Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hound: Locating Cryptographic Primitives in Desynchronized Side-Channel Traces Using Deep-Learning

Davide Galli, Giuseppe Chiari, Davide Zoni

TL;DR

Hound tackles the problem of locating cryptographic primitives in desynchronized side-channel traces produced under dynamic frequency scaling. It introduces a deep-learning pipeline with Training and Inference stages, using a 3-class 1D CNN to classify windows as CP start, CP spare, or noise, enabling accurate CP localization without triggers. Experimental results on an FPGA-based RISC-V platform show high localization accuracy ($IoU$ ≈ 92–99% and 100% CP hits) and enable successful end-to-end key-recovery attacks even with DFS. The work demonstrates a practical, open-source solution that strengthens real-world SCA capabilities and benchmarks against prior methods that fail under DFS, illustrating clear gains in robustness and applicability.

Abstract

Side-channel attacks allow to extract sensitive information from cryptographic primitives by correlating the partially known computed data and the measured side-channel signal. Starting from the raw side-channel trace, the preprocessing of the side-channel trace to pinpoint the time at which each cryptographic primitive is executed, and, then, to re-align all the collected data to this specific time represent a critical step to setup a successful side-channel attack. The use of hiding techniques has been widely adopted as a low-cost solution to hinder the preprocessing of side-channel traces thus limiting side-channel attacks in real scenarios. This work introduces Hound, a novel deep learning-based pipeline to locate the execution of cryptographic primitives within the side-channel trace even in the presence of trace deformations introduced by the use of dynamic frequency scaling actuators. Hound has been validated through successful attacks on various cryptographic primitives executed on an FPGA-based system-on-chip incorporating a RISC-V CPU, while dynamic frequency scaling is active. Experimental results demonstrate the possibility of identifying the cryptographic primitives in DFS-deformed side-channel traces.

Hound: Locating Cryptographic Primitives in Desynchronized Side-Channel Traces Using Deep-Learning

TL;DR

Hound tackles the problem of locating cryptographic primitives in desynchronized side-channel traces produced under dynamic frequency scaling. It introduces a deep-learning pipeline with Training and Inference stages, using a 3-class 1D CNN to classify windows as CP start, CP spare, or noise, enabling accurate CP localization without triggers. Experimental results on an FPGA-based RISC-V platform show high localization accuracy ( ≈ 92–99% and 100% CP hits) and enable successful end-to-end key-recovery attacks even with DFS. The work demonstrates a practical, open-source solution that strengthens real-world SCA capabilities and benchmarks against prior methods that fail under DFS, illustrating clear gains in robustness and applicability.

Abstract

Side-channel attacks allow to extract sensitive information from cryptographic primitives by correlating the partially known computed data and the measured side-channel signal. Starting from the raw side-channel trace, the preprocessing of the side-channel trace to pinpoint the time at which each cryptographic primitive is executed, and, then, to re-align all the collected data to this specific time represent a critical step to setup a successful side-channel attack. The use of hiding techniques has been widely adopted as a low-cost solution to hinder the preprocessing of side-channel traces thus limiting side-channel attacks in real scenarios. This work introduces Hound, a novel deep learning-based pipeline to locate the execution of cryptographic primitives within the side-channel trace even in the presence of trace deformations introduced by the use of dynamic frequency scaling actuators. Hound has been validated through successful attacks on various cryptographic primitives executed on an FPGA-based system-on-chip incorporating a RISC-V CPU, while dynamic frequency scaling is active. Experimental results demonstrate the possibility of identifying the cryptographic primitives in DFS-deformed side-channel traces.
Paper Structure (11 sections, 1 equation, 5 figures, 2 tables, 1 algorithm)

This paper contains 11 sections, 1 equation, 5 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Methodology
  4. Training Pipeline
  5. Inference Pipeline
  6. Experimental Evaluation
  7. Experimental Setup: Hardware and Software
  8. Training Evaluation
  9. Inference Evaluation
  10. The Complete Attack Flow
  11. Conclusions

Figures (5)

  • Figure 1: Overview of the proposed Hound pipeline for locating cryptographic primitives in frequency-scaled side-channel traces, divided into training and inference pipelines.
  • Figure 2: Focus on the proposed Hound training pipeline, divided into Dataset Building and CNN Training. $Class_0$, $class_1$ and, $class_2$ contain CP start part windows, CP spare parts windows, and noise windows, respectively.
  • Figure 3: Focus on the proposed Hound inference pipeline, divided into Sliding Window Classification, Screening, and Alignment.
  • Figure 4: Test confusion matrices for the different cryptosystems affected by DFS.
  • Figure 5: Example of Hound inference pipeline applied to a side-channel trace affected by DFS that contains 5 AES executions mixed with general-purpose applications.