CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information

Machine learning has become mainstream across industries. Numerous examples proved the validity of it for security applications. In this work, we investigate how to reverse engineer a neural network by using only power side-channel information. To this end, we consider a multilayer perceptron as the machine learning architecture of choice and assume a non-invasive and eavesdropping attacker capable of measuring only passive side-channel leakages like power consumption, electromagnetic radiation, and reaction time. We conduct all experiments on real data and common neural net architectures in order to properly assess the applicability and extendability of those attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our experiments show that the side-channel attacker is capable of obtaining the following information: the activation functions used in the architecture, the number of layers and neurons in the layers, the number of output classes, and weights in the neural network. Thus, the attacker can effectively reverse engineer the network using side-channel information. Next, we show that once the attacker has the knowledge about the neural network architecture, he/she could also recover the inputs to the network with only a single-shot measurement. Finally, we discuss several mitigations one could use to thwart such attacks.Comment: 15 pages, 16 figure

Power analysis on smartcard algorithms using simulation

This paper presents the results from a power analysis of the AES and RSA algorithms by\ud simulation using the PINPAS tool. The PINPAS tool is capable of simulating the power\ud consumption of assembler programs implemented in, amongst others, Hitachi H8/300\ud assembler. The Hitachi H8/300 is a popular CPU for smartcards. Using the PINPAS tool, the\ud vulnerability for power analysis attacks of straightforward AES and RSA implementations is\ud examined. In case a vulnerability is found countermeasures are added to the implementation\ud that attempt to counter power analysis attacks. After these modifications the analysis is\ud performed again and the new results are compared to the original results

Attacking AES-Masking Encryption Device with Correlation Power Analysis

Modern communication system use cryptography algorithm to ensure data still confidentiality, integrity, and authentic. There is a new vulnerability in a cryptographic algorithm when implemented on a hardware device. This vulnerability is considered capable of uncovering a secret key used in a cryptographic algorithm. This technique is known as a power analysis attack. Previous and other research introduces countermeasure to countering this new vulnerability. Some researchers suggest using logic level with encoding the AES. The countermeasure using logic is meager cost and efficient. The contribution of this paper is to analyze CPA on encryption device that has been given logic level countermeasure. Our finding of this paper is the use of encoding with one-hot masking technique does not provide the maximum countermeasure effect against CPA-based attacks. In this research, CPA attack can be successfully revealing the AES secret-ke

SoK: Design Tools for Side-Channel-Aware Implementations

Side-channel attacks that leak sensitive information through a computing device's interaction with its physical environment have proven to be a severe threat to devices' security, particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure the physical properties of the device. Hence, they cannot be used during the design process and fail to provide root cause analysis. An alternative approach that is gaining traction is to automate leakage detection by modeling the device. The demand to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. In this SoK, we classify approaches to automated leakage detection based on the model's source of truth. We classify the existing tools on two main parameters: whether the model includes measurements from a concrete device and the abstraction level of the device specification used for constructing the model. We survey the proposed tools to determine the current knowledge level across the domain and identify open problems. In particular, we highlight the absence of evaluation methodologies and metrics that would compare proposals' effectiveness from across the domain. We believe that our results help practitioners who want to use automated leakage detection and researchers interested in advancing the knowledge and improving automated leakage detection