SlideShare a Scribd company logo

A study of cryptography for satellite applications

Download as PPTX, PDF
Rajesh Ishida, profile picture
Rajesh Ishida

This document discusses and compares various cryptographic algorithms for use in securing satellite downlink communications. It begins with an overview of aspects of satellite security and introduces cryptography. It then covers symmetric and asymmetric cryptographic algorithms like AES, RSA and stream ciphers. It analyzes the performance of algorithms in terms of hardware usage and throughput. Block cipher modes and attacks on cryptosystems are also examined. The document concludes by recommending the KHAZAD block cipher and A5/1 stream cipher as best suited for satellite security based on a performance comparison.

TechnologyEducation
1 of 52
Downloaded 342 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
By Rajesh Azmera Shakun Yawatkar at Digital Systems Group ISAC, Bangalore
Objectives  Study of basics of cryptography and different cryptographic methods.  Study of CCSDS security needs and recommendations  Comparison of several cryptographic algorithms  Finding the best cryptographic algorithm for satellite security( downlink in RS satellites)
Overview  Aspects of Satellite Security and their Countermeasures  Introduction to Cryptography  Classification of Cryptography  Attacks and their classification  Various Cryptographic Algorithms and their comparison  CCSDS Recommendations  Comparison of Block and Stream Ciphers  Conclusion
Aspects of Satellite Security  Access Control: Process of granting access to the resources of a system only to authorized users, programs, processes. Enable only approved operators to access mission control systems  Authentication: Ability to verify the identity of a user or device. Only authenticated telecommands are obeyed by the onboard systems.  Availability: Assurance that a system will be usable when it has to be. Spread Spectrum and Frequency Hopping techniques can be used to prevent jamming.
Aspects of Satellite Security Continued  Confidentiality: Ensures that data is disclosed only to the authorized systems.  Prevents disclosure of sensitive information contained within space mission data system.  Confidentiality of uplink and downlink data  Prevents analysis of communication traffic by unauthorized system. CRYPTOGRAPHY COMES INTO PICTURE.  Data Integrity: Ensuring that data transmitted from a source is not modified, altered or destroyed  Mission data has not been manipulated in any way during Transmission. Appending Integrity Check Value (ICV) to the data structure A form of sequence numbering for stream of data.  Accountability: Ensures that the system actions are logged with the identity of the entity initiating the action and the data and time the action occurred( Auditing)
Classes of Missions with respect to security  High Security Missions:  Government or Military section  Protection of mission data from unauthorized access, Prevention from detection, interception, and exploitation  Moderate Security Missions:  Commercial Communications, Meteorological and Remote Sensing Missions  Protection from unauthorized access, protect payload data  Minimal Security Missions:  Other space missions  Confidentiality requirement for specific telemetry information
Introduction to Cryptography  Need of Cryptography: Confidentiality, Authentication, Integrity and Non- repudiation are needed in various applications like Radio Communication, Telephonic Communication Network Communication Mobile Communication Internet
Cryptography  Cryptography is the science of protecting data, which provides means and methods of converting data into unreadable form, so that  The data cannot be accessed for unauthorized use.  The content of the data frames is hidden.  The authenticity of the data can be established.  The undetected modification of the data is avoided.  The originator of the message cannot disown the data.
Model for Network Security
Some Important Terms  Plaintext: An original intelligible message or data that is fed into the algorithm as input.  Ciphertext: The coded message is known as Ciphertext. It depends upon the plaintext and the secret key  Encryption: The process of conversion of plaintext into ciphertext is known as Encryption  Decryption: Restoring the plaintext from ciphertext is known as Decryption.  Cryptanalysis: Techniques used for deciphering a message without any knowledge of enciphering details fall into the area of Cryptanalysis.  Cryptology: The areas of cryptography and cryptanalysis together are called Cryptology.
Classification of Cryptographic Techniques  Symmetric Key Cryptography also known as Secret Key Cryptography  Problem: Process of transferring keys to the recipient is prone to risk. Includes a authorized third party.
 Asymmetric (Public Key) Cryptography:  This technique is very slow as compared to symmetric one.
 Combined Technique
Cryptographic Algorithms in Symmetric Key Cryptography  Data Encryption Standard (DES)  Extensively studied since its publication and is the best known algorithm  Developed by IBM in 1970 s.  64-bit block size and 56-bit key  In multiuser environment, secure key distribution may be difficult Most recently DES cracking machine was used to recover 56-bit key in 22 hrs. Result: DES is not secure, Banned by U.S. Government.
Triple DES  Minor Variation of DES, three times slower than DES  More secure than DES  EDE(Encrypt- Decrypt-Encrypt)  Encrypts plaintext data with a 56-bit key. The ciphertext obtained is decrypted with different key giving garbage data. And this garbage data is again encrypted using the first key. Some other algorithms are IDEA, RC4, RC5, CAST 128
Advanced Encryption Standard (AES)  National Institute of Standards and Technology (NIST) realized the need of new secure algorithm to replace DES. And arranged a competition.  One of the criteria for the arranged competition was the ability to support 128-bit blocks of plaintext.  The finalists of the competition were  MARS: by IBM  RC6: by Ron Rivest of RSA Labs  Twofish: from Counterpane Internet Security (highly suitable for microprocessors and smart cards  Serpent: by Ross Anderson, Eli Bihan and Lars Knudsen  Rijndael: by Daemen and Rijmen Of all these, Rijndael was judged best and announced to be new AES.
Rijndael Algorithm  Fixed Block Sixe of 128-bits and key size of 128, 192 or 256 bits.  Operates on 4*4 matrix of bytes, termed the state.  8 or 10 or 12 rounds as per the respective key size. Each round consists of several processing steps.
High-level description of the algorithm:  Key Expansion- round keys are derived from the cipher key using Rijndael's key schedule  Initial Round  Add Round Key- each byte of the state is combined with the round key using bitwise xor  Rounds  SubBytes- a non-linear substitution step where each byte is replaced with another according to a lookup table.  ShiftRows- a transposition step where each row of the state is shifted cyclically a certain number of steps.  MixColumns- a mixing operation which operates on the columns of the state, combining the four bytes in each column.  AddRoundKey  Final Round (no MixColumns)  SubBytes  ShiftRows  AddRoundKey
Sub-bytes Step Shift-Row Step Add Round Key Step Mix Columns Step
Algorithms in Asymmetric Cryptography  The most common algorithm is RSA.  Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA system in 1977; RSA stands for the first letter in each of its inventors’ last names.  Take two large primes, p and q, and compute their product n = pq: n is called the modulus. Choose a number ‘e’ less than n and relatively prime to (p-1)(q-1), Which means e and (p - 1)(q - 1) have no common factors except 1. Find another number d such that (ed - 1) is divisible by (p - 1)(q - 1). The values e and d are called the public and private exponents/keys. The public key is the pair (n; e); the private key is (n; d). The factors p and q may be destroyed or kept with the private key.
 It is currently difficult to obtain the private key d from the public key (n; e). However if one could factor n into p and q, then one could obtain the private key d. Thus the security of the RSA system is based on the assumption that factoring is difficult.
Symmetric encryption are further classified as  Block ciphers – It encrypts plain text and decipher the text blocks of a fixed length.  Stream ciphers – In this plain text bits are combined with a pseudorandom cipher bit stream by exclusive –or operation. In this plain text bits are encrypted one at a time.
Different types of Block ciphers are: 1. Electronic Code Book Mode(ECB). 2. Cipher-Block Chaining Mode(CBC). 3. Cipher Feed-Back Mode(CFB). 4. Output Feed Back Mode(OFB). 5. Counter Mode(CTR).
 Electronic Code Book mode - Each plain text block is encrypted by the underlying algorithm Block Encryption, transmitted and decrypted . The last fragment of the message is suitably padded with zero to make it block size.  Disadvantage – Identical plain text block has identical cipher text block, where it does not provide serious message confidentiality.
 Cipher Block Chaining Mode- Co is initialization vector which is used as the seed for the process. Initialization vector- A block of bits is used by several modes to randomize the encryption.
 Cipher Feed back Mode- The cipher key stream is extracted from the outputs of the block cipher encryption whose inputs are taken as the feedback from the cipher text stream. Before the feedback is available , an initialization vector is used as a seed.
 Out put Feed back Mode- This is almost similar to the CFB mode ,except that the block cipher encryption takes the feedback directly from its own outputs.
 Counter Mode(CTR)-
Comparison of Block mode:
Stream classified into two types 1. Synchronous stream Cipher- In this type of cipher the sender and receiver must be exactly in step/synchronized for decryption to be successful. If digits are added or removed from the message during transmission, synchronization is lost, however a single bit is lost and error doesn’t propagate. 2. Self-synchronous Stream cipher- In this type, if digits are added/removed during the transmission synchronization can be attained by the algorithm. In this stream ciphers padding is not required as in case of block ciphers.
Various types of attacks that are possible on cryptographic systems There are two types of basic attacks:  Passive attack.  Active attack. Passive attack: This type of attack is generally accomplished by eavesdropping and modification of data is not possible. A space system can be subjected to two principle types of passive attacks :  Compromise of Data confidentiality- Disclosure of information flowing between ground and space systems  Compromise of traffic flow confidentiality-Disclosure of information like volume, source and destination of the information. eg: traffic analysis. These are difficult to detect because they don’t involve alteration of data.
Active attacks- Some of the possible types of attacks to be considered for space systems are:  Modification of messages- This kind of attack occurs when some amount of data is altered resulting in undesirable effects.  Replay Attack- when a message or part of it is stored and repeated at later time to produce undesirable effect.  Insider attack- Most of the computer crimes are the result of insider attack.  Software threats- programs like viruses , worms etc.. to allow bypassing the usual security controls.
Attacks which are possible on stream ciphers Possible attacks on stream ciphers are:  Known Cipher text attack.  Known plain text attack.  Chosen plain text attack.  Chosen cipher text attack.  Side channel attack.  Bit flipping attack. Known Cipher text attack – In this type of attack where the attacker assumed to have access to set of cipher texts. The attack is completely successful if the plain text is deducted. Various techniques developed by the cryptographers are:  Traffic analysis.  Brute force attack.
Know plain text attack : the attacker has the samples of both the cipher text and plain text and use them to reveal the information. Chosen plain text attack- Here the attacker has the capability to choose the plain text and obtain the corresponding cipher text. The goal of the attack to gain some further information which reduces the security of the encryption scheme. Chosen cipher text attack- In this attacker gather the information at least in part by part and obtaining its decryption under a unknown key. The aim is to deduce the key.  Key recovery method- a method to recover the key.
Side channel attack- Side channel attacks are based on side channel information, side cannel information is retrieved from physical implementation instead of theoretical weakness. Here the attacker studies the power consumption of a cryptographic device and uses its electro magnetic radiation to find out the key. Bit flipping attack- in this type of attack, attacker can change the cipher text in such a way that a predictable change in plain text is made. This type of attack can be avoided by using message authentication codes (MAC) to increase the likelihood that tampering will be detected.
Attacks that are possible on block ciphers:  Brute force attack.  Linear crypt analysis.  Differential crypt analysis. Brute force attack- It involves symmetrically checking all the possible keys until the correct key is found. In the worst case, this would involve traversing entire search space. Linear crypt analysis- In this attack it takes the advantage of linear relationships between a the input and output of cipher keys. The usual approach is to analyze the non linear components and approximate them.
Differential crypt analysis- In this type of attack it analyzes the differences in pair of plaintext on the difference of resultant cipher texts. These differences can be used to assign probabilities to the possible keys and locate the most possible key.
Comparison of various algorithms based data rate, throughput and hardware. Throughput- defined as the no.of bits encrypted and decrypted in unit of time. Through put per slice-which measures the hardware cost, associated with the implementation resulting throughput. Latency- time necessary to encrypt and decrypt a single block of plain text or cipher text.
Performance comparison of stream ciphers: Cipher Area (Slices) Frequency (MHz) Throughput (Mbps) Through/Area A5/1 32 188.3 188.3 5.88 W7 608 96 768 1.26 E0 895 189 189 0.21 Helix 418 32 1024 2.45 RC4 140 60.8 120.8 0.86 Hardware used- Xilinx Virtex XC2v6000 1152-6 FPGA which contains 33792 slices and 144 RAM blocks. Conclusion- A5/1 is considered as best.
Performance comparison of Block ciphers It consists of two basic type of architectures- Basic Looping Architecture-
Full Looping Unrolling Architecture-
Architecture Area(CLBs) Frequency(MHz) Throughput(Mbps) Latency(us) TDES_BLA 431 86 115 0.56 TDES_FLUA 14240 108 6900 0.44 IDEA_BLA 1852 50 356 0.18 IDEA_FLUA 11700 47 3008 0.19 CAST-128_BLA 2600 55 220 0.29 CAST-128_FLUA 24200 53 3392 0.30 MISTY1_BLA 4820 30 213 0.26 MISTY1_FLUA 13080 26 3328 0.30 KHAZAD_BLA 2250 65 462 0.12 KHAZAD_FLUA 9277 70 4480 0.11 Hardware -Using VHDL, with structural description logic, captured each one of the block ciphers. The VHDL codes were synthesized for XILINX (VIRTEX) FPGA devices, using the Leonardo Spectrum tool, VIRTEX 1600EBG560-6 Conclusion- KHAZAD is considered as best.
Performance comparison between Block and Stream ciphers.
Conclusion obtained from above table :  A5/1 is most efficient but is the weakest  Helix appears to be efficient but requires software pre-computations which may not be practical.  LILI-II is not competitive with modern block ciphers and its expensive synchronization limits its efficiency.  SNOW2.0 considered to be best and comparable to ICEBERG  Comparison between ICEBERG and AES shows that AES should be preferred for space application where through put is compromised.
CCSDS :  The Consultative Committee for Space Data Systems, formed in 1982 by the major space agencies of the world.  Since its establishment, actively developing recommendations for data and information systems.  CCSDS standardization reduces the cost burden of missions by cost sharing between agencies and cost effective commercialization. CCSDS recommendations  Proposed only block cipher for encryption than stream cipher because  Block cipher are faster and different algorithms can be implemented without changing the hardware.  Stream cipher can be susceptible to serious security problems if used incorrectly.
Algorithm selection by CCSDS  AES,BLOWFISH,TEA,IDEA,SEED were considered but AES was recommended.  BLOWFISH : It is the predecessor of the AES finalist TWOFISH which was not on CCSDS’s list.  Tiny Encryption Algorithm(TEA): It requires many rounds (64). So extreme high speed is not achieved with cryptographic weaknesses.  IDEA: Strong but speed is not high. Also, IDEA is patented and licensed.  SEED: Korean algorithm, performance was not outstanding and usage was limited to Korea.  AES: Selected through lengthy, open , international competition. Available worldwide on a royalty free basis and not covered by any legal restrictions/patents. AES USING COUNTER MODE OPERATION IS RECOMMENDED BY CCSDS.
Advantages of counter mode:  Counter mode is very efficient in operation.  Padding is not required.  Single bit error results in loss of single bit.  Counter mode effectively converts block cipher to stream cipher so that advantages of both can be achieved.  Parallel computation is possible.
Comparison between stream and block cipher: Stream cipher Block cipher 1. It encrypts and decrypts one bit data at a time. It encrypts a block at a time of size M. 2. Different algorithms cannot be implemented using the Using block cipher hardware architecture different types of same hardware. algorithm can be implemented without changing the hardware 3. Applications where the speed is required it cannot It provides high speed though the encryption is provide high speed providing more encryption which is not comparatively lower than that of stream ciphers. required by the application 4. Transmission error can affect only single bit. Transmission error in one cipher text block has no effect on other blocks in counter mode. 5. Padding is not required. Padding is required. 6. Insertion and deletion of bits is not possible. Insertion and deletion of blocks is possible. 7. Less susceptible for crypt analysis attack but if used More susceptible for crypt analysis attack as compared to incorrectly, can be susceptible to serious security problems. stream ciphers 8. Through put is less than block ciphers. Through put is high. 9. Hardware required is less. Hardware requirement is high. 10. Difficult to implement in software basis. Easy to implement compared to stream ciphering. 11. Cipher resynchronization is required when there is Resynchronization is not required. error in a bit. 12. Synchronous stream cipher is periodic and key may No repetition is done because key is generated randomly. repeat after d characters. 13. Parallel process of encryption can be done. Parallel process of encryption cannot be done.
Conclusion:  Security of Remote sensing satellites fall under high or moderate levels.  As the high resolution imaging payloads generate data, large in size. So higher data rate is required along with security.  Stream ciphers cannot provide high speed, block cipher are preferred.  Block cipher in counter mode is preferred so as to minimize BER.  Considering the comparison between various algorithms and CCSDS recommendations AES with counter mode is preferred for satellite downlink data.
References : [1] RSA Laboratories, RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, Version 4.1, RSA Security Inc., 2000 [2] Encryption algorithm Trade Survey, Report Concerning Space Data System Standards, CCSDS-350.2-G-1, Green Book, Washington D.C.: CCSDS, March 2008. [3] Symmetric Encryption, Draft Recommendation for Space Data Practices, CCSDS 353.0-R-1, Red Book, Washington D.C., October 2008 [4] Audia_S_Abd Al_R_Asedy, Ameer A.J Al_ Swidi, An advantages and disadvantages of Block and Stream Cipher, <http://www.uobabylon.edu.iq/uobColeges/fileshare/articles/block.pdf> [5]Cryptography Basics <http://media.wiley.com/product_data/excerpt/94/07645487/0764548794.pdf> [6] Advanced Encryption Standard, Federal Information Processing Standards Publications 197, November 26, 2001 [7] Mohammed Atiquzzaman and Md. Shohrab Hossain, Security Issues in Space Networks, [8] The Secret Satellite, www.apscc.or.kr | APSCC Yearbook 2007 [9]Michalis Galanis, Paris Kitsos, Giorgos Kostopoulos, Nicolas Sklavos, and Costas Goutis, Comparison of the Hardware Implementation of the Stream Ciphers, The International Arab Journal of Information Technology, Vol. 2, No. 4, October 2005
A study of cryptography for satellite applications
Thank you

More Related Content

PPTX
secure file Storage on cloud ppt
NishmithaHc
 
PDF
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
National Chengchi University
 
PPTX
Diffie hellman key exchange algorithm
Sunita Kharayat
 
PDF
Millimeter wave as the future of 5g
Saurabh Verma
 
PPTX
Cryptography & Steganography
Animesh Shaw
 
PPT
AES.ppt
BincySam2
 
PDF
Presentation about RSA
Srilal Buddika
 
PPTX
Digital Signatures
Ehtisham Ali
 
secure file Storage on cloud ppt
NishmithaHc
 
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
National Chengchi University
 
Diffie hellman key exchange algorithm
Sunita Kharayat
 
Millimeter wave as the future of 5g
Saurabh Verma
 
Cryptography & Steganography
Animesh Shaw
 
AES.ppt
BincySam2
 
Presentation about RSA
Srilal Buddika
 
Digital Signatures
Ehtisham Ali
 

What's hot (20)

PPTX
Millimeter wave mobile communication for 5G cellular.
Apurv Modi
 
PPT
10 Slides to SMS
seanraz
 
PDF
Pki Training V1.5
Sylvain Maret
 
PPTX
Tools and methods used in cyber crime
shubhravrat Deshpande
 
PPTX
Cryptography
Rutuja Solkar
 
PPTX
Frequency Division Multiple Access (FDMA)
Miles Kevin Galario
 
PPTX
Cyber security best practices power point presentation
AbcdEfg576575
 
PPT
Epidemiologie Cystische Fibrose
eenvs
 
PPTX
Cryptography.ppt
Uday Meena
 
PPTX
quantum cryptography
vignans institute for management and technology for women
 
PPTX
Security services and mechanisms
Rajapriya82
 
PDF
Introduction to Cryptography
Seema Goel
 
PPT
6. cryptography
7wounders
 
DOCX
5G technology documentation
Sharon Moses
 
PPTX
SMS & MMS Technologies
Arun Shukla
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PDF
Nesc tutorial
Eduardo Roque
 
PPTX
Cryptography
subodh pawar
 
PPTX
Implementation of reed solomon codes basics
Ram Singh Yadav
 
PDF
Emily Stamm - Post-Quantum Cryptography
CSNP
 
Millimeter wave mobile communication for 5G cellular.
Apurv Modi
 
10 Slides to SMS
seanraz
 
Pki Training V1.5
Sylvain Maret
 
Tools and methods used in cyber crime
shubhravrat Deshpande
 
Cryptography
Rutuja Solkar
 
Frequency Division Multiple Access (FDMA)
Miles Kevin Galario
 
Cyber security best practices power point presentation
AbcdEfg576575
 
Epidemiologie Cystische Fibrose
eenvs
 
Cryptography.ppt
Uday Meena
 
quantum cryptography
vignans institute for management and technology for women
 
Security services and mechanisms
Rajapriya82
 
Introduction to Cryptography
Seema Goel
 
6. cryptography
7wounders
 
5G technology documentation
Sharon Moses
 
SMS & MMS Technologies
Arun Shukla
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Nesc tutorial
Eduardo Roque
 
Cryptography
subodh pawar
 
Implementation of reed solomon codes basics
Ram Singh Yadav
 
Emily Stamm - Post-Quantum Cryptography
CSNP
 
Ad

Viewers also liked (17)

PDF
Modern Cryptography
James McGivern
 
PPS
Satellite Interception
Firoze Hussain
 
PDF
Crypto and blockchain 2015
Theo van Rossum
 
PPTX
Bitcoin, Blockchain and the Crypto Contracts - Part 2
Prithwis Mukerjee
 
PPT
Cryptography and network security
Mahipesh Satija
 
PDF
Advanced Encryption Standard (AES)
Hardik Manocha
 
PDF
Introduction to blockchain and crypto currencies
Rohas Nagpal
 
PPSX
5 Cryptography Part1
Alfred Ouyang
 
PPTX
cryptography
Abhijeet Singh
 
ODP
CBGTBT - Part 5 - Blockchains 102
Blockstrap.com
 
PPT
Cryptography
gueste4c97e
 
PPTX
Quantum cryptography
Priya Winsome
 
PPTX
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
PPTX
Cryptography
Sidharth Mohapatra
 
PPTX
Satellite communication
Mannu Khani
 
PPT
Satellite communications
SARITHA REDDY
 
PPT
Network Security and Cryptography
Adam Reagan
 
Modern Cryptography
James McGivern
 
Satellite Interception
Firoze Hussain
 
Crypto and blockchain 2015
Theo van Rossum
 
Bitcoin, Blockchain and the Crypto Contracts - Part 2
Prithwis Mukerjee
 
Cryptography and network security
Mahipesh Satija
 
Advanced Encryption Standard (AES)
Hardik Manocha
 
Introduction to blockchain and crypto currencies
Rohas Nagpal
 
5 Cryptography Part1
Alfred Ouyang
 
cryptography
Abhijeet Singh
 
CBGTBT - Part 5 - Blockchains 102
Blockstrap.com
 
Cryptography
gueste4c97e
 
Quantum cryptography
Priya Winsome
 
Overview on Cryptography and Network Security
Dr. Rupa Ch
 
Cryptography
Sidharth Mohapatra
 
Satellite communication
Mannu Khani
 
Satellite communications
SARITHA REDDY
 
Network Security and Cryptography
Adam Reagan
 
Ad

Similar to A study of cryptography for satellite applications (20)

PDF
Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number Sy...
ijcisjournal2
 
PDF
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
PDF
Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number Sy...
ijcisjournal
 
PDF
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
PDF
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
PDF
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
PDF
A Survey on Generation and Evolution of Various Cryptographic Techniques
IRJET Journal
 
PPTX
moudule-1classical Encyption Techniques.pptx
AmbikaVenkatesh4
 
PPTX
Cryptography notes for undergraduate kud
md4228787
 
PPT
Encryption technology
Neha Bhambu
 
PDF
State of the art parallel approaches for
ijcsa
 
PDF
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
PDF
CNS Solutions-Adi.pdf
AdiseshaK
 
PDF
CNS_Solutions-Adi.pdf
AdiseshaK
 
PPT
Day5
Jai4uk
 
DOC
DOCS ON NETWORK SECURITY
Tuhin_Das
 
PPTX
Information System Security.pptx
GIT
 
PDF
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
KailasS9
 
PDF
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
PPTX
Cns 1
BhumikaPal1
 
Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number Sy...
ijcisjournal2
 
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number Sy...
ijcisjournal
 
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
SECURED PAILLIER HOMOMORPHIC ENCRYPTION SCHEME BASED ON THE RESIDUE NUMBER SY...
ijcisjournal
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
IRJET Journal
 
moudule-1classical Encyption Techniques.pptx
AmbikaVenkatesh4
 
Cryptography notes for undergraduate kud
md4228787
 
Encryption technology
Neha Bhambu
 
State of the art parallel approaches for
ijcsa
 
CNS_Solutions-Adi.pdf
Prof. Dr. K. Adisesha
 
CNS Solutions-Adi.pdf
AdiseshaK
 
CNS_Solutions-Adi.pdf
AdiseshaK
 
Day5
Jai4uk
 
DOCS ON NETWORK SECURITY
Tuhin_Das
 
Information System Security.pptx
GIT
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
KailasS9
 
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
Cns 1
BhumikaPal1
 

Recently uploaded (20)

PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 

A study of cryptography for satellite applications

  • 1. By Rajesh Azmera Shakun Yawatkar at Digital Systems Group ISAC, Bangalore
  • 2. Objectives  Study of basics of cryptography and different cryptographic methods.  Study of CCSDS security needs and recommendations  Comparison of several cryptographic algorithms  Finding the best cryptographic algorithm for satellite security( downlink in RS satellites)
  • 3. Overview  Aspects of Satellite Security and their Countermeasures  Introduction to Cryptography  Classification of Cryptography  Attacks and their classification  Various Cryptographic Algorithms and their comparison  CCSDS Recommendations  Comparison of Block and Stream Ciphers  Conclusion
  • 4. Aspects of Satellite Security  Access Control: Process of granting access to the resources of a system only to authorized users, programs, processes. Enable only approved operators to access mission control systems  Authentication: Ability to verify the identity of a user or device. Only authenticated telecommands are obeyed by the onboard systems.  Availability: Assurance that a system will be usable when it has to be. Spread Spectrum and Frequency Hopping techniques can be used to prevent jamming.
  • 5. Aspects of Satellite Security Continued  Confidentiality: Ensures that data is disclosed only to the authorized systems.  Prevents disclosure of sensitive information contained within space mission data system.  Confidentiality of uplink and downlink data  Prevents analysis of communication traffic by unauthorized system. CRYPTOGRAPHY COMES INTO PICTURE.  Data Integrity: Ensuring that data transmitted from a source is not modified, altered or destroyed  Mission data has not been manipulated in any way during Transmission. Appending Integrity Check Value (ICV) to the data structure A form of sequence numbering for stream of data.  Accountability: Ensures that the system actions are logged with the identity of the entity initiating the action and the data and time the action occurred( Auditing)
  • 6. Classes of Missions with respect to security  High Security Missions:  Government or Military section  Protection of mission data from unauthorized access, Prevention from detection, interception, and exploitation  Moderate Security Missions:  Commercial Communications, Meteorological and Remote Sensing Missions  Protection from unauthorized access, protect payload data  Minimal Security Missions:  Other space missions  Confidentiality requirement for specific telemetry information
  • 7. Introduction to Cryptography  Need of Cryptography: Confidentiality, Authentication, Integrity and Non- repudiation are needed in various applications like Radio Communication, Telephonic Communication Network Communication Mobile Communication Internet
  • 8. Cryptography  Cryptography is the science of protecting data, which provides means and methods of converting data into unreadable form, so that  The data cannot be accessed for unauthorized use.  The content of the data frames is hidden.  The authenticity of the data can be established.  The undetected modification of the data is avoided.  The originator of the message cannot disown the data.
  • 9. Model for Network Security
  • 10. Some Important Terms  Plaintext: An original intelligible message or data that is fed into the algorithm as input.  Ciphertext: The coded message is known as Ciphertext. It depends upon the plaintext and the secret key  Encryption: The process of conversion of plaintext into ciphertext is known as Encryption  Decryption: Restoring the plaintext from ciphertext is known as Decryption.  Cryptanalysis: Techniques used for deciphering a message without any knowledge of enciphering details fall into the area of Cryptanalysis.  Cryptology: The areas of cryptography and cryptanalysis together are called Cryptology.
  • 11. Classification of Cryptographic Techniques  Symmetric Key Cryptography also known as Secret Key Cryptography  Problem: Process of transferring keys to the recipient is prone to risk. Includes a authorized third party.
  • 12.  Asymmetric (Public Key) Cryptography:  This technique is very slow as compared to symmetric one.
  • 14. Cryptographic Algorithms in Symmetric Key Cryptography  Data Encryption Standard (DES)  Extensively studied since its publication and is the best known algorithm  Developed by IBM in 1970 s.  64-bit block size and 56-bit key  In multiuser environment, secure key distribution may be difficult Most recently DES cracking machine was used to recover 56-bit key in 22 hrs. Result: DES is not secure, Banned by U.S. Government.
  • 15. Triple DES  Minor Variation of DES, three times slower than DES  More secure than DES  EDE(Encrypt- Decrypt-Encrypt)  Encrypts plaintext data with a 56-bit key. The ciphertext obtained is decrypted with different key giving garbage data. And this garbage data is again encrypted using the first key. Some other algorithms are IDEA, RC4, RC5, CAST 128
  • 16. Advanced Encryption Standard (AES)  National Institute of Standards and Technology (NIST) realized the need of new secure algorithm to replace DES. And arranged a competition.  One of the criteria for the arranged competition was the ability to support 128-bit blocks of plaintext.  The finalists of the competition were  MARS: by IBM  RC6: by Ron Rivest of RSA Labs  Twofish: from Counterpane Internet Security (highly suitable for microprocessors and smart cards  Serpent: by Ross Anderson, Eli Bihan and Lars Knudsen  Rijndael: by Daemen and Rijmen Of all these, Rijndael was judged best and announced to be new AES.
  • 17. Rijndael Algorithm  Fixed Block Sixe of 128-bits and key size of 128, 192 or 256 bits.  Operates on 4*4 matrix of bytes, termed the state.  8 or 10 or 12 rounds as per the respective key size. Each round consists of several processing steps.
  • 18. High-level description of the algorithm:  Key Expansion- round keys are derived from the cipher key using Rijndael's key schedule  Initial Round  Add Round Key- each byte of the state is combined with the round key using bitwise xor  Rounds  SubBytes- a non-linear substitution step where each byte is replaced with another according to a lookup table.  ShiftRows- a transposition step where each row of the state is shifted cyclically a certain number of steps.  MixColumns- a mixing operation which operates on the columns of the state, combining the four bytes in each column.  AddRoundKey  Final Round (no MixColumns)  SubBytes  ShiftRows  AddRoundKey
  • 19. Sub-bytes Step Shift-Row Step Add Round Key Step Mix Columns Step
  • 20. Algorithms in Asymmetric Cryptography  The most common algorithm is RSA.  Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA system in 1977; RSA stands for the first letter in each of its inventors’ last names.  Take two large primes, p and q, and compute their product n = pq: n is called the modulus. Choose a number ‘e’ less than n and relatively prime to (p-1)(q-1), Which means e and (p - 1)(q - 1) have no common factors except 1. Find another number d such that (ed - 1) is divisible by (p - 1)(q - 1). The values e and d are called the public and private exponents/keys. The public key is the pair (n; e); the private key is (n; d). The factors p and q may be destroyed or kept with the private key.
  • 21.  It is currently difficult to obtain the private key d from the public key (n; e). However if one could factor n into p and q, then one could obtain the private key d. Thus the security of the RSA system is based on the assumption that factoring is difficult.
  • 22. Symmetric encryption are further classified as  Block ciphers – It encrypts plain text and decipher the text blocks of a fixed length.  Stream ciphers – In this plain text bits are combined with a pseudorandom cipher bit stream by exclusive –or operation. In this plain text bits are encrypted one at a time.
  • 23. Different types of Block ciphers are: 1. Electronic Code Book Mode(ECB). 2. Cipher-Block Chaining Mode(CBC). 3. Cipher Feed-Back Mode(CFB). 4. Output Feed Back Mode(OFB). 5. Counter Mode(CTR).
  • 24.  Electronic Code Book mode - Each plain text block is encrypted by the underlying algorithm Block Encryption, transmitted and decrypted . The last fragment of the message is suitably padded with zero to make it block size.  Disadvantage – Identical plain text block has identical cipher text block, where it does not provide serious message confidentiality.
  • 25.  Cipher Block Chaining Mode- Co is initialization vector which is used as the seed for the process. Initialization vector- A block of bits is used by several modes to randomize the encryption.
  • 26.  Cipher Feed back Mode- The cipher key stream is extracted from the outputs of the block cipher encryption whose inputs are taken as the feedback from the cipher text stream. Before the feedback is available , an initialization vector is used as a seed.
  • 27.  Out put Feed back Mode- This is almost similar to the CFB mode ,except that the block cipher encryption takes the feedback directly from its own outputs.
  • 30. Stream classified into two types 1. Synchronous stream Cipher- In this type of cipher the sender and receiver must be exactly in step/synchronized for decryption to be successful. If digits are added or removed from the message during transmission, synchronization is lost, however a single bit is lost and error doesn’t propagate. 2. Self-synchronous Stream cipher- In this type, if digits are added/removed during the transmission synchronization can be attained by the algorithm. In this stream ciphers padding is not required as in case of block ciphers.
  • 31. Various types of attacks that are possible on cryptographic systems There are two types of basic attacks:  Passive attack.  Active attack. Passive attack: This type of attack is generally accomplished by eavesdropping and modification of data is not possible. A space system can be subjected to two principle types of passive attacks :  Compromise of Data confidentiality- Disclosure of information flowing between ground and space systems  Compromise of traffic flow confidentiality-Disclosure of information like volume, source and destination of the information. eg: traffic analysis. These are difficult to detect because they don’t involve alteration of data.
  • 32. Active attacks- Some of the possible types of attacks to be considered for space systems are:  Modification of messages- This kind of attack occurs when some amount of data is altered resulting in undesirable effects.  Replay Attack- when a message or part of it is stored and repeated at later time to produce undesirable effect.  Insider attack- Most of the computer crimes are the result of insider attack.  Software threats- programs like viruses , worms etc.. to allow bypassing the usual security controls.
  • 33. Attacks which are possible on stream ciphers Possible attacks on stream ciphers are:  Known Cipher text attack.  Known plain text attack.  Chosen plain text attack.  Chosen cipher text attack.  Side channel attack.  Bit flipping attack. Known Cipher text attack – In this type of attack where the attacker assumed to have access to set of cipher texts. The attack is completely successful if the plain text is deducted. Various techniques developed by the cryptographers are:  Traffic analysis.  Brute force attack.
  • 34. Know plain text attack : the attacker has the samples of both the cipher text and plain text and use them to reveal the information. Chosen plain text attack- Here the attacker has the capability to choose the plain text and obtain the corresponding cipher text. The goal of the attack to gain some further information which reduces the security of the encryption scheme. Chosen cipher text attack- In this attacker gather the information at least in part by part and obtaining its decryption under a unknown key. The aim is to deduce the key.  Key recovery method- a method to recover the key.
  • 35. Side channel attack- Side channel attacks are based on side channel information, side cannel information is retrieved from physical implementation instead of theoretical weakness. Here the attacker studies the power consumption of a cryptographic device and uses its electro magnetic radiation to find out the key. Bit flipping attack- in this type of attack, attacker can change the cipher text in such a way that a predictable change in plain text is made. This type of attack can be avoided by using message authentication codes (MAC) to increase the likelihood that tampering will be detected.
  • 36. Attacks that are possible on block ciphers:  Brute force attack.  Linear crypt analysis.  Differential crypt analysis. Brute force attack- It involves symmetrically checking all the possible keys until the correct key is found. In the worst case, this would involve traversing entire search space. Linear crypt analysis- In this attack it takes the advantage of linear relationships between a the input and output of cipher keys. The usual approach is to analyze the non linear components and approximate them.
  • 37. Differential crypt analysis- In this type of attack it analyzes the differences in pair of plaintext on the difference of resultant cipher texts. These differences can be used to assign probabilities to the possible keys and locate the most possible key.
  • 38. Comparison of various algorithms based data rate, throughput and hardware. Throughput- defined as the no.of bits encrypted and decrypted in unit of time. Through put per slice-which measures the hardware cost, associated with the implementation resulting throughput. Latency- time necessary to encrypt and decrypt a single block of plain text or cipher text.
  • 39. Performance comparison of stream ciphers: Cipher Area (Slices) Frequency (MHz) Throughput (Mbps) Through/Area A5/1 32 188.3 188.3 5.88 W7 608 96 768 1.26 E0 895 189 189 0.21 Helix 418 32 1024 2.45 RC4 140 60.8 120.8 0.86 Hardware used- Xilinx Virtex XC2v6000 1152-6 FPGA which contains 33792 slices and 144 RAM blocks. Conclusion- A5/1 is considered as best.
  • 40. Performance comparison of Block ciphers It consists of two basic type of architectures- Basic Looping Architecture-
  • 41. Full Looping Unrolling Architecture-
  • 42. Architecture Area(CLBs) Frequency(MHz) Throughput(Mbps) Latency(us) TDES_BLA 431 86 115 0.56 TDES_FLUA 14240 108 6900 0.44 IDEA_BLA 1852 50 356 0.18 IDEA_FLUA 11700 47 3008 0.19 CAST-128_BLA 2600 55 220 0.29 CAST-128_FLUA 24200 53 3392 0.30 MISTY1_BLA 4820 30 213 0.26 MISTY1_FLUA 13080 26 3328 0.30 KHAZAD_BLA 2250 65 462 0.12 KHAZAD_FLUA 9277 70 4480 0.11 Hardware -Using VHDL, with structural description logic, captured each one of the block ciphers. The VHDL codes were synthesized for XILINX (VIRTEX) FPGA devices, using the Leonardo Spectrum tool, VIRTEX 1600EBG560-6 Conclusion- KHAZAD is considered as best.
  • 43. Performance comparison between Block and Stream ciphers.
  • 44. Conclusion obtained from above table :  A5/1 is most efficient but is the weakest  Helix appears to be efficient but requires software pre-computations which may not be practical.  LILI-II is not competitive with modern block ciphers and its expensive synchronization limits its efficiency.  SNOW2.0 considered to be best and comparable to ICEBERG  Comparison between ICEBERG and AES shows that AES should be preferred for space application where through put is compromised.
  • 45. CCSDS :  The Consultative Committee for Space Data Systems, formed in 1982 by the major space agencies of the world.  Since its establishment, actively developing recommendations for data and information systems.  CCSDS standardization reduces the cost burden of missions by cost sharing between agencies and cost effective commercialization. CCSDS recommendations  Proposed only block cipher for encryption than stream cipher because  Block cipher are faster and different algorithms can be implemented without changing the hardware.  Stream cipher can be susceptible to serious security problems if used incorrectly.
  • 46. Algorithm selection by CCSDS  AES,BLOWFISH,TEA,IDEA,SEED were considered but AES was recommended.  BLOWFISH : It is the predecessor of the AES finalist TWOFISH which was not on CCSDS’s list.  Tiny Encryption Algorithm(TEA): It requires many rounds (64). So extreme high speed is not achieved with cryptographic weaknesses.  IDEA: Strong but speed is not high. Also, IDEA is patented and licensed.  SEED: Korean algorithm, performance was not outstanding and usage was limited to Korea.  AES: Selected through lengthy, open , international competition. Available worldwide on a royalty free basis and not covered by any legal restrictions/patents. AES USING COUNTER MODE OPERATION IS RECOMMENDED BY CCSDS.
  • 47. Advantages of counter mode:  Counter mode is very efficient in operation.  Padding is not required.  Single bit error results in loss of single bit.  Counter mode effectively converts block cipher to stream cipher so that advantages of both can be achieved.  Parallel computation is possible.
  • 48. Comparison between stream and block cipher: Stream cipher Block cipher 1. It encrypts and decrypts one bit data at a time. It encrypts a block at a time of size M. 2. Different algorithms cannot be implemented using the Using block cipher hardware architecture different types of same hardware. algorithm can be implemented without changing the hardware 3. Applications where the speed is required it cannot It provides high speed though the encryption is provide high speed providing more encryption which is not comparatively lower than that of stream ciphers. required by the application 4. Transmission error can affect only single bit. Transmission error in one cipher text block has no effect on other blocks in counter mode. 5. Padding is not required. Padding is required. 6. Insertion and deletion of bits is not possible. Insertion and deletion of blocks is possible. 7. Less susceptible for crypt analysis attack but if used More susceptible for crypt analysis attack as compared to incorrectly, can be susceptible to serious security problems. stream ciphers 8. Through put is less than block ciphers. Through put is high. 9. Hardware required is less. Hardware requirement is high. 10. Difficult to implement in software basis. Easy to implement compared to stream ciphering. 11. Cipher resynchronization is required when there is Resynchronization is not required. error in a bit. 12. Synchronous stream cipher is periodic and key may No repetition is done because key is generated randomly. repeat after d characters. 13. Parallel process of encryption can be done. Parallel process of encryption cannot be done.
  • 49. Conclusion:  Security of Remote sensing satellites fall under high or moderate levels.  As the high resolution imaging payloads generate data, large in size. So higher data rate is required along with security.  Stream ciphers cannot provide high speed, block cipher are preferred.  Block cipher in counter mode is preferred so as to minimize BER.  Considering the comparison between various algorithms and CCSDS recommendations AES with counter mode is preferred for satellite downlink data.
  • 50. References : [1] RSA Laboratories, RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, Version 4.1, RSA Security Inc., 2000 [2] Encryption algorithm Trade Survey, Report Concerning Space Data System Standards, CCSDS-350.2-G-1, Green Book, Washington D.C.: CCSDS, March 2008. [3] Symmetric Encryption, Draft Recommendation for Space Data Practices, CCSDS 353.0-R-1, Red Book, Washington D.C., October 2008 [4] Audia_S_Abd Al_R_Asedy, Ameer A.J Al_ Swidi, An advantages and disadvantages of Block and Stream Cipher, <http://www.uobabylon.edu.iq/uobColeges/fileshare/articles/block.pdf> [5]Cryptography Basics <http://media.wiley.com/product_data/excerpt/94/07645487/0764548794.pdf> [6] Advanced Encryption Standard, Federal Information Processing Standards Publications 197, November 26, 2001 [7] Mohammed Atiquzzaman and Md. Shohrab Hossain, Security Issues in Space Networks, [8] The Secret Satellite, www.apscc.or.kr | APSCC Yearbook 2007 [9]Michalis Galanis, Paris Kitsos, Giorgos Kostopoulos, Nicolas Sklavos, and Costas Goutis, Comparison of the Hardware Implementation of the Stream Ciphers, The International Arab Journal of Information Technology, Vol. 2, No. 4, October 2005