Abstract
Deep learning (DL) has proven to be very effective for image recognition tasks, with a large body of research on various model architectures for object classification. Straight-forward application of DL to side-channel analysis (SCA) has already shown promising success, with experimentation on open-source variable key datasets showing that secret keys can be revealed with 100s traces even in the presence of countermeasures. This paper aims to further improve the application of DL for SCA, by enhancing the power of DL when targeting the secret key of cryptographic algorithms when protected with SCA countermeasures. We propose a new model, CNN-based model with Plaintext feature extension (CNNP) together with multiple convolutional filter kernel sizes and structures with deeper and narrower neural networks, which has empirically proven its effectiveness by outperforming reference profiling attack methods such as template attacks (TAs), convolutional neural networks (CNNs) and multilayer perceptron (MLP) models. Our model generates state-of-the art results when attacking the ASCAD variable-key database, which has a restricted number of training traces per key, recovering the key within 40 attack traces in comparison with order of 100s traces required by straightforward machine learning (ML) application. During the profiling stage an attacker needs no additional knowledge on the implementation, such as the masking scheme or random mask values, only the ability to record the power consumption or electromagnetic field traces, plaintext/ciphertext and the key. Additionally, no heuristic pre-processing is required in order to break the high-order masking countermeasures of the target implementation.
Highlights
Since side-channel analysis (SCA) was introduced in 1996 [Koc96] based on the difference in power consumption of bit transitions, much research has been conducted on efficient methods to both break and protect cryptographic implementations
While convolutional neural networks (CNNs)-based model with Plaintext feature extension (CNNP) is introduced in this paper targeting the Advanced Encryption Standard (AES) algorithm as an example, the approach is generic to other targets
In order to support for this plaintext feature extension, we introduce an additional Plaintext extension function, that connects the additional plaintext feature vector in our CNNP models
Summary
Since side-channel analysis (SCA) was introduced in 1996 [Koc96] based on the difference in power consumption of bit transitions, much research has been conducted on efficient methods to both break and protect cryptographic implementations. While for non-profiling attacks a leakage model such as based on the Hamming weight of a value can often provide a sufficently accurate approximation for successful attacks, the value leakage model is used in this paper This considers that the value itself leaks information to the side-channel such that different values consume different amounts of power. This model is widely utilised for profiling attacks, as when labelling the traces by some intermediate value for training, its allows the model to learn a broader range of features at different points in time, while a power model such as based on the Hamming weight will only allow the model to learn features at the point the value is processed. If the distribution of the target value is close to random the classes will be balanced leading to more straightforward training methods
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
