“Smart Secure Devices will help our lives to be easier, safer and more enjoyable, without jeopardizing our privacy”, explained Eurosmart Chairman Jacques Seneca during the press conference that took place on 19 April 2007 in Brussels. “In 2020, smart objects will become totally integrated into our everyday lives as our digital proxies, bringing simplicity and convenience in the way services are delivered to us. Smart cards will get diversified into Smart Security Devices leveraging on biometrics, contactless, nanotechnologies as well as software”

- SmartCard Trends, "Eurosmart forecast 20 billion of Smart Secure Devices by 2020", Brussels, May 2007

Eurosmart predict the possibility of 20 billion smart networked objects communicating information about our physical environment. The massive security risks presented by the interdependency and interconnectedness of our information and communications systems with sensor networks implies that security must be present and implemented correctly before they are deployed into the marketplace. Governments around the world are becoming cognizant of the need for security to be built into our infrastructure: 

Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle.

Synaptic offers the opportunity to increase the security functionality and market appeal of ambient intelligence devices at LESS cost and often better performance than existing security solutions. However performance and cost is not the only requirement, the duration of security is equally important given the difficulty of upgrading 20 billion devices after they have been deployed in the field:

Security and dependability issues typically go along with the life cycle of a technology. The trend to first deploy a technology and later fix its problems – typically driven by economic motives – is gradually making way for security by design, resulting in improved security at the beginning of the life cycle.

Unfortunately, the security issues of a technology near the end of its lifetime are typically overlooked. The best known example is that of cryptographic keys and algorithms (cf. supra) which may need to offer in some cases security for 50 to 100 years.

Advantageously, adding Synaptic full function long term security can manage known risks, reduce your costs, and open market opportunities through added functionality and product differentiation. Synaptic seeks to bring these business and security advantages to a wide range of different markets such as ambient intelligence devices, wireless sensor networks and so on.

The Synaptic objective is to overcome barriers to acceptance and provide commercial incentives to the rapid uptake of long term security, even in Ambient Intelligence Devices. The Synaptic Ecosystem addresses the following five tests:

1. How cheaply and effectively can ALL the security components be deployed in low cost, low resource devices such as smart cards and smart objects?
2. To reduce the risk of rapid obsolescence of the security implemented in hardware (and avoid subsequent industry retooling), how many years of security can the deployed system offer with high assurance?
3. Is it possible to retroactively upgrade the security in existing and future devices without replacing hardware if the security fails?

4. Can the security system perform security functions effectively in the application we wish to deploy it?

We now explore these questions with respect to mainstream security systems currently in use and Synaptic’s offerings for Ambient intelligence devices.

TEST 1: How cheaply and effectively can ALL the security components be deployed in low cost, low resource devices?

A full featured security system typically requires five core security operations:

If these operations are all implemented in software then there is no additional hardware circuitry costs. Unfortunately software implementations of these algorithms run significantly slower in resource constrained hardware devices than hardware accelerated or hardware dedicated implementations. This in turn may limit their suitability for a wide range of commercially important applications. Another significant consideration is that executing these complex operations in software is less power-efficient than when implemented in hardware. Using hardware accelerators or hardware dedicated circuits reduces total power consumption for running the crypto operation which may lead to improved wireless communications range or longer battery life.

Given most microprocessors in area constrained smart card and ambient intelligence devices are already very slow (10’s of MHz) the market trend has been to implement the basic security functionality without hash functionality (such as SHA-1 or SHA-2) into the chip itself. For example, our extensive survey of smart-card devices at CARTES was unable to identify any commercially available devices that offered SHA-1 or SHA-2 functionality, due primarily to the extra circuit demands.

The most common hardware arrangement is to implement 3DES as a dedicated hardware circuit alongside a programmable crypto accelerator that has been optimized predominantly for RSA key exchanges and digital signatures. Hash functions would be implemented using SHA-1 in software. This means in practice that the smart card might have: a 16-bit MCU (12.4k gates), a high speed dedicated 3DES circuit (3-6k gates), and a public key accelerator for running RSA. (26K gates). If the 3DES security is halved or the RSA security outright fails (such as will occur with code breaking quantum computers) then security in the application is compromised and the device would normally become obsolete. Without Synaptic technologies this then becomes a rip and replace scenario where new devices must be design and manufactured with new security on the chip, the old devices must be decommissioned and the new devices deployed. Synaptic technologies specifically address this risk, allowing the device to be upgraded in software to achieve similar functionality at potentially faster speeds.

In high performance (or very low power) ambient intelligence applications running modern standards based security the configuration may be different again. It is possible that a full function system would require a 16-bit MCU (12.4k gates), an AES-128 (encryption only: 3k gates @ 0.8 bits per clock cycle) circuit for data privacy, SHA-256 (25K gates) for message authentication and hashing operations, and an RSA or ECC accelerator for key exchanges and digital signature operations (26K gates). A significant challenge with integrating RSA or ECC with SHA is that they may operate at different clock speeds, with different data path lengths, etc. This adds to hardware design costs and risks through added synthesis complexity. In any case the same rip and replace risk applies to this model because of the weaknesses of AES-128, RSA and ECC against quantum computer attacks. Again Synaptic technologies specifically address and remove this limitation and maintain equivalent or better performance.

NB: Circuit area estimates above are indicative - circuit area varies depending on performance, functionality, security requirements and the choice of vendor.

A Synaptic Solution based on PQSDES

Synaptic have designed a system that enables encryption, message authentication, hashing, key exchanges (Group, Universal and/or Enterprise Key Exchange) and digital signatures (Lamport-Diffie-Merkle) to all be accelerated using a single DES or AES hardware circuit. The high-speed cipher-hash functionality that accelerates all the above operations is called Post Quantum Secure DES (PQSDES) or Post Quantum Secure AES (PQSAES).

Synaptic’s PQSDES describes power efficient ways of upgrading a single DES-56 (3k gates @ 4 bits per clock cycle) hardware coprocessor using software instructions executed on a 8 / 16 or 32 bit MCU to support 256-bit security ratings, even against quantum computers. This removes the need for periodic upgrades of the security and the ultimate rip and replace risk!

In applications requiring slightly higher performance (or better power efficiency) a larger portion of the PQSDES cipher-hash can be moved from software and implemented cost effectively in hardware while still taking advantage of the plentiful SRAM available to the microprocessor.

Similar solutions are possible using PQSAES.

A Synaptic Solution BASED ON VEST

The above mentioned protocols which support key exchanges and digital signatures can be combined with Synaptic’s VEST hardware-dedicated cipher-hash module. The VEST cipher-hash is designed for bandwidth and latency sensitive applications that must achieve demanding throughput with high security in low circuit area and with low power consumption. The VEST cipher could be dynamically switched from securing chip-to-chip communications, to encrypting packets to be sent over the network through to digital signature operations.

Together Synaptic’s protocols, an 8-bit MCU and the VEST-4 cipher-hash (6-7k) can also provide the full suite of 5 core cryptographic operations with increased performance and functionality at reduced cost in low resource devices.

TEST 2: To reduce the risk of rapid obsolescence of the security implemented in hardware (and avoid subsequent industry retooling), how many years of security can the deployed system offer with high assurance?

My colleagues at MIT and I have been building simple quantum computers and executing quantum algorithms since 1996, as have other scientists around the world. Quantum computers work as promised. If they can be scaled up, to thousands or tens of thousands of qubits from their current size of a dozen or so, watch out!”

It simply is not possible to guarantee RSA, D&H or ECC will offer any security 10 years into the future from now, perhaps even sooner. They are the weak link in all modern security systems. After code-breaking quantum computers arrive these algorithms and devices that rely upon them will offer effectively no security against those who can gain access to quantum computing services. Hackers recording currently secure traffic will be able to auction that data to the highest bidder.

Synaptic proposes software upgrades to existing devices that overcome the risks through the use of alternative algorithms for digital signatures and key exchanges. These digital signatures are well known (Lamport-Diffie-Merkle) and Synaptic Labs' key exchanges are built on techniques that are well established. Together they can protect RSA, D&H and ECC, or simply replace them. They can remove the need, costs and risks arising from periodic upgrades and code breaking quantum computer attacks.

Hitachi and the Technical University of Darmstadt (TUD) have improved the approximately 30 year old Lamport-Diffie-Merkle digital signature technologies to create a high performance digital signature scheme that can compete directly with RSA and ECC. The advantage of the Lamport-Diffie-Merkle schemes is in the simplicity of their security model. The security of these signatures is directly derived from the strength of the cryptographic hash function such as NIST SHA-2 or Synaptic’s PQSDES or PQSAES hash functions. Synaptic’s hash functions enable these digital signature schemes in ambient intelligence devices at the lowest cost.

This just leaves the problem of protecting or replacing the RSA / D&H / ECC key exchanges. Synaptic has created a suite of key exchange technologies that are suitable to replace or wrap around the at risk components. Similar to the Hitachi and TUD digital signature schemes, the security of the scheme is derived from the strength of the hash function.

If appropriate security parameters are used then it is possible to argue with high assurance that these systems will achieve 100+ year security ratings. Building these solutions in software with DES or AES hardware acceleration is extremely attractive as it offers excellent performance and power consumption in only 3k gates.

TEST 3: Is it possible to retroactively upgrade the security without replacing the hardware if the security fails?

The short answer is that existing mainstream public key algorithms cannot be upgraded with increased key lengths to offer security against large quantum computer attacks. Synaptic technologies can upgrade existing ambient intelligence devices if they have DES or AES hardware circuitry. This would enable the security of many designs to be rapidly upgraded in software during manufacture without redesigning the hardware. In some applications it may be possible to upgrade the firmware and security in the field without throwing away the hardware.

The Synaptic, Hitachi and Technical University of Darmstadt (TUD) Lamport-Diffie-Merkle digital signature technologies and Synaptic’s key exchange technologies rely on the strength of the hash function. The strength of the hash function is upper bound by the length of the message digest. While it is possible to deploy the signature scheme using hardware dedicated SHA circuitry this is not the most cost-effective solution. If SHA circuitry is used then the costs must be paid at manufacture time to support the smaller SHA-256 through to the larger SHA-512. Synaptic’s PQSDES cipher-hash has been designed to support variable length message digests with the same low-area hardware circuitry. Systems that run PQSDES in a CPU with (3k gate) DES hardware configuration can upgrade the minimum message digest lengths to the stronger message-digests in the field with a remote upgrade of the firmware. There is no hardware penalty for supporting larger message digests with PQSDES.

TEST 4: Can the security system support the full range of commercial applications?

Synaptic’s range of post quantum secure technologies are capable of EFFICIENTLY fulfilling all core security applications for network attached devices, including key exchanges between any two devices out of a group of billions of devices, and digital signatures. US NIST components such as AES-256 and SHA-512 could be used or alternatively the use of the lower cost hardware DES acceleration in PQSDES can be used.

Many offline and semi-offline security techniques are also possible depending on the application context. A cluster of networked devices not attached to the Internet may also be capable of creating their own complete security infrastructure.

Conclusion

Synaptic technologies enable the full range of cryptographic operations to be securely implemented in devices that could previously achieve limited security for some operations. Synaptic technologies reduce the manufacturing cost required to achieve the core cryptographic operations thereby providing an economic advantage over conventional solutions. The ability to achieve 100 year security provides value to your customers by removing the data security risks presented by the need for periodic security upgrades of marginally secure systems. The ability to achieve 100 year security also begins to protect the global community from a simultaneous failure of security devices. Synaptic allows many existing hardware designs to achieve this upgrade without retooling or redesign facilitating rapid entry to market and the ability to lower manufacturing costs and increase margins in the next generation of product release.