Lightweight Reconfigurable Encryption Architecture for Moving Target Defense

Symmetric encryption provides lightweight security solution to maintain data confidentiality on devices in a resource constrained scenario such as in a tactical network. However, lightweight encryption schemes are traditionally vulnerable to linear and differential cryptanalysis as well as power analysis attack when the encryption structure is known to the attacker. For tactical network devices, this is a critical concern since they often operate in hostile scenarios and lack in physical security in most cases. Moving Target Defense (MTD) is one of the key components of cyber maneuver that reshapes friendly networks and associated assets to be resilient to cyber-attacks. In this paper, we propose a lightweight reconfigurable symmetric encryption architecture, REA, which is capable of implementing a user-defined symmetric encryption scheme as an MTD mechanism. The encryption structure can be customized from device to device based on their available resource and performance requirements. Due to the reconfigurable nature of the proposed architecture, it is not possible for an attacker to directly launch the cryptanalysis or power analysis attack before committing significant resources to retrieve the encryption structure first. We implemented a reference encryption scheme on our proposed architecture in programmable logic (FPGA) and compared it to two representative symmetric encryption methods: AES and Present. Our results show that the reference encryption consumes less resources and performs faster compared to AES. Performance of the REA reference encryption is comparable with Present, which is optimized only for low resource devices and doesn´t support reconfigurability.