Mind The Portability A Warriors Guide through Realistic Profiled - - PowerPoint PPT Presentation

mind the portability
SMART_READER_LITE
LIVE PREVIEW

Mind The Portability A Warriors Guide through Realistic Profiled - - PowerPoint PPT Presentation

Feb 20, 2024 108 likes •340 views

Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam Bhasin 1 , Dirmanto Jap 1 , Anupam Chattopadhyay 1 , Stjepan Picek 2 , Annelie Heuser 3 , and Ritu Ranjan Shrivastwa 4 1 NTU, Singapore 2 TU Delft,

slide-1
SLIDE 1

Mind The Portability

A Warriors Guide through Realistic Profiled Side-channel Analysis

Shivam Bhasin1, Dirmanto Jap1, Anupam Chattopadhyay1, Stjepan Picek2, Annelie Heuser3, and Ritu Ranjan Shrivastwa4

1NTU, Singapore 2TU Delft, Netherlands 3IRISA, France 4Secure-IC France

NDSS 2020, San Diego 23-26 February 2020

slide-2
SLIDE 2

Side-Channel Analysis (SCA)

2

Energy Timing reference Side-channel measurement Encryption requests

THEN NOW

slide-3
SLIDE 3

What is SCA?

  • Non-invasive (power, EM, timing, …)
  • Powerful & practical. Ex:

– Keeloq – FPGA Bitstream encryption – Bitcoin wallets – …

  • Applications: Secret key recovery and more …
  • Serious threat to embedded systems

3

TA Attacked circuit EMA SPA, DPA, templates, etc. Time ⇒ Side-channel trace

slide-4
SLIDE 4

Types of SCA

  • Simple SCA (ex. Visual inspection)
  • Non Profiled SCA (ex. DPA, CPA, other on the fly

statistical attacks)

  • Profiled SCA (ex. Templates, Machine-Learning

based attacks)

4

In the following, we focus on profiled power/EM attacks on embedded devices targeting encryption algorithms for secret key recovery

slide-5
SLIDE 5

Profiled SCA

  • Target exploitation in few traces, ideally single trace
  • Classification Algorithm: Template Attacks (TA) vs Machine Learning (ML)
  • Deep Learning has shown great success with protected implementations
  • Recent work with deep learning report successful attack in 100X less traces (500 vs 5).

5

Device1 Labels Tracestrain Classification Algorithm Device2 Traces Labelhypothesis Classification Algorithm Secret Key Profiled Model Profiling Phase

Known Key

Attack Phase

Unknown Key

slide-6
SLIDE 6

Expectations vs Reality

6

Device1 Labels

Tracestrain

Classification Algorithm Device2 Traces Labelhypothesis Classification Algorithm Secret Key

E x p e c t e d

Profiled Model Profiling Phase

Known Key

Attack Phase

Unknown Key

slide-7
SLIDE 7

Expectations vs Reality

7

Device1 Labels

Tracestrain

Classification Algorithm Device2 Traces Labelhypothesis Classification Algorithm Secret Key

Reality

E x p e c t e d

Profiled Model Profiling Phase

Known Key

Attack Phase

Unknown Key

Tracestest

slide-8
SLIDE 8

Portability

  • B and B’ are two copies of same device
  • Differences between B and B’ are due to uncontrolled

variations in process, measurement setup, or other stochastic factors

  • Portability denotes all settings in which an attacker can

conduct the training on the measurement data obtained from a clone device B’ and import the learned knowledge LB’ to model the actual device B, under similar parameter setup

8

slide-9
SLIDE 9

Practical Study of Portability

9

Different Sources Of Portability: Process variation (chip, wires, PCB components, connectors), environmental factors, ...

slide-10
SLIDE 10

Comparing Signal Quality

10

slide-11
SLIDE 11

Comparing SCA Vulnerability

11

slide-12
SLIDE 12

12

Same Device Different Device Same Key Different Key

> 2 X D e g r a d a t i

  • n
slide-13
SLIDE 13

Why Does It Happen?

13

!!! OVERFITTING !!!

slide-14
SLIDE 14

Proposed Multi-Device Model

14

Device1 Labels Tracestrain Classification Algorithm Devicetest Tracestest Labelhypothesis Classification Algorithm Secret Key Profiled Model Profiling Phase

Known Key

Attack Phase

Unknown Key

Tracesval Device2 Device3

slide-15
SLIDE 15

Proposed Multi-Device Model

  • Multiple Device Model (MDM)

denotes all settings where attacker can conduct the training on measurement data from a number of similar devices (≥ 2), B’ = {B0’,..., Bn−1’} and import the learned knowledge LB’ to model the actual device B, under similar but uncontrolled parameter setup

15

> 10X improvements

slide-16
SLIDE 16

Overcoming Human Error

  • Electromagnetic measurements often

preferred over power measurements – Easy access – High SNR – Localized Leakage capture – …

  • Extremely sensitive to probe position

(position, distance, and orientation)

  • Error comes naturally when measuring
  • n multiple devices
  • We call this human error of placement
  • A classical case of Portability

16

slide-17
SLIDE 17

Overcoming Human Error

  • Electromagnetic measurements often

preferred over power measurements – Easy access – High SNR – Localized Leakage capture – …

  • Extremely sensitive to probe position

(position, distance, and orientation)

  • Error comes naturally when measuring
  • n multiple devices
  • We call this human error of placement
  • A classical case of Portability

17

MDM

slide-18
SLIDE 18

Conclusions

  • One must consider portability issues in machine

learning based SCA

  • We proposed Multiple Device Model (MDM) to
  • vercome portability
  • Direct application to EM measurement
  • Future Directions:

– Application to heterogenous devices – MDM with one device noise, process-variation models

18

slide-19
SLIDE 19

Thank You !!!

19

slide-20
SLIDE 20

Side-Channel Analysis (SCA)

20

Lets look at a basic CMOS cell

slide-21
SLIDE 21

Side-Channel Analysis (SCA)

21

ENTROPY SOURCE ENTROPY EXTRACTION POST- PROCESSING ONLINE TEST

RAW OUTPUT TRNG OUTPUT ALARM

RANDOMNESS SOURCE

Extending from one cell to a full circuit Measure by Electromagnetic Probe

0 à 1 1 à 0

Random Number Generator

slide-22
SLIDE 22

Expectations vs Reality

  • Profiling and Testing device

MUST be distinct

  • An aspect often overlooked

in profiled SCA research

  • Leads to pessimistic security

evaluations

  • A common issue for

certification labs evaluating security-critical products

  • Known as Portability

22