Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks
5G technology and IoT devices are improving efficiency and quality of life across many sectors. IoT devices are often used in open environments where they handle sensitive data. This makes them vulnerable to side-channel attacks (SCAs), where attackers can intercept and analyze the electromagnetic s...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/17/1/43 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832588450073673728 |
|---|---|
| author | Chung-Wei Kuo Wei Wei Chun-Chang Lin Yu-Yi Hong Jia-Ruei Liu Kuo-Yu Tsai |
| author_facet | Chung-Wei Kuo Wei Wei Chun-Chang Lin Yu-Yi Hong Jia-Ruei Liu Kuo-Yu Tsai |
| author_sort | Chung-Wei Kuo |
| collection | DOAJ |
| description | 5G technology and IoT devices are improving efficiency and quality of life across many sectors. IoT devices are often used in open environments where they handle sensitive data. This makes them vulnerable to side-channel attacks (SCAs), where attackers can intercept and analyze the electromagnetic signals emitted by microcontroller units (MCUs) to expose encryption keys and compromise sensitive data. To address this critical vulnerability, this study proposes a novel dynamic key replacement mechanism specifically designed for lightweight IoT microcontrollers. The mechanism integrates Moving Target Defense (MTD) with a lightweight Diffie–Hellman (D-H) key exchange protocol and AES-128 encryption to provide robust protection against SCAs. Unlike traditional approaches, the proposed mechanism dynamically updates encryption keys during each cryptographic cycle, effectively mitigating the risk of key reuse—a primary vulnerability exploited in SCAs. The lightweight D-H key exchange ensures that even resource-constrained IoT devices can securely perform key exchanges without significant computational overhead. Experimental results demonstrate the practicality and security of the proposed mechanism, achieving key updates with minimal time overhead, ranging from 12 to 50 milliseconds per encryption transmission. Moreover, the approach shows strong resilience against template attacks, with only two out of sixteen AES-128 subkeys compromised after 20,000 attack attempts—a notable improvement over existing countermeasures. The key innovation of this study lies in the seamless integration of MTD with lightweight cryptographic protocols, striking a balance between security and performance. This dynamic key replacement mechanism offers an effective, scalable, and resource-efficient solution for IoT applications, particularly in scenarios that demand robust protection against SCAs and low-latency performance. |
| format | Article |
| id | doaj-art-dbd567e8b60f498b8cb3e43b95e42d8e |
| institution | Kabale University |
| issn | 1999-5903 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Future Internet |
| spelling | doaj-art-dbd567e8b60f498b8cb3e43b95e42d8e2025-01-24T13:33:40ZengMDPI AGFuture Internet1999-59032025-01-011714310.3390/fi17010043Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel AttacksChung-Wei Kuo0Wei Wei1Chun-Chang Lin2Yu-Yi Hong3Jia-Ruei Liu4Kuo-Yu Tsai5Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, TaiwanDepartment of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, TaiwanDepartment of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, TaiwanDepartment of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, TaiwanDepartment of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, TaiwanDepartment of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan5G technology and IoT devices are improving efficiency and quality of life across many sectors. IoT devices are often used in open environments where they handle sensitive data. This makes them vulnerable to side-channel attacks (SCAs), where attackers can intercept and analyze the electromagnetic signals emitted by microcontroller units (MCUs) to expose encryption keys and compromise sensitive data. To address this critical vulnerability, this study proposes a novel dynamic key replacement mechanism specifically designed for lightweight IoT microcontrollers. The mechanism integrates Moving Target Defense (MTD) with a lightweight Diffie–Hellman (D-H) key exchange protocol and AES-128 encryption to provide robust protection against SCAs. Unlike traditional approaches, the proposed mechanism dynamically updates encryption keys during each cryptographic cycle, effectively mitigating the risk of key reuse—a primary vulnerability exploited in SCAs. The lightweight D-H key exchange ensures that even resource-constrained IoT devices can securely perform key exchanges without significant computational overhead. Experimental results demonstrate the practicality and security of the proposed mechanism, achieving key updates with minimal time overhead, ranging from 12 to 50 milliseconds per encryption transmission. Moreover, the approach shows strong resilience against template attacks, with only two out of sixteen AES-128 subkeys compromised after 20,000 attack attempts—a notable improvement over existing countermeasures. The key innovation of this study lies in the seamless integration of MTD with lightweight cryptographic protocols, striking a balance between security and performance. This dynamic key replacement mechanism offers an effective, scalable, and resource-efficient solution for IoT applications, particularly in scenarios that demand robust protection against SCAs and low-latency performance.https://www.mdpi.com/1999-5903/17/1/435GInternet of Things (IoT)side-channel attack (SCA)microcontroller unit (MCU)Diffie–Hellman (D-H)moving target defense (MTD) |
| spellingShingle | Chung-Wei Kuo Wei Wei Chun-Chang Lin Yu-Yi Hong Jia-Ruei Liu Kuo-Yu Tsai Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks Future Internet 5G Internet of Things (IoT) side-channel attack (SCA) microcontroller unit (MCU) Diffie–Hellman (D-H) moving target defense (MTD) |
| title | Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks |
| title_full | Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks |
| title_fullStr | Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks |
| title_full_unstemmed | Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks |
| title_short | Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks |
| title_sort | dynamic key replacement mechanism for lightweight internet of things microcontrollers to resist side channel attacks |
| topic | 5G Internet of Things (IoT) side-channel attack (SCA) microcontroller unit (MCU) Diffie–Hellman (D-H) moving target defense (MTD) |
| url | https://www.mdpi.com/1999-5903/17/1/43 |
| work_keys_str_mv | AT chungweikuo dynamickeyreplacementmechanismforlightweightinternetofthingsmicrocontrollerstoresistsidechannelattacks AT weiwei dynamickeyreplacementmechanismforlightweightinternetofthingsmicrocontrollerstoresistsidechannelattacks AT chunchanglin dynamickeyreplacementmechanismforlightweightinternetofthingsmicrocontrollerstoresistsidechannelattacks AT yuyihong dynamickeyreplacementmechanismforlightweightinternetofthingsmicrocontrollerstoresistsidechannelattacks AT jiarueiliu dynamickeyreplacementmechanismforlightweightinternetofthingsmicrocontrollerstoresistsidechannelattacks AT kuoyutsai dynamickeyreplacementmechanismforlightweightinternetofthingsmicrocontrollerstoresistsidechannelattacks |