Confident Leakage Assessment ‐ A Side‐Channel Evaluation Framework based on Confidence Intervals
Florian Bache1,a, Christina Plump2 and Tim Güneysu1,3,b
1Horst Görtz Institute for IT Security, Ruhr‐University Bochum, 44780 Bochum, Germany
aflorian.bache@rub.de
btim.gueneysu@rub.de
2University of Bremen, 28359 Bremen, Germany
christina.plump@uni-bremen.de
3Cyber Physical Systems, DFKI GmbH, 28359 Bremen, Germany
ABSTRACT
Cryptographic devices that potentially operate in hostile physical environments need to be secured against sidechannel attacks. In order to ensure the effectiveness of the required countermeasures, scientists, developers, and evaluators need efficient methods to test the security level of a device. In this paper we propose a new framework based on confidence intervals that extends established t‐test based approaches for testvector leakage assessment (TVLA). In comparison to previous TVLA approaches the new methodology does not only enable the detection of leakage but can also assert its absence. The framework is robust against noise in the evaluation system and thereby avoids false negatives. These improvements can be achieved without overhead in measurement complexity and with a minimum of additional computational costs compared to previous approaches. We evaluate our method under realistic conditions by applying it to a protected implementation of AES.