Abstract:The t-test is a hypothesis test that deals with two Gaussian samples with unknown variances. When the two samples have unequal variances and unequal sample sizes, the Welch t-test is more reliable than the Student's t-test. This paper evaluates the 1st order side-channel information leakage of 3DES with an AES type t-test. Welch t-tests suitable for evaluating 3DES are given with tests on three different devices that show this method is effective.
陈佳哲, 李贺鑫, 王亚楠, 王宇航. 运用t检验评估3DES算法的侧信道信息泄露[J]. 清华大学学报(自然科学版), 2016, 56(5): 499-503.
CHEN Jiazhe, LI Hexin, WANG Yanan, WANG Yuhang. Evaluating side-channel information leakage in 3DES using the t-test. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 499-503.
[1] Kocher P, Jaffe J, Jun B. Differential power analysis[C]//Proc CRYPTO'99. Berlin Heidelberg:Springer-Verlag, 1999:388-397.
[2] Kocher P. Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems[C]//Proc CRYPTO'96. Berlin Heidelberg:Springer-Verlag, 1996:104-113.
[3] CCMB-2012-09-001. Common Criteria for information technology security evaluation[S/OL]. (2012-09). http://www.commoncriteriaportal.org/cc/.
[4] CCMB-2012-09-001. Common methodology for information technology security evaluation[S/OL]. (2012-09). http://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdf.
[5] CCDB-2013-05-002. Supporting document-mandatory technical document:application of attack potential to smartcards[S/OL]. (2013-05). http://www.commoncriteriaportal.org/files/supdocs/CCDB-2013-05-002.pdf.
[6] Mather L, Oswald E, Bandenburg J, et al. Does my device leak information? An a priori statistical power analysis of leakage detection tests[C]//Proc Advances in Cryptology-ASIACRYPT 2013. Berlin Heidelberg:Springer-Verlag, 2013:486-505.
[7] Goodwill G, Jun B, Jaffe J, et al. A testing methodology for side channel resistance validation[C]//Proc NIAT 2011. Gaithersburg:NIST, 2011.
[8] Jaffe J, Rohatgi P, Witteman M. Efficient side-channel testing for public key algorithms:RSA case study[C]//Proc NIAT 2011. Gaithersburg:NIST, 2011.
[9] Easter R, Quemard J-P, Sakurai G. ISO/IEC DIS 17825:Information technology-Security technique-Testing methods for the mitigation of non-invasive attack classes against cryptographic modules[Z]. Berlin:DIN, 2014-12-01.
[10] Chothia T, Guha A. A statistical test for information leaks using continuous mutual information[C]//Proc Computer Security Foundations Symposium (CSF). Piscataway, NJ:IEEE Press, 2011:177-190.
[11] Chatzikokolakis K, Chothia T, Guha A. Statistical measurement of information leakage[C]//Proc Tools and Algorithms for the Construction and Analysis of Systems. Berlin Heidelberg:Springer-Verlag, 2010:390-404.
[12] EMV. Integrated Circuit Card Specifications for Payment Systems[S]. California:EMVCo, 2011.
[13] FIPS PUB 46-3. The Official Document Describing the DES Standard[S]. Gaithersburg:NIST, 1999.
[14] Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model[C]//Proc CHES 2004. Berlin Heidelberg:Springer-Verlag, 2004:16-29.