基于Bartlett和多分类F检验侧信道泄露评估

doi:10.11959/j.issn.1000-436x.2021235

通信学报 ›› 2021, Vol. 42 ›› Issue (12): 35-43.doi: 10.11959/j.issn.1000-436x.2021235

基于Bartlett和多分类F检验侧信道泄露评估

王娅茹¹^,², 唐明¹^,²

¹ 武汉大学国家网络安全学院，湖北武汉 430072
² 武汉大学空天信息安全与可信计算教育部重点实验室，湖北武汉 430072

修回日期:2021-12-03 出版日期:2021-12-01 发布日期:2021-12-01
作者简介:王娅茹（1989- ），女，河南驻马店人，武汉大学博士生，主要研究方向为侧信道泄露检测、密码学、信息安全等
唐明（1976- ），女，湖北武汉人，博士，武汉大学教授、博士生导师，主要研究方向为CPU安全、信息安全、侧信道攻击与检测等
基金资助:
国家自然科学基金资助项目(61972295);武汉市科技项目应用基础前沿专项基金资助项目(2019010701011407)

Side channel leakage assessment with the Bartlett and multi-classes F-test

Yaru WANG¹^,², Ming TANG¹^,²

¹ School of Cyber Science and Engineering， Wuhan University， Wuhan 430072， China
² Key Laboratory of Aerospace Information Security and Trusted Computing， Wuhan University Ministry of Education， Wuhan 430072， China

Revised:2021-12-03 Online:2021-12-01 Published:2021-12-01
Supported by:
The National Natural Science Foundation of China(61972295);The Wuhan Science and Technology Project Application Foundation Frontier Special Project(2019010701011407)

摘要/Abstract

摘要：

为了解决测试向量泄露评估（TVLA）技术进行侧信道泄露检测时，两组功耗样本（固定明文和随机明文）的均值差异较小时，t 检验存在漏检以及可能导致评估出现假阴性的问题。基于此，提出对样本的均值与方差等参数进行差异评估，进而提出基于Bartlett和多分类F检验侧信道泄露评估（Bartlett-F检验）方法。在Bartlett-F检验中，将Bartlett检验用于均值差异小于方差差异的功耗样本以解决漏检问题，将多分类F检验用于均值差异大于方差差异的功耗样本以解决评估出现假阴性的问题。在检验中，若P值小于阈值，则有泄露。实验结果表明，当均值差异小于方差差异时，Bartlett检验的P值小于阈值时所需样本量为1.5×10⁴，而t检验则需要更大的样本量。当方差差异小于均值差异时，t检验的P值小于阈值时所需样本量为2.0×10²，而F检验所需样本量仅为t检验的1 10。因此，Bartlett-F检验可以解决TVLA技术在泄露检测中存在的问题。

关键词: 泄露检测, Bartlett检验, F检验, 测试向量泄露评估技术, t检验, 侧信道攻击

Abstract:

In order to solve the problem that when test vector leakage assessment （TVLA） technology is used for side channel leakage detection， the mean difference between the two groups of power consumption samples （fixed plaintext and random plaintext） is small， and the t-test may miss detection and lead to false negative evaluation.The Bartlett and multi-classification F-test side channel leakage assessment method （Bartlett-F test） was proposed.In the Bartlett-F test， the Bartlett-test was used to the power samples with greater variance difference than mean difference to solve the problem of missing detection， and the multi-classification F-test was used to the power samples with greater mean difference than variance difference to solve the problem of false negative evaluation.In the test， there is leakage if the P-value is less than the threshold.The experimental results show that when the mean difference is less than the variance difference， the sample size required by Bartlett-test is 1.5×10⁴ when the P-value of Bartlett-test is less than the threshold， while the sample size required by t-test is larger.When the variance difference is less than the mean difference， the sample size required by t-test is 2.0×10² when the P-value of t-test is less than the threshold， while the sample size required by F-test is only 1/10 of t-test.Therefore， Bartlett-F test can solve the problems of TVLA technology in leak detection.

Key words: leakage detection, Bartlett-test, F-test, the test vector leakage assessment technology, t-test, side channel attack

中图分类号:

TP309

王娅茹, 唐明. 基于Bartlett和多分类F检验侧信道泄露评估[J]. 通信学报, 2021, 42(12): 35-43.

Yaru WANG, Ming TANG. Side channel leakage assessment with the Bartlett and multi-classes F-test[J]. Journal on Communications, 2021, 42(12): 35-43.

图/表 8

图1

图2

图3

图4

图5

图6

图7

图8

参考文献 26

[1]	KOCHER P , JAFFE J , JUN B . Differential power analysis[C]// Advances in Cryptology — CRYPTO’ 99. Berlin:Springer, 1999: 388-397.
[2]	MATHER L , OSWALD E , BANDENBURG J ,et al. Does my device leak information? an a priori statistical power analysis of leakage detection tests[C]// Advances in Cryptology — ASIACRYPT 2013. Berlin:Springer, 2013: 486-505.
[3]	GIERLICHS B , BATINA L , TUYLS P ,et al. Mutual information analysis[C]// Cryptographic Hardware and Embedded Systems —CHES 2008. Berlin:Springer, 2008: 426-442.
[4]	CHARI S , RAO J R , ROHATGI P . Template attacks[C]// Cryptographic Hardware and Embedded Systems — CHES 2002. Berlin:Springer, 2003: 13-28.
[5]	SCHRAMM K , WOLLINGER T , PAAR C . A new class of collision attacks and its application to DES[C]// Fast Software Encryption. Berlin:Springer, 2003: 206-222.
[6]	GOODWILL G , JUN B , JAFFE J ,et al. A testing methodology for side-channel resistance validation[C]// NIST non-invasive attack testing workshop.[S.l.:s.n.], 2011,7: 115-136.
[7]	BECKER G , COOPER J , DEMULDER E ,et al. Test Vector Leakage Assessment (TVLA) methodology in practice[C]// International Cryptographic Module Conference.[S.l.:s.n.], 2013:20.
[8]	WELCH B L . The generalization of ‘student’s’ problem when several different population variances are involved[J]. Biometrika, 1947,34(1/2): 28.
[9]	AZOUAOUI M , BELLIZIA D , BUHAN I ,et al. A systematic appraisal of side channel evaluation strategies[C]// Security Standardisation Research. Berlin:Springer, 2020: 46-66.
[10]	YU H , HE Z H , WU L J ,et al. Power leakage detection for a masked SM3-MAC hardware implementation[C]// Proceedings of 2019 IEEE 13th International Conference on Anti-counterfeiting,Security,and Identification (ASID). Piscataway:IEEE Press, 2019: 224-228.
[11]	GUILLEY S , KARRAY K , PERIANIN T ,et al. Side-channel evaluation methodology on software[J]. Cryptography, 2020,4(4): 27.
[12]	DING A A , CHEN C , EISENBARTH T . Simpler,faster,and more robust T-test based leakage detection[C]// Constructive Side-Channel Analysis and Secure Design. Berlin:Springer, 2016: 163-183.
[13]	YANG W , JIA A N . Side-channel leakage detection with one-way analysis of variance[J]. Security and Communication Networks, 2021,2021: 1-13.
[14]	WHITNALL C , OSWALD E . A cautionary note regarding the usage of leakage detection tests in security evaluation[R]. 2019.
[15]	MERINO D P S , STANDAERT F X . Getting the most out of leakage detection[C]// Constructive Side-Channel Analysis and Secure Design. Berlin:Springer, 2017: 264-281.
[16]	WHITNALL C , OSWALD E . A critical analysis of ISO 17825 (‘testing methods for the mitigation of non-invasive attack classes against cryptographic modules’)[C]// Lecture Notes in Computer Science. Berlin:Springer, 2019: 256-284.
[17]	STANDAERT F X , . How (not) to use Welch’s T-test in side-channel security evaluations[C]// Smart Card Research and Advanced Applications. Berlin:Springer, 2019: 65-79.
[18]	DING A A , ZHANG L W , DURVAUX F ,et al. Towards sound and optimal leakage detection procedure[C]// Smart Card Research and Advanced Applications. Berlin:Springer, 2018: 105-122.
[19]	SCHNEIDER T , MORADI A . Leakage assessment methodology[J]. Journal of Cryptographic Engineering, 2016,6(2): 85-99.
[20]	DURVAUX F , STANDAERT F X . From improved leakage detection to the detection of points of interests in leakage traces[C]// Advances in Cryptology — EUROCRYPT 2016. Berlin:Springer, 2016: 240-262.
[21]	CHEN H , XI W , FAN L M ,et al. Side Channel Analysis and Evaluation on Cryptographic Products[J]. Journal of Electronics and Information Technology, 2020,42(8): 1836-1845.
[22]	LEI W , WANG L H , SHAN W J ,et al. A frequency-based leakage assessment methodology for side-channel evaluations[C]// Proceedings of 2017 13th International Conference on Computational Intelligence and Security (CIS). Piscataway:IEEE Press, 2017: 590-593.
[23]	BILGIN B , GIERLICHS B , NIKOVA S ,et al. Higher-order threshold implementations[C]// Lecture Notes in Computer Science. Berlin:Springer, 2014: 326-343.
[24]	DE CNUDDE T , BILGIN B , REPARAZ O ,et al. Higher-order threshold implementation of the AES S-box[C]// Smart Card Research and Advanced Applications. Berlin:Springer, 2016: 259-272.
[25]	PROUFF E , RIVAIN M , BEVAN R . Statistical analysis of second order differential power analysis[J]. IEEE Transactions on Computers, 2009,58(6): 799-811.
[26]	BHASIN S , BRUNEAU N , DANGER J L ,et al. Analysis and improvements of the DPA contest v4 implementation[C]// Security,Privacy,and Applied Cryptography Engineering. Cham:Springer International Publishing, 2014: 201-218.

基于Bartlett和多分类F检验侧信道泄露评估

Side channel leakage assessment with the Bartlett and multi-classes F-test

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 26

相关文章 9

Metrics

推荐阅读 0

[1]	丁绍虎,谢记超,张鹏,普黎明,谷允捷. 基于风险感知的关键虚拟网络功能动态迁移方法[J]. 通信学报, 2020, 41(4): 102-113.
[2]	王燚,吴震,蔺冰. 对加掩加密算法的盲掩码模板攻击[J]. 通信学报, 2019, 40(1): 1-14.
[3]	吴震,王燚,周冠豪. 有学习的高阶DPA攻击[J]. 通信学报, 2018, 39(9): 135-146.
[4]	吴震,杜之波,王敏,向春玲. 密码芯片基于聚类的模板攻击[J]. 通信学报, 2018, 39(8): 83-93.
[5]	赵硕,季新生,毛宇星,程国振,扈红超. 基于安全等级的虚拟机动态迁移方法[J]. 通信学报, 2017, 38(7): 165-174.
[6]	王敏,吴震,饶金涛,杜之波. 针对密码芯片频域互信息能量分析攻击[J]. 通信学报, 2015, 36(Z1): 131-135.
[7]	甘刚，王敏，杜之波，吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 20-161.
[8]	甘刚,王敏,杜之波,吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 156-161.
[9]	张敏,周亮,黄琼,阳小龙,隆克平. 随机延迟污染对IP网络坐标系统的影响及其抑制方法研究[J]. 通信学报, 2011, 32(12): 29-35.