侧信道能量信息测试向量泄漏评估技术

郑震; 严迎建; 刘燕江

doi:10.11999/JEIT230295

侧信道能量信息测试向量泄漏评估技术

doi: 10.11999/JEIT230295

战略支援部队信息工程大学郑州 450001

详细信息

作者简介:
郑震：男，博士生，研究方向为侧信道安全防护

严迎建：男，教授，博士生导师，研究方向为芯片安全防护、嵌入式密码系统

刘燕江：男，博士，讲师，研究方向为芯片安全防护

通讯作者:
郑震　zhengzhen_0917@163.com

中图分类号: TP309
计量
- 文章访问数: 538
- HTML全文浏览量: 685
- PDF下载量: 143
- 被引次数: 0
出版历程
- 收稿日期: 2023-04-18
- 修回日期: 2023-07-11
- 录用日期: 2023-07-11
- 网络出版日期: 2023-07-13
- 刊出日期: 2023-09-27

Test Vector Leakage Assessment Technique of Side-channel Power Information

Information Engineering University of Strategic Support Force, Zhengzhou 450001, China

摘要

摘要: 侧信道能量分析攻击技术以其计算复杂度低和通用性强等优势，给各类密码产品带来了严峻的安全挑战。抗能量分析攻击能力的评估已经成为密码产品安全性测评的重要环节。测试向量泄漏评估(TVLA)是一种基于假设检验的能量信息泄漏评估方法，具有简单高效和可操作性强等特点，目前被广泛应用于密码产品的安全性评估实验中。为全面把握TVLA技术机理及研究现状，该文首先对TVLA技术进行了概述，阐述了其实现原理并介绍了其实施过程，紧接着对特定和非特定两种TVLA的优势与不足进行了对比，随后参考已有研究，对TVLA的局限性进行了深入分析和归纳，在此基础上重点介绍并分析了已有的TVLA的改进方法，最后对TVLA未来可能的发展方向进行了展望。
- 安全评估 /
- 侧信道 /
- 能量分析攻击 /
- 测试向量评估
Abstract: The side-channel power analysis attack technique, with its advantages of low computational complexity and high generality, poses a critical security challenge to all kinds of cryptographic implementations. The assessment of resistance to power analysis attacks has become an essential aspect of cryptographic product security evaluation. Test Vector Leakage Assessment (TVLA) is a power information leakage evaluation method based on hypothesis testing techniques, which is highly efficient and operable, and is now widely used in security evaluation experiments of cryptographic products. In order to have a comprehensive understanding of the mechanism of TVLA technology and the current status of research, this paper begins with an overview of TVLA technology, including an explanation of its implementation principles and a description of its implementation process, followed by a comparison of the advantages and disadvantages of both specific and non-specific TVLA. The limitations of TVLA are then analyzed and summarized in depth with reference to existing studies, based on which existing approaches for improving TVLA are highlighted and analyzed, and finally the possible future directions of TVLA are prospected.
- Security assessment /
- Side-channel /
- Power analysis attack /
- Test Vector Leakage Assessment (TVLA)

HTML全文

表 1 特定和非特定TVLA的对比

	优势	不足
特定TVLA	针对DPA等常用攻击的测试效果较好	对能耗数据分组时需计算算法中间值；可供选择的算法中间值过多，难以保证测试的全面性
非特定TVLA	对能耗数据的分组较为简便，测试结果较为全面	所选择的测试向量对结果影响较大，需使用不同的测试向量重复实施评估

下载: 导出CSV

表 2 TVLA改进方法汇总表

所针对问题	对应文献	主要方法	优缺点(研究意义)
TVLA对高阶和多变量信息泄漏容易产生漏检	[25]	Hotelling’s T²检验	能够提高多变量泄漏的检出率，但计算复杂度高
	[26]	增量算法	适用于多变量和高阶泄漏，效率较高
	[27]	多分类F检验和Bartlett检验	2阶以内的泄漏检测准确率较高
	[28]	KS检验	鲁棒性较强
	[29]	统计直方图	效率较高，但初始化较繁琐
TVLA检验统计量t值的参考意义有限	[30]	理论推导和实验验证结合	建立了TVLA结果、信噪比和能量分析攻击成功率之间的联系
TVLA检验统计量t值的参考意义有限	[32]	回归模型	回答TVLA所检测出的泄漏是否可以利用的问题
TVLA对能耗数据的信噪比要求较高	[22]	快速傅里叶变换	减小了能量迹未对齐对TVLA结果的影响
	[33]	多源时频信息融合	避免了对齐和降噪的预处理步骤，检测效率和准确率较高
	[34]	配对t检验	统计结果较稳定准确
	[35]	相关关系	进一步优化了文献[34]中的方法
	[36]	深度学习	不必考虑能量迹是否对齐和泄漏的统计矩阶数等问题，且涵盖了多变量的泄漏情形；但所需时间成本较大，存在过拟合等问题
TVLA犯误判错误的概率随能量迹中采样点数量增加而增大	[37]	将t值的阈值设置为5	导致犯假阴性误判错误的概率增加
TVLA犯误判错误的概率随能量迹中采样点数量增加而增大	[38]	HC检验	能够有效控制TVLA因仅依赖于单个采样点的 t值而犯误判错误的概率
泄漏可能被隐藏在TVLA的某个分组中	[39]	卡方检验	可以和t检验结合使用以提高评估的准确性

下载: 导出CSV

参考文献(39)

[1]	KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. Proceedings of the 19th Annual International Cryptology Conference, Santa Barbara, USA, 1999: 388–397.
[2]	RADHAKRISHNAN R A. Side-channel resistant implementation using arbiter PUF[J]. Cryptology ePrint Archive, 2023.
[3]	赵毅强, 王庆雅, 马浩诚, 等. 基于数据预处理的侧信道分析优化方法[J]. 电子与信息学报, 2023, 45(1): 49–58. doi: 10.11999/JEIT211462 ZHAO Yiqiang, WANG Qingya, MA Haocheng, et al. Side channel analysis optimization method based on data preprocessing[J]. Journal of Electronics &Information Technology, 2023, 45(1): 49–58. doi: 10.11999/JEIT211462
[4]	BREUER R, STANDAERT F X, and LEVI I. Fully-digital randomization based side-channel security—toward ultra-low cost-per-security[J]. IEEE Access, 2022, 10: 68440–68449. doi: 10.1109/ACCESS.2022.3185995
[5]	PERIN G, WU Lichao, and PICEK S. Exploring feature selection scenarios for deep learning-based side-channel analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022, 2022(4): 828–861. doi: 10.46586/tches.v2022.i4.828-861
[6]	Common Criteria v3.1. Release 4[EB/OL]. https://www.commoncriteriaportal.org/cc/index.cfm?, 2013.
[7]	陈华, 习伟, 范丽敏, 等. 密码产品的侧信道分析与评估[J]. 电子与信息学报, 2020, 42(8): 1836–1845. doi: 10.11999/JEIT190853 CHEN Hua, XI Wei, FAN Limin, et al. Side channel analysis and evaluation on cryptographic products[J]. Journal of Electronics &Information Technology, 2020, 42(8): 1836–1845. doi: 10.11999/JEIT190853
[8]	GOODWILL G, JUN B, JAFFE J, et al. A testing methodology for side-channel resistance validation[C]. NIST Non-Invasive Attack Testing Workshop, 2011: 115–136.
[9]	COOPER J, DEMULDER E, GOODWILL G, et al. Test Vector Leakage Assessment (TVLA) methodology in practice[C]. International Cryptographic Module Conference, Shanghai, China, 2013.
[10]	WANG L C, GOLDER A, FANG Yan, et al. Power side-channel leakage assessment of reference implementation of SABER key encapsulation mechanism[C]. 2022 Opportunity Research Scholars Symposium (ORSS), Atlanta, USA, 2022: 8–11.
[11]	SAARINEN M J O. WiP: Applicability of ISO standard side-channel leakage tests to NIST post-quantum cryptography[C]. 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, USA, 2022: 69–72.
[12]	KRAUSZ M, LAND G, RICHTER-BROCKMANN J, et al. Efficiently masking polynomial inversion at arbitrary order[C/OL]. The 13th International Conference on Post-Quantum Cryptography, 2022: 309–326.
[13]	SADHUKHAN R, CHAKRABORTY A, DATTA N, et al. Light but tight: Lightweight composition of serialized s-boxes with diffusion layers for strong ciphers[C]. The 12th International Conference on Security, Privacy, and Applied Cryptography Engineering, Jaipur, India, 2022: 28–49.
[14]	KHAIRALLAH M and BHASIN S. Hardware implementation of masked SKINNY SBox with application to AEAD[C]. The 12th International Conference on Security, Privacy, and Applied Cryptography Engineering, Jaipur, India, 2022: 50–69.
[15]	DUAN Xiaoyi, HUANG Ye, SU Yonghua, et al. Research on the grouping method of side-channel leakage detection[C/OL]. The 18th International Conference on Security and Privacy in Communication Systems, 2023: 807–818.
[16]	LU Chuanchao, CUI Yijun, KHALID A, et al. A novel combined Correlation Power Analysis (CPA) attack on schoolbook polynomial multiplication in lattice-based cryptosystems[C]. 2022 IEEE 35th International System-on-Chip Conference (SOCC), Belfast, UK, 2022: 1–6.
[17]	WELCH B L. The generalization of ‘STUDENT'S’ problem when several different population varlances are involved[J]. Biometrika, 1947, 34(1/2): 28–35. doi: 10.1093/biomet/34.1-2.28
[18]	STANDAERT F X. How (not) to use welch’s t-test in side-channel security evaluations[C]. The 17th International Conference on Smart Card Research and Advanced Applications, Montpellier, France, 2019: 65–79.
[19]	WHITNALL C and OSWALD E. A cautionary note regarding the usage of leakage detection tests in security evaluation[J]. Cryptology ePrint Archive, 2019.
[20]	ROY D B, BHASIN S, GUILLEY S, et al. CC meets FIPS: A hybrid test methodology for first order side channel analysis[J]. IEEE Transactions on Computers, 2018, 68(3): 347–361. doi: 10.1109/TC.2018.2875746
[21]	DURVAUX F and STANDAERT F X. From improved leakage detection to the detection of points of interests in leakage traces[C]. The 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, 2016: 240–262.
[22]	LEI Wan, WANG Lihui, SHAN Weijun, et al. A frequency-based leakage assessment methodology for side-channel evaluations[C]. The 13th International Conference on Computational Intelligence and Security (CIS), Hong Kong, China, 2017: 590–593.
[23]	ZHANG Liwei. Statistics in side channel analysis-modeling, metric, leakage detection testing[D]. [Ph. D. dissertation], Northeastern University, 2017.
[24]	WHITNALL C and OSWALD E. A critical analysis of ISO 17825 (‘testing methods for the mitigation of non-invasive attack classes against cryptographic modules’)[C]. The 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 2019: 256–284.
[25]	BRONCHAIN O, SCHNEIDER T, and STANDAERT F X. Multi-tuple leakage detection and the dependent signal issue[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019, 2019(2): 318–345. doi: 10.13154/tches.v2019.i2.318-345
[26]	SCHNEIDER T and MORADI A. Leakage assessment methodology: A clear roadmap for side-channel evaluations[C]. The 17th International Workshop on Cryptographic Hardware and Embedded Systems, Saint-Malo, France, 2015: 495–513.
[27]	王娅茹, 唐明. 基于Bartlett和多分类F检验侧信道泄露评估[J]. 通信学报, 2021, 42(12): 35–43. doi: 10.11959/j.issn.1000−436x.2021235 WANG Yaru and TANG Ming. Side channel leakage assessment with the Bartlett and multi-classes F-test[J]. Journal on Communications, 2021, 42(12): 35–43. doi: 10.11959/j.issn.1000−436x.2021235
[28]	ZHOU Xinping, QIAO Kexin, and OU Changhai. Leakage detection with Kolmogorov-Smirnov test[J]. Cryptology ePrint Archive, 2019.
[29]	REPARAZ O, GIERLICHS B, and VERBAUWHEDE I. Fast leakage assessment[C]. The 19th International Conference on Cryptographic Hardware and Embedded Systems, Taipei, China, 2017: 387–399.
[30]	ROY D B, BHASIN S, GUILLEY S, et al. Leak me if you can: Does TVLA reveal success rate?[J]. Cryptology ePrint Archive, 2016.
[31]	FEI Yunsi, DING A A, LAO Jian, et al. A statistics-based success rate model for DPA and CPA[J]. Journal of Cryptographic Engineering, 2015, 5(4): 227–243. doi: 10.1007/s13389-015-0107-0
[32]	GAO Si and OSWALD E. A novel framework for explainable leakage assessment[J]. Cryptology ePrint Archive, 2022.
[33]	曹雨晨, 周永彬. 多源融合信息泄漏检测方法[J]. 信息安全学报, 2020, 5(6): 40–52. doi: 10.19363/J.cnki.cn10-1380/tn.2020.11.04 CAO Yuchen and ZHOU Yongbin. Multi-channel fusion leakage detection[J]. Journal of Cyber Security, 2020, 5(6): 40–52. doi: 10.19363/J.cnki.cn10-1380/tn.2020.11.04
[34]	DING A A, CHEN Cong, and EISENBARTH T. Simpler, faster, and more robust t-test based leakage detection[C]. The 7th International Workshop on Constructive Side-Channel Analysis and Secure Design, Graz, Austria, 2016: 163–183.
[35]	鹿福祥, 李伟键, 黄娴. 基于配对t检验的侧信道泄露评估优化研究[J]. 小型微型计算机系统, 2019, 40(12): 2585–2590. doi: 10.3969/j.issn.1000-1220.2019.12.021 LU Fuxiang, LI Weijian, and HUANG Xian. Research on optimization of side channel leakage assessment based on paired t test[J]. Journal of Chinese Computer Systems, 2019, 40(12): 2585–2590. doi: 10.3969/j.issn.1000-1220.2019.12.021
[36]	MOOS T, WEGENER F, and MORADI A. DL-LA: Deep learning leakage assessment: A modern roadmap for SCA evaluations[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2021(3): 552–598. doi: 10.46586/tches.v2021.i3.552-598
[37]	BALASCH J, GIERLICHS B, GROSSO V, et al. On the cost of lazy engineering for masked software implementations[C]. The 13th International Conference on Smart Card Research and Advanced Applications, Paris, France, 2015: 64–81.
[38]	DING A A, ZHANG Liwei, DURVAUX F, et al. Towards sound and optimal leakage detection procedure[C]. The 16th International Conference on Smart Card Research and Advanced Applications, Lugano, Switzerland, 2018: 105–122.
[39]	MORADI A, RICHTER B, SCHNEIDER T, et al. Leakage detection with the x2-test[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018, 2018(1): 209–237. doi: 10.13154/tches.v2018.i1.209-237