Towards Strengthening Deep Learning-based Side Channel Attacks with Mixup
Zhimin Luo, Mengce Zheng, Ping Wang, Minhui Jin, Jiajia Zhang, Honggang Hu
TL;DR
The paper tackles the challenge of performing DL-based profiled side-channel attacks when profiling traces are limited. It introduces mixup, a data augmentation technique, to enlarge the profiling set and improve attack success, validating the approach with CPA and cross-dataset experiments. The results show that mixup can significantly reduce the number of attacking traces needed, especially in restricted settings, and reveal an unexpected dominance of the least significant bit leakage model over other models. The findings highlight practical implications for evaluating SCA resilience and guide future work on data-efficient DL attacks and leakage modeling.
Abstract
In recent years, various deep learning techniques have been exploited in side channel attacks, with the anticipation of obtaining more appreciable attack results. Most of them concentrate on improving network architectures or putting forward novel algorithms, assuming that there are adequate profiling traces available to train an appropriate neural network. However, in practical scenarios, profiling traces are probably insufficient, which makes the network learn deficiently and compromises attack performance. In this paper, we investigate a kind of data augmentation technique, called mixup, and first propose to exploit it in deep-learning based side channel attacks, for the purpose of expanding the profiling set and facilitating the chances of mounting a successful attack. We perform Correlation Power Analysis for generated traces and original traces, and discover that there exists consistency between them regarding leakage information. Our experiments show that mixup is truly capable of enhancing attack performance especially for insufficient profiling traces. Specifically, when the size of the training set is decreased to 30% of the original set, mixup can significantly reduce acquired attacking traces. We test three mixup parameter values and conclude that generally all of them can bring about improvements. Besides, we compare three leakage models and unexpectedly find that least significant bit model, which is less frequently used in previous works, actually surpasses prevalent identity model and hamming weight model in terms of attack results.