Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

: Unterstein, Florian; Schink, Marc; Schamberger, Thomas; Tebelmann, Lars; Ilg, Manuel; Heyszl, Johann

Volltext urn:nbn:de:0011-n-6143757 (6.2 MByte PDF)
MD5 Fingerprint: 65f517bc1e14a08d5288ab7ded84a39b
(CC) by
Erstellt am: 24.11.2020

IACR transactions on cryptographic hardware and embedded systems 2020 (2020), Nr.4, S.365-388
ISSN: 2569-2925
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
Zeitschriftenaufsatz, Elektronische Publikation
Fraunhofer AISEC ()
leakage resilience; SCA; AEAD; AES; microcontroller

The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.