АНАЛІЗ МЕТОДІВ ЗАБЕЗПЕЧЕННЯ КОНФІДЕНЦІЙНОСТІ ДАНИХ, ЯКІ ПЕРЕДАЮТЬСЯ З БПЛА

The rapid development of unmanned aerial vehicles (UAVs), as well as the expansion of the list of actions performed by modern UAVs, led to increased requirements for the safety and reliability of data transmission. In the context of warfare, when confidential information is collected, the protection of such information is a top priority. The practical level of conducting aerial reconnaissance during current warfare demonstrates the urgent need to create UAV which capable of performing flight tasks and aerial reconnaissance in the mode of installed radio interference, and also emphasizes the importance of ensuring the data confidentiality about target objects transmitted by an optical channel for the implementation of their processing in automated systems. The paper provides a review and comparative analysis of modern cryptoalgorithms that are used to ensure data confidentiality during their transmission by radio channel from UAV to ground objects. There are the system of criteria (multi criteria analysis) was used to compare following cryptographic algorithms (similar to AES, NESSIE, etc competitions): block and key sizes; modes of operation; encryption speed; memory requirements; resistance (security) to cryptanalysis. The conducted analysis showed that each cryptographic algorithm has advantages and disadvantages. Also, there is no universal cryptographic algorithm that capable to resolve all privacy problems in UAV. According to the limited resources in the process of UAV operation, it is necessary to create a universal set (dataset) of cryptographic algorithms that could solve various problems in different conditions including different aspects of UAV exploitation. It is these studies that will be devoted to the further work of the authors within the framework of the ongoing scientific project.Стрімкий розвиток безпілотних літальних апаратів (БПЛА), а також розширення їх функціоналу, зумовило підвищення вимог до безпеки та надійності передавання даних. В умовах ведення військових дій, а також при виконані операцій, під час яких збираються конфіденційні дані, захист такоих даних є першочерговим завданням. Практичний стан проведення повітряної розвідки в зоні бойових дій демонструє нагальну потребу створення БПЛА, що здатні виконувати польотне завдання та аеророзвідку в режимі встановлених радіоперешкод, а також підкреслює важливість забезпечення конфіденційності даних про цільові об’єкти, що передаються оптичним каналом для реалізації їх обробки в автоматизованих системах. У цій статті проведено огляд та порівняльний аналіз сучасних криптоалгоритмів, які використовуються для забезпечення конфіденційності даних під час їх передавання радіоканалом з БПЛА до наземних об’єктів. Для багатокритеріального порівняння алгоритмів використовувалась система критеріїв, подібна до конкурсів AES та NESSIE, що пов’язані з розмірами блоку і ключа, режимами роботи, швидкістю шифрування, вимогами до пам’яті та стійкістю до криптоаналізу. Аналіз показав, що кожен криптоалгоритм має переваги та недоліки, а універсальні алгоритми, здатні вирішити усі проблеми конфіденційності в БПЛА, є відсутніми. З огляду на обмеженість ресурсів у процесі експлуатації БПЛА, необхідно створити датасет криптографічних алгоритмів, які могли б розв’язувати різного роду задачі у різних умовах. Саме цим дослідженням і буде присвячена подальша робота авторів у рамках виконуваного наукового проєкту

PRISEC: Comparison of Symmetric Key Algorithms for IoT Devices

With the growing number of heterogeneous resource-constrained devices connected to the Internet, it becomes increasingly challenging to secure the privacy and protection of data. Strong but efficient cryptography solutions must be employed to deal with this problem, along with methods to standardize secure communications between these devices. The PRISEC module of the UbiPri middleware has this goal. In this work, we present the performance of the AES (Advanced Encryption Standard), RC6 (Rivest Cipher 6), Twofish, SPECK128, LEA, and ChaCha20-Poly1305 algorithms in Internet of Things (IoT) devices, measuring their execution times, throughput, and power consumption, with the main goal of determining which symmetric key ciphers are best to be applied in PRISEC. We verify that ChaCha20-Poly1305 is a very good option for resource constrained devices, along with the lightweight block ciphers SPECK128 and LEA.info:eu-repo/semantics/publishedVersio

ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications

The ChaCha20 stream cipher and the Poly1305 authenticator are cryptographic algorithms designed by Daniel J. Bernstein with the aim of ensuring high-security margins, while achieving high performance on a broad range of software platforms. In response to the concerns raised about the reliability of the existing IETF/TLS cipher suite, its performance on software platforms, and the ease to realize secure implementations thereof, the IETF has recently published the RFC7905 and RFC7539 to promote the use and standardization of the ChaCha20 stream cipher and Poly1305 authenticator in the TLS protocol. Most interestingly, the RFC7539 specifies how to combine together the ChaCha20 stream cipher and Poly1305 authenticator to construct an Authenticated Encryption with Associated Data (AEAD) scheme to provide confidentiality, integrity, and authenticity of data. In this work, we present compact, constant-time, and fast implementations of the ChaCha20 stream cipher, Poly1305-ChaCh a20 authenticator, and ChaCha20-Poly1305 AEAD scheme for ARM Cortex-M4 processors, aimed at evaluating the suitability of such algorithms for high-speed and lightweight IoT applications, e.g. to deploy fast and secure TLS connections between IoT nodes and remote cloud servers, when AES hardware acceleration capabilities are not available

Systematic Characterization of Power Side Channel Attacks for Residual and Added Vulnerabilities

Power Side Channel Attacks have continued to be a major threat to cryptographic devices. Hence, it will be useful for designers of cryptographic systems to systematically identify which type of power Side Channel Attacks their designs remain vulnerable to after implementation. It’s also useful to determine which additional vulnerabilities they have exposed their devices to, after the implementation of a countermeasure or a feature. The goal of this research is to develop a characterization of power side channel attacks on different encryption algorithms\u27 implementations to create metrics and methods to evaluate their residual vulnerabilities and added vulnerabilities. This research studies the characteristics that influence the power side leakage, classifies them, and identifies both the residual vulnerabilities and the added vulnerabilities. Residual vulnerabilities are defined as the traits that leave the implementation of the algorithm still vulnerable to power Side Channel Attacks (SCA), sometimes despite the attempt at implementing countermeasures by the designers. Added vulnerabilities to power SCA are defined as vulnerabilities created or enhanced by the algorithm implementations and/or modifications. The three buckets in which we categorize the encryption algorithm implementations are: i. Countermeasures against power side channel attacks, ii. IC power delivery network impact to power leakage (including voltage regulators), iii. Lightweight ciphers and applications for the Internet of Things (IoT ) From the characterization of masking countermeasures, an example outcome developed is that masking schemes, when uniformly distributed random masks are used, are still vulnerable to collision power attacks. Another example outcome derived is that masked AES, when glitches occur, is still vulnerable to Differential Power Analysis (DPA). We have developed a characterization of power side-channel attacks on the hardware implementations of different symmetric encryption algorithms to provide a detailed analysis of the effectiveness of state-of-the-art countermeasures against local and remote power side-channel attacks. The characterization is accomplished by studying the attributes that influence power side-channel leaks, classifying them, and identifying both residual vulnerabilities and added vulnerabilities. The evaluated countermeasures include masking, hiding, and power delivery network scrambling. But, vulnerability to DPA depends largely on the quality of the leaked power, which is impacted by the characteristics of the device power delivery network. Countermeasures and deterrents to power side-channel attacks targeting the alteration or scrambling of the power delivery network have been shown to be effective against local attacks where the malicious agent has physical access to the target system. However, remote attacks that capture the leaked information from within the IC power grid are shown herein to be nonetheless effective at uncovering the secret key in the presence of these countermeasures/deterrents. Theoretical studies and experimental analysis are carried out to define and quantify the impact of integrated voltage regulators, voltage noise injection, and integration of on-package decoupling capacitors for both remote and local attacks. An outcome yielded by the studies is that the use of an integrated voltage regulator as a countermeasure is effective for a local attack. However, remote attacks are still effective and hence break the integrated voltage regulator countermeasure. From experimental analysis, it is observed that within the range of designs\u27 practical values, the adoption of on-package decoupling capacitors provides only a 1.3x increase in the minimum number of traces required to discover the secret key. However, the injection of noise in the IC power delivery network yields a 37x increase in the minimum number of traces to discover. Thus, increasing the number of on-package decoupling capacitors or the impedance between the local probing site and the IC power grid should not be relied on as countermeasures to power side-channel attacks, for remote attack schemes. Noise injection should be considered as it is more effective at scrambling the leaked signal to eliminate sensitive identifying information. However, the analysis and experiments carried out herein are applied to regular symmetric ciphers which are not suitable for protecting Internet of Things (IoT) devices. The protection of communications between IoT devices is of great concern because the information exchanged contains vital sensitive data. Malicious agents seek to exploit those data to extract secret information about the owners or the system. Power side channel attacks are of great concern on these devices because their power consumption unintentionally leaks information correlatable to the device\u27s secret data. Several studies have demonstrated the effectiveness of authenticated encryption with advanced data (AEAD), in protecting communications with these devices. In this research, we have proposed a comprehensive evaluation of the ten algorithm finalists of the National Institute of Standards and Technology (NIST) IoT lightweight cipher competition. The study shows that, nonetheless, some still present some residual vulnerabilities to power side channel attacks (SCA). For five ciphers, we propose an attack methodology as well as the leakage function needed to perform correlation power analysis (CPA). We assert that Ascon, Sparkle, and PHOTON-Beetle security vulnerability can generally be assessed with the security assumptions Chosen ciphertext attack and leakage in encryption only, with nonce-misuse resilience adversary (CCAmL1) and Chosen ciphertext attack and leakage in encryption only with nonce-respecting adversary (CCAL1) , respectively. However, the security vulnerability of GIFT-COFB, Grain, Romulus, and TinyJambu can be evaluated more straightforwardly with publicly available leakage models and solvers. They can also be assessed simply by increasing the number of traces collected to launch the attack