Leakage assessment methodology

Evoked by the increasing need to integrate side-channel countermeasures into security-enabled commercial devices, evaluation labs are seeking a standard approach that enables a fast, reliable and robust evaluation of the side-channel vulnerability of the given products. To this end, standardization bodies such as NIST intend to establish a leakage assessment methodology fulfilling these demands. One of such proposals is the Welch’s t test, which is being put forward by Cryptography Research Inc. and is able to relax the dependency between the evaluations and the device’s underlying architecture. In this work, we deeply study the theoretical background of the test’s different flavors and present a roadmap which can be followed by the evaluation labs to efficiently and correctly conduct the tests. More precisely, we express a stable, robust and efficient way to perform the tests at higher orders. Further, we extend the test to multivariate settings and provide details on how to efficiently and rapidly carry out such a multivariate higher-order test. Including a suggested methodology to collect the traces for these tests, we point out practical case studies where different types of t tests can exhibit the leakage of supposedly secure designs.

[1]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Tom Chothia,et al.  A Statistical Test for Information Leaks Using Continuous Mutual Information , 2011, CSF.

[3]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[4]  Akashi Satoh,et al.  Side-channel Attack user reference architecture board SAKURA-W for security evaluation of IC card , 2015, 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE).

[5]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[6]  Nicholas J. Higham,et al.  INVERSE PROBLEMS NEWSLETTER , 1991 .

[7]  Megan Wachs,et al.  Gate-Level Masking under a Path-Based Leakage Metric , 2014, CHES.

[8]  Tim Güneysu,et al.  Achieving side-channel protection with dynamic logic reconfiguration on modern FPGAs , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[9]  Yves Deville,et al.  Efficient Selection of Time Samples for Higher-Order DPA with Projection Pursuits , 2015, COSADE.

[10]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[11]  Amir Moradi,et al.  Side-Channel Security Analysis of Ultra-Low-Power FRAM-Based MCUs , 2015, COSADE.

[12]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[13]  Tim Güneysu,et al.  Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware , 2015, ACNS.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  Vincent Rijmen,et al.  A More Efficient AES Threshold Implementation , 2014, AFRICACRYPT.

[16]  Amir Moradi,et al.  How Far Should Theory Be from Practice? - Evaluation of a Countermeasure , 2012, CHES.

[17]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[18]  Tom Chothia,et al.  Statistical Measurement of Information Leakage , 2010, TACAS.

[19]  P. Rohatgi,et al.  Test Vector Leakage Assessment ( TVLA ) methodology in practice , 2013 .

[20]  Amir Moradi,et al.  Side-Channel Leakage through Static Power - Should We Care about in Practice? , 2014, CHES.

[21]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[22]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[23]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[24]  Tim Güneysu,et al.  Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs , 2015, COSADE.

[25]  Philippe Pierre Pebay,et al.  Formulas for robust, one-pass parallel computation of covariances and arbitrary-order statistical moments. , 2008 .

[26]  Ingrid Verbauwhede,et al.  Selecting Time Samples for Multivariate DPA Attacks , 2012, CHES.

[27]  Sylvain Guilley,et al.  Analysis and Improvements of the DPA Contest v4 Implementation , 2014, SPACE.

[28]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[29]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[30]  Oscar Reparaz A note on the security of Higher-Order Threshold Implementations , 2015, IACR Cryptol. ePrint Arch..

[31]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[32]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[33]  Tim Güneysu,et al.  Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives , 2015, IACR Cryptol. ePrint Arch..

[34]  Sylvain Guilley,et al.  Detecting Hidden Leakages , 2014, ACNS.

[35]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.