This blog post reviews the key points of the presentation of Corentin Verhamme and Francois Koeune from UCLouvain, during the REWIRE Cybersecurity Awareness Webinar Series. During the webinar entitled: “Securing SW/FW Update Process with Authenticated Encryption and Strong Leakage Protection – the LRBC Scheme” the presenters discussed the process for securing software and firmware updates using the LRBCC and its implications within the REWIRE project.
More specifically, it was analytically explained that the main goal is to ensure secure transmission of updates, considering both classical cryptographic attacks and physical-level side-channel attacks, through proposing two secure sector update algorithms: a one-to-one mode using LRBC2 and a one-to-many mode using digital signatures. Firstly, the crypto background on symmetric cryptography was set, including AES and authenticated encryption modes of operation, which aim to ensure authenticity and confidentiality. Afterwards, it was analyzed in detail how cryptographic implementations can be vulnerable to side-channel attacks, like timing and power consumption analysis. Leakage-resilient cryptography manages to counter these attacks by hiding the signal in noise through physical control measures, implementation-level countermeasures like masking and shuffling, and mode-level measures.
In addition, the LRPF (Leakage-Resilient Pseudo-Random Function) Evaluation based on its tree-based construction manages to limit the observable leakages of the master key. During this presentation, the main experimental results showed the trade-off between efficiency and security, with a smaller number of encryptions providing higher security. The same methodological process was utilized for the evaluation and assessment of the validity of a protected core. The results showcased that, despite unknown countermeasures, the core could still be attacked by analyzing the signal-to-noise ratio.
Moreover, special emphasis was given to the dedicated vs. non-dedicated primitives, with a reflection on the comparison between masking (a non-dedicated primitive) and LRPF (a dedicated primitive) for physical security attacks. While masking offers flexibility, it is hard to design and evaluate, whereas LRPF is simpler to verify, but has a constant overhead. The overall conclusion was that LRBC2 achieves probable cipher integrity with leakage resilience, and both primitive-level and mode-level control measures are interesting depending on the specific scenario and security requirements
Finally, the application to ASCON was presented as an additional work on applying masking to ASCON, the NIST lightweight cryptography competition winner. The results show that ASCON’s specific structure requires careful implementation of masking to avoid potential security issues related to physical faults. This work reinforces the earlier point that masking needs to be well-designed and is not always straightforward in complex implementations.