Author
Shiho Moriai
Bio: Shiho Moriai is an academic researcher from Sony Broadcast & Professional Research Laboratories. The author has contributed to research in topics: Power management & Electric power. The author has an hindex of 22, co-authored 70 publications receiving 1750 citations.
Papers
More filters
26 Mar 2007
TL;DR: A new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES is proposed, which achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software.
Abstract: We propose a new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES. CLEFIA achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software by adopting several novel and state-of-the-art design techniques. CLEFIA achieves a good performance profile both in hardware and software. In hardware using a 0.09 μm CMOS ASIC library, about 1.60 Gbps with less than 6 Kgates, and in software, about 13 cycles/byte, 1.48 Gbps on 2.4 GHz AMD Athlon 64 is achieved. CLEFIA is a highly efficient blockcipher, especially in hardware.
414 citations
01 Jan 2011
TL;DR: A new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES is proposed, which achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software.
167 citations
Proceedings Article•
26 Mar 2007TL;DR: CLEFIA as mentioned in this paper is a 128-bit blockcipher supporting key lengths of 128, 192 and 256 bits, which is compatible with AES and achieves a good performance profile both in hardware and software.
Abstract: We propose a new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES. CLEFIA achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software by adopting several novel and state-of-the-art design techniques. CLEFIA achieves a good performance profile both in hardware and software. In hardware using a 0.09 µm CMOS ASIC library, about 1.60 Gbps with less than 6 Kgates, and in software, about 13 cycles/byte, 1.48 Gbps on 2.4 GHz AMD Athlon 64 is achieved. CLEFIA is a highly efficient blockcipher, especially in hardware.
146 citations
11 May 2007
TL;DR: CLEFIA as mentioned in this paper is a 128-bit blockcipher supporting key lengths of 128, 192 and 256 bits, which is compatible with AES and achieves a good performance profile both in hardware and software.
Abstract: We propose a new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES. CLEFIA achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software by adopting several novel and state-of-the-art design techniques. CLEFIA achieves a good performance profile both in hardware and software. In hardware using a 0.09 µm CMOS ASIC library, about 1.60 Gbps with less than 6 Kgates, and in software, about 13 cycles/byte, 1.48 Gbps on 2.4 GHz AMD Athlon 64 is achieved. CLEFIA is a highly efficient blockcipher, especially in hardware.
80 citations
Patent•
13 Jan 2011TL;DR: In this paper, the authors present a power management system that includes an authentication system for an electronic appliance connected to a power network and registering it as a managed appliance, a control unit controlling operation of the managed appliance and supplying of power to the managed appliances, and an appliance state judging unit judging a state of the management system.
Abstract: There is provided a power management apparatus including: a managed appliance registering unit carrying out authentication on an electronic appliance connected to a power network and registering an electronic appliance for which the authentication has succeeded as a managed appliance, a control unit controlling operation of the managed appliance and supplying of power to the managed appliance, a managed appliance information acquiring unit acquiring, from the managed appliance, as managed appliance information, at least any of appliance information including identification information that is unique to the electronic appliance, information indicating an operation state of the electronic appliance, information indicating an usage state of the electronic appliance and power information of the electronic appliance, and an appliance state judging unit judging a state of the managed appliance based on the managed appliance information acquired by the managed appliance information acquiring unit.
74 citations
Cited by
More filters
TL;DR: This survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing.
Abstract: Internet of Things (IoT), also referred to as the Internet of Objects, is envisioned as a transformative approach for providing numerous services. Compact smart devices constitute an essential part of IoT. They range widely in use, size, energy capacity, and computation power. However, the integration of these smart things into the standard Internet introduces several security challenges because the majority of Internet technologies and communication protocols were not designed to support IoT. Moreover, commercialization of IoT has led to public security concerns, including personal privacy issues, threat of cyber attacks, and organized crime. In order to provide a guideline for those who want to investigate IoT security and contribute to its improvement, this survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing. To achieve this goal, we first briefly describe three widely-known IoT reference models and define security in the context of IoT. Second, we discuss the possible applications of IoT and potential motivations of the attackers who target this new paradigm. Third, we discuss different attacks and threats. Fourth, we describe possible countermeasures against these attacks. Finally, we introduce two emerging security challenges not yet explained in detail in previous literature.
547 citations
02 Dec 2012
TL;DR: In this paper, a block cipher called PRINCE is proposed that allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. But it does not have the α-reflection property, which holds that decryption for one key corresponds to encryption with another key.
Abstract: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.
507 citations
28 Sep 2011
TL;DR: Piccolo is one of the competitive ultra-lightweight blockciphers which is suitable for extremely constrained environments such as RFID tags and sensor nodes and its efficiency on the energy consumption which is evaluated by energy per bit is also remarkable.
Abstract: We propose a new 64-bit blockcipher Piccolo supporting 80 and 128-bit keys Adopting several novel design and implementation techniques, Piccolo achieves both high security and notably compact implementation in hardware We show that Piccolo offers a sufficient security level against known analyses including recent related-key differential attacks and meet-in-the-middle attacks In our smallest implementation, the hardware requirements for the 80 and the 128-bit key mode are only 683 and 758 gate equivalents, respectively Moreover, Piccolo requires only 60 additional gate equivalents to support the decryption function due to its involution structure Furthermore, its efficiency on the energy consumption which is evaluated by energy per bit is also remarkable Thus, Piccolo is one of the competitive ultra-lightweight blockciphers which are suitable for extremely constrained environments such as RFID tags and sensor nodes
457 citations
07 Jun 2011
TL;DR: In this paper, the authors proposed a new lightweight block cipher called LBlock, which can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis and related-key attacks.
Abstract: In this paper, we propose a new lightweight block cipher called LBlock. Similar to many other lightweight block ciphers, the block size of LBlock is 64-bit and the key size is 80-bit. Our security evaluation shows that LBlock can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and related-key attacks etc. Furthermore, LBlock can be implemented efficiently not only in hardware environments but also in software platforms such as 8-bit microcontroller. Our hardware implementation of LBlock requires about 1320 GE on 0.18 µm technology with a throughput of 200 Kbps at 100 KHz. The software implementation of LBlock on 8-bit microcontroller requires about 3955 clock cycles to encrypt a plaintext block.
446 citations
Posted Content•
01 Jan 2012
TL;DR: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware and holds that decryption for one key corresponds to encryption with a related key, which is of independent interest and proves its soundness against generic attacks.
Abstract: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.
439 citations