Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations

Evoked by the increasing need to integrate side-channel countermeasures into security-enabled commercial devices, evaluation labs are seeking a standard approach that enables a fast, reliable and robust evaluation of the side-channel vulnerability of the given products. To this end, standardization bodies such as NIST intend to establish a leakage assessment methodology fulfilling these demands. One of such proposals is the Welch's t-test, which is being put forward by Cryptography Research Inc., and is able to relax the dependency between the evaluations and the device's underlying architecture. In this talk the theoretical background of the test's different flavors are reviewed, and a roadmap is presented that can be followed by the evaluation labs to efficiently and correctly conduct the tests. More precisely, a stable, robust and efficient way to perform the tests at higher orders is expressed. Further, the test is extended to multivariate settings, and details on how to efficiently and rapidly carry out such a multivariate higher-order test are provided.

[1]  Sylvain Guilley,et al.  Analysis and Improvements of the DPA Contest v4 Implementation , 2014, SPACE.

[2]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[3]  Sandia Report,et al.  Formulas for Robust, One-Pass Parallel Computation of Covariances and Arbitrary-Order Statistical Moments , 2008 .

[4]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[5]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[6]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[7]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[8]  Tim Güneysu,et al.  Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware , 2015, ACNS.

[9]  Sylvain Guilley,et al.  Detecting Hidden Leakages , 2014, ACNS.

[10]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[11]  Ingrid Verbauwhede,et al.  Selecting Time Samples for Multivariate DPA Attacks , 2012, CHES.

[12]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[13]  Tim Güneysu,et al.  Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs , 2015, COSADE.

[14]  Akashi Satoh,et al.  Side-channel Attack user reference architecture board SAKURA-W for security evaluation of IC card , 2015, 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE).

[15]  Tom Chothia,et al.  A Statistical Test for Information Leaks Using Continuous Mutual Information , 2011, CSF.

[16]  Amir Moradi,et al.  Side-Channel Leakage through Static Power - Should We Care about in Practice? , 2014, CHES.

[17]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[18]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[19]  Amir Moradi,et al.  How Far Should Theory Be from Practice? - Evaluation of a Countermeasure , 2012, CHES.

[20]  Megan Wachs,et al.  Gate-Level Masking under a Path-Based Leakage Metric , 2014, CHES.

[21]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[22]  Tim Güneysu,et al.  Achieving side-channel protection with dynamic logic reconfiguration on modern FPGAs , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[23]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[24]  Tim Güneysu,et al.  Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives , 2015, IACR Cryptol. ePrint Arch..

[25]  P. Rohatgi,et al.  Test Vector Leakage Assessment ( TVLA ) methodology in practice , 2013 .

[26]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[27]  Yves Deville,et al.  Efficient Selection of Time Samples for Higher-Order DPA with Projection Pursuits , 2015, COSADE.

[28]  Mei Han An,et al.  accuracy and stability of numerical algorithms , 1991 .

[29]  Amir Moradi,et al.  Side-Channel Security Analysis of Ultra-Low-Power FRAM-Based MCUs , 2015, COSADE.

[30]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[31]  Tom Chothia,et al.  Statistical Measurement of Information Leakage , 2010, TACAS.

[32]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[33]  Vincent Rijmen,et al.  A More Efficient AES Threshold Implementation , 2014, AFRICACRYPT.

[34]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[35]  Oscar Reparaz A note on the security of Higher-Order Threshold Implementations , 2015, IACR Cryptol. ePrint Arch..