Paper 2014/307

Simulation-Time Security Margin Assessment against Power-Based Side Channel Attacks

Alessandro Barenghi, Gerardo Pelosi, and Francesco Regazzoni


A sound design time evaluation of the security of a digital device is a goal which has attracted a great amount of research effort lately. Common security metrics for the attack consider either the theoretical leakage of the device, or assume as a security metric the number of measurements needed in order to be able to always recover the secret key. In this work we provide a combined security metric taking into account the computational effort needed to lead the attack, in combination with the quantity of measurements to be performed, and provide a practical lower bound for the security margin which can be employed by a secure hardware designer. This paper represents a first exploration of a design-time security metric incorporating the computational effort required to lead a power- based side channel attack in the security level assessment of the device. We take into account in our metric the possible presence of masking and hiding schemes, and we assume the best measurement conditions for the attacker, thus leading to a conservative estimate of the security of the device. We provide a practical validation of our security metric through an analysis of transistor-level accurate power simulations of a 128-bit AES core implemented on a 65 nm library.

Available format(s)
Publication info
Published elsewhere. 7th Workshop on Embedded Systems Security (WESS 2012)
AESSide-channel analysis
Contact author(s)
alessandro barenghi @ polimi it
2014-04-30: received
Short URL
Creative Commons Attribution


      author = {Alessandro Barenghi and Gerardo Pelosi and Francesco Regazzoni},
      title = {Simulation-Time Security Margin Assessment against Power-Based Side Channel Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2014/307},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.