Quantitative Assessment of Power Side-Channel Leakage Based on MMD
Power side-channel analysis is aimed at extracting the internal operations and associated sensitive intermediate values of cryptographic devices from their power consumption patterns.Quantitatively assessing power leakage is essential for comprehending the extent of information leakage.However,current power leakage assessment approaches often focus primarily on a single leakage point,which may be inadequate for addressing the challenges posed by higher-order attack models.Additionally,cryptographic implementations utilizing masking countermeasures frequently exhibit leakage involving multiple variables,complicating detection using traditional single-point methods and leading to false negatives.To tackle this challenge,this study investigates multi-point joint leakage assessment by employing the Maximum Mean Discrepancy(MMD)method to extract the multivariate joint characteristics of power traces.The primary contribution of this paper is to assess the power-side channel leakage of AES by determining whether the distribution of power trajectory samples corresponding to two sets of keys is identical and quanti-tatively evaluating the degree of leakage in the encryption process of cryptographic devices.Firstly,the Maximum Mean Discrepancy,representing the largest difference in expectations over functions in the unit ball of a reproducing kernel Hilbert space(RKHS),is introduced as a side-channel evaluation metric derived from transfer learning.By calculating the difference between the distributions of power trace samples,it assesses the disparity in distribution between two sets of power trace samples to evaluate the security of cryptographic devices.Secondly,building upon MMD,the Side-Channel Leakage Assessment(MMD-SCLA)scheme is proposed,which integrates multiple-point joint leakage characteristics of power traces to comprehensively quantify device security.This approach addresses the shortcomings of TVLA's single-variable quantification assessment and reduces the risk of false negatives in TVLA.To demonstrate the effectiveness of MMD-SCLA,publicly available datasets(DPA contest v2,ASCAD v1)and self-collected data-sets are utilized for experimentation.To quantify the level of power leakage of the AES algorithm under various defense strategies,random delay and Gaussian noise defense mechanisms are imple-mented on the self-collected dataset.The TVLA,HAC,and Bartlett-F test methods are employed as comparison schemes.By integrating the MTD metrics,HAC metrics,TVLA t-values,and MMD-SCLA values across three AES power traces datasets without defense strategies,it is observed that among the implementations of AES in three cryptographic devices,SASEBO GⅡexhibits the smallest MTD value and the largest MMD-SCLA value.Consequently,compared to the power leakage assessment results of STM32F407 and SAKURA-X,it poses the highest risk of information leakage.The security ranking of cryptographic devices,from highest to lowest,is SAKURA-X,STM32F407,and SASEBO GⅡ.In experiments comparing the suppression of power leakage under different defense strategies,the results of four evaluation metrics(HAC metrics,MMD-SCLA values,t-values,and Bartlett-F values)indicate that adopting the first-order masking defense strategy yields the highest security,followed by random delay methods,with Gaussian noise being the lowest.Additionally,experimental results also demonstrate that the MMD-based quantitative leakage assessment method eliminates the false negatives in the traditional TVLA methods.In summary,this work evaluates multivariate leakage analysis under different defense countermeasures,providing an effective tool for assessing side-channel power leakage.The results are also valuable for other symmetric cryptographic algorithms involving power leakage,such as SM4.
power side channelsinformation leakagequantization assessmentmaximum mean errormasksAES
NETL
NSTL
万方数据
