2,602 research outputs found
CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information
Machine learning has become mainstream across industries. Numerous examples
proved the validity of it for security applications. In this work, we
investigate how to reverse engineer a neural network by using only power
side-channel information. To this end, we consider a multilayer perceptron as
the machine learning architecture of choice and assume a non-invasive and
eavesdropping attacker capable of measuring only passive side-channel leakages
like power consumption, electromagnetic radiation, and reaction time.
We conduct all experiments on real data and common neural net architectures
in order to properly assess the applicability and extendability of those
attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our
experiments show that the side-channel attacker is capable of obtaining the
following information: the activation functions used in the architecture, the
number of layers and neurons in the layers, the number of output classes, and
weights in the neural network. Thus, the attacker can effectively reverse
engineer the network using side-channel information.
Next, we show that once the attacker has the knowledge about the neural
network architecture, he/she could also recover the inputs to the network with
only a single-shot measurement. Finally, we discuss several mitigations one
could use to thwart such attacks.Comment: 15 pages, 16 figure
Systematic Literature Review of EM-SCA Attacks on Encryption
Cryptography is vital for data security, but cryptographic algorithms can
still be vulnerable to side-channel attacks (SCAs), physical assaults
exploiting power consumption and EM radiation. SCAs pose a significant threat
to cryptographic integrity, compromising device keys. While literature on SCAs
focuses on real-world devices, the rise of sophisticated devices necessitates
fresh approaches. Electromagnetic side-channel analysis (EM-SCA) gathers
information by monitoring EM radiation, capable of retrieving encryption keys
and detecting malicious activity. This study evaluates EM-SCA's impact on
encryption across scenarios and explores its role in digital forensics and law
enforcement. Addressing encryption susceptibility to EM-SCA can empower
forensic investigators in overcoming encryption challenges, maintaining their
crucial role in law enforcement. Additionally, the paper defines EM-SCA's
current state in attacking encryption, highlighting vulnerable and resistant
encryption algorithms and devices, and promising EM-SCA approaches. This study
offers a comprehensive analysis of EM-SCA in law enforcement and digital
forensics, suggesting avenues for further research
Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis
Today's mobile devices contain densely packaged system-on-chips (SoCs) with
multi-core, high-frequency CPUs and complex pipelines. In parallel,
sophisticated SoC-assisted security mechanisms have become commonplace for
protecting device data, such as trusted execution environments, full-disk and
file-based encryption. Both advancements have dramatically complicated the use
of conventional physical attacks, requiring the development of specialised
attacks. In this survey, we consolidate recent developments in physical fault
injections and side-channel attacks on modern mobile devices. In total, we
comprehensively survey over 50 fault injection and side-channel attack papers
published between 2009-2021. We evaluate the prevailing methods, compare
existing attacks using a common set of criteria, identify several challenges
and shortcomings, and suggest future directions of research
Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics
Machine learning techniques are an excellent tool for the medical community to analyzing large amounts of medical and genomic data. On the other hand, ethical concerns and privacy regulations prevent the free sharing of this data. Encryption methods such as fully homomorphic encryption (FHE) provide a method evaluate over encrypted data. Using FHE, machine learning models such as deep learning, decision trees, and naive Bayes have been implemented for private prediction using medical data. FHE has also been shown to enable secure genomic algorithms, such as paternity testing, and secure application of genome-wide association studies. This survey provides an overview of fully homomorphic encryption and its applications in medicine and bioinformatics. The high-level concepts behind FHE and its history are introduced. Details on current open-source implementations are provided, as is the state of FHE for privacy-preserving techniques in machine learning and bioinformatics and future growth opportunities for FHE
Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack
The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented
SCAR: Power Side-Channel Analysis at RTL-Level
Power side-channel attacks exploit the dynamic power consumption of
cryptographic operations to leak sensitive information of encryption hardware.
Therefore, it is necessary to conduct power side-channel analysis for assessing
the susceptibility of cryptographic systems and mitigating potential risks.
Existing power side-channel analysis primarily focuses on post-silicon
implementations, which are inflexible in addressing design flaws, leading to
costly and time-consuming post-fabrication design re-spins. Hence, pre-silicon
power side-channel analysis is required for early detection of vulnerabilities
to improve design robustness. In this paper, we introduce SCAR, a novel
pre-silicon power side-channel analysis framework based on Graph Neural
Networks (GNN). SCAR converts register-transfer level (RTL) designs of
encryption hardware into control-data flow graphs and use that to detect the
design modules susceptible to side-channel leakage. Furthermore, we incorporate
a deep learning-based explainer in SCAR to generate quantifiable and
human-accessible explanation of our detection and localization decisions. We
have also developed a fortification component as a part of SCAR that uses
large-language models (LLM) to automatically generate and insert additional
design code at the localized zone to shore up the side-channel leakage. When
evaluated on popular encryption algorithms like AES, RSA, and PRESENT, and
postquantum cryptography algorithms like Saber and CRYSTALS-Kyber, SCAR,
achieves up to 94.49% localization accuracy, 100% precision, and 90.48% recall.
Additionally, through explainability analysis, SCAR reduces features for GNN
model training by 57% while maintaining comparable accuracy. We believe that
SCAR will transform the security-critical hardware design cycle, resulting in
faster design closure at a reduced design cost
- …