Transparent Peer Review By Scholar9

Internal and External Re-keying and the way forward

Abstract

Side Channel Analysis are the security attacks due to the issues in the implementations. This attack bypasses the mathematical security provided by the cryptographic algorithms. These attacks are broadly categorized into the issues related to architectural of the chip manufacturing, attack due to unwanted leakages like power leakage, acoustic leakage, thermal leakage or electromagnetic leakages, and the issues due to programming vulnerabilities for example the heartbleed bug etc. The architectural related issues are fixed when the newer version of hardware is designed once the vulnerability is found in the earlier version. The programming related attacks are solved by patching the software and updating the code that caused the vulnerability to be exploited. The leakage issues are the ongoing issues since it was first discovered in 1997. Among the various leakage issues, the acoustic and thermal leakages aids in the attack related to power analysis. The Electromagnetic attack boils down to the power analysis issue and hence, it all comes down to the power analysis attack. Since it was discovered, the researchers have suggested the solutions for them but on the other side, they would also be vulnerable again. The Power analysis attacks are mainly classified into Simple Power Analysis (SPA), Differential Power Analysis (DPA), Correlation Power Analysis (CPA), and profiled attacks. Their countermeasures are mainly masking and rekeying apart from architectural changes. The masking has been researched extensively and have been widely implemented countermeasure. However, it comes with a very big overhead. Therefore, the researchers started exploring the rekeying to counter them. Rekeying has been classified mainly into the internal and external rekeying both having its advantages and disadvantages. There is currently no literature available that discusses both in detail. This work surveys the work on both the approaches and suggest the way forward for the researchers of the re-keying.

Balachandar Paulraj Reviewer

Review Request Accepted

Balachandar Paulraj Reviewer

Approved Rating

Relevance and Originality

Methodology

Validity & Reliability

Clarity and Structure

Results and Analysis

Comment

Relevance and Originality:

The research article provides a significant contribution to the field of cryptographic security by addressing side-channel analysis attacks, particularly power analysis attacks. This is a relevant and timely topic, as these attacks continue to be a major concern in ensuring the security of cryptographic systems. The article’s focus on rekeying as a countermeasure to these attacks is original and noteworthy, especially considering the extensive research already done on masking. By exploring both internal and external rekeying, the article fills a gap in the literature, offering fresh perspectives for future research. The problem being addressed is of considerable importance, as power analysis vulnerabilities have remained persistent since their discovery in 1997.

Methodology:

The methodology is based on a survey approach, which effectively collates and synthesizes existing research on side-channel analysis and rekeying techniques. While this allows for a comprehensive understanding of the topic, the lack of new experimental data or original case studies limits the depth of analysis. The article does a good job categorizing the different types of power analysis attacks and countermeasures, but it could benefit from more detailed comparisons or evaluations of these methods in real-world settings. Future studies could strengthen the methodology by incorporating experimental validation of the proposed rekeying approaches.

Validity & Reliability:

The article presents a well-supported overview of the existing literature on side-channel analysis attacks and countermeasures, particularly focusing on rekeying. However, since the research relies on secondary sources, the validity of the findings is largely dependent on the quality and relevance of the reviewed studies. While the theoretical arguments are sound, the lack of empirical evidence or practical testing of rekeying methods in actual cryptographic systems could raise questions about the generalizability of the conclusions. Including more real-world case studies or empirical data would enhance the reliability and robustness of the findings.

Clarity and Structure:

The article is clearly structured, with a logical flow that transitions smoothly from the introduction of the problem to a detailed discussion of the countermeasures, especially rekeying. The writing is generally clear, and the explanations of complex technical concepts are accessible to readers with a background in cryptography. However, some sections could benefit from further elaboration, particularly for readers unfamiliar with the specifics of side-channel analysis. The article would be strengthened by including diagrams or visual aids to help clarify the more intricate concepts discussed.

Result Analysis:

The analysis of power analysis attacks and their countermeasures is thorough, particularly in terms of discussing the advantages and limitations of rekeying techniques. The article effectively highlights the trade-offs involved in choosing between internal and external rekeying approaches. However, while the article provides a valuable theoretical comparison, it lacks detailed quantitative analysis or experimental validation to assess the effectiveness of these methods in real-world scenarios. Future research could build on this by empirically testing rekeying strategies to determine their practical utility and impact on security and system performance.