Residual Vulnerabilities to Power side channel attacks of lightweight ciphers cryptography competition Finalists

Authors

Aurelien Mozipo, Portland State University
John M. Acken, Portland State University

Published In

IET Computers & Digital Techniques

Document Type

Article

Publication Date

6-2023

Subjects

Cryptography -- internet of things, Leakage currents, power consumption, Security of data, Telecommunication security

Abstract

The protection of communications between Internet of Things (IoT) devices is of great concern because the information exchanged contains vital sensitive data. Malicious agents seek to exploit those data to extract secret information about the owners or the system. Power side channel attacks are of great concern on these devices because their power consumption unintentionally leaks information correlatable to the device's secret data. Several studies have demonstrated the effectiveness of authenticated encryption with advanced data, in protecting communications with these devices. A comprehensive evaluation of the seven (out of 10) algorithm finalists of the National Institute of Standards and Technology (NIST) IoT lightweight cipher competition that do not integrate built‐in countermeasures is proposed. The study shows that, nonetheless, they still present some residual vulnerabilities to power side channel attacks (SCA). For five ciphers, an attack methodology as well as the leakage function needed to perform correlation power analysis (CPA) is proposed. The authors assert that Ascon, Sparkle, and PHOTON‐Beetle security vulnerability can generally be assessed with the security assumptions “Chosen ciphertext attack and leakage in encryption only, with nonce‐misuse resilience adversary (CCAmL1)” and “Chosen ciphertext attack and leakage in encryption only with nonce‐respecting adversary (CCAL1)”, respectively. However, the security vulnerability of GIFT‐COFB, Grain, Romulus, and TinyJambu can be evaluated more straightforwardly with publicly available leakage models and solvers. They can also be assessed simply by increasing the number of traces collected to launch the attack.

Rights

This is an open access article under the terms of the Creative Commons Attribution‐NonCommercial License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes. © 2023 The Authors. IET Computers & Digital Techniques published by John Wiley & Sons Ltd.

Locate the Document

https://doi-org.proxy.lib.pdx.edu/10.1049/cdt2.12057

DOI

10.1049/cdt2.12057

Persistent Identifier

https://archives.pdx.edu/ds/psu/40323

Citation Details

Mozipo, A. T., & Acken, J. M. (2023). Residual vulnerabilities to power side channel attacks of lightweight ciphers cryptography competition finalists. IET Computers & Digital Techniques.