Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks

To be secure, tamper resistant cryptographic devices must be protected against DPA and related attacks. Independent testing processes are essential for validating the presence and effectiveness of these countermeasures. Testing methodologies for power analysis vulnerabilities can yield varying degrees of assurance as to the security of the device under test. While insecurity can be demonstrated conclusively, evidence of security is more open-ended. Confidence in a security evaluation depends on many factors including the comprehensiveness of the evaluation, the skill of the evaluator, the nature of the device’s design, and the difficulty of exploiting any identified vulnerabilities. This paper reviews testing strategies for power analysis and related attacks, including black box and clear box methods. The paper also examines how appropriate design architectures and evaluation approaches can be combined to yield the strongest evidence of a device’s security.