CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information

Machine learning has become mainstream across industries. Numerous examples proved the validity of it for security applications. In this work, we investigate how to reverse engineer a neural network by using only power side-channel information. To this end, we consider a multilayer perceptron as the machine learning architecture of choice and assume a non-invasive and eavesdropping attacker capable of measuring only passive side-channel leakages like power consumption, electromagnetic radiation, and reaction time. We conduct all experiments on real data and common neural net architectures in order to properly assess the applicability and extendability of those attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our experiments show that the side-channel attacker is capable of obtaining the following information: the activation functions used in the architecture, the number of layers and neurons in the layers, the number of output classes, and weights in the neural network. Thus, the attacker can effectively reverse engineer the network using side-channel information. Next, we show that once the attacker has the knowledge about the neural network architecture, he/she could also recover the inputs to the network with only a single-shot measurement. Finally, we discuss several mitigations one could use to thwart such attacks.Comment: 15 pages, 16 figure

Machine Learning-Based Side-Channel Analysis on the Advanced Encryption Standard

Hardware security is essential in keeping sensitive information private. Because of this, it’s imperative that we evaluate the ability of cryptosystems to withstand cutting edge attacks. Doing so encourages the development of countermeasures and new methods of data protection as needed. In this thesis, we present our findings of an evaluation of the Advanced Encryption Standard, particularly unmasked and masked AES-128, implemented in software on an STM32F415 microcontroller unit (MCU), against machine learning-based side-channel analysis (MLSCA). 12 machine learning classifiers were used in combination with a side-channel leakage model in the context of four scenarios: profiling one device and key and attacking the same device with the same key, profiling one device and key and attacking a different device with the same key, profiling one device and key and attacking the same device with a different key, and profiling one device and key and attacking a different device with a different key. We found that unmasked AES-128 can be very vulnerable to this form of attack and that masking can be applied as a countermeasure to successfully prevent attacks in 2 out of the 4 tested scenarios. In addition to providing our experimental results on the following pages, we also plan to release a public GitHub repository with all of our collected side-channel data along with sample analysis code shortly after the time of writing this. We hope that doing so will allow for complete reproducibility of our results and encourage future research without the need for purchasing hardware equipment

Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research