No Arabic abstract
In recent years, various deep learning techniques have been exploited in side channel attacks, with the anticipation of obtaining more appreciable attack results. Most of them concentrate on improving network architectures or putting forward novel algorithms, assuming that there are adequate profiling traces available to train an appropriate neural network. However, in practical scenarios, profiling traces are probably insufficient, which makes the network learn deficiently and compromises attack performance. In this paper, we investigate a kind of data augmentation technique, called mixup, and first propose to exploit it in deep-learning based side channel attacks, for the purpose of expanding the profiling set and facilitating the chances of mounting a successful attack. We perform Correlation Power Analysis for generated traces and original traces, and discover that there exists consistency between them regarding leakage information. Our experiments show that mixup is truly capable of enhancing attack performance especially for insufficient profiling traces. Specifically, when the size of the training set is decreased to 30% of the original set, mixup can significantly reduce acquired attacking traces. We test three mixup parameter values and conclude that generally all of them can bring about improvements. Besides, we compare three leakage models and unexpectedly find that least significant bit model, which is less frequently used in previous works, actually surpasses prevalent identity model and hamming weight model in terms of attack results.
Numerous previous works have studied deep learning algorithms applied in the context of side-channel attacks, which demonstrated the ability to perform successful key recoveries. These studies show that modern cryptographic devices are increasingly threatened by side-channel attacks with the help of deep learning. However, the existing countermeasures are designed to resist classical side-channel attacks, and cannot protect cryptographic devices from deep learning based side-channel attacks. Thus, there arises a strong need for countermeasures against deep learning based side-channel attacks. Although deep learning has the high potential in solving complex problems, it is vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrectly. In this paper, we propose a kind of novel countermeasures based on adversarial attacks that is specifically designed against deep learning based side-channel attacks. We estimate several models commonly used in deep learning based side-channel attacks to evaluate the proposed countermeasures. It shows that our approach can effectively protect cryptographic devices from deep learning based side-channel attacks in practice. In addition, our experiments show that the new countermeasures can also resist classical side-channel attacks.
The interplay between security and reliability is poorly understood. This paper shows how triple modular redundancy affects a side-channel attack (SCA). Our counterintuitive findings show that modular redundancy can increase SCA resiliency.
Recent work has introduced attacks that extract the architecture information of deep neural networks (DNN), as this knowledge enhances an adversarys capability to conduct black-box attacks against the model. This paper presents the first in-depth security analysis of DNN fingerprinting attacks that exploit cache side-channels. First, we define the threat model for these attacks: our adversary does not need the ability to query the victim model; instead, she runs a co-located process on the host machine victims deep learning (DL) system is running and passively monitors the accesses of the target functions in the shared framework. Second, we introduce DeepRecon, an attack that reconstructs the architecture of the victim network by using the internal information extracted via Flush+Reload, a cache side-channel technique. Once the attacker observes function invocations that map directly to architecture attributes of the victim network, the attacker can reconstruct the victims entire network architecture. In our evaluation, we demonstrate that an attacker can accurately reconstruct two complex networks (VGG19 and ResNet50) having observed only one forward propagation. Based on the extracted architecture attributes, we also demonstrate that an attacker can build a meta-model that accurately fingerprints the architecture and family of the pre-trained model in a transfer learning setting. From this meta-model, we evaluate the importance of the observed attributes in the fingerprinting process. Third, we propose and evaluate new framework-level defense techniques that obfuscate our attackers observations. Our empirical security analysis represents a step toward understanding the DNNs vulnerability to cache side-channel attacks.
Background and Objectives: Substitution-box (s-box) is one of the essential components to create confusion and nonlinear properties in cryptography. To strengthening a cipher against various attacks, including side channel attacks, these boxes need to have numerous security properties. In this paper, a novel method to generate s-boxes is introduced aimed at improving the resistance of s-boxes against side channel attacks. Methods: In the preprocessing phase of this approach, a suitable initial s-box which has some basic security properties is generated by adopting a fast algorithm. Then, in the main stage, using the initial s-box, we generate new s-boxes which not only have the properties of the initial S-box but also have been significantly improved under another set of security properties. To do this, new s-boxes are generated using a genetic algorithm on a particular subset of the linear combination set of coordinate functions of the initial s-box in the preprocessing stage. Results: The performed experiments demonstrate that the values of all security properties of these new s-boxes, especially the measures of transparency order, signal-to-noise ratio, confusion coefficient, bijection property, fixed point, and opposite fixed points, have been substantially improved. For example, our experiments indicate that 70, 220, 2071, 43, and 406 s-boxes are found better than the initial s-box, respectively, in the dimensions of 4x4 through 8x8 Conclusion: In this article, a new s-box construction method is introduced in which the properties related to side channel attacks are improved, without reducing other security properties. Besides, some results obtained from generated s-boxes in the dimensions of 4x4 through 8x8 demonstrated that the generated s-boxes are not only improved relative to the initial s-box, but in some cases, considerably better than some well-known s-boxes.
This work presents a Cross-device Deep-Learning based Electromagnetic (EM-X-DL) side-channel analysis (SCA), achieving >90% single-trace attack accuracy on AES-128, even in the presence of significantly lower signal-to-noise ratio (SNR), compared to the previous works. With an intelligent selection of multiple training devices and proper choice of hyperparameters, the proposed 256-class deep neural network (DNN) can be trained efficiently utilizing pre-processing techniques like PCA, LDA, and FFT on the target encryption engine running on an 8-bit Atmel microcontroller. Finally, an efficient end-to-end SCA leakage detection and attack framework using EM-X-DL demonstrates high confidence of an attacker with <20 averaged EM traces.