The aviation industry largely depends on the reliable functioning of critical information technology infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections, data transmission, and computing systems.
The secrecy and integrity of stored or transmitted data can be generally assured by cryptographic means when no adversary has physical access to the electronic devices processing the data. This is because during the operation of such devices, some information about secret keys or sensitive data always leaks in side channels, including variation of response times, fluctuation of power use, or ultrasonic or electromagnetic wave radiation. In order to optimize security, fast encryption modes with reduced side channel leakage are needed that do not significantly increase processing time, system complexity, the size of electronic circuits, or energy usage.
Encrypted data stored in unprotected media, and messages transferred in open channels, can be manipulated by adversaries. If a Message Authentication Code (“MAC”) (which is computed from the encrypted data/ciphertext) is attached to the message or to the stored data, the system can be configured such that tampered data will never be decrypted, which means that no side channel attack can be mounted against the decryption process. However, the authentication process has still to be performed on every data block, including the blocks for the tampered data. This means that side channel attacks could still be feasible against the authentication process. If such attack is successful, an adversary discovers the authentication key which then enables him to create valid MACs for the tampered data. The attacker can use the illegitimately created MACs to create fake messages that cause direct harm. The attacker could also use the illegitimately created MACs to create specially crafted messages facilitating side channel attacks against encryption keys, or for a directed key search.
The MAC in traditional applications is generated and verified by ciphers or hash functions, which use a shared secret key for both the MAC generation and verification. This key stays constant during an attack, because even if the MAC depends on an initial value (IV) included in the message, the adversary can keep that IV and the used authentication key remains unchanged. The adversary may flip bits in the message and observe how the trace of the power versus time changes. This is the ideal circumstance for DPA-type side channel attacks against the message authentication. DPA measures the changing power signals as the device processes and encrypts data. A DPA attack records power traces and groups them by the known input bits of the block cipher.
Thus, it is desirable to have an improved system and method for generating authentication keys that mitigates side channel attacks and that does not significantly increase processing time or energy usage.