Abstract
Side-channel attacks exploit unintended leakage from an electronic device in order to retrieve secret data. In particular, attacks exploiting physical side-channels such as power consumption or electromagnetic radiations to recover cryptographic keys are an important threat to embedded devices. Countermeasures against these attacks have been extensively researched for more than two decades and are often deployed in security-critical devices.
A side-channel attack is made of three steps. First, the leakage is measured. Then, a statistical processing is applied to this leakage in order to infer the internal behavior of the device (typically, an intermediate state of the cryptographic algorithm). Finally, the cryptographic key is recovered from the known behavior (Standaert et al., 2009).
For the statistical processing, we distinguish between two classes of attacks, based on the use of a profiling dataset. Such a dataset consists of leakage measurements on a device running the cryptographic algorithm with the known key. Profiled attacks use this data to fit a statistical model (or train a machine-learning model) of the device, while non-profiled attacks have to rely on a priori models and are therefore less powerful (Chari et al., 2002).
There are two main approaches for evaluating the security of devices against side-channel attacks. First, attack-based evaluations try to attack the device and report their success or failure. In case of success, the main figure of merit is the number of traces (i.e., number of executions of a cryptographic algorithm for which the leakage is measured). Second, detection-based evaluations try to detect the presence of key-dependent leakage and sometimes quantify it. These two types of methods can be complementary in the evaluation of a device. Side-channel evaluations are used in various research contexts, such as analyzing the effective-ness of a newly proposed countermeasure or analyzing a widely deployed device. In SCALib,
we implement algorithms for commonly used metrics and methods in side-channel security evaluations, attack-based and evaluation-based. We focus on the requirements of evaluations
and do not implement complete attacks when they are not needed to evaluate the security of a device.
SCALib is distributed as a Python package and uses 16-bit integer NumPy (Harris et al., 2020) arrays for leakage traces. For the sake of efficiency, most algorithms are implemented in Rust, allowing fine control of the memory accesses and enabling efficient parallelization
| Original language | English |
|---|---|
| Pages (from-to) | 5196-5199 |
| Number of pages | 3 |
| Journal | Journal of Open Source Software |
| Volume | 8 |
| Issue number | 86 |
| DOIs | |
| Publication status | Published - 1 Jun 2023 |