TY - JOUR
T1 - Secure GCM implementation on AVR
AU - Liu, Zhe
AU - Seo, Hwajeong
AU - Chen, Chien Ning
AU - Nogami, Yasuyuki
AU - Park, Taehwan
AU - Choi, Jongseok
AU - Kim, Howon
N1 - Funding Information:
This work was partly supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. 10043907 , Development of high performance IoT device and Open Platform with Intelligent Software) and the MSIP (Ministry of Science, ICT and Future Planning), Korea , under the ITRC (Information Technology Research Center) support program ( IITP-2016-H8501-16-1017 ) supervised by the IITP (Institute for Information & communications Technology Promotion).
Publisher Copyright:
© 2016 Elsevier B.V.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2018/5/31
Y1 - 2018/5/31
N2 - In Internet of Things (IoT), sensor devices should deliver the collected sensor data to the server after the data is encrypted. The encrypted data cannot be eavesdropped by adversaries but the side channel information including clock cycles and power consumption patterns during encryption operations can leak the secret information. For this reason, cryptography engineering should prevent potential threats by designing the cryptography functions in secure manner. In this paper, we explore the feasible side channel attacks on cryptography operations, particularly polynomial multiplication for Galois/Counter Mode of operation (GCM). We perform the horizontal Correlation Power Analysis (CPA) on the most well-known Lopez et al.’s polynomial multiplication and successfully extract the secret values from power consumption patterns. In order to prevent proposed attack model, we suggest a masked polynomial multiplication, ensuring a regular and constant-time solution without potential vulnerabilities including Look-up Table (LUT) access and branch statements. With proposed polynomial multiplication, we suggest the secure and efficient implementation of GCM on the low-end embedded processor. Finally, we further explore the long polynomial multiplication for Elliptic Curve Cryptography (ECC) operations. We exploit the combination of Karatsuba algorithm and proposed masked polynomial multiplication, which achieved the practically fast polynomial multiplication on embedded processors.
AB - In Internet of Things (IoT), sensor devices should deliver the collected sensor data to the server after the data is encrypted. The encrypted data cannot be eavesdropped by adversaries but the side channel information including clock cycles and power consumption patterns during encryption operations can leak the secret information. For this reason, cryptography engineering should prevent potential threats by designing the cryptography functions in secure manner. In this paper, we explore the feasible side channel attacks on cryptography operations, particularly polynomial multiplication for Galois/Counter Mode of operation (GCM). We perform the horizontal Correlation Power Analysis (CPA) on the most well-known Lopez et al.’s polynomial multiplication and successfully extract the secret values from power consumption patterns. In order to prevent proposed attack model, we suggest a masked polynomial multiplication, ensuring a regular and constant-time solution without potential vulnerabilities including Look-up Table (LUT) access and branch statements. With proposed polynomial multiplication, we suggest the secure and efficient implementation of GCM on the low-end embedded processor. Finally, we further explore the long polynomial multiplication for Elliptic Curve Cryptography (ECC) operations. We exploit the combination of Karatsuba algorithm and proposed masked polynomial multiplication, which achieved the practically fast polynomial multiplication on embedded processors.
KW - AES
KW - Authenticated encryption
KW - Embedded processors
KW - Galois/Counter Mode of operation
KW - Horizontal correlation power analysis
KW - Karatsuba algorithm
KW - Polynomial multiplication
KW - Side channel attack
KW - XMEGA
UR - http://www.scopus.com/inward/record.url?scp=85006325262&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85006325262&partnerID=8YFLogxK
U2 - 10.1016/j.dam.2016.10.015
DO - 10.1016/j.dam.2016.10.015
M3 - Article
AN - SCOPUS:85006325262
VL - 241
SP - 58
EP - 66
JO - Discrete Applied Mathematics
JF - Discrete Applied Mathematics
SN - 0166-218X
ER -