
Publica
Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten. Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers
:
Volltext urn:nbn:de:0011-n-6143757 (6.2 MByte PDF) MD5 Fingerprint: 65f517bc1e14a08d5288ab7ded84a39b Erstellt am: 24.11.2020 |
| IACR transactions on cryptographic hardware and embedded systems 2020 (2020), Nr.4, S.365-388 ISSN: 2569-2925 |
| Bundesministerium für Bildung und Forschung BMBF (Deutschland) 16KIS0629; ALESSIO |
|
| Englisch |
| Zeitschriftenaufsatz, Elektronische Publikation |
| Fraunhofer AISEC () |
| leakage resilience; SCA; AEAD; AES; microcontroller |
Abstract
The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.