Cryptology ePrint Archive: Report 2004/369
SCA1 Model: Towards a concrete security approach to the design of cryptosystems secure against side-channel attacks
Filipe Rosado da-Fonseca
Abstract: When implementing cryptosystems in general purpose cryptographic hardware, one takes profit of the Application Programming Interfaces (APIs) displaced by the hardware to code the required cryptosystems. The functions made available by these APIs are divided into two groups, the group of the non-cryptographic functions and the group of the cryptographic primitives. When using these functions, one assumes that the functions of the first group are protected against simple side-channel attacks and the functions of the second group are protected against both simple and differential side-channel attacks. Nonetheless, the cryptosystems that make use of these functions may leak information through side-channels. To close this gap of security, a new model is introduced here. It deeply explains how the functions made available by the hardware's APIs must be protected against side-channel attacks and how this hardware must manage memory. In addition, it introduces an adversary that can undertake side-channel attacks against the cryptosystems to test, and teaches how to represent these attacks in pseudo-code. This paper terminates with both the introduction of some security notions and the presentation of the results of testing some well known cryptosystems in accordance with the latter security notions.
Category / Keywords: implementation / Side channels, power-analysis, timing-analysis, electromagnetic-analysis, optical-analysis, smart cards, symmetric authentication, symmetric encryption, digital signature, asymmetric encryption, signcryption, pseudorandom permutations, pseudorandom functions, birthday attack.
Date: received 23 Dec 2004
Contact author: frfonseca at mind-security com
Available formats: PDF | BibTeX Citation
Note: The attacks described in this paper were introduced at the Rump Session of CHES 2004
Version: 20041229:150241 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]