Side Channel Analysis and Evaluation on Cryptographic Products

Hua CHEN; Wei XI; Limin FAN; Zhipeng JIAO; Jingyi FENG

doi:10.11999/JEIT190853

Volume 42 Issue 8

Aug. 2020

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2020 > 42(8): 1836-1845

Hua CHEN, Wei XI, Limin FAN, Zhipeng JIAO, Jingyi FENG. Side Channel Analysis and Evaluation on Cryptographic Products[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1836-1845. doi: 10.11999/JEIT190853

Citation:

Hua CHEN, Wei XI, Limin FAN, Zhipeng JIAO, Jingyi FENG. Side Channel Analysis and Evaluation on Cryptographic Products[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1836-1845. doi: 10.11999/JEIT190853

Citation:

PDF( 353 KB)

Side Channel Analysis and Evaluation on Cryptographic Products

doi: 10.11999/JEIT190853

Hua CHEN^{1, 2
,
,},
Wei XI³,
Limin FAN¹,
Zhipeng JIAO^{1, 4},
Jingyi FENG^{1, 4}

1.
TCA Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
2.
State Key Laboratory of Cryptology, Beijing 100878, China
3.
Electric Power Research Institute, China Southern Power Grid, Guangzhou 510663, China
4.
University of Chinese Academy of Sciences, Beijing 100049, China

Funds: The National Key R&D Program of China (2018YFB0904900, 2018YFB0904901), The National Cryptography Development Fund of China (MMJJ20170214, MMJJ20170211)

Received Date: 2019-11-01
Rev Recd Date: 2020-06-05

Available Online: 2020-07-07

Publish Date: 2020-08-18

Abstract

Abstract

As a kind of important information security products, the cryptographic technique adopted by cryptographic products guarantees the confidentiality, integrity and non-repudiation of information. The side channel attack is an important security threat against cryptographic products. It mainly utilizes the leakage of side information (such as time, power consumption, etc.) during the operation of cryptographic algorithm, and attacks by analyzing the dependence between side information and secret information. It has become an important test content to evaluate the ability of cryptographic products to defend against the side channel attack. The development of side channel evaluation of cryptographic products is introduced from three aspects of attack test, general evaluation and formal verification. The attack test is the most popular way adopted in side channel evaluation, which aims to recover the secret imformation such as the key by executing specific attack process. The latter two methods are not for the purpose of recovering secret information, but focus on assessing whether there is any side information leakage in the cryptographic implementation. They are more general than the attack test because they do not require the evaluator to go into the details of the attack process and implementation. The general evaluation is to describe the degree of information leakage by means of statistical test and information entropy calculation. For example, Test Vector Leakage Assessment (TVLA) technology is widely used at present. The formal method is a new development direction to evaluate the effectiveness of side channel protection strategy which has the advantage that it can automatically/semi-automatically evaluate whether the cryptographic implementation has side channel attack vulnerability. The latest results of formal verification for different protection strategies such as software mask, hardware mask and fault protection is introduced in this paper, mainly including program verification, type inference and model counting.
- Cryptographic product,
- Side channel,
- Information leakage,
- Formal verification

FullText(HTML)

References(42)

References

KOCHER P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]. The 16th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 1996: 104–113. doi: 10.1007/3-540-68697-5_9.

KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. The 19th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 1999: 388–397. doi: 10.1007/3-540-48405-1_25.

GANDOLFI K, MOURTEL C, and OLIVIER F. Electromagnetic analysis: Concrete results[C]. The 3rd International Workshop Paris on Cryptographic Hardware and Embedded Systems, Paris, France, 2001: 251–261. doi: 10.1007/3-540-44709-1_21.

BONEH D, DEMILLO R A, and LIPTON R J. On the importance of checking cryptographic protocols for faults[C]. International Conference on the Theory and Application of Cryptographic Techniques Konstanz on Advances in Cryptology, Konstanz, Germany, 1997: 37–51. doi: 10.1007/3-540-69053-0_4.

MANGARD S, OSWALD E, POPP T. 冯登国, 周永彬, 刘继业, 等译. 能量分析攻击[M]. 北京: 科学出版社, 2010: 3–4, 49–50.

MANGARD S, OSWALD E, and POPP T. FENG Dengguo, ZHOU Yongbin, LIU Jiye, et al. translation. Power Analysis Attacks[M]. Beijing: Science Press, 2010: 3–4, 49–50.

NIST. FIPS 140–3 Security requirements for cryptographic modules[S]. NIST, 2019.

ISO/IEC 19790: 2012. Information technology-security techniques-security requirements for cryptographic modules[S]. 2012.

State Cryptography Administration. GM/T 0028–2014 Cryptography module security technical requirements[S]. Beijing: China Standard Press, 2014.

国家密码管理局. GM/T 0008–2012 安全芯片密码检测准则[S]. 北京: 中国标准出版社, 2012.

State Cryptography Administration. GM/T 0008–2012 Cryptography test criteria for security IC[S]. Beijing: China Standard Press, 2012.

BRIER E, CLAVIER C, and OLIVIER F. Correlation power analysis with a leakage mode[C]. The 6th International Workshop Cambridge on Cryptographic Hardware and Embedded Systems, Cambridge, USA, 2004: 16–29. doi: 10.1007/978-3-540-28632-5_2.

GIERLICHS B, BATINA L, TUYLS P, et al. Mutual information analysis[C]. The 10th International Workshop on Cryptographic Hardware and Embedded Systems, Washington, USA, 2008: 426–442. doi: 10.1007/978-3-540-85053-3_27.

CHARI S, RAO J R, and ROHATGI P. Template attacks[C]. The 4th International Workshop Redwood Shores on Cryptographic Hardware and Embedded Systems, Redwood City, USA, 2002: 13–28. doi: 10.1007/3-540-36400-5_3.

HOSPODAR G, GIERLICHS B, DE MULDER E, et al. Machine learning in side-channel analysis: A first study[J]. Journal of Cryptographic Engineering, 2011, 1(4): 293. doi: 10.1007/s13389-011-0023-x

LERMAN L, BONTEMPI G, and MARKOWITCH O. A machine learning approach against a masked AES[J]. Journal of Cryptographic Engineering, 2015, 5(2): 123–139. doi: 10.1007/s13389-014-0089-3

MAGHREBI H, PORTIGLIATTI T, and PROUFF E. Breaking cryptographic implementations using deep learning techniques[C]. The 6th International Conference on Security, Privacy, and Applied Cryptography Engineering, Hyderabad, India, 2016: 3–26. doi: 10.1007/978-3-319-49445-6_1.

TIMON B. Non-profiled deep learning-based side-channel attacks with sensitivity analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(2): 107–131.

BIHAM E and SHAMIR A. Differential fault analysis of secret key cryptosystems[C]. The 17th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 1997: 513–525. doi: 10.1007/BFb0052259.

BIEHL I, MEYER B, and MÜLLER V. Differential fault attacks on elliptic curve cryptosystems[C]. The 20th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 2000: 131–146. doi: 10.1007/3-540-44598-6_8.

SCHMIDT J M and MEDWED M. A fault attack on ECDSA[C]. The 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography, Lausanne, Switzerland, 2009: 93–99. doi: 10.1109/FDTC.2009.38.

GOODWILL G, JUN B, JAFFE J, et al. A testing methodology for side-channel resistance validation[C]. NIST Non-Invasive Attack Testing Workshop, Nara, Japan, 2011: 115–136.

BECKER G, COOPER J, DEMULDER E, et al. Test Vector Leakage Assessment (TVLA) methodology in practice[C]. International Cryptographic Module Conference, Gaithersburg, USA, 2013: 13.

DING A A, CHEN Cong, and EISENBARTH T. Simpler, faster, and more robust t-test based leakage detection[C]. The 7th International Workshop on Constructive Side, Graz, Austria, 2016: 163–183. doi: 10.1007/978-3-319-43283-0_10.

MORADI A, RICHTER B, SCHNEIDER T, et al. Leakage detection with the X²-test[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(1): 209–237. doi: 10.13154/tches.v2018.i1.209-237

WEGENER F, MOOS T, and MORADI A. DL-LA: Deep learning leakage assessment[J]. IACR Cryptology ePrint Archive, 2019. https://eprint.iacr.org/2019/505.pdf.

SAKIYAMA K, LI YANG, IWAMOTO M, et al. Informationtheoretic approach to optimal differential fault analysis[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(1): 109–120. doi: 10.1109/TIFS.2011.2174984

BERTONI G, BREVEGLIERI L, KOREN I, et al. Error analysis and detection procedures for a hardware implementation of the advanced encryption standard[J]. IEEE Transactions on Computers, 2003, 52(4): 492–505. doi: 10.1109/tc.2003.1190590

JOYE M, MANET P, and RIGAUD J B. Strengthening hardware AES implementations against fault attacks[J]. IET Information Security, 2007, 1(3): 106–110. doi: 10.1049/iet-ifs:20060163

GHOSH S, SAHA D, SENGUPTA A, et al. Preventing fault attacks using fault randomization with a case study on AES[C]. The 20th Australasian Conference on Information Security and Privacy, Brisbane, Australia, 2015: 343–355. doi: 10.1007/978-3-319-19962-7_20.

TUPSAMUDRE H, BISHT S, and MUKHOPADHYAY D. Destroying fault invariant with randomization[C]. The 16th International Workshop on Cryptographic Hardware and Embedded Systems, Busan, Korea, 2014: 93–111. doi: 10.1007/978-3-662-44709-3_6.

FENG Jingyi, CHEN Hua, LI Yang, et al. A framework for evaluation and analysis on infection countermeasures against fault attacks[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 391–406. doi: 10.1109/TIFS.2019.2903653

GOUBIN L and PATARIN J. DES and differential power analysis the “duplication” method[C]. The 1st International Workshop on Cryptographic Hardware and Embedded Systems, Worcester, USA, 1999: 158–172. doi: 10.1007/3-540-48059-5_15.

BAYRAK A G, REGAZZONI F, NOVO D, et al. Sleuth: Automated verification of software power analysis countermeasures[C]. The 15th International Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, USA, 2013: 293–310. doi: 10.1007/978-3-642-40349-1_17.

BARTHE G, BELAÏD S, DUPRESSOIR F, et al. Strong non-interference and type-directed higher-order masking[C]. The 2016 ACM SIGSAC Conference on Computer and Communications Security, New York, USA, 2016: 116–129. doi: 10.1145/2976749.2978427.

BARTHE G, BELAÏD S, DUPRESSOIR F, et al. Verified proofs of higher-order masking[C]. The 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 457–485. doi: 10.1007/978-3-662-46800-5_18.

CORON J S. Formal verification of side-channel countermeasures via elementary circuit transformations[C]. The 16th International Conference on Applied Cryptography and Network Security, Leuven, Belgium, 2018: 65–82. doi: 10.1007/978-3-319-93387-0_4.

EL OUAHMA I B, MEUNIER Q L, HEYDEMANN K, et al. Side-channel robustness analysis of masked assembly codes using a symbolic approach[J]. Journal of Cryptographic Engineering, 2019, 9(3): 231–242. doi: 10.1007/s13389-019-00205-7

ELDIB H, WANG Chao, and SCHAUMONT P. Formal verification of software countermeasures against side-channel attacks[J]. ACM Transactions on Software Engineering and Methodology, 2014, 24(2): 1–24. doi: 10.1145/2685616

ELDIB H, WANG Chao, and SCHAUMONT P. SMT-based verification of software countermeasures against side-channel attacks[C]. The 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, Grenoble, France, 2014: 62–77. doi: 10.1007/978-3-642-54862-8_5.

ZHANG Jun, GAO Pengfei, SONG Fu, et al. SCINFER: Refinement-based verification of software countermeasures against side-channel attacks[C]. The 30th International Conference on Computer Aided Verification, Oxford, England, 2018: 157–177. doi: 10.1007/978-3-319-96142-2_12.

BERTONI G and MARTINOLI M. A methodology for the characterisation of leakages in combinatorial logic[C]. The 6th International Conference on Security, Privacy, and Applied Cryptography Engineering, Hyderabad, India, 2016: 363–382. doi: 10.1007/978-3-319-49445-6_21.

BLOEM R, GROSS H, IUSUPOV R, et al. Formal verification of masked hardware implementations in the presence of glitches[C]. The 37th Advances in Cryptology, Tel Aviv, Israel, 2018: 321–353. doi: 10.1007/978-3-319-78375-8_11.

GOUBET L, HEYDEMANN K, ENCRENAZ E, et al. Efficient design and evaluation of countermeasures against fault attacks using formal verification[C]. The 14th International Conference on Smart Card Research and Advanced Applications, Bochum, Germany, 2015: 177–192. doi: 10.1007/978-3-319-31271-2_11.

Relative Articles

Supplements(0)

Cited By

Proportional views