Efficient Side Channel Testing of Cryptographic Devices using TVLA (Tutorial)

Gary Kenworthy

Power and EM side channels are very powerful attack vectors for cryptographic devices. Protecting against these attacks is an important design consideration for any cryptographic implementation, and validating the effectiveness of countermeasures is critical to verify their effectiveness. Whereas an attacker has potentially unlimited time and resources to mount an attack, the validation against such attacks must be done in an efficient and cost effective way. Test Vector Leakage Assessment (TVLA) is a methodology that can "level the field" and provide an objective, quantified assessment of leakage and the protection afforded by the design. In this tutorial, we will first review the risks of simple power analysis (SPA) and differential power analysis (DPA) and their EM counterparts (SEMA and DEMA). The concepts behind TVLA will be presented, with case studies and demonstrations correlating the TVLA measurements with actual attacks. TVLA measurements will be demonstrated on protected and unprotected hardware cores. Limitations and cautions of using TVLA will also be discussed..