Practical Aspects on Non-profiled Deep-learning Side-channel Attacks against AES Software Implementation with Two Types of Masking Countermeasures including RSM

Abstract

Deep-learning side-channel attacks (DL-SCAs), applying deep neural networks (DNNs) to SCAs, are known that can easily attack some existing SCA countermeasures such as masking and random jitter. While there have been many studies on profiled DL-SCAs, a new approach that involves applying deep learning to non-profiled attacks was proposed in 2018. In our study, we investigate the structure of DNN models and attack points (PoI: Points of Interests) for non-profiled DL-SCAs using the ANSSI SCA database with a masking countermeasure. The results of investigations indicate that it is better to use a simple network model, apply regularization to prevent over-fitting, and select a wide range of power traces that contain side-channel information as the PoI. We also implemented AES-128 software implementation protected with the RSM (Rotating Sboxes Masking) countermeasure, which has never been attacked by non-profiled DL-SCAs, on the Xmega128 microcontroller and carried out non-profiled DL-SCAs against it. Non-profiled DL-SCAs successfully recovered all partial keys while the conventional power analysis could not. We conducted two types of experimental analyses to clarify that DL-SCAs learn mask-values used in the masking countermeasure. One is the-gradient visualization used in previous studies, and the other is a new analysis method using partial removal of power traces.