Side-channel security analysis of UOV signature for cloud-based Internet of Things

Among Internet of Things (IoTs), cloud-based IoTs help retain the confidentiality of both device-to-cloud and cloud-to-device messages by setting up individual identities and credentials for each IoT devices. As recently been emphasized by two American institutes, National Institute of Standards and Technology (NIST) and National Security Agency (NSA), cloud-based IoTs that use RSA and ECC signatures are insecure under quantum computer attacks. To ensure the security in the cloud-based IoTs under quantum computer attacks, there is a critical need for implementations of new quantum-resistance signature systems, such as Unbalanced Oil and Vinegar (UOV), for making the cloud-based IoTs more secure and reliable. In order to analyze the security of UOV for cloud-based IoTs, we present an efficient algorithm based on side channel analysis of UOV, which combines inducing faults and Hamming distance power analysis. We implement UOV signature schemes on Sakura-G FPGA board via using Verilog-HDL code and Xilinx ISE software, where the power collection uses a 350 MHz Keysights oscilloscope. Based on the experimental results, we successfully recover all the secret keys of UOV signature, which shows that we should protect UOV and related signatures against side channel attacks when they are adopted in cloud-based IoTs.