Non-Invasive Attacks Testing: Feedback on Relevant Methods

Testable security is a key concept in FIPS 140 standards. The application of this method to non-invasive attacks is a hot topic, both for FIPS 140-3 and forthcoming ISO 17825. This paper provides insights on relevant methodologies, based on realworld case studies. Our main point is that testing divides into two tasks, namely “leakage detection” and “leakage analysis”. The first task is by far the less covered in the public literature. It involves techniques like sensor selection, device under test cartography, time-frequency signal analysis, and variance tests. It must be fast (and is ideally online) as the detection shall be tested on various time samples and X−Y (Z− θ) positions. The second task is more mature, and basically already drafted in ISO 17825. Obviously, basic distinguishers, aimed to detect simple albeit generic leakages with a low computational overhead are preferred.

[1]  Sylvain Guilley,et al.  Electromagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack on a Cryptographic Module , 2009, TRETS.

[2]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Sylvain Guilley,et al.  Silicon-level Solutions to Counteract Passive and Active Attacks , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[5]  S S Stevens,et al.  On the Theory of Scales of Measurement. , 1946, Science.

[6]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[7]  Marcin Wójcik,et al.  A Comparison of Statistical Techniques for Detecting Side-Channel Information Leakage in Cryptographic Devices , 2013, IACR Cryptol. ePrint Arch..

[8]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[9]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[10]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[11]  Sylvain Guilley,et al.  Efficient Dual-Rail Implementations in FPGA Using Block RAMs , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[12]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[13]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[14]  Sylvain Guilley,et al.  Wavelet transform based pre-processing for side channel analysis , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.

[15]  Sylvain Guilley,et al.  On the Optimality of Correlation Power Attack on Embedded Cryptographic Systems , 2012, WISTP.