Demonstrating TVLA testing
Evaluating devices for side-channel leakage often treats the evaluator’s role like that of an attacker. The device is manipulated as it would be in the field, attempting to extract an unknown key. This type of testing can be time consuming and inconclusive. All key values, both correct and incorrect are evaluated. The results of these evaluations require determining if there is a significant difference between wrong and right key guesses. As the signal is buried in noise, and the signal strengths may vary from device to device and one measurement setup to another, clear pass/fail criteria are difficult to have across all cases. Instead, evaluating a device with a known key (and data) can be performed by predicting all sensitive values only for the known key value and seeing if any of those leak, and if so how much. This technique is called Test Vector Leakage Analysis (TVLA). The data is recorded using specified key and data values for a fixed amount of time. The analysis time can also be limited. In addition, if a device shows leakage after just a few minutes of data collection, there is no need to continue the data collection to the maximum time limit. More data will only make the leakage more pronounced. We will be demonstrating the ease and power of this technique in real-life on an AES implementation.