Abstract
In the profiled side-channel analysis, deep learning-based techniques proved to be very successful even when attacking targets protected with countermeasures. Still, there is no guarantee that deep learning attacks will always succeed. Various countermeasures make attacks significantly more complex, and such countermeasures can be further combined to make the attacks even more challenging. An intuitive solution to improve the performance of attacks would be to reduce the effect of countermeasures.This paper investigates whether we can consider certain types of hiding countermeasures as noise and then use a deep learning technique called the denoising autoencoder to remove that noise. We conduct a detailed analysis of six different types of noise and countermeasures separately or combined and show that denoising autoencoder improves the attack performance significantly.
Highlights
Side-channel analysis (SCA) is a threat exploiting weaknesses in cryptographic algorithms’ physical implementations rather than the algorithms themselves [MOP06]
We demonstrate the effectiveness of a convolutional denoising autoencoder in dealing with different types of noise and countermeasures separately, i.e., Gaussian noise, uniform noise, desynchronization, Random Delay Interrupts (RDIs), clock jitters, and shuffling
To the best of our knowledge, there is no optimal method in denoising the combined noise, and we use frequency analysis (FA) for traces with the combination of the noise and countermeasures
Summary
Side-channel analysis (SCA) is a threat exploiting weaknesses in cryptographic algorithms’ physical implementations rather than the algorithms themselves [MOP06]. Machine learning-based approaches and deep learning-based approaches have proved to be powerful options when conducting profiled SCA in recent years. While such attack methods actively threaten the security of cryptographic devices, there are still severe limitations. Attack methods commonly rely on the signal’s correlation characteristics, i.e., signal patterns related to the processed data. Let k∗ denote the fixed secret cryptographic key (byte), k any possible key hypothesis, and p plaintext. To guess the secret key, the attacker first needs to choose a leakage model Y (p, k) (or Y when there is no ambiguity) depending on the key guess k and some known text p, which relates to the deterministic part of the leakage. Its latent space is denoted as F. As for the training data, we refer to protected traces (with noise and countermeasures) as noisy traces, while the unprotected traces are denoted as clean traces
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
