Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks
نویسندگان
چکیده
We propose a novel approach for quantifying a system’s resistance to unknown-message side-channel attacks. The approach is based on a measure of the secret information that an attacker can extract from a system from a given number of side-channel measurements. We provide an algorithm to compute this measure, and we use it to analyze the resistance of hardware implementations of cryptographic algorithms with respect to power and timing attacks. In particular, we show that messageblinding – the common countermeasure against timing attacks – reduces the rate at which information about the secret is leaked, but that the complete information is still eventually revealed. Finally, we compare information measures corresponding to unknown-message, known-message, and chosen-message attackers and show that they form a strict hierarchy.
منابع مشابه
A Formal Analysis of Prefetching in Profiled Cache-Timing Attacks on Block Ciphers
Formally bounding side-channel leakage is important to bridge the gap between the theory and practice in cryptography. However, bounding side-channel leakages is difficult because leakage in a cryptosystem could be from several sources. Moreover the amount of leakage from a source may vary depending on the implementation of the cipher and the form of attack. To formally analyze the security of ...
متن کاملExponential Bounds for Information Leakage in Unknown-Message Side-Channel Attacks
In [1], the authors introduced an important new information theoretic numerical measure for assessing a system’s resistance to unknown-message side-channel attacks and computed a formula for the limit of the numerical values defined by this measure as the number of side-channel observations tends to infinity. Here, we present corresponding quantitative (exponential) bounds that yield an actual ...
متن کاملAdaptive Chosen-Message Side-Channel Attacks
Most side-channel attacks that have been published in the open literature assume knownor chosen-message adversarial scenarios. In this paper, we analyze the increase of the attacks’ efficiencies that can be obtained by adaptively selecting the messages. For this purpose, we first describe a generic strategy that allows an adversary to take advantage of this capability. We show that it can be ap...
متن کاملPhysical Security of Cryptographic Algorithm Implementations
This thesis deals with physical attacks on implementations of cryptographic algorithms and countermeasures against these attacks. Physical attacks exploit properties of an implementation such as leakage through physically observable parameters (side-channel analysis) or susceptibility to errors (fault analysis) to recover secret cryptographic keys. In the absence of adequate countermeasures suc...
متن کاملOn secure embedded token design (Long Version) - Quasi-looped Yao circuits and bounded leakage
Within a broader context of mobile and embedded computing, the design of practical, secure tokens that can store and/or process security-critical information remains an ongoing challenge. One aspect of this challenge is the threat of information leakage through side-channel attacks, which is exacerbated by any resource constraints. Although any countermeasure can be of value, it seems clear tha...
متن کامل