Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beyond TVLA: Anderson-Darling Leakage Assessment for Neural Network Side-Channel Leakage Detection

Ján Mikulec, Jakub Breier, Xiaolu Hou

Abstract

Test Vector Leakage Assessment (TVLA) based on Welch's $t$-test has become a standard tool for detecting side-channel leakage. However, its mean-based nature can limit sensitivity when leakage manifests primarily through higher-order distributional differences. As our experiments show, this property becomes especially crucial when it comes to evaluating neural network implementations. In this work, we propose Anderson--Darling Leakage Assessment (ADLA), a leakage detection framework that applies the two-sample Anderson--Darling test for leakage detection. Unlike TVLA, ADLA tests equality of the full cumulative distribution functions and does not rely on a purely mean-shift model. We evaluate ADLA on a multilayer perceptron (MLP) trained on MNIST and implemented on a ChipWhisperer-Husky evaluation platform. We consider protected implementations employing shuffling and random jitter countermeasures. Our results show that ADLA can provide improved leakage-detection sensitivity in protected implementations for a low number of traces compared to TVLA.

Beyond TVLA: Anderson-Darling Leakage Assessment for Neural Network Side-Channel Leakage Detection

Abstract

Test Vector Leakage Assessment (TVLA) based on Welch's -test has become a standard tool for detecting side-channel leakage. However, its mean-based nature can limit sensitivity when leakage manifests primarily through higher-order distributional differences. As our experiments show, this property becomes especially crucial when it comes to evaluating neural network implementations. In this work, we propose Anderson--Darling Leakage Assessment (ADLA), a leakage detection framework that applies the two-sample Anderson--Darling test for leakage detection. Unlike TVLA, ADLA tests equality of the full cumulative distribution functions and does not rely on a purely mean-shift model. We evaluate ADLA on a multilayer perceptron (MLP) trained on MNIST and implemented on a ChipWhisperer-Husky evaluation platform. We consider protected implementations employing shuffling and random jitter countermeasures. Our results show that ADLA can provide improved leakage-detection sensitivity in protected implementations for a low number of traces compared to TVLA.
Paper Structure (17 sections, 17 equations, 3 figures)

This paper contains 17 sections, 17 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Related Work
  3. Neural Networks
  4. Side-channel Analysis Attacks on Neural Networks
  5. Countermeasures Against Side-Channel Analysis Attacks
  6. Leakage Assessment
  7. Statistical Hypothesis Testing
  8. Notation and Preliminaries
  9. Welch's $t$-test
  10. Two-sample Anderson-Darling Test
  11. Anderson-Darling Leakage Assessment
  12. Leakage Detection as a Statistical Hypothesis Test
  13. Derivation of the ADLA Threshold
  14. Experimental Evaluation
  15. Experimental Setup
  16. ...and 2 more sections

Figures (3)

  • Figure 1: Normalized TVLA and ADLA statistics versus the number of traces $n$ for three fixed input-value pairs in the protected implementation.
  • Figure 2: TVLA and ADLA statistics, (a) $|t|$ and (b) $A^2$, evaluated at each time sample for $n=850$ traces in the protected implementation.
  • Figure 3: Q--Q plot of leakage samples at time sample $t=1316$, obtained from a dataset of $n=1000$ traces corresponding to a fixed input value.