A Critical Analysis of ISO 17825 ('Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')

The ISO standardisation of ‘Testing methods for the mitigation of non-invasive attack classes against cryptographic modules’ (ISO/IEC 17825:2016) specifies the use of the Test Vector Leakage Assessment (TVLA) framework as the sole measure to assess whether or not an implementation of (symmetric) cryptography is vulnerable to differential side-channel attacks. It is the only publicly available standard of this kind, and the first side-channel assessment regime to exclusively rely on a TVLA instantiation.

[1]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[2]  O. J. Dunn Multiple Comparisons among Means , 1961 .

[3]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[4]  Cheng Cheng,et al.  Sample size determination for the false discovery rate , 2005, Bioinform..

[5]  Elisabeth Oswald,et al.  A Cautionary Note Regarding the Usage of Leakage Detection Tests in Security Evaluation , 2019, IACR Cryptol. ePrint Arch..

[6]  David Naccache,et al.  Temperature Attacks , 2009, IEEE Security & Privacy.

[7]  Amir Moradi,et al.  Hardware Masking, Revisited , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[8]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[9]  D. Heisey,et al.  The Abuse of Power , 2001 .

[10]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[11]  Welch Bl THE GENERALIZATION OF ‘STUDENT'S’ PROBLEM WHEN SEVERAL DIFFERENT POPULATION VARLANCES ARE INVOLVED , 1947 .

[12]  Sylvain Guilley,et al.  Side-channel leakage and trace compression using normalized inter-class variance , 2014, IACR Cryptol. ePrint Arch..

[13]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[14]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[15]  Tom Chothia,et al.  Statistical Measurement of Information Leakage , 2010, TACAS.

[16]  Peng Liu,et al.  Sample size calculation while controlling false discovery rate for differential expression analysis with RNA-sequencing experiments , 2016, BMC Bioinformatics.

[17]  Tom Chothia,et al.  A Statistical Test for Information Leaks Using Continuous Mutual Information , 2011, CSF.

[18]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[19]  Sylvain Guilley,et al.  Education and open benchmarking on side-channel analysis with the DPA contests , 2011 .

[20]  Julie Ferrigno,et al.  When AES blinks: introducing optical side channel , 2008, IET Inf. Secur..

[21]  Adrian Thillard,et al.  Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack , 2013, CHES.

[22]  Kurt Keutzer,et al.  Coverage Metrics for Functional Validation of Hardware Designs , 2001, IEEE Des. Test Comput..

[23]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[24]  Peng Liu,et al.  Quick calculation for sample size while controlling false discovery rate with application to microarray analysis , 2007, Bioinform..

[25]  Sergei P. Skorobogatov,et al.  Using Optical Emission Analysis for Estimating Contribution to Power Analysis , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[26]  S. Sawilowsky New Effect Size Rules of Thumb , 2009 .

[27]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.

[28]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[29]  François Durvaux,et al.  Towards Sound and Optimal Leakage Detection Procedure , 2017, IACR Cryptol. ePrint Arch..

[30]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[31]  Hongyu Zhao,et al.  Practical guidelines for assessing power and false discovery rate for a fixed sample size in microarray experiments , 2008, Statistics in medicine.

[32]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[33]  Kristin E. Porter Statistical Power in Evaluations That Investigate Effects on Multiple Outcomes: A Guide for Researchers , 2016 .

[34]  L. Hedges Challenges in Building Usable Knowledge in Education , 2018 .

[35]  S. Holm A Simple Sequentially Rejective Multiple Test Procedure , 1979 .

[36]  Clifford J. Maloney,et al.  Systematic mistake analysis of digital computer programs , 1963, CACM.

[37]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[38]  B. Efron Size, power and false discovery rates , 2007, 0710.2245.

[39]  Z. Šidák Rectangular Confidence Regions for the Means of Multivariate Normal Distributions , 1967 .

[40]  François Durvaux,et al.  From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces , 2016, EUROCRYPT.