Design Article
Defending against side-channel attacks - Part 3
Gilbert Goodwill, Cryptography Research, Inc.
10/3/2012 5:52 AM EDT
4.5 Summary of t-test methodology
The t-tests provide a simple, repeatable methodology for testing devices for side-channel vulnerabilities. It has clear pass/fail criteria. In our lab, the worst-case data collection and analysis time was 6 hours, but can be significantly less. The tests can be run on partially collected data, and remaining data collection and tests can be aborted early upon test failure. Finally, the data collection and tests are scriptable. The evaluation process can be automated once an evaluator has established confidence in the collected data.
5. References
[1] Paul Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”, Advances in Cryptology – Crypto ‘96 Proceedings, Lecture Notes in Computer Science Vol. 1109, Neal Koblitz (Ed.), Springer-Verlag, 1996, pp. 104–113.
[2] Joseph Bonneau and Ilya Mironov, “Cache-Collision Timing Attacks against AES”, Cryptographic Hardware and Embedded Systems – CHES 2006, Lecture Notes in Computer Science, Vol. 4249, L. Goubin and M. Matsui (Ed.), Springer-Verlag, 2006, pp. 201-215.
[3] D. Brumly and D. Boneh, “Remote Timing Attacks are Practical”, Proceedings of the 12th USENIX Security Symposium, August 4–8, 2003. (Paper available at http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf).
[4] Paul Kocher, Joshua Jaffe, Benjamin Jun, “Differential Power Analysis,” Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes In Computer Science Vol. 1666, M. Wiener, (Ed.), Springer-Verlag, 1999, pp. 388–397. (Whitepaper available at http://www.cryptography.com/resources/whitepapers/DPATechInfo.pdf)
[5] Cryptography Research, Inc, “A Standardized Testing Methodology for Side-Channel Resistance Validation”, Version 0.9 (Draft), July 1, 2011.
[6] Side-channel Attack Standard Evaluation Board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/index-en.html
To access Part One, click here.
To access Part Two, click here
See related links:
Using MISRA C and C++ for security and reliability. Part I
Using MISRA C and C++ for security and reliability. Part II
Using MISRA C and C++ for security and reliability. Part III
How secure is AES against brute force attacks?
Public key cryptography and security certificates
----------------------
If you found this article to be of interest, visit Military/Aerospace Designline where you will find the latest and greatest design, technology, product, and news articles with regard to all aspects of military, defense and aerospace. And, to register to our weekly newsletter, click here.
The t-tests provide a simple, repeatable methodology for testing devices for side-channel vulnerabilities. It has clear pass/fail criteria. In our lab, the worst-case data collection and analysis time was 6 hours, but can be significantly less. The tests can be run on partially collected data, and remaining data collection and tests can be aborted early upon test failure. Finally, the data collection and tests are scriptable. The evaluation process can be automated once an evaluator has established confidence in the collected data.
5. References
[1] Paul Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”, Advances in Cryptology – Crypto ‘96 Proceedings, Lecture Notes in Computer Science Vol. 1109, Neal Koblitz (Ed.), Springer-Verlag, 1996, pp. 104–113.
[2] Joseph Bonneau and Ilya Mironov, “Cache-Collision Timing Attacks against AES”, Cryptographic Hardware and Embedded Systems – CHES 2006, Lecture Notes in Computer Science, Vol. 4249, L. Goubin and M. Matsui (Ed.), Springer-Verlag, 2006, pp. 201-215.
[3] D. Brumly and D. Boneh, “Remote Timing Attacks are Practical”, Proceedings of the 12th USENIX Security Symposium, August 4–8, 2003. (Paper available at http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf).
[4] Paul Kocher, Joshua Jaffe, Benjamin Jun, “Differential Power Analysis,” Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes In Computer Science Vol. 1666, M. Wiener, (Ed.), Springer-Verlag, 1999, pp. 388–397. (Whitepaper available at http://www.cryptography.com/resources/whitepapers/DPATechInfo.pdf)
[5] Cryptography Research, Inc, “A Standardized Testing Methodology for Side-Channel Resistance Validation”, Version 0.9 (Draft), July 1, 2011.
[6] Side-channel Attack Standard Evaluation Board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/index-en.html
To access Part One, click here.
To access Part Two, click here
See related links:
Using MISRA C and C++ for security and reliability. Part I
Using MISRA C and C++ for security and reliability. Part II
Using MISRA C and C++ for security and reliability. Part III
How secure is AES against brute force attacks?
Public key cryptography and security certificates
----------------------
If you found this article to be of interest, visit Military/Aerospace Designline where you will find the latest and greatest design, technology, product, and news articles with regard to all aspects of military, defense and aerospace. And, to register to our weekly newsletter, click here.
|
|
|
|
|
Navigate to related information