# Hypothesis testing for leakage assessment of timing side channel

## 1. Collect the measurements

First, we need to collect as clean measurements as possible.

Prepare your system:
- Disable turboboost (check `intel_pstate` is the active driver with `cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_driver`; then execute `echo "1" | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo`; revert after measurement)
- Fix the frequency of some core using `cpupower frequency-set -d 1900Mhz`
- Set `echo 1000000 > /proc/sys/kernel/sched_rt_runtime_us` to enable real-time process to use 100% of CPU (no scheduling)
- Start the process with `taskset --cpu-list 2 chrt -f 99 php tests/consttime/bin.php` (run on core 2 as a real-time process)

## 2. Assess measurement quality

First, we assess the measurement quality. If the measurement quality is poor, the results are irrelevant.

In [None]:
import matplotlib.pyplot as plt
import json
import math as mathlib
import os


In [None]:
def load_json_from_file(file_path):
  with open(file_path, 'r') as f:
    return json.load(f)

# data = load_json_from_file('measurements/SW_QT_ANeg3_Math_brainpoolP256r1_200.json')

all_data = [
    load_json_from_file('measurements/PhpeccMath_brainpool256r1_69.json'),
    load_json_from_file('measurements/PhpeccMath_brainpool256r1_76.json'),
    load_json_from_file('measurements/PhpeccMath_brainpool256r1_85.json'),
]
data = all_data[0]
for index, more_data in enumerate(all_data):
    for sample_index, sample in enumerate(more_data['samples']):
        data['samples'][sample_index]['measurements'].extend(sample['measurements'])

### 2.1 The iteration must be irrelevant

Measurement proceeds in iterations, and in each iteration all testcases are executed and measured. Hence the timing for each iteration should be the same.

On a real machine, reaching this is hard, even when configuring it properly (see chapter 1). Hence we first remove iterations that are slower than the rest. You can adjust the behaviour with the following parameter: `iteration_selectivity` defines how many iterations are kept, i.e. only one out of `iteration_selectivity` iterations.

In [None]:
def get_measurements_per_iteration(samples):
    measurements_per_iteration = {}
    for iteration in range(0, len(samples[0]['measurements'])):
        measurements_per_iteration[iteration] = []

    for sample in samples:
        for iteration, measurement in enumerate(sample['measurements']):
            measurements_per_iteration[iteration].append(measurement['time'])

    return measurements_per_iteration

measurements_per_iteration = get_measurements_per_iteration(data['samples'])
measurements_per_iteration_sum = [__builtins__.sum(measurements_per_iteration[i]) for i in measurements_per_iteration]

iteration_selectivity = 2
threshold = sorted(measurements_per_iteration_sum)[int(len(measurements_per_iteration_sum)/iteration_selectivity)]
remove_iterations = []
for index, sum in enumerate(measurements_per_iteration_sum):
    if sum > threshold:
        remove_iterations.append(index)

cleaned_samples = []
for sample in data['samples']:
    cleaned_measurements = []
    for index, measurement in enumerate(sample['measurements']):
        if index not in remove_iterations:
            cleaned_measurements.append(measurement)
    cleaned_sample = sample.copy()
    cleaned_sample['measurements'] = cleaned_measurements
    cleaned_samples.append(cleaned_sample)

**Check the graph.** If the measurement is accurate, then for each iteration, the timings are the same. Concretely, you should see a graph that is essentially just noise.

In [None]:
measurements_per_iteration = get_measurements_per_iteration(cleaned_samples)
measurements_per_iteration_sum = [__builtins__.sum(measurements_per_iteration[i]) for i in measurements_per_iteration]

plt.figure(figsize=(14,5))
plt.plot(measurements_per_iteration_sum, label='sum of measurement per iteration')
plt.title(data['curve'] + ' using math ' + data['math'])
plt.xlabel('sample')
plt.ylabel('time')
plt.legend()
plt.show()

### 2.2. Testcase index must be irrelevant

To avoid side-effects in between the testcases (e.g. by the branch predictor or other forms of caching), we randomize the order of the testcases for each iteration. If the randomization is non-biased, and caching is successfully made irrelevant, then for each testcase index the measurement should be the same.

**Check the graph.** If the measurement is accurate, then for each iteration, the timings are the same. Concretely, you should see a graph that is essentially just noise.

In [None]:
def get_measurements_per_index(samples):
    measurements_per_index = {}
    for index in range(0, len(samples)):
        measurements_per_index[index] = []

    for sample in samples:
        for measurement in sample['measurements']:
            measurements_per_index[measurement['index']].append(measurement['time'])

    return measurements_per_index

measurements_per_index = get_measurements_per_index(cleaned_samples)
measurements_per_index_sum = [__builtins__.sum(measurements_per_index[i]) for i in measurements_per_index]

plt.figure(figsize=(14,5))
plt.plot(measurements_per_index_sum, label='sum of measurement per index')
plt.title(data['curve'] + ' using math ' + data['math'])
plt.xlabel('index')
plt.ylabel('time')
plt.legend()
plt.show()

### 3. Assess const-time

If chapter 2 does not show signs of a botched measurement, we can now proceed to assess the measurement result.

In [None]:
import scipy.stats as ss

### 3.1. Measurements per flag

We quantify by flag. Flags usually indicate the type of the testcase, possibly special chosen (e.g. to multiply by 0 or similar). Note that not all testsets have a lot (of useful) flags.

**Check the graphs.** If the implementation is const-time, then all test-cases should have similar timing. You should not see any "steps", and no trends based on the flags (i.e. testcases attributed to some flag consistently perform faster than the rest).

**Check the p-values.** If the visual assessment looks good, check that also the p-values are high (i.e. > 0.05).

In [None]:
def get_measurements_per_flag(samples):
    measurements_per_flag = {'Basic': []}
    for sample in samples:
        for flag in sample['flags']:
            if flag not in measurements_per_flag:
                measurements_per_flag[flag] = []

    for sample in samples:
        measurements = []
        for measurement in sample['measurements']:
            measurements.append(measurement['time'])

        if len(sample['flags']) == 0:
            measurements_per_flag['Basic'].extend(measurements)

        for flag in sample['flags']:
                measurements_per_flag[flag].extend(measurements)

    return measurements_per_flag

In [None]:
measurements_per_flag = get_measurements_per_flag(cleaned_samples)

plt.figure(figsize=(14,5))
for flag in measurements_per_flag:
  plt.plot(measurements_per_flag[flag], label=flag)
plt.title(data['curve'] + ' using math ' + data['math'] + ' per flag')
plt.xlabel('sample')
plt.ylabel('time')
plt.legend()
plt.show()

plt.figure(figsize=(14, 5))
plt.violinplot(measurements_per_flag.values())
plt.xticks(list(range(1, len(measurements_per_flag.keys()) + 1)), measurements_per_flag.keys())
plt.title(data['curve'] + ' using math ' + data['math'])
plt.ylabel('time')
plt.show()


for flag in measurements_per_flag:
    # equal_var=False ensures we do not assume equal variance between the two testsets
    result=ss.ttest_ind(measurements_per_flag['Basic'], measurements_per_flag[flag], axis=0, equal_var=False)
    print(f"P-value {flag}: {result.pvalue}")

## 3.2. Measurement per sample

We quantify by testcase.

**Check the graphs.** If the implementation is const-time, then all test-cases should have similar timing. You should not see different vertical groups of test-cases.

**Check the p-values.** If the visual assessment looks good, check that also the p-values are high (i.e. > 0.05).

In [None]:
def get_measurements_per_sample(samples):
    measurements_per_sample = {}
    for sample in samples:
        measurements = []
        for measurement in sample['measurements']:
            measurements.append(measurement['time'])

        measurements_per_sample[sample['id']] = measurements

    return measurements_per_sample

def get_all_measurements(samples):
    measurements = []
    for sample in samples:
        for measurement in sample['measurements']:
            measurements.append(measurement['time'])

    return measurements

measurements_per_sample = get_measurements_per_sample(cleaned_samples)

plt.figure(figsize=(14,5))
for sample in measurements_per_sample:
  plt.plot(measurements_per_sample[sample], label=sample)
plt.title(data['curve'] + ' using math ' + data['math'] + ' per sample')
plt.xlabel('sample')
plt.ylabel('time')
plt.legend(ncol=3)
plt.show()

plt.figure(figsize=(14, 5))
plt.violinplot(measurements_per_sample.values())
plt.xticks(list(range(1, len(measurements_per_sample.keys()) + 1)), measurements_per_sample.keys())
plt.title(data['curve'] + ' using math ' + data['math'])
plt.ylabel('time')
plt.show()

def average(values):
    return __builtins__.sum(values) / len(values)

def variance(values):
    avg = average(values)
    return __builtins__.sum((x - avg) ** 2 for x in values) / len(values)

baseline = get_all_measurements(cleaned_samples)
print(f"baseline:\t avg {average(baseline)}\t var {variance(baseline)}")
for sample in measurements_per_sample:
    # equal_var=False ensures we do not assume equal variance between the two testsets
    result=ss.ttest_ind(baseline, measurements_per_sample[sample], axis=0, equal_var=False)

    print(f"{sample}:\t avg {average(measurements_per_sample[sample])}\t var {variance(measurements_per_sample[sample])}\t p={result.pvalue}")

# 4. Assess impact

If chapter 3 shows some evidence of non-const time behaviour, we assess here the impact.

In [None]:
from scipy.cluster.vq import kmeans, vq
import numpy as np

## 4.1 Cluster non-const time behaviour

We now separate the samples into the baseline (i.e. operating on essentially random data) from the other samples that are showing non-const time behaviour.

**Decide number of clusters.** Based on the graphs in chapter 3, define the number of clusters using `expected_clusters` that need to be separated from each other.

**Check graph that clusters are well separated.** Check the graph to be sure that the clusers have been properly identified. Else, adjust the clusters manually.

In [None]:
def get_average_per_sample(measurements_per_sample):
    result = {}
    for sample in measurements_per_sample:
        result[sample] = average(measurements_per_sample[sample])

    return result

def cluster_averages(averages_per_sample, clusers_count):
    # Calculate averages for each array
    names = list(averages_per_sample.keys())
    averages = np.array([arr for arr in averages_per_sample.values()])

    # Reshape averages for clustering
    data = averages.reshape(-1, 1)

    # Perform k-means clustering
    centroids, _ = kmeans(data, clusers_count, iter=1000, rng=42)

    # Assign points to clusters
    labels, _ = vq(data, centroids)

    # Create groups dictionary
    groups = {i: [] for i in range(clusers_count)}
    group_averages = {i: [] for i in range(clusers_count)}

    # Assign arrays to groups
    for name, avg, label in zip(names, averages, labels):
        groups[label].append(name)
        group_averages[label].append(avg)

    # Create final sorted groups
    sorted_groups = {}
    for i in range(clusers_count):
        mean_of_group = np.mean(group_averages[i])
        sorted_groups[i] = {
            'members': groups[i],
            'mean': mean_of_group,
            'std': np.std(group_averages[i])
        }

    # Sort groups by mean value
    return dict(sorted(sorted_groups.items(), key=lambda x: x[1]['mean']))

expected_clusters = 6
average_per_sample = get_average_per_sample(measurements_per_sample)
clusters = cluster_averages(average_per_sample, expected_clusters)

plt.figure(figsize=(14,5))
colors = ['b', 'g', 'r', 'c', 'm', 'y']
for index, cluster in enumerate(clusters):
    for sample in clusters[cluster]['members']:
      plt.plot(measurements_per_sample[sample], label=sample, color=colors[index % len(colors)])
plt.title(data['curve'] + ' using math ' + data['math'] + ' per sample')
plt.xlabel('sample')
plt.ylabel('time')
plt.legend(ncol=3)
plt.show()


plt.figure(figsize=(14, 5))
parts = plt.violinplot(measurements_per_sample.values())
for i, pc in enumerate(parts['bodies']):
    sample_name = list(measurements_per_sample.keys())[i]
    for cluster_idx, cluster_info in clusters.items():
        if sample_name in cluster_info['members']:
            pc.set_facecolor(colors[cluster_idx % len(colors)])
            pc.set_edgecolor(colors[cluster_idx % len(colors)])

            break
plt.xticks(list(range(1, len(measurements_per_sample.keys()) + 1)), measurements_per_sample.keys())
plt.title(data['curve'] + ' using math ' + data['math'])
plt.ylabel('time')
plt.show()


columns = 2
rows = mathlib.ceil(len(clusters) / columns)
fig, axes = plt.subplots(rows, columns, figsize=(14, 5*rows))

for row in range(0, rows):
    for column in range(0, columns):
        axe = axes[row][column] if rows > 1 else axes[column]
        cluster = row * columns + column
        if cluster >= len(clusters):
            fig.delaxes(axe)
            continue

        for sample in clusters[cluster]['members']:
            axe.plot(measurements_per_sample[sample], label=sample)

        axe.set_xlabel('measurement')
        axe.set_ylabel('time')
        axe.set_title('Cluster: ' + str(cluster))
        axe.legend(ncol=2)

plt.show()