Abstract
Schemes such as Common Criteria or FIPS 140-3 require the assessment of cryptographic implementations with respect to side channels at high security levels. Instead of a “penetration testing” style approach where specific tests are carried out, FIPS 140-3 relies on non-specific “leakage assessment” to identify potential side channel leaks in implementations of symmetric schemes. Leakage assessment, as it is understood today, is based on a simple leakage detection testing regime. Leakage assessment to date, provides no evidence whether or not the potential leakage is exploitable in a concrete attack: if a device fails the test, (and therefore certification under the FIPS 140-3 scheme) it remains unclear why it fails.
We propose a novel assessment regime that is based on a different statistical rational than the existing leakage detection tests. Our statistical approach enables non-specific detection (i.e. we do not require to specify intermediate values) whilst simultaneously generating evidence for designing an attack vector that exploits identified leakage. We do this via an iterative approach, based on building and comparing nested regression models. We also provide, for the first time, concrete definitions for concepts such as key leakage, exploitable leakage and explainable leakage. Finally, we illustrate our novel leakage assessment framework in the context of two open source masked software implementations on a processor that is known to exhibit micro-architectural leakage.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Notice that because the Welch’s t-test only captures the first central moment of a distribution, complex leakage has to be “forced into” this central moment by means of pre-processing the observations.
- 2.
- 3.
Note that this “state” is often not some known state defined by the cipher’s specification. In practice, various micro-architectural effects exist that make exhaustively (specific) testing on all leaking states impossibly difficult.
- 4.
A recent and comprehensive analysis of classifiers of this nature is given in [14].
- 5.
Unfortunately the same \(\beta \) has been used in both statistics and linear regression models; for clarity, we denote \(\beta _{p}\) as the false positive rate.
- 6.
In practice, we expect “efficiency” to be determined by evaluation parameters, i.e. an given time/data budget.
- 7.
Recall that we apply this process independently to all trace points. Consequently, we expect that different trace points will lead to different models because different trace points correspond to different intermediate steps.
- 8.
- 9.
The authors provided various compile macros within their masked ASCON software implementation. One important option is whether the “bit-interleave” trick is applied (aka “ASCON_EXTERN_BI”). Our experiments in this section is captured when “ASCON_EXTERN_BI” is set. Note that this is not the default version: our experiments on the default version shows the same leakage can be found in a latter time point, yet related to a few different key bits (caused by the bit-interleave trick). More details can be found in the full version on eprint [26].
References
Common Criteria: The Common Criteria for Information Technology Security Evaluation (2017). https://www.commoncriteriaportal.org/cc/
Information Technology Laboratory,NIST: Security Requirements for Cryptographic Modules. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf
Gilbert Goodwill, B.J., Jaffe, J., Rohatgi, P., et al.: A testing methodology for side-channel resistance validation. In: NIST Non-invasive Attack Testing Workshop. 7, 115–136 (2011)
ISO/IEC: Testing methods for the mitigation of non-invasive attack classes against cryptographic modules (2016). https://www.iso.org/obp/ui/#iso:std:iso-iec:17825:ed-1:v1:en
Roy, D.B., Bhasin, S., Guilley, S., Heuser, A., Patranabis, S., Mukhopadhyay, D.: CC meets FIPS: a hybrid test methodology for first order side channel analysis. IEEE Trans. Comput. 68(3), 347–361 (2019)
Moos, T., Wegener, F., Moradi, A.: DL-LA: deep learning leakage assessment. A modern roadmap for SCA evaluations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(3) 552–598 (2021)
Whitnall, C., Oswald, E.: A critical analysis of ISO 17825 (‘testing methods for the mitigation of non-invasive attack classes against cryptographic modules’). In: Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 8-12 December 2019, Proceedings, Part III, pp. 256–284 (2019)
Yap, T., Benamira, A., Bhasin, S., Peyrin, T.: Peek into the black-box: interpretable neural network using SAT equations in side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2023(2), 24–53 (2023)
Moradi, A., Richter, B., Schneider, T., Standaert, F.: Leakage detection with the x2-Test. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 209–237 (2018)
Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_25
Azouaoui, M., et al.: A systematic appraisal of side channel evaluation strategies. In: van der Merwe, T., Mitchell, C., Mehrnezhad, M. (eds.) SSR 2020. LNCS, vol. 12529, pp. 46–66. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64357-7_3
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers, pp. 13–28 (2002)
Gao, S., Oswald, E.: A novel completeness test for leakage models and its application to side channel attacks and responsibly engineered simulators. In: Dunkelman, O., Dziembowski, S., eds.: Advances in Cryptology - EUROCRYPT 2022 - 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, May 30 - June 3, 2022, Proceedings, Part III, vol. 13277. LNCS, pp. 254–283. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_10
Picek, S., Heuser, A., Guilley, S.: Template attack versus Bayes classifier. J. Cryptogr. Eng. 7(4), 343–351 (2017)
Picek, S., et al.: Side-channel analysis and machine learning: a practical perspective. In: 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, USA, May 14-19, 2017, pp. 4095–4102. IEEE (2017)
Prouff, E., Strullu, R., Benadjila, R., Cagli, E., Dumas, C.: Study of deep learning techniques for side-channel analysis and introduction to ASCAD database. IACR Cryptol. ePrint Arch. 53, 1–45 (2018)
Doget, J., Prouff, E., Rivain, M., Standaert, F.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_3
Huitfeldt, A., Stensrud, M.J., Suzuki, E.: On the collapsibility of measures of effect in the counterfactual causal framework. Emerg. Themes Epidemiol. 16(1), 1 (2019)
Cohen, J.: CHAPTER 9 - F tests of variance proportions in multiple regression/correlation analysis. In: Cohen, J., (ed.) Statistical Power Analysis for the Behavioral Sciences, pp. 407 – 453. Academic Press (1977)
Mather, L., Oswald, E., Whitnall, C.: Multi-target DPA attacks: pushing DPA beyond the limits of a desktop computer. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 243–261. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_13
Longo, J., Martin, D.P., Mather, L., Oswald, E., Sach, B., Stam, M.: How low can you go? Using side-channel data to enhance brute-force key recovery. IACR Cryptol. ePrint Arch. 609 (2016)
Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Soft analytical side-channel attacks. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 282–296. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_15
Arrieta, A.B., et al.: Explainable artificial intelligence (XAI): concepts, taxonomies, opportunities and challenges toward responsible AI. Inf. Fusion 58, 82–115 (2019)
Chari, Suresh, Jutla, Charanjit S.., Rao, Josyula R.., Rohatgi, Pankaj: Towards sound approaches to counteract power-analysis attacks. In: Wiener, Michael (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_26
Gao, S., Oswald, E.: A novel framework for explainable leakage assessment. Cryptology ePrint Archive, Paper 2022/182 (2022). https://eprint.iacr.org/2022/182
Benadjila, R., Khati, L., Prouff, E., Thillard, A.: Hardened Library for AES-128 encryption/decryption on ARM Cortex M4 Achitecture. https://github.com/ANSSI-FR/SecAESSTM32
Bhasin, S., Danger, J., Guilley, S., Najm, Z.: Side-channel leakage and trace compression using normalized inter-class variance. In: Lee, R.B., Shi, W. (eds.) HASP 2014, Hardware and Architectural Support for Security and Privacy, Minneapolis, MN, USA, June 15, 2014, pp. 7:1–7:9. ACM (2014)
Durvaux, François, Standaert, François-Xavier.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, Marc, Coron, Jean-Sébastien. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 240–262. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_10
Marshall, B., Page, D., Webb, J.: MIRACLE: micro-architectural leakage evaluation. A study of micro-architectural power leakage across many devices. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 175–220 (2022)
Acknowledments
Si Gao was funded in part by National Key R &D Program of China (No. 2022YFB3103800) and the ERC via the grant SEAL (Project Reference 725042). Elisabeth Oswald was funded in part by the ERC via the grant SEAL (Project Reference 725042).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 International Association for Cryptologic Research
About this paper
Cite this paper
Gao, S., Oswald, E. (2024). A Novel Framework for Explainable Leakage Assessment. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14653. Springer, Cham. https://doi.org/10.1007/978-3-031-58734-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-58734-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-58733-7
Online ISBN: 978-3-031-58734-4
eBook Packages: Computer ScienceComputer Science (R0)
