Abstract
The re-keying scheme is a variant of the symmetric encryption scheme where a sender (respectively, receiver) encrypts (respectively, decrypts) plaintext with a temporal session key derived from a master secret key and publicly-shared randomness. It is one of the system-level countermeasures against the side channel attacks (SCAs), which make attackers unable to collect enough power consumption traces for their analyses by updating the randomness (i.e., session key) frequently. In 2015, Dobraunig et al. proposed two kinds of re-keying schemes. The first one is a scheme without the beyond birthday security, which fixes the security vulnerability of the previous re-keying scheme of Medwed et al. Their second scheme is an abstract scheme with the beyond birthday security, which, as a black-box, consists of two functions; a re-keying function to generate a session key and a tweakable block cipher to encrypt plaintext. They assumed that the tweakable block cipher was ideal (namely, secure against the related key, chosen plaintext, and chosen ciphertext attacks) and proved the security of their scheme as a secure tweakable block cipher. In this paper, we revisit the re-keying scheme. The previous works did not discuss security in considering the SCA well. They just considered that the re-keying scheme was SCA resistant when the temporal session key was always refreshed with randomness. In this paper, we point out that such a discussion is insufficient by showing a concrete attack. We then introduce the definition of an SCA-resistant re-keying scheme, which captures the security against such an attack. We also give concrete schemes and discuss their security and applications.
Highlights
Side channel attacks (SCAs) recover a secret key from a cryptographic device by collecting leakage information, such as the power consumption traces or the electro-magnetic traces, and by analyzing them statistically
We show the plaintext recovery attacks with the side channel attacks (SCAs)
The sensor devices and the edge device are supposed to be resource-constrained. Since these devices are located in the field, there is a fear of the SCA on these devices
Summary
Side channel attacks (SCAs) recover a secret key from a cryptographic device by collecting leakage information, such as the power consumption traces or the electro-magnetic traces, and by analyzing them statistically. Since the proposal by Kocher et al [1], differential power analysis (DPA) has been one of the serious threats in the real world. Against DPA, many countermeasures have been reported. At the device level, masking and hiding are studied well [2]. Masking is a countermeasure that randomizes the internal variables inside the module to disallow adversaries from analyzing the variables correctly. Hiding unlinks the internal values from the measured leakage to make the statistics meaningless.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
