Lightweight Cryptography Solution - Ascon vs. AES-128 Comparison for IEEE 802.11

november 2024 n.w
1 / 11
Embed
Share

Explore how Ascon, a lightweight cryptographic algorithm, outperforms AES-128 in efficiency and performance for IEEE 802.11 networks. Learn about NIST's selection of Ascon and its superior software and ASIC implementations, along with energy estimates for Ascon on 802.11bp devices. Discover how Ascon can seamlessly replace AES-128-GCM in 802.11 networks.

  • Cryptography
  • Ascon
  • AES-128
  • IEEE 802.11
  • NIST
rayaanacharya
rous_o Follow

Uploaded on | 10 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. November 2024 doc.: IEEE 802.11-24/1584r3 Ascon: The Lightweight Cryptography As A Better Cipher Than AES 128 for 802.11bp Date: 2024-11-5 Authors: Name Affiliations Address Phone Email Luo Hui Infineon Technologies New Jersey, hui.luo@infineon.com USA Taori Rakesh Infineon Technologies Texas, USA rakesh.taori@infineon.com Florian Mendel Infineon Technologies Neubiberg, DE florian.mendel@infineon.com Martin Schl effer Infineon Technologies Neubiberg, DE martin.schlaeffer@infineon.com Submission Slide 1 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  2. November 2024 doc.: IEEE 802.11-24/1584r3 About Ascon NIST selected Ascon as the standard to protect small devices in 2023 after 4-year LWC (Light-Weight Cipher) competition (57 submissions, 3 rounds, 1 winner) [1]. Ascon provides authenticated encryption and hashing with minimal overhead [2]. Comparable security level as AES-128 and SHA-256 [1]. Ascon is in public domain (required by NIST). NIST published the initial draft standard for constrained devices based on Ascon (NIST SP 800-232, https://csrc.nist.gov/pubs/sp/800/232/ipd) on Nov 8, 2024. Submission Slide 2 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  3. November 2024 doc.: IEEE 802.11-24/1584r3 Ascon-128 vs AES128-GCM Software implementation benchmarking on popular microcontrollers [3]. 3-4x faster (Fig 2-5); 4%-60% smaller code size (Fig 7-10); 33% less RAM utilization (Fig 11) ASIC implementation comparison [4]. About 40% area, 30% energy, with 2x throughput (Fig 4.1, Fig 5.1). Submission Slide 3 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  4. November 2024 doc.: IEEE 802.11-24/1584r3 A ballpark energy estimate for Ascon on 11bp devices Harvesting RF power: 1s or 0.1s for 1uJ at -20dbm or -10dbm [5]. AES128 (CBC) energy measurement: about 2.7uJ by software on MCU2 (a popular MCU), 72MHz clock, 2.0V core (see Table 11 below or in [6]). AES128 GCM is about 30-60% faster than AES128 CBC (Fig 5.7, 5.8, 5.9 in [7]; Fig 1a, 1b in [8]). ASCON-128 energy estimate: 3-4x faster than AES128 GCM (Fig 2-5 in [3]), 33% less RAM utilization (Fig 11 in [3]), roughly about 2.7/3.5/1.45=0.5 uJ per byte on MCU2, or about 0.5/29 = 0.017uJ per byte on MCU2 at 2.5MHz clock (sufficient for the proposed 11bp data rate). Ascon s minimum encrypted frame size + tag is 32 bytes, needing about 32x0.017 = 0.55uJ. MCU1 MCU2 MCU3 Submission Slide 4 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  5. November 2024 doc.: IEEE 802.11-24/1584r3 Ascon can be a drop-in replacement for AES128-GCMP in 802.11 AAD Data Nonce Key Tag/MIC AES128-GCMP 22-30 octets, 16-28 octets Variable 96 bits 128 bits 128 bits Ascon 0-unlimited 0-unlimited 128 bits (96bits+padding) 128 bits 128 bits encryption Ascon Transmitter decryption Ascon Receiver Submission Slide 5 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  6. November 2024 doc.: IEEE 802.11-24/1584r3 BIP-Ascon can be an alternative for BIP-GMAC128 in 802.11 The authentication-only Ascon (called BIP-Ascon) can be implemented by adding a wrapper with a control signal bip_ctrl. Ascon encryption/decryption if bip_ctrl =0; BIP-Ascon authentication if bip_ctrl = 1. When bip_ctrl = 1, at both the transmitter and the receiver, the wrapper circuit concatenates the AAD with the input data as the expanded AAD , sets the input data length as 0, and lets ASCON run through the expanded AAD (ASCON will output the expanded AAD , i.e., the AAD and the input data) and generate a 128-bit authentication tag for it. Transmitter Receiver Submission Slide 6 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  7. November 2024 doc.: IEEE 802.11-24/1584r3 Ascon + Compact Secure Transaction Model Ascon and compact secure transaction methods presented in 11-24/0178, 11-24/0526, 11-24/0871, 11-24/1242 are good match for power-starved AMP devices. Submission Slide 7 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  8. November 2024 doc.: IEEE 802.11-24/1584r3 Proposals Make ASCON-128 as a preferred cipher choice for 802.11bp STAs. Make BIP-ASCON-128 as a preferred authentication-only cipher choice for 802.11bp STAs. Submission Slide 8 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  9. November 2024 doc.: IEEE 802.11-24/1584r3 Handling group traffic How to handle encrypted/authenticated group traffic if the AP needs to support normal Wi-Fi STAs in addition to 802.11bp STAs, given that AES is mandatory on normal Wi-Fi STAs that do not support ASCON? APs that are designed to support normal Wi-Fi STAs and 802.11bp STAs will contain both AES and ASCON, encrypting/authenticating unicast traffic for 802.11bp STAs using ASCON-128 and BIP-ASCON-128. 802.11bp STAs most likely have zero or very little group traffic, so they can use AES software to handle encrypted/authenticated group traffic. Submission Slide 9 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  10. November 2024 doc.: IEEE 802.11-24/1584r3 Straw polls Do you agree to create a new sub-clause on security into IEEE 802.11bp SFD? Do you agree to insert the following text in the security sub-clause of the SFD? IEEE 802.11bp will specify ASCON-128 as a cipher choice for 802.11bp STAs. IEEE 802.11bp will specify BIP-ASCON-128 as an authentication-only cipher choice for 802.11bp STAs. Submission Slide 10 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

  11. November 2024 doc.: IEEE 802.11-24/1584r3 References 1. Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Lawrence E. Bassham, Jinkeon Kang, Noah D. Waller, John M. Kelsey, Deukjo Hong, NIST Internal Report 8454: Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process , June 2023, https://nvlpubs.nist.gov/nistpubs/ir/2023/NIST.IR.8454.pdf. 2. Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schlaeffer, ASCON v1.2 Submission to NIST , May 31, 2021. 3. Sebastian Renner, Enrico Pozzobon, and Jurgen Mottok, The Final Round: Benchmarking NIST LWC Ciphers on Microcontrollers , 2022, https://link.springer.com/chapter/10.1007/978-3-031-21311-3_1 4. Mark D. Aagaard, Nusa Zidaric, ASIC Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process , 2021, https://eprint.iacr.org/2021/049.pdf 5. Joerg Robert, Clemens Korn, Power Consumption Calculation , doc: IEEE 802.11-23/1232r0, July 11, 2023. 6. Luke E. Kane, Jiaming James Chen, Rebecca Thomas, Vicky Liu, Matthew McKague, Security and Performance in IoT: A Balancing Act , IEEE Access, vol. 8, pp. 121969-121986, July 6, 2020. 7. Levent Ertaul, Anup Mudan, Nausheen Sarfaraz, Performance Comparison of AES-CCM and AES-GCM Authenticated Encryption Methods , 2018, https://mcs.csueastbay.edu/~lertaul/AESCCMCAMREADY.pdf 8. Bekbolat Medetov, Tansaule Serikov, Aray Tolegenova, Zhexebay Dauren, Comparative Analysis of the Performance of Generating Cryptograhic Ciphers on CPU and FPGA, 2022, https://www.jatit.org/volumes/Vol100No15/24Vol100No15.pdf Submission Slide 11 Hui Luo, Rakesh Taori, Florian Mendel, Martin Schl effer, Infineon Technologies

Related


Cryptography,.Quantum-safe Cryptography& Quantum Cryptography

Cryptography,.Quantum-safe Cryptography& Quantum Cryptography

pendragon
Ascon: The Lightweight Cryptography Standard for IoT

Ascon: The Lightweight Cryptography Standard for IoT

kaison
Lightweight Cryptography Standard for IoT - November 2023 IEEE Presentation

Lightweight Cryptography Standard for IoT - November 2023 IEEE Presentation

ruan
AES Encryption Algorithm and Its Implementation

AES Encryption Algorithm and Its Implementation

danger
AES Encryption in Computer Engineering

AES Encryption in Computer Engineering

lavinia
Columnar Transposition Cipher: Data Encryption Techniques at Mustansiriyah University Engineering College

Columnar Transposition Cipher: Data Encryption Techniques at Mustansiriyah University Engineering College

remiel
Evolution of Cryptography: From Ancient Techniques to Modern Security Mechanisms

Evolution of Cryptography: From Ancient Techniques to Modern Security Mechanisms

damari
ADFGVX Cipher: Encryption and Decryption Techniques

ADFGVX Cipher: Encryption and Decryption Techniques

scarlett
Overview of SMX Algorithm and AES Encryption Standard

Overview of SMX Algorithm and AES Encryption Standard

nmag
Block Ciphers in Cryptography

Block Ciphers in Cryptography

knim
Cryptography Basics and Toolbox

Cryptography Basics and Toolbox

mhed
Lightweight Cryptography: Key-Reduced Variants and Beyond-Birthday-Bound Security

Lightweight Cryptography: Key-Reduced Variants and Beyond-Birthday-Bound Security

ccook
Cryptographic Center in Novosibirsk: Advancements in Cryptography and Research

Cryptographic Center in Novosibirsk: Advancements in Cryptography and Research

lott995
Fundamentals of Cryptography and Network Security

Fundamentals of Cryptography and Network Security

vsil
New Directions in Cryptography: Harta Dwijaksara, Yi Jae Park

New Directions in Cryptography: Harta Dwijaksara, Yi Jae Park

antwu
Practical Cryptography Topics: AES and Substitution Permutation Networks

Practical Cryptography Topics: AES and Substitution Permutation Networks

jamain
Cryptography and Its Algorithms

Cryptography and Its Algorithms

rkar
Muddiest Point: Questions on RSA, DDoS Attacks, and Block Cipher Algorithms

Muddiest Point: Questions on RSA, DDoS Attacks, and Block Cipher Algorithms

mckinzie
Cryptography

Cryptography

schryver_v
Modern Cryptography: Algorithms and Their Applications

Modern Cryptography: Algorithms and Their Applications

trus
Redundancy AES Masking for Secure Data Protection

Redundancy AES Masking for Secure Data Protection

abdulmoh
History of Cryptography: Techniques, Evolution, and Impact

History of Cryptography: Techniques, Evolution, and Impact

rozier_m

More Related Content