Side-channel security analysis of UOV signature for cloud-based Internet of Things

Abstract Among Internet of Things (IoTs), cloud-based IoTs help retain the confidentiality of both device-to-cloud and cloud-to-device messages by setting up individual identities and credentials for each IoT devices. As recently been emphasized by two American institutes, National Institute of Standards and Technology (NIST) and National Security Agency (NSA), cloud-based IoTs that use RSA and ECC signatures are insecure under quantum computer attacks. To ensure the security in the cloud-based IoTs under quantum computer attacks, there is a critical need for implementations of new quantum-resistance signature systems, such as Unbalanced Oil and Vinegar (UOV), for making the cloud-based IoTs more secure and reliable. In order to analyze the security of UOV for cloud-based IoTs, we present an efficient algorithm based on side channel analysis of UOV, which combines inducing faults and Hamming distance power analysis. We implement UOV signature schemes on Sakura-G FPGA board via using Verilog-HDL code and Xilinx ISE software, where the power collection uses a 350 MHz Keysights oscilloscope. Based on the experimental results, we successfully recover all the secret keys of UOV signature, which shows that we should protect UOV and related signatures against side channel attacks when they are adopted in cloud-based IoTs.

[1]  Bo Qu,et al.  Differential power analysis of stream ciphers with LFSRs , 2013, Comput. Math. Appl..

[2]  Ajoy Kumar Khan,et al.  Differential Power Analysis: Attacks and Resisting Techniques , 2015 .

[3]  Daojing He,et al.  Online/offline signature based on UOV in wireless sensor networks , 2016, Wireless Networks.

[4]  Cheol-Min Park,et al.  Cryptanalysis of Matrix-based UOV , 2018, Finite Fields Their Appl..

[5]  Wenbao Han,et al.  Construction of Extended Multivariate Public Key Cryptosystems , 2016, Int. J. Netw. Secur..

[6]  Annelie Heuser,et al.  Improved algebraic side-channel attack on AES , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[7]  T Souvignet,et al.  Differential Power Analysis as a digital forensic tool. , 2013, Forensic science international.

[8]  M. Shamim Hossain,et al.  A cloud-based virtual caregiver for elderly people in a cyber physical IoT system , 2018, Cluster Computing.

[9]  M. Rajaram,et al.  A Defense Mechanism for Differential Power Analysis Attack in AES , 2015, J. Comput. Sci..

[10]  Shaohua Tang,et al.  IBUOV, A Provably Secure Identity-Based UOV Signature Scheme , 2013, 2013 IEEE 16th International Conference on Computational Science and Engineering.

[11]  Ying-Tsung Lee,et al.  Privacy-preserving data analytics in cloud-based smart home with community hierarchy , 2017, IEEE Transactions on Consumer Electronics.

[12]  Stanislav Bulygin,et al.  Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes , 2013, PQCrypto.

[13]  Chandrashekhar Meshram,et al.  An identity-based cryptographic model for discrete logarithm and integer factoring based cryptosystem , 2013, Inf. Process. Lett..

[14]  Weijian Li,et al.  On the Importance of Checking Multivariate Public Key Cryptography for Side-Channel Attacks: The Case of enTTS Scheme , 2017, Comput. J..

[15]  Shaohua Tang,et al.  Very Small FPGA Processor for Multivariate Signatures , 2016, Comput. J..

[16]  Osnat Keren,et al.  Randomized Multitopology Logic Against Differential Power Analysis , 2015, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Xiaolei Dong,et al.  Security and Privacy for Cloud-Based IoT: Challenges , 2017, IEEE Communications Magazine.

[18]  Howon Kim,et al.  Analysis for Memory Reduction of the UOV Scheme with the Application of PRNG , 2013 .

[19]  Farrukh Aslam Khan,et al.  Malicious insiders attack in IoT based Multi-Cloud e-Healthcare environment: A Systematic Literature Review , 2018, Multimedia Tools and Applications.

[20]  Weijian Li,et al.  Fast Three-Input Multipliers over Small Composite Fields for Multivariate Public Key Cryptography , 2015 .

[21]  Tsuyoshi Takagi,et al.  Revisiting the Cubic UOV Signature Scheme , 2016, ICISC.

[22]  Li Lan Differential power analysis attacks on PRESENT , 2014 .

[23]  Haibo Yi,et al.  Under Quantum Computer Attack: Is Rainbow a Replacement of RSA and Elliptic Curves on Hardware? , 2018, Secur. Commun. Networks.

[24]  David S. Linthicum,et al.  Responsive Data Architecture for the Internet of Things , 2016, Computer.

[25]  Hao Luo,et al.  Physical assets and service sharing for IoT-enabled Supply Hub in Industrial Park (SHIP) , 2015 .

[26]  Massoud Masoumi,et al.  An experimental setup for practical differential electromagnetic and power analysis of AES cryptosystem , 2015 .

[27]  Bart Preneel,et al.  Field Lifting for Smaller UOV Public Keys , 2017, INDOCRYPT.

[28]  Yongbin Wang,et al.  Research and implementation of four-prime RSA digital signature algorithm , 2015, 2015 IEEE/ACIS 14th International Conference on Computer and Information Science (ICIS).

[29]  Sherali Zeadally,et al.  Intelligent Device-to-Device Communication in the Internet of Things , 2016, IEEE Systems Journal.

[30]  Khaled Salah,et al.  Review of gate-level differential power analysis and fault analysis countermeasures , 2014 .

[31]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[32]  Steven D. Galbraith,et al.  Recent progress on the elliptic curve discrete logarithm problem , 2015, Designs, Codes and Cryptography.

[33]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[34]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[35]  Adrian Thillard,et al.  Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack , 2013, CHES.

[36]  Song Jia,et al.  A Short-Time Three-Phase Single-Rail Precharge Logic against Differential Power Analysis , 2016, IEICE Trans. Electron..

[37]  Jintai Ding,et al.  Current State of Multivariate Cryptography , 2017, IEEE Security & Privacy.