Secure GCM implementation on AVR

In Internet of Things (IoT), sensor devices should deliver the collected sensor data to the server after the data is encrypted. The encrypted data cannot be eavesdropped by adversaries but the side channel information including clock cycles and power consumption patterns during encryption operations can leak the secret information. For this reason, cryptography engineering should prevent potential threats by designing the cryptography functions in secure manner. In this paper, we explore the feasible side channel attacks on cryptography operations, particularly polynomial multiplication for Galois/Counter Mode of operation (GCM). We perform the horizontal Correlation Power Analysis (CPA) on the most well-known Lopez et al.'s polynomial multiplication and successfully extract the secret values from power consumption patterns. In order to prevent proposed attack model, we suggest a masked polynomial multiplication, ensuring a regular and constant-time solution without potential vulnerabilities including Look-up Table (LUT) access and branch statements. With proposed polynomial multiplication, we suggest the secure and efficient implementation of GCM on the low-end embedded processor. Finally, we further explore the long polynomial multiplication for Elliptic Curve Cryptography (ECC) operations. We exploit the combination of Karatsuba algorithm and proposed masked polynomial multiplication, which achieved the practically fast polynomial multiplication on embedded processors.