Transparent Peer Review By Scholar9

Paper Title

Internal and External Re-keying and the way forward

Description / Abstract

Side Channel Analysis are the security attacks due to the issues in the implementations. This attack bypasses the mathematical security provided by the cryptographic algorithms. These attacks are broadly categorized into the issues related to architectural of the chip manufacturing, attack due to unwanted leakages like power leakage, acoustic leakage, thermal leakage or electromagnetic leakages, and the issues due to programming vulnerabilities for example the heartbleed bug etc. The architectural related issues are fixed when the newer version of hardware is designed once the vulnerability is found in the earlier version. The programming related attacks are solved by patching the software and updating the code that caused the vulnerability to be exploited. The leakage issues are the ongoing issues since it was first discovered in 1997. Among the various leakage issues, the acoustic and thermal leakages aids in the attack related to power analysis. The Electromagnetic attack boils down to the power analysis issue and hence, it all comes down to the power analysis attack. Since it was discovered, the researchers have suggested the solutions for them but on the other side, they would also be vulnerable again. The Power analysis attacks are mainly classified into Simple Power Analysis (SPA), Differential Power Analysis (DPA), Correlation Power Analysis (CPA), and profiled attacks. Their countermeasures are mainly masking and rekeying apart from architectural changes. The masking has been researched extensively and have been widely implemented countermeasure. However, it comes with a very big overhead. Therefore, the researchers started exploring the rekeying to counter them. Rekeying has been classified mainly into the internal and external rekeying both having its advantages and disadvantages. There is currently no literature available that discusses both in detail. This work surveys the work on both the approaches and suggest the way forward for the researchers of the re-keying.

Sukumar Bisetty Reviewer

Review Request Accepted

Sukumar Bisetty Reviewer

Approved Rating

Relevance and Originality

Methodology

Validity & Reliability

Clarity and Structure

Results and Analysis

Comment

Relevance and Originality:

The research article explores the persistent threat of Side Channel Analysis (SCA), particularly power analysis attacks, and provides a timely examination of rekeying as a countermeasure. By shifting focus from the well-researched masking techniques—known for their high overhead—to the less explored territory of internal and external rekeying, the article introduces a fresh angle in the cryptographic security landscape. The identification of a literature gap concerning the comparative study of rekeying mechanisms adds originality to the work. Given the enduring challenges posed by power leakage, acoustic, thermal, and electromagnetic vulnerabilities, the article contributes meaningfully to an area of active concern within cybersecurity and embedded systems research.

Methodology:

The article follows a literature survey approach, systematically compiling existing research on various forms of power analysis attacks (SPA, DPA, CPA, and profiled attacks) and their countermeasures. The methodology is suitable for a comparative study and sets a strong foundational understanding of the topic. However, the absence of a structured framework for evaluating internal and external rekeying techniques reduces analytical depth. Including criteria such as implementation complexity, resource overhead, and resistance against different attack models could have provided more concrete insights. Further, empirical or simulation-based evaluations would enhance the robustness of the methodology.

Validity & Reliability:

The article presents well-informed interpretations based on recognized studies in the field of side-channel resistance. Its arguments about the limitations of masking and the emerging role of rekeying are consistent with industry observations. However, since the conclusions are based on secondary sources and lack experimental backing, the findings remain largely theoretical. The reliability of the research would benefit from validation through practical implementation scenarios or testing on contemporary cryptographic hardware platforms. Including cross-references to performance metrics or benchmarking results from existing works could also strengthen the reliability of the discussion.

Clarity and Structure:

The article is structured in a logical manner, progressing from a general overview of side-channel attack categories to an in-depth discussion of power analysis and rekeying methods. Key concepts like thermal and electromagnetic leakages, architectural vulnerabilities, and SPA/DPA distinctions are clearly explained, which aids comprehension. That said, there are grammatical inconsistencies and awkward phrasings—such as "architectural of the chip manufacturing" and "have been widely implemented countermeasure"—that affect readability. A thorough language review would improve clarity, while visual summaries (e.g., diagrams, tables) could further enhance the structural flow and accessibility.

Result Analysis:

The article thoughtfully contrasts masking and rekeying approaches, emphasizing the practical drawbacks of the former and the research potential of the latter. By categorizing rekeying into internal and external variants and acknowledging the lack of integrated analysis in existing literature, it positions itself as a stepping stone for further inquiry. The discussion successfully outlines the strengths and trade-offs of each approach, setting the stage for future empirical validation and development of optimized hybrid solutions.