The uncertainty of Side-Channel Analysis: A way to leverage from heuristics
This addresses the problem of inconsistent and expert-dependent security analysis for embedded systems, but it is incremental as it adapts an existing industrial method.
The paper tackles the variability and complexity of side-channel analysis on embedded devices by proposing a customized Six Sigma methodology to optimize parameter selection, enabling less-experienced analysts to improve the process phases.
Performing a comprehensive side-channel analysis evaluation of small embedded devices is a process known for its variability and complexity. In real-world experimental setups, the results are largely influenced by a huge amount of parameters that are not easily adjusted without trial and error and are heavily relying on the experience of professional security analysts. In this paper, we advocate the use of an existing statistical methodology called Six Sigma (6σ) for side-channel analysis optimization for this purpose. This well-known methodology is commonly used in other industrial fields, such as production and quality engineering, to reduce the variability of industrial processes. We propose a customized Six Sigma methodology, which enables even a less-experienced security analysis to select optimal values for the different variables that are critical for the side-channel analysis procedure. Moreover, we show how our methodology helps in improving different phases in the side-channel analysis process.