Secure GCM implementation on AVR

Abstract In Internet of Things (IoT), sensor devices should deliver the collected sensor data to the server after the data is encrypted. The encrypted data cannot be eavesdropped by adversaries but the side channel information including clock cycles and power consumption patterns during encryption operations can leak the secret information. For this reason, cryptography engineering should prevent potential threats by designing the cryptography functions in secure manner. In this paper, we explore the feasible side channel attacks on cryptography operations, particularly polynomial multiplication for Galois/Counter Mode of operation (GCM). We perform the horizontal Correlation Power Analysis (CPA) on the most well-known Lopez et al.’s polynomial multiplication and successfully extract the secret values from power consumption patterns. In order to prevent proposed attack model, we suggest a masked polynomial multiplication, ensuring a regular and constant-time solution without potential vulnerabilities including Look-up Table (LUT) access and branch statements. With proposed polynomial multiplication, we suggest the secure and efficient implementation of GCM on the low-end embedded processor. Finally, we further explore the long polynomial multiplication for Elliptic Curve Cryptography (ECC) operations. We exploit the combination of Karatsuba algorithm and proposed masked polynomial multiplication, which achieved the practically fast polynomial multiplication on embedded processors.

[1]  Abhijit Choudhury,et al.  AES Galois Counter Mode (GCM) Cipher Suites for TLS , 2008, RFC.

[2]  Julio César López-Hernández,et al.  High Speed Implementation of Authenticated Encryption for the MSP430X Microcontroller , 2012, LATINCRYPT.

[3]  Zhe Liu,et al.  Efficient arithmetic on ARM-NEON and its application for high-speed RSA implementation , 2015, Secur. Commun. Networks.

[4]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[5]  Ricardo Dahab,et al.  High-Speed Software Multiplication in F2m , 2000, INDOCRYPT.

[6]  Zhe Liu,et al.  Binary field multiplication on ARMv8 , 2015, Secur. Commun. Networks.

[7]  Hermann Seuschek,et al.  Fast Arithmetic on ATmega128 for Elliptic Curve Cryptography , 2008, IACR Cryptol. ePrint Arch..

[8]  Hyunjin Kim,et al.  Binary and prime field multiplication for public key cryptography on embedded microprocessors , 2014, Secur. Commun. Networks.

[9]  Deian Stefan,et al.  Fast Software AES Encryption , 2010, FSE.

[10]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[11]  Julio César López-Hernández,et al.  Implementing GCM on ARMv8 , 2015, CT-RSA.

[12]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[13]  Ricardo Dahab,et al.  TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks , 2008, 2008 5th International Conference on Networked Sensing Systems.

[14]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[15]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[16]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[17]  John Viega,et al.  The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH , 2006, RFC.

[18]  Zhe Liu,et al.  Optimized Karatsuba squaring on 8-bit AVR processors , 2014, Secur. Commun. Networks.

[19]  Ricardo Dahab,et al.  Efficient implementation of elliptic curve cryptography in wireless sensors , 2010, Adv. Math. Commun..

[20]  Zhe Liu,et al.  A Synthesis of Multi-Precision Multiplication and Squaring Techniques for 8-Bit Sensor Nodes: State-of-the-Art Research and Future Challenges , 2016, Journal of Computer Science and Technology.

[21]  Zhe Liu,et al.  Reverse Product-Scanning Multiplication and Squaring on 8-Bit AVR Processors , 2014, ICICS.

[22]  Hwajeong Seo,et al.  Faster ECC over F2 521−1 (feat. NEON) , 2016 .

[23]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[24]  Chien-Ning Chen,et al.  Memory Address Side-Channel Analysis on Exponentiation , 2014, ICISC.

[25]  Zhe Liu,et al.  Hybrid Montgomery Reduction , 2016, TECS.

[26]  Masaaki Shirase,et al.  Efficient Implementation of Pairing-Based Cryptography on a Sensor Node , 2009, IEICE Trans. Inf. Syst..

[27]  Zhe Liu,et al.  Faster ECC over \mathbb F_2^521-1 F 2 521 - 1 (feat. NEON) , 2015, ICISC.

[28]  Michael E. Kounavis,et al.  Multiplication Instruction and its Usage for Computing the GCM Mode , 2010 .

[29]  Zhe Liu,et al.  Efficient Implementation of NIST-Compliant Elliptic Curve Cryptography for 8-bit AVR-Based Sensor Nodes , 2016, IEEE Transactions on Information Forensics and Security.

[30]  Shay Gueron,et al.  AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition , 2013 .

[31]  John Viega,et al.  The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[32]  Zhe Liu,et al.  Karatsuba-Block-Comb technique for elliptic curve cryptography over binary fields , 2015, Secur. Commun. Networks.

[33]  Jerome A. Solinas,et al.  AES Galois Counter Mode for the Secure Shell Transport Layer Protocol , 2009, RFC.

[34]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.