• PDF / 316,699 Bytes
• 13 Pages / 439.37 x 666.142 pts Page_size
• 70 Downloads / 196 Views

DOWNLOAD

REPORT

Abstract. We describe a fast technique for performing the computationally heavy part of leakage assessment, in any statistical moment (or other property) of the leakage samples distributions. The proposed technique outperforms by orders of magnitude the approach presented at CHES 2015 by Schneider and Moradi. We can carry out evaluations that before took 90 CPU-days in 4 CPU-hours (about a 500-fold speedup). As a bonus, we can work with exact arithmetic, we can apply kernel-based density estimation methods, we can employ arbitrary preprocessing functions such as absolute value to power traces, and we can perform information-theoretic leakage assessment. Our trick is simple and elegant, and lends itself to an easy and compact implementation. We fit a prototype implementation in about 130 lines of C code. Keywords: Leakage assessment analysis · Countermeasure

1

· Efficient computation · Side-channel

Introduction

Implementations of cryptographic protocols and algorithms often need to be protected against side-channel attacks. This is true for devices all along the range from tiny embedded compute platforms, where an adversary is able to perform local attacks (power [KJJ99], EM [QS01,GMO01], etc.), to cloud infrastructure, where an attacker is able to perform remote attacks (timing attacks [BB03], cache attacks [Per05], etc.). There is a large variety of countermeasures, some are ad-hoc, others are supported by theory, some protect against specific attacks, others protect against families of attacks, etc. However, most countermeasures have in common that it is not easy to implement them properly, and thus the effectiveness of their implementation needs to be carefully validated. This is done by physical testing. The most common, classical approach is to apply relevant attacks and assess the effort that is required to break the implementation. An advantage of this approach is that one gets a good view on the security level provided by the implementation. A disadvantage is that the approach can be extensive, time consuming and costly. Indeed, an attack may comprise many steps (sample preparation, data acquisition, pre-processing, analysis, post-processing, key enumeration) and for each step there are many possible techniques, and there are many relevant attacks. c International Association for Cryptologic Research 2017  W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 387–399, 2017. DOI: 10.1007/978-3-319-66787-4 19

388

O. Reparaz et al.

Leakage assessment is a fundamentally different approach. It was introduced by Coron, Naccache and Kocher [CKN00,CNK04] after the publication of Differential Power Analysis [KJJ99] as a procedure to assess side-channel information leakage. In brief, leakage assessment techniques allow to assess whether a device leaks information that might be exploitable by side-channel attacks. The approach gained momentum in security evaluations of countermeasures against side-channel attacks in academia [BGN+14,SM15,DCE16] after it resurfaced in publications by Cryptography Research Inc. [

Recommend Documents

Research on Online Leakage Assessment

165 21 60MB

Fast Image Quality Assessment via Hash Code

176 43 383KB

Leakage Assessment Through Neural Estimation of the Mutual Information

206 3 39MB

Fast Cluster Tendency Assessment for Big, High-Dimensional Data

166 60 7MB

A Strategic Assessment of Huawei into the Fast Future

189 103 5MB

Psychometric Performance of the Miller Forensic Assessment of Symptoms Test (M-FAST) in Veteran PTSD Assessment

140 34 664KB

Leakage Resilient Password Systems

187 1 3MB

Magnetic Flux Leakage Testing

192 95 861KB

Deep Leakage from Gradients

190 98 27MB

Investigating an assessment model of system oil leakage considering failure dependence

145 29 1MB

Assessment of intraoperative use of indocyanine green fluorescence imaging on the incidence of anastomotic leakage after

148 54 4MB

Leakage Modelling for Pipeline

187 34 6MB