Luke Mather scite author profile

Abstract. A theme of recent side-channel research has been the quest for distinguishers which remain eective even when few assumptions can be made about the underlying distribution of the measured leakage traces. The Kolmogorov-Smirnov (KS) test is a well known non-parametric method for distinguishing between distributions, and, as such, a perfect candidate and an interesting competitor to the (already much discussed) mutual information (MI) based attacks. However, the side-channel distinguisher based on the KS test statistic has received only cursory evaluation so far, which is the gap we narrow here. This contribution explores the eectiveness and eciency of Kolmogorov-Smirnov analysis (KSA), and compares it with mutual information analysis (MIA) in a number of relevant scenarios ranging from optimistic rst-order DPA to multivariate settings. We show that KSA shares certain`generic' capabilities in common with MIA whilst being more robust to noise than MIA in univariate settings. This has the practical implication that designers should consider results of KSA to determine the resilience of their designs against univariate power analysis attacks.

show abstract

Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests

Mather

Oswald

Bandenburg

et al. 2013

View full text Add to dashboard Cite

The development of a leakage detection testing methodology for the side-channel resistance of cryptographic devices is an issue that has received recent focus from standardisation bodies such as NIST. Statistical techniques such as hypothesis and significance testing appear to be ideally suited for this purpose. In this work we evaluate the candidacy of three such detection tests: a t-test proposed by Cryptography Research Inc., and two mutual information-based tests, one in which data is treated as continuous and one as discrete. Our evaluation investigates three particular areas: statistical power, the effectiveness of multiplicity corrections, and computational complexity. To facilitate a fair comparison we conduct a novel a priori statistical power analysis of the three tests in the context of side-channel analysis, finding surprisingly that the continuous mutual information and t-tests exhibit similar levels of power. We also show how the inherently parallel nature of the continuous mutual information test can be leveraged to reduce a large computational cost to insignificant levels. To complement the a priori statistical power analysis we include two real-world case studies of the tests applied to software and hardware implementations of the AES.

show abstract

Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations

Martin

Mather²,

Oswald

et al. 2016

View full text Add to dashboard Cite

Abstract. Quantifying the side channel security of implementations has been a significant research question for several years in academia but also among real world side channel practitioners. As part of security evaluations, efficient key rank estimation algorithms were devised, which in contrast to analyses based on subkey recovery, give a holistic picture of the security level after a side channel attack. However, it has been observed that outcomes of rank estimations show a huge spread in precisely the range of key ranks where enumeration could lead to key recovery. These observations raise the question whether this is because of insufficient rank estimation procedures, or, if this is an inherent property of the key rank. Furthermore, if this was inherent, how could key rank outcomes be translated into practically meaningful figures, suitable to analysing the risk that real world side channel attacks pose? This paper is a direct response to these questions. We experimentally identify the key rank distribution and show that it is independent of different distinguishers and signal-to-noise ratios. Then we offer a theoretical explanation for the observed key rank distribution and determine how many samples thereof are required for a robust estimation of some key parameters. We discuss how this can be naturally integrated into real world side channel evaluation practices. We conclude our research by connecting non-parametric order statistics, in particular percentiles, in a practically meaningful way with business goals.

show abstract

Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer

Mather

Oswald

Whitnall

2014

View full text Add to dashboard Cite

Abstract. Following the pioneering CRYPTO '99 paper by Kocher et al. differential power analysis (DPA) was initially geared around lowcost computations performed using standard desktop equipment with minimal reliance on device-specific assumptions. In subsequent years, the scope was broadened by, e.g., making explicit use of (approximate) power models. An important practical incentive of so-doing is to reduce the data complexity of attacks, usually at the cost of increased computational complexity. It is this trade-off which we seek to explore in this paper. We draw together emerging ideas from several strands of the literaturehigh performance computing, post-side-channel global key enumeration, and effective combination of separate information sources-by way of advancing (non-profiled) 'standard DPA' towards a more realistic threat model in which trace acquisitions are scarce but adversaries are well resourced. Using our specially designed computing platform (including our parallel and scalable DPA implementation, which allows us to work efficiently with as many as 2 32 key hypotheses), we demonstrate some dramatic improvements that are possible for 'standard DPA' when combining DPA outcomes for several intermediate targets. Unlike most previous 'information combining' attempts, we are able to evidence the fact that the improvements apply even when the exact trace locations of the relevant information (i.e. the 'interesting points') are not known a priori but must be searched simultaneously with the correct subkey.

show abstract

Pinpointing side-channel information leaks in web applications

Mather

Oswald

2012

J Cryptogr Eng

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Luke Mather

An Exploration of the Kolmogorov-Smirnov Test as a Competitor to Mutual Information Analysis

Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests

Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations

Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer

Pinpointing side-channel information leaks in web applications

Contact Info

Product

Resources

About