Paper 2019/1013

A Critical Analysis of ISO 17825 (`Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')

Carolyn Whitnall and Elisabeth Oswald

Abstract

The ISO standardisation of `Testing methods for the mitigation of non-invasive attack classes against cryptographic modules' (ISO/IEC 17825:2016) specifies the use of the Test Vector Leakage Assessment (TVLA) framework as the sole measure to assess whether or not an implementation of (symmetric) cryptography is vulnerable to differential side-channel attacks. It is the only publicly available standard of this kind, and the first side-channel assessment regime to exclusively rely on a TVLA instantiation. TVLA essentially specifies statistical leakage detection tests with the aim of removing the burden of having to test against an ever increasing number of attack vectors. It offers the tantalising prospect of `conformance testing': if a device passes TVLA, then, one is led to hope, the device would be secure against all (first-order) differential side-channel attacks. In this paper we provide a statistical assessment of the specific instantiation of TVLA in this standard. This task leads us to inquire whether (or not) it is possible to assess the side-channel security of a device via leakage detection (TVLA) only. We find a number of grave issues in the standard and its adaptation of the original TVLA guidelines. We propose some innovations on existing methodologies and finish by giving recommendations for best practice and the responsible reporting of outcomes.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in ASIACRYPT 2019
Keywords
side-channel analysisleakage detectionsecurity certificationstatistical power analysis
Contact author(s)
carolyn whitnall @ bristol ac uk
History
2019-09-10: received
Short URL
https://ia.cr/2019/1013
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1013,
      author = {Carolyn Whitnall and Elisabeth Oswald},
      title = {A Critical Analysis of {ISO} 17825 (`Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1013},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1013}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.