Comparison of Three CPU-Core Families for IoT Applications in Terms of Security and Performance of AES-GCM

Abstract

This article describes the implementation of the AES-GCM for IoT-oriented low-end 8/16/32-bit general-purpose processors. Although various aspects of implementations of the AES-GCM for high-end processors and hardware were examined in detail, the low-end processors to a lesser extent. This article estimates the speed and memory demand for various approaches to ensuring resistance to attacks, such as timing analysis and simple power analysis by ensuring the constant algorithm execution time. A particular attention is paid to the low-level multiplication implementation in GF (2128) for each architecture as a key galois/counter mode operation, because low-end processors do not have ready-made instructions for carry-less multiplication. For each AVR/MSP430/ARM Cortex-M3 processor core, a constant time implementation of carry-less multiplication is proposed, the performance of which approaches the Not Constant Time algorithm.