Side channel vulnerability metrics: The promise and the pitfalls

Tianwei Zhang, Si Chen, Fangfei Liu, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the effectiveness of these defenses have mostly been given only qualitative analysis by their authors. It is desirable to have a general quantitative method and metric to evaluate a system's vulnerability to side-channel attacks. In this paper, we define the features of a good side-channel leakage metric. We review a recently proposed metric called the Side-channel Vulnerability Factor (SVF) and discuss its merits and issues. We suggest the CSV metric, which tries to show how to overcome some of the shortcomings of the SVF metric, without completely changing its character. We use software cache side-channel attacks and defenses as an example to compare the metrics with known and measurable results on system leakiness.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013
StatePublished - 2013
Event2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013 - Tel-Aviv, Israel
Duration: Jun 23 2013Jun 24 2013

Publication series

NameACM International Conference Proceeding Series

Other

Other2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013
Country/TerritoryIsrael
CityTel-Aviv
Period6/23/136/24/13

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Side channel vulnerability metrics: The promise and the pitfalls'. Together they form a unique fingerprint.

Cite this