End-to-End Side-Channel Detection Methodology (S11c)
Side-channel evaluation relies, for CC labs, on the lab expertise. However, owing to the dissemination of SCA requirements, a formal methodology is welcomed. Pioneering work done in ISO/IEC 17825 — currently under consideration for revision, and informally referred to in Appendix F of ISO/IEC 19790 (= NIST FIPS 140-3). In this talk, we leverage from the horizontal + vertical test sequence to allow for a quantification of leakage. From the detection test, we provide a quotation system, which relies on traditional factors (time, expertise, equipment, etc. see ISO/IEC 20085) to quantify the assurance in a product. The provided method applies both to pre-silicon (simulated side-channel) and post-silicon (real traces) use-cases, and allows to evaluate the different side-channel threats beyond the traditional “10,000” or “100,000” traces thresholds.