Author
Listed:
- Chung-Wei Kuo
(Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan)
- Wei Wei
(Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan)
- Chun-Chang Lin
(Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan)
- Yu-Yi Hong
(Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan)
- Jia-Ruei Liu
(Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan)
- Kuo-Yu Tsai
(Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan)
Abstract
5G technology and IoT devices are improving efficiency and quality of life across many sectors. IoT devices are often used in open environments where they handle sensitive data. This makes them vulnerable to side-channel attacks (SCAs), where attackers can intercept and analyze the electromagnetic signals emitted by microcontroller units (MCUs) to expose encryption keys and compromise sensitive data. To address this critical vulnerability, this study proposes a novel dynamic key replacement mechanism specifically designed for lightweight IoT microcontrollers. The mechanism integrates Moving Target Defense (MTD) with a lightweight Diffie–Hellman (D-H) key exchange protocol and AES-128 encryption to provide robust protection against SCAs. Unlike traditional approaches, the proposed mechanism dynamically updates encryption keys during each cryptographic cycle, effectively mitigating the risk of key reuse—a primary vulnerability exploited in SCAs. The lightweight D-H key exchange ensures that even resource-constrained IoT devices can securely perform key exchanges without significant computational overhead. Experimental results demonstrate the practicality and security of the proposed mechanism, achieving key updates with minimal time overhead, ranging from 12 to 50 milliseconds per encryption transmission. Moreover, the approach shows strong resilience against template attacks, with only two out of sixteen AES-128 subkeys compromised after 20,000 attack attempts—a notable improvement over existing countermeasures. The key innovation of this study lies in the seamless integration of MTD with lightweight cryptographic protocols, striking a balance between security and performance. This dynamic key replacement mechanism offers an effective, scalable, and resource-efficient solution for IoT applications, particularly in scenarios that demand robust protection against SCAs and low-latency performance.
Suggested Citation
Chung-Wei Kuo & Wei Wei & Chun-Chang Lin & Yu-Yi Hong & Jia-Ruei Liu & Kuo-Yu Tsai, 2025.
"Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks,"
Future Internet, MDPI, vol. 17(1), pages 1-24, January.
Handle:
RePEc:gam:jftint:v:17:y:2025:i:1:p:43-:d:1570178
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:43-:d:1570178. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.