International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

A Novel Framework for Explainable Leakage Assessment

Authors:
Si Gao , University of Klagenfurt
Elisabeth Oswald , University of Klagenfurt and University of Birmingham
Download:
DOI: 10.1007/978-3-031-58734-4_8 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2024
Abstract: Schemes such as Common Criteria or FIPS 140-3 require the assessment of cryptographic implementations with respect to side channels at high security levels. Instead of a ``penetration testing'' style approach where specific tests are carried out, FIPS 140-3 relies on non-specific ``leakage assessment'' to identify potential side channel leaks in implementations of symmetric schemes. Leakage assessment, as it is understood today, is based on a simple leakage detection testing regime. Leakage assessment to date, provides no evidence whether or not the potential leakage is exploitable in a concrete attack: if a device fails the test, (and therefore certification under the FIPS 140-3 scheme) it remains unclear why it fails. We propose a novel assessment regime that is based on a different statistical rational than the existing leakage detection tests. Our statistical approach enables non-specific detection (i.e. we do not require to specify intermediate values) whilst simultaneously generating evidence for designing an attack vector that exploits identified leakage. We do this via an iterative approach, based on building and comparing nested regression models. We also provide, for the first time, concrete definitions for concepts such as key leakage, exploitable leakage and explainable leakage. Finally, we illustrate our novel leakage assessment framework in the context of two open-sourced masked software implementations on a processor that is known to exhibit micro-architectural leakage.
BibTeX
@inproceedings{eurocrypt-2024-33838,
  title={A Novel Framework for Explainable Leakage Assessment},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-58734-4_8},
  author={Si Gao and Elisabeth Oswald},
  year=2024
}