Sponges Resist Leakage: The Case of Authenticated Encryption

Degabriele, Jean Paul; Janson, Christian; Struck, Patrick

doi:10.1007/978-3-030-34621-8_8

Cited by 22 publications

(22 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For our use case, we use a composition scheme that can be instantiated using existing hardware accelerators and make use of the results of Krämer and Struck [KS20]. In their work they revisit the so called F GHF construction that was proposed by Degabriele et al [DJS19] in the context of sponge based constructions. The F GHF construction is an LR-AEAD scheme and comprises four building blocks: Two functions F and F , a PRG G and a hash function H. In order for the construction to be leakage resilient, the security analysis of Degabriele et al originally requires both F and F to be pseudorandom under leakage and F to be unpredictable under leakage in addition 2 .…”

Section: Leakage Resilient Authenticated Encryptionmentioning

confidence: 99%

“…We specifically describe the partitioning between software and hardware accelerators. Second, we describe how to use this protected building block together with an LR-PRG and hash function in the LR-AEAD scheme of Degabriele et al [DJS19]. We provide pseudo code for all operations and point out the security critical operations which we analyze in the side-channel evaluation in Sec.…”

Section: Leakage Resilient Aead On Cots Microcontrollersmentioning

confidence: 99%

See 1 more Smart Citation

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

Unterstein

Schink

Schamberger

et al. 2020

TCHES

View full text Add to dashboard Cite

The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.

show abstract

Section: Leakage Resilient Authenticated Encryptionmentioning

confidence: 99%

Section: Leakage Resilient Aead On Cots Microcontrollersmentioning

confidence: 99%

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

Unterstein

Schink

Schamberger

et al. 2020

TCHES

View full text Add to dashboard Cite

show abstract

“…To assess the suitability of the PUF architecture for our side-channel protected secure boot design, a 256-bit output of the core PUF module was generated for testing prior to error correction being applied 5 . This output was regenerated 1001 times at room temperature for each of 20 Xilinx Zynq-7000 devices.…”

Section: Evaluation Of the Pufmentioning

confidence: 99%

“…While not implemented here, using a simple (3, 1, 3) repetition code concatenated with the Golay encoder brings P total down to 3.26 × 10 −8 , trading off additional hardware requirements for the increased reliability. Alternatively, multiple PUF readouts could be taken with a 5 The 256-bit output is for testing purposes only, the full design requires 498 PUF cells. majority vote applied to determine the PUF response.…”

Section: Evaluation Of the Pufmentioning

confidence: 99%

“…Instead, we implement a LR-AEAD scheme based on the results of Krämer and Struck [21] who propose that a LR-AEAD scheme can be built using a LR-PRF, a leakage resilient PRG (LR-PRG) and a hash function. In reference to the introduction of this scheme in [5] we refer to it as FG H F -based LR-AEAD and to our original scheme as AES-OFB-based LR-AEAD. Figure 7 shows the hardware/software partitioning and the building blocks for the proposed FG H F -based LR-AEAD scheme.…”

Section: Architecturementioning

confidence: 99%

See 1 more Smart Citation

SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version

Unterstein

Jacob

Hanley³

et al. 2020

J Cryptogr Eng

View full text Add to dashboard Cite

FPGA system on chips (SoCs) are ideal computing platforms for edge devices in applications which require high performance through hardware acceleration and updatability due to long operation in the field. A secure update of hardware functionality can in general be achieved by using built-in cryptographic engines and provided secret key storage. However, reported examples have shown that such cryptographic engines may become insecure against side-channel attacks at any later point in time. This leaves already deployed systems vulnerable without any clear mitigation options. To solve this, we propose a comprehensive concept that uses an alternative and side-channel protected cryptographic engine within the FPGA logic instead of the built-in one for the crucial task of bitstream decryption. Remarkably this concept even allows to update the cryptographic engine itself. As proof of concept, we describe an application to the Xilinx Zynq-7020 FPGA SoC in detail. We provide two options for a leakage resilient decryption engine which are based on the same primitive, a leakage resilient pseudorandom function (LR-PRF). Depending on a side-channel evaluation of this primitive on the target platform, either a version with additional side-channel countermeasures or a more efficient variant is deployed. The lack of accessible secret key storage poses a significant challenge and requires the use of a physical unclonable function (PUF) to generate a device intrinsic secret within the FPGA logic. At the same time this means that manufacturer-provided secret key storage or cryptography is no longer required; only a public key for signature verification of the first stage bootloader and initial static bitstream. We provide empirical results proving the side-channel security of the protected cryptographic engine as well as an evaluation of the PUF quality. The full design and source code is made available to encourage further research in this direction.

show abstract

Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation

Naito

Sasaki

Sugawara

2020

Advances in Cryptology – EUROCRYPT 2020

View full text Add to dashboard Cite

This paper proposes tweakable block cipher (TBC) based modes and that are efficient in threshold implementations (TI). Let t be an algebraic degree of a target function, e.g. (resp. ) for linear (resp. non-linear) function. The d -th order TI encodes the internal state into shares. Hence, the area size increases proportionally to the number of shares. This implies that TBC based modes can be smaller than block cipher (BC) based modes in TI because TBC requires s -bit block to ensure s -bit security, e.g. PFB and Romulus, while BC requires 2 s -bit block. However, even with those TBC based modes, the minimum we can reach is 3 shares of s -bit state with and the first-order TI ( ). Our first design aims to break the barrier of the 3 s -bit state in TI. The block size of an underlying TBC is s /2 bits and the output of TBC is linearly expanded to s bits. This expanded state requires only 2 shares in the first-order TI, which makes the total state size 2.5 s bits. We also provide rigorous security proof of . Our second design further increases a parameter : a ratio of the security level s to the block size of an underlying TBC. We prove security of for any under some assumptions for an underlying TBC and for parameters used to update a state. Next, we show a concrete instantiation of for 128-bit security. It requires a TBC with 64-bit block, 128-bit key and 128-bit tweak, while no existing TBC can support it. We design a new TBC by extending SKINNY and provide basic security evaluation. Finally, we give hardware benchmarks of in the first-order TI to show that TI of is smaller than that of PFB by more than one thousand gates and is the smallest within the schemes having 128-bit security.

show abstract

Sponges Resist Leakage: The Case of Authenticated Encryption

Cited by 22 publications

References 19 publications

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version

Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation

Contact Info

Product

Resources

About