Abstract

The security of cryptographic implementations running on embedded systems is threatened by side-channel attacks. Such attacks retrieve a secret key from a computing device observing the information leaking on unintended channels such as the energy consumed during a computation. The vast majority of the countermeasures proposed against such attacks aims at preventing the attacker from exploiting fruitfully the information leaking on the side-channel either altering it or hiding it within a higher noise envelope. Whilst all these countermeasures provide a quantitative security margin against an attacker, they do not provide an indication of having been successfully overcome, thus forsaking the possibility of taking a reactive action upon an eventual security breach. In an effort to propose a reactive countermeasure, we describe our proposal suggesting the introduction of redundant computations employing fixed fake keys (a.k.a. chaffs) to pollute the leaked information with plausible albeit deceitful one. We provide an in depth analysis of the proposed approach, highlighting the constraints to its effective applicability, and the boundary conditions which allow its employment for the securization of a system. We detail the attacker model considered, and the reactive security margin provided by the proposed scheme, highlighting the extent of the realizability of a reactive countermeasure, given the nature of the side-channel information. To provide experimental backing to our analysis, effectiveness and efficiency results on the Advanced Encryption Standard (AES) cipher implementation as well as lightweight block ciphers implementations running on an ARM Cortex-M4 processor are shown.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.