Deep Learning Side-Channel Attacks on Advanced Encryption Standard
Time: Mon 2023-03-06 09.00
Subject area: Information and Communication Technology
Doctoral student: Huanyu Wang , Elektronik och inbyggda system
Opponent: Assistant Professor Francesco Regazzoni, University of Amsterdam
Supervisor: Professor Elena Dubrova, Elektronik och inbyggda system; Professor Mark Smith, Elektronik och inbyggda system
Side-channel attacks (SCAs) have become one of the most realistic threats to implementations of cryptographic algorithms. By exploiting the nonprime, unintentional physical leakage, such as different amount of power consumed by the device during the execution of the cryptographic algorithm, SCAs are able to bypass the theoretical strength of cryptography and extract the secret key. A compromised cryptographic implementation can definitely lead to a complete loss of information security.
Recently, with advances in deep learning, SCAs found a powerful ally. A well-trained deep-learning model is feasible to make the attack several fold more efficient than traditional SCAs. Therefore, it is important to understand the capabilities and limitations of deep-learning side-channel attacks (DLSCAs) to design trustworthy countermeasures in the future.
To that end, we investigate to which extent DLSCAs can compromise implementations of Advanced Encryption Standard (AES) in different attack scenarios, as AES is the most widely used symmetric encryption algorithm. The demonstrated attacks in this dissertation focus on two side channels: power consumption and far field electromagnetic (EM) emissions, as the power consumption is one of the most widely exploited side channels and far field EM SCAs are one of the most threatening attacks.
For the power based analysis, we first conduct a successful attack on an Atmel ATXmega128D4 microcontroller implementation of AES-128. By training and testing the deep-learning model on traces captured from different boards, we experimentally show that ignoring the board diversity can easily lead to an overestimation of the attack efficiency. Afterwards, to mitigate the effect caused by the board diversity and to achieve a more efficient attack, we propose three aggregation approaches at data, model and output level to combine multiple training sources. Our results show that all these aggregation approaches improve the attack efficiency by at least about 45% compared to the conventional DLSCA.
Next, we move to hardware implementations of AES, since hardware implementations execute instructions in parallel, which makes SCAs inherently more difficult. We propose a tandem technique which utilizes the classification results of models trained on multiple attack points instead of one and apply this scheme to break a Xilinx Artix-7 FPGA implementation of AES. We show that our 3-attack-point tandem model is about 30% more efficient than the model trained on a single attack point.
Apart from the power analysis, it is crucial to consider the newly proposed far field EM SCAs which waive the requirement of the physical access to the victim device. The main idea behind far field EM SCA is to exploit the indirect EM emission, typically in the radio frequency (RF) range, caused by the coupling effect between various components on a mixed-signal chip. We present the first deep-learning far field EM SCA up to 15 m distance to implementations of TinyAES. All our experiments are conducted on a Nordic Semiconductor nRF52832 system-on-chip with an ARM Cortex M4 CPU embedded, which supports Bluetooth 5. By using the deep-learning model trained on 'clean' traces captured by a coaxial cable with 100 repetitions, we achieve a four orders of magnitude improvement over the previous template attack.
Afterwards, we experimentally show that well-trained neural networks are capable of recovering the secret key from implementations of AES with the Rivain-Prouff (RP) masking scheme by using indirect EM emissions as the side channel. To bypass the strength of the addition-chain based masked SBox, we build deep-learning models on trace segment corresponding to the MixColumns operation in which the data loading instructions leak information about the SBox output. By comparing two deep-learning based higher-order attack strategies, we conclude that the multi-step approach outperforms the single-step approach.