About UsABCs

Conclusion

Performance of Privacy-Enhancing Cryptographyon Smartphones

BUT Cryptology Research Group

Dr. Jan Hajny

SIX Research CentreBrno University of Technology

hajny@feec.vutbr.czhttp://crypto.utko.feec.vutbr.cz

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

1 About Us

2 ABCsOur Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

3 Conclusion

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Crypto Research Group, Brno University of Technology, CZ

Small group of cca 10 people,

part of Department of Telecommunications, Brno, CZ,

equipped by SIX Research Centre,

both basic and applied research (privacy, lightweight andprovable crypto, critical infrastructure, DDoS testing),

http://crypto.utko.feec.vutbr.cz/.

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

ABCs and Our Pilot

Our Fall 2013 pilot:

ABCs were used to control the access to university labs,

only one attribute (”studentship”) was checked before theaccess to a lab was granted,

contact-less MultOS ML-3 cards and HM12 scheme wereused.

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

Pilot Evaluation

Students, post-docs and academic staff were asked for pilotevaluation. Weak aspects were identified:

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

ABCs’ Primitives

U-Prove, Idemix, HM12 ABC schemes︸ ︷︷ ︸FS Computational PK Protocols︸ ︷︷ ︸

Random Number Generation

Hash functions

BigInteger Operations

Modular Operations in Z∗p , Z∗

n Groups

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

Smart-Card Performance

Primitives and HM12 scheme implemented on JavaCards, Gemalto.NET cards and several MultOS cards:

modular multiplication is the bottleneck,

MultOS provides API for hardware multiplication (upto M3),

Idemix, U-Prove, HM12 proving phase takes 0.5 - 7 s.

Figure: MMult1024 (blue),MMult2048 (red)

Figure: MExp1024 160 (blue)and MExp1024 368 (red)

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

Android Performance

Primitives and HM12 scheme implemented on Android devices:

2 phones (Samsung Galaxy S i9000, Samsung Galaxy NexusI9250M) and 1 tablet (ASUS TF 300T),

based on measured times of operations, proving phase isexpected to be under 100 ms for all schemes on Android.

Figure: MMult1024 (blue),MMult2048 (red)

Figure: MExp1024 160 (blue)and MExp1024 368 (red)

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

iOS Performance

Primitives and HM12 scheme implemented on iOS devices:

2 phones (iPhone 4 and iPhone 5C),

based on measured times of operations, proving phase isexpected to be under 130 ms for all schemes on iOS.

Figure: MMult1024 (blue),MMult2048 (red)

Figure: MExp1024 160 (blue)and MExp1024 368 (red)

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

iOS Communication Interface

ABCs implemented on iOS:

iOS environment lacks:

big integer data type for large numbermodular arithmetics,NFC for fast communication and cardemulation.

We used:

GMP library in C compiled for ARM,QR code for device < − > readercommunication.

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

Android Communication Interface

Primitives and HM12 implemented on Android 4.4:

Android environment provides:

native BitIng data type,NFC for fast communication,in 4.4, Card Emulation mode.

phone is 100% card compatible, just 5x faster.

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

Conclusion

Our Pilot: ABCs for Access-ControlAndroid and iOS: PerformanceAndroid and iOS: Communication InterfaceAndroid and iOS: Key Protection

Weaknesses and Future Work

Why not so perfect?

Lower cryptographic key security (despite of Keychain,Credential Storage),

problematic communication interface:

Android: card emulation only in > 4.4 KitKat,Android: NFC chip is not present in all devices,Apple: QR codes are slow.

What are the next steps?

Use hardware-protected storage (microSD),

upgrade cryptographic protocols to avoid trusted hardware.

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones

About UsABCs

ConclusionConclusion

Thank you for attention!hajny@feec.vutbr.cz

crypto.utko.feec.vutbr.cz

This research work is funded by the project TACR TA02011260 of the Technology Agency of the Czech Republic.

Dr. Jan Hajny Performance of Privacy-Enhancing Cryptography on Smartphones