Paper 2020/960

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

Florian Unterstein, Marc Schink, Thomas Schamberger, Lars Tebelmann, Manuel Ilg, and Johann Heyszl

Abstract

The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published by the IACR in TCHES 2020
Keywords
leakage resilienceSCAAEADAESmicrocontrollerimplementation
Contact author(s)
marc schink @ aisec fraunhofer de
florian unterstein @ gmail com
History
2020-08-11: received
Short URL
https://ia.cr/2020/960
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/960,
      author = {Florian Unterstein and Marc Schink and Thomas Schamberger and Lars Tebelmann and Manuel Ilg and Johann Heyszl},
      title = {Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers},
      howpublished = {Cryptology ePrint Archive, Paper 2020/960},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/960}},
      url = {https://eprint.iacr.org/2020/960}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.