Lightweight Reconfigurable Encryption Architecture for Moving Target Defense

Symmetric encryption provides lightweight security solution to maintain data confidentiality on devices in a resource constrained scenario such as in a tactical network. However, lightweight encryption schemes are traditionally vulnerable to linear and differential cryptanalysis as well as power analysis attack when the encryption structure is known to the attacker. For tactical network devices, this is a critical concern since they often operate in hostile scenarios and lack in physical security in most cases. Moving Target Defense (MTD) is one of the key components of cyber maneuver that reshapes friendly networks and associated assets to be resilient to cyber-attacks. In this paper, we propose a lightweight reconfigurable symmetric encryption architecture, REA, which is capable of implementing a user-defined symmetric encryption scheme as an MTD mechanism. The encryption structure can be customized from device to device based on their available resource and performance requirements. Due to the reconfigurable nature of the proposed architecture, it is not possible for an attacker to directly launch the cryptanalysis or power analysis attack before committing significant resources to retrieve the encryption structure first. We implemented a reference encryption scheme on our proposed architecture in programmable logic (FPGA) and compared it to two representative symmetric encryption methods: AES and Present. Our results show that the reference encryption consumes less resources and performs faster compared to AES. Performance of the REA reference encryption is comparable with Present, which is optimized only for low resource devices and doesn't support reconfigurability.

[1]  John B. Kam,et al.  Structured Design of Substitution-Permutation Encryption Networks , 1979, IEEE Transactions on Computers.

[2]  Mike Van Emmerik,et al.  Using a decompiler for real-world source recovery , 2004, 11th Working Conference on Reverse Engineering.

[3]  Máire O'Neill,et al.  High Performance Single-Chip FPGA Rijndael Algorithm Implementations , 2001, CHES.

[4]  Vijay Degalahal,et al.  Methodology for high level estimation of FPGA power consumption , 2005, Proceedings of the ASP-DAC 2005. Asia and South Pacific Design Automation Conference, 2005..

[5]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[6]  Dake Liu,et al.  Power consumption estimation in CMOS VLSI chips , 1994, IEEE J. Solid State Circuits.

[7]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[8]  Sushil Jajodia,et al.  Cyber Maneuver Against External Adversaries and Compromised Nodes , 2013, Moving Target Defense.

[9]  Anthony Cox,et al.  Combined software and hardware comprehension in reverse engineering , 2004, 11th Working Conference on Reverse Engineering.

[10]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[11]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[12]  Alex Biryukov,et al.  Block Ciphers and Systems of Quadratic Equations , 2003, FSE.

[13]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[14]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[15]  Dan Page,et al.  Defending against cache-based side-channel attacks , 2003, Inf. Secur. Tech. Rep..

[16]  Michael J. Schulte,et al.  An Overview of Reconfigurable Hardware in Embedded Systems , 2006, EURASIP J. Embed. Syst..

[17]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[18]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[19]  Elfed Lewis,et al.  Analysis of Hardware Encryption Versus Software Encryption on Wireless Sensor Network Motes , 2008 .

[20]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[21]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[22]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, CRYPTO.

[23]  Mark Harman,et al.  Loop squashing transformations for amorphous slicing , 2004, 11th Working Conference on Reverse Engineering.

[24]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[25]  Andrew Bunnie Huang,et al.  Hacking the Xbox: An Introduction to Reverse Engineering , 2003 .

[26]  Scott D. Applegate The principle of maneuver in cyber operations , 2012, 2012 4th International Conference on Cyber Conflict (CYCON 2012).

[27]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[28]  Alex Biryukov,et al.  An introduction to Block Cipher Cryptanalysis , 2006, Proceedings of the IEEE.