. Cryptography is not a recent science, but an old strategy to guarantee information exchange security. It covers from data encryption and decryption, digital signature to hash function and more. Encryption and decryption are the two main functions in cryptography system. Encryption is the transformation of data into a form unreadable by anyone without secret key in order to ensure privacy. The information is hidden from anyone for whom it is not intended, even from those who can see the encrypted data. Encryption also allows secure communication over an insecure channel especially Internet. Decryption is the reverse function to retrieve the original encrypted messages using secret key. A mathematical model can be used to show the conventional encryption and decryption processes. A symmetric cryptosystem consists of a set M of plaintext message, a set C of ciphertext, a set K of keys, and two function, an encryption function E : K x M ? C and a decryption function D : K x C? M. We often write Ek(m) = E(k,m) and Dk(c)=D(k,c). We require that Dk to be inverse of Ek that is for all keys k ? K and all plaintext message m ? M, we have Dk(Ek(m)) = m. To be useful, it should certainly be difficult to find k given only c = Ek(m). The goal is to hide m, not k, so a procedure that found m given c would compromise the cryptosystem even if k reminded well hidden (M. J. Fischer, 2000). In the past, the goal of security was in the use of cryptographic algorithm that were unknown by others. Nowadays, to guarantee a true security, the algorithm must be public and all the security must be in key.
Cryptography is largely used in Internet Banking and other telecommunication operations. For an example when we shop an Air Asia airline ticket from www.airasia.com, cryptography is used to ensure privacy of credit card number as it travels from the buyer to the airline's server. In electronic banking such as online banking system www.example.com, cryptography is used to ensure that the transactions cannot be forged. In security application such as smart card, we need to ensure the data stored on the microchip is encrypted and well protected. In future, cryptography is commonly used in any digital equipments and technologies.
Cryptography services consist of maintaining four characteristics; which are confidentiality, data integrity, non-repudiation and authentication. Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. The type of access is read-type access: reading, viewing, printing or even just knowing the existence of an object. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography. Confidentiality is sometimes called secrecy or privacy. In computer science and telecommunications, the term data integrity has the following meanings:
- The condition in which data are identically maintained during any operation, such as transfer, storage, and retrieval.
- The preservation of data for their intended use.
- Relative to specified operations, the a priori expectation of data quality. Another aspect of data integrity is the assurance that data can only be accessed and altered by those authorized to do so. In cryptography and information security in general, integrity refers to the validity of data. Integrity can be compromised in two main ways:
- An attacker alters the account number in a bank transaction
- Forging an identity document
- Transmission errors
- Hard disk crash
Authentication is the act of establishing or confirming something (or someone) as authentic, that claims made by or about the thing are true. Authentication of an object may mean confirming its provenance. Authentication of a person often consists of verifying their identity. In computer security, authentication is the process of attempting to verify the identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. In a web of trust "authentication" is a way to ensure users are who they say they are that the user who attempts to perform functions in a system is in fact the user who is authorized to do so.
Non-repudiation is the concept of ensuring that a contract, especially one agreed to via the Internet, cannot later be denied by one of the parties involved. In today's global economy, where face-to-face agreements are often not possible, non-repudiation is becoming extremely important to commerce. In regard to digital security, non-repudiation means that it can be verified that the sender and the recipient were, in fact, the parties who claimed to send or receive the message, respectively. In other words, non-repudiation of origin proves that data has been sent, and non-repudiation of delivery proves it has been received. Traditional methods such as seals or signatures are vulnerable to forgery. Digital transactions are also potentially subject to fraud, such as when computer systems are broken into or infected with Trojan horses or viruses. Participants can potentially claim such fraud to attempt to repudiate a transaction.