A Information-Theoretic Approach to Side-channel Analysis
thesis
posted on 2015-12-01, 00:00 authored by Saurabh ShintreSide-channels are unanticipated information flows that present a significant threat
to security of systems. Quantitative analyses are required to measure the rate of
information leakage and the accuracy of information learned through side-channel
attacks. To this end, the work presented in this thesis develops a general model of
a side channel, which is represented as a two-input-single-output system and specified
by the probability distribution of the output conditioned on the inputs. For this
model, three quantitative metrics are defined: capacity, leakage, and reliability rate.
The thesis argues that capacity is an ill-suited metric for side channels and recommends
the use of other two metrics to measure the leakage rate and accuracy of information
learned, respectively. These metrics are used to analyze attacks employed in
very different application areas: private communication detection in VoIP networks,
packet schedulers in web communication, and timing attacks against modular multiplication
routines used in public-key cryptosystems. The analyses presented in this
thesis enable us to: 1) determine system parameters and user behaviors that preserve
privacy, 2) compute the lifetime of private information, and 3) identify attack
strategies that leak most information. More importantly, they enable us to study the
conditions under which existing countermeasures perform as expected and develop
information-theoretic countermeasures against side-channel attacks.
to security of systems. Quantitative analyses are required to measure the rate of
information leakage and the accuracy of information learned through side-channel
attacks. To this end, the work presented in this thesis develops a general model of
a side channel, which is represented as a two-input-single-output system and specified
by the probability distribution of the output conditioned on the inputs. For this
model, three quantitative metrics are defined: capacity, leakage, and reliability rate.
The thesis argues that capacity is an ill-suited metric for side channels and recommends
the use of other two metrics to measure the leakage rate and accuracy of information
learned, respectively. These metrics are used to analyze attacks employed in
very different application areas: private communication detection in VoIP networks,
packet schedulers in web communication, and timing attacks against modular multiplication
routines used in public-key cryptosystems. The analyses presented in this
thesis enable us to: 1) determine system parameters and user behaviors that preserve
privacy, 2) compute the lifetime of private information, and 3) identify attack
strategies that leak most information. More importantly, they enable us to study the
conditions under which existing countermeasures perform as expected and develop
information-theoretic countermeasures against side-channel attacks.
History
Date
2015-12-01Degree Type
- Dissertation
Department
- Electrical and Computer Engineering
Degree Name
- Doctor of Philosophy (PhD)