Abstract
Physical non-invasive security has become crucial for cryptographic modules, which are widely used in pervasive computing. International security evaluation standards, such as U.S. Federal Information Processing Standard (FIPS) 140-3 and Common Criteria (CC) part 3 have added special requirements addressing physical non-invasive security. However, these evaluation standards lack of quantitative metrics to explicitly guide the design and measurement. This paper proposes practice-oriented quantitative evaluation metrics, in which the distinguishability between the key predictions is measured under statistical significance tests. Significant distinguishability between the most possible two key candidates suggests high success rates of the right key prediction, thus indicates a low security degree. The quantitative evaluation results provide high accountability of security performance. The accordance with FIPS 140-3 makes the proposed evaluation metrics a valuable complement to these widely adopted standards. Case studies on various smart cards demonstrate that the proposed evaluation metrics are accurate and feasible.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Zhou, Y., Feng, D.: Side-channel attacks: Ten years after its publication and the impact on cryptographic module security testing. In: Information Security Seminar (2006)
Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)
Standaert, F., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. Cryptology ePrint Archive, Report 2006/139 (2008)
Mangard, S.: Hardware countermeasures against DPA - A statistical analysis of their effectiveness. In: Proceedings of the RSA Conference (2004)
Security requirements for cryptographic modules, FIPS PUB 140-3, draft by National Institute of Standards and Technology (2007)
Common Criteria for information technology security evaluation, Part III: Security assurance requirements by National Institute of Standards and Technology (1999)
Wang, A.: Information security models and metrics. In: Proceedings of the 43rd ACM annual Southeast regional conference (2005)
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems 3(3), 461 (2004)
Security requirements for cryptographic modules, FIPS PUB 140-2 by National Institute of Standards and Technology (2001)
Coron, J.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Hasan, M.: Power analysis attacks and algorithmic approaches to their countermeasures for koblitz curve cryptosystems. IEEE Transactions on Computers 50, 1071–1083 (2001)
Tiri, K., Akmal, M., Verbauwhede, I.: A dynamic and differential cmos logic with signal independent power consumption to withstand differential power analysis on smart cards. In: IEEE 28th European Solid-state Circuit Conference (ESSCIRC) (2002)
Moore, S., Anderson, R., Cunningham, P., Mullins, R., Taylor, G.: Improving smart card security using self-timed circuits. In: 8th IEEE International Symposium on Asynchronous Circuits and Systems (Async). IEEE Computer Society Press, Los Alamitos (2002)
Agrawal, D., Archambeault, B., Rao, J., Rohatgi, P.: The em side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)
Li, H., Markettos, T., Moore., S.: Security evaluation against electromagnetic analysis at design time. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 280–292. Springer, Heidelberg (2005)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)
Coron, J.S., Kocher, P., Naccache., D.: Statistics and secret leakage. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 157–173. Springer, Heidelberg (2001)
Miller, I., Freund, J., Johnson, R.: Probability and statistics for engineers. Prentice Hall, Englewood Cliffs (1990)
Berretti, S., Bimbo, A.D., Pala, P.: Retrieval by shape similarity with perceptual distance and effective indexing. IEEE Transactions on Multimedia 2(4), 225–239 (2000)
Li, H., Chen, T., Wu, K., Yu, F.: Quantitative evaluation of side-channel security. In: Asia-Pacific Conference on Information Processing (APCIP) (2009)
Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53(6), 760–768 (2004)
Brier, E., Joye, M.: Weierstrass elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, p. 335. Springer, Heidelberg (2002)
Brier, E., Dechene, I., Joye., M.: Unified addition formulae for elliptic curve cryptosystems. In: Embedded Cryptographic Hardware: Methodologies and Architectures. Nova Science Publishers, Bombay (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Li, H., Wu, K., Yu, F., Yuan, H. (2010). Evaluation Metrics of Physical Non-invasive Security. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds) Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. WISTP 2010. Lecture Notes in Computer Science, vol 6033. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12368-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-12368-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12367-2
Online ISBN: 978-3-642-12368-9
eBook Packages: Computer ScienceComputer Science (R0)