The aviation industry largely depends on the reliable functioning of critical information technology infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections, data transmission, and computing systems.
The secrecy and integrity of stored or transmitted data can generally be assured by cryptographic means when no adversary has physical access to the electronic devices processing the data. This is because during the operation of such devices, some information about secret keys or sensitive data always leaks in side channels, including variation of response times, fluctuation of power use, or ultrasonic or electromagnetic wave radiation. In order to optimize security, fast encryption modes with reduced side channel leakage are needed that do not significantly increase processing time, system complexity, the size of electronic circuits, or energy usage.
As shown in FIG. 1, standard Federal Information Processing Standards (FIPS)-approved XTS tweak mode encryption engines (hardware and/or software) 100 have simple structures that use standard block ciphers 102 operating with a fixed key but wherein the input and output is modified or “tweaked.” In order to generate the tweak values, which are XORed to the input (plaintext) and output (ciphertext) of the block cipher 102, the XTS tweak mode encryption engine 100 uses an iterative algorithm of repeated Galois multiplications with a simple polynomial starting with an encrypted (secret) initial value (IV).
XTS tweak encryption mode is a variant of XOR-Encrypt-XOR (XEX) type of tweakable encryption modes, that allows efficient processing of consecutive blocks (with respect to the block cipher 102 used) within one data unit (e.g., a disk sector). The tweak is represented as a combination of the sector address and index of the block inside the sector. Every ciphertext block C, is obtained using:X=EK(I)αj C=EK(P⊕X)⊕X where:                P is the plaintext;        I is the number (index) of the sector in the block, corresponding to the IV for message encryption;        α is the primitive element of the Galois field GF2128 defined by the simple polynomial x; and        j is the number (index) of the block.        
XTS tweak encryption mode can be implemented in parallel, but data blocks far from the beginning of the plaintext message need longer computation for their tweak, meaning that the computation of αj takes time proportional to log(j) even in massive parallel circuits. Therefore, at some point, more than a single clock cycle is necessary for the generation of the tweak values. This has the negative result of increasing the processing time.
Further, half of the time (in the average), simply left-shifting of αj gives αj+1, which is a regularity of the data pattern that is exploitable by side channel attacks, such as attacks based on differential power analysis (DPA). DPA measures the changing power signals as the device processes and encrypts data. A DPA attack records power traces and groups them by the known input bits of the block cipher.
Yet another problem with XTS tweak encryption mode is latency because before the encryption begins the IV has to be encrypted. This causes a delay of a full encryption operation (e.g., several clock cycles).
Thus, it is desirable to have an improved tweak mode encryption system for mitigating side channel attacks that does not significantly increase processing time or energy usage.