Statistics and Secret Leakage
- 730 Downloads
In addition to its usual complexity assumptions, cryptography silently assumes that information can be physically protected in a single location. As one can easily imagine, real-life devices are not ideal and information may leak through different physical channels.
This paper gives a rigorous definition of leakage immunity and presents several leakage detection tests. In these tests, failure confirms the probable existence of secret-correlated emanations and indicates how likely the leakage is. Success does not refute the existence of emanations but indicates that significant emanations were not detected on the strength of the evidence presented, which of course, leaves the door open to reconsider the situation if further evidence comes to hand at a later date.
KeywordsLeakage Detection Rigorous Definition Input Tape Usual Complexity Complexity Assumption
Unable to display preview. Download preview PDF.
- 1.R. Anderson, M. Kuhn, Tamper resistance-a cautionary note, The second USBNix workshop on electronic commerce, pp. 1–11, 1996.Google Scholar
- 3.E. Biham, A. Shamir, Differential fault analysis of secret key cryptosys-tems, Advances in Cryptology CRYPTO’97, Springer-Verlag, LNCS 1233, pp. 513–525, 1997.Google Scholar
- 4.D. Boneh, R. DeMillo, R. Lipton, On the importance of checking cryptographic protocols for faults, Advances in Cryptology burocrypt’97, Springer-Verlag, LNCS 1233, pp. 37–51, 1997.Google Scholar
- 6.J.-S. Coron, On the security of random sources, Proceedings of PKC’99, Springer-Verlag, LNCS 1560, pp. 29–42, 1999.Google Scholar
- 7.F. Edgeworth, Observations and statistics: an essay on the theory of errors of observation and the first principles of statistics, Transactions of the Cambridge philosophical society, vol. 14, pp. 138–169, 1885.Google Scholar
- 8.International Organization for Standardization and International Elec-trotechnical Commission, ISO/IEC 15408-l:1999(E), Information technology-Security techniques-Evaluation criteria for IT security, 1999.Google Scholar
- 9.B. Jun, P. Kocher, The Intel random number generator, Cryptography Research white paper, http://www.cryptography.com/intelRNG_OnlinePDF.pdf, 1999.
- 11.D. Knuth, The art of computer programming, vol. 2, Seminunierical algorithms, Addison-Wesley. Reading, pp. 2–160. 1969.Google Scholar
- 12.P. Kocher. J. Jaffe, B. Jun, Differential power analysis, Advances in Cryp-tology crypto’99, Springer-Verlag, LNCS 1666, pp. 388–397, 1999.Google Scholar
- 13.P. Kocher. Timing attacks on implementations of DifEe-Hellman, USA. DSS, and other systems, Advances in Cryptology crypto’96, Springer-Verlag, LNCS 1109, pp. 104–113, 1996.Google Scholar
- 14.O. Kömmerling, M. Kuhn, Design principles for tamper-resistant smart-card processors, Proceedings of the usenix workshop on smartcard technology, pp. 9–20, 1999.Google Scholar
- 15.R. Langlcy, Practical statistics, Dover publications, Now-York, 1968.Google Scholar
- 16.M. Luby, Pseudorandomness and cryptographic applications, Princeton computer science notes, 1996.Google Scholar
- 18.C. Mead, L. Conway, Introduction to VLSI systems, Addison-Wesley, pp. 333–371, 1980.Google Scholar
- 19.I. Miller, J. Frcund, R. Johnson, Probability and statistics for cnginncrs, Prentice Hill, 1990.Google Scholar
- 20.National Institute of Standards and Technology, Federal Information Processing Standards Publication 140-1, Security requirements for cryptographic modules January 11, 1994.Google Scholar
- 21.SEPF88, Primo simposio nazionale,su sicurezza elettromagnetica nella pro-tezione dell’informazione, Rome (Italy), pp. 1–205, 1988.Google Scholar
- 22.SEPI’91, Symposium on electromagnetic security for information protection, Rome (Italy), pp. 1–311, 1991.Google Scholar
- 23.N. Weste, K. Eshraghian, Principles of CMOS VLSI design, Addison-Wesley, pp. 231–238, 1993.Google Scholar