Advertisement

Journal of Cryptographic Engineering

, Volume 6, Issue 2, pp 85–99 | Cite as

Leakage assessment methodology

Extended version
  • Tobias SchneiderEmail author
  • Amir Moradi
CHES 2015

Abstract

Evoked by the increasing need to integrate side-channel countermeasures into security-enabled commercial devices, evaluation labs are seeking a standard approach that enables a fast, reliable and robust evaluation of the side-channel vulnerability of the given products. To this end, standardization bodies such as NIST intend to establish a leakage assessment methodology fulfilling these demands. One of such proposals is the Welch’s t test, which is being put forward by Cryptography Research Inc. and is able to relax the dependency between the evaluations and the device’s underlying architecture. In this work, we deeply study the theoretical background of the test’s different flavors and present a roadmap which can be followed by the evaluation labs to efficiently and correctly conduct the tests. More precisely, we express a stable, robust and efficient way to perform the tests at higher orders. Further, we extend the test to multivariate settings and provide details on how to efficiently and rapidly carry out such a multivariate higher-order test. Including a suggested methodology to collect the traces for these tests, we point out practical case studies where different types of t tests can exhibit the leakage of supposedly secure designs.

Keywords

Side-channel analysis Leakage assessment t test Countermeasure Masking 

Notes

Acknowledgments

The research in this work was supported in part by the DFG Research Training Group GRK 1817/1.

References

  1. 1.
    Side-channel AttacK User Reference Architecture. http://satoh.cs.uec.ac.jp/SAKURA/index.html. Accessed 10 Feb 2016
  2. 2.
    Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.: On the Cost of Lazy Engineering for Masked Software Implementations. In: Smart Card Research and Advanced Applications - CARDIS 2014, volume 8968 of Lecture Notes in Computer Science, pp. 64–81 (2014)Google Scholar
  3. 3.
    Bhasin, S., Bruneau, N., Danger, J., Guilley, S., Najm, Z.: Analysis and Improvements of the DPA Contest v4 Implementation. In: Security, Privacy, and Applied Cryptography Engineering—4th International Conference, SPACE 2014, volume 8804 of Lecture Notes in Computer Science, pp. 201–218. Springer (2014)Google Scholar
  4. 4.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A More Efficient AES Threshold Implementation. In: Progress in Cryptology - AFRICACRYPT 2014, volume 8469 of Lecture Notes in Computer Science, pp. 267–284. Springer (2014)Google Scholar
  5. 5.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-Order Threshold Implementations. In: Advances in Cryptology—ASIACRYPT 2014, Part II, volume 8874 of Lecture Notes in Computer Science, pp. 326–343. Springer (2014)Google Scholar
  6. 6.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Cryptographic Hardware and Embedded Systems—CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer (2004)Google Scholar
  7. 7.
    Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical Measurement of Information Leakage. In: Tools and Algorithms for the Construction and Analysis of Systems—TACAS 2010, volume 6015 of Lecture Notes in Computer Science, pp. 390–404. Springer (2010)Google Scholar
  8. 8.
    Chothia, T., Guha, A.: A Statistical Test for Information Leaks Using Continuous Mutual Information. In: IEEE Computer Security Foundations Symposium—CSF 2011, pp. 177–190. IEEE Computer Society (2011)Google Scholar
  9. 9.
    Cooper, J., Demulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test Vector Leakage Assessment (TVLA) Methodology in Practice. International Cryptographic Module Conference (2013). http://icmc-2013.org/wp/wp-content/uploads/2013/09/goodwillkenworthtestvector.pdf
  10. 10.
    Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N., Mairy, J.-B., Deville, Y.: Efficient Selection of Time Samples for Higher-Order DPA with Projection Pursuits. In: Constructive Side-Channel Analysis and Secure Design—COSADE 2015, volume 9064 of Lecture Notes in Computer Science. Springer (2015)Google Scholar
  11. 11.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Cryptographic Hardware and Embedded Systems—CHES 2008, volume 5154 of Lecture Notes in Computer Science, pp. 426–442. Springer (2008)Google Scholar
  12. 12.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST non-invasive attack testing workshop (2011). http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf
  13. 13.
    Higham, N.J.: Accuracy and Stability of Numerical Algorithms, 2nd edn. Society for Industrial and Applied Mathematics, Philadelphia, PA (2002). ISBN: 0898715210Google Scholar
  14. 14.
    Kizhvatov, I., Witteman, M.: Academic vs. industrial perspective on SCA, and an industrial innovation. Short talk at COSADE 2013Google Scholar
  15. 15.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Advances in Cryptology—CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer (1999)Google Scholar
  16. 16.
    Leiserson, A.J., Marson, M.E., Wachs, M.A.: Gate-Level Masking under a Path-Based Leakage Metric. In: Cryptographic Hardware and Embedded Systems—CHES 2014, volume 8731 of Lecture Notes in Computer Science, pp. 580–597. Springer (2014)Google Scholar
  17. 17.
    Mather, L., Oswald, E., Bandenburg, J., Wójcik, M.: Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests. In: Advances in Cryptology—ASIACRYPT 2013, Part I, volume 8269 of Lecture Notes in Computer Science, pp. 486–505. Springer (2013)Google Scholar
  18. 18.
    Moradi, A.: Statistical Tools Flavor Side-Channel Collision Attacks. In: Advances in Cryptology–EUROCRYPT 2012, volume 7237 of Lecture Notes in Computer Science, pp. 428–445. Springer (2012)Google Scholar
  19. 19.
    Moradi, A.: Side-Channel Leakage through Static Power—Should We Care about in Practice? In: Cryptographic Hardware and Embedded Systems—CHES 2014, volume 8731 of Lecture Notes in Computer Science, pp. 562–579. Springer (2014)Google Scholar
  20. 20.
    Moradi, A., Guilley, S., Heuser, A.: Detecting Hidden Leakages. In: Applied Cryptography and Network Security Conference, ACNS 2014, volume 8479 of Lecture Notes in Computer Science, pp. 324–342. Springer (2014)Google Scholar
  21. 21.
    Moradi, A., Hinterwaelder, G.: Side-Channel Security Analysis of Ultra-Low-Power FRAM-based MCUs. In: Constructive Side-Channel Analysis and Secure Design—COSADE 2015, volume 9064 of Lecture Notes in Computer Science. Springer (2015)Google Scholar
  22. 22.
    Moradi, A., Mischke, O.: How Far Should Theory Be from Practice? - Evaluation of a Countermeasure. In: Cryptographic Hardware and Embedded Systems—CHES 2012, volume 7428 of Lecture Notes in Computer Science, pp. 92–106. Springer (2012)Google Scholar
  23. 23.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Advances in Cryptology—EUROCRYPT 2011, volume 6632 of Lecture Notes in Computer Science, pp. 69–88. Springer (2011)Google Scholar
  24. 24.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.: RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: Design, Automation and Test in Europe Conference, DATE 2012, pp. 1173–1178. IEEE (2012)Google Scholar
  25. 25.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. J. Cryptol. 24(2), 292–321 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Pébay, P.: Formulas for Robust, One-Pass Parallel Computation of Covariances and Arbitrary-Order Statistical Moments. Sandia Report SAND2008-6212, Sandia National Laboratories (2008)Google Scholar
  27. 27.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wang, H., Ling, S.: Side-Channel Resistant Crypto for Less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Prouff, E., Rivain, M., Bevan, R.: Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Reparaz, O.: A note on the security of Higher-Order Threshold Implementations. Cryptology ePrint Archive, Report 2015/001 (2015) http://eprint.iacr.org/
  30. 30.
    Reparaz, O., Gierlichs, B., Verbauwhede, I.: Selecting Time Samples for Multivariate DPA Attacks. In: Cryptographic Hardware and Embedded Systems—CHES 2012, volume 7428 of Lecture Notes in Computer Science, pp. 155–174. Springer (2012)Google Scholar
  31. 31.
    Sasdrich, P., Mischke, O., Moradi, A., Güneysu, T.: Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware. In: Constructive Side-Channel Analysis and Secure Design—COSADE 2015, volume 9064 of Lecture Notes in Computer Science. Springer (2015)Google Scholar
  32. 32.
    Sasdrich, P., Moradi, A., Mischke, O., Güneysu, T.: Achieving Side-Channel Protection with Dynamic Logic Reconfiguration on Modern FPGAs. In: Symposium on Hardware-Oriented Security and Trust—HOST 2015, pp. 130–136. IEEE (2015)Google Scholar
  33. 33.
    Schneider, T., Moradi, A., Güneysu, T.: Arithmetic Addition over Boolean Masking—Towards First- and Second-Order Resistance in Hardware. In: Applied Cryptography and Network Security—ACNS 2015, Lecture Notes in Computer Science, pp. 517–536. Springer (2015)Google Scholar
  34. 34.
    Standaert, F., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The World Is Not Enough: Another Look on Second-Order DPA. In: Advances in Cryptology—ASIACRYPT 2010, volume 6477 of Lecture Notes in Computer Science, pp. 112–129. Springer (2010)Google Scholar
  35. 35.
    TELECOM ParisTech. DPA Contest (\(4^\text{ th }\) edition), 2013–2015. http://www.DPAcontest.org/v4/
  36. 36.
    Wild, A., Moradi, A., Güneysu, T.: Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs. In: Constructive Side-Channel Analysis and Secure Design—COSADE 2015, volume 9064 of Lecture Notes in Computer Science. Springer (2015)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT-SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations