The Side-channel Metrics Cheat Sheet

Papagiannopoulos, Kostas; Glamočanin, Ognjen; Azouaoui, Melissa; Ros, Dorian; Regazzoni, Francesco; Stojilović, Mirjana

doi:10.1145/3565571

Cited by 10 publications

(9 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, a test failure would indicate that statistically significant differences in mean are present between the datasets. In the context of TVLA, the rejection of the null hypothesis-that the two datasets possess identical means-implies security vulnerabilities within the device under inspection [42]. Contrarily, the acceptance of the null hypothesis suggests an absence of discernible security vulnerabilities.…”

Section: T-testmentioning

confidence: 99%

Locking-Enabled Security Analysis of Cryptographic Circuits

Upadhyaya,

Gay,

Polian

2024

Cryptography

View full text Add to dashboard Cite

Hardware implementations of cryptographic primitives require protection against physical attacks and supply chain threats. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this article, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce LEDFA (locking-enabled differential fault analysis) and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits. In several cases, logic locking has made circuit implementations prone to classical algebraic attacks with no fault injection needed altogether. We refer to this “zero-fault” version of LEDFA by the term LEDA, investigate its success factors in-depth and propose a countermeasure to protect the logic-locked implementations against LEDA. We also perform test vector leakage assessment (TVLA) of incorrectly unlocked AES implementations to show the effects of logic locking regarding side-channel leakage. Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.

show abstract

Section: T-testmentioning

confidence: 99%

Locking-Enabled Security Analysis of Cryptographic Circuits

Upadhyaya,

Gay,

Polian

2024

Cryptography

View full text Add to dashboard Cite

show abstract

“…For all three designs, we collect traces with a fixed key and chained plaintext: starting with an initial plaintext, we use the resulting ciphertext as the next plaintext. With the obtained traces, we run the CPA attack on the ninth AES round in steps and compute two metrics: the key rank metric of each byte of the 128-bit secret key [34], and the key rank estimation metric [35].…”

Section: Aes Sensor Fifomentioning

confidence: 99%

Active Wire Fences for Multitenant FPGAs

Glamočanin

Kostic

et al. 2023

2023 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS)

Self Cite

View full text Add to dashboard Cite

When spatially shared among multiple tenants, fieldprogrammable gate arrays (FPGAs) are vulnerable to remote power side-channel analysis attacks. Using carefully crafted onchip voltage sensors, adversaries can extract secrets (e.g., encryption keys or the architectural parameters of neural network accelerators) from collocated tenants. A common countermeasure against power side-channel attacks is hiding; in hiding, the goal is to introduce noise and worsen the signal-to-noise ratio visible to the attacker. In a multitenant FPGA setting, hiding countermeasures can be implemented with an active fence placed between tenants. Previous work demonstrated the effectiveness of active fences built using NAND-based ROs. We enhance the state-of-the-art active fence implementation with novel wire-based power wasters, at no increase in resource overhead. Compared to an RO-based fence, our active wire fence makes the side-channel attack considerably more difficult. When using the RO fence to protect an AES-128 cryptographic module, we recovered all the bytes of the secret key with one million sensor traces, on average. In comparison, when using our novel wire fence, more than six million traces (an improvement of at least 6×) were required to recover all the bits of the secret key.

show abstract

“…Sudden ambient temperature variations-and their potential impact on the DC offset and variance of the sensor tracescould cause degradation in the Pearson correlation coefficient in the CPA attack, resulting in a higher number of traces to break the secret key. Therefore, in our second experiment, using the key rank (KR) estimation metric [25], we evaluate how transient temperature changes impact the success of the CPA attack against an AES hardware module. If the impact is significant, the temperature could severely interfere with conclusions between two different experiment runs (e.g., comparing the side-channel security of two cryptographic implementations).…”

Section: A Leakage Analysismentioning

confidence: 99%

“…In a thermal chamber with stable operating temperatures above 35°C, we record ten runs at 40°C, 45°C, 50°C, 55°C, and 60°C. For each temperature, we compute the average number of traces needed to break the key using the CPA attack and the KR estimation metric [25]. Significantly varying leakage at different external temperatures indicates a potential problem with lengthy experiments: traces acquired over a long time may result in skewed ML models, which are either degraded by the thermal noise or learn the temperature patterns instead of the actual leakage.…”

Section: A Leakage Analysismentioning

confidence: 99%

Temperature Impact on Remote Power Side-Channel Attacks on Shared FPGAs

Glamočanin,

Bazaz,

Payer

et al. 2023

2023 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

To answer the growing demand for hardware acceleration, Amazon, Microsoft, and many other major cloud service providers have included field-programmable gate arrays (FPGAs) in their datacenters. However, researchers have shown that cloud FPGAs, when shared between multiple tenants, face the threat of remote power side-channel analysis (SCA) attacks. FPGA time-todigital converter (TDC) sensors enable adversaries to sense voltage fluctuations and, in turn, break cryptographic implementations or extract confidential information with the help of machine learning (ML). The operating temperature of the TDC sensor affects the traces it acquires, but its impact on the success of remote power SCA attacks has largely been ignored in literature. This paper attempts to fill in this gap. We focus on two attack scenarios: correlation power analysis (CPA) and ML-based profiling attacks. We show that the temperature impacts the success of the remote power SCA attacks: with the ambient temperature increasing, the success rate of the CPA attack decreases. In-depth analysis reveals that TDC sensor measurements suffer from temperaturedependent effects, which, if ignored, can lead to misleading and overly optimistic results of ML-based profiling attacks. We evaluate and stress the importance of following power side-channel trace acquisition guidelines for minimizing the temperature effects and, consequently, obtaining a more realistic measure of success for remote ML-based profiling attacks.

show abstract

The Side-channel Metrics Cheat Sheet

Cited by 10 publications

References 20 publications

Locking-Enabled Security Analysis of Cryptographic Circuits

Locking-Enabled Security Analysis of Cryptographic Circuits

Active Wire Fences for Multitenant FPGAs

Temperature Impact on Remote Power Side-Channel Attacks on Shared FPGAs

Contact Info

Product

Resources

About