TY - JOUR AU - Unterstein, Florian AU - Schink, Marc AU - Schamberger, Thomas AU - Tebelmann, Lars AU - Ilg, Manuel AU - Heyszl, Johann PY - 2020/08/26 Y2 - 2024/03/28 TI - Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers JF - IACR Transactions on Cryptographic Hardware and Embedded Systems JA - TCHES VL - 2020 IS - 4 SE - Articles DO - 10.13154/tches.v2020.i4.365-388 UR - https://tches.iacr.org/index.php/TCHES/article/view/8687 SP - 365-388 AB - <p>The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.</p> ER -