A Information-Theoretic Approach to Side-channel Analysis
2018-12-11T21:41:25Z (GMT) by
Side-channels are unanticipated information flows that present a significant threat<br>to security of systems. Quantitative analyses are required to measure the rate of<br>information leakage and the accuracy of information learned through side-channel<br>attacks. To this end, the work presented in this thesis develops a general model of<br>a side channel, which is represented as a two-input-single-output system and specified<br>by the probability distribution of the output conditioned on the inputs. For this<br>model, three quantitative metrics are defined: capacity, leakage, and reliability rate.<br>The thesis argues that capacity is an ill-suited metric for side channels and recommends<br>the use of other two metrics to measure the leakage rate and accuracy of information<br>learned, respectively. These metrics are used to analyze attacks employed in<br>very different application areas: private communication detection in VoIP networks,<br>packet schedulers in web communication, and timing attacks against modular multiplication<br>routines used in public-key cryptosystems. The analyses presented in this<br>thesis enable us to: 1) determine system parameters and user behaviors that preserve<br>privacy, 2) compute the lifetime of private information, and 3) identify attack<br>strategies that leak most information. More importantly, they enable us to study the<br>conditions under which existing countermeasures perform as expected and develop<br>information-theoretic countermeasures against side-channel attacks.