a comprehensive study of deep learning for side channel
play

A Comprehensive Study of Deep Learning for Side-Channel Analysis c - PowerPoint PPT Presentation

May 22, 2023 •524 likes •1.39k views

A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo C 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000

  1. A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis ıc Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo¨ C´ 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000 Grenoble loic.masure@cea.fr 2 ANSSI, France 3 Sorbonne Universit´ e, UPMC Univ Paris 06, POLSYS, UMR 7606, LIP6, F-75005, Paris, France 17 / 09 / 2020, Ches 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 1/18

  2. Outline 1. Context 2. SCA Optimization Problem versus Deep Learning Based SCA 3. NLL Minimization is PI Maximization 4. Simulation results 5. Experimental results

  3. A Comprehensive Study of Deep Learning for Side-Channel Analysis Who am I ◮ PhD student, studying Deep Learning (DL) for Side-Channel Analysis (SCA) Conceives a Evaluates Delivers a Security Commercialises the component Security Claims Certjfjcatjon certjfjed product Developer ITSEF ANSSI Developer French Certjfjcatjon Scheme Loïc Emmanuel Cécile 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 3/18

  4. A Comprehensive Study of Deep Learning for Side-Channel Analysis What is SCA? 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 4/18

  5. A Comprehensive Study of Deep Learning for Side-Channel Analysis What is SCA? Measure trace X Plaintext P Secret K Encryption Sensitive operation LOAD X ; LOAD B ; MV B ; … Z = C (P, K) 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 4/18

  6. A Comprehensive Study of Deep Learning for Side-Channel Analysis What is SCA? Measure trace X Plaintext P Secret K Encryption Sensitive operation LOAD X ; LOAD B ; MV B ; … Z = C (P, K) Profiling Attack Attack using open samples similar to the target device – same code, same chip, etc . – with full knowledge of the secret key Two steps: ◮ Profiling phase: P , K known = ⇒ Z known, X acquired on an open sample ◮ Attack phase: P known, X acquired on the target device, K guessed 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 4/18

  7. Outline 1. Context 2. SCA Optimization Problem versus Deep Learning Based SCA 3. NLL Minimization is PI Maximization 4. Simulation results 5. Experimental results

  8. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 0 . . . Z i = C ( p i , k ⋆ ) . . . 0 1 0 1 K 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  9. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . 0 1 0 1 K 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  10. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . 0 1 0 1 K 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  11. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  12. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  13. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ Optimal model: F ⋆ , with N ⋆ a traces 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  14. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ Optimal model: F ⋆ , with N ⋆ a traces How to find F ⋆ = ⇒ profiling step Requires to know the probability distribution F ⋆ = Pr [ Z | X ] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  15. A Comprehensive Study of Deep Learning for Side-Channel Analysis Profiling Attacks Key Recovery ( i.e. attack step) Given N a attack traces x i with plaintext p i , calculate scores y i = F ( x i ) y 2 y 1 y 0 . . . Z i = C ( p i , k ⋆ ) . . . ˆ 0 1 0 1 K k k = k ⋆ with probability ≥ β ( e.g. 0 . 9) Goal: find F that minimizes N a s.t. ˆ Optimal model: F ⋆ , with N ⋆ a traces How to find F ⋆ = ⇒ profiling step Requires to know the probability distribution F ⋆ = Pr [ Z | X ] Reality: unknown for the evaluator/attacker. Estimation with parametric models F ( ., θ ): P(Z|X=x) Estjmator F( . ; θ) 0% 20% 40% 60% 80% 100% x Z=0 Z=1 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 6/18

  16. A Comprehensive Study of Deep Learning for Side-Channel Analysis Deep Learning (DL) based SCA is a hot topic currently Recent milestones about its effectiveness: more robust against counter-measures like masking [MPP16], jitter (misalignment) [CDP17], whether on software or FPGA [Kim+19] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 7/18

  17. A Comprehensive Study of Deep Learning for Side-Channel Analysis Deep Learning (DL) based SCA is a hot topic currently Recent milestones about its effectiveness: more robust against counter-measures like masking [MPP16], jitter (misalignment) [CDP17], whether on software or FPGA [Kim+19] Training a Neural Network z = C ( p , k ⋆ ) F ( x , θ ) L ( y , z ) Parameters θ 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 7/18

  18. A Comprehensive Study of Deep Learning for Side-Channel Analysis Deep Learning (DL) based SCA is a hot topic currently Recent milestones about its effectiveness: more robust against counter-measures like masking [MPP16], jitter (misalignment) [CDP17], whether on software or FPGA [Kim+19] Training a Neural Network z = C ( p , k ⋆ ) F ( x , θ ) L ( y , z ) Parameters θ L : performance metric (accuracy, recall, ...) or loss function (Mean Square Error, NLL, ...) 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 7/18

  19. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  20. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  21. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace Their observations ”Accuracy does not seem to be the right performance metric in SCA” 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  22. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace Their observations ”Accuracy does not seem to be the right performance metric in SCA” ◮ High accuracy = ⇒ successful key recovery 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

  23. A Comprehensive Study of Deep Learning for Side-Channel Analysis Open issue with Machine Learning based SCA 1 “How to evaluate the quality of a model during training?” ◮ Accuracy: probability to recover the secret key with one trace Their observations ”Accuracy does not seem to be the right performance metric in SCA” ◮ High accuracy = ⇒ successful key recovery ◮ Low accuracy = ⇒ nothing 1 Picek et al. , Ches 2019 [Pic+18] 17 / 09 / 2020, Ches | Lo¨ ıc Masure, C´ ecile Dumas, Emmanuel Prouff | 8/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views • 21 slides
A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google,

A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google,

A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google, @jmichel_p Google, @elie with the help of many Googlers and external collaborators Security and Privacy Group Talk is based on some of the results of a

935 views • 68 slides
Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis Benjamin Timon

Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis Benjamin Timon

Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis Benjamin Timon August 28, 2019 Python notebook presentation for CHES 2019 1 Introduction & Motivation Profiled vs Non-Profiled attacks Machine Learning trend

407 views • 14 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices Mathieu Renauld, Fran cois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, Denis Flandre. May 2011 UCL Crypto Group Cryptopuces - May 2011

579 views • 32 slides
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning Milad Nasr 1 , Reza Shokri 2 , Amir Houmansadr 1 1 University of Massachusetts Amherst, 2 National

568 views • 29 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Collaborative Channel Pruning for Deep Networks 11th June 2019 Background Model compression

Collaborative Channel Pruning for Deep Networks 11th June 2019 Background Model compression

Collaborative Channel Pruning for Deep Networks 11th June 2019 Background Model compression method Compact network design; Source:https://orbograph.com/ deep-learning-how-will-it-change-healthcare/ Network quantization; Channel or

396 views • 12 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Joint SVBRDF Recovery and Synthesis From a Single Image using an Unsupervised Generative

Joint SVBRDF Recovery and Synthesis From a Single Image using an Unsupervised Generative

EGSR 2020 Joint SVBRDF Recovery and Synthesis From a Single Image using an Unsupervised Generative Adversarial Network Yezi Zhao 1 , Beibei Wang 2 , Yanning Xu 1 , Zheng Zeng 1 , Lu Wang 1 and Nicolas Holzschuch 3 1 School of Software, Shandong

792 views • 44 slides
Introduction to Machine Learning ML-Basics: Losses & Risk Minimization Learning goals Know

Introduction to Machine Learning ML-Basics: Losses & Risk Minimization Learning goals Know

Introduction to Machine Learning ML-Basics: Losses & Risk Minimization Learning goals Know the concept of loss Understand the relationship between loss and risk Understand the relationship between risk minimization and finding the best

644 views • 10 slides
Clustering and Dimensionality Reduction Stony Brook University CSE545, Fall 2016 Goal:

Clustering and Dimensionality Reduction Stony Brook University CSE545, Fall 2016 Goal:

Clustering and Dimensionality Reduction Stony Brook University CSE545, Fall 2016 Goal: Generalize to new data Model New Data? Original Data Does the model accurately reflect new data? Supervised vs. Unsupervised Supervised

781 views • 50 slides
Combining Models Oliver Schulte - CMPT 726 Bishop PRML Ch. 14 Combining Models: Some Theory

Combining Models Oliver Schulte - CMPT 726 Bishop PRML Ch. 14 Combining Models: Some Theory

Combining Models: Some Theory Boosting Derivation of Adaboost from the Exponential Loss Function Combining Models Oliver Schulte - CMPT 726 Bishop PRML Ch. 14 Combining Models: Some Theory Boosting Derivation of Adaboost from the Exponential

655 views • 50 slides
Training Strategies CS 6355: Structured Prediction 1 So far we saw What is structured output

Training Strategies CS 6355: Structured Prediction 1 So far we saw What is structured output

Training Strategies CS 6355: Structured Prediction 1 So far we saw What is structured output prediction? Different ways for modeling structured prediction Conditional random fields, factor graphs, constraints What we only

986 views • 60 slides
Linear Models CMPUT 366: Intelligent Systems P&M 7.3 Lecture Outline 1. Recap 2.

Linear Models CMPUT 366: Intelligent Systems P&M 7.3 Lecture Outline 1. Recap 2.

Linear Models CMPUT 366: Intelligent Systems P&M 7.3 Lecture Outline 1. Recap 2. Linear Decision Trees 3. Linear Regression Recap: Supervised Learning Definition: A supervised learning task consists of A set of input

775 views • 23 slides
Applications of GANs Photo-Realistic Single Image Super-Resolution Using a Generative

Applications of GANs Photo-Realistic Single Image Super-Resolution Using a Generative

Applications of GANs Photo-Realistic Single Image Super-Resolution Using a Generative Adversarial Network Deep Generative Image Models using a Laplacian Pyramid of Adversarial Networks Generative Adversarial Text to Image Synthesis

614 views • 27 slides
In-Database Machine Learning: Using Gradient Descent and Tensor Algebra Maximilian E. Schle,

In-Database Machine Learning: Using Gradient Descent and Tensor Algebra Maximilian E. Schle,

Chair III: Database Systems, Professorship for Data Mining and Analytics Chair XXV: Data Science and Engineering Department of Informatics Technical University of Munich In-Database Machine Learning: Using Gradient Descent and Tensor Algebra

370 views • 19 slides

More recommend