Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015
Motivation Physical Attacks & Countermeasures input output … input output Timing, Power, EM, etc. Countermeasures: • Masking Higher-order Attacks • Hiding Univariate Multivariate Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 2
Motivation Security Evaluation Does the chip leak information? Problem: Evaluation is not trivial. Non-Invasive Attack Testing Workshop, 2011 Goal: Establish testing methodology capable of robustly assessing the physical vulnerability of cryptographic devices. Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 3
Motivation Attack-based Testing Perform state-of-the-art attacks on the device under test (DUT) Attacks Intermediate Leakage Types: Values: Models: • DPA • Sbox In • HW × × • CPA • Sbox Out • HD • MIA • Sbox In/Out • Bit • … • … • … Problems: • High computational complexity • Requires lot of expertise • Does not cover all possible attack vectors Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 4
Motivation Information-theoretic Testing Computation of Mutual/Perceived Information Problems: • High computational complexity • Cannot focus on one statistical moment • Dependent on density estimation • Does not cover all possible attack vectors Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 5
Motivation Testing based on t -Test Tries to detect any type of leakage at a certain order • Proposed by CRI at NIST workshop Advantages: • Independent of architecture • Independent of attack model • Fast & simple • Versatile Problems: • No information about hardness of attack • Possible false positives if no care about evaluation setup Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 6
Outline 4. Efficient Computation 1. Statistical Background 5. Conclusion 2. Testing Methodology 3. Correct Measurement Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 7
Statistical Background • t -Test Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 8
Statistical Background t -Test Sample 𝑅 0 Sample 𝑅 1 Null Hypothesis: Two population means are equal. Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 9
Statistical Background t -Test Sample 𝑅 0 Sample 𝑅 1 𝜈 1 𝜈 0 Sample mean: 2 2 𝑡 1 𝑡 0 Sample variance: 𝑜 1 𝑜 0 Sample size: 2 2 2 𝑜 0 + 𝑡 1 𝑡 0 𝑜 1 t = 𝜈 0 − 𝜈 1 v = 𝑢 -test statistic Degree of freedom 2 2 2 2 𝑡 0 𝑡 1 2 2 𝑜 0 + 𝑡 1 𝑡 0 𝑜 0 𝑜 1 𝑜 1 𝑜 0 − 1 + 𝑜 1 − 1 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 10
Statistical Background t -Test 𝑢 𝑤 Γ 𝑤 + 1 −𝑤+1 1 + 𝑢 2 2 Estimate the probability to accept null 2 𝑔 𝑢, 𝑤 = 𝜌𝑤 Γ 𝑤 hypothesis with Student’s 𝑢 distribution: 𝑤 2 ∞ 𝑞 = 2 𝑔 t, v 𝑒𝑢 Compute: |𝑢| Small 𝑞 values give evidence to reject the null hypothesis Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 11
Statistical Background t -Test For testing usually only the 𝑢 -value is estimated Compared to a threshold of t > 4.5 • 𝑞 = 2𝐺 −4.5, 𝑤 > 1000 < 0.00001 • Confidence of > 0.99999 to reject the null hypothesis Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 12
Testing Methodology Specific 𝒖 -Test • • Non-Specific t -Test • Higher Orders Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 13
Testing Methodology Specific t -Test Measurements 𝑈 𝑗 𝑢𝑏𝑠𝑓𝑢 𝑐𝑗𝑢 𝐸 𝑗 = 0 𝑢𝑏𝑠𝑓𝑢 𝑐𝑗𝑢 𝐸 𝑗 = 1 With Associated Data 𝐸 𝑗 𝑅 0 𝑅 1 Specific t -Test: Key is known to enable correct partitioning Test is conducted at each sample point separately (univariate) If corresponding 𝑢 -test exceeds threshold ⇒ DPA probable Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 14
Testing Methodology Specific t -Test Measurements 𝑈 𝑗 𝒖𝒃𝒔𝒉𝒇𝒖 𝒄𝒛𝒖𝒇 𝑬 𝒋 = 𝒚 𝒖𝒃𝒔𝒉𝒇𝒖 𝒄𝒛𝒖𝒇 𝑬 𝒋 ≠ 𝒚 With Associated Data 𝐸 𝑗 𝑅 0 𝑅 1 Other classifications possible Specific t -Test: Key is known to enable correct partitioning Test is conducted at each sample point separately (univariate) If corresponding 𝑢 -test exceeds threshold ⇒ DPA probable Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 15
Testing Methodology Specific t -Test Example: PRESENT (last round) addRoundKey, sBoxLayer, pLayer Bitwise: 3 × 64 tests Sbox out bits (64 models) Nibblewise: 3 × 16 × 16 tests Other tests possible Sbox 0 nibble (16 models) Problems: Same as attack-based approach Many different intermediate values Many different models Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 16
Testing Methodology Non-Specific t -Test Non-Specific t -Test: fixed vs. random t -test Avoids being dependent on any intermediate value/model Detected leakage of single test is not always exploitable Measurements 𝑈 Measurements 𝑈 𝑗 𝑘 With Random With Fixed Associated Data D 𝑗 Associated Data D 𝑅 0 𝑅 1 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 17
Testing Methodology Non-Specific t -Test 𝑅 0 𝑅 1 100 50 𝜈 : 0 -50 -100 4000 4500 5000 5500 6000 6500 7000 t -Test 𝑡 2 : Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 18
Testing Methodology Non-Specific t -Test Non-specific t-test reports a detectable leakage ⇒ Specific t-test reports leakage with higher confidence Other direction ( ⇐ ) cannot be concluded from a single non-specific t -test Recommended to perform a number of non-specific tests with different fixed data Semi-fixed vs. random test: Use a set of particular associated data instead of only one All lead to certain intermediate value Eliminates some of the drawbacks of fixed vs. random Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 19
Testing Methodology Higher Orders 𝑇 1 𝑇 2 Multivariate: Sensitive variable is shared: 𝑇 = 𝑇 1 ∘ 𝑇 2 Shares are processed at different time instances (SW) Leakages at different time instances need to be combined first Centered Product: 𝑦′ = 𝑦 1 − 𝜈 1 ⋅ 𝑦 2 − 𝜈 2 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 20
Testing Methodology Higher Orders 𝑇 1 𝑇 2 Univariate: Shares are processed in parallel (HW) Leakages at the same time instance need to be combined first Variance: 𝑦 ′ = 𝑦 − 𝜈 2 𝑒 In some cases: 𝑦 ′ = 𝑦−𝜈 𝑡 In general: 𝑦 ′ = 𝑦 − 𝜈 𝑒 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 21
Correct Measurement • Setup • Case Study: Microcontroller • Case Study: FPGA • Recommendations Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 22
Correct Measurement Setup PC Plaintext Ciphertext … Target Control Trigger Measure Pitfalls: Order of fixed and random inputs should be random as well Oscilloscope Communication between Control and Target should be masked (if possible) Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 23
Correct Measurement CS: Microcontroller • AES with masking & shuffling (DPA contest v4.2) • No shared communication • First-order test • Leakage associated to unmasked plaintext Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 24
Correct Measurement CS: Microcontroller Detectable first order leakage Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 25
Correct Measurement CS: FPGA • NLFSR [1] • 2 nd – order threshold implementation • Test at different orders [1] A note on the security of Higher-Order Threshold Implementations Oscar Reparaz, ePrint Report 2015/001 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 26
Correct Measurement CS: FPGA First Order No plaintext leakage Second Order No detectable leakage in first two orders (univariate) Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 27
Correct Measurement CS: FPGA Fifth Order Second Order (bivariate) Might be vulnerable to bivariate second order attack Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 28
Correct Measurement Recommendations Fixed vs. random: DUT with masking countermeasure With masked communication Semi-fixed vs. random: DUT with hiding countermeasure Without masked communication Specific t-test: DUT with no countermeasures Failed in former non-specific tests Identify suitable intermediate values for key recovery Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 29
Efficient Computation • Classical Approach • Incremental • Multivariate • Parallelization Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 30
Efficient Computation Classical Approach Time Measurement Analysis Phase Phase 𝑈 0 𝑈 1 𝑈 t -Test Result 2 … 𝑈 𝑜−1 Leakage Assessment Methodology | WISE 2015 | Tobias Schneider 31
Recommend
More recommend
