How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost
Faculty of Engineering, Bar-Ilan University (BIU), Ramat-Gan 5290002, Israel
*
Author to whom correspondence should be addressed.
†
These authors contributed equally to this work.
Cryptography 2020, 4(4), 36; https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040036
Received: 6 November 2020 / Revised: 27 November 2020 / Accepted: 30 November 2020 / Published: 8 December 2020
(This article belongs to the Special Issue Side Channel and Fault Injection Attacks and Countermeasures)
Cryptographic designs are vulnerable to side-channel analysis attacks. Evaluating their security during design stages is of crucial importance. The latter is achieved by very expensive (slow) analog transient-noise simulations over advanced fabrication process technologies. The main challenge of such rigorous security-evaluation analysis lies in the fact that technologies are becoming more and more complex and the physical properties of manufactured devices vary significantly due to process variations. In turn, a detailed security evaluation process imposes exponential time complexity with the circuit-size, the number of physical implementation corners (statistical variations) and the accuracy of the circuit-simulator. Given these circumstances, what is the cost of not exhausting the entire implementation space? In terms of simulation-time complexity, the benefits would clearly be significant; however, we are interested in evaluating the security implications. This question can be formulated for many other interesting side-channel contexts such as for example, how would an attack-outcome vary when the adversary is building a leakage template over one device, i.e., one physical corner, and it performs an evaluation (attack) phase of a device drawn from a different statistical corner? Alternatively, is it safe to assume that a typical (average) corner would represent the worst case in terms of security evaluation or would it be advisable to perform a security evaluation over another specific view? Finally, how would the outcome vary concretely? We ran in-depth experiments to answer these questions in the hope of finding a nice tradeoff between simulation efforts and expertise, and security-evaluation degradation. We evaluate the results utilizing methodologies such as template-attacks with a clear distinction between profiling and attack-phase statistical views. This exemplary view of what an adversary might capture in these scenarios is followed by a more complete statistical evaluation analysis utilizing tools such as the Kullback–Leibler (KL) divergence and the Jensen-Shannon (JS) divergence to draw conclusions.
View Full-Text
Keywords:
corners; device mismatch; worst case security evaluation; side-channel analysis; template attacks; simulation; statistical distance
▼
Show Figures
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
MDPI and ACS Style
Breuer, R.; Levi, I. How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost. Cryptography 2020, 4, 36. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040036
AMA Style
Breuer R, Levi I. How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost. Cryptography. 2020; 4(4):36. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040036
Chicago/Turabian StyleBreuer, Rinat; Levi, Itamar. 2020. "How Bad Are Bad Templates? Optimistic Design-Stage Side-Channel Security Evaluation and its Cost" Cryptography 4, no. 4: 36. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography4040036
Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.