Side-channel leakages

Abstract

The advances in cryptography have enabled the features of confidentiality, security, and integrity in the digital space.
The information about the working of the digital system is used to perform side-channel attacks.
These attacks exploit the physics of the system rather than targeting the mathematical complexity of algorithms.
Side-channel attacks measure the variations in the system's physical characteristics to obtain information about the operations being performed along with the operand data.

In this work, we evaluate how the choice of physical target device impacts the cryptographic implementation's security.
A software implementation is flashed on devices from two different manufactures with the same instruction set, configured for identical execution.
Power traces from different hardware devices are acquired and evaluated using leakage detection methodologies of TVLA, and KL-Divergence.
Trace-sets are compared at the abstraction level of intra-board, inter-board, and inter-class to explore the information leaks.
The performance of leakage detection methodologies in identifying leaks is evaluated using key-rank analysis and verified by profiling templates.

Results show two classes of devices belonging to different manufacturers vary significantly in terms of the power profile yet show similarities in data leakage.
Based on the source of leaks; micro-architecture leaks have minor differences at the inter-board level within boards of the same class, though the results of micro-architecture leaks are not comparable across boards of different classes.
Data-overwrite leaks are specific to the instruction set and pipeline implementation and are observed for both classes of devices.
This work provides a methodology for evaluating software implementations across different hardware.