Abstract
Deep Learning has recently been introduced as a new alternative to perform Side-Channel analysis [MPP16]. Until now, studies have been focused on applying Deep Learning techniques to perform Profiled Side-Channel attacks where an attacker has a full control of a profiling device and is able to collect a large amount of traces for different key values in order to characterize the device leakage prior to the attack. In this paper we introduce a new method to apply Deep Learning techniques in a Non-Profiled context, where an attacker can only collect a limited number of side-channel traces for a fixed unknown key value from a closed device. We show that by combining key guesses with observations of Deep Learning metrics, it is possible to recover information about the secret key. The main interest of this method is that it is possible to use the power of Deep Learning and Neural Networks in a Non-Profiled scenario. We show that it is possible to exploit the translation-invariance property of Convolutional Neural Networks [CDP17] against de-synchronized traces also during Non-Profiled side-channel attacks. In this case, we show that this method can outperform classic Non-Profiled attacks such as Correlation Power Analysis. We also highlight that it is possible to break masked implementations in black-box, without leakages combination pre-preprocessing and with no assumptions nor knowledge about the masking implementation. To carry the attack, we introduce metrics based on Sensitivity Analysis that can reveal both the secret key value as well as points of interest, such as leakages and masks locations in the traces. The results of our experiments demonstrate the interests of this new method and show that this attack can be performed in practice.
Highlights
Side-Channel attacks, introduced in 1996 by P
4.1.3 Conclusions on Convolutional Neural Networks (CNN)-Differential Deep Learning Analysis (DDLA) we showed that the translation invariance property of CNNs can be succesfully used during Non-Profiled attacks against de-synchronized traces
We can conclude that CNN-DDLA could be an interesting alternative to other Non-Profiled attacks, specially when traces cannot be perfectly re-synchronized before the attack
Summary
Side-Channel attacks, introduced in 1996 by P. 2. An attack phase, where traces collected from the target device are classified based on the leakage profiling in order to recover the secret key value k∗. For closed products (for example smart cards running banking applications) an attacker does not have control of the keys and is usually limited by a transaction counter which caps the number of side-channel traces that can be collected In such a context, Profiled attacks cannot be performed. The only assumption for Non-Profiled attacks is that the attacker is able to collect several side-channel traces of a cryptographic operation with a fixed unknown key value k∗ ∈ K and known random inputs (or outputs) from the targeted device. The attacker combines key hypotheses with the use of statistical distinguishers such as Pearson’s Correlation or Mutual Information to infer information about the secret k∗ from the side-channel traces
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have