Comparison of aead-algorithms for embedded systems іnternet of things

2019;
: pp. 76-91
1
Lviv Polytechnic National University
2
Lviv Polytechnic National University
3
Lviv Polytechnic National University

The article compares the performance and memory requirements of AES-GCM and ChaCha20Poly1305 AED encryption solutions for typical 8/16/32-bit embedded low-end processors in the Internet of Things device with different approaches to providing tolerance to Timing Attacks and Simple Power Analysis Attacks. Particular attention is given to the low-level multiplication implementation in GF(2128) with constant execution time as a key GCM operation, since low-end processors do not have ready instructions for carry-less multiplication. For each AVR/MSP430/ARM Cortex-M3 processor core, a carry-less multiplication with a constant execution time, which is similar in efficiency to algorithms with a non-constant execution time, is proposed.

[1] Alex Biryukov and Leo Perrin. State of the Art in Lightweight Symmetric Cryptography. Cryptology ePrint Archive, Report 2017/511, 2017.

[2] Sergey Panasenko and Sergey Smagin. Lightweight Cryptography: Underlying Principles and Approaches. International Journal of Computer Theory and Engineering, Vol. 3, No. 4, August 2011, pp. 516-520. https://doi.org/10.7763/IJCTE.2011.V3.360

[3] Sovyn Ya., Nakonechny Yu., Opirskyy I., Stakhiv M. Analysis of hardware support of cryptography in Internet of Things-devices // Ukrainian Scientific Journal of Information Security, 2018, vol. 24, issue 1, p. 36-48. https://doi.org/10.18372/2225-5036.24.12491

[4] Eldewahi A. E. W., Sharfi T. M. H., Mansor A. A., Mohamed N. A. F. and Alwahbani S. M. H. SSL/TLS attacks: Analysis and evaluation. 2015 International Conference on Computing, Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE), Khartoum, 2015, pp. 203-208. https://doi.org/10.1109/ICCNEEE.2015.7381362

[5] Schaumont P. Security in the Internet of Things: A challenge of scale. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 674-679. https://doi.org/10.23919/DATE.2017.7927075

[6] Yang Y., Wu L., Yin G., Li L. and Zhao H. A Survey on Security and Privacy Issues in Internet-of-Things. IEEE Internet of Things Journal, Vol. 4, No. 5, pp. 1250-1258, Oct., 2017. https://doi.org/10.1109/JIOT.2017.2694844

[7] Dworkin M. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication, NIST Special Publication 800-38D, November, 2007. https://doi.org/10.6028/NIST.SP.800-38c

[8] McGrew D. An interface and algorithms for authenticated encryption. IETF RFC 5116. January, 2008. https://doi.org/10.17487/rfc5116

[9] Nir Y., Langley A. ChaCha20 and Poly1305 for IETF Protocols. RFC 8439. June 2018. https://doi.org/10.17487/RFC8439

[10] Langley A., Chang W., Mavrogiannopoulos N., Strombergson J., Josefsson S. ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). RFC 7905. June 2016. https://doi.org/10.17487/RFC7905

[11] "CAESAR Competition for Authenticated Encryption: Security, Applicability, and Robustness". 2012.

[12] Intel Architecture Instruction Set Extensions and Future Features Programming Reference. March, 2018.

[13] Shay Gueron. Intel Advanced Encryption Standard (AES) New Instructions Set. Intel White Paper, 2012.

[14] Shay Gueron, Michael E. Kounavis. Intel carry-less multiplication instruction and its usage for computing the GCM mode. Intel White Paper, April, 2014.

[15] ARM Architecture Reference Manual. ARMv8, for ARMv8-A architecture profile. December, 2017.

[16] Agner Fog. Instruction tables. Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs. 2018.

[17] Shay Gueron, Adam Langley, Yehuda Lindell. AES-GCM-SIV Nonce Misuse-Resistant Authenticated Encryption. CFRG Meeting EUROCRYPT 2016, May, 2016. https://doi.org/10.1145/2810103.2813613

[18] Daemen J. and Rijmen V. The design of Rijndael. Springer-Verlag New York, Inc. Secaucus, NJ, USA, 2002. https://doi.org/10.1007/978-3-662-04722-4

[19] Conrado P. L. Gouvea, Julio Lopez. High Speed Implementation of Authenticated Encryption for the MSP430X Microcontroller. Progress in Cryptology LATINCRYPT 2012. LNCS, Vol. 7533, pp. 288-304. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_16

[20] "The Cifra Project. A collection of cryptographic primitives targeted at embedded use." https://github.com/ctz/cifra, Feb., 2017.

[21] F. De Santis, A. Schauer and G. Sigl. ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, Lausanne, 2017, pp. 692-697. https://doi.org/10.23919/DATE.2017.7927078

[22] Atmel Corporation. 8-bit AVR Microcontroller with 8/16K Bytes of ISP Flash and USB Controller. Technical Reference Manual, 2008.

[23] Texas Instruments. User's Guide. MSP430FR58xx/59xx/68xx, and MSP430FR69xx Family, 2015.

[24] ARM, "ARM and Thumb-2 Instruction Set", 2016.

[25] McGrew D. A. and Viega J. The Galois/Counter Mode of Operation (GCM). Submission to NIST, 2005.

[26] Loup Vaillant. The design of Poly1305, 2017. http://loup-vaillant.fr/tutorials/poly1305-design. https://github.com/floodyberry/poly1305-donna/blob/master/poly1305-donna....