Article Preview
TopIntroduction And Motivation
Microcontrollers are ubiquitous devices associated with various security tasks, an increasingly notable aspect in the recent years due to their use in safety critical environments that are becoming more complex, e.g., control systems, industrial networks, vehicular technology, etc. Also, their connection to the outside world is unabridged at least due to the wide spread of friendly communication interfaces that become a good source for attacks, e.g., malicious code injection, etc. Regardless of the security objectives that need be assured, hash functions are an invariant choice in deploying security.
Several practical scenarios in which hash functions are involved can be imagined, e.g., software validation, embedded communications, etc. In particular firmware updates in embedded platforms (which require cryptographic hash functions for the protection of intellectual property, data integrity or non-repudiation) can directly benefit from performance improvements. Notably, digital signatures are employed to ensure that only an authentic firmware is programmed on a certain embedded device (Nilsson et al., 2008). Verifying signatures on a constrained embedded device can be a time consuming task especially as the size of the applications is continuously increasing (Petters et al., 2012). The bigger the size of data to be flashed, the longer it will take to compute its hash value (needed for signature verification). Consequently, deploying the framework on thousands of devices delays component delivery for days or even longer and minimizing the overhead of security mechanisms on the production process is beneficial. Another example that may benefit from the optimizations presented here stems from the fact that the platforms employed here are commonly used in the automotive industry. In-vehicle communication has recently become an active research area within the security community (Lemke et al., 2006). At the very least, secure communication between embedded devices relies on secure gateways (Wolf et al., 2006) that share secret keys and ultimately rely on MAC codes, i.e., keyed hashes. Obviously, many other examples for the use of hash functions can be envisioned.
Implementing cryptography on resource constrained devices is a well investigated subject and several solutions were successfully employed in practice. One category focuses on devising secure protocols which require little computational power and reduced variants of cryptographic functions. A good example in this area comes as a result of the intense research activity in sensor networks which produced solutions ranging from efficient protocol design to efficient cryptographic primitives (Karlof et al., 2004). Small scale variants of hash functions were also proposed for use in RFID environments which can be even more constrained than sensor networks (Macchetti et al., 2005). However, collisions on these functions were already reported (Steurer, 2006). Another category of solutions are based on hardware implementations. Using ASIC or FPGA-based cryptographic hardware to perform the computation of required primitives increases performance along with the costs of production. Dedicated cryptographic coprocessors were developed to accelerate the execution of different primitives. Examples of such hardware implementations can be found in (Okada et al., 2000) and (Suh et al., 2005). Some efforts were also made in enhancing the performance of general purpose microcontrollers by extending their instruction set with application-specific instructions used in cryptographic algorithms (Groschdl et al., 2004). Although they reach good performances, these hardware-based solutions are application dependent and require extra time to be spent on designing them in comparison to a software-based solution. Therefore, software solutions based on microcontrollers that are already available on the market may be preferred in various contexts.