The aviation industry largely depends on the reliable functioning of critical information technology infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections, data transmission, and computing systems.
The secrecy and integrity of stored or transmitted data can generally be assured by cryptographic means when no adversary has physical access to the electronic devices processing the data. This is because during the operation of such devices, some information about secret keys or sensitive data always leaks in side channels, including variation of response times, fluctuation of power use, or ultrasonic or electromagnetic wave radiation. In order to optimize security, fast encryption modes with reduced side channel leakage are needed that do not significantly increase processing time, system complexity, the size of electronic circuits, or energy usage.
Standard Federal Information Processing Standards (FIPS)-approved counter encryption engines are stream ciphers that have simple structures. As shown in FIG. 1, the prior art counter encryption engine (hardware and/or software) 100 consists of a counter and a series of block ciphers 102. The counter is initialized by a “nonce,” which means a number used once that practically never repeats. The nonce can be a sequence number, the current value of a real time clock, or a long enough random number such that the chance of repetition is negligible. The input of each block cipher 102 is based on the value of the counter. Each time a message block is processed by a block cipher 102, the counter value is incremented and encrypted with the same secret key that is used for all the block ciphers 102. The resulting stream is a sequence of the encrypted counter which is then XORed to the plaintext (the message that needs to be encrypted), to obtain the ciphertext (the encrypted message). Decryption of the plaintext message is exactly the opposite of the encryption process just described, wherein the stream of output blocks of the block cipher 102 is XORed to the ciphertext of the message. This cancels out the encryption operation, thereby leaving the plaintext message as the result.
In such prior art counter mode encryption engines 100, even if the counter is incremented by a large constant instead of 1, the low order bits exhibit very short cycles. Thus, while the encryption engine 100 is fully parallelizable, the simple generation of the input for each of the block ciphers 102 makes the engine 100 prone to certain side channel attacks, like attacks based on differential power analysis (DPA). DPA measures the changing power signals as the device processes and encrypts data. A DPA attack records power traces and groups them by the known input bits of the block cipher. For example, if an attacker can provide the plaintext message for the counter mode encryption engine 100, the attacker may XOR the plaintext to the ciphertext. The result is the sequence of the encrypted counter values, which provides an ideal scenario for a DPA attack.
Published proprietary algorithms for side channel leakage prevention are slow and consume a lot of energy, such as key rolling techniques. Thus, it is desirable to have an improved counter mode encryption system for mitigating side channel attacks.