Practical Approaches Toward Deep-Learning-Based Cross-Device Power Side-Channel Attack

Power side-channel analysis (SCA) has been of immense interest to most embedded designers to evaluate the physical security of the system. This work presents profiling-based cross-device power SCA attacks using deep-learning techniques on 8-bit AVR microcontroller devices running AES-128. First, we show the practical issues that arise in these profiling-based cross-device attacks due to significant device-to-device variations. Second, we show that utilizing principal component analysis (PCA)-based preprocessing and multidevice training, a multilayer perceptron (MLP)-based 256-class classifier can achieve an average accuracy of 99.43% in recovering the first keybyte from all the 30 devices in our data set, even in the presence of significant interdevice variations. Results show that the designed MLP with PCA-based preprocessing outperforms a convolutional neural network (CNN) with four-device training by ~20% in terms of the average test accuracy of cross-device attack for the aligned traces captured using the ChipWhisperer hardware. Finally, to extend the practicality of these cross-device attacks, another preprocessing step, namely, dynamic time warping (DTW) has been utilized to remove any misalignment among the traces, before performing PCA. DTW along with PCA followed by the 256-class MLP classifier provides ≥10.97% higher accuracy than the CNN-based approach for cross-device attack even in the presence of up to 50 time-sample misalignments between the traces.

[1]  Cécile Canovas,et al.  Enhancing Dimensionality Reduction Methods for Side-Channel Attacks , 2015, CARDIS.

[2]  Sri Parameswaran,et al.  RIJID: Random Code Injection to Mask Power Analysis based Side Channel Attacks , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[3]  Romain Poussier,et al.  Template attacks versus machine learning revisited and the curse of dimensionality in side-channel analysis: extended version , 2018, Journal of Cryptographic Engineering.

[4]  Ian T. Jolliffe,et al.  Principal Component Analysis , 2002, International Encyclopedia of Statistical Science.

[5]  Guang Yang,et al.  Convolutional Neural Network Based Side-Channel Attacks in Time-Frequency Representations , 2018, CARDIS.

[6]  William P. Marnane,et al.  Empirical evaluation of multi-device profiling side-channel attacks , 2014, 2014 IEEE Workshop on Signal Processing Systems (SiPS).

[7]  Emmanuel Prouff,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[8]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[9]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[10]  Christof Paar,et al.  Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World , 2011, CHES.

[11]  Jasper G. J. van Woudenberg,et al.  Getting More from PCA: First Results of Using Principal Component Analysis for Extensive Power Analysis , 2012, CT-RSA.

[12]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[13]  Cécile Canovas,et al.  Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database , 2018, IACR Cryptol. ePrint Arch..

[14]  Olivier Markowitch,et al.  Power analysis attack: an approach based on machine learning , 2014, Int. J. Appl. Cryptogr..

[15]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[16]  Markus G. Kuhn,et al.  Optical time-domain eavesdropping risks of CRT displays , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[17]  Markus G. Kuhn,et al.  Efficient Stochastic Methods: Profiled Attacks Beyond 8 Bits , 2014, CARDIS.

[18]  David A. Umphress,et al.  Information leakage from optical emanations , 2002, TSEC.

[19]  Máire O'Neill,et al.  Neural network based attack on a masked implementation of AES , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[20]  Annelie Heuser,et al.  Intelligent Machine Homicide - Breaking Cryptographic Devices Using Support Vector Machines , 2012, COSADE.

[21]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[22]  Annelie Heuser,et al.  Improving Side-Channel Analysis Through Semi-supervised Learning , 2018, CARDIS.

[23]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[24]  François Chollet,et al.  Keras: The Python Deep Learning library , 2018 .

[25]  S. Chiba,et al.  Dynamic programming algorithm optimization for spoken word recognition , 1978 .

[26]  Olivier Markowitch,et al.  A machine learning approach against a masked AES , 2014, Journal of Cryptographic Engineering.

[27]  Meinard Müller,et al.  Dynamic Time Warping , 2008 .

[28]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[29]  Kerstin Lemke-Rust,et al.  Efficient Template Attacks Based on Probabilistic Multi-class Support Vector Machines , 2012, CARDIS.

[30]  Shreyas Sen,et al.  X-DeepSCA: Cross-Device Deep Learning Side Channel Attack* , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[31]  Mark Zwolinski,et al.  Evaluation of Dynamic Voltage and Frequency Scaling as a Differential Power Analysis Countermeasure , 2007, 20th International Conference on VLSI Design held jointly with 6th International Conference on Embedded Systems (VLSID'07).

[32]  Emmanuel Prouff,et al.  Breaking Cryptographic Implementations Using Deep Learning Techniques , 2016, SPACE.

[33]  Stefan Mangard,et al.  Template Attacks on Masking - Resistance Is Futile , 2007, CT-RSA.

[34]  Michael A. Temple,et al.  Improving cross-device attacks using zero-mean unit-variance normalization , 2012, Journal of Cryptographic Engineering.

[35]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[36]  Zdenek Martinasek,et al.  Optimization of Power Analysis Using Neural Network , 2013, CARDIS.

[37]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[38]  Alan Hanjalic,et al.  Make Some Noise: Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[39]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[40]  Olivier Markowitch,et al.  A Time Series Approach for Profiling Attack , 2013, SPACE.

[41]  Yann LeCun,et al.  Loss Functions for Discriminative Training of Energy-Based Models , 2005, AISTATS.

[42]  Markus G. Kuhn,et al.  Efficient, Portable Template Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[43]  Cécile Canovas,et al.  Deep Learning to Evaluate Secure RSA Implementations , 2019, IACR Cryptol. ePrint Arch..

[44]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[45]  Meinard Müller,et al.  Information retrieval for music and motion , 2007 .

[46]  Petr Dzurenda,et al.  Profiling power analysis attack based on MLP in DPA contest V4.2 , 2016, 2016 39th International Conference on Telecommunications and Signal Processing (TSP).

[47]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[48]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[49]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[50]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.