Luke Mather

Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests

The development of a leakage detection testing methodology for the side-channel resistance of cryptographic devices is an issue that has received recent focus from standardisation bodies such as NIST. Statistical techniques such as hypothesis and significance testing appear to be ideally suited for this purpose. In this work we evaluate the candidacy of three such detection tests: a t-test proposed by Cryptography Research Inc., and two mutual information-based tests, one in which data is treated as continuous and one as discrete. Our evaluation investigates three particular areas: statistical power, the effectiveness of multiplicity corrections, and computational complexity. To facilitate a fair comparison we conduct a novel a priori statistical power analysis of the three tests in the context of side-channel analysis, finding surprisingly that the continuous mutual information and t-tests exhibit similar levels of power. We also show how the inherently parallel nature of the continuous mutual information test can be leveraged to reduce a large computational cost to insignificant levels. To complement the a priori statistical power analysis we include two real-world case studies of the tests applied to software and hardware implementations of the AES.

Multi-target DPA Attacks: Pushing DPA Beyond the Limits of a Desktop Computer

Following the pioneering CRYPTO ’99 paper by Kocher et al., differential power analysis (DPA) was initially geared around low-cost computations performed using standard desktop equipment with minimal reliance on device-specific assumptions. In subsequent years, the scope was broadened by, e.g., making explicit use of (approximate) power models. An important practical incentive of so-doing is to reduce the data complexity of attacks, usually at the cost of increased computational complexity. It is this trade-off which we seek to explore in this paper. We draw together emerging ideas from several strands of the literature—high performance computing, post-side-channel global key enumeration, and effective combination of separate information sources—by way of advancing (non-profiled) ‘standard DPA’ towards a more realistic threat model in which trace acquisitions are scarce but adversaries are well resourced. Using our specially designed computing platform (including our parallel and scalable DPA implementation, which allows us to work efficiently with as many as 232 key hypotheses), we demonstrate some dramatic improvements that are possible for ‘standard DPA’ when combining DPA outcomes for several intermediate targets. Unlike most previous ‘information combining’ attempts, we are able to evidence the fact that the improvements apply even when the exact trace locations of the relevant information (i.e. the ‘interesting points’) are not known a priori but must be searched simultaneously with the correct subkey.

Pinpointing Side-Channel Information Leaks in Web Applications

The construction of a test capable of detecting the presence of information leaks in a sequence of side-channel observations is an important research goal for engineers attempting to design systems resilient against side-channel attacks. Whilst the traditional targets of side-channel attacks are cryptographic hardware devices, recent works have demonstrated the vulnerability of software, and in particular web applications. As a result, there has been a concerted drive towards the development of a leakage detection strategy that can inspect web application traffic for the presence of information leaks. In this work we discuss the effectiveness of previous approaches, and describe an improved, generically applicable test based on a statistical estimation of the mutual information between the user inputs entered into the application and subsequent observable side-channel information. We use our proposed metric to construct a test capable of analysing sampled traces of packets for the presence of information leaks, and demonstrate the application of our test on a real-world web application.

Two Sides of the Same Coin: Counting and Enumerating Keys Post Side-Channel Attacks Revisited

Motivated by the need to assess the concrete security of a device after a side channel attack, there has been a flurry of recent work designing both key rank and key enumeration algorithms. Two main competitors for key ranking can be found in the literature: a convolution based algorithm put forward by Glowacz et al. (FSE 2015), and a path counting based algorithm proposed by Martin et al. (Asiacrypt 2015). Both key ranking algorithms can be extended to key enumeration algorithms (Poussier et al. (CHES 2016) and Martin et al. (Asiacrypt 2015)). The two approaches were proposed independently, and have so far been treated as uniquely different techniques, with different levels of accuracy. However, we show that both approaches (for ranking) are mathematically equivalent for a suitable choice of their respective discretisation parameter. This settles questions about which one returns more accurate rankings. We then turn our attention to their related enumeration algorithms and determine why and how these algorithms differ in their practical performance.