{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T13:05:04Z","timestamp":1776776704725,"version":"3.51.2"},"reference-count":33,"publisher":"Walter de Gruyter GmbH","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,2,25]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Side-channel attacks enable powerful adversarial strategies against cryptographic devices and encounter an ever-growing attack surface in today\u2019s world of digitalization and the internet of things. While the employment of provably secure side-channel countermeasures like masking have become increasingly popular in recent years, great care must be taken when implementing these in actual devices. The reasons for this are two-fold: The models on which these countermeasures rely do not fully capture the physical reality and compliance with the requirements of the countermeasures is non-trivial in complex implementations. Therefore, it is imperative to validate the SCA-security of concrete instantiations of cryptographic devices using measurements on the actual device. In this article we propose a side-channel evaluation framework that combines an efficient data acquisition process with state-of-the-art confidence interval based leakage assessment. Our approach allows a sound assessment of the potential susceptibility of cryptographic implementations to side-channel attacks and is robust against noise in the evaluation system. We illustrate the steps in the evaluation process by applying them to a protected implementation of AES.<\/jats:p>","DOI":"10.1515\/itit-2018-0028","type":"journal-article","created":{"date-parts":[[2019,1,29]],"date-time":"2019-01-29T10:13:19Z","timestamp":1548756799000},"page":"15-28","source":"Crossref","is-referenced-by-count":4,"title":["Evaluation of (power) side-channels in cryptographic implementations"],"prefix":"10.1515","volume":"61","author":[{"given":"Florian","family":"Bache","sequence":"first","affiliation":[{"name":"Chair for Security Engineering , Ruhr-Universit\u00e4t Bochum , Universit\u00e4tsstra\u00dfe 150 , Bochum , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christina","family":"Plump","sequence":"additional","affiliation":[{"name":"Group of Computer Architecture , Universit\u00e4t Bremen , Bibliothekstra\u00dfe 5 , Bremen , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jonas","family":"Wloka","sequence":"additional","affiliation":[{"name":"DFKI GmbH , Cyber-Physical Systems , Bibliothekstra\u00dfe 5 , Bremen , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tim","family":"G\u00fcneysu","sequence":"additional","affiliation":[{"name":"Chair for Security Engineering , Ruhr-Universit\u00e4t Bochum , Universit\u00e4tsstra\u00dfe 150 , Bochum , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rolf","family":"Drechsler","sequence":"additional","affiliation":[{"name":"Group of Computer Architecture , Universit\u00e4t Bremen , Bibliothekstra\u00dfe 5 , Bremen , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"374","published-online":{"date-parts":[[2019,1,29]]},"reference":[{"key":"2023033119301493697_j_itit-2018-0028_ref_001_w2aab3b7d422b1b6b1ab2ab1Aa","doi-asserted-by":"crossref","unstructured":"P.\u2009C. Kocher, J. Jaffe, and B. Jun, \u201cDifferential power analysis,\u201d in CRYPTO\u201999 (M.\u2009J. Wiener, ed.), vol.\u20091666 of LNCS, pp.\u2009388\u2013397, Springer, Heidelberg, Aug. 1999.","DOI":"10.1007\/3-540-48405-1_25"},{"key":"2023033119301493697_j_itit-2018-0028_ref_002_w2aab3b7d422b1b6b1ab2ab2Aa","doi-asserted-by":"crossref","unstructured":"A. Moradi and T. Schneider, \u201cImproved side-channel analysis attacks on xilinx bitstream encryption of 5, 6, and 7 series.\u201d Cryptology ePrint Archive, Report 2016\/249, 2016. http:\/\/eprint.iacr.org\/2016\/249.","DOI":"10.1007\/978-3-319-43283-0_5"},{"key":"2023033119301493697_j_itit-2018-0028_ref_003_w2aab3b7d422b1b6b1ab2ab3Aa","doi-asserted-by":"crossref","unstructured":"K. Gandolfi, C. Mourtel, and F. Olivier, \u201cElectromagnetic analysis: Concrete results,\u201d in CHES 2001 (\u00c7etin Kaya. Ko\u00e7, D. Naccache, and C. Paar, eds.), vol.\u20092162 of LNCS, pp.\u2009251\u2013261, Springer, Heidelberg, May 2001.","DOI":"10.1007\/3-540-44709-1_21"},{"key":"2023033119301493697_j_itit-2018-0028_ref_004_w2aab3b7d422b1b6b1ab2ab4Aa","doi-asserted-by":"crossref","unstructured":"M. Hutter and J. Schmidt, \u201cThe temperature side channel and heating fault attacks,\u201d in CARDIS, vol.\u20098419 of Lecture Notes in Computer Science, pp.\u2009219\u2013235, Springer, 2013.","DOI":"10.1007\/978-3-319-14123-7_15"},{"key":"2023033119301493697_j_itit-2018-0028_ref_005_w2aab3b7d422b1b6b1ab2ab5Aa","doi-asserted-by":"crossref","unstructured":"P.\u2009C. Kocher, \u201cTiming attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,\u201d in CRYPTO\u201996 (N. Koblitz, ed.), vol.\u20091109 of LNCS, pp.\u2009104\u2013113, Springer, Heidelberg, Aug. 1996.","DOI":"10.1007\/3-540-68697-5_9"},{"key":"2023033119301493697_j_itit-2018-0028_ref_006_w2aab3b7d422b1b6b1ab2ab6Aa","doi-asserted-by":"crossref","unstructured":"D. Genkin, A. Shamir, and E. Tromer, \u201cRSA key extraction via low-bandwidth acoustic cryptanalysis,\u201d in CRYPTO 2014, Part I (J.\u2009A. Garay and R. Gennaro, eds.), vol.\u20098616 of LNCS, pp.\u2009444\u2013461, Springer, Heidelberg, Aug. 2014.","DOI":"10.1007\/978-3-662-44371-2_25"},{"key":"2023033119301493697_j_itit-2018-0028_ref_007_w2aab3b7d422b1b6b1ab2ab7Aa","doi-asserted-by":"crossref","unstructured":"A. Schl\u00f6sser, D. Nedospasov, J. Kr\u00e4mer, S. Orlic, and J.-P. Seifert, \u201cSimple photonic emission analysis of AES \u2013 photonic side channel analysis for the rest of us,\u201d in CHES 2012 (E. Prouff and P. Schaumont, eds.), vol.\u20097428 of LNCS, pp.\u200941\u201357, Springer, Heidelberg, Sept. 2012.","DOI":"10.1007\/978-3-642-33027-8_3"},{"key":"2023033119301493697_j_itit-2018-0028_ref_008_w2aab3b7d422b1b6b1ab2ab8Aa","doi-asserted-by":"crossref","unstructured":"E. Brier, C. Clavier, and F. Olivier, \u201cCorrelation power analysis with a leakage model,\u201d in CHES 2004 (M. Joye and J.-J. Quisquater, eds.), vol.\u20093156 of LNCS, pp.\u200916\u201329, Springer, Heidelberg, Aug. 2004.","DOI":"10.1007\/978-3-540-28632-5_2"},{"key":"2023033119301493697_j_itit-2018-0028_ref_009_w2aab3b7d422b1b6b1ab2ab9Aa","doi-asserted-by":"crossref","unstructured":"S. Chari, J.\u2009R. Rao, and P. Rohatgi, \u201cTemplate attacks,\u201d in CHES 2002 (B.\u2009S. Kaliski Jr., \u00c7etin Kaya. Ko\u00e7, and C. Paar, eds.), vol.\u20092523 of LNCS, pp.\u200913\u201328, Springer, Heidelberg, Aug. 2003.","DOI":"10.1007\/3-540-36400-5_3"},{"key":"2023033119301493697_j_itit-2018-0028_ref_010_w2aab3b7d422b1b6b1ab2ac10Aa","unstructured":"B. Gierlichs, L. Batina, and P. Tuyls, \u201cMutual information analysis \u2013 a universal differential side-channel attack.\u201d Cryptology ePrint Archive, Report 2007\/198, 2007. http:\/\/eprint.iacr.org\/2007\/198."},{"key":"2023033119301493697_j_itit-2018-0028_ref_011_w2aab3b7d422b1b6b1ab2ac11Aa","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, I. Kizhvatov, and A. Pyshkin, \u201cAlgebraic methods in side-channel collision attacks and practical collision detection,\u201d in INDOCRYPT 2008 (D.\u2009R. Chowdhury, V. Rijmen, and A. Das, eds.), vol.\u20095365 of LNCS, pp.\u2009251\u2013265, Springer, Heidelberg, Dec. 2008.","DOI":"10.1007\/978-3-540-89754-5_20"},{"key":"2023033119301493697_j_itit-2018-0028_ref_012_w2aab3b7d422b1b6b1ab2ac12Aa","unstructured":"A. Moradi and A. Wild, \u201cAssessment of hiding the higher-order leakages in hardware \u2013 what are the achievements versus overheads?.\u201d Cryptology ePrint Archive, Report 2015\/597, 2015. http:\/\/eprint.iacr.org\/2015\/597."},{"key":"2023033119301493697_j_itit-2018-0028_ref_013_w2aab3b7d422b1b6b1ab2ac13Aa","unstructured":"K. Tiri and I. Verbauwhede, \u201cA dynamic and differential CMOS logic style to resist power and timing attacks on security IC\u2019s.\u201d Cryptology ePrint Archive, Report 2004\/066, 2004. http:\/\/eprint.iacr.org\/2004\/066."},{"key":"2023033119301493697_j_itit-2018-0028_ref_014_w2aab3b7d422b1b6b1ab2ac14Aa","unstructured":"K. Tiri and I. Verbauwhede, \u201cA logic level design methodology for a secure DPA resistant ASIC or FPGA implementation,\u201d in DATE, pp.\u2009246\u2013251, IEEE Computer Society, 2004."},{"key":"2023033119301493697_j_itit-2018-0028_ref_015_w2aab3b7d422b1b6b1ab2ac15Aa","doi-asserted-by":"crossref","unstructured":"C. Clavier, J.-S. Coron, and N. Dabbous, \u201cDifferential power analysis in the presence of hardware countermeasures,\u201d in CHES 2000 (\u00c7etin Kaya. Ko\u00e7 and C. Paar, eds.), vol.\u20091965 of LNCS, pp.\u2009252\u2013263, Springer, Heidelberg, Aug. 2000.","DOI":"10.1007\/3-540-44499-8_20"},{"key":"2023033119301493697_j_itit-2018-0028_ref_016_w2aab3b7d422b1b6b1ab2ac16Aa","doi-asserted-by":"crossref","unstructured":"C. Herbst, E. Oswald, and S. Mangard, \u201cAn AES smart card implementation resistant to power analysis attacks,\u201d in ACNS 06 (J. Zhou, M. Yung, and F. Bao, eds.), vol.\u20093989 of LNCS, pp.\u2009239\u2013252, Springer, Heidelberg, June 2006.","DOI":"10.1007\/11767480_16"},{"key":"2023033119301493697_j_itit-2018-0028_ref_017_w2aab3b7d422b1b6b1ab2ac17Aa","doi-asserted-by":"crossref","unstructured":"P. Sasdrich, A. Moradi, and T. G\u00fcneysu, \u201cHiding higher-order side-channel leakage \u2013 randomizing cryptographic implementations in reconfigurable hardware,\u201d in CT-RSA 2017 (H. Handschuh, ed.), vol.\u200910159 of LNCS, pp.\u2009131\u2013146, Springer, Heidelberg, Feb. 2017.","DOI":"10.1007\/978-3-319-52153-4_8"},{"key":"2023033119301493697_j_itit-2018-0028_ref_018_w2aab3b7d422b1b6b1ab2ac18Aa","doi-asserted-by":"crossref","unstructured":"G. Barthe, F. Dupressoir, S. Faust, B. Gr\u00e9goire, F.-X. Standaert, and P.-Y. Strub, \u201cParallel implementations of masking schemes and the bounded moment leakage model,\u201d in EUROCRYPT 2017, Part I, (J. Coron and J.\u2009B. Nielsen, eds.) vol.\u200910210 of LNCS, pp.\u2009535\u2013566, Springer, Heidelberg, Apr.\/May 2017.","DOI":"10.1007\/978-3-319-56620-7_19"},{"key":"2023033119301493697_j_itit-2018-0028_ref_019_w2aab3b7d422b1b6b1ab2ac19Aa","doi-asserted-by":"crossref","unstructured":"S. Chari, C.\u2009S. Jutla, J.\u2009R. Rao, and P. Rohatgi, \u201cTowards sound approaches to counteract power-analysis attacks,\u201d in CRYPTO\u201999 (M.\u2009J. Wiener, ed.), vol.\u20091666 of LNCS, pp.\u2009398\u2013412, Springer, Heidelberg, Aug. 1999.","DOI":"10.1007\/3-540-48405-1_26"},{"key":"2023033119301493697_j_itit-2018-0028_ref_020_w2aab3b7d422b1b6b1ab2ac20Aa","doi-asserted-by":"crossref","unstructured":"H. Gross, S. Mangard, and T. Korak, \u201cDomain-oriented masking: Compact masked hardware implementations with arbitrary protection order.\u201d Cryptology ePrint Archive, Report 2016\/486, 2016. http:\/\/eprint.iacr.org\/2016\/486.","DOI":"10.1145\/2996366.2996426"},{"key":"2023033119301493697_j_itit-2018-0028_ref_021_w2aab3b7d422b1b6b1ab2ac21Aa","doi-asserted-by":"crossref","unstructured":"B. Bilgin, S. Nikova, V. Nikov, V. Rijmen, N.\u2009N. Tokareva, and V. Vitkup, \u201cThreshold implementations of small s-boxes,\u201d Cryptography and Communications, vol.\u20097, no.\u20091, pp.\u20093\u201333, 2015.","DOI":"10.1007\/s12095-014-0104-7"},{"key":"2023033119301493697_j_itit-2018-0028_ref_022_w2aab3b7d422b1b6b1ab2ac22Aa","unstructured":"G. Goodwill, B. Jun, J. Jaffe, and P. Rohatgi, \u201cA testing methodology for side channel resistance validation,\u201d in NIST non-invasive attack testing workshop, 2011."},{"key":"2023033119301493697_j_itit-2018-0028_ref_023_w2aab3b7d422b1b6b1ab2ac23Aa","doi-asserted-by":"crossref","unstructured":"T. Schneider and A. Moradi, \u201cLeakage assessment methodology \u2013 A clear roadmap for side-channel evaluations,\u201d in CHES, vol.\u20099293 of Lecture Notes in Computer Science, pp.\u2009495\u2013513, Springer, 2015.","DOI":"10.1007\/978-3-662-48324-4_25"},{"key":"2023033119301493697_j_itit-2018-0028_ref_024_w2aab3b7d422b1b6b1ab2ac24Aa","unstructured":"F.-X. Standaert, \u201cHow (not) to use welch\u2019s T-test in side-channel security evaluations.\u201d Cryptology ePrint Archive, Report 2017\/138, 2017. http:\/\/eprint.iacr.org\/2017\/138."},{"key":"2023033119301493697_j_itit-2018-0028_ref_025_w2aab3b7d422b1b6b1ab2ac25Aa","doi-asserted-by":"crossref","unstructured":"F. Bache, C. Plump, and T. G\u00fcneysu, \u201cConfident leakage assessment \u2013 A side-channel evaluation framework based on confidence intervals,\u201d in DATE, pp.\u20091117\u20131122, IEEE, 2018.","DOI":"10.23919\/DATE.2018.8342178"},{"key":"2023033119301493697_j_itit-2018-0028_ref_026_w2aab3b7d422b1b6b1ab2ac26Aa","unstructured":"H. Gro\u00df, \u201cDOM protected hardware implementation of AES.\u201d Available at https:\/\/github.com\/hgrosz\/aes-dom as of 9. Januar 2019, 2016."},{"key":"2023033119301493697_j_itit-2018-0028_ref_027_w2aab3b7d422b1b6b1ab2ac27Aa","unstructured":"L. Zhang, A.\u2009A. Ding, F. Durvaux, F.-X. Standaert, and Y. Fei, \u201cTowards sound and optimal leakage detection procedure.\u201d Cryptology ePrint Archive, Report 2017\/287, 2017. http:\/\/eprint.iacr.org\/2017\/287."},{"key":"2023033119301493697_j_itit-2018-0028_ref_028_w2aab3b7d422b1b6b1ab2ac28Aa","doi-asserted-by":"crossref","unstructured":"O. Reparaz, B. Gierlichs, and I. Verbauwhede, \u201cFast leakage assessment,\u201d in CHES 2017 (W. Fischer and N. Homma, eds.), vol.\u200910529 of LNCS, pp.\u2009387\u2013399, Springer, Heidelberg, Sept. 2017.","DOI":"10.1007\/978-3-319-66787-4_19"},{"key":"2023033119301493697_j_itit-2018-0028_ref_029_w2aab3b7d422b1b6b1ab2ac29Aa","unstructured":"\u201cSide-channel AttacK User Reference Architecture.\u201d http:\/\/satoh.cs.uec.ac.jp\/SAKURA\/index.html."},{"key":"2023033119301493697_j_itit-2018-0028_ref_030_w2aab3b7d422b1b6b1ab2ac30Aa","unstructured":"T.\u2009D. Cnudde, B. Bilgin, B. Gierlichs, V. Nikov, S. Nikova, and V. Rijmen, \u201cDoes coupling affect the security of masked implementations?.\u201d Cryptology ePrint Archive, Report 2016\/1080, 2016. http:\/\/eprint.iacr.org\/2016\/1080."},{"key":"2023033119301493697_j_itit-2018-0028_ref_031_w2aab3b7d422b1b6b1ab2ac31Aa","doi-asserted-by":"crossref","unstructured":"L. Mather, E. Oswald, J. Bandenburg, and M. Wojcik, \u201cDoes my device leak information? An a priori statistical power analysis of leakage detection tests.\u201d Cryptology ePrint Archive, Report 2013\/298, 2013. http:\/\/eprint.iacr.org\/2013\/298.","DOI":"10.1007\/978-3-642-42033-7_25"},{"key":"2023033119301493697_j_itit-2018-0028_ref_032_w2aab3b7d422b1b6b1ab2ac32Aa","doi-asserted-by":"crossref","unstructured":"A. Moradi and O. Mischke, \u201cOn the simplicity of converting leakages from multivariate to univariate \u2013 (case study of a glitch-resistant masking scheme),\u201d in CHES 2013 (G. Bertoni and J.-S. Coron, eds.), vol.\u20098086 of LNCS, pp.\u20091\u201320, Springer, Heidelberg, Aug. 2013.","DOI":"10.1007\/978-3-642-40349-1_1"},{"key":"2023033119301493697_j_itit-2018-0028_ref_033_w2aab3b7d422b1b6b1ab2ac33Aa","unstructured":"S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Secaucus, NJ, USA: Springer-Verlag New York, Inc., 2007."}],"container-title":["it - Information Technology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.degruyter.com\/view\/j\/itit.2019.61.issue-1\/itit-2018-0028\/itit-2018-0028.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/itit-2018-0028\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/itit-2018-0028\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,4,1]],"date-time":"2023-04-01T06:46:50Z","timestamp":1680331610000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/itit-2018-0028\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,29]]},"references-count":33,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,2,20]]},"published-print":{"date-parts":[[2019,2,25]]}},"alternative-id":["10.1515\/itit-2018-0028"],"URL":"https:\/\/doi.org\/10.1515\/itit-2018-0028","relation":{},"ISSN":["2196-7032","1611-2776"],"issn-type":[{"value":"2196-7032","type":"electronic"},{"value":"1611-2776","type":"print"}],"subject":[],"published":{"date-parts":[[2019,1,29]]}}}