Bart Stevens, the senior director of sales for the EMEA region in Rambus’ Security Division and Gary Kenworthy, a senior principal engineer in Rambus’ Security Division, recently penned an article for Semiconductor Engineering that discusses the evaluation of side-channel vulnerabilities with Test Vector Leakage Assessment (TVLA).
TVLA: Understanding the basics
Rather than mounting a time-consuming attack to recover secret key information, says Stevens and Kenworthy, TVLA seeks to detect and analyze leakage directly in a device under test.
“For its core statistical test, TVLA specifies and compares two subsets (A&B) of collected traces, with the subsets selected according to known sensitive intermediate bits,” the two explained.
“Differences will be immediately apparent between subsets A and B if the algorithm implementation not properly protected. This core statistical test employs Welch’s t-test for evaluating the significance of the ‘difference of means.’”
The specific test vectors, says Stevens and Kenworthy, are standardized to focus on common leakage modes for a particular algorithm. For example, TVLA testing for the AES algorithm targets S-box outputs, round output, XOR of round input and output and the values of 1st and 2nd byte of round output.
Another TVLA testing mode is the non-specific leakage test. This method, says the authors, looks for differences in the collected traces between operations on fixed vs. varying data. This is a powerful technique that can amplify leakages and identify vulnerabilities even when specific attacks that might exploit that leakage have not yet been discovered.
“When gauging the level of side-channel resistance, testers may also want to follow TVLA assessment with a key extraction attack to verify the real-world significance of said leakage. The leakage profile identified by TVLA will greatly simplify the key extraction attack,” they add.
DPAWS: A TVLA testing platform
Because side-channel attacks are so effective, even well-planned resistance strategies may still leak sensitive information. Therefore, it is critical to verify the actual performance of side-channel countermeasures. The Rambus DPA workstation (DPAWS), for example, is a powerful tool for testing and evaluating the results of hardware or software implementations.
“The TVLA-capable Rambus DPA Workstation Platform (DPAWS) measures a range of side-channel leakages across a wide spectrum of devices and platforms including smart phones, tablets, POS terminals, CPUs, TVs, set-top boxes, FPGAs, smart cards and NFC tech,” Stevens and Kenworthy elaborate. “DPAWS also provides users with a highly-intuitive UI paired with enhanced data visualization that creates an integrated, project-centric analytic environment specifically designed to optimize the efficiency of side-channel analysis.”
Both flexible and scalable, DPAWS supports multiple side-channel sensors, device protocols and form factors, with out-of-the-box support for SASEBO and additional third-party hardware. Moreover, DPAWS easily integrates with a wide range of industry tools including Matlab, Python and other scripting languages. In addition, the Rambus DPA Workstation supports cipher coverage across many standard algorithms (AES, RSA, ECC, DES and SHA), large dataset handling, as well as high-speed collection and analysis of billions of traces. Source code is also available to facilitate increased flexibility.
Rambus DPAWS comprises a custom-configured workstation with an oscilloscope; a DPAD FPGA testing platform; a smart card test fixture; support for PCI high-speed sampling cards; a signal amplifier; EM probes, filters and a power supply. On the software and firmware side, DPAWS includes a device interface and data collection environment; signal processing; hypothesis and prediction generation; as well as optimized DPA analysis utilities and tools.
Side-channel attacks conducted against electronic systems are relatively simple and inexpensive to execute. An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys.
“As all physical electronic systems routinely leak information, effective side-channel countermeasures such as Rambus’ DPA Resistant Hardware Cores (DPARC) or DPA Software Library (DPASL) should be implemented at the design stage to ensure protection of sensitive keys and data,” Stevens and Kenworthy conclude. “After the implementation of hardware or software countermeasures, systems should be carefully evaluated with a Test Vector Leakage Assessment (TVLA) platform such as the Rambus DPA Workstation (DPAWS) to confirm the cessation of sensitive side-channel leakage.”
Interested in learning more about Rambus’ DPA countermeasures? You can check out our product page here and download our eBook on the subject below.