survey

The Side-channel Metrics Cheat Sheet

Authors:
Kostas Papagiannopoulos

University of Amsterdam, The Netherlands and Università della Svizzera italiana, The Netherlands

University of Amsterdam, The Netherlands and Università della Svizzera italiana, The Netherlands

0000-0002-5008-1756
View Profile

,
Ognjen Glamočanin

EPFL, Lausanne, Switzerland

EPFL, Lausanne, Switzerland

0000-0001-8275-8365
View Profile

,
Melissa Azouaoui

NXP Semiconductors, Germany and Université Catholique de Louvain, Hamburg, Germany

NXP Semiconductors, Germany and Université Catholique de Louvain, Hamburg, Germany

0000-0003-2011-5633
View Profile

,
Dorian Ros

EPFL, Lausanne, Switzerland

EPFL, Lausanne, Switzerland

0000-0001-5873-0960
View Profile

,
Francesco Regazzoni

University of Amsterdam, The Netherlands and Università della Svizzera italiana, The Netherlands

University of Amsterdam, The Netherlands and Università della Svizzera italiana, The Netherlands

0000-0001-6385-0780
View Profile

,
Mirjana Stojilović

EPFL, Lausanne, Switzerland

EPFL, Lausanne, Switzerland

0000-0001-5649-5020
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 55 Issue 10Article No.: 216pp 1–38https://doi.org/10.1145/3565571

Published:02 February 2023Publication History

ACM Computing Surveys

Abstract

Side-channel attacks exploit a physical observable originating from a cryptographic device in order to extract its secrets. Many practically relevant advances in the field of side-channel analysis relate to security evaluations of cryptographic functions and devices. Accordingly, many metrics have been adopted or defined to express and quantify side-channel security. These metrics can relate to one another, but also conflict in terms of effectiveness, assumptions, and security goals. In this work, we review the most commonly used metrics in the field of side-channel analysis. We provide a self-contained presentation of each metric, along with a discussion of its limitations. We practically demonstrate the metrics on examples of relevant implementations of the Advanced Encryption Standard (AES), and make the software implementation of the presented metrics available to the community as open source. This work, being beyond a survey of the current status of metrics, will allow researchers and practitioners to produce a well-informed security evaluation through a better understanding of its supporting and summarizing metrics.

Supplemental Material

Available for Download

pdf

3565571-supp.pdf (538.4 KB)

Supplementary material

REFERENCES

[1] Archambeau Cédric, Peeters Eric, Standaert François-Xavier, and Quisquater Jean-Jacques. 2006. Template attacks in principal subspaces. In Proceedings of the Cryptographic Hardware and Embedded Systems.Goubin Louis and Matsui Mitsuru (Eds.), Lecture Notes in Computer Science, Vol. 4249, Springer, Berlin, 1–14.Google ScholarDigital Library
[2] Azouaoui Melissa, Poussier Romain, Standaert François-Xavier, and Verneuil Vincent. 2019. Key enumeration from the adversarial viewpoint. In Proceedings of the Smart Card Research and Advanced Applications.Belaïd Sonia and Güneysu Tim (Eds.), Lecture Notes in Computer Science, Vol. 11833, Springer, Berlin, 252–67.Google Scholar
[3] Balasch Josep, Gierlichs Benedikt, Grosso Vincent, Reparaz Oscar, and Standaert François-Xavier. 2014. On the cost of lazy engineering for masked software implementations. In Proceedings of the Smart Card Research and Advanced Applications.Joye Marc and Moradi Amir (Eds.), Lecture Notes in Computer Science, Vol. 8968, Springer, Berlin, 64–81.Google Scholar
[4] Barthe Gilles, Gourjon Marc, Grégoire Benjamin, Orlt Maximilian, Paglialonga Clara, and Porth Lars. 2021. Masking in fine-grained leakage models: Construction, implementation and verification. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 2(2021), 73–96.Google Scholar
[5] Becker G., Cooper J., DeMulder E., Goodwill G., Jaffe J., Kenworthy G., Kouzminov T., Leiserson A., Marson M., Rohatgi P., and Saab S.. 2013. Test vector leakage assessment (TVLA) methodology in practice. In Proceedings of the International Cryptographic Module Conference. Semantic Scholar, Gaithersburg area, MD, 1–13.Google Scholar
[6] Benadjila Ryad, Prouff Emmanuel, Strullu Rémi, Cagli Eleonora, and Dumas Cécile. 2020. Deep learning for side-channel analysis and introduction to ASCAD database. Journal of Cryptographic Engineering 10, 2(2020), 163–188.Google ScholarCross Ref
[7] Bernstein Daniel J., Lange Tanja, and Vredendaal Christine van. 2015. Tighter, Faster, Simpler Side-Channel Security Evaluations Beyond Computing Power. Cryptology e-print archive 2015/221. International Association for Cryptologic Research. Retrieved from http://eprint.iacr.org/2015/211.Google Scholar
[8] Bhasin Shivam, Danger Jean-Luc, Guilley Sylvain, and Najm Zakaria. 2014. NICV: Normalized inter-class variance for detection of side-channel leakage. In Proceedings of the International Symposium on Electromagnetic Compatibility. IEEE, Tokyo, Japan, 310–13.Google Scholar
[9] Biham Eli and Shamir Adi. 1991. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology 4, 1(1991), 3–72.Google ScholarDigital Library
[10] Bogdanov Andrey, Kizhvatov Ilya, Manzoor Kamran, Tischhauser Elmar, and Witteman Marc. 2015. Fast and memory-efficient key recovery in side-channel attacks. In Proceedings of the Conference on Selected Areas in Cryptography.Dunkelman Orr and Keliher Liam (Eds.), Lecture Notes in Computer Science, Vol. 9566, Springer, Berlin, 310–27.Google Scholar
[11] Brier Eric, Clavier Christophe, and Olivier Francis. 2004. Correlation power analysis with a leakage model. In Proceedings of the Cryptographic Hardware and Embedded Systems.Joye Marc and Quisquater Jean-Jacques (Eds.), Lecture Notes in Computer Science, Vol. 3156, Springer, Berlin, 16–29.Google ScholarCross Ref
[12] Bronchain Olivier, Hendrickx Julien M., Massart Clément, Olshevsky Alex, and Standaert François-Xavier. 2019. Leakage certification revisited: bounding model errors in side-channel security evaluations. In Proceedings of the Advances in Cryptology.Boldyreva Alexandra and Micciancio Daniele (Eds.), Lecture Notes in Computer Science, Vol. 11692, Springer, Berlin, 713–37.Google ScholarDigital Library
[13] Chari Suresh, Jutla Charanjit S., Rao Josyula R., and Rohatgi Pankaj. 1999. Towards sound approaches to counteract power-analysis attacks. In Proceedings of the Advances in Cryptology.Wiener Michael (Ed.), Lecture Notes in Computer Science, Vol. 1666, Springer, Berlin, 398–412.Google ScholarCross Ref
[14] Chari Suresh, Rao Josyula R., and Rohatgi Pankaj. 2002. Template attacks. In Proceedings of the Cryptographic Hardware and Embedded Systems.Jr. Burton S. Kaliski, Koç Çetin Kaya, and Paar Christof (Eds.), Lecture Notes in Computer Science, Vol. 2523, Springer, Berlin, 13–28.Google Scholar
[15] Choudary Marios O. and Kuhn Markus G.. 2018. Efficient, portable template attacks. IEEE Transactions on Information Forensics and Security 13, 2(2018), 490–501.Google ScholarDigital Library
[16] Choudary Marios O., Poussier Romain, and Standaert François-Xavier. 2016. Score-based vs. probability-based enumeration - A cautionary note. In Proceedings of the Progress in Cryptology.Dunkelman Orr and Sanadhya Somitra Kumar (Eds.), Lecture Notes in Computer Science, Vol. 10095, Springer, Berlin, 137–52.Google ScholarCross Ref
[17] Choudary Omar and Kuhn Markus G.. 2013. Efficient template attacks. In Proceedings of the Smart Card Research and Advanced Applications.Francillon Aurélien and Rohatgi Pankaj (Eds.), Lecture Notes in Computer Science, Vol. 8419, Springer, Berlin, 253–70.Google Scholar
[18] Chow Shein-Chung, Shao Jun, and Wang Hansheng. 2002. A note on sample size calculation for mean comparisons based on noncentral t-statistics. Journal of Biopharmaceutical Statistics 12, 4(2002), 441–56.Google ScholarCross Ref
[19] Cnudde Thomas De, Reparaz Oscar, Bilgin Begül, Nikova Svetla, Nikov Ventzislav, and Rijmen Vincent. 2016. Masking AES with \(d+1\) shares in hardware. In Proceedings of the Cryptographic Hardware and Embedded Systems.Gierlichs Axel Y. Poschmann Benedikt (Ed.), Lecture Notes in Computer Science, Vol. 9813, Springer, Berlin, 1–21.Google ScholarCross Ref
[20] Cover Thomas M. and Thomas Joy A.. 2006. Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing). Wiley-Interscience, New York, NY.Google ScholarDigital Library
[21] David Liron and Wool Avishai. 2017. A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks. In Proceedings of the Cryptographers’ Track at the RSA Conference.Handschuh Helena (Ed.), Lecture Notes in Computer Science, Vol. 10159, Springer, Berlin, 311–27.Google ScholarCross Ref
[22] Debande N., Oswald E., Poussier R., and Standaert F.-X.. 2018. REASSURE, Deliverable D2.3, Shortcut Formulas for Side Channel Evaluation. 1–41. Retrieved September 29, 2022 from http://reassure.eu/wp-content/uploads/2018/09/REASSURE_D23.pdf.Google Scholar
[23] Ding A. Adam, Zhang Liwei, Durvaux Francois, Standaert Francois-Xavier, and Fei Yunsi. 2017. Towards sound and optimal leakage detection procedure. In Proceedings of the Smart Card Research and Advanced Applications.Eisenbarth Thomas and Teglia Yannick (Eds.), Lecture Notes in Computer Science, Vol. 10728, Springer, Berlin, 105–22.Google ScholarCross Ref
[24] Doget Julien, Prouff Emmanuel, Rivain Matthieu, and Standaert François-Xavier. 2011. Univariate side channel attacks and leakage modeling. Journal of Cryptographic Engineering 1, 2(2011), 123–44.Google ScholarCross Ref
[25] Duc Alexandre, Faust Sebastian, and Standaert François-Xavier. 2019. Making masking security proofs concrete (or how to evaluate the security of any leaking device), extended version. Journal of Cryptology 32, 4(2019), 1263–97.Google ScholarDigital Library
[26] Dunn Olive Jean. 1961. Multiple comparisons among means. Journal of the American Statistical Association 56, 293(1961), 52–64.Google ScholarCross Ref
[27] Durvaux François, Standaert François-Xavier, and Veyrat-Charvillon Nicolas. 2014. How to certify the leakage of a chip? In Proceedings of the Advances in Cryptology.Nguyen Phong Q. and Oswald Elisabeth (Eds.), Lecture Notes in Computer Science, Vol. 8441, Springer, Berlin, 459–76.Google ScholarCross Ref
[28] Durvaux François and Standaert François-Xavier. 2016. From improved leakage detection to the detection of points of interests in leakage traces. In Proceedings of the Advances in Cryptology.Fischlin Marc and Coron Jean-Sébastien (Eds.), Lecture Notes in Computer Science, Vol. 9665, Springer, Berlin, 240–62.Google ScholarCross Ref
[29] Efron Bradley and Tibshirani Robert. 1986. Bootstrap methods for standard errors, confidence intervals, and other measures of statistical accuracy. Statistical Science 1, 1(1986), 54–75.Google Scholar
[30] Fei Yunsi, Luo Qiasi, and Ding A. Adam. 2012. A statistical model for DPA with novel algorithmic confusion analysis. In Proceedings of the Cryptographic Hardware and Embedded Systems.Prouff Emmanuel and Schaumont Patrick (Eds.), Lecture Notes in Computer Science, Vol. 7428, Springer, Berlin, 233–50.Google ScholarDigital Library
[31] Glowacz Cezary, Grosso Vincent, Poussier Romain, Schüth Joachim, and Standaert François-Xavier. 2015. Simpler and more efficient rank estimation for side-channel security assessment. In Proceedings of the Fast Software Encryption.Leander Gregor (Ed.). Lecture Notes in Computer Science, Vol. 9054, Springer, Berlin, 117–29.Google ScholarCross Ref
[32] Goodwill Gilbert, Jun Benjamin, Jaffe Josh, and Rohatgi Pankaj. 2011. A testing methodlogy for side-channel resistance validation. In Proceedings of the NIST Non-Invasive Attack Testing Workshop. NIST, Nara, Japan, 1–15.Google Scholar
[33] Grosso Vincent and Standaert François-Xavier. 2018. Masking proofs are tight and how to exploit it in security evaluations. In Proceedings of the Advances in Cryptology.Nielsen Jesper Buus and Rijmen Vincent (Eds.), Lecture Notes in Computer Science, Vol. 10821, Springer, Berlin, 385–412.Google ScholarCross Ref
[34] Grosso Vincent, Standaert François-Xavier, and Faust Sebastian. 2014. Masking vs. multiparty computation: How large is the gap for AES? Journal of Cryptographic Engineering 4, 1(2014), 47–57.Google ScholarCross Ref
[35] Grosso Vincent, Standaert François-Xavier, and Prouff Emmanuel. 2013. Low entropy masking schemes, revisited. In Proceedings of the Smart Card Research and Advanced Applications.Francillon Aurélien and Rohatgi Pankaj (Eds.), Lecture Notes in Computer Science, Vol. 8419, Springer, Berlin, 33–43.Google ScholarCross Ref
[36] Guo Qian, Grosso Vincent, Standaert François-Xavier, and Bronchain Olivier. 2020. Modeling soft analytical side-channel attacks from a coding theory viewpoint. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 4(2020), 209–38.Google Scholar
[37] Hellman Martin. 1980. A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26, 4(1980), 401–6.Google ScholarDigital Library
[38] Hospodar Gabriel, Gierlichs Benedikt, Mulder Elke De, Verbauwhede Ingrid, and Vandewalle Joos. 2011. Machine learning in side-channel analysis: A first study. Journal of Cryptographic Engineering 1, 4(2011), 293–302.Google ScholarCross Ref
[39] Ishai Yuval, Sahai Amit, and Wagner David. 2003. Private circuits: Securing hardware against probing attacks. In Proceedings of the Advances in Cryptology.Boneh Dan (Ed.), Lecture Notes in Computer Science, Vol. 2729, Springer, Berlin, 463–81.Google ScholarCross Ref
[40] ISO/ESC. 2022. ISO/IEC 15408-1:2022, Information security, cybersecurity and privacy protection – Evaluation criteria for IT security – Part 1: Introduction and general model. https://www.iso.org/standard/72891.html. Accessed 29/09/2022.Google Scholar
[41] ISO/IEC. 2016. ISO/IEC 17825:2016, Information technology – Security techniques – Testing methods for the mitigation of non-invasive attack classes against cryptographic modules. Retrieved September 29, 2022 from https://www.iso.org/standard/60612.html.Google Scholar
[42] Journault Anthony and Standaert François-Xavier. 2017. Very high order masking: Efficient implementation and security evaluation. In Proceedings of the Cryptographic Hardware and Embedded Systems.Fischer Wieland and Homma Naofumi (Eds.), Lecture Notes in Computer Science, Vol. 10529, Springer, Berlin, 623–43.Google ScholarCross Ref
[43] Knudsen Lars R.. 1998. Contemporary block ciphers. In Proceedings of the Lectures on Data Security, Modern Cryptology in Theory and Practice. Springer, Aarhus, Denmark, 105–26.Google Scholar
[44] Kocher Paul, Jaffe Joshua, and Jun Benjamin. 1999. Differential power analysis. In Proceedings of the Advances in Cryptology.Wiener Michael (Ed.), Lecture Notes in Computer Science, Vol. 1666, Springer, Berlin, 398–412.Google ScholarCross Ref
[45] Kolmogorov Andrei N.. 1933. Sulla determinazione empirica di una legge di distribuzione. Giornale dell’Instituto Italiano degli Attuari 4, 6.1(1933), 83–91.Google Scholar
[46] Köpf Boris and Basin David. 2007. An information-theoretic model for adaptive side-channel attacks. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, Alexandria, VA, 286–96.Google ScholarDigital Library
[47] Larsen Richard J. and Marx Morris L.. 2006. An Introduction to Mathematical Statistics and Its Applications Fifth Edition. Pearson Prentice Hall, Hoboken, NJ.Google Scholar
[48] Lerman Liran, Bontempi Gianluca, and Markowitch Olivier. 2014. Power analysis attack: An approach based on machine learning. International Journal of Applied Cryptography 3, 2(2014), 97–115.Google ScholarCross Ref
[49] Library Joint Interpretation. 2020. Application of Attack Potential to Smartcards and Similar Devices. Retrieved September 29, 2022 from https://www.sogis.eu/documents/cc/domains/sc/JIL-Application-of-Attack-Potential-to-Smartcards-v3-1.pdf.Google Scholar
[50] Lisovets Oleksiy, Knichel David, Moos Thorben, and Moradi Amir. 2021. Let’s take it offline: Boosting brute-force attacks on iphone’s user authentication through SCA. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 3(2021), 496–519.Google Scholar
[51] Lomné Victor, Prouff Emmanuel, Rivain Matthieu, Roche Thomas, and Thillard Adrian. 2014. How to estimate the success rate of higher-order side-channel attacks. In Proceedings of the Cryptographic Hardware and Embedded Systems.Batina Lejla and Robshaw Matthew (Eds.), Lecture Notes in Computer Science, Vol. 8731, Springer, Berlin, 35–54.Google ScholarDigital Library
[52] Lomné Victor, Prouff Emmanuel, and Roche Thomas. 2013. Behind the scene of side channel attacks. In Proceedings of the Advances in Cryptology.Sako Kazue and Sarkar Palash (Eds.), Lecture Notes in Computer Science, Vol. 8269, Springer, Berlin, 506–25.Google ScholarDigital Library
[53] Longo Jake, Martin Daniel P., Mather Luke, Oswald Elisabeth, Sach Benjamin, and Stam Martijn. 2016. How Low Can You Go? Using Side-Channel Data to Enhance Brute-Force Key Recovery. Cryptology e-print archive 2016/609. International Association for Cryptologic Research. Retrieved from http://eprint.iacr.org/2016/609.Google Scholar
[54] Mace F., St F. X., Hassoune I., Legat J. D., and Quisquater J. J.. 2004. A dynamic current mode logic to counteract power analysis attacks. In Proceedings of the 19th Conference on Design of Circuits and Integrated Systems. IEEE, Bordeaux, 186–91.Google Scholar
[55] Mangard Stefan. 2004. Hardware countermeasures against DPA? A statistical analysis of their effectiveness. In Proceedings of the Cryptographers’ Track at the RSA Conference.Okamoto Tatsuaki (Ed.), Lecture Notes in Computer Science, Vol. 2964, Springer, Berlin, 222–35.Google ScholarCross Ref
[56] Martin Daniel P., O’Connell Jonathan F., Oswald Elisabeth, and Stam Martijn. 2015. Counting keys in parallel after a side channel attack. In Proceedings of the Advances in Cryptology.Iwata Tetsu and Cheon Jung Hee (Eds.), Lecture Notes in Computer Science, Vol. 9453, Springer, Berlin, 313–37.Google ScholarDigital Library
[57] Martinasek Zdenek and Malina Jan Hajny Lukas. 2011. Optimization of power analysis using neural network. In Proceedings of the Smart Card Research and Advanced Applications.Francillon Aurélien and Rohatgi Pankaj (Eds.), Lecture Notes in Computer Science, Vol. 8419, Springer, Berlin, 94–107.Google ScholarCross Ref
[58] Massey James L.. 1994. Guessing and entropy. In Proceedings of the 1994 IEEE International Symposium on Information Theory. IEEE, Trondheim, Norway, 204.Google ScholarCross Ref
[59] Masure Loïc, Dumas Cécile, and Prouff Emmanuel. 2019. A comprehensive study of deep learning for side-channel analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 1(2019), 348–75.Google Scholar
[60] Mather Luke, Oswald Elisabeth, Bandenburg Joe, and Wójcik Marcin. 2013. Does my device leak information? an a priori statistical power analysis of leakage detection tests. In Proceedings of the Advances in Cryptology.Sako Kazue and Sarkar Palash (Eds.), Lecture Notes in Computer Science, Vol. 8269, Springer, Berlin, 486–505.Google ScholarDigital Library
[61] Matsui Mitsuru and Yamagishi Atsuhiro. 1992. A new method for known plaintext attack of FEAL cipher. In Proceedings of the Advances in Cryptology.Rueppel Rainer A. (Ed.), Lecture Notes in Computer Science, Vol. 658, Springer, Berlin, 81–91.Google Scholar
[62] Messerges Thomas S.. 2000. Securing the AES finalists against power analysis attacks. In Proceedings of the Fast Software Encryption.Schneier Bruce (Ed.), Lecture Notes in Computer Science, Vol. 1978, Springer, Berlin, 150–64.Google Scholar
[63] Moradi Amir, Richter Bastian, Schneider Tobias, and Standaert François-Xavier. 2018. Leakage detection with the \(\chi ^2\)-test. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 1(2018), 209–37.Google Scholar
[64] Moradi Amir and Standaert François-Xavier. 2016. Moments-correlating DPA. In Proceedings of the 2016 ACM Workshop on Theory of Implementation Security. ACM, Vienna, Austria, 5–15.Google ScholarDigital Library
[65] Murphy Kevin R., Myors Brett, and Wolach Allen. 2014. Statistical Power Analysis: A Simple and General Model for Traditional and Modern Hypothesis Tests. Routledge, New York, NY.Google ScholarCross Ref
[66] Papagiannopoulos Kostas and Veshchikov Nikita. 2017. Mind the gap: Towards secure 1st-order masking in software. In Proceedings of the Constructive Side-Channel Analysis and Secure Design.Guilley Sylvain (Ed.), Lecture Notes in Computer Science, Vol. 10348, Springer, Berlin, 282–97.Google ScholarCross Ref
[67] Pearson Karl. 1992. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling. In Proceedings of the Breakthroughs in Statistics: Methodology and Distribution. Kotz Samuel and Johnson Norman L. (Eds.), Springer New York, New York, NY, 11–28.Google ScholarCross Ref
[68] Perin Guilherme, Ege Baris, and Chmielewski Lukasz. 2019. Neural Network Model Assessment for Side-Channel Analysis. Cryptology e-print archive 2019/722. International Association for Cryptologic Research. Retrieved from http://eprint.iacr.org/2019/722.Google Scholar
[69] Poussier Romain, Guo Qian, Standaert François-Xavier, Carlet Claude, and Guilley Sylvain. 2017. Connecting and improving direct sum masking and inner product masking. In Proceedings of the Smart Card Research and Advanced Applications.Eisenbarth Thomas and Teglia Yannick (Eds.), Lecture Notes in Computer Science, Vol. 10728, Springer, Berlin, 123–41.Google Scholar
[70] Poussier Romain, Standaert François-Xavier, and Grosso Vincent. 2016. Simple key enumeration (and rank estimation) using histograms: An integrated approach. In Proceedings of the Cryptographic Hardware and Embedded Systems.Gierlichs Axel Y. Poschmann Benedikt (Ed.), Lecture Notes in Computer Science, Vol. 9813, Springer, Berlin, 61–81.Google ScholarCross Ref
[71] Pozo Santos Merino Del and Standaert François-Xavier. 2015. Blind source separation from single measurements using singular spectrum analysis. In Proceedings of the Cryptographic Hardware and Embedded Systems.Güneysu Tim and Handschuh Helena (Eds.), Lecture Notes in Computer Science, Vol. 9293, Springer, Berlin, 42–59.Google ScholarDigital Library
[72] Prouff Emmanuel, Rivain Matthieu, and Bévan Régis. 2009. Statistical analysis of second order differential power analysis. IEEE Transactions on Computers 58, 6(2009), 799–811.Google ScholarDigital Library
[73] Regazzoni Francesco. 2016. Physical attacks and beyond. In Proceedings of the Conference on Selected Areas in Cryptography.Avanzi Roberto and Heys Howard M. (Eds.), Lecture Notes in Computer Science, Vol. 10532, Springer, Berlin, 3–13.Google Scholar
[74] Renauld Mathieu, Standaert François-Xavier, Veyrat-Charvillon Nicolas, Kamel Dina, and Flandre Denis. 2011. A formal study of power variability issues and side-channel attacks for nanoscale devices. In Proceedings of the Advances in Cryptology.Paterson Kenneth G. (Ed.), Lecture Notes in Computer Science, Vol. 6632, Springer, Berlin, 109–28.Google ScholarCross Ref
[75] Rivain Matthieu. 2008. On the exact success rate of side channel analysis in the gaussian model. In Proceedings of the Conference on Selected Areas in Cryptography.Avanzi Roberto Maria, Keliher Liam, and Sica Francesco (Eds.), Lecture Notes in Computer Science, Vol. 5381, Springer, Berlin, 165–83.Google Scholar
[76] Rivain Matthieu and Prouff Emmanuel. 2010. Provably secure higher-order masking of AES. In Proceedings of the Cryptographic Hardware and Embedded Systems.Mangard Stefan and Standaert François-Xavier (Eds.), Lecture Notes in Computer Science, Vol. 6225, Springer, Berlin, 413–27.Google ScholarCross Ref
[77] Samwel Niels, Batina Lejla, Bertoni Guido, Daemen Joan, and Susella Ruggero. 2018. Breaking Ed25519 in WolfSSL. In Proceedings of the Cryptographers’ Track at the RSA Conference.Smart Nigel P. (Ed.), Lecture Notes in Computer Science, Vol. 10808, Springer, Berlin, 1–20.Google ScholarCross Ref
[78] Schindler Werner, Lemke Kerstin, and Paar Christof. 2005. Correlation power analysis with a leakage model. In Proceedings of the Cryptographic Hardware and Embedded Systems.Rao Josyula R. and Sunar Berk (Eds.), Lecture Notes in Computer Science, Vol. 3659, Springer, Berlin, 30–46.Google Scholar
[79] Schneider Tobias and Moradi Amir. 2015. Leakage assessment methodology: A clear roadmap for side-channel evaluations. In Proceedings of the Cryptographic Hardware and Embedded Systems.Güneysu Tim and Handschuh Helena (Eds.), Lecture Notes in Computer Science, Vol. 9293, Springer, Berlin, 495–513.Google ScholarDigital Library
[80] Schneider Tobias and Moradi Amir. 2016. Leakage assessment methodology. Journal of Cryptographic Engineering 6, 2(2016), 85–99.Google ScholarCross Ref
[81] Smirnov Nikolai. 1948. Table for estimating the goodness of fit of empirical distributions. The Annals of Mathematical Statistics 19, 2(1948), 279–81.Google ScholarCross Ref
[82] Standaert François-Xavier. 2016. High (Physical) Security & Lightweight (Symmetric) Cryptography (Invited talk), HighLight: High-Security Lightweight Cryptography. Retrieved September 29, 2022 from https://perso.uclouvain.be/fstandae/PUBLIS/186.pdf.Google Scholar
[83] Standaert François-Xavier. 2018. How (not) to use Welsch’s t-test in side-channel security evaluations. In Proceedings of the Smart Card Research and Advanced Applications.Bilgin Begül and Fischer Jean-Bernard (Eds.), Lecture Notes in Computer Science, Vol. 11389, Springer, Berlin, 65–79.Google Scholar
[84] Standaert François-Xavier, Malkin Tal, and Yung Moti. 2009. A unified framework for the analysis of side-channel key recovery attacks. In Proceedings of the Advances in Cryptology.Joux Antoine (Ed.), Lecture Notes in Computer Science, Vol. 5479, Springer, Berlin, 443–61.Google ScholarCross Ref
[85] Standaert François-Xavier, Veyrat-Charvillon Nicolas, Oswald Elisabeth, Gierlichs Benedikt, Medwed Marcel, Kasper Markus, and Mangard Stefan. 2010. The world is not enough: Another look on second-order DPA. In Proceedings of the Advances in Cryptology.Abe Masayuki (Ed.), Lecture Notes in Computer Science, Vol. 6477, Springer, Berlin, 112–29.Google ScholarCross Ref
[86] Thapar Dhruv, Alam Manaar, and Mukhopadhyay Debdeep. 2020. TranSCA: Cross-Family Profiled Side-Channel Attacks using Transfer Learning on Deep Neural Networks. Cryptology e-print archive 2020/1258. International Association for Cryptologic Research (IACR). Retrieved from http://eprint.iacr.org/2020/1258.Google Scholar
[87] Tiri Kris, Akmal Moonmoon, and Verbauwhede Ingrid. 2002. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on Smart Cards. In Proceedings of the 28th European Solid-State Circuits Conference. IEEE, Florence, 403–6.Google Scholar
[88] Unterluggauer Thomas, Korak Thomas, Mangard Stefan, Schilling Robert, Benini Luca, Gürkaynak Frank K., and Muehlberghuber Michael. 2017. Leakage bounds for gaussian side channels. In Proceedings of the Smart Card Research and Advanced Applications.Eisenbarth Thomas and Teglia Yannick (Eds.), Lecture Notes in Computer Science, Vol. 10728, Springer, Berlin, 88–104.Google Scholar
[89] S̆idák Zbynĕk. 1967. Rectangular confidence regions for the means of multivariate normal distributions. Journal of the American Statistical Association 62, 318(1967), 626–33.Google Scholar
[90] Veyrat-Charvillon Nicolas, Gérard Benoît, Renauld Mathieu, and Standaert François-Xavier. 2012. An optimal key enumeration algorithm and its application to side-channel attacks. In Proceedings of the Conference on Selected Areas in Cryptography.Knudsen Lars R. and Wu Huapeng (Eds.), Lecture Notes in Computer Science, Vol. 7707, Springer, Berlin, 390–406.Google Scholar
[91] Veyrat-Charvillon Nicolas, Gérard Benoît, and Standaert François-Xavier. 2013. Security evaluations beyond computing power. In Proceedings of the Advances in Cryptology.Johansson Thomas and Nguyen Phong Q. (Eds.), Lecture Notes in Computer Science, Vol. 7881, Springer, Berlin, 126–41.Google ScholarCross Ref
[92] Veyrat-Charvillon Nicolas, Medwed Marcel, Kerckhof Stéphanie, and Standaert François-Xavier. 2012. Shuffling against side-channel attacks: A comprehensive study with cautionary note. In Proceedings of the Advances in Cryptology.Wang Xiaoyun and Sako Kazue (Eds.), Lecture Notes in Computer Science, Vol. 7658, Springer, Berlin, 740–57.Google ScholarDigital Library
[93] Whitnall Carolyn and Oswald Elisabeth. 2019. A Cautionary Note Regarding the Usage of Leakage Detection Tests in Security Evaluation. Cryptology e-print archive 2019/703. International Association for Cryptologic Research. Retrieved from http://eprint.iacr.org/2019/703.Google Scholar
[94] Whitnall Carolyn and Oswald Elisabeth. 2019. A critical analysis of ISO 17825 (‘Testing Methods for the Mitigation of Non-invasive Attack Classes Against Cryptographic Modules’). In Proceedings of the Advances in Cryptology.Galbraith Steven D. and MoriaiShiho Shiho (Eds.), Lecture Notes in Computer Science, Vol. 11923, Springer, Berlin, 256–84.Google ScholarDigital Library
[95] Whitnall Carolyn, Oswald Elisabeth, and Mather Luke. 2011. An exploration of the Kolmogorov-Smirnov test as a competitor to mutual information analysis. In Proceedings of the Smart Card Research and Advanced Applications.Prouff Emmanuel (Ed.), Lecture Notes in Computer Science, Vol. 7079, Springer, Berlin, 234–51.Google ScholarDigital Library
[96] Wu Lichao, Perin Guilherme, and Picek Stjepan. 2021. On the Evaluation of Deep Learning-based Side-channel Analysis. Cryptology e-print archive 2021/952. International Association for Cryptologic Research. Retrieved from http://eprint.iacr.org/2021/952.Google Scholar
[97] Ye Xin, Eisenbarth Thomas, and Martin William. 2014. Bounded, yet sufficient? how to determine whether limited side channel information enables key recovery. In Proceedings of the Smart Card Research and Advanced Applications.Joye Marc and Moradi Amir (Eds.), Lecture Notes in Computer Science, Vol. 8968, Springer, Berlin, 215–32.Google Scholar
[98] Zhang Jiajia, Zheng Mengce, Nan Jiehui, Hu Honggang, and Yu Nenghai. 2020. A novel evaluation metric for deep learning-based side channel analysis and its extended application to imbalanced data. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 3(2020), 73–96.Google Scholar

Index Terms

The Side-channel Metrics Cheat Sheet
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

SoK: Deep Learning-based Physical Side-channel Analysis
Side-channel attacks represent a realistic and serious threat to the security of embedded devices for already almost three decades. A variety of attacks and targets they can be applied to have been introduced, and while the area of side-channel attacks ...
Read More
Side channel vulnerability metrics: the promise and the pitfalls
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy

Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the ...
Read More
Side-channel analysis of MAC-Keccak hardware implementations
HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy

As Keccak has been selected as the new SHA-3 standard, Message Authentication Code (MAC) (MAC-Keccak) using a secret key will be widely used for integrity checking and authenticity assurance. Recent works have shown the feasibility of side-channel ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 55, Issue 10
October 2023
772 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3567475
Editor:
Albert Zomaya
University of Sydney, Australia
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 2 February 2023
- Online AM: 7 October 2022
- Accepted: 29 August 2022
- Revised: 28 June 2022
- Received: 23 December 2021
Published in csur Volume 55, Issue 10

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Side-channel attacks
side-channel analysis metrics
information theoretic metrics
cryptography
Qualifiers
- survey
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 884
  Total Downloads
- Downloads (Last 12 months)495
- Downloads (Last 6 weeks)52
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

View Full Text

HTML Format

View this article in HTML Format .

View HTML Format

The Side-channel Metrics Cheat Sheet

ACM Computing Surveys

Abstract

Supplemental Material

Available for Download

REFERENCES

Cited By

Index Terms

Recommendations

SoK: Deep Learning-based Physical Side-channel Analysis

Side channel vulnerability metrics: the promise and the pitfalls

Side-channel analysis of MAC-Keccak hardware implementations