Understanding Leakage Detection

Free Tutorial co-organized with CARDIS 2018
November 14th, Montpellier, France

Leakage detection plays a key role in the evaluation of the physical security of cryptographic devices prior to release for sale. It is therefore a topic of considerable interest to designers and manufacturers keen to avoid cost and delay before going to market. It is also of interest to researchers seeking to further the academic literature on side-channel vulnerabilities and to advise industry and standards bodies on best practice.

Within this setting, the Test Vector Leakage Assessment (TVLA) framework proposed by Cryptography Research Inc. (now part of Rambus) has become popular as a systematised and easy-to-apply method for confirming or ruling out many typical forms of side-channel vulnerability. However, without adequate understanding of the statistical theory underpinning TVLA-style evaluations, there remains a high risk that tests will be mis-applied, outcomes misunderstood, and conclusions overstated.

This tutorial will aim to help delegates grasp the intuition of TVLA-style leakage detection at the same time as reaching a sound technical appreciation of how and why they work. Participants will be taught how to perform leakage detection tests, but equally importantly they will learn how to interpret outcomes in accordance with the limitations of a given set of tests, and how to design experiments so that the resulting outcomes are as meaningful and informative as possible.

We will cover the basics of statistical hypothesis testing, how to control (and trade between) the rates of false positives and false negatives, and what can and can’t be concluded if a test `fails’ to detect leakage. In particular, we will explain the notions of statistical power and `effect size’ which help to make the true scope of a test more transparent. We will focus on the fixed-versus-random t-test and the correlation (or SNR) test, and compare them for efficiency and coverage. We will additionally look at some of the challenges inherent to the side-channel setting, such as the impact on error rates of performing numerous tests (that is, on multiple points in a trace), and some of the options to mitigate for this.

The tutorial will be a collaborative effort drawing on the diversity of industrial, academic and advisory expertise brought together by the Horizon 2020 REASSURE project. All material that will be developed for this tutorial will be made available open source, including sample code and traces.

How to participate?

Participation to the tutorial is free, but registration is mandatory. Please send an email to viviane dot sauvage at uclouvain dot be with a short description of your profile and why you want to attend the tutorial.

Tutorial material

In order to maximize learning efficiency, part of the material will be released prior to the tutorial. Section 1 material can, be found here.