This thesis is devoted to efficient andsecure implementations of lightweight symmetric cryptographic primitives forresource-constrained devices such as wireless sensors and actuators that aretypically deployed in remote locations. In this setting, cryptographicalgorithms must consume few computational resources and withstand a largevariety of attacks, including side-channel attacks. The first part of thisthesis is concerned with efficient software implementations of lightweightsymmetric algorithms on 8, 16, and 32-bit microcontrollers. A firstcontribution of this part is the development of FELICS, an open-sourcebenchmarking framework that facilitates the extraction of comparativeperformance figures from implementations of lightweight ciphers. Using FELICS,we conducted a fair evaluation of the implementation properties of 19lightweight block ciphers in the context of two different usage scenarios,which are representatives for common security services in the Internet ofThings (IoT). This study gives new insights into the link between the structureof a cryptographic algorithm and the performance it can achieve on embeddedmicrocontrollers. Then, we present the Sparx family of lightweight ciphers anddescribe the impact of software efficiency in the process of shaping threeinstances of the family. Finally, we evaluate the cost of the main buildingblocks of symmetric algorithms to determine which are the most efficient ones.The contributions of this part are particularly valuable for designers oflightweight ciphers, software and security engineers, as well asstandardization organizations. In the second part of this work, we focus onside-channel attacks that exploit the power consumption or the electromagneticemanations of embedded devices executing unprotected implementations oflightweight algorithms. First, we evaluate different selection functions in thecontext of Correlation Power Analysis (CPA) to infer which operations are easyto attack. Second, we show that most implementations of the AES present inpopular open-source cryptographic libraries are vulnerable to side-channelattacks such as CPA, even in a network protocol scenario where the attacker haslimited control of the input. Moreover, we describe an optimal algorithm forrecovery of the master key using CPA attacks. Third, we perform the firstelectromagnetic vulnerability analysis of Thread, a networking stack designedto facilitate secure communication between IoT devices. The third part of thisthesis lies in the area of side-channel countermeasures against power andelectromagnetic analysis attacks. We study efficient and secure expressionsthat compute simple bitwise functions on Boolean shares. To this end, wedescribe an algorithm for efficient search of expressions that have an optimalcost in number of elementary operations. Then, we introduce optimal expressionsfor first-order Boolean masking of bitwise AND and OR operations. Finally, weanalyze the performance of three lightweight block ciphers protected using theoptimal expressions.


1.      引言

2. 轻量级密码系统的公平评估

3. 轻量级分组密码的公平评估

4. 轻量级分组密码Sparx族的效率

5. 高效的轻量对称密码体制

6. 对相关功率分析攻击的恢复能力

7. 对通信协议的相关功率分析攻击

8. Thread的电磁易损性分析

9. 最优一阶布尔掩膜






