Date of Graduation
5-2024
Document Type
Thesis
Degree Name
Master of Science in Computer Engineering (MSCmpE)
Degree Level
Graduate
Department
Computer Science & Computer Engineering
Advisor/Mentor
Nelson, Alexander H.
Committee Member
Andrews, David L.
Second Committee Member
Huang, Miaoqing
Keywords
Embedded systems; Infrastructure tool; Leakage assessment; Post-Quantum Cryptography; Side-channel attack; Test-Vector Leakage Assessment
Abstract
Post-Quantum Cryptography (PQC) is a new class of asymmetric cryptography algorithms that are supposed to be secure against both classical computers and quantum computers through Shor’s algorithm. Since PQC algorithms are currently being standardized, they will replace older standardized asymmetric algorithms (such as RSA) and will be deployed within the digital infrastructure. Before implementations of the PQC algorithms are placed into the infrastructure, they must undergo evaluation of both performance and security. One such security issue that needs large investigation before deployment are side-channels. Side-channel attacks (SCA) are a method of gathering information from the implementation, such as power-consumption and timing differences, that can help attackers infer information that should be secret. Much of the PQC algorithms are fairly new in the cryptography world, meaning there may be much side-channel vulnerabilities within implementations that are hidden due to lack of evaluation. This thesis describes the work towards a cloud-based SCA infrastructure tool for PQC algorithms with a focus on the software side that will be open for the research community. This infrastructure tool consists of a fully automated power-analysis SCA evaluation flow, where the user submits the implementation of a PQC algorithm and is given back an SCA evaluation report (through Test-Vector Leakage Assessment) along with the collected traces used for the analysis. This infrastructure tool helps implementers who do not have the tools or SCA knowledge to conduct the SCA power-based evaluation to do the SCA work for them. Having an infrastructure tool open to the public that conducts power-based SCA evaluations helps improve the overall security of PQC implementations before they are deployed into the infrastructure.
Citation
Teague, T. (2024). Towards Side-Channel Infrastructure for Software Implementations of PQC Algorithms. Graduate Theses and Dissertations Retrieved from https://scholarworks.uark.edu/etd/5314