Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Power side-channel leakage localization through adversarial training of deep neural networks

Jimmy Gammell, Anand Raghunathan, Kaushik Roy

TL;DR

This work proposes a technique for identifying which timesteps in a power trace are responsible for leaking a cryptographic key, through an adversarial game between a deep learning-based side-channel attacker which seeks to classify a sensitive variable from the power traces recorded during encryption, and a trainable noise generator which seeks to thwart this attack by introducing a minimal amount of noise into the power traces.

Abstract

Supervised deep learning has emerged as an effective tool for carrying out power side-channel attacks on cryptographic implementations. While increasingly-powerful deep learning-based attacks are regularly published, comparatively-little work has gone into using deep learning to defend against these attacks. In this work we propose a technique for identifying which timesteps in a power trace are responsible for leaking a cryptographic key, through an adversarial game between a deep learning-based side-channel attacker which seeks to classify a sensitive variable from the power traces recorded during encryption, and a trainable noise generator which seeks to thwart this attack by introducing a minimal amount of noise into the power traces. We demonstrate on synthetic datasets that our method can outperform existing techniques in the presence of common countermeasures such as Boolean masking and trace desynchronization. Results on real datasets are weak because the technique is highly sensitive to hyperparameters and early-stop point, and we lack a holdout dataset with ground truth knowledge of leaking points for model selection. Nonetheless, we believe our work represents an important first step towards deep side-channel leakage localization without relying on strong assumptions about the implementation or the nature of its leakage. An open-source PyTorch implementation of our experiments is provided.

Power side-channel leakage localization through adversarial training of deep neural networks

TL;DR

This work proposes a technique for identifying which timesteps in a power trace are responsible for leaking a cryptographic key, through an adversarial game between a deep learning-based side-channel attacker which seeks to classify a sensitive variable from the power traces recorded during encryption, and a trainable noise generator which seeks to thwart this attack by introducing a minimal amount of noise into the power traces.

Abstract

Supervised deep learning has emerged as an effective tool for carrying out power side-channel attacks on cryptographic implementations. While increasingly-powerful deep learning-based attacks are regularly published, comparatively-little work has gone into using deep learning to defend against these attacks. In this work we propose a technique for identifying which timesteps in a power trace are responsible for leaking a cryptographic key, through an adversarial game between a deep learning-based side-channel attacker which seeks to classify a sensitive variable from the power traces recorded during encryption, and a trainable noise generator which seeks to thwart this attack by introducing a minimal amount of noise into the power traces. We demonstrate on synthetic datasets that our method can outperform existing techniques in the presence of common countermeasures such as Boolean masking and trace desynchronization. Results on real datasets are weak because the technique is highly sensitive to hyperparameters and early-stop point, and we lack a holdout dataset with ground truth knowledge of leaking points for model selection. Nonetheless, we believe our work represents an important first step towards deep side-channel leakage localization without relying on strong assumptions about the implementation or the nature of its leakage. An open-source PyTorch implementation of our experiments is provided.

Paper Structure

This paper contains 24 sections, 12 equations, 14 figures, 2 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Background and related work
  3. Supervised deep learning for profiled power side-channel attacks
  4. Profiled power side-channel attacks
  5. Profiling through supervised learning
  6. Supervised deep learning
  7. Power side-channel leakage localization
  8. First-order statistical techniques
  9. Neural network attribution techniques
  10. Other related work
  11. Methodology
  12. Adversarial masking (AdvMask)
  13. Synthetic power traces
  14. Evaluation metrics
  15. Results
  16. ...and 9 more sections

Figures (14)

  • Figure 1: Schematic illustration of AdvMask, our adversarial masking technique for side-channel leakage localization.
  • Figure 2: Convolutional neural network classifier architecture used in experiments.
  • Figure 3: Sweep of the AdvMask L1 norm penalty, while varying the proportion of variance at leaking points due to the Hamming weight of the sensitive variable. Observe that for sufficiently-large variance, the optimal L1 decay value increases with variance. When the variance is very low, AdvMask fails to identify the leaking point and the optimal L1 norm penalty is volatile.
  • Figure 4: Sweep of the proportion of variance at leaking points due to the Hamming weight of the sensitive variable. Observe that AdvMask (ours) and SNR have similar minimal variance requirements, while GradVis requires significantly-more variance to identify the leaking timestep.
  • Figure 5: Sweep of the AdvMask L1 norm penalty, while varying the number of leaking points. Observe that the optimal norm penalty decreases as the number of leaking points increases.
  • ...and 9 more figures