a comprehensive study of deep learning for side channel
play

A Comprehensive Study of Deep Learning for Side-Channel Analysis c - PowerPoint PPT Presentation

May 22, 2023 •524 likes •1.39k views

A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo C 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000

  1. A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis ıc Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo¨ C´ 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000 Grenoble loic.masure@cea.fr 2 ANSSI, France 3 Sorbonne Universit´ e, UPMC Univ Paris 06, POLSYS, UMR 7606, LIP6, F-75005, Paris, France 17 / 09 / 2020, Ches 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 1/18

  2. Outline 1. Context 2. SCA Optimization Problem versus Deep Learning Based SCA 3. NLL Minimization is PI Maximization 4. Simulation results 5. Experimental results

  3. A Comprehensive Study of Deep Learning for Side-Channel Analysis Who am I ◮ PhD student, studying Deep Learning (DL) for Side-Channel Analysis (SCA) Conceives a Evaluates Delivers a Security Commercialises the component Security Claims Certjfjcatjon certjfjed product Developer ITSEF ANSSI Developer French Certjfjcatjon Scheme Loïc Emmanuel Cécile 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 3/18

  4. A Comprehensive Study of Deep Learning for Side-Channel Analysis What is SCA? 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 4/18

  5. A Comprehensive Study of Deep Learning for Side-Channel Analysis What is SCA? Measure trace X Plaintext P Secret K Encryption Sensitive operation LOAD X ; LOAD B ; MV B ; … Z = C (P, K) 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 4/18

  6. A Comprehensive Study of Deep Learning for Side-Channel Analysis What is SCA? Measure trace X Plaintext P Secret K Encryption Sensitive operation LOAD X ; LOAD B ; MV B ; … Z = C (P, K) Profiling Attack Attack using open samples similar to the target device – same code, same chip, etc . – with full knowledge of the secret key Two steps: ◮ Profiling phase: P , K known = ⇒ Z known, X acquired on an open sample ◮ Attack phase: P known, X acquired on the target device, K guessed 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 4/18

  7. Outline 1. Context 2. SCA Optimization Problem versus Deep Learning Based SCA 3. NLL Minimization is PI Maximization 4. Simulation results 5. Experimental results

  8. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 0 . . . Z i = C ( p i , k ⋆ ) . . . 0 1 0 1 K 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  9. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . 0 1 0 1 K 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  10. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . 0 1 0 1 K 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  11. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  12. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  13. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ Optimal model: F ⋆ , with N ⋆ a traces 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  14. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ Optimal model: F ⋆ , with N ⋆ a traces How to find F ⋆ = ⇒ profiling step Requires to know the probability distribution F ⋆ = Pr [ Z | X ] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  15. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ Optimal model: F ⋆ , with N ⋆ a traces How to find F ⋆ = ⇒ profiling step Requires to know the probability distribution F ⋆ = Pr [ Z | X ] Reality: unknown for the evaluator/attacker. Estimation with parametric models F ( ., θ ): P(Z|X=x) Estjmator F( . ; θ) 0% 20% 40% 60% 80% 100% x Z=0 Z=1 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  16. A Comprehensive Study of Deep Learning for Side-Channel Analysis Deep Learning (DL) based SCA is a hot topic currently Recent milestones about its effectiveness: more robust against counter-measures like masking [MPP16], jitter (misalignment) [CDP17], whether on software or FPGA [Kim+19] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 7/18

  17. A Comprehensive Study of Deep Learning for Side-Channel Analysis Deep Learning (DL) based SCA is a hot topic currently Recent milestones about its effectiveness: more robust against counter-measures like masking [MPP16], jitter (misalignment) [CDP17], whether on software or FPGA [Kim+19] Training a Neural Network z = C ( p , k ⋆ ) F ( x , θ ) L ( y , z ) Parameters θ 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 7/18

  18. A Comprehensive Study of Deep Learning for Side-Channel Analysis Deep Learning (DL) based SCA is a hot topic currently Recent milestones about its effectiveness: more robust against counter-measures like masking [MPP16], jitter (misalignment) [CDP17], whether on software or FPGA [Kim+19] Training a Neural Network z = C ( p , k ⋆ ) F ( x , θ ) L ( y , z ) Parameters θ L : performance metric (accuracy, recall, ...) or loss function (Mean Square Error, NLL, ...) 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 7/18

  19. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  20. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  21. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace Their observations ”Accuracy does not seem to be the right performance metric in SCA” 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  22. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace Their observations ”Accuracy does not seem to be the right performance metric in SCA” ◮ High accuracy = ⇒ successful key recovery 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  23. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace Their observations ”Accuracy does not seem to be the right performance metric in SCA” ◮ High accuracy = ⇒ successful key recovery ◮ Low accuracy = ⇒ nothing 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

Recommend

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

622 views • 21 slides
A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google,

A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google,

A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google, @jmichel_p Google, @elie with the help of many Googlers and external collaborators Security and Privacy Group Talk is based on some of the results of a

935 views • 68 slides
Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis Benjamin Timon

Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis Benjamin Timon

Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis Benjamin Timon August 28, 2019 Python notebook presentation for CHES 2019 1 Introduction & Motivation Profiled vs Non-Profiled attacks Machine Learning trend

407 views • 14 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices Mathieu Renauld, Fran cois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, Denis Flandre. May 2011 UCL Crypto Group Cryptopuces - May 2011

579 views • 32 slides
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning Milad Nasr 1 , Reza Shokri 2 , Amir Houmansadr 1 1 University of Massachusetts Amherst, 2 National

568 views • 29 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Collaborative Channel Pruning for Deep Networks 11th June 2019 Background Model compression

Collaborative Channel Pruning for Deep Networks 11th June 2019 Background Model compression

Collaborative Channel Pruning for Deep Networks 11th June 2019 Background Model compression method Compact network design; Source:https://orbograph.com/ deep-learning-how-will-it-change-healthcare/ Network quantization; Channel or

396 views • 12 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

Conference on Cryptographic Hardware and Embedded Systems (CHES) 2020 Strength in Numbers: Improving Generalization with Ensembles in Machine Learning-based Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

468 views • 25 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir Pennsylvania State University Cache Side Channels Process Data CPU Cache Program Side

390 views • 20 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides

More recommend