Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery

Xin Ye; Thomas Eisenbarth; William  Martin

doi:10.1007/978-3-319-16763-3_13

Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery

Xin Ye, Thomas Eisenbarth, William Martin

Institut für IT-Sicherheit

Worcester Polytechnic Institute

28 Zitate (Scopus)

Abstract

This work presents a novel algorithm to quantify the relation between three factors that characterize a side channel adversary: the amount of observed side channel leakage, the workload of full key recovery, and its achievable success rate. The proposed algorithm can be used by security evaluators to derive a realistic bound on the capabilities of a side channel adversary. Furthermore, it provides an optimal strategy for combining subkey guesses to achieve any predefined success rate. Hence, it can be used by a side channel adversary to determine whether observed leakage suffices for key recovery before expending computation time. The algorithm is applied to a series of side channel measurements of a microcontroller AES implementation and simulations. A comparison to related work shows that the new algorithm improves on existing algorithms in several respects.

Originalsprache	Englisch
Titel	Smart Card Research and Advanced Applications
Redakteure/-innen	Marc Joye, Amir Moradi
Seitenumfang	18
Band	8968
Erscheinungsort	Cham
Herausgeber (Verlag)	Springer International Publishing
Erscheinungsdatum	17.03.2015
Seiten	215-232
ISBN (Print)	978-3-319-16762-6
ISBN (elektronisch)	978-3-319-16763-3
DOIs	https://doi.org/10.1007/978-3-319-16763-3_13
Publikationsstatus	Veröffentlicht - 17.03.2015
Veranstaltung	13th International Conference on Smart Card Research and Advanced Applications - Paris, Frankreich Dauer: 05.11.2014 → 07.11.2014

UN SDGs

Dieser Output leistet einen Beitrag zu folgendem(n) Ziel(en) für nachhaltige Entwicklung

SDG 9 – Industrie, Innovation und Infrastruktur
SDG 11 – Nachhaltige Städte und Gemeinschaften
SDG 12 – Verantwortungsvoller Konsum und Produktion

Dokumente

10.1007/978-3-319-16763-3_13

https://link.springer.com/chapter/10.1007%2F978-3-319-16763-3_13

Zitieren

Ye, X., Eisenbarth, T., & Martin, W. (2015). Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery. in M. Joye, & A. Moradi (Hrsg.), Smart Card Research and Advanced Applications (Band 8968, S. 215-232). (Lecture Notes in Computer Science; Band 8968). Springer International Publishing. https://doi.org/10.1007/978-3-319-16763-3_13

@inproceedings{1fbfed7f0d4d411088c6e901db4eab42,

title = "Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery",

abstract = "This work presents a novel algorithm to quantify the relation between three factors that characterize a side channel adversary: the amount of observed side channel leakage, the workload of full key recovery, and its achievable success rate. The proposed algorithm can be used by security evaluators to derive a realistic bound on the capabilities of a side channel adversary. Furthermore, it provides an optimal strategy for combining subkey guesses to achieve any predefined success rate. Hence, it can be used by a side channel adversary to determine whether observed leakage suffices for key recovery before expending computation time. The algorithm is applied to a series of side channel measurements of a microcontroller AES implementation and simulations. A comparison to related work shows that the new algorithm improves on existing algorithms in several respects.",

author = "Xin Ye and Thomas Eisenbarth and William Martin",

year = "2015",

month = mar,

day = "17",

doi = "10.1007/978-3-319-16763-3\_13",

language = "English",

isbn = "978-3-319-16762-6",

volume = "8968",

series = "Lecture Notes in Computer Science",

publisher = "Springer International Publishing",

pages = "215--232",

editor = "Marc Joye and Amir Moradi",

booktitle = "Smart Card Research and Advanced Applications",

note = "13th International Conference on Smart Card Research and Advanced Applications, CARDIS 2014 ; Conference date: 05-11-2014 Through 07-11-2014",

}

Ye, X, Eisenbarth, T & Martin, W 2015, Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery. in M Joye & A Moradi (Hrsg.), Smart Card Research and Advanced Applications. Bd. 8968, Lecture Notes in Computer Science, Bd. 8968, Springer International Publishing, Cham, S. 215-232, 13th International Conference on Smart Card Research and Advanced Applications, Paris, Frankreich, 05.11.14. https://doi.org/10.1007/978-3-319-16763-3_13

Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery. / Ye, Xin; Eisenbarth, Thomas; Martin, William .
Smart Card Research and Advanced Applications. Hrsg. / Marc Joye; Amir Moradi. Band 8968 Cham: Springer International Publishing, 2015. S. 215-232 (Lecture Notes in Computer Science; Band 8968).

Publikation: Kapitel in Büchern/Berichten/Konferenzbänden › Konferenzbeitrag › Begutachtung

TY - GEN

T1 - Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery

AU - Ye, Xin

AU - Eisenbarth, Thomas

AU - Martin, William

PY - 2015/3/17

Y1 - 2015/3/17

N2 - This work presents a novel algorithm to quantify the relation between three factors that characterize a side channel adversary: the amount of observed side channel leakage, the workload of full key recovery, and its achievable success rate. The proposed algorithm can be used by security evaluators to derive a realistic bound on the capabilities of a side channel adversary. Furthermore, it provides an optimal strategy for combining subkey guesses to achieve any predefined success rate. Hence, it can be used by a side channel adversary to determine whether observed leakage suffices for key recovery before expending computation time. The algorithm is applied to a series of side channel measurements of a microcontroller AES implementation and simulations. A comparison to related work shows that the new algorithm improves on existing algorithms in several respects.

AB - This work presents a novel algorithm to quantify the relation between three factors that characterize a side channel adversary: the amount of observed side channel leakage, the workload of full key recovery, and its achievable success rate. The proposed algorithm can be used by security evaluators to derive a realistic bound on the capabilities of a side channel adversary. Furthermore, it provides an optimal strategy for combining subkey guesses to achieve any predefined success rate. Hence, it can be used by a side channel adversary to determine whether observed leakage suffices for key recovery before expending computation time. The algorithm is applied to a series of side channel measurements of a microcontroller AES implementation and simulations. A comparison to related work shows that the new algorithm improves on existing algorithms in several respects.

U2 - 10.1007/978-3-319-16763-3_13

DO - 10.1007/978-3-319-16763-3_13

M3 - Conference contribution

SN - 978-3-319-16762-6

VL - 8968

T3 - Lecture Notes in Computer Science

SP - 215

EP - 232

BT - Smart Card Research and Advanced Applications

A2 - Joye, Marc

A2 - Moradi, Amir

PB - Springer International Publishing

CY - Cham

T2 - 13th International Conference on Smart Card Research and Advanced Applications

Y2 - 5 November 2014 through 7 November 2014

ER -

Bounded, yet Sufficient? How to Determine Whether Limited Side Channel Information Enables Key Recovery

Abstract

UN SDGs

Dokumente

Fingerprint

Zitieren