物聯網之智慧應用系統中加密金鑰保護機制的強化與實作

Enhancement and Implementation of Encryption Key Protection Mechanisms in Smart Applications of IoT Systems

郭崇韋(Chung-Wei Kuo)；魏巍(Wei Wei)；林駿璋(Chun-Chang Lin)；洪宇義(Yu-Yi Hong)；劉嘉瑞(Jia-Ruei Liu)

第五代行動通訊技術（5G） ； 旁通道攻擊（SCA） ； AES-128 ； Wi-Fi ； Arduino UNO ； 無線射頻辨識（RFID） ； 5G ； Internet of Things ； Side-channel attacks ； AES-128 ； Wi-Fi ； Arduino UNO ； Radio Frequency Identification

資訊安全通訊

30卷3期（2024 / 08 / 01）

20 - 40

繁體中文;英文

隨著第五代行動通訊技術（5G）的穩定發展，物聯網（Internet of Things, IoT）的應用日益廣泛，許多環境中透過物聯網裝置來提升工作效率和生活品質。然而，在公開且未受保護的環境中，這些裝置往往承載著敏感個人資料，並面臨來自旁通道攻擊（Side-channel Attacks, SCA）的嚴重威脅。微控制器在進行加密運算時，可能會無意間釋放出特徵電磁訊號，這些訊號若遭到攻擊者截取並分析，將可能導致加密金鑰的洩漏，進而造成敏感資訊的暴露。為了解決這一問題，本文提出了一種輕量級的AES-128加密金鑰保護機制，該機制能有效運行於物聯網微控制器中，並增強其抵抗旁通道攻擊的能力。在本文中，我們利用Wi-Fi無線模組和Arduino UNO開發了一個具備無線通訊功能的智慧門禁卡管理系統，模擬門禁卡在RFID讀取器感應過程中遭到ID竊取的情境。通過設計跳動式變更金鑰機制，該方案能夠隨時間動態更新金鑰，有效抵禦以功率分析為基礎的旁通道攻擊，從而保障加密金鑰的安全性。實驗結果證明，本機制能顯著提升物聯網裝置在智慧應用系統中的安全性，減少潛在的資料洩漏風險。

The advent of fifth-generation mobile communication (5G) technology has facilitated the proliferation of Internet of Things (IoT) applications, which have become pervasive across diverse settings, enhancing efficiency and quality of life. However, in open and unprotected environment, these devices often carry sensitive personal data, rendering them susceptible to significant risks posed by side-channel attacks (SCA). It is possible that microcontrollers which are performing encryption operations may unintentionally emit characteristic electromagnetic signals. Should these signals be intercepted and analyzed by an unauthorized third party, the encryption keys they contain could be compromised, resulting in the leakage of sensitive information. To address this issue, we propose a lightweight AES-128 encryption key protection mechanism that can be effectively implemented on IoT microcontrollers, thereby enhancing their resistance to side-channel attacks. In this study, we developed a smart access control Radio Frequency Identification (RFID) management system equipped with wireless communication capabilities, utilizing a Wi-Fi module and Arduino UNO. This system simulates scenarios in which identity theft occurs during the RFID card sensing process. By designing a dynamic key-hopping mechanism, our solution enables the encryption key to be periodically updated, effectively resisting power analysis-based side-channel attacks and ensuring the security of the encryption key. The experimental results demonstrate that our mechanism significantly improves the security of IoT devices within smart application systems, thereby reducing the risk of potential data leakage.