Paper 2020/960
Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers
Florian Unterstein, Marc Schink, Thomas Schamberger, Lars Tebelmann, Manuel Ilg, and Johann Heyszl
Abstract
The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published by the IACR in TCHES 2020
- Keywords
- leakage resilienceSCAAEADAESmicrocontrollerimplementation
- Contact author(s)
-
marc schink @ aisec fraunhofer de
florian unterstein @ gmail com - History
- 2020-08-11: received
- Short URL
- https://ia.cr/2020/960
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/960, author = {Florian Unterstein and Marc Schink and Thomas Schamberger and Lars Tebelmann and Manuel Ilg and Johann Heyszl}, title = {Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/960}, year = {2020}, url = {https://eprint.iacr.org/2020/960} }