The Indiscernibility Methodology: quantifying information leakage from side-channels with no prior knowledge - INRIA - Institut National de Recherche en Informatique et en Automatique Accéder directement au contenu
Pré-Publication, Document De Travail Année : 2022

The Indiscernibility Methodology: quantifying information leakage from side-channels with no prior knowledge

Résumé

Cyber security threats are important and growing issues in computing systems nowadays. Among them are the side-channel attacks, made possible by information leaking from computing systems through nonfunctional properties like execution time, consumed energy, power profiles, etc. These attacks are especially difficult to protect from, since they rely on physical measurements not usually envisioned when designing the functional properties of a program. Furthermore, countermeasures are usually dedicated to protect a particular program against a particular attack, lacking universality. To help fight these threats, we propose in this paper the Indiscernibility Methodology, a novel methodology to quantify with no prior knowledge the information leaked from programs, thus providing the developer with valuable security metrics, derived either from topology or from information theory. Our original approach considers the code to be analyzed as a completely black box, only the public inputs and leakages being observed. It can be applied to various types of side-channel leakages: time, energy, power, EM, etc. In this paper, we first present our Indiscernibility Methodology, including channels of information and our threat model. We then detail the computation of our novel metrics, with strong formal foundations based both on topological security (with distances defined between secret-dependent observations) and on information theory (quantifying the remaining secret information after observation by the attacker). Then we demonstrate the applicability of our approach by providing experimental results for both time and power leakages, studying both average case-, worst case-and indiscernible information metrics.
Fichier principal
Vignette du fichier
2022-09-30_indiscernibility_authors_version_for_HAL.pdf (547.94 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03793085 , version 1 (30-09-2022)

Identifiants

  • HAL Id : hal-03793085 , version 1

Citer

Yoann Marquer, Olivier Zendra, Annelie Heuser. The Indiscernibility Methodology: quantifying information leakage from side-channels with no prior knowledge. 2022. ⟨hal-03793085⟩
95 Consultations
99 Téléchargements

Partager

Gmail Facebook X LinkedIn More