Paper 2022/182

A Novel Framework for Explainable Leakage Assessment

Si Gao
Elisabeth Oswald
Abstract

Non-specific leakage detection (initially introduced as “Test Vector Leakage Assessment”, short TVLA) plays a vital role in practice because it detects (potential) leaks independently of assumptions about the leakage model and any specific attack vector. However, the nonspecific nature means detected leaks might not be exploitable, and thus the current state of the art is to employ a battery of specific attacks to confirm the detection outcomes. We propose a novel leakage assessment framework which enables to link non-specific leakage detection outcomes with size of the key guess that is necessary to exploit them. We therefore solve the problem of deciding if or not a leak is exploitable without the need for specific attacks. Our methodology furthermore enables (for a detected leak) to reveal the specific key bytes, and with that, it allows the construction of confirmatory attacks. This novel approach is enabled by proposing to cast the leakage detection problem as the statistical task of building key-dependent regression models: if such a model exists, then we know that the point leaks. Depending on the size and nature of the model, we can further judge the exploitability and provide a concrete attack vector.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
Keywords
Leakage detectionSide channel analysis
Contact author(s)
si-gao @ outlook com
elisabeth oswald @ aau at
History
2024-02-14: revised
2022-02-20: received
See all versions
Short URL
https://ia.cr/2022/182
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/182,
      author = {Si Gao and Elisabeth Oswald},
      title = {A Novel Framework for Explainable Leakage Assessment},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/182},
      year = {2022},
      url = {https://eprint.iacr.org/2022/182}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.