Measuring and Evaluating the Security Level of Circuits Slides and Transcript

Abstract: When we design for low power, we estimate the power consumption at design time and measure it after fabrication and before we submit it to ISSCC. The same must be done with the security evaluation of a circuit: it should be estimated at design time, and measured after fabrication. It is however difficult to measure security. Therefore, in this tutorial, we plan to show how to perform the security evaluation for different classes of circuits: true random number generators, physically unclonable functions and side-channel evaluation of cryptographic implementations. When designing a true random number generator, statistical tests on the output data are not sufficient: important in this context are the NIST standards SP800-90B and the German BSI AIS20/31 standards to evaluate true randomness. In the context of physically unclonable functions, established standards do not exist yet: here it is important to evaluate how much is the total cost to generate a full-entropy key. When evaluating the resistance to side-channel and fault attacks, it is important to describe the set-up of the experiments. If not, the only conclusion one can make is that the circuit resists an evaluation with the given set-up.