Séminaire sécurité des systèmes électroniques embarqués

Accueil     Présentation     Archives

François Durvaux

Does my device leak? - On practical improvement of side-channel security evaluations

Since the first appeared in the late 90's, side-channel attacks have brought interesting challenges for both the academic research and the industry. Due to the unintented nature of side-channel leakages, they can hardly be predicted and completely prevented. In this context, two open problems are usually faced by side-channel security evaluators, namely the leakage detection and the detection of points-of-interest. The first aims at answering whether a device leaks data-dependent information or not, regardless of its usability for an attack. The second is a complementary task that aims at identifying leakages that can actually be exploited to conduct an attack. In this talk, we tackle these two tasks in order to practically improve side-channel security evaluations. We first discuss how these two tasks are connected. It allows us to propose improved methods for (i) a faster leakage detection, and (ii) the detection of points-of-interest in traces of masked implementations. We then show that statistically-sound detection thresholds and a multiple testing correction further improve the leakage detection task.