Adversarial Attack Based Countermeasures against Deep Learning Side-Channel Attacks

TL;DR

The paper addresses the threat of deep learning–based side-channel attacks on cryptographic devices and the inadequacy of classical protections. It introduces a compilation-time defense that inserts universal perturbations via carefully chosen noise instructions at strategic locations, creating adversarial side-channel traces that mislead DL classifiers while preserving correctness. The method demonstrates strong resistance to DL-based SCA and to template attacks, albeit at the cost of noticeable execution-time overhead due to recompilation. The work shows practical, targeted defense for embedded devices, with potential for further refinement via adversarial learning techniques while outlining future directions and tradeoffs for deployment.

Abstract

Numerous previous works have studied deep learning algorithms applied in the context of side-channel attacks, which demonstrated the ability to perform successful key recoveries. These studies show that modern cryptographic devices are increasingly threatened by side-channel attacks with the help of deep learning. However, the existing countermeasures are designed to resist classical side-channel attacks, and cannot protect cryptographic devices from deep learning based side-channel attacks. Thus, there arises a strong need for countermeasures against deep learning based side-channel attacks. Although deep learning has the high potential in solving complex problems, it is vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrectly. In this paper, we propose a kind of novel countermeasures based on adversarial attacks that is specifically designed against deep learning based side-channel attacks. We estimate several models commonly used in deep learning based side-channel attacks to evaluate the proposed countermeasures. It shows that our approach can effectively protect cryptographic devices from deep learning based side-channel attacks in practice. In addition, our experiments show that the new countermeasures can also resist classical side-channel attacks.

Figures (12)

• Figure 1: One-pixel attack on side-channel traces. The label of (a) is $0$. The trace is labeled with the least significant bit of the output of the third Sbox during the first round, $\operatorname{LSB}(\operatorname{Sbox}(p[3] \oplus k[3]))$. The prediction vector of (a) is $[0.8141893, 0.18581069]$, it is classified as class $0$. So the classification of (a) is correct. (b) is obtained by modifying the value of (a) at the $440$th time sample. (b) is incorrectly classified as class $1$.
• Figure 2: The mean rank of the unprotected AES and the one-pixel attacked AES on CNN-based attack. The rank is a metric to evaluate the security level of countermeasures (described in Section \ref{['subsectionEM']}). For unprotected AES, approximately $100$ traces are required for a full success of the key recovery. For one-pixel attacked AES, performing successful key recoveries requires approximately $20$ traces.
• Figure 3: Distribution of adversarial perturbation. The horizontal axis represents $5200$ time samples of the side-channel trace, and the vertical axis represents the number of adversarial perturbations falling on a certain time sample.
• Figure 4: Amplitude distribution of adversarial perturbation on MLP model. The values on the horizontal axis corresponds to the amplitude of power traces. The above picture shows the amplitude distribution of perturbations near the $1900$th time sample, and the below picture shows the amplitude distribution of perturbations near the $2560$th time sample. We divide the interval of the amplitude $[-5.2, 4.8]$ into $160$ discrete intervals.
• Figure 5: Amplitude distribution of adversarial perturbation on CNN model. The values on the horizontal axis corresponds to the amplitude of power traces. The above picture shows the amplitude distribution of perturbations near the $1900$th time samples, and the below picture shows the amplitude distribution of perturbations near the $2560$th time samples. We divide the interval of the amplitude $[-5.2, 4.8]$ into $160$ discrete intervals.