A Modular Testing Environment for Implementation Attacks

Abstract

Implementation attacks, including side-channel, fault, and probing attacks, have received significant attention in both research and commercial communities. Successful attacks have been demonstrated against standard cryptographic algorithms implemented on a wide variety of common platforms. In order to protect against these attacks, designers must incorporate complex countermeasures into the implementation of sensitive operations. Validating the effectiveness of implementation attack countermeasures requires specialized expertise and techniques not commonly used in other types of security and functional testing. We propose a modular testing environment for use in verifying the implementation attack resistance of secure systems. The proposed environment is an open-source solution that allows implementation attack testing to be independent of the system platform, implementation details, and type of attack under evaluation. These key features make the environment suitable for use with an implementation attack security standard in which standard test procedures are published openly and used to evaluate cryptographic systems. We use the proposed test environment to demonstrate a successful side-channel attack on AES, which illustrates the practical usefulness of our design for analyzing implementation attack security. Our open-source design is available at \url{http://rijndael.ece.vt.edu/iameter}.