A sound design time evaluation of the security of a digital device is
a goal which has attracted a great amount of research effort lately.
Common security metrics for the attack consider either the theoretical leakage of the device, or assume as a security metric the
number of measurements needed in order to be able to always recover the secret key. In this work we provide a combined security
metric taking into account the computational effort needed to lead
the attack, in combination with the quantity of measurements to
be performed, and provide a practical lower bound for the security
margin which can be employed by a secure hardware designer. This
paper represents a first exploration of a design-time security metric
incorporating the computational effort required to lead a power-
based side channel attack in the security level assessment of the
device. We take into account in our metric the possible presence of
masking and hiding schemes, and we assume the best measurement
conditions for the attacker, thus leading to a conservative estimate
of the security of the device. We provide a practical validation of
our security metric through an analysis of transistor-level accurate
power simulations of a 128-bit AES core implemented on a 65 nm
library.
↧