1,369 research outputs found
CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information
Machine learning has become mainstream across industries. Numerous examples
proved the validity of it for security applications. In this work, we
investigate how to reverse engineer a neural network by using only power
side-channel information. To this end, we consider a multilayer perceptron as
the machine learning architecture of choice and assume a non-invasive and
eavesdropping attacker capable of measuring only passive side-channel leakages
like power consumption, electromagnetic radiation, and reaction time.
We conduct all experiments on real data and common neural net architectures
in order to properly assess the applicability and extendability of those
attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our
experiments show that the side-channel attacker is capable of obtaining the
following information: the activation functions used in the architecture, the
number of layers and neurons in the layers, the number of output classes, and
weights in the neural network. Thus, the attacker can effectively reverse
engineer the network using side-channel information.
Next, we show that once the attacker has the knowledge about the neural
network architecture, he/she could also recover the inputs to the network with
only a single-shot measurement. Finally, we discuss several mitigations one
could use to thwart such attacks.Comment: 15 pages, 16 figure
Machine Learning-Based Side-Channel Analysis on the Advanced Encryption Standard
Hardware security is essential in keeping sensitive information private. Because of this, itās imperative that we evaluate the ability of cryptosystems to withstand cutting edge attacks. Doing so encourages the development of countermeasures and new methods of data protection as needed. In this thesis, we present our findings of an evaluation of the Advanced Encryption Standard, particularly unmasked and masked AES-128, implemented in software on an STM32F415 microcontroller unit (MCU), against machine learning-based side-channel analysis (MLSCA). 12 machine learning classifiers were used in combination with a side-channel leakage model in the context of four scenarios: profiling one device and key and attacking the same device with the same key, profiling one device and key and attacking a different device with the same key, profiling one device and key and attacking the same device with a different key, and profiling one device and key and attacking a different device with a different key. We found that unmasked AES-128 can be very vulnerable to this form of attack and that masking can be applied as a countermeasure to successfully prevent attacks in 2 out of the 4 tested scenarios. In addition to providing our experimental results on the following pages, we also plan to release a public GitHub repository with all of our collected side-channel data along with sample analysis code shortly after the time of writing this. We hope that doing so will allow for complete reproducibility of our results and encourage future research without the need for purchasing hardware equipment
Mitigating Differential Power Analysis Attacks on AES using NeuroMemristive Hardware
Cryptographic algorithms such as the Advanced Encryption Standard (AES) are vulnerable to side channel attacks. AES was once thought to be impervious to attacks, but this proved to be true only for a mathematical model of AES, not a physical realization. Hard- ware implementations leak side channel information such as power dissipation. One of the practical SCA attacks is the Differential power analysis (DPA) attack, which statistically analyzes power measurements to ļ¬nd data-dependent correlations.
Several countermeasures against DPA have been proposed at the circuit and logic level in conventional technologies. These techniques generally include masking the data inside the algorithm or hiding the power proļ¬le. Next generation processors bring in additional challenges to mitigate DPA attacks, by way of heterogeneity of the devices used in the hardware realizations. Neuromemristive systems hold potential in this domain and also bring new challenges to the hardware security of cryptosystems.
In this exploratory work, a neuromemristive architecture was designed to compute an AES transformation and mitigate DPA attacks. The random power proļ¬le of the neuromemristive architecture reduces the correlations between data and power consumption. Hardware primitives, such as neuron and synapse circuits were developed along with a framework to generate neural networks in hardware.
An attack framework was developed to run DPA attacks using different leakage models. A baseline AES cryptoprocessor using only CMOS technology was attacked successfully.
The SubBytes transformation was replaced by a neuromemristive architecture, and the proposed designs were more resilient against DPA attacks at the cost of increased power consumption
SCAR: Power Side-Channel Analysis at RTL-Level
Power side-channel attacks exploit the dynamic power consumption of
cryptographic operations to leak sensitive information of encryption hardware.
Therefore, it is necessary to conduct power side-channel analysis for assessing
the susceptibility of cryptographic systems and mitigating potential risks.
Existing power side-channel analysis primarily focuses on post-silicon
implementations, which are inflexible in addressing design flaws, leading to
costly and time-consuming post-fabrication design re-spins. Hence, pre-silicon
power side-channel analysis is required for early detection of vulnerabilities
to improve design robustness. In this paper, we introduce SCAR, a novel
pre-silicon power side-channel analysis framework based on Graph Neural
Networks (GNN). SCAR converts register-transfer level (RTL) designs of
encryption hardware into control-data flow graphs and use that to detect the
design modules susceptible to side-channel leakage. Furthermore, we incorporate
a deep learning-based explainer in SCAR to generate quantifiable and
human-accessible explanation of our detection and localization decisions. We
have also developed a fortification component as a part of SCAR that uses
large-language models (LLM) to automatically generate and insert additional
design code at the localized zone to shore up the side-channel leakage. When
evaluated on popular encryption algorithms like AES, RSA, and PRESENT, and
postquantum cryptography algorithms like Saber and CRYSTALS-Kyber, SCAR,
achieves up to 94.49% localization accuracy, 100% precision, and 90.48% recall.
Additionally, through explainability analysis, SCAR reduces features for GNN
model training by 57% while maintaining comparable accuracy. We believe that
SCAR will transform the security-critical hardware design cycle, resulting in
faster design closure at a reduced design cost
Enhancing the Performance of Practical Profiling Side-Channel Attacks Using Conditional Generative Adversarial Networks
Recently, many profiling side-channel attacks based on Machine Learning and
Deep Learning have been proposed. Most of them focus on reducing the number of
traces required for successful attacks by optimizing the modeling algorithms.
In previous work, relatively sufficient traces need to be used for training a
model. However, in the practical profiling phase, it is difficult or impossible
to collect sufficient traces due to the constraint of various resources. In
this case, the performance of profiling attacks is inefficient even if proper
modeling algorithms are used. In this paper, the main problem we consider is
how to conduct more efficient profiling attacks when sufficient profiling
traces cannot be obtained. To deal with this problem, we first introduce the
Conditional Generative Adversarial Network (CGAN) in the context of
side-channel attacks. We show that CGAN can generate new traces to enlarge the
size of the profiling set, which improves the performance of profiling attacks.
For both unprotected and protected cryptographic algorithms, we find that CGAN
can effectively learn the leakage of traces collected in their implementations.
We also apply it to different modeling algorithms. In our experiments, the
model constructed with the augmented profiling set can reduce the required
attack traces by more than half, which means the generated traces can provide
useful information as the real traces
- ā¦