Dynamic Key Replacement Mechanism for Lightweight Internet of Things Microcontrollers to Resist Side-Channel Attacks

Chung-Wei Kuo, Wei Wei, Chun-Chang Lin, Yu-Yi Hong, Jia-Ruei Liu and Kuo-Yu Tsai ()
Additional contact information
Chung-Wei Kuo: Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan
Wei Wei: Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan
Chun-Chang Lin: Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan
Yu-Yi Hong: Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan
Jia-Ruei Liu: Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan
Kuo-Yu Tsai: Department of Information Engineering and Computer Science, Feng-Chia University, Taichung City 407, Taiwan

Future Internet, 2025, vol. 17, issue 1, 1-24

Abstract: 5G technology and IoT devices are improving efficiency and quality of life across many sectors. IoT devices are often used in open environments where they handle sensitive data. This makes them vulnerable to side-channel attacks (SCAs), where attackers can intercept and analyze the electromagnetic signals emitted by microcontroller units (MCUs) to expose encryption keys and compromise sensitive data. To address this critical vulnerability, this study proposes a novel dynamic key replacement mechanism specifically designed for lightweight IoT microcontrollers. The mechanism integrates Moving Target Defense (MTD) with a lightweight Diffie–Hellman (D-H) key exchange protocol and AES-128 encryption to provide robust protection against SCAs. Unlike traditional approaches, the proposed mechanism dynamically updates encryption keys during each cryptographic cycle, effectively mitigating the risk of key reuse—a primary vulnerability exploited in SCAs. The lightweight D-H key exchange ensures that even resource-constrained IoT devices can securely perform key exchanges without significant computational overhead. Experimental results demonstrate the practicality and security of the proposed mechanism, achieving key updates with minimal time overhead, ranging from 12 to 50 milliseconds per encryption transmission. Moreover, the approach shows strong resilience against template attacks, with only two out of sixteen AES-128 subkeys compromised after 20,000 attack attempts—a notable improvement over existing countermeasures. The key innovation of this study lies in the seamless integration of MTD with lightweight cryptographic protocols, striking a balance between security and performance. This dynamic key replacement mechanism offers an effective, scalable, and resource-efficient solution for IoT applications, particularly in scenarios that demand robust protection against SCAs and low-latency performance.

Keywords: 5G; Internet of Things (IoT); side-channel attack (SCA); microcontroller unit (MCU); Diffie–Hellman (D-H); moving target defense (MTD); AES-128 (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/1/43/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/1/43/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:1:p:43-:d:1570178

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().