Paper 2024/1904

An Open Source Ecosystem for Implementation Security Testing

Aydin Aysu, North Carolina State University
Fatemeh Ganji, Worcester Polytechnic Institute
Trey Marcantonio, Worcester Polytechnic Institute
Patrick Schaumont, Worcester Polytechnic Institute
Abstract

Implementation-security vulnerabilities such as the power-based side-channel leakage and fault-injection sensitivity of a secure chip are hard to verify because of the sophistication of the measurement setup, as well as the need to generalize the adversary into a test procedure. While the literature has proposed a wide range of vulnerability metrics to test the correctness of a secure implementation, it is still up to the subject-matter expert to map these concepts into a working and reliable test procedure. Recently, we investigated the benefits of using an open-source implementation security testing environment called Chipwhisperer. The open-source and low-cost nature of the Chipwhisperer hardware and software has resulted in the adoption of thousands of testing kits throughout academia and industry, turning the testkit into a baseline for implementation security testing. We investigate the use cases for the Chipwhisperer hardware and software, and we evaluate the feasibility of an open-source ecosystem for implementation security testing. In addition to the open-source hardware and firmware, an ecosystem also considers broader community benefits such as re-usability, sustainability, and governance.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Implementation security testingside-channel attacksfault injection attacks
Contact author(s)
aaysu @ ncsu wpi
fganji @ wpi edu
tmmarcantonio @ wpi edu
pschaumont @ wpi edu
History
2024-11-25: approved
2024-11-22: received
See all versions
Short URL
https://ia.cr/2024/1904
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX 

@misc{cryptoeprint:2024/1904,
      author = {Aydin Aysu and Fatemeh Ganji and Trey Marcantonio and Patrick Schaumont},
      title = {An Open Source Ecosystem for Implementation Security Testing},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1904},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1904}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.