Transparent Peer Review By Scholar9

Internal and External Re-keying and the way forward

Abstract

Side Channel Analysis are the security attacks due to the issues in the implementations. This attack bypasses the mathematical security provided by the cryptographic algorithms. These attacks are broadly categorized into the issues related to architectural of the chip manufacturing, attack due to unwanted leakages like power leakage, acoustic leakage, thermal leakage or electromagnetic leakages, and the issues due to programming vulnerabilities for example the heartbleed bug etc. The architectural related issues are fixed when the newer version of hardware is designed once the vulnerability is found in the earlier version. The programming related attacks are solved by patching the software and updating the code that caused the vulnerability to be exploited. The leakage issues are the ongoing issues since it was first discovered in 1997. Among the various leakage issues, the acoustic and thermal leakages aids in the attack related to power analysis. The Electromagnetic attack boils down to the power analysis issue and hence, it all comes down to the power analysis attack. Since it was discovered, the researchers have suggested the solutions for them but on the other side, they would also be vulnerable again. The Power analysis attacks are mainly classified into Simple Power Analysis (SPA), Differential Power Analysis (DPA), Correlation Power Analysis (CPA), and profiled attacks. Their countermeasures are mainly masking and rekeying apart from architectural changes. The masking has been researched extensively and have been widely implemented countermeasure. However, it comes with a very big overhead. Therefore, the researchers started exploring the rekeying to counter them. Rekeying has been classified mainly into the internal and external rekeying both having its advantages and disadvantages. There is currently no literature available that discusses both in detail. This work surveys the work on both the approaches and suggest the way forward for the researchers of the re-keying.

Arnab Kar Reviewer

Review Request Accepted

Arnab Kar Reviewer
16 Apr 2025 01:21 PM

Approved Rating

Relevance and Originality

Methodology

Validity & Reliability

Clarity and Structure

Results and Analysis

Comment

Relevance and Originality:

This research article addresses a pressing and long-standing challenge in the field of cryptographic hardware security: Side Channel Analysis (SCA), particularly power analysis attacks. Its relevance stems from the fact that such attacks can bypass the inherent mathematical robustness of cryptographic algorithms by exploiting flaws in their physical implementation. The article’s focus on rekeying, especially distinguishing between internal and external rekeying methods, introduces a relatively underexplored area. By identifying that no consolidated literature exists comparing both rekeying strategies in depth, the work positions itself as a novel contribution and fills a meaningful research gap in the ongoing efforts to harden devices against SPA, DPA, CPA, and related attacks.

Methodology:

The article employs a literature survey methodology, effectively synthesizing a wide range of prior studies on power analysis and associated countermeasures like masking and rekeying. The classification of attacks and their corresponding defenses is clearly presented, offering a comprehensive theoretical foundation. However, the survey could be strengthened by introducing a structured comparison framework—such as benchmarking criteria for performance, scalability, and overhead—for internal vs. external rekeying techniques. The absence of practical case studies or simulations limits the technical depth, but the methodological approach is otherwise appropriate for a survey-type work aimed at establishing future research directions.

Validity & Reliability:

The conclusions drawn are well-aligned with established research trends and accurately reflect the strengths and limitations of existing countermeasures like masking. The article convincingly argues the growing need for efficient alternatives like rekeying due to the overhead and implementation complexity of masking. Nonetheless, because the work is based purely on secondary sources, its findings—while logically coherent—lack empirical substantiation. The reliability of the recommendations would improve with references to concrete performance metrics or comparative evaluations from real-world implementations. Without experimental backing, the generalizability of the proposed insights into rekeying remains theoretical.

Clarity and Structure:

The article is structured in a logical and progressive manner, beginning with foundational knowledge on side-channel attacks and leading into specific discussions on leakage sources and attack typologies. The transition to countermeasure analysis is smooth, and the division of rekeying strategies into internal and external categories is well-articulated. However, there are several grammatical and stylistic errors that detract from readability—for example, phrases like “architectural of the chip manufacturing” and “have been widely implemented countermeasure” require correction. Improving the language and adding visual aids such as diagrams or summary tables would significantly enhance clarity and comprehension.

Result Analysis:

The article provides a balanced and insightful analysis of existing countermeasures, notably identifying the limitations of masking due to high computational overhead. The exploration of rekeying as a scalable and practical alternative is timely and well-reasoned. The distinction between internal and external rekeying, along with a call for further detailed research, sets a constructive agenda for future exploration. The work successfully synthesizes current knowledge while pointing toward unanswered questions, making it a valuable reference for researchers aiming to strengthen resistance to power analysis attacks in cryptographic systems.