A simulated approach to evaluate side-channel attack countermeasures for the Advanced Encryption Standard

Crocetti, Luca; Baldanzi, Luca; Bertolucci, Matteo; Sarti, Luca; Carnevale, Berardino; Fanucci, Luca

doi:10.1016/j.vlsi.2019.06.005

Cited by 17 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Equation (10), B is the number of transmitted/received information bits, i.e., the information block size parameter defined in [1,4] for the different MODCODs. In other words, it represents the data payload size in bits for each transmitted/received codeword.…”

Section: Resultsmentioning

confidence: 99%

“…In fact, this MODCOD is the one with the largest information block size among the MODCODs of CCSDS 131.2-B-1, which is B = 43,678 bits. According to Equation (10), the corresponding calculation is (1/129,920)• 43,678 •16 ≈ 5.38. Similarly, MODCOD 37, defined in CCSDS 131.21-O-1, is characterized by an information block size B = 60,510; hence, the corresponding throughput for 1 Gbaud is 7.45 Gbps.…”

Section: Resultsmentioning

confidence: 99%

“…We have already presented the development and the implementation of hardware modules for the security functions approved by the CCSDS in [8], thereby achieving results that outperform the state-of-the-art technology, which includes future improvements in the security strength with key generation and derivation services that are aided by highly qualified random number generators [9] and protection mechanisms against side-channel attacks (SCAs) [10]. Regarding the development of the baseband receiver, we presented a preliminary work in [11], which focused on the frame synchronization module.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Scalable Hardware-Efficient Architecture for Frame Synchronization in High-Data-Rate Satellite Receivers

Crocetti,

Pagani,

Bertolucci

et al. 2024

Electronics

Self Cite

View full text Add to dashboard Cite

The continuous technical advancement of scientific space missions has resulted in a surge in the amount of data that is transferred to ground stations within short satellite visibility windows, which has consequently led to higher throughput requirements for the hardware involved. To aid synchronization algorithms, the communication standards commonly used in such applications define a physical layer frame structure that is composed of a preamble, segments of modulation symbols, and segments of pilot symbols. Therefore, the detection of a frame start becomes an essential operation, whose accuracy is undermined by the large Doppler shift and quantization errors in hardware implementations. In this work, we present a design methodology for frame synchronization modules that are robust against large frequency offsets and rely on a parallel architecture to support high throughput requirements. Several algorithms are evaluated in terms of the trade-off between accuracy and resource utilization, and the best solution is exemplified through its application to the CCSDS 131.2-B-1 and CCSDS 131.21-O-1 standards. The implementation results are reported for a Xilinx KU115 FPGA, thereby showing the capability of supporting baud rates that are greater than 2 Gbaud, as well as a corresponding throughput of 15.80 Gbps. To the best of our knowledge, this paper is the first to propose a design methodology for parallel frame synchronization modules that has applicability to the CCSDS 131.2-B-1 and CCSDS 131.21-O-1 standards.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Scalable Hardware-Efficient Architecture for Frame Synchronization in High-Data-Rate Satellite Receivers

Crocetti,

Pagani,

Bertolucci

et al. 2024

Electronics

Self Cite

View full text Add to dashboard Cite

show abstract

“…In addition, the systematic approach used in this work allows us to easily extend the analysis (and the hardware implications) to the inverse transformations of the AES decryption algorithm for implementing decryption-only modules or encryption/decryption modules, and to AES modules supporting also (or only) 192-bit keys (12 rounds) and (or) 256-bit keys (14 rounds). Future works will the evaluation of the effects on the resistance to the Side-Channel attacks due to the application of the isomorphic mapping to the linear operations of AES, according to the methodology presented in [14].…”

Section: Discussionmentioning

confidence: 99%

On the Usage of Isomorphic Fields in Hardware AES Modules for Optimizing the Efficiency

Crocetti,

Saponara

2024

Lecture Notes in Electrical Engineering

Self Cite

View full text Add to dashboard Cite

The Advanced Encryption Standard (AES) is widely accepted as the de-facto standard for symmetric-key encryption, and it is going to be used in the coming decades because of its resistance against Post-Quantum Cryptography. For this reason, it is the subject of many research works, and almost all converge on the usage of composite/tower fields for the hardware implementation of the S-box, the most expensive circuit in terms of both area and critical delay. Anyway, the debate is still open on applying isomorphic fields also to the other AES algorithm operations. In the attempt to give an answer, it is analyzed the application of the two approaches to the most recent and performing solutions from the state-of-the-art with the synthesis of the corresponding circuits on a 7nm standard-cell technology. In addition, the presented work constitutes also a guideline for implementing hardware AES modules that execute all operations over composite/tower fields.

show abstract

“…Evaluations of cipher suites should consider their resilience against various SCAs, with some implementations incorporating countermeasures like constant-time algorithms or randomization. This comprehensive approach ensures robust protection against theoretical cryptographic vulnerabilities and practical implementationlevel weaknesses [43,44].…”

mentioning

confidence: 99%

A Performance Analysis of Security Protocols for Distributed Measurement Systems Based on Internet of Things with Constrained Hardware and Open Source Infrastructures

Gentile,

Macrì,

Carnì

et al. 2024

Sensors

View full text Add to dashboard Cite

The widespread adoption of Internet of Things (IoT) devices in home, industrial, and business environments has made available the deployment of innovative distributed measurement systems (DMS). This paper takes into account constrained hardware and a security-oriented virtual local area network (VLAN) approach that utilizes local message queuing telemetry transport (MQTT) brokers, transport layer security (TLS) tunnels for local sensor data, and secure socket layer (SSL) tunnels to transmit TLS-encrypted data to a cloud-based central broker. On the other hand, the recent literature has shown a correlated exponential increase in cyber attacks, mainly devoted to destroying critical infrastructure and creating hazards or retrieving sensitive data about individuals, industrial or business companies, and many other entities. Much progress has been made to develop security protocols and guarantee quality of service (QoS), but they are prone to reducing the network throughput. From a measurement science perspective, lower throughput can lead to a reduced frequency with which the phenomena can be observed, generating, again, misevaluation. This paper does not give a new approach to protect measurement data but tests the network performance of the typically used ones that can run on constrained hardware. This is a more general scenario typical for IoT-based DMS. The proposal takes into account a security-oriented VLAN approach for hardware-constrained solutions. Since it is a worst-case scenario, this permits the generalization of the achieved results. In particular, in the paper, all OpenSSL cipher suites are considered for compatibility with the Mosquitto server. The most used key metrics are evaluated for each cipher suite and QoS level, such as the total ratio, total runtime, average runtime, message time, average bandwidth, and total bandwidth. Numerical and experimental results confirm the proposal’s effectiveness in foreseeing the minimum network throughput concerning the selected QoS and security. Operating systems yield diverse performance metric values based on various configurations. The primary objective is identifying algorithms to ensure suitable data transmission and encryption ratios. Another aim is to explore algorithms that ensure wider compatibility with existing infrastructures supporting MQTT technology, facilitating secure connections for geographically dispersed DMS IoT networks, particularly in challenging environments like suburban or rural areas. Additionally, leveraging open firmware on constrained devices compatible with various MQTT protocols enables the customization of the software components, a crucial necessity for DMS.

show abstract

A simulated approach to evaluate side-channel attack countermeasures for the Advanced Encryption Standard

Cited by 17 publications

References 19 publications

Scalable Hardware-Efficient Architecture for Frame Synchronization in High-Data-Rate Satellite Receivers

Scalable Hardware-Efficient Architecture for Frame Synchronization in High-Data-Rate Satellite Receivers

On the Usage of Isomorphic Fields in Hardware AES Modules for Optimizing the Efficiency

A Performance Analysis of Security Protocols for Distributed Measurement Systems Based on Internet of Things with Constrained Hardware and Open Source Infrastructures

Contact Info

Product

Resources

About