Evaluating side-channel information leakage in 3DES using the <em>t</em>-test

doi:10.16511/j.cnki.qhdxxb.2016.25.007

Download: PDF(1224 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract The t-test is a hypothesis test that deals with two Gaussian samples with unknown variances. When the two samples have unequal variances and unequal sample sizes, the Welch t-test is more reliable than the Student's t-test. This paper evaluates the 1st order side-channel information leakage of 3DES with an AES type t-test. Welch t-tests suitable for evaluating 3DES are given with tests on three different devices that show this method is effective.

Keywords Welch t-test 3DES algorithm side-channel information leakage evaluation

ZTFLH:

TN918

Issue Date: 15 May 2016

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	CHEN Jiazhe
	LI Hexin
	WANG Yanan
	WANG Yuhang

Cite this article:

CHEN Jiazhe,LI Hexin,WANG Yanan, et al. Evaluating side-channel information leakage in 3DES using the t-test[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 499-503.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2016.25.007 OR http://jst.tsinghuajournals.com/EN/Y2016/V56/I5/499

[1] Kocher P, Jaffe J, Jun B. Differential power analysis[C]//Proc CRYPTO'99. Berlin Heidelberg:Springer-Verlag, 1999:388-397.
[2] Kocher P. Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems[C]//Proc CRYPTO'96. Berlin Heidelberg:Springer-Verlag, 1996:104-113.
[3] CCMB-2012-09-001. Common Criteria for information technology security evaluation[S/OL]. (2012-09). http://www.commoncriteriaportal.org/cc/.
[4] CCMB-2012-09-001. Common methodology for information technology security evaluation[S/OL]. (2012-09). http://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdf.
[5] CCDB-2013-05-002. Supporting document-mandatory technical document:application of attack potential to smartcards[S/OL]. (2013-05). http://www.commoncriteriaportal.org/files/supdocs/CCDB-2013-05-002.pdf.
[6] Mather L, Oswald E, Bandenburg J, et al. Does my device leak information? An a priori statistical power analysis of leakage detection tests[C]//Proc Advances in Cryptology-ASIACRYPT 2013. Berlin Heidelberg:Springer-Verlag, 2013:486-505.
[7] Goodwill G, Jun B, Jaffe J, et al. A testing methodology for side channel resistance validation[C]//Proc NIAT 2011. Gaithersburg:NIST, 2011.
[8] Jaffe J, Rohatgi P, Witteman M. Efficient side-channel testing for public key algorithms:RSA case study[C]//Proc NIAT 2011. Gaithersburg:NIST, 2011.
[9] Easter R, Quemard J-P, Sakurai G. ISO/IEC DIS 17825:Information technology-Security technique-Testing methods for the mitigation of non-invasive attack classes against cryptographic modules[Z]. Berlin:DIN, 2014-12-01.
[10] Chothia T, Guha A. A statistical test for information leaks using continuous mutual information[C]//Proc Computer Security Foundations Symposium (CSF). Piscataway, NJ:IEEE Press, 2011:177-190.
[11] Chatzikokolakis K, Chothia T, Guha A. Statistical measurement of information leakage[C]//Proc Tools and Algorithms for the Construction and Analysis of Systems. Berlin Heidelberg:Springer-Verlag, 2010:390-404.
[12] EMV. Integrated Circuit Card Specifications for Payment Systems[S]. California:EMVCo, 2011.
[13] FIPS PUB 46-3. The Official Document Describing the DES Standard[S]. Gaithersburg:NIST, 1999.
[14] Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model[C]//Proc CHES 2004. Berlin Heidelberg:Springer-Verlag, 2004:16-29.