Cryptology ePrint Archive: Report 2019/1013

A Critical Analysis of ISO 17825 (`Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')

Carolyn Whitnall and Elisabeth Oswald

Abstract: The ISO standardisation of `Testing methods for the mitigation of non-invasive attack classes against cryptographic modules' (ISO/IEC 17825:2016) specifies the use of the Test Vector Leakage Assessment (TVLA) framework as the sole measure to assess whether or not an implementation of (symmetric) cryptography is vulnerable to differential side-channel attacks. It is the only publicly available standard of this kind, and the first side-channel assessment regime to exclusively rely on a TVLA instantiation.

TVLA essentially specifies statistical leakage detection tests with the aim of removing the burden of having to test against an ever increasing number of attack vectors. It offers the tantalising prospect of `conformance testing': if a device passes TVLA, then, one is led to hope, the device would be secure against all (first-order) differential side-channel attacks.

In this paper we provide a statistical assessment of the specific instantiation of TVLA in this standard. This task leads us to inquire whether (or not) it is possible to assess the side-channel security of a device via leakage detection (TVLA) only. We find a number of grave issues in the standard and its adaptation of the original TVLA guidelines. We propose some innovations on existing methodologies and finish by giving recommendations for best practice and the responsible reporting of outcomes.

Category / Keywords: implementation / side-channel analysis, leakage detection, security certification, statistical power analysis

Original Publication (in the same form): IACR-ASIACRYPT-2019

Date: received 9 Sep 2019, last revised 10 Sep 2019

Contact author: carolyn whitnall at bristol ac uk

Available format(s): PDF | BibTeX Citation

Version: 20190910:130147 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]