A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version)

The fair evaluation and comparison of side-channel attacks and countermeasures has been a long standing open question, limiting further developments in the field. Motivated by this challenge, this work makes a step in this direction and proposes a framework for the analysis of cryptographic implementations that includes a theoretical model and an application methodology. The model is based on commonly accepted hypotheses about side-channels that computations give rise to. It allows quantifying the effect of practically relevant leakage functions with a combination of information theoretic and security metrics, measuring the quality of an implementation and the strength of an adversary, respectively. From a theoretical point of view, we demonstrate formal connections between these metrics and discuss their intuitive meaning. From a practical point of view, the model implies a unified methodology for the analysis of side-channel key recovery attacks. The proposed solution allows getting rid of most of the subjective parameters that were limiting previous specialized and often ad hoc approaches in the evaluation of physically observable devices. It typically determines the extent to which basic (but practically essential) questions such as "How to compare two implementations? " or "How to compare two side-channel adversaries? " can be answered in a sound fashion.

[1]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[2]  Robert B. Ash,et al.  Information Theory , 2020, The SAGE International Encyclopedia of Mass Media and Society.

[3]  J.-M. Goethals,et al.  IEEE international symposium on information theory , 1981 .

[4]  Dennis G. Abraham,et al.  Transaction Security System , 1991, IBM Syst. J..

[5]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[6]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[7]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[8]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[9]  L. Goubin,et al.  DES and Differential Power Analysis , 1999 .

[10]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[11]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[14]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[15]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[16]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[17]  Silvio Micali,et al.  Physically Observable Cryptography , 2003, IACR Cryptol. ePrint Arch..

[18]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[19]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[20]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[21]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[22]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[23]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[24]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[25]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[26]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[27]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[28]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[29]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[30]  L. Johnson,et al.  Minimum Security Requirements for Federal Information and Information Systems , 2006 .

[31]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[32]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[33]  Eric Peeters,et al.  Towards Security Limits in Side-Channel Attacks , 2006, CHES.

[34]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[35]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[36]  Eric Peeters,et al.  Towards security limits in side-channel attacks (with an application to block ciphers) , 2006 .

[37]  Moti Yung,et al.  A Block Cipher based PRNG Secure Against Side-Channel Key Recovery , 2007, IACR Cryptol. ePrint Arch..

[38]  Jean-Jacques Quisquater,et al.  Information Theoretic Evaluation of Side-Channel Resistant Logic Styles , 2007, CHES.

[39]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[40]  Stefan Mangard,et al.  Power Analysis Attacks and Countermeasures , 2007, IEEE Design & Test of Computers.

[41]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[42]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers , 2008 .

[43]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[44]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - Ches 2007 , 2008 .

[45]  Moti Yung,et al.  A block cipher based pseudo random number generator secure against side-channel key recovery , 2008, ASIACCS '08.

[46]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[47]  Michael Backes,et al.  Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks , 2008, ESORICS.

[48]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[49]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .