Next Article in Journal
Privacy-Preserving and Efficient Public Key Encryption with Keyword Search Based on CP-ABE in Cloud
Next Article in Special Issue
How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost
Previous Article in Journal
Secure Boot for Reconfigurable Architectures
Previous Article in Special Issue
Hardware Performance Evaluation of Authenticated Encryption SAEAES with Threshold Implementation
Open AccessArticle

Side-Channel Evaluation Methodology on Software

1
Secure-IC S.A.S., Tour Montparnasse, 75015 Paris, France
2
Telecom-ParisTech, 91120 Palaiseau, France
3
Secure-IC K.K., Hirakawa-cho, Chiyoda-ku, Tokyo 102-0093, Japan
*
Authors to whom correspondence should be addressed.
Received: 2 August 2020 / Revised: 11 September 2020 / Accepted: 21 September 2020 / Published: 25 September 2020
(This article belongs to the Special Issue Side Channel and Fault Injection Attacks and Countermeasures)
Cryptographic implementations need to be robust amidst the widespread use of crypto-libraries and attacks targeting their implementation, such as side-channel attacks (SCA). Many certification schemes, such as Common Criteria and FIPS 140, continue without addressing side-channel flaws. Research works mostly tackle sophisticated attacks with simple use-cases, which is not the reality where end-to-end evaluation is not trivial. In this study we used all due diligence to assess the invulnerability of a given implementation from the shoes of an evaluator. In this work we underline that there are two kinds of SCA: horizontal and vertical. In terms of quotation, measurement and exploitation, horizontal SCA is easier. If traces are constant-time, then vertical attacks become convenient, since there is no need for specific alignment (“value based analysis”). We introduce our new methodology: Vary the key to select sensitive samples, where the values depend upon the key, and subsequently vary the mask to uncover unmasked key-dependent leakage, i.e., the flaws. This can be done in the source code (pre-silicon) for the designer or on the actual traces (post-silicon) for the test-lab. We also propose a methodology for quotations regarding SCA unlike standards that focus on only one aspect (like number of traces) and forgets about other aspects (such as equipment; cf. ISO/IEC 20085-1. View Full-Text
Keywords: side-channel evaluation; cryptographic implementation; cybersecurity; AES; RSA side-channel evaluation; cryptographic implementation; cybersecurity; AES; RSA
Show Figures

Figure 1

MDPI and ACS Style

Guilley, S.; Karray, K.; Perianin, T.; Shrivastwa, R.-R.; Souissi, Y.; Takarabt, S. Side-Channel Evaluation Methodology on Software. Cryptography 2020, 4, 27. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040027

AMA Style

Guilley S, Karray K, Perianin T, Shrivastwa R-R, Souissi Y, Takarabt S. Side-Channel Evaluation Methodology on Software. Cryptography. 2020; 4(4):27. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040027

Chicago/Turabian Style

Guilley, Sylvain; Karray, Khaled; Perianin, Thomas; Shrivastwa, Ritu-Ranjan; Souissi, Youssef; Takarabt, Sofiane. 2020. "Side-Channel Evaluation Methodology on Software" Cryptography 4, no. 4: 27. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040027

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop