Leakage detection plays an increasingly important role in the security evaluation of cryptographic devices. A particularly popular approach is the Test Vector Leakage Assessment framework proposed by Cryptography Research Inc. This consists of a suite of simple statistical tests tailored to either confirm or rule out many typical forms of side-channel vulnerabilities. However, if TVLA-style evaluations are performed without an adequate understanding of the statistical theory underpinning them, the risks are that tests may be misapplied, that outcomes may be misunderstood, and that conclusions may be overstated.
The aim of this tutorial is to help you grasp the intuition behind leakage detection methodologies and achieve a sound technical appreciation of how and why they work. We will motivate and describe the current popular practice, including correlation-based tests, and expose some of the limitations, with a special focus on ISO standard 17825. By the end of this tutorial you will be equipped to carry out leakage detection tests sensibly and interpret the outcomes responsibly.
Access this course here