Abstract
Cryptographic designs are vulnerable to side-channel analysis attacks. Evaluating their security during design stages is of crucial importance. The latter is achieved by very expensive (slow) analog transient-noise simulations over advanced fabrication process technologies. The main challenge of such rigorous security-evaluation analysis lies in the fact that technologies are becoming more and more complex and the physical properties of manufactured devices vary significantly due to process variations. In turn, a detailed security evaluation process imposes exponential time complexity with the circuit-size, the number of physical implementation corners (statistical variations) and the accuracy of the circuit-simulator. Given these circumstances, what is the cost of not exhausting the entire implementation space? In terms of simulation-time complexity, the benefits would clearly be significant; however, we are interested in evaluating the security implications. This question can be formulated for many other interesting side-channel contexts such as for example, how would an attack-outcome vary when the adversary is building a leakage template over one device, i.e., one physical corner, and it performs an evaluation (attack) phase of a device drawn from a different statistical corner? Alternatively, is it safe to assume that a typical (average) corner would represent the worst case in terms of security evaluation or would it be advisable to perform a security evaluation over another specific view? Finally, how would the outcome vary concretely? We ran in-depth experiments to answer these questions in the hope of finding a nice tradeoff between simulation efforts and expertise, and security-evaluation degradation. We evaluate the results utilizing methodologies such as template-attacks with a clear distinction between profiling and attack-phase statistical views. This exemplary view of what an adversary might capture in these scenarios is followed by a more complete statistical evaluation analysis utilizing tools such as the Kullback–Leibler (KL) divergence and the Jensen-Shannon (JS) divergence to draw conclusions.
Highlights
Security evaluation methodologies for cryptographic devices have evolved rapidly to face the rapid rise in side-channel attacks (SCAs)
For the analysis presented in this paper we ran the simulation with 5 representative corners, each with a different process corner ∈ {TT, FF, FS, SF, SS} due to deviations in the semiconductor fabrication process
As process nodes make technological advances the effect of different process corners on a device is greater, making it hard to ignore when discussing SCA security evaluation; the tradeoff between simulation efforts and security evaluation must be taken into account
Summary
Security evaluation methodologies for cryptographic devices have evolved rapidly to face the rapid rise in side-channel attacks (SCAs). In many organizations they have become mainstream, even in non security-oriented design houses. Side-channel attack countermeasures and attacks have attracted considerable attention, a point which is rarely considered in literature is SCA-security implications related to the statistical nature of the manufactured devices. This manuscript aims to take a step forward in understanding the security degradation of such statistical behavior, and provide a better understanding of how to approach design-stage security evaluation and its expected time costs
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call