Abstract
Sensitive cryptographic information, e.g. AES secret keys, can be extracted from the electromagnetic (EM) leakages unintentionally emitted by a device using techniques such as Correlation Electromagnetic Analysis (CEMA). In this paper, we introduce Correlation Optimization (CO), a novel approach that improves CEMA attacks by formulating the selection of useful EM leakage samples in a trace as a machine learning optimization problem. To this end, we propose the correlation loss function, which aims to maximize the Pearson correlation between a set of EM traces and the true AES key during training. We show that CO works with high-dimensional and noisy traces, regardless of time-domain trace alignment and without requiring prior knowledge of the power consumption characteristics of the cryptographic hardware. We evaluate our approach using the ASCAD benchmark dataset and a custom dataset of EM leakages from an Arduino Duemilanove, captured with a USRP B200 SDR. Our results indicate that the masked AES implementation used in all three ASCAD datasets can be broken with a shallow Multilayer Perceptron model, whilst requiring only 1,000 test traces on average. A similar methodology was employed to break the unprotected AES implementation from our custom dataset, using 22,000 unaligned and unfiltered test traces.
Highlights
In present-day communication systems, the confidentiality and integrity of information is primarily ensured through the use of cryptographic algorithms
We introduced a novel approach to improve Correlation Electromagnetic Analysis (CEMA) attacks, called Correlation Optimization (CO)
A Machine Learning (ML) model is trained to learn “encodings” of a set of EM traces, which are subsequently used in a CEMA attack
Summary
In present-day communication systems, the confidentiality and integrity of information is primarily ensured through the use of cryptographic algorithms. As demonstrated in numerous previous works (see [ZF05] and the references therein), an adversary can infer secret information by statistically analyzing physical properties of the hardware implementation during the execution of a cipher. These physical properties, named side channels, can unintentionally “leak” information to an adversary. The output of the Hamming Weight (HW) power consumption model in the work of Brier et al is denoted as W [BCO04], which is a common notation for the weight matrix in the ML domain. We will often refer to the outputs of the model for a given input trace as the encodings of that trace
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
